Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
SaaS Express
Why Aruba SaaS Express?
It is a key challenge for network administrators to cope with the rapid adoption of SaaS applications, such as Microsoft 365 (formerly Office 365), Dropbox, Salesforce, and many others. SaaS providers often recommend enterprises to use split tunnel to send SaaS traffic directly over the internet from each branch location for accessing SaaS applications. This approach raises a concern for the enterprises wherein, this could result in loss of visibility into SaaS usage and performance. Also, the policy controls implemented to optimize the SaaS experience may affect the clients at those branch locations.
Following are the important factors to consider when optimizing the SaaS traffic:
- SaaS applications are hosted all over the world and the closest entry point to the SaaS service could be different from the one that is chosen by default for a location. Thus, enterprises require a solution that can direct SaaS traffic on the best available path from each branch location to improve the user experience.
- The ISP Internet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. network used at a branch (to transport the SaaS traffic) is likely to have variable loss or latency that is difficult to track or predict.
Branch Gateways deployed at branch sites must have the ability to dynamically steer traffic to SaaS servers that provide the best performance by continuously monitoring the health of the servers and the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. links.
Aruba SaaS Express connects users from a branch site to SaaS applications seamlessly and securely. It provides the following benefits:
- Network-wide visibility for all SaaS applications
- Improved performance for all SaaS applications
- Improved service reliability through dynamic steering of SaaS traffic
- Optimal user experience through best path connections to SaaS applications
- Optimized for Microsoft 365
See the following sections for information about deployment and criteria for optimal path selection:
SaaS Express Terms
The following terms are used in the operations of SaaS Express.
Term |
Description |
---|---|
SaaS Application Profile Parameters |
A SaaS application profile includes the following elements:
|
HTTP Probe |
Branch Gateways send HTTP requests to each SaaS application over every available path. When a user requests access to a SaaS application, Gateways send an HTTP probe over each available circuit and determine the best performing ISP circuit. |
SaaS Front Doors |
SaaS application nodes are formed by multiple microservices, which means that a specific server is not present unlike the traditional applications. When probing SaaS applications to measure the expected performance, Branch Gateways probe the entry point or front door, which is the load-balancer that receives the HTTP traffic from the clients. |
When a client requests SaaS application access, the Branch Gateway router tries to resolve the FQDN of the SaaS application into IP addresses. Gateways determine the best available uplink for a given SaaS application on each ISP circuit based on the following:
|
|
Pre-defined SaaS Profile |
Built-in SaaS application profiles that are available in HPE Aruba Networking Central. By default, Aruba Branch Gateways support a set of applications and application categories. For example, Adobe, DropBox, Amazon, Google, Salesforce, Slack, Webex, and so on. |
Custom SaaS Profile |
SaaS application profile that is customized as per requirement. |
Active Monitoring |
A parameter that allows monitoring the performance of the SaaS applications and you can view the performance scores in the global, site, and gateway monitoring dashboards. |
SD-WAN networks build a secure overlay formed by IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels overall WAN circuits. This transport-independent network ensures reachability through all paths and facilitates the steering of each traffic flow over the optimum path. |
|
SD-WAN Underlay |
Similar to the SD-WAN overlay, multiple WAN circuits can be used. These underlay circuits are internet links that are also referred to as underlays. |
DPI is a type of data processing that inspects the data sent over a computer network in detail and may take actions such as alerting, blocking, re-routing, or logging accordingly. Deep packet inspection is used to baseline application behavior, analyze network usage, troubleshoot network performance, and so on. |
See the following sections for information about monitoring SaaS Express: