The Aruba SD-Branch solution offers the best-in-class wireless and wired infrastructure, as well as management orchestration features with the SD-WAN capabilities. The SD-Branch solution extends the SD-WAN concept to all elements in the branch to deliver a full-stack solution that addresses wired and wireless Local Area Network (LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server.), security and policy enforcement, and WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. connectivity. When combined with Aruba Central, the solution provides a cloud-hosted environment for simplified operations and improved agility.
Organizations frequently deploy and manage distributed, diverse networks through small, centralized teams. Apart from WAN connection, these distributed networks provide a variety of other services. Branch networks require wired and wireless LAN, security and policy enforcement, and WAN interconnection.
The SD-Branch solution addresses the following issues:
- WAN Connectivity—WAN connectivity allows SD-WAN technology to support the usage of the Internet to replace or augment MPLS Multiprotocol Label Switching. The MPLS protocol speeds up and shapes network traffic flows. services. The SD-WAN solution includes the following elements:
- Path Quality Monitoring (PQM) to track the quality of the available paths.
- Stateful firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. with application fingerprinting to identify traffic flow.
- Dynamic path selection (DPS) to always select the optimal path.
- Centralized routing to offload the branch gateways from participating in routing.
- User identity information to select from the available paths.
- Branch Onboarding and Lifecycle Management—Centralized teams use third-party companies for installations. To bring remote sites online, the corporate team may need to collaborate with these third-party installers from different organizations depending on the geographic locations. This model presents significant logistical and technical challenges. SD-Branch architecture is developed to enable Zero-Touch Provisioning (ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.) for all branch devices. This feature allows hundreds of locations to be brought up each week. ZTP, when combined with a scalable cloud-based management platform, enables organizations to set up, modify, and maintain networks in an agile manner.
- LAN Security and Automation—Modern branch deployments can be excessively complex due to the growth of Virtual Local Area Networks (VLANs Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN.), complex Internet Protocol (IP) addressing schemes, and access control lists (ACLs Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.) distributed across multiple devices in the branch. Architectures are customized to the needs of automation software rather than the automation software adapting to the architecture. The SD-Branch architecture flattens the branch into fewer subnets Subnet is the logical division of an IP network. by consolidating all policy enforcement into a single device. This eliminates the need for static IP addressing schemes and hardwired ACLs across multiple devices.
This topic contains the following information: