Are your branch offices ready for today’s cloud-hosted applications?

By Keerti Melkote, Blog Contributor
Share Post

With the increased shift to mobile and cloud hosted apps, todays #GenMobile users expect connectivity from anywhere. In fact, the expectation is changing how branch offices are connected to corporate environments. The goal is to use enterprise internal and cloud apps that access sensitive and non-sensitive data from anywhere with confidence.

As employees accessed Salesforce, Workday, Oracle, and other SaaS applications, that traffic traditionally traveled across the WAN to your data center, which then passed to the cloud through a firewall. The increased use of SaaS apps has put a stress on the WAN that's connecting branch offices, forcing the bandwidth crunch to be addressed with new ways of thinking.

This is why many organizations are supplementing their MPLS and T1 access networks in the branch with business broadband or 4G/LTE wireless. Besides cost savings, another advantage is timely provisioning—unlike legacy circuits, which can take weeks or months.

The other shift is to enable a secure local Internet connection, which would allow for cloud destined traffic to flow directly from the branch to the cloud provider. This addresses multiple factors—users get faster response times from cloud apps, only data destined for the data center will need to traverse the traditional WAN link, and business broadband Internet being cheaper than MPLS links allows lower WAN costs.

Reaping these benefits can only happen if your branch offices have secure WAN connections and traffic inspection, regardless of the destination. In the past, adding a firewall to each and every branch location was the model but it often led to complexity, cost and management overhead, making it impractical for most organizations.

At Aruba, we are addressing this challenge by leveraging the built-in deep packet inspection engine to point not only to the users on the LAN but turn it around and face the WAN. By doing this, you get to leverage a single device for LAN and WAN traffic policies. Using this approach would allow for IT to deploy LAN equipment that includes the ability to set policies for what types of traffic goes straight to the cloud service, and what goes back to your data center.

Further, we have partnered with Palo Alto Networks to allow an Aruba branch controller to setup an IPSEC tunnel to a Palo Alto Firewall using the GlobalProtect technology. With this integration, the need for a firewall in every branch goes away as all traffic destined for the data center is automatically tunneled and inspected for malware and other anomalies. One deployment option that opens up in this scenario is to allow enterprise subscription to SaaS providers such as Salesforce, Workday, or Box, so that users can directly connect to these services from the branch office, while other services can still be accessed through the corporate firewall as usual. The point is that you can determine by policy how to process the traffic for different types of applications and services.

Besides security, there is also QoS policies that affect user experience. Again, here it is important to be able to take advantage of all available WAN capacity and intelligently direct traffic down the best links based on application/service needs. We are innovating here to allow for diverse path routing and load balancing to ensure optimal user experience for business-critical applications.

Another huge challenge with branch deployments is the provisioning aspect. We have innovated here to enable secure, zero-touch provisioning for the branch controller over the Internet. This dramatically simplifies roll-outs and lowers the TCO and training needs for staff at the branch sites. This also brings the branch office into the modern era with automation that IT organizations are already familiar with in their wireless deployments.

We are hopeful that these new tools give you the ability to provide your customers in your stores, restaurants, hotels or corporate branches with required services and security safeguards regardless of device type—personal and IT managed devices—and traffic type. All this, with the confidence that standards and cost savings are being met with the ability to quickly meet shifting business demands.

That's it for branch offices for 2015.

I hope 2015 has been a wonderful and fulfilling year for all of you – both personally and professionally. I wish you all a happy holiday season and best wishes for a fantastic new year ahead.

Looking forward to innovating with you in 2016 and beyond.