SD-WAN technology vendor
Arista / VeloCloud
Arista announced acquisition of VeloCloud portfolio; VeloCloud architecture historically includes cloud-delivered SD-WAN gateways.
Netify profile
Arista / VeloCloud in depth
Platform and architecture
VeloCloud, now under Arista Networks after passing through VMware and Broadcom, popularised cloud-delivered SD-WAN: lightweight edges, a large fabric of cloud gateways (700+ across 200+ PoPs) and Dynamic Multipath Optimisation that remediates loss and jitter in real time. Orchestration is multi-tenant SaaS. Arista is integrating VeloCloud with its switching and observability portfolio under the CloudVision umbrella.
Security and SASE capability
VeloCloud's native security covers stateful firewalling and segmentation, with SASE delivered through partner SSE integrations rather than a deep first-party stack; pairings with Zscaler, Netskope and Symantec are long established. Buyers wanting single-vendor SASE depth should look elsewhere; buyers wanting a proven network layer under best-of-breed SSE find VeloCloud a strong fit.
Service, support and channel
VeloCloud built the largest carrier managed-service footprint in SD-WAN: AT&T, Lumen, Colt, Vodafone and many others run VeloCloud-based offers, and that channel remains the most common consumption route. Direct and DIY are available with 24x7 vendor support. UK availability through carriers and MSPs is broad.
Commercials and the Netify verdict
Subscription per edge by bandwidth tier, quote based, historically aggressive through carrier deals. The Netify verdict: shortlist VeloCloud for branch-heavy estates on imperfect transport where DMPO still earns its keep, especially when buying through a carrier you already trust. Seek written clarity from Arista on roadmap and SSE strategy as the integration settles.
Questions
Arista / VeloCloud: common buyer questions
What happened to VMware SD-WAN?
Broadcom acquired VMware and subsequently sold the VeloCloud SD-WAN business to Arista Networks. The platform, gateways and orchestration continue, with Arista integrating it alongside its switching and CloudVision tooling. Ask for current roadmap commitments during procurement.
How does DMPO improve application quality?
Dynamic Multipath Optimisation continuously measures each path, steers packets per application, and applies forward error correction and jitter buffering when links degrade. Voice and video stay usable on broadband-grade links, which built VeloCloud's reputation.
Is VeloCloud a full SASE platform?
Not single-vendor. Native security is firewalling and segmentation, with SSE delivered via partners such as Zscaler or Netskope. Treat VeloCloud as the network layer of a dual-vendor SASE rather than a one-stop security stack.
Key differentiators
- VeloCloud was an early SD-WAN platform with strong cloud-delivered gateway architecture; now under Arista following the 2025 acquisition.
- Multi-tenant design has made VeloCloud common in carrier and MSP managed services.
- Application-aware routing and dynamic path selection are mature capabilities with substantial deployment history.
Best fit for
- Enterprises consuming VeloCloud through a managed service provider (Vodafone UK, others).
- Service providers running multi-tenant SD-WAN at scale.
- Buyers comfortable with a platform in transition under new ownership.
Watch-outs
- Platform is mid-transition from VMware/Broadcom to Arista; product roadmap, naming and integration story will evolve.
- Security and SASE capabilities are largely partner-integrated rather than native.
- Direct enterprise sales motion is less established than legacy vendors; most consumption is via managed providers.
40 features, 6 categories
Capability matrix
Each capability is graded against public source evidence. Hover any status grade for a definition. Where evidence is limited, the grade reflects that uncertainty rather than assuming the capability is present.
Service delivery and operating model
| # | Capability | Status | Definition |
|---|---|---|---|
| F01 | Fully managed service | Partner / integrated | Provider designs, deploys, monitors, changes, supports and reports on the service. |
| F02 | DIY / self-managed model | Yes | Customer operates SD-WAN controller, policies, updates and incident response. |
| F03 | Co-managed service | Partner / integrated | Provider runs platform/support while customer retains selected policy or change rights. |
| F04 | Multi-tenant MSP / white-label support | Yes | Tenant isolation, delegated administration, branded portals, templates and service-provider scale. |
| F05 | Professional services and migration support | Partner / integrated | Discovery, design, pilot, staging, migration runbooks, rollback and training. |
| F06 | Last-mile circuit management | Partner / integrated | Sourcing, monitoring and support for broadband, DIA, LTE/5G, MPLS and cross-connects. |
| F07 | Lifecycle management | Partner / integrated | Hardware replacement, firmware upgrades, patching, renewals and EoL planning. |
| F08 | Flexible commercial model | Yes | Per-site, per-bandwidth, per-user, per-device, consumption, NaaS or bundled pricing. |
Network architecture and transport
| # | Capability | Status | Definition |
|---|---|---|---|
| F09 | Encrypted overlay fabric | Yes | Secure tunnels across broadband, DIA, MPLS, LTE/5G, satellite or private WAN. |
| F10 | Dynamic path selection | Yes | Real-time routing based on latency, jitter, packet loss, brownouts, MOS and policy. |
| F11 | Active-active link utilisation | Yes | Use multiple links concurrently rather than passive backup only. |
| F12 | Application-aware routing | Yes | Identification and routing for SaaS, UCaaS, ERP and custom applications. |
| F13 | QoS and traffic shaping | Yes | Per-application and per-class prioritisation, reservation and policing. |
| F14 | Packet loss remediation | Yes | FEC, packet duplication, jitter buffering, TCP optimisation and WAN optimisation. |
| F15 | Local internet breakout | Yes | Secure direct internet access from branch sites. |
| F16 | MPLS coexistence and migration | Yes | Hybrid MPLS/internet/cellular during transition. |
| F17 | Cellular and 5G support | Partial | Integrated/external modem, SIM management, signal monitoring and failover. |
| F18 | Cloud on-ramp | Yes | Automated/simplified connectivity to AWS, Azure, Google Cloud, Oracle, Equinix, Megaport and SaaS. |
Gateway, PoP and backbone design
| # | Capability | Status | Definition |
|---|---|---|---|
| F19 | Public cloud gateways | Yes | Vendor-operated gateways/PoPs for SaaS optimisation, remote access or security enforcement. |
| F20 | Private PoPs / dedicated PoPs | Unknown | Customer-hosted, dedicated or sovereign PoP options. |
| F21 | Private global backbone | Unknown | Vendor-owned or controlled backbone between PoPs. |
| F22 | Regional breakout and data residency | Partner / integrated | Pin traffic to countries, regions or approved inspection locations. |
| F23 | Multi-cloud transit fabric | Yes | Branch-to-cloud, cloud-to-cloud and user-to-cloud connectivity under common policy. |
| F24 | Flexible edge form factors | Yes | Physical, virtual, cloud marketplace, container or uCPE. |
| F25 | High availability design | Yes | Dual appliances, dual circuits, dual power, HA clustering and gateway redundancy. |
| F26 | SLA-backed service fabric | Partner / integrated | SLA for uptime, response, change handling and possibly latency/jitter/loss. |
Security and SASE capability
| # | Capability | Status | Definition |
|---|---|---|---|
| F27 | Integrated next-generation firewall | Partial | Stateful firewall, app control, IPS/IDS, malware inspection and URL filtering. |
| F28 | Full SASE platform | Partner / integrated | SD-WAN plus SWG, CASB, ZTNA, FWaaS, DLP, RBI, DNS security and threat prevention. |
| F29 | SSE ecosystem integration | Yes | Interoperation with Zscaler, Netskope, Palo Alto Prisma Access, Cisco Secure Access, Cloudflare etc. |
| F30 | Zero Trust Network Access | Partner / integrated | Identity and posture-based access to private applications. |
| F31 | Secure web gateway | Partner / integrated | URL filtering, SSL inspection, malware scanning and acceptable-use controls. |
| F32 | CASB capability | Partner / integrated | SaaS discovery, sanctioned/unsanctioned app control and SaaS policy enforcement. |
| F33 | Data loss prevention | Partner / integrated | Data classification, inspection, blocking, alerting and exception workflow. |
| F34 | Remote user access | Partner / integrated | Client or clientless access for remote workers, contractors and mobile users. |
| F35 | SOC/SIEM/SOAR integration | Yes | Syslog, APIs, event export, threat intelligence and workflow integration. |
Operations, assurance and automation
| # | Capability | Status | Definition |
|---|---|---|---|
| F36 | Centralised orchestration | Yes | Templates, intent-based policy, zero-touch provisioning and configuration compliance. |
| F37 | Customer portal and RBAC | Yes | Real-time status, role-based access, reporting, tickets and change requests. |
| F38 | Observability and digital experience monitoring | Yes | App experience, user experience, device health, SaaS telemetry and path analytics. |
| F39 | APIs and automation | Yes | REST APIs, Terraform, webhooks, event streaming and ITSM integration. |
| F40 | Managed service assurance | Partner / integrated | 24/7 NOC/SOC, proactive monitoring, incident ownership, RCA, service reviews and change governance. |
Commercial
Cost model and pricing visibility
Public pricing visibility
Quote-based. No complete public enterprise price was found in reviewed sources.
Cost model
Quote-based edge subscriptions/appliances/support; managed services commonly delivered by carriers/MSPs.
Evidence
Primary sources
Every capability grade traces back to one of these sources. Reviewed 2026-05-22.
Verification notes
Capability matrix sourced from Netify internal vendor research (May 2026). Status grades reflect public source evidence only. Confirm via RFP. Qualitative fields (differentiators, best fit, watch-outs) are Netify editorial synthesis based on the evidence summary and capability profile; review before publishing. Extended dimensions (regions, clouds, AI, resilience, deployment speed, sectors, organisation fit, identity, platforms, support, logging) are indicative desk research grades from June 2026; confirm via RFP.