VMware VeloCloud
Cloud-Delivered SD-WAN


VMware VeloCloud’s Cloud Delivered SD-WAN was one of the first SD-WAN offerings and the earliest proponents of delivering SD-WAN from the cloud. VeloCloud virtual or physical appliances connect company locations with broadband Internet access or MPLS into a virtual overlay. Cloud offerings are available for bringing private clouds, specifically AWS, and SaaS applications, such as Office 365, into the overlay.

Unlike other OTT vendors, however, VeloCloud also maintains a global network of PoPs (points of presence). Within region, SD-WAN nodes connect to one another through those PoPs. Between regions, SD-WAN traffic would need to travel via the company’s own MPLS service or the Internet.


VeloCloud’s solution is made up of four basic components: the gateway, the edge, the orchestrator and the controller.

  • VeloCloud’s collection of service gateways deliver network services from the cloud and provide optimized data paths from the underlying transport system to data centers, branches, and web applications.
  • The edge component is an enterprise-class zero-touch appliance which provides connectivity to applications, performs QoS, and hosts VNF services.
  • VeloCloud’s orchestrator centralizes enterprise-wide SD-WAN installation, monitoring, and configuration, and orchestrates the network’s data flow.


VeloCloud’s platform allows operators and MSPs (managed service providers) to deliver new, differentiated services across broadband or  alongside with MPLS. Its enterprise-class connectivity also provides an extendable platform which makes new services possible, improving both security and the network itself.

One of VeloCloud’s goals is to drive down the complexity of the service provider’s network, drive down operating costs, and give service providers complete command and control with a single UI (user interface).

Video: VeloCloud user experience Demo

Cloud Gateways

To those ends, VeloCloud’s architecture consists of three layers. The first layer are the cloud gateways. This layer includes VeloCloud’s worldwide network of cloud gateways that sit on top of the underlying transport. The cloud itself can be VeloCloud’s cloud or a private cloud. Private clouds can be run by the service provider or by an enterprise, who will be able to deploy the gateways in their PoP locations.

Service Delivery Layer

VeloCloud’s second layer is the services delivery layer. This layer includes VeloCloud’s network services, all of which resellers and service providers can provide to their own customers. Among these services are pre-prepared QoS and firewalls, which can be enabled or disabled. When offering VeloCloud as a service, service providers will be able to provide their customers with the VeloCloud dashboard and the ability to see who is using or abusing their network and whether their investment is paying off. VeloCloud also provides VPN (virtual private networks), which can be done edge to edge. Lastly, this layer allows service providers to easily build dynamic tunnels back to the data center or between edges.


VeloCloud’s third layer concentrates on orchestration,  as well as providing visualization, network services insertion, and business policy automation. Service providers leverage these capabilities to easily resell VeloCloud services to their customers while retaining control and monitoring abilities.

VeloCloud’s orchestrator provides visibility and QoS information, as well as an application-level policy and controlled QoS management from a single console. This is true even when the orchestrator is disconnected, regardless of whether an enterprise uses internet, VPN, or a hybrid WAN. Edge nodes are used to connect to gateways within a provider’s network, making expansion easy; the orchestrator automatically configures the new edge node and  updates routing information at existing edge nodes.

Service Providers

VeloCloud has made a strong play at selling through service providers and telcos. As service providers grow, they need to adapt to meet customer needs. Service providers need to give their customers advanced service and increased flexibility, while maintaining revenue as customers reduce their dependence on profitable MPLS networks.

VeloCloud provides service providers with the ability to offer elastic transport and performance for cloud applications, while integrating the new SD-WAN with existing networks. Service providers enjoy optimal and direct access to cloud-based applications, on-demand bandwidth, and improved operational automation.

To help service providers and telco carriers easily deliver SD-WAN services, VeloCloud  provides zero-touch deployment for easy installation, configuration, operations, and maintenance processes, thereby eliminating the need for service providers to visit each physical location to install.

For service providers, VeloCloud’s easy installation eliminates the need to to create separate VPN tunnels for each customer and manually manage each of them. Instead, service providers will be able to use the UI to create a customer profile. This profile will automatically build the appropriate tunnel.

Use of multi-tenant gateways and orchestrators mean VeloCloud scales horizontally, allowing a single orchestrator to manage several customers. This also provides the ability to light up specific VMs (virtual machines) to allow private head ends for customers who want the separation.

Types of SD-WAN models

VeloCloud offers two types of SD-WAN models: OTT (over the top) and network integrated. The difference between these two solutions is in how the overlay edge nodes are managed.


A “network integrated” solution offers SD-WAN overlay edge nodes as multi-tenant virtual gateways. These are then deployed in data centers and the service provider network. Hosted services are provided by deploying gateways at cloud data centers, and private MPLS networks use gateways deployed at provider edge POPs.

Network Integrated

In a network integrated solution, the orchestrator and controllers are deployed as either publicly accessible or within an enterprise’s individual network.

Service providers  benefit from VeloCloud’s network integrated architecture, which ensures all last mile circuits – including broadband internet – have access to the enterprise’s existing private MPLS network. These networks are especially valuable for long distance communications.

Network integrated architecture also eliminates the need for enterprise data center installations and ensures enterprise sites using the private network will be easily accessible via SD-WAN deployment. Connectivity from private MPLS networks to cloud data centers is possible at SD-WAN enabled branches.


Known VeloCloud customers include:

  • The Bay Club provides family-focused clubs offering sports, fitness, and food services in California. When they turned to VeloCloud, The Bay Club was suffering from delays in network service provision for new branches, and delays in merger and acquisition integration. VeloCloud moved the intelligence from the data plane to the control plane, and allowed the SD-WAN to function across all of The Bay Club’s public and private networks. Using VeloCloud, The Bay Club was able to simplify internet deployment in new locations and deliver services quickly, as well as greatly reduce costs.
  • Devcon, a top-rated construction company with branches across US mainland, was having difficulty with their branches’ WAN and suffered from poor quality voice over IP (VOIP). They needed to deliver quality, cloud-based WAN to branch users, and they needed to cut the amount of time their IT staffs spent on the roads. VeloCloud securely and efficiently connected all of Devcon’s branches by replacing the company’s locally-provided WAN with a cloud-delivered solution built on the company’s existing connections. VeloCloud also integrated pre-configured network quality of service (QoS) parameters, and added Wi-Fi at the network’s edge.
  • Redmond is a food retail chain based in Utah and Colorado, which was having difficulty meeting PCI 3.0 standards in all its locations, and needed consistent voice and virtual desktops in all branches. Their WAN devices were aging, and they needed a new WAN network but did not want to have to buy all new hardware. VeloCloud provided a low-cost and flexible internet solution unifying all Redmond branches and deliverable over both public and private connections, no matter how many internet connections a branch had. Redmond’s ITs were able to easily install VeloCloud’s edge devices at each location and then leave the WAN to take care of itself.

Video: VeloCloud Networks – AXPM SD-WAN Case Study

Is VeloCloud SD-WAN right for you?

LIke many SD-WANs, VeloCloud provides lightweight and versatile WAN without requiring the complex and expensive hardware of typical of MPLS services.

VeloCloud’s cloud-based network is completely agnostic to the underlying transport, which can be MPLS, LTE, DLS, cable, or anything else. Each enterprise branch connects to one or more cloud gateways, and VeloCloud provides a head-end for branch locations.

Changing or expanding any services or part of the network need not be any more difficult than pointing and clicking.

Not sure if VeloCloud is a good fit? One way to find out is to ask yourself a few questions:

  •        Do you need cloud support and application-level monitoring?
  •        Will you need private network performance between regions?
  •        What sort of security and scaling will you need?

For help evaluating VeloCloud-based offerings and SD-WAN in general, register for a free WAN assessment  here or contact us at steve.garson@sd-wan-experts.com


VeloCloud Solution Overview with Steve Woo

VeloCloud Solution Overview with Sanjay Uppal