SD-Branch Solution Elements

This topic describes the solution elements for SD-Branch.

Aruba Central

With Aruba Central's flexible policy, configuration, and monitoring capabilities, organizations can simplify network operations by using zero-touch provisioning and customizable templates. Aruba Central allows teams to quickly deploy branch networks and centralize management for Aruba Gateways. It provides historical data reports, monitors for PCI compliance, and troubleshoots regional and global locations.

Provisioning

SD-Branch leverages Aruba Activate, Aruba Central, and the Aruba Installer mobile application to simplify and streamline the deployment of new Aruba devices across branch sites. This provisioning approach allows devices to be quickly and easily deployed by contractors or non-IT staff. To deploy a new branch the installer scans the new Aruba devices, connects the required Ethernet Ethernet is a network protocol for data transmission over LAN. cables, and provides power. Zero-touch provisioning over the Internet takes care of the rest.

Aruba Gateways

SD-Branch solution uses the following types of gateways:

• Headend gateways—An Aruba 7000 Series or 7200 Series device acts as a headend gateway or virtual private network concentrator (VPNC) for all branch offices. Branch gateways establish secure IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session. tunnels to one or more headend gateways. High Availability options support either multiple headend gateways deployed at a single site, or headend gateways deployed in pairs at multiple sites for maximum availability.
• Branch gateways—The Aruba 7000 Series can operate as an SD-Branch gateway at the branch to optimize and control WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance., LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server., and cloud security services. The branch gateway provides features such as routing, firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., security, Uniform Resource Locator (URL Uniform Resource Locator. URL is a global address used for locating web resources on the Internet.) filtering, and compression. With support for multiple WAN connection types, the branch gateway routes traffic over the most efficient link based on availability, application, user role, and link health.