Log In
vendor-logo

VeloCloud

Schedule a Zoom demo
Local sales contact
Request consultation

Create your own software shortlist and compare VeloCloud to other options. Answer 10 questions, the Netify online quiz will analyse your answers and instantly shortlist your best fit options across 20+ vendors.

Take the assessment now →

Summary

VeloCloud SD WAN & SASE: Review, Pros, Cons and Marketplace Research Data

Analyst: Thomas Stroude tstroude@netify.co.uk

If you have questions about VeloCloud and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or enquiries)

Categories: 

  • SD WAN
  • SASE 

Sub-categories:

  • Managed SD WAN 
  • Hybrid SD WAN
  • Cloud Security Vendor 
  • Cloud WAN Vendor 
  • SD WAN Vendor 
  • SASE Vendor 

Pros:

  • Boasts numerous global public gateways connected to multiple Tier-1 ISPs, making them a good choice for global companies with delay sensitive applications. 
  • Offers 5G priority for applications - avoiding blackouts and brownouts (See Performance Based Key Features: Cellular) .

  • Offers integrated cloud-based features and relationships with AWS, Azure and Google Cloud Platform. 

  • According to customer reviews, VeloCloud services are straightforward to use. 

  • Can accommodate small - medium size enterprises as well as large multinational corporations with 1,000+ branches.

Cons:

  • SASE security solution is via an OEM agreement with Menlo Security - increases complexity. 

  • Creating an end-to-end VeloCloud solution would require the use of multiple different VeloCloud products, causing complexity which could potentially raise costs. 

Netify viewpoint:

VeloCloud leverage numerous gateways worldwide, making them ideal for large global enterprises. Their platform is good for companies with remote workers, as their Workspace ONE product is fully integrated with SASE (See What is the VeloCloud SASE Security Solution?). Further, VeloCloud’s SD WAN solution is PCI DSS 3.2 Certified, meaning that they are a good choice for companies in retail and financial market verticals. However, caution should be taken as VeloCloud offer SASE via an OEM agreement - and many of their products are separate, meaning that networks can become quite complex. This is also only offered as a fully managed solution, which could potentially raise costs. 

Contents:

  • About VeloCloud SD WAN Solutions
  • What is the VeloCloud SD WAN solution?
    • Configuration-Based Key Features
    • Security-Based Key Features
    • Performance-Based Key Features
  • What is the VeloCloud SASE Security Solution?
  • How does VeloCloud access Cloud vendors?
  • Does VeloCloud offer WAN acceleration and optimisation?
  • How does VeloCloud support remote users?
  • Which connectivity underlay services are supported?
  • Do VeloCloud manage and support SD WAN underlay?
  • What is the VeloCloud managed services solution?
  • What reporting and management is available via the VeloCloud portal?
  • Does VeloCloud offer DIY and Co-managed SD WAN?
  • What is the VeloCloud SLA?

About VeloCloud:

VeloCloud is an SD WAN vendor. Founded in 2012, it was bought in 2017 by its now-parent company VMware (a subsidiary of Dell Technologies, founded in 1998). They are headquartered in Palo Alto, California, NA, and offer SD WAN and SASE solutions to small, medium and large enterprises. 

What is the VeloCloud SD WAN solution?

VeloCloud’s SD WAN solution leverages numerous VMware SD WAN gateways globally. The solution is fully cloud-based, and is comprised of three main components which are licensed to be sold as one software bundle:

  • VMware SD WAN Gateway: A network of public gateways are deployed at cloud datacenters globally, which are designed to optimise data paths to all applications, branches and datacenters. This enables VeloCloud to offer their clients network services delivered from the cloud. 
  • VMware SD WAN Edge: Optimises the VeloCloud SD WAN service. Improves the efficiency and security of connectivity to private, public and hybrid applications, as well as compute and virtualised services. Application recognition, application and packet steering, performance metrics and end-to-end QoS are also included in the offering, improving speeds across the network. Further, a variety of virtual network function services are hosted. 
  • VMware SD WAN Orchestrator: VeloCloud’s cloud-based management platform. Data flow is orchestrated through their cloud network, alongside centralised and company-wide installation, configuration and real time monitoring. This enables one-click provisioning of virtual services, in the cloud, branch or data centre. 

VeloCloud offers clients their Cloud WAN services. This includes hybrid, multicloud and SaaS functionality, whilst virtualising all network functions - including major functions such as packet steering and path selection. Offered as-a-service, it is designed to improve branch office agility and application performance. This includes a range of key features as listed below: 

Configuration-Based Key Features:

  • Zero-Touch Deployment: Allows clients to remotely configure network connectivity and cloud-based business and security policies in a new location, without the need for an IT Team - ideal for expanding businesses or those with remote locations. 
  • Edge Computing and Internet of Things (IoT): Designed to help devices at the edge optimise throughput for the high amounts of data that they produce. Devices would usually backhaul the data - however, this consumes both time and bandwidth. VeloCloud offer edge computing, which allows for processing to be done locally, meaning that only actionable data is transmitted.
  • Hybrid Cloud: This provides clients with increased agility when workloads cross multi-cloud environments (including public and private clouds). Security and integrity are ensured for components that remain in the data centre whilst clients access important cloud provider services such as big data analytics. This ensures an efficient and secure solution for enterprises needing to cross multi-cloud platforms. 
  • Gateway Federation: This allows SD WAN gateways to be federated into individual networks, globally, which connects service providers and enterprise networks as well as the cloud. This is ideal for a global workforce that is largely comprised of remote workers (such as home-based or mobile enterprise workers) as it connects them with multiple network providers, clouds and data centres worldwide. 

Security-Based Key Features:

  • Multi-Cloud Strategy (SaaS, PaaS, IaaS): Using a combination of SaaS, PaaS and IaaS multi-cloud allows clients to access each cloud’s unique services. This is valuable because it means clients do not have to rely on a single cloud provider, which reduces the risk of localised failure and improves security. 
  • SASE: See What is the VeloCloud SASE Security Solution? 

Performance-Based Key Features:

  • Traffic Steering Services: Leverages VeloCloud’s cloud-based transport independent WAN architecture. The independent architecture allows the cloud-based WAN to connect to any combination of MPLS, broadband and 4G LTE. This allows the platform to automatically recognise links and measure bandwidth. Traffic steering services leverage this, as traffic is parsed and steered in the most economical way, in accordance with business and security policies. 
  • Cellular: VeloCloud have the ability to offer their clients the option to prioritise applications over cellular networks. Should bandwidth speeds drop, applications will be diverted over 4G/5G avoiding instances of blackouts and brownouts. 

What is the VeloCloud SASE security solution?

VeloCloud offer clients their SASE security solution via an OEM agreement with Menlo Security. The solution provides secure access to applications via their Secure Web Gateway Functionality platform and next generation firewalling for securing corporate traffic. 

The SASE Solution is designed to combine both cloud security and cloud networking, providing secure access to applications via 150+ global VMware SD WAN Gateways, with IaaS interconnect providing secure access to various cloud providers including; AWS, Azure, and Google Cloud Platform. Zero trust network access (ZTNA), secure web gateways (SWG) and cloud access security broker (CASB) functions are also available. 

SASE is also available to remote users, as the platform is powered by the VMware Workspace ONE Solution, which is designed to allow those working out of office to securely access enterprise applications. Workspace ONE is now integrated with SASE, meaning that out of office workers can access SASE PoPs remotely. 

How does VeloCloud access Cloud vendors?

VeloCloud accesses Cloud vendors through numerous VMware SD-WAN Gateways. The VMware SD WAN gateways are deployed on premises at service providers or deployed worldwide at top tier cloud data centres. The VeloCloud offering allows for quality, secure global access to the cloud and network services via service insertion. VeloCloud’s offering is fully integrated with AWS, supports Google Cloud access and Azure is natively built into the VeloCloud solution via an Azure branch IPsec partnership and Integrated Virtual Hub NVA partner. This supports enterprise ability for dynamic scaling with the flexibility of a network-as-a-service offering.

Does VeloCloud offer WAN acceleration and optimisation?

VeloCloud’s Dynamic Multipath Optimisation (DMPO) enhances the flow of data traffic between any SD WAN components dealing with forward data traffic. It also offers application acceleration services and has a number of key features:

WAN Optimisation: 

  • Automated Bandwidth Discovery: Establishes DMPO tunnels between SD WAN gateways, whilst running bandwidth tests to select the most efficient path to the gateway. The software is also able to bypass network address translation (NAT) and port address translation (PAT) devices. 
  • Continuous Path Monitoring: Continuously monitors performance metrics (jitter, loss, latency) on each packet travelling between two DMPO endpoints, using active and passive monitoring approaches. This means that DMPO is quick to react to change in underlying WAN condition, further protecting against brownouts and blackouts.
  • On-Demand Remediation: Error correction software that is deployed when there is a disruption on multiple links, or when traffic flow cannot be steered onto a better link. 
  • Class of Service (CoS) Marking: Manages traffic in a network by grouping similar types of traffic together (such as voice, video, large documents). Each group is classed with it’s own level of service priority.  
  • Policing Traffic Class: Allows IT managers to closely monitor high-priority business collaboration traffic, ensuring that service-provider SLA’s are honoured. 

Application Acceleration: 

  • Application-Aware Per-Packet Steering: This allows customers to prioritise up to 3,000 applications without impacting data flow. This protects against blackouts and brownouts as traffic flow is steered away from applications, protecting active flow and user experience.
  • Quality of Service (QoS) Scheduling: VeloCloud allows clients to prioritise applications at different times. This is achieved by their product feature called QoS Scheduling. 
  • Multiprotocol Label Switching Class of Service (CoS): Designed for private links that have a CoS agreement, as DMPO can take CoS agreements into account in both monitoring and application steering decisions. This allows for granular, application-aware decisions for private links with CoS agreements
  • Bandwidth Aggregation: If an application requires more bandwidth, DMPO will perform per-packet load balancing, using available links to deliver all packets of a single flow to a destination. 
  • Forward Error Correction (FEC): Corrects errors on real-time applications, such as voice and video flows.  
  • Negative Acknowledgement (NACK): Used for transmission control protocol (TCP) applications such as file transfer, this allows DMPO to monitor packet detection and retransmit any missing packets. This protects end applications from detecting packet loss.
  •  Application-Aware Overlay Quality of Service (QoS): Out of the box, it is able to create policies based on hundreds of known applications and apply QoS.

How does VeloCloud support remote users?

VeloCloud supports remote users through its VMware Secure Access service. The VMware Secure Access solution unites its SD WAN and Workspace ONE solutions. VMware Secure Access uses a zero-trust network access service model and users are mapped to individual application policies. VeloCloud’s solution is cloud-hosted and is accessed through worldwide service nodes, this allows for significant reductions in latency and hair-pinning. VeloCloud provides a high level of support for remote users as remote usage is encapsulated within the SD-WAN fabric for consistency and a high degree of performance. The Workspace ONE solution uses unified access gateway as a service to reduce overheads in comparison to legacy VPNs and improve scalability. The cloud hosted service provides congruous policy enforcement across all users. 

Which connectivity underlay services are supported?

VMware VeloCloud services support MPLS, Cable, DSL and LTE underlays. 

Do VeloCloud manage and support SD WAN underlay?

VeloCloud’s offering is primarily focused on delivering overlay solutions and therefore do not manage and support SD WAN underlays first hand. Underlays are instead provided, supported and managed by third party partners. VeloCloud has strong partner channels which means that there are many possible options for underlay services. 

What is the VeloCloud managed services solution?

VeloCloud provides a strong managed services solution. VeloCloud’s offering provides dynamic multipath optimisation, dynamic virtual paths, centralised management and offers visibility of application performance on one managed device. VeloCloud’s managed services solution for enterprise customers consists of hardware, software and services. This requires SD WAN Appliances to be deployed in each branch office, with a data core placed in the datacenter. The SD WAN Orchestrator is deployed within the data centre and allows users to configure and manage supported devices.

Service providers that deploy Velocloud can use multiple links to configure traffic steering to provide consistent application access and higher bandwidth levels. Some service providers may deploy the managed service solution using three-tier service levels to ensure smooth roll out and operation.

Employing a fully managed solution improves application availability and WAN consistency for a monthly fee with no need to self-manage or deploy. Some services that are offered by service providers can include: performance reporting, design, installation and 24 hour management and monitoring. This allows IT management to outsource standard operations, ensuring the ability to focus on core business needs. 

What reporting and management is available via the VeloCloud portal?

The VeloCloud portal is encompassed by the VMware SD WAN Orchestrator (See What is the VeloCloud SD WAN Solution?). The VMware SD WAN Orchestrator provides access to a self-service web portal for configuration of policies and  monitoring. The VMware SD WAN orchestrator is built on API-driven architecture for ease of  integration and the enterprise and service provider portals provided both use granular, role-based access. The VeloCloud portal uses a scalable control pane and provides: Network, Application, Host metrics, Quality of Experience score and Diagnostic Application reports. The management and reporting available via the VeloCloud portal allows for more efficient troubleshooting and the ability to resolve network issues faster through the analysis of network and application performance. 

Does VeloCloud offer DIY and Co-managed SD WAN?

VeloCloud does not offer DIY or Co-managed SD WAN and instead this offering is provided as a fully managed solution by VeloCloud partner service providers. This reduces risk as it capitalises on service provider facilities, expertise and economies of scale. A fully managed service provides resiliency due to 24 hour monitoring by service providers that improves performance and reliability in application delivery, which as a result of minimal application outage will improve employee productivity. 

What is the VeloCloud SLA?

Service

Availability Commitment 

VMware SD-WAN

99.99%

VMware Secure Access

99.90%

VMware Cloud Web Security

99.99%

 

VMware SD-WAN unavailability and SLA events:

SLA Event

Description

Data Plane Event 

Measured by VMware log files or trouble ticket, period > 1 minute in which the SD-WAN controller/gateway is unable to receive or transmit IP packets.

Control and Management Plane (CMP)

Inability of the SD-WAN orchestrator to monitor or configure edges for a period > 30 seconds.

 

VMware Secure Access unavailability and SLA events (Determined by VMware monitoring tools):

Unavailability

Description

Login Issues

For a period > 1 minute users and admins are unable to use correct credentials to login. 

VMware Workspace ONE VEM Console Issues

For a period > 1 minute admins unable to connect to network connected and enrolled remote devices using the Workspace ONE VEM Console. 

 

VMware Cloud Web Security unavailability and SLA events (Determined by VMware monitoring tools):

Unavailability

Description

Process Request Delay

Period > 1 minute in which there is a delay of over two seconds for the system to process requests.

Management APIs/UI

Period > 30 seconds where management APIs or UI is unreachable. 

Authentication Request Delay 

Period > 1 minute in which there is a delay of over eight seconds for the authentication service to process requests.

Focus

Proposition Focus

20%
20%
20%
40%
Managed services
SASE security
Portal
SD WAN

Cloud Focus

30%
40%
30%
AWS
Azure
Google

Other Focus

40%
35%
25%
Remote users
Simplicity
Complex requirements

Comparisons

Current Vendor
VeloCloud

Add to Compare

Additional Vendors

Add to Compare

Aryaka

Add to Compare

Versa

Add to Compare

VeloCloud

Once you have submitted, Netify will use your IP location to put you in touch with your local VeloCloud vendor contact.

Once you have submitted, VeloCloud will be in contact to provide availability. Your data will not be shared outside of VeloCloud and you will not be added to any mailing lists.

Please provide the following details:

Compare Vendors
Compare
Remove All