In the VeloCloud segment-aware topology, different VPN profiles can be enabled for each segment. For example, Guest traffic can be backhauled to remote data center firewall services: Voice media can flow direct from Branch-to-Branch based on dynamic tunnels, and the PCI segment can backhaul traffic to the data center to exit out of the PCI network.
You can create segments in the Segments window ( Configure > Segments in the navigation panel).
- CDE (Cardholder Data Environment). The CDE type is for customers who require PCI and want to leverage the VeloCloud SD-WAN PCI certification.
Beginning with the 3.1 release, VeloCloud provides PCI certified VeloCloud SD-WAN service. For customers who have PCI certified VeloCloud SD-WAN, they must create a segment for PCI traffic and assign the type as CDE. VeloCloud hosted Orchestrator and Controller will be aware of the PCI segment and in the PCI scope. Gateways (marked as non-CDE Gateways) will not be aware or transmit PCI traffic and will be out of PCI scope.
The following table describes the fields displayed in the Segments screen.
|Segment Name||Name of segment (up to 256 characters).|
|Description||Description of segment (up to 256 characters).|
|Type||Regular or CDE.|
|Delegate To Partner||By default, this is selected. If unselected, the Partner cannot change configs within the segment, including the interface assignment.|
|Delegate To Customer||By default, this is selected. If unselected, the Customer cannot change configs within the segment, including the interface assignment.|