HPE Aruba Networking Blogs

Aruba EdgeConnect SD-WAN: The next generation of network connectivity

By Karan Singh Dagar, Product Marketing Manager, Aruba

Some companies are closing shop for their SD-WAN platforms and will no longer sell their SD-WAN products in the marketplace. As many have expressed on Reddit, this news has caused significant distress and unease among their customers, many of whom had grown to appreciate and rely on their technologies. Although change can be difficult to maneuver, it can ultimately be highly rewarding.

Must-haves for a modern secure SD-WAN

When evaluating different SD-WAN options, it’s important to consider industry leaders with proven track records and easy-to-use solutions that fit your use case. A common use case for SD-WAN platforms is to improve the performance of critical business applications such as Microsoft 365. The Aruba EdgeConnect SD-WAN has been independently tested and certified to support the Microsoft 365 Connectivity Principles. It provides reliable connections directly from branch office locations to the nearest Microsoft 365 front door. This local breakout provides the lowest latency and results in the highest application quality of experience for end users.

It is also important to consider the capability of identifying applications on the first packet, as it can greatly enhance the efficiency and optimization of traffic management within your network. Aruba’s First-packet iQ identifies more than 10,000 applications and more than 300 million web domains. This enables granular and secure breakout of internet bound traffic to the correct path based on application-driven business and security policies. This eliminates the potential for wasted bandwidth and performance bottlenecks for trusted SaaS and web traffic. Trusted traffic gets treated appropriately while questionable traffic is automatically sent to cloud security provider or more robust security appliances in accordance with corporate security policies.

Figure 1: Secure local internet breakout delivers highest quality of experience with reduced risk.

Figure 1: Secure local internet breakout delivers highest quality of experience with reduced risk.

Overcoming security threats with an advanced, secure SD-WAN

Today, most businesses use SaaS and applications hosted in the public cloud that reside outside the enterprise network perimeter. The explosion of mobile and IoT devices in the enterprise has dramatically increased the attack surface, exposing enterprises to security breaches that can compromise data and result in network downtime. To tackle growing security challenges emerging due to cloud migration and a dissolving security perimeter, enterprises need an advanced, secure SD-WAN that has built-in security versus a bolt-on security. Advanced SD-WAN platforms support many critical functions other than SD-WAN such as built-in next-generation firewall (L7), IDS/IPS, DDoS defense, fine-grained segmentation, routing, and WAN Optimization. EdgeConnect SD-WAN supports all these features in a single unified platform enabling customers to retire legacy platforms such as branch firewalls and routers to simplify branch architecture and streamline management.

With the shift of apps to the cloud, it makes sense to move security to the cloud because security needs to be close to the application and even closer to the user to minimize the impact on performance. In 2019, Gartner® coined the term SASE, which combines modern SD-WAN capabilities with necessary cloud security capabilities (aka security service edge or SSE). SASE brings a more secure and flexible way to perform advanced security inspection directly in the cloud instead of backhauling application traffic to a data center before forwarding it to the cloud.

Figure 2: SASE combines advanced SD-WAN capabilities with SSE.

Figure 2: SASE combines advanced SD-WAN capabilities with SSE.

When implementing a SASE architecture, customers can choose from a single vendor SASE that offers all-in-one networking and security or a dual vendor SASE that provides freedom and flexibility. A single vendor SASE offers less complexity by bringing all the different technologies under one vendor. In our industry, we have seen a shift to single vendor SASE, and even Gartner predicts that “Through 2024, more than 60% of organizations will opt for a dual-vendor approach to their SASE initiatives, down from more than 80% in early 2022.”

For organizations choosing a dual vendor SASE, an SD-WAN that offers seamless integration with multiple cloud security vendors is ideal since it reduces the complexity of rolling out changes across various technologies. Architecting a SASE solution can seem daunting at first, and in most cases, it will be a journey for many customers that will unfold over a few years. Whether selecting a single vendor or dual vendor SASE, one thing is certain: customers need a modern SD-WAN that offers both options for the future.

Aruba provides a comprehensive edge to cloud security, including SSE, with the recent Axis Security acquisition for a single vendor SASE. Aruba also offers a dual vendor SASE option by seamlessly integrating with leading cloud security vendors such as Zscaler, Netskope, Checkpoint, McAfee, Lookout, Palo Alto Networks, and Symantec.

Figure 3: Architecting a single vendor or a dual vendor SASE with Aruba EdgeConnect

Figure 3: Architecting a single vendor or a dual vendor SASE with Aruba EdgeConnect.

Securing IoT devices with Zero Trust Segmentation

We have also seen a rapid proliferation of IoT devices in our industry. IoT devices make business more efficient, but they also increase the security challenges. Traditional methods using VLANs do not scale with the growing needs of the business and seem to solve the problem only temporarily. So, customers need an automated solution to secure IoT devices. Aruba ClearPass integration with EdgeConnect SD-WAN augments application intelligence with user and device identity and role-based context, enabling zero trust segmentation. This additional identity-based context enables consistent security policy enforcement enterprise wide, from edge to cloud.

With ClearPass, the network can identify and segment user and IoT device traffic at the network edge and isolate it from other traffic in the network. This new layer of context enables fine-grained segmentation without the complexity of managing multiple VLANs. For example, a Zero Trust segmentation policy can prevent IoT security cameras from accessing credit card transactions or HVAC systems. Zero Trust segmentation helps enterprises isolate any potential security threats by device type, role, and application while helping them meet industry compliance requirements such as PCI, HIPAA, and SOX.

Figure 4: Zero trust segmentation ensures that users and IoT devices can only communicate with destinations consistent with their role in the organization.

Figure 4: Zero trust segmentation ensures that users and IoT devices can only communicate with destinations consistent with their role in the organization.

When choosing an SD-WAN, it's also equally important to pick a solution that is easy to understand and quick to use. Aruba EdgeConnect SD-WAN platform is an industry-leading SD-WAN solution that continues to solve WAN challenges for many customers. It's an option worth exploring! Aruba offers free peak performance workshops where users can play with the product, see how easy it is, and test some common SD-WAN use cases. I highly recommend using these free peak performance workshops to learn the capabilities of EdgeConnect SD-WAN and play with it.

For customers looking to centrally automate the deployment, management, and operation of wired, wireless, WAN, and security infrastructure under a single, software-defined framework, Aruba EdgeConnect SD-Branch is an excellent option. SD-Branch is centrally managed from the cloud via Aruba Central that provides single-pane-of-glass unified infrastructure management, AIOps, security, and reporting simplifying the management and operations within each branch location, as well as connectivity across the WAN.

For more details please refer to Aruba EdgeConnect SD-WAN solution overview.