Why Your SD-WAN Dashboard Is Lying to You
Your SD-WAN orchestrator shows green across all sites. Every circuit is up. Every tunnel is healthy. Every WAN path is reporting normal latency. And somewhere in your organization, a finance director is telling IT that the ERP system has been slow for three weeks.
This is the SD-WAN observability gap — and it affects the majority of enterprise SD-WAN deployments, including ones running purpose-built platforms. The dashboard is accurate on what it measures. The problem is what it doesn't measure.
What Native SD-WAN Dashboards Actually Measure
Most SD-WAN orchestrators, including mature platforms like VMware VeloCloud (now VMware SASE), excel at measuring the transport layer: circuit availability, tunnel health, latency and jitter between edge nodes, and failover event history. These metrics are essential. They tell you whether the WAN path exists and whether it's within normal parameters.
What they don't tell you: whether a specific application is actually performing for end users at a given site, whether a SaaS application's cloud endpoint is the performance bottleneck rather than the WAN path, whether DNS resolution is adding latency that doesn't appear in ICMP-based path testing, or whether a degradation that looks like a WAN event is actually an application server issue, a cloud provider issue, or a local LAN problem at the branch.
The native dashboard answers "is the circuit up?" It rarely answers "is the application working for users at this site right now?" Those are materially different questions.
The Consequence: False Confidence
The operational consequence of the SD-WAN observability gap is a specific and recurring failure pattern. IT operations runs its monitoring cadence, sees green dashboards, and closes out any open tickets with "WAN is healthy, no issues detected." Meanwhile, application experience for users at distributed sites degrades — not catastrophically, not in a way that triggers automated alerts, but in a way that accumulates.
By the time the complaint reaches IT in an escalated form, it's often been going on for weeks. Investigating it requires pulling logs, testing specific application paths, correlating telemetry from multiple tools, and reconstructing a timeline that the native SD-WAN dashboard can't provide.
This isn't a failure of the SD-WAN platform. VMware VeloCloud's application-aware routing and dynamic path selection are genuinely sophisticated. The issue is that a network platform's built-in observability is optimized for network operations, not for the application performance conversations IT leaders have with business stakeholders.
What Closing the Gap Actually Requires
True SD-WAN observability requires instrumentation at multiple layers, correlated in a way that lets you answer the application-level question from network-level data.
Application path visibility. You need per-application latency, packet loss, and jitter measurements from edge to destination — not just edge-to-edge tunnel health. This means testing application-specific paths to cloud-hosted SaaS endpoints, not just between your SD-WAN edges. Salesforce and Microsoft 365 performance depends on the path from your branch to the nearest cloud PoP, and that path doesn't appear in your SD-WAN orchestrator's circuit health view.
Synthetic monitoring. Passive monitoring tells you about traffic that occurred. Synthetic monitoring — generating test transactions that simulate real application behavior — tells you about performance even during low-traffic periods and provides consistent baselines for trend analysis.
Cross-domain correlation. A branch application performance problem may be caused by the WAN transport, the SD-WAN overlay configuration, the cloud endpoint, the local LAN, a DNS issue, or the application itself. Closing the gap requires telemetry from all of these layers correlated in a single view, not five separate dashboards you're manually reconciling.
How Aegis Closes the Gap
IVI's co-managed SD-WAN service is built on VMware VeloCloud — but the operational layer that makes it work is Aegis Performance Monitoring. Aegis extends the native VeloCloud observability with application-path testing, synthetic monitoring, cross-domain correlation, and the dashboards and alert logic that close the gap between "circuits are healthy" and "applications are performing."
The specific things Aegis adds beyond native VeloCloud monitoring: per-application performance visibility — not just WAN path health, but measured performance for the applications your business depends on: Microsoft 365, Salesforce, SAP, your cloud ERP, your video conferencing platform. Measured from the branch, to the cloud endpoint, with alerting configured against your application-specific thresholds.
Purpose-built dashboards for your environment — showing the metrics that matter to your operations team and the business, not the default network operations views that SD-WAN vendors ship. A dashboard that shows "Microsoft Teams voice quality: sites with degraded MOS score" is more actionable than "Circuit jitter: 4ms."
Making It Actionable
Test your SD-WAN observability against a specific application performance scenario. Pick an application that users at a branch site access regularly. Can you determine, from your current monitoring, whether performance for that application at that site is within acceptable bounds right now? If the answer requires logging into three different tools, it's a gap.
Understand what your SD-WAN platform measures natively vs. what requires external instrumentation. VeloCloud has strong path health monitoring. Application performance monitoring for specific SaaS endpoints requires configuration and, in many cases, additional tooling. Know the difference so you're not surprised when a user complaint reveals a blind spot.
Ask your managed service provider what they monitor, not just whether they monitor. "24/7 monitoring" without specificity about what's being monitored and at what layer is marketing language. Ask for the specific metrics, the alert configurations, and the dashboard views.
Key Takeaways
- SD-WAN dashboards measure circuit health, not application performance — creating a gap between "WAN is up" and "applications work for users"
- Application performance problems often manifest gradually over weeks, below alert thresholds but above user tolerance levels
- True SD-WAN observability requires synthetic monitoring, application-path testing, and cross-domain correlation beyond native platform capabilities
- Alert calibration against observed baselines prevents false positives that train teams to ignore genuine performance issues
- Managed service providers should specify what metrics they monitor and at what layers, not just claim "24/7 monitoring"