VeloCloud Cloud-Delivered WAN

Fast. Simple. Secure.

KUHN CONSULTING GmbH

Agenda

1. Overview and company presentation

2. Solution presentation

3. Main benefits to show to customers

4. Deployment models

KUHN CONSULTING GmbH

VeloCloud Company Background
• Re-defining Enterprise
Wide Area Networks
– Cloud-Based Software Defined
Wide Area Network
– Expand the WAN without
replacing it (migration)
– Slash the costs of Wide Area
Networking (WAN)
• Company Background
– Founded in 2012
– 85 headcounts
– Team from leading Networking,
Cloud and Virtualization
companies
– Backed by NEA, Venrock, March
Capital, Cisco Investment and
The Fabric

KUHN CONSULTING GmbH

VeloCloud’s Innovative WAN Solution

Cable/
Enable the use of lower cost Internet as a WAN
DIA while maintain application performance
LTE/DSL
MPLS

Simplify WAN/branch deployment, configuration,

monitoring, and remote troubleshooting

Provide flexible WAN architecture for accessing

both on-premise applications and SaaS

KUHN CONSULTING GmbH

Cloud Delivered SD-WAN

WAN Services Orchestration

Business Policy Definition
Network Services Insertion

Dynamic Multi-Path
Cloud VPN
Smart QoS
Next Gen Firewall
Application Performance Monitoring

Cloud Network

MPLS CABLE
Edge DC Edge
Branch LTE DSL
Enterprise DC

KUHN CONSULTING GmbH

 VeloCloud Cloud-Delivered SD-WAN

VeloCloud’s network service consists of 3 key components: Orchestrator, Cloud Gateways, Edge

1 Orchestrator

Cloud DC SaaS

Edge Cloud Gateways

3 2 Non-VeloCloud
Branch Sites
Site

• Zero touch, thin branch auto provisioned from cloud

• Cloud orchestration eliminates complexity
• Direct path to enterprise and cloud apps
• Scalable, redundant, pay-as-you-go cloud network

KUHN CONSULTING GmbH

Cloud-Delivered SD-WAN For Enterprise

• Public and private links • On-prem or cloud apps • DC headend optional

Hybrid
Cloud
Orchestrator

Cloud DC SaaS

Dynamic Multi-path
Optimization INTERNET

Branch Site Public Cloud

VeloCloud Gateways
Edge Enterprise DC

Enterprise
Data Center

VeloCloud
PRIVATE/MPLS Edge
Enterprise DC

KUHN CONSULTING GmbH

VeloCloud Edge Portfolio
• Optimized appliances for zero touch, multi-WAN flexibility
• Virtual Edge option
Shipping
today for
400M
service

1Gb
VeloCloud Edge 1000
• 1Gbps
Shipping • 8 x configurable L2/L3 GE
today up
ports, 2 x SFP+ ports, 1 x USB
to 200M
service

500Mb VeloCloud Edge 5x0 Series

• 100, 200, 400 Mbps
• Up to 8 x L2 GE ports, 2 x L3 GE ports,
2-SFP ports, 4 x USB, PoE
• Integrated 802.11ac/n WiFi
VeloCloud Edge 50
50Mb • 50 Mbps

Teleworker / Mobile Team / Branch Office HQ / Datacenter /

Satellite Office Large Branch

KUHN CONSULTING GmbH

Dynamic Multi-Path Optimization

App performance over broadband, LTE and private circuits

WAN Monitoring
Automatic capacity testing
Continuous link & path quality monitoring

App Steering
Aggregate Links
App Aware per Packet Steering
Optimal link & path across Internet
and private

Link Remediation
Error & jitter correction
Automatic steering for brownouts/blackout

https://www.youtube.com/watch?v=mdNbNn4Ucy4 (2:50 - 5:30)

KUHN CONSULTING GmbH

 Cloud VPN Deployment
• Automatic VPN setup
• Interoperable IPsec for no touch DC and cloud DC
• End to end encryption
• Dynamic branch to branch

Amazon AWS or
Microsoft Azure

Branch Site

Non-VeloCloud
Enterprise DC

Enterprise DC

KUHN CONSULTING GmbH

VeloCloud Application Recognition

Learning database
Deep Packet Inspection Cached DPI result to Cloud service directory
Application recognition assist with first packet Up-to-date database of
& application metadata classification cloud service IPs

VeloCloud Deep Application Recognition

3000+
Applications

KUHN CONSULTING GmbH

 Ease of Network Services Insertion
• One-click service insertion
• Virtual services platform at branch
• Optimized performance to remote cloud and
centralized enterprise services
• Partner ecosystem

Other Web traffic

Salesforce.com Internet

Web email

Branch Site

Enterprise DC
Or
Regional Hubs
On Premise
Email DLP

KUHN CONSULTING GmbH

Enterprise Account Creation

KUHN CONSULTING GmbH

Rapid Branch Rollout
$200-$2000 per truck roll $0 truck roll

Traditional WAN Deployment VeloCloud Zero Touch Deployment

 Truck roll and IT personal required to configure &
deploy new branch. No centralized control.
 Dependency on wired circuit delays branch bring up
and reduce productivity

No local IT touch. Drop ship the unit and activate.

Plug and play - auto-discover WAN links including
bandwidth and ISPs

Profile based configuration eliminates tedious
branch-by-branch configuration

Optional DC install greatly simplify branch bring-up

18

KUHN CONSULTING GmbH

Run Real-time Voice or Video

VeloCloud
The Internet fails Cloud-Delivered
to deliver UC SD-WAN

17%
of the time*
> 99%
of the time*

Traditional WAN VeloCloud SD-WAN for UC

 Poor Internet performance affects voice and
Deliver high quality voice and video over the
video quality Internet

 High cost from using MPLS to deliver high
Dynamic error correction mitigates network
quality voice and video issues and assure voice ad video performance

* Source: VeloCloud IQR Q2/2015

KUHN CONSULTING GmbH

Combine All WAN Links with Intelligent Link Bonding

Poor WAN link utilization with active/standby 2-3x higher throughput, better app performance

Enterprise Enterprise
Backup Backup

Traditional WAN VeloCloud Cloud-Delivered SD-WAN

 Typical setup is active/standby WAN. Complex
Per-packet load balancing utilizes all links to
routing protocol tuning required to enable maximize throughput even for single traffic flow, e.g.
active/active. large backup

 Link performance degradation will severely affect
Real time link performance awareness on-demand
throughput remediation ensures maximum possible throughput

KUHN CONSULTING GmbH

Any WAN Services Anywhere

Deploy stack Backhaul Complexity of

of branch OR everything OR redirecting to
appliances cloud services
DLP

Traditional Approach to WAN Services VeloCloud’s Flexible Service Insertion

 Deploy local branch services requires additional
appliances and is difficult to manage
 Centralize service requires backhauling that increases
latency and impact performance
 Utilize services in the cloud requires complex routing
configuration

Per-application service insertion policy

Run local services, e.g. firewall, IPS on the VeloCloud
hardware. Keep the branch lean.

Backhaul select applications to services in the DC

Chain cloud services for specific application, e.g. Web
browsing is subjected to cloud Web security

KUHN CONSULTING GmbH

Connect to Virtual Private Cloud (VPC)
Traditional WAN to VPC
 Complex to setup. Require full mesh tunnel
from every branch to VPCs
 Poor Internet performance impacts user
productivity
VeloCloud SD-WAN to VPC

Simple to setup – VeloCloud Gateway
eliminates mesh tunnel requirement to VPCs

Centralized policy to control branch VPC
access

High performance, secure connectivity
KUHN CONSULTING GmbH
VeloCloud HA Overview

• Active and standby edges

ISP1 ISP2 negotiate role
• Standby edge blocks all ports
except the failover link (L1)
• Failover link communicates
I am W2 W2 I am state information, heartbeat,
active W1 W1 standby and surrounding status, e.g.
L1 L1 WAN and LAN ports status
L2 L2

Failover
link

KUHN CONSULTING GmbH

VeloCloud HA Design – L2 Switch

ISP1 ISP2 • The same ISP link mush be connected to the

same port on both Edges
Internet – Use L2 switch to make the same ISP link
Router/CPE
available to both edges
L2 • The standby edge does not interfere with any
Switch traffic by blocking all its ports except the
failover link (L1 port)
W1 W2
• The session information is synchronized
L1 L1 between active and standby edge through the
failover link
• If the active edge detects lost of LAN link it will
also failover to another edge assuming it has
active LAN link
L2
Switch

KUHN CONSULTING GmbH

VeloCloud HA Design – L3 Switch

ISP1 ISP2 • HSRP/VRRP required on the L3 switch pair

• VCE’s static route points to the L3 switches’
Internet HSRP VIP as next hop to reach the end
Router/CPE
stations behind L2 switches
L2 • The same ISP link mush be connected to the
Switch same port on both Edges
– Use L2 switch to make the same ISP link
W1 W2
available to both edges
L1 L1 • The standby edge does not interfere with any
traffic by blocking all its ports except the
HSRP/VRRP failover link (L1 port)
L3
Switch • The session information is synchronized
between active and standby edge through the
L2 failover link
Switch • If the active edge detects lost of LAN link it will
also failover to another edge assuming it has
active LAN link

KUHN CONSULTING GmbH

 VeloCloud Hybrid WAN Architecture

WAN Headend
Gold Site
Dual L3
switches To core switch
(Campus/DC)

Silver Site
Single L2/L3
switch

Legacy Site
MPLS with
Existing
VPN backup
VPN hub
Bronze Site
Single/dual
Internet

KUHN CONSULTING GmbH