Taking Hybrid WAN Further

By Steve Woo
Co-Founder and Vice President of Products, VeloCloud
October 27, 2014

Hybrid WAN is getting a lot of airplay lately. Its time has come. Gartner analyst Bjarne Munch recently published an insightful report called “Hybrid Will Be the New Normal for Next Generation Enterprise WAN”. This report includes VeloCloud as one of the solution vendors capable of delivering a hybrid WAN.

Hybrid refers to using a mix of public Internet with private circuits for enterprise WAN transport as shown in the first panel of the graphic below.  In this blog I will talk about the additional two ways to take the hybrid WAN further as shown..

Hybrid WAN


The reasons driving the adoption of hybrid WAN are numerous and include:

  • Branch offices need reliable and direct connectivity to cloud services
  • Broadband Internet delivers magnitudes better price performance
  • Critical applications require better availability than individual private circuits
  • Broadband provides fast turn up before long lead time private circuits are provisioned

Optimized Hybrid WAN

Hybrid WAN architectures should enable the use of broadband Internet services, along with private networks, as both an integrated and active part of the WAN. The use of broadband Internet simply as a separate network for uses such as guest web surfing, or as a standby network in cases of failure does not capture the benefits of a true hybrid WAN.

Broadband Internet does not have the same predictable performance, capacity or reliability as private circuits. Thus businesses that have already starting using the Internet, are often still using it for less critical purposes. However businesses that want to leverage the cost and other advantages of broadband are becoming increasingly application centric and therefore dependent on a private network like experience. Therefore next generation hybrid WANs architectures should not only integrate broadband but also apply technologies to give it enterprise grade performance and availability.

VeloCloud’s solution for providing enterprise grade performance is what we call “dynamic multi-path optimization”. Broadband, as well as private network capacity and performance is continuously monitored. Traffic by application and business priority is then dynamically steered to the best link and path at each moment in time. This dynamic use of different services delivers the advantage of virtualization. If necessary, on-demand remediation techniques such as error correction and jitter buffering are also automatically applied. Another key benefit is the enhanced visibility across multiple sites and providers.

Optimized hybrid WAN also improves reliability over single MPLS connections, as well as better availability than MPLS with Internet failover that is not seamless.

Hybrid Deployment As Well

Solutions for deploying hybrid WAN transport should also leverage a hybrid deployment model. Technology for deploying and optimizing hybrid WAN transport should not be restricted to traditional on-premise deployments.  On-premise deployments might suffice to leverage broadband Internet to access private datacenters and applications, but still add more IT effort and complexity.  Recall that one of the key drivers of hybrid WAN is the need to access cloud applications and datacenters.  On-premise only solutions for enabling hybrid WAN result in suboptimal backhauling of traffic and thus fail to fully leverage the Internet as an ideal transport for accessing the cloud!  To not only integrate broadband Internet, but to optimize the performance requires dual-ended or symmetrical solutions so the location of headend services is a requirement that must be addressed.

Cloud-Delivered SD-WAN

VeloCloud’s solution delivers on the promise of hybrid WAN by not only leveraging the Internet for transport but also leverages the advantages of the cloud for a hybrid deployment architecture.

Mirroring the migration of datacenters and applications to the cloud, the network infrastructure supporting the datacenter and applications should also be deliverable from the cloud.  In addition to providing the optimal, most direct access to applications for superior performance, additional advantages include:

  • Ease of deployment
  • Ability to monitor and control paths including peering through the internet difficult to achieve with on-premise deployments

As a hybrid deployment architecture, while some capabilities should be delivered from the cloud, the ideal combination includes the capabilities offered by an on-premise footprint via a CPE appliance at the remote branch combined with gateways distributed throughout the cloud.

While cloud delivered services have significant advantages for datacenter infrastructure, cloud only services has disadvantages for supporting the branch.

First, it is logistically difficult to locate cloud services near to the widely distributed branch offices. Second, unlike datacenters fitted with highly available, high capacity bandwidth to access nearby or co-located cloud services, enterprise branches have a “last mile” problem that cannot be covered by distant cloud only solutions. Alternatively, attempts to address this need for on-premise, last mile services without a purpose built appliance results in added IT complexity at the remote site.

Flexible Datacenter Deployment

As outlined in earlier sections, distributed cloud gateways provide the ideal architecture for supporting cloud datacenters and SaaS applications. For private datacenters the key advantage is that no IT installation is required.

However there are scenarios where the benefits of having an on-premise deployment in the datacenter outweighs the disadvantages. When the datacenter connectivity is not robust enough, then having the optimization all the way is desired. For supporting hybrid connectivity, the only way to insert gateway services into the private connection is via an on-premise presence. Finally, single management provisioning and monitoring for an end to end installation can be achieved including the VPN configurations. The disadvantage of course is the requirement to install additional functionality, whether an appliance or virtual appliance in the datacenter.

Flexible datacenter deployments can support both alternatives. This topology shows a hybrid WAN where public and private networks are parallel. Alternatively, Internet only branches can connect using either on-premise or cloud gateways to regional HQ or datacenters that provide access to the rest of the private network infrastructure. I will discuss this powerful hybrid WAN design for a tiered branch architecture in more depth in my next blog.


Hybrid WANs leverage both private networks as well as broadband Internet in an integrated architecture. Technology to optimize the performance of applications over the hybrid WAN, particularly to address the unpredictable performance of Internet connectivity is a requirement. Additionally, hybrid deployment is an ideal architecture for building a hybrid WAN.  The uniquely powerful VeloCloud approach effectively combines a zero IT touch branch appliance with both distributed gateways in the cloud as well as on-premise datacenter appliances.

VeloCloud Hybrid WAN Architecture

CLICK HERE to download whitepaper by industry expert Dr. Jim Metzler titled “The Need to Rethink the WAN.”


Add a comment.

Acclaim for VeloCloud

Hear what leading enterprises are saying about VMware SD-WAN by VeloCloud™.