In the VeloCloud segment-aware topology, different VPN profiles can be enabled for each segment. For example, Guest traffic can be backhauled to remote data center firewall services: Voice media can flow direct from Branch-to-Branch based on dynamic tunnels, and the PCI segment can backhaul traffic to the data center to exit out of the PCI network.

You can create segments in the Segments window ( Configure > Segments in the navigation panel).

There are two types of segments:
  • Regular
  • CDE (Cardholder Data Environment). The CDE type is for customers who require PCI and want to leverage the VeloCloud SD-WAN PCI certification.

Beginning with the 3.1 release, VeloCloud provides PCI certified VeloCloud SD-WAN service. For customers who have PCI certified VeloCloud SD-WAN, they must create a segment for PCI traffic and assign the type as CDE. VeloCloud hosted Orchestrator and Controller will be aware of the PCI segment and in the PCI scope. Gateways (marked as non-CDE Gateways) will not be aware or transmit PCI traffic and will be out of PCI scope.

configure-segments

Note: For information about the Service VLAN column in the Segments screen, see Step 3 "Define Mapping between Segments and Service VLANs (Optional)" in Configuring VNFs.

The following table describes the fields displayed in the Segments screen.

Field Description
Segment Name Name of segment (up to 256 characters).
Description Description of segment (up to 256 characters).
Type Regular or CDE.
Delegate To Partner By default, this is selected. If unselected, the Partner cannot change configs within the segment, including the interface assignment.
Delegate To Customer By default, this is selected. If unselected, the Customer cannot change configs within the segment, including the interface assignment.