Dynamic selection of a VPNC gateway based on user behavior

What is claimed is: 1. A method comprising: assigning criticality rankings to users based on one or more factors relating to behaviors of the users; determining, by a branch gateway comprising a hardware processor, whether a primary virtual private network concentrator (VPNC) gateway is healthy, wherein the primary VPNC gateway is from a plurality of VPNC gateways across one or more data centers, the primary VPNC gateway to receive forwarded traffic from devices of the users, including a first device of a first user and a second device of a second user; determining, by the branch gateway, whether a service is healthy, wherein the service is provided by a data center of the one or more data centers; and based on a determination that the service is not healthy or a determination that the primary VPNC gateway is not healthy; determining, by the branch gateway, whether the first user associated with the first device has a non-critical ranking and whether the first device from which first traffic is received is a new client device that has newly joined a network, based on a determination that the first user has the non-critical ranking and the first device is a new client device, dynamically selecting, by the branch gateway, a secondary VPNC gateway from the plurality of VPNC gateways across the one or data centers for communicating the first traffic from the first device forwarded from the branch gateway to the secondary VPNC gateway, determining, by the branch gateway, whether the second user associated with the second device has a critical ranking and whether the second device from which second traffic is received is a new client device that has newly joined the network, and based on a determination that the second user has the critical ranking or the second device is not a new client device, preserving, by the branch gateway, a selection of the primary VPNC gateway for communicating the second traffic from the second device forwarded from the branch gateway to the primary VPNC gateway. 2. The method of claim 1 , wherein determining that the primary VPNC gateway is healthy comprises: dynamically measuring a device health associated with the primary VPNC gateway; comparing the measured device health with a health/performance threshold; and determining that the measured device health is greater than the health/performance threshold. 3. The method of claim 2 , wherein the measured device health is associated with at least one of: a resource availability of the primary VPNC gateway or a performance of the primary VPNC gateway. 4. The method of claim 3 , wherein dynamically measuring the device health associated with the primary VPNC gateway comprises performing one of Transmission Control Protocol (TCP) health check, a User Datagram Protocol (UDP) health check, or an Internet Control Message Protocol (ICMP) health check for the primary VPNC gateway. 5. The method of claim 1 , wherein assigning a ranking to a user of the users comprises: calculating a user score for the user, wherein the user score is based on the one or more factors relating to a behavior of the user, and assigning a critical ranking or a non-critical ranking to the user based on the user score. 6. The method of claim 5 , wherein the one or more factors relating to the behavior of the user comprises one or more of: a location of the user, a bandwidth consumed by an application used by the user, a quality of service (QoS) of traffic associated with the user, a reputation of the user, a threat or security score of the user, or a role of the user. 7. The method of claim 5 , wherein the user score for the user dynamically changes over time as the one or more factors relating to the behavior of the user change. 8. The method of claim 1 , wherein the data center at which the service is provided is a first data center, the method comprising: based on the determination that the service is not healthy and based on the determination that the first user has the non-critical ranking and the first device is a new client device, dynamically selecting, by the branch gateway, the secondary VPNC gateway that is in a second data center different from the first data center. 9. The method of claim 1 , wherein dynamically selecting the secondary VPNC gateway comprises dynamically configuring a virtual routing and forwarding (VRF) route at the secondary VPNC gateway for traffic of the first user. 10. A system comprising: a branch gateway comprising a hardware processor and a non-transitory storage medium comprising instructions executable on the hardware processor to: assign criticality rankings to users based on one or more factors relating to behaviors of the users; determine whether a primary virtual private network concentrator (VPNC) gateway is healthy, wherein the primary VPNC gateway is from a plurality of VPNC gateways across one or more data centers, the primary VPNC gateway to receive forwarded traffic from devices of the users, including a first device of a first user and a second device of a second user; determine whether a service is healthy, wherein the service is provided by a data center of the one or more data centers; and based on a determination that the service is not healthy or a determination that the primary VPNC gateway is not healthy: determine whether the first user associated with the first device has a non-critical ranking and whether the first device from which first traffic is received is a new client device that has newly joined a network, based on a determination that the first user has the non-critical ranking and the first device is a new client device, dynamically select a secondary VPNC gateway from the plurality of VPNC gateways across the one or data centers for communicating the first traffic from the first device forwarded from the branch gateway to the secondary VPNC gateway, wherein the secondary VPNC gateway is different from the primary VPNC gateway, determine whether the second user associated with the second device has a critical ranking and whether the second device from which second traffic is received is a new client device that has newly joined the network, and based on a determination that the second user has the critical ranking or the second device is not a new client device, preserve a selection of the primary VPNC gateway for communicating the second traffic from the second device forwarded from the branch gateway to the primary VPNC gateway. 11. The system of claim 10 , wherein the instructions are executable on the hardware processor to dynamically monitor a health of each of the plurality of VPNC gateways. 12. The system of claim 11 , wherein the instructions are executable on the hardware processor to dynamically assess whether the primary VPNC gateway is healthy or not healthy based on the monitored health. 13. The system of claim 10 , wherein the data center at which the service is provided is a first data center, and wherein the instructions are executable on the hardware processor to: based on the determination that the service is not healthy and based on the determination that the first user has the non-critical ranking and the first device is a new client device, dynamically select the secondary VPNC gateway that is in a second data center different from the first data center. 14. The system of claim 10 , wherein the instructions are executable on the hardware processor to: assign a ranking to a user of the users based on a user score computed according to a behavior of the user on the network, the user score computed based on one or more factors comprising: a location of the user, a bandwidth consumed by an