Branches are where business is increasingly done today. High real-estate costs, workplace flexibility, and the requirement to cover a growing geographical area is driving the need for business-class experiences—regardless of where a user connects. IT organizations are now challenged with quickly modernizing their branch environments to provide the user experience, app performance, and security needed to meet evolving business goals.
For retail stores, hotels, healthcare clinics, and other distributed organizations, these new demands mean that IT teams must have the ability to centrally manage the onboarding of new LAN and WAN infrastructure. Most distributed enterprises have few (or no) technical staff in the branch. Nor do they have the budget flexibility to send someone onsite. Regardless, they need to deliver business-class experiences everywhere, while lowering the cost of deployment and ongoing services.
Lastly, the growing use of mobile and IoT devices within the branch demands a holistic approach for how security policies are applied and enforced for users and devices. The geographically distributed nature of the branch makes it challenging to see what is being connected, protect the branch from external and internal threats, and if needed, remove unwanted devices or users from the network.
To help organizations enhance the branch experience and to make IT more agile, Aruba has introduced our Software-Defined Branch (SD-Branch) solution, a full-stack approach for managing a branch in today’s digital era. Our new solution combines Aruba’s industry leading wireless and wired solutions, a new portfolio of Branch Gateways for WAN deployments, and a comprehensive security model that includes built-in infrastructure features, Aruba ClearPass, and best-of-breed cloud unified threat management (UTM) partnerships.
The advantages of our SD-Branch solution are deployment and management simplicity, integrated security and policy management from the LAN to WAN, and an optimized experience that benefits end users and the applications they use. Organizations can effectively enforce how IoT and other devices connect, what they can communicate with, and how their traffic is segmented.
The SD-WAN migration
As organizations deploy software-defined WAN (SD-WAN) solutions, to augment or replace MPLS circuits, they gain the flexibility to leverage broadband circuits, improve agility, and reduce expenses. With the addition of the Aruba Branch Gateways, enterprise IT can centrally manage their wired, wireless and WAN infrastructure from a single pane of glass.
Aruba’s SD-Branch gateways also include a built-in policy application and user-aware firewall, dynamic segmentation, and the ability to tunnel to third-party cloud UTMs. This enables IT organizations to leverage one consistent approach for enforcement and monitoring of all traffic, regardless of how someone or something connects. Transport independence and intelligent application optimization features ensure a high level of performance.
The business outcomes and savings for moving to an SD-WAN model for the branch can be dramatic. It’s a fraction of the cost of MPLS, creates additional cost savings by reducing the reliance on expensive links, and overall, delivers performance benefits without sacrificing reliability or security.
An optimized branch experience
With LAN, WAN, and security solutions that work together, performance and user and device context are no longer opposing principles, but rather, a way to deliver the best possible experiences. We believe that by leveraging contextual data regarding who and what is connected to the LAN helps make granular decisions for how to handle the traffic that goes into and out of the branch as well.
With Aruba’s role-based access features, IT organizations can easily separate policy enforcement from the topology layer. This simplifies how quality of service (QoS) and security policies are applied and enforced for all branches, so users and devices receive a consistent experience, regardless of location.
Features within the Branch Gateways, such as policy-based routing and dynamic path steering, can now leverage this contextual data to dynamically route traffic across the WAN based on user, device, or group affiliation. Retail organizations can easily prioritize point-of-sale (PoS) system and video traffic versus guest traffic. Hotels can prioritize the voice traffic for anyone involved with customer service.
A unique advantage
We believe that the integration of the LAN and WAN infrastructure provides our customers with a unique advantage for how a branch network is deployed and managed in the digital era. With the launch of Aruba’s SD-Branch solution, we’re delivering more than what is possible with solutions that include separate SD-WAN offerings that cannot leverage valuable user and device context and are managed separately.
The amazing part of this journey is that the integration and use of granular contextual data for policy enforcement is just the start. As we go forward, imagine the possibilities. Insights from this same contextual data can be used to proactively identify network and security issues, sends alerts to the IT team, and in some cases, automatically adjust the network for changing performance demands and security threats.
