Link Search Menu Expand Document
calendar_month 07-Mar-24

Preparing to Deploy Aruba SD-Branch Network

This section provides details for configuring Aruba Central to prepare for an SD-Branch deployment, including establishing interaction with HPE GreenLake.

Four requirements include: importing devices, licensing devices, creating groups, and creating site configuration.

This section also describes the fundamental differences between group and device configuration levels.

Device Management with HPE GreenLake

This section demonstrates how to applications to you HPE GreenLake account, add Aruba Central subscription keys, and add a new network device to the HPE GreenLake portal for management from Aruba Central.

The HPE GreenLake platform delivers a unified experience that enables customers to use a single dashboard to view, manage, and orchestrate the system’s network, compute, storage infrastructure and related services.

Table of contents

Import and License Devices

To use Aruba Central, devices must be licensed and maintained in HPE GreenLake’s inventory. Follow this procedure to import devices and apply the correct licenses. This article assumes that an account has been set up with HPE GreenLake and the Aruba Central application has been installed. If the prerequisite have not been complete, follow the documented process here.

Add a Subscription Key

Devices within Aruba Central require a subscription key to function. These keys grant access to various licenses, depending on the device type.

Step 1 On the HPE GreenLake top menu bar, select Manage.

Step 2 Click the Subscriptions tile.

Step 3 Click Add Device Subscription.

Step 4 In the Add Device Subscription window, enter the subscription key sent with the device or emailed after purchase. Click Submit.

Step 5 Repeat the process to continue adding subscription keys for additional devices as needed.

Add_Subscription_Key

Add a Device to GreenLake

Add network devices to HPE GreenLake using a .CSV file or by entering the Serial Number and MAC Address. Use the procedure below to enter the Serial Number and MAC Address. When complete, the device is assigned to Central automatically.

Step 1 On the HPE GreenLake top menu bar, select Devices.

Step 2 Click Add Devices.

Step 3 Select Network Devices as the Device Type, then click Next.

Step 4 On the Ownership Type list, click Serial Number & MAC Address.

Step 5 Type or paste the Serial Number and MAC Address values, then click Enter.

Step 6 Continue adding devices as needed. When finished, click Next.

Step 7 Tags are not entered in this example. Click Next.

Step 8 Review the list of devices and click Finish.

Step 9 Click Close.

Add_Device

Assign Subscriptions to the Devices

The following procedure assigns the subscription key to the device. This procedure demonstrates manual subscription key assignment, but the process can be automated for some device types. Instructions for the automated process can be found here.

Step 1 On the HPE GreenLake top menu bar, select Devices.

Step 2 Click the Require Subscriptions tile.

Step 3 Click the checkbox for each device to be assigned a subscription.

Step 4 Click the Actions menu.

Step 5 Click Apply Subscriptions.

Step 6 Select the Subscription Tier, then select the Subscription Key to apply.

Step 7 Click Apply Subscriptions.

Step 8 Click Finish, then click Close.

Step 9 Repeat steps 2 to 8 for additional device types that require licensing.

Note: This process supports multi-select in step 3 to license multiple devices, when applying the same license.

Apply_Subscription

This concludes the steps performed in HPE GreenLake. After completing the above steps, the device(s) are available for use in Aruba Central.

If a device is offline, it does not appear in any Aruba Central groups. In Central, use Device Preprovisioning to assign a device to a group and apply appropriate group and device level configuration. After a device is connected, Central downloads the pre-provisioned configuration.

Define Groups in Aruba Central

A device’s final configuration settings are defined by its group configuration, and additional device-specific configurations, when applicable.

When creating device groups, the devices should have similar network functions so that common configurations such as VLANs, NTP, and DNS can be applied at the group level. Device-specific configurations, such as IP addresses, should be applied at the device level.

Central uses two group types: template groups and UI groups.

  • Template groups are CLI-based configuration files pushed down to a device. Device-specific information can be defined using variables.
  • With UI groups, all configuration is performed from the Central user interface. Device-specific configuration can be applied by selecting a particular device and configuring it individually in the user interface.

Template groups are an excellent choice when devices have overlapping configurations or when configurations do not change often. UI groups are a better choice for workflow-driven configurations and provide the flexibility to change single device configurations.

In both cases, devices in the same group must have similar configurations. If port layouts must change or the topology of the branch differs from other sites, create a unique group and configuration for that different site.

Configuration hierarchy

Note: This graphic does not reflect the exact naming and type used in the guide. It is for reference purposes only.

Configure Device Groups

The following procedure creates a group. This guide uses the following groups and group types.

Device TypeGroup NameGroup Type
VPNCVPNC-RSVDCUI Group
BGW, AOS-CX Switch, Access PointBR-EC-SDBUI Group
Micro BranchBR-EC-MBUI Group

Step 1 On the left navigation pane, in the Maintain section, select Organization.

Step 2 Click the Groups tab.

Step 3 Click the + (plus sign) to create a new group

Step 4 Enter a Name for the group, and select the appropriate checkbox in the Group will contain list. Follow the table above.

Step 5 Select the device Architecture and Network Role.

Step 6 Repeat Steps 3 through 5 for each group.

Create_Group

Create Sites

Central uses sites to group devices at the same geographical location. Sites also identify the gateways to be clustered together, and the APs and switches at the same location. This procedure creates sites, used later in this guide. This guide uses RSVDC, which is the hub location in Roseville CA. Chicago, Miami, and San Francisco are the example branch locations.

Step 1 On the Central Account Home page, launch the Network Operations app.

Step 2 In the dropdown, select All Devices.

Step 3 In the left navigation pane, in the Maintain section, select Organization.

Step 4 Click the Sites tile, then click New Site on the bottom left.

Step 5 In the Create New Site window, assign the following settings, then click Add.

  • Site Name: RSVDC
  • Street Address: 8000 foothills Blvd
  • City: Roseville
  • Country: United States
  • State or Province: California
  • Zip/Postal Code : 95747

Step 6 Repeat steps 4 and 5 for all remote sites. This guide uses the following sites:

Site Name
HOURBR
SANBR
MIABR
SFOBR

Adding Site

Preprovision Device in Central > Groups

Move the VPNC devices to the hub group (VPNC-RSVDC) and the branch gateways to the branch group (BR-ECSDB)

Step 1 In the Aruba Central app, set the filter to Global.

Step 2 Under Maintain, click Organization.

Step 3 Click the Device Preprovisioning tile.

Step 4 Select the device(s) to move to a selected group.

Step 5 Click the Move devices icon.

Step 6 Select the Destination Group from the dropdown.

Step 7 Click Move.

Verify_Preprovisioning

Preprovision Device in Central > Sites

Move the VPNC devices to the hub site (RSVDC) and the branch gateways, switches, and access points to the branch sites (MIABR, HOUBR, SANBR)

Step 1 In the Aruba Central app, set the filter to Global.

Step 2 Under Maintain, click Organization.

Step 3 Click the Sites tile.

Step 4 Select the device(s) to move to a selected site.

Step 5 Drag the devices to the corresponding site.

Step 6 Click Yes to confirm the move.

Note: This step requires the system MAC address of the devices to determine the site to which they are moved. If that is not plausible, devices can be moved to the correct group after a hostname has been established later in the deployment process.

PreProvision Sites