Aruba SD-Branch Solution
The Aruba SD-Branch solution offers the best-in-class wireless and wired infrastructure and management orchestration features with the SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. capabilities. The SD-Branch solution extends the SD-WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. concept to all elements in a branch to deliver a full-stack solution that addresses the business challenges of distributed enterprises. Coupled with Aruba Central, the solution provides a cloud-hosted environment for simplified operations and improved agility.
Why SD-WAN?
A traditional branch setup supports client connectivity requirements across different geographical locations for various types of business operations. The sites in remote geographical locations serve as branch offices, while the headquarters or main office serves as a data center that hosts network resources to store, manage, and distribute data. The main office also hosts a centralized Virtual Private Network (VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two.) management system to aggregate traffic from the remote branch sites. A Wide Area Network (WAN) —with Multiprotocol Label Switching (MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. ), T1, T3, Broadband, or Cellular links—is used for connecting multiple local area networks to a central corporate network or data centers separated by distance.
Due to an increase in the number of client devices at the remote sites and the new bandwidth requirements, branch office networks are expected to rapidly scale and provide uninterrupted user experience. A traditional branch infrastructure with multiple appliances, different operating systems, and management tools only adds to the cost, involves a maintenance overhead, and demands skilled IT personnel.
The Aruba SD-WAN solution simplifies your branch deployments with a single management interface for administering, managing, and monitoring your branch networks. It also provides a unified policy enforcement framework with operational ease.
Key Features and Benefits
The SD-WAN solution comes with the following key capabilities:
- Zero Touch Provisioning (ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.) of devices— Ability to self-provision without operators intervention.
- Centralized overlay management and control— A single cloud-based network management interface for managing and monitoring SD Branch devices. Aruba Central, the cloud based network management system, supports unified management of SD branch devices with ZTP and hierarchical configuration.
- IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. based Automatic VPN Tunnels—Support for high-performance and automatic IPsec VPN for secure overlay networking.
- Unified security policy for wired, wireless, and WAN—Support for a common security policy framework based on user roles for WAN, WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection., and LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. users.
-
Dynamic path selection—Support for dynamically steering traffic or a service request to the best available path. For example, you can configure a policy to dynamically route the real-time voice and video traffic on the link with the lowest latency and jitter, and the bulk file traffic on the link with the maximum bandwidth.
- Deep Packet Inspection and Web Content Classification—Support for monitoring and analyzing application usage by clients.
- Visibility, analytics, and troubleshooting—Dashboards for monitoring branch health, device performance, and client connectivity metrics. Alerts, reports, and audit trails for monitoring and troubleshooting network performance issues.
-
Policy-based Routing—In addition to the traditional destination-based routing, the SD Branch devices support routing client traffic based on user role or type of application, For example, traffic generated from the guest devices can be routed directly to the internet, while traffic from the employees can be routed to the MPLS network.
How It Works
The SD-WAN solution includes a new set of devices called Aruba Gateways that inter-operate Aruba Switches and Instant APs to provide a full-fledged WAN architecture.
Based on the size of your branch setup, you can choose device combination that best suits your requirement:
- Medium to large branches—For branches that require more than 24 ports, you can use a combination of Branch Gateways and one or more Aruba switches at the branch site, with Aruba 7200 Series Mobility Controller as VPN Concentrator at the data center.
- Small to medium branches—For branches that require less than 24 ports (including all WAN and LAN ports), you can deploy Branch Gateways at the branch sites, with Aruba 7200 Series Mobility Controller as VPN Concentrator at the data center.
- Microbranches—For Microbranches, you can deploy an Instant AP cluster at the branch site, with Aruba 7200 Series Mobility Controller as the VPN Concentrator at the data center.
Figure 1 shows a typical deployment topology of an SD Branch with Branch Gateways and a Microbranch with Instant APs.
Figure 2 illustrates the communication flow between Aruba Central, branch sites, and data center.
Figure 2 Aruba Central and Cloud Communication
Figure 3 shows all elements in an SD Branch and the SD-WAN data flow.
Figure 3 Aruba SD-WAN Data Flow
What are the Solution Requirements?
The Aruba Gateways are the most important components of the Aruba SD-Branch solution. The SD-WAN Gateway portfolio includes Aruba 7000 Series and Aruba 7200 Series Mobility Controllers that function as Branch Gateways and VPN Concentrators respectively.
The following sections list the supported hardware platforms and minimum software versions required for setting up an SD-Branch.
At the Branch Site
Table 1 shows the list of hardware and software requirements for a branch site:
|
SD Branch Component |
Hardware Platforms |
Minimum Software Version |
|---|---|---|
|
Branch Gateways |
Aruba 7000 Series Mobility Controller |
ArubaOS 8.1.0.0-1.0.0.0 |
|
Aruba Switches function with Branch Gateways to detect and isolate rogue APs, and denylist rogue devices. |
Aruba 3810 Switch Series |
KB.16.05.0007 or later |
|
Aruba 5400R Switch Series |
KB.16.05.0007 or later |
|
|
Aruba 2920 Switch Series |
WB.16.05.0007 or later |
|
|
Aruba 2930F Switch Series |
WC.16.05.0007 or later |
|
|
Instant APs function as VPN clients at branch sites. The client data traffic from these APs are aggregated by the VPN Concentrator located at the data center |
Aruba 310 Series and 300 Series Instant APs |
Aruba Instant 6.5.3.x Aruba Instant 8.3.0.0 or later |
At the Data Center
At the data center, you can deploy Aruba 7200 Series Mobility Controller as VPN Concentrator. For data center redundancy, you can deploy two VPN concentrators in the active-standby or active-active mode.
|
SD-Branch Component |
Hardware Platform |
Minimum Software Version |
|---|---|---|
|
VPNC—A VPN Concentrator functions as a VPN management system that aggregates data traffic from the branches and terminates IPsec VPN tunnels. |
Aruba 7200 Series Mobility Controllers |
ArubaOS 8.1.0.0-1.0.0.0 |
|
Virtual Gateway—The headend gateway at the enterprise data center can be hosted as a virtual appliance. The virtualised instance enterprise data center gateway in public or private cloud is referred to as Virtual Gateway. Aruba Virtual Gateways function as VPN Concentrators. |
Aruba Virtual Mobility Controller |
ArubaOS 8.1.0.0-1.0.4.1 |
In the Cloud
A valid Aruba Central subscription is required to avail cloud-based administration, management, configuration and monitoring of SD branch components such as Branch Gateways, VPN Concentrators, Instant APs, and Aruba Switches.
How Do I Get Started?
To start using the SD-WAN solution, complete the steps described in the Getting Started section.
