SD-Branch Takes the Pain Out of Connecting a Distributed Enterprise

By Dave Chen, Senior Product Marketing Manager
Share Post

A retailer is planning to open pop-up stores to generate buzz among influencers and engage consumers in fun new ways. The business plan calls for a dozen pop-ups across the U.S. every two weeks for the next eight months. The business plan hits a big snag when the IT department gets wind of it. The network infrastructure team simply can’t set up so many new locations so fast. The business team is frustrated that IT has, once again, said no. That frustration is what fuels shadow IT.

Branch Networking is Too Hard
Connecting hundreds – or thousands – of sites takes too much work. It’s weeks of careful planning. Once all the equipment is shipped out, a network technician is required at each location. It may take several days to set up all the wireless access points, controllers, wired switches and firewalls. A working knowledge of SSIDs, VLANs, 802.1X and other network intricacies is essential. Manual and time-consuming configuration leads to inevitable human error. Not to mention that it can take weeks to get a service provider to provision the WAN connections.

To complicate matters, the network architecture for branch offices was codified long before cloud and IoT. With cloud and SaaS, hauling everything from the branch to the data center and then to the cloud is inefficient and makes application performance unpredictable.

Retailers, hotels and other distributed enterprises have an increasing number and variety of IoT devices like surveillance cameras, mobile payment systems, environmental sensors and digital signage. It’s been proven time and again that IoT device security is weak, so IT needs to step up security to protect the business.

What is SD-Branch?
Over the last several years, software defined networking (SDN) has brought much needed innovation with SD-WAN, but doesn’t address the overall branch experience. With Software Defined Branch (SD-Branch), Aruba is taking innovation to the next level. Aruba’s SD-Branch solution simplifies branch networking at enterprise scale. Aruba takes a holistic approach, unifying policies and making it easier to deliver services and enact security controls to branches across wide area networks.

SD-Branch means a better user experience and less IT hassle. The network no longer stands in the way of a retailer’s plans to open pop-up stores. Or a healthcare provider that wants to open up new urgent care locations or onboard a newly acquired physician group. Or a hotel brand that wants to give guests a more home-like experience and save energy with environmental controls managed by a third-party vendor.

Simplicity at Enterprise Scale
The Aruba SD-Branch solution vastly simplifies network management and provisioning, making it faster and easier to connect hundreds – or thousands – of sites.

A technician from your local consultant – or anyone who can use a mobile app – can get the network set up quickly and easily. They simply unpack the branch gateway, APs, and switches, and plug them all in. Then they open the Aruba Installer app on their phone or tablet and scan the barcode on each of these network devices. With cloud-based zero-touch provisioning, network setup is on autopilot. The SD-WAN, wired and wireless networks are configured.

Ahead of time, the central IT team sets up the configuration templates and context-aware policies through Aruba Central cloud-based management. IT can use Aruba Central as a single pane of glass to simplify and automate network deployment, configuration, visibility and onboarding of SD-WAN, WLAN, and LAN in the branch.

Optimized Branch Experience
Context-aware policies ensure that users and devices have the best possible experience based on the applications used and business requirements. Policies are configured centrally by IT, and are pushed out to each site to offer a differentiated experience for employees, guests and IoT devices – connected via wireless or wired.

To inform that branch experience, the network feeds back granular intelligence about user roles, device types, applications and WAN health metrics. The network proactively makes quality of service and routing decisions based on multiple sources of network context and by monitoring application health in real time.

That allows a hotel chain, for example, to give a guest’s iPad streaming Netflix a higher priority over the hotel’s primary broadband connection, but if the broadband quality degrades, the traffic can be automatically moved to a secondary active link. Or it can ensure that all back-of-house traffic goes through the private MPLS connection to assure consistent service levels and the highest protection.

We can further optimize the branch experience with our new Cape Networks solution. Cape’s cloud-managed sensors monitor application performance from an end-user’s perspective and feed real-time data into a centralized dashboards, so IT managers know about problems before the helpdesk phones start ringing. IT has visibility into mission-critical applications and issues such as poorly performing WAN links or outages and can reconfigure policies to respond.

Integrated Security

Aruba ClearPass, as part of the 360 Secure Fabric, maintains context-aware policies for all user and IoT devices, as well as those used by guests and contractors across distributed enterprises. Branch gateways gain this context and then act as the enforcement point for traffic over the WAN and within the branch itself by segmenting traffic.

That means, for example, surveillance cameras at all of a hotel’s properties can be governed by  a consistent policy. If an attacker hijacks a camera, the suspicious behavior will be identified and the attack can be stopped before it spreads to other devices or across the enterprise. Or a quick-serve restaurant can install smart ovens with confidence, reaping the benefits of predictive maintenance alerts while mitigating the risk of the corporate network being breached through a third party vendor.

With SD-Branch, enterprises also can take advantage of network segmentation to further enhance security and assure the user experience. With dynamic segmentation, we are taking what we did with APs and controllers and bringing them to Aruba switches to bring them under a single, consistent management and policy domain. It doesn’t matter how a device connects – the appropriate policies are applied.

Aruba’s SD-Branch solution integrates with other best-in-class security solutions, including Zscaler,Check Point and Palo Alto Networks for cloud-based firewall, sandboxing and SSL inspection.

Ready for the Digital Workplace
For retailers, hotels and other distributed enterprises, Aruba’s SD-Branch solution simplifies IT while delivering a better user experience.

Now, when a retailer wants to open dozens of pop-ups in a few weeks, the network can be set up in hours, not days or weeks. And with IT as strong partner of the business, the marketing team can focus on getting loyal customers and influencers to share their brand experiences on Instagram – and drive in-store and online sales.

Learn more about Aruba's SD-Branch solution.