![Page 1: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/1.jpg)
SimplifyingtheBranchNetwork
By:LeeDoyle,PrincipalAnalystatDoyleResearch
SponsoredbyAruba,aHewlettPackardEnterprisecompany
![Page 2: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/2.jpg)
ExecutiveSummaryAmajorityofITorganizationsareexperiencingsignificantchangesthatimpacttherequirementsfortheirdistributedbranchnetworks.Mobility,cloud-basedapplications,andInternetofThings(IoT)arealteringtrafficflowsandincreasingbandwidthrequirements.EmployeesandguestsexpectInternetconnectivity,whichmeansthatemployee-facingandIoTdevicesneedreliable,lowlatencyaccesstotheirdataandapplications,andmustbesecurelyon-boardedastheyinteractwithcentralizedservices.ITorganizationsdonothavethelevelofcontroltheyoncedidwithtraditionalarchitectures,andnowfaceincreasingpressuretosupportthesenewinitiativesevenasbudgetandresourcesremainlean.ITislookingtoSoftware-definedWAN(SD-WAN)tosatisfyprice-performancebenefitsofusingtheInternet,deeperapplicationvisibilityintoWANtraffic,simplertransportacrossmultipleuplinks,andgreaterflexibilitytoconnectwithcloudservice.ThismeansthatnewWANarchitecturecanimproveTotalCostofOwnership(TCO)withsimpleroperations,reducedhardwarecosts,andmoreefficientbandwidthutilization.AsITorganizationstaketheselearningsandapplysoftware-definedarchitectureacrossallbranchnetworkelements,theycandelivergreaterCAPEXandOPEXsavings.Thoseelementsinclude:
- WirelessandWiredaccessforemployeeandguestusers- Policyandsecurityservicesforonboardingendpoints- QualityofServiceforapplicationtrafficend-to-end- Closerintegrationwiththird-partyapplicationsandservices
ThisexpandedapproachtonetworkingdeliversaSoftware-definedBranch(orSD-Branch)solutiontoconvergeallnetworkelementsontoasingle,easy-to-manageplatform.ThisunifiedapproachprovidescloudmanagementandpolicyenforcementtosimplifyWAN,WLAN,andLAN,introducesrole-basedcontextawarenesstotheWAN,andintegratesmultipleservicestoeliminateonsiteappliances.SD-Branchsimplifiesbranchdesign,reducesCapitalExpenses(CAPEX),andoptimizesWANutilizationforgreatersavingsthanSD-WANalone.
![Page 3: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/3.jpg)
ChallengesofBuildingandOperatingBranchNetworksLeadingITtrends,includingthemigrationofkeyapplicationstothecloud,useofawiderangeofmobiledevices(BYOD),andtheincreaseddeploymentofnumerousIoTend-points,posenewchallengesforoperatorsofdistributedbranchnetworks.IncreasedcloudandSoftware-as-a-Service(SaaS)utilizationhasresultedinprofoundchangesintrafficflows(towardstheInternetandawayfromthecorporatedatacenter)thatincreasedemandsonbranchperformance.Theincreasednumberandvarietyofdevices(personalandIoT)mandatesreal-timeapplicationperformanceandsecuritymonitoringtoensureuserexperience.Forecastsfromleadinganalystfirmshighlightthechallenges:
• GrowingIoT:Therewillbeover25billionIoTdevicesby2020• IncreasedBranchsecuritythreats:30%ofadvancedattacksenterviathebranch
(Gartner)• Changingtrafficflows:AccordingtoIDC,40-60%ofenterprisedatatrafficis
migratingfromWANstotheInternetLeadingITorganizationsrealizethattheinevitablechallengesformanagingcurrentbranchnetworksincludeeaseofdeploymentandoperations,applicationidentificationandprioritizationtoensureQualityofService(QoS),andreal-timesecurity/networkhealthmetrics.Capitalandoperationalcostsarealsokeyconcernsasitisexpensivetodeployandmanageacomplexassortmentofhardwareandsoftwareremotebranchlocations.SeeFigure1.
![Page 4: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/4.jpg)
SimplifyingBranchNetworkOperationsTomeetthechallengesofevolvingbranchnetworkrequirements,ITorganizationsaredeployingnewsoftwareandcloud-basedtoolstooptimizeWAN,WLAN,andLAN.ByapplyingSDNandSD-WANmethodology,existingnetworkcontextinformationaboutusers,devices,andapplicationscanbeusedtodynamicallyimproveQualityofService(QoS),policy,andconfiguration.ThisinformationprovidesSD-WANfunctionalitywithdeepernetworkandapplicationinsightsevenashybridWANarchitecturesleveragecommodityInternetbandwidthtoaugmenttraditionalMPLSnetworks.Centralizedmanagementprovidesforrapid(zero-touch)provisioning,pre-stagingconfigurations,andreal-timechangesatremotebranchlocations.Cloud-basedintelligenceprovidesforimprovedvisibilityintotrafficflowswithitsabilitytoidentifypotentialsecuritythreats.Centralizedpolicymanagementallowsthepolicytofollowtheclient/userandeliminatessecurityrisksassociatedwithtime-consuming,manualmanagementtasksforvariousnetworkoverlaysandfunctions.Withcentralized
New Requirements for Cloud, Mobile, and IoT
Users and Devices
Apps and DataWAN
Web AppsSaaS
Cloud
Internet of Things
Broadband
T1 E1 MPLS
Cellular Data Center
Disrupt traditional network architecture
Employees Contractors
Guests
Executives Unknown
HQ
Video Voice
![Page 5: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/5.jpg)
managementconsoles,ITcanleverageestablishedbranchandheadendrulestoreducethecomplexityofsettingupsecureVPNtunnelsandestablishingthevirtualWANtopology.Newsecurityservicescaneasilybeservicechainedwithexistingbranchnetworksoftware.SeeFigure2.Figure2:SD-WANArchitecture
FurtherbenefitsaccruewhenorganizationscollapseanarrayofWAN,WirelessLocalAreaNetworks(WLAN),andLANservicesontoasinglebranchgatewayplatform.Underthismodel,completebranchnetworkfunctionalityiscombineduntoaunifiedandcentralizedmanagementframework.Thisfunctionalityincludes:
• WirelessLAN(Wi-Fi)• Ethernetswitching• SD-WANandWANoptimization• RoutingandVPN• Firewallandnetworksecurity
Theplatformprovideswirelessandwiredaccessforemployees,guests,mobiledevices,
![Page 6: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/6.jpg)
andIoTdevices.Allpolicymanagementiscentralized,thusrequiringlittleornointerventionatthebranchlocation.SeeFigure3.Figure3:BranchNetworkElementConsolidation
BenefitsoftheSoftwareDefinedBranchNetworkIntelligentsoftwareprovidesanumberofsignificantbenefitsforbranchnetworkdeploymentandongoingoperations.SD-BranchprovidescontextawarenesstooptimizeQoSforcriticalapplicationsintheaccesslayerandimproveSD-WANroutingfunctionality.Theconsolidationofnetworkfunctionstosoftwareonacommonplatformreducesinitialhardwarecosts(CAPEX)andongoingmaintenancefees.Cloud-basedmanagementspeedsdeploymentandreducescomplexity–thusprovidingoperational(OPEX)benefits.Servicescanbedeployedviaasubscription-basedmodelthatreducesequipmentcostsandallowsITtoeasilydeploynewservices.
WLAN
LAN
WAN Opt
Firewall
VoIP
Cloud-based AppsCentralized Services
Branch-in-a-Box
![Page 7: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/7.jpg)
ReduceBandwidthCosts
AsacriticalelementofSD-Branch,SD-WANprovidesorganizationstheabilitytobuildhybridWANnetworksthatleveragemultipleWANconnections(e.g.MPLSandInternet)toefficientlydeliverbandwidthtobranchlocations.Itscontextawareroutingidentifiesapplicationsandsteerstraffictotheappropriatenetworkwiththecorrectqualityofservice.Thisallowsorganizationstobenefitfromthe“Interneteconomics”wherecircuits(ethernet,DSL,cable,etc.)typicallyare1/3thecostofcomparablespeedMPLSlinks.InternetservicesalsohavetheadvantageofwideavailabilityandrapidprovisioningtimesascomparedtoMPLS.SD-WANalsoprovidestheabilityfororganizationstoleveragemultipleInternetserviceproviderswiththebenefitsofcostcompetitionanddiversityofcircuitsforhighreliability.
CAPEXSD-BranchallowsorganizationstoselectivelyconsolidateWANservicesincludingrouting,Wi-Fi,ethernet,firewalls,VPNs,andapplicationvisibilityintoasingleplatform.Thisconsolidationprovidesthepotentialforasignificantreductioninthehardwarecostsassociatedwiththemultipleboxsolutions.Consolidationofhardwarealsoreducesongoingmaintenancecosts(typically15%oftheinitialpurchasefee)foreachboxateachbranchlocation.
OPEX
OPEXprovidesameasureofongoingoperationalbenefitsprovidedbySD-Branchsolutions.OPEXbenefitsaccrueacrossanumberofcategoriesincludingagility,scale,management,andsecurity.
Agility:SD-Branchprovidesareductioninthetimetodeploynetwork
resourcestoneworexistingbranches.Theabilitytoquicklymakeadjustmentstothenetworktosupportthebusinessandoptimizetheapplicationexperienceimprovesthevalueofthenetwork.
![Page 8: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/8.jpg)
Scale:Manyorganizationsarechallengedtodeployandmanagenetworksto
hundredsorthousandsofbranchnetworks.SD-Branchenableszero-touchprovisioning,centralizedmanagement,andcustomizablelogstoenablerapidremediationofnetworkingissuesatbranchlocations.
Management:SD-Branchsolutionsarecloud-basedtoenableITtocentrally
controlalargenumberofbranchnetworks.Pre-configurationinthecloudprovidesforeaseofinstallationandabilitytoimprovenetworkfunctionalityviasoftwareupdates.
Security:SD-BranchprovidesunifiednetworksecuritywithUTM,firewall,and
VPNcapabilities.Onesecurityconsolewithenhancedcontextawarevisibilitycanidentifyanomaloustrafficandspeedresolutionofsecuritythreats.ItprovidesvirtualWANtopologythatreducesthecomplexityofsettingupsecureVPNtunnels.
ArubaTCOmodelsindicatesignificantsavingsbymovingtoaconvergedbranchsolutionleveragingSD-WANtoaugmentorreplaceMPLSlinks.Atypicalorganizationwith100distributedbranchlocationscansave$millionsover3years.SeeTable1
Table1
CostSavingsasComparedtoUnconvertedMPLSOnlySolution
MPLS+Internet31%
InternetOnly76%
![Page 9: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/9.jpg)
Aruba’svaluepropositionforBranchNetworksAruba7000seriesBranchGatewaysofferintegratedwireless,switching,andhybridWANservicesfordistributedenterprises,allmanagedbycloud-basedArubaCentral.TheyareoptimizedforcloudservicesandhybridWANconnections,andaredesignedtodelivertheperformance,reliabilityandsecurityrequiredtosupportthenumberofIoTdevices.Built-inWANoptimizationandgranularcontroloverapplicationsensureappropriateQoSforbusinesscriticalapplications.Arubacollapsesthecomplicatedpatchworkofbranchappliancesandaccessserversintoasingle,compactcloudservicesplatform.TheAruba7000seriesBranchGatewayseliminatethetime,costandcomplexityofmanagingdisparatesingle-purposepointproductsinthebranch.KeyfeaturesoftheBranchGatewayinclude:
• Zero-TouchProvisioning–Reducesthetime,costandcomplexityofinstallingbranchofficenetworks.
• ProgrammablePolicyEnforcementFirewall–Deliverscontext-awarecontroltoavarietyofbranchnetworkingrequirements.
• Cloud-basedApplicationQoS–WANoptimizationandapplicationvisibilityandcontrolimprovetheperformanceofbusiness-criticalappsinthecloud.
• AdvancedRouting–Implementscontext-basedroutingacrossdualEthernetWANandLTEWANlinkstopreservebandwidthforprioritized,business-criticaltraffic.
Aruba’sSD-BranchsolutiontakesadvantageofthecloudtomanageandmonitorWAN,Wi-Fi,andethernetlinks.Monitoring,reportinganddeploymentishandledcentrallywithArubaCentral.Inaddition,ArubaoffersintegrationwithPaloAltoNetworksfirewallsandenhancedperformanceforMicrosoftUCcustomers.
![Page 10: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/10.jpg)
Figure4
ConclusionandRecommendationsforCXOsTheemphasisofmobilityandcloud-basedapplicationsischangingtherequirementsfordistributedbranches.ITorganizationscontinuetobechallengedtoprovidehighquality,cost-effectiveservicestodistributedusers.TheadventofpervasiveIoTdeploymentsattheedgeofthenetworkwillfurtherstressexistingbranchWANconnectivity.ITorganizationsarechallengedtoupdateandmanagethedisparateelementsoftheremotebranch–i.e.routers,firewalls,Wi-Fi,switching,etc.ThesenewWANrequirements(e.g.changesintrafficflows)willrequireatransformationofthewaybranchnetworksarebuiltandoperated.Newsoftware-basednetworkingtechnologiessuchasSD-WANsignificantlyreduceoperationsandcapitalcostswhileimprovingqualityofserviceforcriticalapplications.Withintelligentnetworksoftware,ITorganizationscanconsolidateahostofnetworkfunctionsontoasingleplatform.TheSD-BranchisaconvergedbranchnetworkunifiesWi-Fiandethernetconnections,identifiestraffictypesandroutesthemtotheappropriatelink,
ARUBA SD-BRANCH SOLUTION
Branch Gateway
(7000 Series)
Headend Gateway
(7200 Series)
Aruba SD-WAN fabric
Access Point
Dynamic
Path
Selection
• Centralized Cloud
Management
• Branch-wide Network
Health and Configuration
• User-centric Policies with
Role-based Awareness
• UCC metrics and QoS for
2,600+ Applications
• Dynamic Segmentation
with Tunneled Node
Data Center3rd
Party Apps
KEY Internet Traffic
Corporate TrafficVoice Traffic
Cellular Failover
Internet
Branch Offices
Access Switch
![Page 11: Simplifying the Branch Network - Aruba...hybrid WAN networks that leverage multiple WAN connections (e.g. MPLS and Internet) to efficiently deliver bandwidth to branch locations. Its](https://reader033.vdocuments.us/reader033/viewer/2022042000/5e6d27622404fe4a92336ee5/html5/thumbnails/11.jpg)
andprovidesenhancedsecurity.Cloud-basedpolicymanagementallowscentrallybasedITstafftoefficientlytroubleshootnetworkissuesatremotebranchlocations.SD-Brancharchitecturesprovidecompellingbenefitsviaefficientbandwidthutilization,improvedapplicationQoS,andincreasedsecurity.ItsSD-WANfeaturesenablestheuseofhighlyefficient(andlowercost)Internetbandwidth.SD-Branchleveragesvirtualsoftwaretoreplacededicatedhardware(e.g.networksecurity,routers,Wi-Fi,ethernet,SD-WAN)withanall-in-oneplatform–thusconsiderablyreducingbranchhardwareandassociatedmaintenancecosts.Itscloud-basedmanagementsystemprovidesforrapidprovisionandnetworkupgrades–positivelyimpactingITagilityandimprovingoperations.ArubadeliversnetworkaccessandhybridWANsolutionstoremotelocationsthatneedsimplifiedenterprise-classconnectivityandsecureaccesstocorporateresources.Bycombiningintelligentwired,wireless,andWANintooneplatform,the7000SeriesdeliversasinglesolutionforLANandWANconnectivity.ITleadersshouldconsiderthebenefitsofbranchnetworkconsolidation,includingreducedhardwareandmaintenancecosts,improvedoperationsagility,andsuperiorapplicationQoS.
MeettheAuthor
LeeDoyleisPrincipalAnalystatDoyleResearch,providingclientfocusedtargetedanalysisontheEvolutionofIntelligentNetworks.Hehasover25years’experienceanalyzingtheIT,network,andtelecommarkets.LeehaswrittenextensivelyonsuchtopicsasSDN,NFV,enterpriseadoptionofnetworkingtechnologies,andIT-Telecomconvergence.BeforefoundingDoyleResearch,LeewasGroupVPforNetwork,Telecom,andSecurityresearchatIDC.LeecontributestosuchindustryperiodicalsasNetworkWorld,LightReading,andTechTarget.LeeholdsaB.A.inEconomicsfromWilliamsCollege.