Imagine a scenario where guests in a hotel are streaming Netflix from the comfort of their rooms and the hotel’s WAN link suddenly degrades. The video stream gets choppy or even freezes, which leads to frustrated guests. And at the same time, the front desk staff can’t access the reservation system, so the guests attempting to check in are annoyed.
Unfortunately, the perception of the hotel is overshadowed by the poor digital experiences.
Now let’s look at that scenario with a more preferable outcome: What if the hotel’s network “detected” the sudden drop in WAN quality on the link in use for the Netflix traffic, and automatically did two things: First, switched guests’ streaming Netflix traffic to a secondary broadband Internet connection, and second, prioritized the reservation system traffic so that new guests were not impacted.
Understanding how the WAN links are performing, as well as utilizing context about users and devices in the second scenario is the difference. A software-defined branch (or SD-Branch) built on Aruba’s wireless, wired and new Branch Gateways with integrated SD-WAN is designed to leverage context from the LAN and automatically enforce WAN changes via the gateway that enhances the experience for users and devices.
Contextual awareness is the key
In the past, available LAN context was primarily gleaned from packet headers and the goal was to get traffic from point A to point B. While useful, it’s not very effective when attempting to differentiate to a greater degree. Today you have the ability to leverage granular data about users, device types, location, and authorization privileges.
For the WAN, gateways leverage a few types of contextual data, such as IP prefix reachability information that may be learned from a centralized controller, the state of WAN derived from probe data, and application identity learned from fingerprinting application flows. This context is then used to match an application flow to the most suitable path.
Where the SD-Branch offers significant value is in the ability to use LAN and authorization context to address WAN decisions. In addition to the context mentioned above, other sources include the identity of the user associated with a flow, the role assigned to that user, and the reputation of the destination URL that an HTTP flow is accessing.
This increased amount of available context is what enables Aruba to simplify how IT orchestrates policy decisions and delivers an improved user experience in the branch.
Automated policy enforcement
The ability to use the Branch Gateway as a central policy enforcement point makes it easy to implement and create scenarios that have an impactful outcome, like in the scenario previously described. Another advantage is the ability to centrally makes changes to how gateways in multiple locations handle specific applications, users or devices.
Context and policy automation can also help organizations shift to a prognostic maintenance model rather than one based on periodic touchpoints. For instance, grocery stores and pharmacies can monitor their refrigeration systems over the Internet to help predict when they will need maintenance, rather than waiting until a worn-out door gasket causes the loss of food or medications.
It would be simple to ensure that traffic from the refrigeration systems are prioritized, and ensure that monitoring systems receive the traffic, even during peak shopping periods.
The growing case for the SD-Branch
The evolution of granular decision making has been paced by the need to keep up with the growing use of mobility, cloud applications, and IoT. Many of these newly-networked IoT devices are built by vendors that are new to networking and in many instances ship devices with immature, insecure software stacks.
Context gathered from everything in the branch and a way to centrally apply policies is critical to maintaining connectivity and service levels in today’s digital era. Each component of the Aruba SD-Branch solution is built to share, leverage and enhance the experience in your remote locations, while simplifying how IT manages and enforces policy decisions.
