Security breaches are on the rise. SD-WAN can help.

Today applications are in the cloud; BYOD is ubiquitous; the use of cellular and broadband transport is common to augment MPLS or connect sites that MPLS cannot reach. These shifts have expanded the attack surface of the network, while simultaneously obscuring IT visibility. Enter VMware NSX SD-WAN by VeloCloud, with a uniquely flexible architecture that meets your security needs, whether your business is on-premises-centric, cloud-centric, or a combination.




Security, Simplified

Pivotal security features required by a headless SD-WAN, or to secure cloud-destined traffic without hairpinning it through the data center, can leverage hosted security facilities, both for VPN termination, as well as for insertion of other services including firewalling and cloud-based-security (such as Zscaler). The VNF capabilities supported on the NSX SD-WAN Edge additionally allow security service insertion in the branch.


Flexible Architecture

NSX SD-WAN accommodates the needs of even the most security sensitive business. It also returns to corporate IT the security, compliance and control it needs to be safe.


With NSX SD-WAN, you gain unprecedented visibility into the use of data center or SaaS applications. It returns to corporate IT the security, compliance, and control it needs to be safe.

Service Insertion

NSX SD-WAN applies network-wide security policies and inserts local, third-party and cloud security services wherever and whenever they are needed.

Deployment Models 

The singular flexibility of NSX SD-WAN allows the solution components – the SD-WAN node (single and multi-tenant for on-premises and cloud), NSX SD-WAN Orchestrator, NSX SD-WAN Controller – to be deployed in multiple different architectures, including the following.


All On-Premises


This architecture, where all components of the WAN are located on premises, addresses the needs of networks that have not yet migrated to the cloud and prefer traffic to flow to the data center.


Hosted NSX SD-WAN Orchestrator/Controller


Management and control (provisioning, configuration) is cloud-delivered, while data continues to flow on-premises between SD-WAN nodes that remain on-premises.


Hosted NSX SD-WAN Orchestrator/Gateway


Management and control (provisioning, configuration) is cloud-delivered. Cloud Saas/IaaS traffic is directed to the cloud SD-WAN node, while data center traffic continues to flow directly to the data center node.

Related Resources

Secure Your Network for Cloud

Learn new approaches that strengthen and simplify your security posture.

SD-WAN Security Architectures

Learn the pros and cons of various SD-WAN security architectures.

Next-Gen Security for the Branch

Explore the use cases of next-geneartion enterprise WAN.