SaaS Express

The Software as a Service (SaaS) Express feature is an Aruba SD-Branch solution for the traffic management of SaaS applications. SaaS Express provides the best user experience when connecting the users from a branch site to SaaS applications. The methods and techniques used by SaaS Express to achieve its purpose are explained in detail in this guide.

Why Aruba SaaS Express?

It is a key challenge for network administrators to cope with the rapid adoption of SaaS applications, such as Microsoft 365 (formerly Office 365), Dropbox, Salesforce, and many others. SaaS providers often recommend enterprises to use split tunnel to send SaaS traffic directly over the internet from each branch location for accessing SaaS applications. This approach raises a concern for the enterprises wherein, this could result in loss of visibility into SaaS usage and performance. Also, the policy controls implemented to optimize the SaaS experience may affect the clients at those branch locations.

Following are the important factors to consider when optimizing the SaaS traffic:

Branch Gateways deployed at branch sites must have the ability to dynamically steer traffic to SaaS servers that provide the best performance by continuously monitoring the health of the servers and the WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. links.

Aruba SaaS Express connects users from a branch site to SaaS applications seamlessly and securely. It provides the following benefits:

  • Network-wide visibility for all SaaS applications
  • Improved performance for all SaaS applications
  • Improved service reliability through dynamic steering of SaaS traffic
  • Optimal user experience through best path connections to SaaS applications
  • Optimized for Microsoft 365

See the following sections for information about deployment and criteria for optimal path selection:

SaaS Express Terms

The following terms are used in the operations of SaaS Express.

Table 1: SaaS Express Terms



SaaS Application Profile Parameters

A SaaS application profile includes the following elements:

HTTP Probe

Branch Gateways send HTTP requests to each SaaS application over every available path. When a user requests access to a SaaS application, Gateways send an HTTP probe over each available circuit and determine the best performing ISP circuit.

SaaS Front Doors

SaaS application nodes are formed by multiple microservices, which means that a specific server is not present unlike the traditional applications. When probing SaaS applications to measure the expected performance, Branch Gateways probe the entry point or front door, which is the load-balancer that receives the HTTP traffic from the clients.

DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. Resolution

When a client requests SaaS application access, the Branch Gateway router tries to resolve the FQDN of the SaaS application into IP addresses. Gateways determine the best available uplink for a given SaaS application on each ISP circuit based on the following:

  • Type of SaaS application
  • Location of DNS caching servers for a given ISP
  • Geographical location of the device that initiates the DNS request.

Pre-defined SaaS Profile

Built-in SaaS application profiles that are available in Aruba Central. By default, Aruba Branch Gateways support a set of applications and application categories. For example, Adobe, DropBox, Amazon, Google, Salesforce, Slack, Webex, and so on.

Custom SaaS Profile

SaaS application profile that is customized as per requirement.

Active Monitoring

A parameter that allows monitoring the performance of the SaaS applications and you can view the performance scores in the global, site, and gateway monitoring dashboards.

SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. Overlay

SD-WAN networks build a secure overlay formed by IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels overall WAN circuits. This transport-independent network ensures reachability through all paths and facilitates the steering of each traffic flow over the optimum path.

SD-WAN Underlay

Similar to the SD-WAN overlay, multiple WAN circuits can be used. These underlay circuits are internet links that are also referred to as underlays.

Deep Packet Inspection (DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. )

DPI is a type of data processing that inspects the data sent over a computer network in detail and may take actions such as alerting, blocking, re-routing, or logging accordingly. Deep packet inspection is used to baseline application behavior, analyze network usage, troubleshoot network performance, and so on.

See the following sections for information about monitoring SaaS Express: