Aruba Software-Defined Branch (SD-Branch)

Main articles:

• IT Service Management (ITSM)
• SD-WAN (Software Defined) the Program defined WAN network

2021: Integration with Silver Peak Unity EdgeConnect

On January 13, 2021, Aruba the company Hewlett Packard Enterprise announced the emerging capabilities of its portfolio, SD-WAN which includes the Aruba SD-Branch solution and recently acquired solutions Silver Peak Unity EdgeConnect designed to centrally monitor, manage and automate branch office connectivity (AWS Amazon Web Services). Integration Aruba SD-WAN cloudy solutions with AWS Transit Gateway Connect significantly simplify network operation and management, and enable customers to private clouds Amazon to apply quality of service and security policies to all branch offices when connecting to a virtual (Amazon VPC). Thanks to this, branch users get stable performance and high quality of service.

As companies seek to upgrade their networks to meet the growing need to connect distributed offices, mobile users Internet , and things devices (), IoT they need an easy way to implement, manage, and monitor branch office networks across regions. A way to ensure security, compliance, and application availability. AWS Transit Gateway Connect offers tighter and more optimized integration among Aruba SD-WAN solutions, resulting in faster implementation, lower operating costs, and easy access to performance metrics and telemetry to data networks.

By exploring AWS connectivity, enterprises see a large set of options which allows them to make a balanced choice depending on the types of applications used and the location of users, says Mayumi Hiramatsu, vice president of Amazon EC2 Networking at Amazon Web Services, Inc. - The announcement of the integration of Aruba with AWS Transit Gateway Connect was a continuation of Aruba's teamwork on optimizing IT solutions, which will now allow our common customers to focus on business growth and digital transformation in the cloud age.

Speed, security and simplicity are some of the features of Aruba solutions integrated with AWS Transit Gateway. The capabilities of this AWS solution provide the following capabilities:

• Allows IT departments to do more at a lower cost: Because AWS Transit Gateway Connect automatically connects branch offices to the nearest AWS Transit Gateway, IT teams no longer need to manually configure routing for individual VPCs (virtual private cloud), which increases flexibility in traffic and workflow management. As a result, users get better performance and application availability, and ultimately increase productivity.
• Branch Office Automatic Cloud Connectivity: Enterprise-class SD-WAN features, automation, and orchestration ensure consistent VPC operation when using the AWS Transit Gateway as a hub, saving time and resources. In addition, the AWS Transit Gateway serves as a link between clouds in the AWS wide area network, allowing you to combine Amazon virtual private clouds located in different AWS regions, and also optimizes the "middle mile" for connecting branches.
• Reduce branch network configuration time with lifecycle workflows and improved transparency: Aruba virtual gateways and Silver Peak Unity EdgeConnect virtual devices, combined with centralized SD-WAN orchestration, allow customers to easily extend SD-WAN to AWS.

The acquisition of Aruba by Silver Peak provided additional opportunities in early 2021 for customers who are exploring ways to transition to cloud architecture or are already in the process. Silver Peak Unity EdgeConnect SD-WAN also integrates with AWS Transit Gateway Network Manager, allowing network administrators to create a single consolidated global view of all sites and connections between AWS and local systems. This allows you to get complete visibility of all changes and events in the network, as well as telemetry data about the state of the network infrastructure to ensure a high quality of service to users.

Businesses need speed, flexibility, and simplicity at different levels to adapt to rapidly changing business needs. And many see a solution in the cloud, "says Alan Vekel, founder and lead analyst at 650 Group. - Aruba's ongoing collaboration with AWS - and now with Silver Peak - opens up prospects for AWS customers who want to take advantage of the expanded capabilities of the cloud. At the same time, they will be able to provide themselves with secure, high-performance branch office connectivity at the same time, without any difficulties typically associated with launching and managing multiple geographically spaced VPCs.

2020: Support for Zero Trust Security Model, SD-WAN Orchestrator Improvement

On February 5, 2020, Hewlett Packard Enterprise announced the next stage in the development of its Aruba SD-Branch solution, which provides easier and safer deployment and management of large distributed networks.

According to the developer, the SD-Branch solution from Aruba is an important component of the Edge-to-Cloud strategy, which combines the Aruba Branch Gateway with the Aruba Central cloud management system, providing a single point of control and control for SD-WAN, wired and wireless networks, guaranteeing secure operation and simplified branch office connectivity on any scale.

Changes include:

• Advanced features provide safety Zero Trust-based in-store networks with attacks account discovery and. data prevention of invasions
• Improve the SD-WAN orchestrator at Aruba Central to manage the system from the network edge to the cloud and securely connect to cloud workloads.
• Branch Gateways provide continuous connectivity with built-in cellular connectivity, including LTE.

As noted in Aruba, IT departments of retailers have a very difficult task - to carry out a digital transformation at offline points of sale and make the store "the main platform for interaction with customers" in order to compete with online stores and marketplaces. To do this, they use next-generation technologies with the ability to provide personalized interaction and immersive experience, but they lack technical specialists in the field. Therefore, IT professionals responsible for connection, network security, and point-of-sale network management will have to reconsider their views on branch network architecture. To improve operations and address IT shortages, you need a unified architecture from the edge of the network to the cloud that automates and protects LAN, WAN, and cloud operations.

"Aruba's SD-Branch solution provides a robust platform for a secure, easy-to-deploy, centrally managed infrastructure. We can identify customers by mobile phone and interact more effectively with them by offering personalized service and a new approach to shopping, " noted by Stewart Ebrat, Director at to information technologies Vera Wang

Retailers are introducing modern technologies, such as mobile services and the Internet of Things, to improve the quality of customer service. But at the same time, they face new security threats and an increase in the number of attacks. Traditional security practices are simply not designed to protect against new threats. Therefore, many IT departments are moving to the Zero Trust security model - an architecture that does not trust anyone on or off the network.

The Zero Trust security model includes elements such as policy management, the ability to dynamically segment traffic by ID and role, and continuous monitoring of security state changes with real-time access policy adjustments. In addition, IT departments can use the Secure Access Service Edge (SASE), which combines network security features with WAN capabilities to support dynamic secure access, Aruba says.

Aruba supports the Zero Trust model in role-based access control technology, as well as dynamic segmentation, which provides a single software-defined microsegmentation for branch and campus networks to isolate users, devices applications , and each other depending on the role, rather than the type or location of the network connection. Aruba complements the integrated branch office security (intrusion detection and prevention IDS/) capabilities IPS with are integrated ClearPass firewall Aruba's Policy Manager and Policy Enforcement Firewall network security. Using role-based access, Aruba introduces identity-based detection into the traditional intrusion detection and prevention system, so that security professionals can focus on meaningful alerts.

The comprehensive protection offered by Aruba also includes the following components:

• Easy integration with cloud security solutions
• Threat details and trend analysis
• Correlating security events with nodes, clients, applications, and network infrastructure
• ready policies for the application of rules and incident response;
• Direct transmission of security event data to third-party security information and event management (SIEM) systems
• ClearPass Policy Manager to develop and distribute a global access policy.

According to the developer, the comprehensive store and branch protection offered by Aruba provides a complete solution for security and connections in retail stores, providing protection against numerous threats, including phishing, denial of service (DoS) and increasingly common attacks using ransomware.

The use of SaaS and virtual private clouds continue to gain popularity. As a result, it becomes more difficult to maintain security and control data, traffic, and user access to the cloud. Aruba includes the cloud in the Zero Trust security model with the enhanced SD-WAN orchestrator at Aruba Central to make it easier for branch network operators to deploy flexible and secure overlay networks in a large-scale infrastructure, securely connecting thousands of remote offices to applications in the data center and cloud.

Virtual Aruba Virtual Gateways (available for AWS and) Azure , combined with orchestration, allow you to extend network and security policies to workloads in without unnecessary waste, and the public cloud traffic prioritization feature SaaS Express continuously collects data from the field for hosting applications SaaS to ensure application performance, the developer emphasized.

To ensure high-quality customer service, retailers need a highly reliable network infrastructure as a basis for digital transformation. The built-in LTE modem in Aruba 9004 Media Gateways allows you to use this connection as a primary or standby connection or in active/active mode with load sharing with other broadband channels. To control costs, retailers can selectively use the cellular channel for some applications in either mode.

Built-in cellular connectivity gives retailers a reliable, high-performance backup connection with fast failover and centralized management. IT professionals can configure and optimize connections by defining SLA policies in various channel combinations: MPLS, Internet and cellular networks with dynamic real-time route management and the ability to choose a priority cellular channel. Cellular communications can also be used in remote stores or to accelerate the opening of new stores in which an agreement has not yet been concluded with the provider for MPLS or Internet connection, Aruba noted.

"With SD-Branch, retailers" IT departments can more easily meet the challenges of connecting stores and branch offices, managing WAN and LAN networks in a single way, as well as security. The presented developments extend the SD-Branch solution from Aruba and provide more opportunities for network administrators, offering integrated in-store security features, orchestration of workloads in the public cloud, and the fault tolerance required for uninterrupted operation. " noted Kishore Seshadri, Vice President and CEO of SD-WAN in Aruba, Hewlett Packard Enterprise

2018: Solution Release

On August 8, 2018, the company Hewlett Packard Enterprise introduced Aruba Software-Defined the Branch (SD-Branch) solution, which uses an approach that allows customers to modernize branch networks for the introduction cloudy of mobile technologies and. Internet of things Integrating a SD-WAN cloud-based solution with wired and wireless networking products protected by context-sensitive policies provides IT with additional capabilities to support and improve network availability and application performance. It also reduces the time spent on network management, operations and capital costs.

SD-Branch integrates Aruba Branch Gateways with the advanced Aruba Central cloud management platform to provide a single point of management for SD-WAN, wired and wireless networks with the ability to implement the necessary policies and provide a secure and easy expansion of the branch network. This unified solution, according to the developer, has an advantage over traditional SD-WAN products by reducing the number of devices, streamlining the deployment of distributed infrastructures on a large scale and reducing the cost of customers connecting branch networks to the WAN.

With cloud management, you can remotely centrally configure and manage wired and wireless connections in your branch office network, as well as WAN channels and Internet connections through the SD-WAN infrastructure. Thus, the IT organization can implement services remotely.

Hewlett Packard Enterprise noted that the security tools from Aruba allow you to set and automate detailed policies both within the branch and global network. Aruba partners in the Aruba 360 Security Exchange ecosystem provide cloud-based firewall and attack protection services to their customers.

Prioritization based on context-sensitive application, user, and device data enables you to provide branch network and WAN QoS for mobile cloud computing SaaS unified communications (Mobile UC) and other remote applications. This simplifies the configuration of routing LAN and WAN traffic inside and outside branch networks, which ensures high quality of communication for all users, the developer claims.

The Aruba SD-Branch solution enables IT organizations to manage a large number of branch offices with less staff, while taking a unified approach to security and policy compliance across all sites. With integrated and centralized management and the elimination of MPLS connections, organizations can save up to 75% compared to the traditional approach to deploying networks, according to Hewlett Packard Enterprise.

According to the developer's statement, Aruba Central has SD-WAN support, which provides automatic configuration, monitoring and simple troubleshooting tools. The Aruba Zero Touch Provisioning (ZTP) solution and a mobile application with a convenient and understandable interface for automatic device configuration allows branch employees without technical knowledge to connect the necessary equipment, without on-site configuration and the cost of visiting specialists.

The user and device analysis capabilities of Aruba enable uniform user role-based policies in local area network (LAN) and wide area network (WAN) networks. The Aruba ClearPass Policy Management solution simplifies and automates the enforcement of policies at different levels of network access and individual applications, so you don't need to manually configure them.

All network traffic inside the branch can be redirected to the Aruba Branch Gateway for in-depth packet inspection (DPI) using the built-in firewall session tracking. IT professionals can assign policies to specific device types and divide traffic down to the application tier. In retail to trade , this will also help stop unauthorized access to surveillance cameras to stores or determine where PoS Terminals they can be connected to the network, say Hewlett Packard Enterprise.

Context data can be used to better analyze the state of the entire distributed branch network - wired, wireless, and global - to quickly optimize users' real-time performance before problems affect the business. The context recognition features built into the Branch Gateway go beyond the use of detailed rules for network access based on roles and application security tools and provide high-quality service (QoS) for both the local and WAN networks, the company noted.

According to information provided by the solution designer, additional Branch Gateway features, such as policy-based routing (PBR) and dynamic route selection, can also use context data and analysis to dynamically route traffic in a WAN network based on user, device, or group affiliation. For example, retailers can prioritize and segment traffic so that the capacity of cash terminal systems and video traffic is higher than that of a guest, and hotels can similarly give advantage to telephone traffic for employees serving customers.

IT professionals can integrate additional features for SD-WAN networks into their branch networks without having to upgrade access points or Aruba switches. Aruba SD-Branch comes as part of the Aruba Central solution. A license subscription is purchased for each of the branch network gateways at the facilities and for the head gateway located in the central office.^[1]

Notes