Starting May 2, 2024, find new blogs on HPE Community. Questions? Contact us

Go to new blog site

HPE Aruba Networking Blogs

SD-WAN is Critical for IoT

By Karan Singh Dagar, Product Marketing Manager, Aruba

The Internet of Things (IoT) is everywhere, and its use is growing fast. Local governments use IoT to build smart cities and to create intelligent businesses. Industry analysts estimate that over 30 billion IoT devices will be connected worldwide by 2025, a sharp jump from the 13.8 billion units in 2021*.

Manufacturing companies have the highest IoT spend to date of industries while the health care market continues to experience the highest IoT growth. The promise of analytical data insights to yield greater efficiencies and enhanced customer satisfaction fuels IoT growth. The top use cases driving IoT growth are self-optimizing production, predictive maintenance, and automated inventory management.

From a high-level view, IoT includes sensors that collect and transmit data (i.e., temperature, speed, humidity, video feed, pressure, IR, proximity) from "things" like cars, trucks, machines, etc., connected over the internet. Data collected is then analyzed, translating raw data into actionable information. Businesses can then act on this information. And at more advanced levels, machine learning and AI algorithms learn and adapt to this data and automatically respond at a system level.

This massive amount of IoT data continues to drive an exponential increase in traffic on the network infrastructure requiring enormous scalability. Vast amounts of data need tremendous processing power to mine and transform it into actionable intelligence. In parallel, more robust security measures need to be in place due to potentially more entry points onto the network. Lastly, management of the overall infrastructure requires better orchestration of policies and means to streamline ongoing operations.

How does SD-WAN enable IoT business initiatives?

 There are three key elements that an SD-WAN platform must include:

  1. Visibility: Real-time visibility into the network is critical. It takes the guesswork out of rapid problem resolution, enabling organizations to run more efficiently by accelerating troubleshooting and applying preventive measures. Furthermore, a CIO can pull metrics and see bandwidth consumed by any IoT application.
  2. Security: IoT traffic must be isolated from other application traffic. IT must prevent the possible attack surface exposed to IoT device traffic. Also, enterprises must embrace Role-Based Access Control (RBAC) to augment application intelligence with the user and device identity and role information for stronger security policy enforcement.
  3. Agility: With the increased number of connected devices, applications, and users, a comprehensive, intelligent, and centralized orchestration approach that continuously adapts to deliver the best experience to the business and users is critical to success.

Key Aruba EdgeConnect SD-WAN capabilities for IoT

  1. Aruba has an embedded real-time visibility engine allowing IT to gain complete observability into the performance attributes of the network and applications in real-time. The Aruba EdgeConnect SD-WAN appliances deployed in branch offices send information to the centralized Aruba Orchestrator. Orchestrator collects the data and presents it in a comprehensive management dashboard via customizable widgets. These widgets provide a wealth of operational data, including a health heatmap for every SD-WAN appliance deployed, flow counts, active tunnels, logical topologies, top talkers, alarms, bandwidth consumed by each application and location, latency, and jitter, and much more. Furthermore, the platform maintains weeks' worth of data with context, allowing IT to playback and see what has transpired at a specific time and location, like a DVR.
  2. The second set of critical capabilities center around security and centrally orchestrated end-to-end segmentation. Aruba ClearPass integration with the Aruba EdgeConnect SD-WAN edge platform augments application intelligence with the user and device identity and role information. The additional identity-based context enables fine-grained segmentation and consistent security policy enforcement that can be enforced network-wide, from the edge to the cloud, while also accelerating troubleshooting and problem resolution. With the combination of Aruba ClearPass and EdgeConnect, customers can segment IoT device traffic at the network edge and isolate it from other traffic in the network. This new layer of context enables fine-grained segmentation without the complexity of managing multiple VLANs. For instance, a fine-grained segmentation policy can prevent IoT security cameras from accessing credit card transactions or HVAC systems. E2E segmentation helps enterprises isolate potential security threats by device type, role, and application while assisting them in meeting industry compliance requirements such as PCI, HIPAA, and SOX.
  3. Aruba EdgeConnect employs machine learning at the global level where with internet sensors and third-party sensors feed into the cloud portal software. The software tracks the geolocation of all IP addresses and IP reputation, distributing signals down to the Aruba Orchestrator running in each individual customer’s enterprise. In turn, it is speaking to the edge devices sitting in the branch offices. There, distributed learning is done by looking at the first packet, making an inference based on the first packet what the application is. So, if seeing that 100 times now, every time packets come from that IP address and turns out to be an IoT, we can make an inference that IP belongs to IoT application. In parallel, we’re using a mix of traditional techniques to validate the identification of the application. All this combined other multi-level intelligence enables simple and automated policy orchestration across many devices and applications.

SD-WAN plays a foundational role as businesses continue to embrace IoT. However, choosing the right SD-WAN platform is even more critical to optimize companies' operations fully.

* Source: Statista

Related Resources:

  1. Zero Trust, UTM, and Best-of-Breed SASE – Without Compromise!
  2. Centrally Orchestrated End-to-End Segmentation
  3. Not all SD-WANs are created equal