Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Aruba Central Online Help
Key Features
The following are the key features of HPE Aruba Networking EdgeConnect SD-Branch solution:
- Stateful Firewall Firewall is a network security system used for preventing unauthorized access to or from a private network.—This feature introduces context-aware and role-based data adapted from the HPE Aruba Networking WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. to dynamically apply policies based on user, device, application, and location to enhance visibility and security.
- Dynamic Segmentation The Dynamic Segmentation feature is Aruba’s security architecture that provides the ability to dynamically assign roles to a wired port based on the access method of a client and enforce application-aware policies to all devices connecting to the infrastructure.—With centralized policy control for WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance., wired and wireless LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server., IT can extend consistent policies across the entire distributed branch footprint. This feature provides a simple and secure way to configure network devices and onboard IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet. endpoints without additional overhead.
- Traffic Analysis—This feature gains application awareness into over 2,600 applications across 21 categories. Web Content Classification (WebCC) provides protection from malicious or unauthorized web URLs Uniform Resource Locator. URL is a global address used for locating web resources on the Internet..
- Deep Packet Inspection (DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. )—This feature monitors application usage and performance while optimizing bandwidth, priority, and network paths in real time, including applications that are encrypted or masquerade as web traffic. DPI is vital to understanding usage patterns that may require changes to network design and capacity.
- Installer App and Zero-Touch Provisioning (ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.)—Simplify on-site deployment with ZTP through HPE Aruba Networking Central and deploy new branches efficiently with a task-oriented Install Manager dashboard and the installer app for mobile devices.
- Adaptive Quality of Service (QoS Quality of Service. It refers to the capability of a network to provide better service and performance to a specific network traffic over various technologies.)—This feature monitors the uplink throughput and adjusts QoS policy based on measured throughput.
- Path Quality Monitoring (PQM)—The branch gateway can actively and passively monitor established Transmission Control Protocol (TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. ) connections for latency, jitter, packet loss, and throughput.
- Policy-Based Routing (PBR Policy-based Routing. PBR provides a flexible mechanism for forwarding data packets based on polices configured by a network administrator.)—Besides traditional destination-based routing, traffic can be routed across private or public WAN uplinks based on application or user role (for example, guest or employee).
- Dynamic Path Selection (DPS)—When multiple WAN links exist, DPS will help choose the best available path for an application based on characteristics like throughput, latency, jitter, and packet loss.
- WAN Compression—To improve overall bandwidth efficiency, the branch gateway can enable data compression on the IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. sessions between the branch and headend gateways. Compression efficiency varies depending on the traffic type, but real-world scenarios show 40–60% bandwidth savings.
- Hybrid WAN—The branch gateway can support multiple uplinks with multiple transport overlays such as internet broadband, MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. , and cellular connectivity. Traffic destined for the Internet can be routed locally. The traffic destined for the data center can either be routed over MPLS or any available internet path.
- Third-Party Integration—To reduce local branch complexity, integration with cloud services provided by firewall vendors such as ZScaler, Palo Alto Networks, Check Point, and UCC Unified Communications and Collaboration. UCC is a term used to describe the integration of various communications methods with collaboration tools such as virtual whiteboards, real-time audio and video conferencing, and enhanced call control capabilities. applications such as Microsoft Skype for business make extending security and QoS easier and reliable across the distributed enterprise.