Optimize Network Performance with VeloCloud SD-WAN Solutions

This guide provides a comprehensive framework for evaluating VeloCloud (now part of VMware by Broadcom) as your primary SD-WAN and SASE solution. As organizations continue to migrate workloads to the cloud and support increasingly distributed workforces, traditional WAN architectures often become bottlenecks. VeloCloud was a pioneer in the SD-WAN space, specifically designed to simplify branch office networking, optimize application performance over any transport (MPLS, Broadband, LTE/5G), and provide a direct path to the cloud.

In this guide, you will learn about VeloCloud’s unique architectural advantages—such as its global network of gateways and Dynamic Multi-Path Optimization—and determine if its feature set aligns with your organization's technical maturity and business goals. Whether you are looking to reduce telco costs or improve the user experience for SaaS applications, this document outlines the critical decision points for a successful evaluation.

VeloCloud’s value proposition is built on three core pillars:

• Dynamic Multi-Path Optimization (DMPO): This is the "secret sauce." It monitors links in real-time for jitter, packet loss, and latency. It performs sub-second steering and on-demand remediation (like Forward Error Correction) to ensure high-quality voice and video even on a single degraded link.
• Cloud-Delivered Architecture: Unlike other SD-WANs that require data center hubs, VeloCloud uses a global network of Gateways. This provides a "doorway" to the cloud, ensuring traffic reaches SaaS providers via the most efficient path possible.
• Zero-Touch Provisioning (ZTP): Simplifies deployment by allowing non-technical personnel at a branch to simply plug in the VeloCloud Edge device. The device automatically calls home, downloads its configuration, and joins the network.
• Deep Application Visibility: The Orchestrator identifies over 3,000 applications, allowing IT to set granular Quality of Service (QoS) policies based on application importance rather than just port numbers.
• Integrated Security (SASE): Combines SD-WAN with cloud-delivered security services, including stateful firewalls, URL filtering, and IPS (Intrusion Prevention System).

• Retail/Branch Connectivity: A national retailer uses VeloCloud to replace expensive MPLS with dual broadband links. They achieve 40% cost savings while improving the reliability of their Point-of-Sale (POS) systems and guest Wi-Fi.
• Unified Communications (VoIP/UCaaS): A global consulting firm struggles with dropped Zoom and Teams calls in satellite offices. By deploying VeloCloud, they use DMPO to eliminate jitter and "brownouts," ensuring crystal-clear audio even during peak congestion.
• Cloud Migration: A manufacturing company moving its ERP to Azure uses VeloCloud Cloud Gateways to provide direct-to-cloud access, bypassing their congested central data center and reducing application latency by 50%.
• Work-from-Home (WFH): Using the VeloCloud Edge 510, a financial services firm provides executive-level home office connectivity that prioritizes corporate traffic over domestic streaming, ensuring secure and performant access to sensitive data.

VeloCloud pricing is typically structured around three main components:

• Hardware (Edge Devices): A one-time or leased cost for the physical appliances (Edge 510, 600 series, etc.) or virtual appliances for cloud instances.
• Subscription Licenses: These are typically tiered (Standard, Enterprise, Premium) and based on throughput (e.g., 10Mbps, 100Mbps, 1Gbps).
  • Standard: Basic SD-WAN and ZTP.
  • Enterprise: Adds advanced routing and multi-hub support.
  • Premium: Includes full DMPO, cloud gateways, and advanced analytics.
• Orchestrator Hosting: Options for VMware-hosted (SaaS) or partner-hosted management.
• Support: Annual maintenance and support fees are standard. Note: Since the Broadcom acquisition, pricing structures have shifted toward bundled subscriptions; consult a representative for the latest portfolio changes.

To deploy VeloCloud, the following technical environment is required:

• Edge Hardware/Software: Physical VeloCloud Edge (VCE) appliances or Virtual Edge (vVCE) running on ESXi, KVM, or Hyper-V.
• Connectivity: At least one internet or private circuit per site. VeloCloud supports a variety of handoffs (Ethernet, SFP, LTE).
• Orchestrator Access: Standard web browser (Chrome, Firefox, Safari) for accessing the VeloCloud Orchestrator (VCO) dashboard.
• Firewall Rules: If placed behind an existing firewall, specific ports (e.g., UDP 2426 for VCMP) must be opened to allow communication with Gateways and the Orchestrator.
• MTU Considerations: While VeloCloud handles fragmentation well, an MTU of 1500 on underlying circuits is recommended for optimal performance.

To successfully adopt VeloCloud, organizations should meet the following business prerequisites:

• Stakeholder Buy-in: Alignment between the Network Engineering team and the Security team is critical, especially when transitioning to a SASE (Secure Access Service Edge) architecture.
• Process Readiness: A shift from manual CLI-based router configuration to policy-based orchestration. Teams must be prepared to define business-level policies (e.g., "Prioritize Voice traffic over YouTube") rather than managing individual IP routes.
• Team Skills: While VeloCloud simplifies management, the internal team should have a solid understanding of SD-WAN concepts, cloud gateways, and basic cybersecurity principles.
• Change Management: A plan for phased migration. Organizations rarely "flip the switch" overnight; a plan for co-existence with legacy MPLS networks during the transition is essential.

A typical VeloCloud implementation follows this trajectory:

• Phase 1: Discovery & Design (2-4 weeks): Auditing existing circuit inventory, identifying key applications, and designing the global overlay topology.
• Phase 2: Pilot/POC (2-4 weeks): Deploying VeloCloud Edges at 2-3 representative sites to validate performance gains and policy configurations.
• Phase 3: Core Infrastructure Setup (1-2 weeks): Configuring the VeloCloud Orchestrator (VCO) and establishing connectivity to VeloCloud Gateways.
• Phase 4: Site Migration (Ongoing): Rolling out to branch sites. Thanks to Zero-Touch Provisioning, each site typically takes 30-60 minutes of physical installation time. A 50-site rollout usually spans 2-3 months depending on hardware shipping.
• Phase 5: Optimization & Handover (2 weeks): Fine-tuning DMPO settings and training local IT staff on the Orchestrator dashboard.

Support is offered through VMware’s global support infrastructure:

• Tiers: Basic (business hours) and Production (24/7/365) support levels.
• Professional Services: Available for large-scale architectural design and complex migrations.
• VeloCloud University: Comprehensive online training and certification programs for network engineers.
• Community & Documentation: Extensive technical documentation, white papers, and an active user community (VMware Technology Network).
• Partner Support: Many customers purchase VeloCloud through Managed Service Providers (MSPs) who provide Tier 1/Tier 2 support and managed "day-2" operations.

VeloCloud is designed for an open ecosystem:

• APIs: Robust RESTful APIs for integration with third-party monitoring tools (SolarWinds, ServiceNow) and custom automation scripts.
• Security Integrations: Pre-built service chaining with cloud security providers like Zscaler, Check Point, and Netskope, as well as VeloCloud's own integrated SASE capabilities.
• Cloud Gateways: Direct integration with major hyperscalers (AWS, Azure, GCP) via a global network of managed VeloCloud Gateways.
• Legacy Interop: Supports standard routing protocols (BGP, OSPF) to ensure seamless communication with existing non-SD-WAN sites and legacy hardware.

VeloCloud provides comprehensive enterprise-grade security:

• Certifications: SOC2 Type II, SOC3, ISO 27001, 27017, and 27018 compliant.
• Encryption: All data in transit is protected by AES-256 bit encryption with automated IPsec tunnel management.
• Segmentation: Supports multi-tenant segmentation, allowing you to isolate guest Wi-Fi, corporate traffic, and PCI-compliant traffic on the same physical infrastructure.
• FIPS 140-2: Offers versions compatible with federal security requirements.
• Visibility: Full audit logs within the VeloCloud Orchestrator for change management and compliance reporting.