Aruba SD-Branch: WAN connectivity solution for remote sites in a single control point

Aruba SD-Branch: WAN connectivity solution for remote sites in a single control point Cybersecurity

The crisis has demonstrated that if the cloud has worked well, it has been designed to respond to Covid-type issues. Today, many companies want to improve and simplify the connectivity of their branches (campus, micro-sites, IoT, telework, edge, etc.) while taking advantage of the adoption of new cloud services (IaaS / SaaS / PaaS). A solution that allows them to connect whatever the network, private MPLS, public Internet, Metro, 4 / 5G, etc.

This results in the installation on each remote site of physical equipment, a gateway, which serves as a WAN gateway with Ethernet switches and Wi-Fi solutions. All that is missing is a central point of orchestration. In SD-WAN approach, the management of this complex network is carried out by the transformation of the physical architecture present anywhere in the world in virtual network managed by the cloud. As Serge BAÏKOFF, System Engineer Aruba Networks – HPE indicates, “‘Software-defined’ allows the manager to focus on the connection rather than the equipment. The important thing is not how the customer connects, but to have the same customer experience with the same SD-WAN and security services.“.

Aruba SD-Branch and the Aruba Centralx cloud

To meet the WAN needs of companies and their branches, the Aruba SD-Branch solution is an SDN (Software-Defined Networking) solution, therefore oriented towards the cloud in order to offer native Internet connectivity. It consists of gateways and the Aruba Central cloud.

The gateway acts as an application firewall for micro-segmentation and access control, SD-WAN gateway for optimizing uplinks and SaaS applications, IPS / IDS security probe, WebCC, etc. It syndicates a large number of components. The Aruba Central Cloud for deploying and orchestrating WAN services, as well as administration and configuration management.

Aruba SD-Branch: WAN connectivity solution for remote sites in a single control point

The Aruba Central cloud is a significant innovation within the framework of the concept of SDN (Software-defined Networks). It provides a central point of orchestration, administration and configuration to manage the creation of tunnels, encryption keys, and WAN routing through this cloud. It is therefore an essential element for orchestrating the creation of WAN services, their distribution and interactions with other partners, such as the giants of the public cloud and security clouds. An orchestration that aims to be simple in terms of automation, like native cloud technologies. And which takes on its full dimension today by simplifying the edge-to-cloud on a single point of control and ensuring non-stop monitoring of operations in any location.

We also note the introduction of the SaaS Express function in Aruba Central, a traffic control application intended to increase the user experience by optimizing access to SaaS (Software-as-a-Service) services, such as Office 365. , DropBox, Slack or ServiceNow. The solution probes user SaaS application traffic in real time in order to dynamically optimize routing via the most efficient path and improve application performance.

The Aruba Central cloud and SD-Branch security

Serge BAÏKOFF would like to remind you, “Safety is a fundamental issue“. In this area, Aruba SD-Branch is making its contribution to secure corporate networks. The role-based application firewall integrated into gateways and WiFi access points, for example, makes it possible to filter thousands of applications and micro-segment customers by role. In addition to this, the latest version of SD-Branch has added IPS and IDS for intrusion prevention. As branch security becomes ever more complex, a revolution brought by SD- Branch deals with the generation of rules and their use in a micro-segmentation approach. “It is also essential to achieve a common access policy for wired, wireless and WAN connections. That is to say a role-based policy“As for the equipment of the solution, it integrates digital safes (TPM) to authenticate on the Cloud in a very secure way.



The Software-defined Branch, which differs from SD-WAN, orchestrated in a single point, also contributes to strengthening the security dimension of the solutions deployed. A WebCC (Web Content Classification) solution has also been integrated into the Aruba Central license. It offers a web filtering service by URL classification and by reputation, and a dynamic reputation algorithm for public IP addresses.


More and more companies want to improve the protection of their remote sites against threats from cloud or Internet connections. The Aruba SD-Branch solution offers an orchestration mechanism that automates gateway connectivity to Saas / PasS security clouds such as Zscaler, Palo-Alto Prisma.


Download our resource “The SoftwareDefined Branch for Dummies”

Aruba SD-Branch: WAN connectivity solution for remote sites in a single control point

Meet ROI expectations

Previously, the orchestration of encrypted tunnels and WAN routing encountered sometimes insolvent problems that did not facilitate scalability and automation. This is one of the main innovations of the network today, on which the gateway remains fundamental. With a high level of security, Aruba SD-Branch makes independent the type of WAN connections (MPLS / Metro / 4G / Internet, etc.). The solution allows direct access to the cloud and the Internet, and local upload of traffic to branch offices without consuming data center resources.


Aruba SD-Branch’s ROI contribution is therefore very important for the companies that have deployed it. WAN made independent and optimized, the WAN overcomes operational constraints. Eliminating own administration platforms, automating deployments via Zero Touch Provisioning, remote equipment management and cloud updates simplify and reduce the cost of operations management. TCO benefits from the merger of a large number of services in one box. So the IT department can manage its WAN in an innovative way, and quickly and simply distribute enterprise mobility anywhere in the world.


Discover the first event in the industry to combine the latest network innovations with the emergence of the Intelligent Edge: atm digital.

Source: www.zdnet.fr

Rate article