Prime Group将Aruba的SD-WAN和SD-Branch结合在一起，在全国近50个地点上

USE CASE:支持growth, enhance productivity and reduce cost by adopting software-defined Wi-Fi networking, including SD-WAN and SD-Branch.

---

Providing streamlined, secure Wi-Fi to employees at nearly 40 leasing offices spread over 1,300 miles required Prime Group to adopt a new networking strategy.

“Our Prime Residential division operates an expanding list of mid-market and upscale multi-family properties,” explains Luke Pfaffinger, Vice President of Business Technology at the 500-employee LA-based company. “To meet our high customer service standards and achieve our growth goals, we needed a reliable, future-proof solution that would easily scale and adapt.”

Software-defined Journey Begins

首先，Prime Group试图通过转移到软件定义的网络来克服使用基于MPLS的WAN和老化的Cisco网络设备的局限性。除了现代化主要住宅的分支机构连接外，该公司还希望对单个供应商进行标准化，该供应商可以简化其其他部门Prime Finance的连接。

Engaging with Aruba and its engineering team has proven key to developing a powerful, flexible and scalable software-defined networking platform with the right features for us.卢克·普法芬（Luke Pfaffinger），Vice President of Business Technology, Prime Group

“Prime Finance has offices in New York, Chicago and San Francisco, as well as Los Angeles,” says Pfaffinger. “To empower our employees with mobility and adopt cloud-delivered applications, across both Prime Residential and Prime Finance, we needed to eliminate bottlenecks inherent with our existing hub-and-spoke MPLS system.”

评估了几个选项后，Prime Group选择了一个综合SD-WANandSD分支solution from Aruba, a Hewlett Packard Enterprise company, for a two-phase deployment. “We were excited about Aruba’s commitment to software-defined networking and the innovative management tools,” Pfaffinger says.

20X Performance Boost with Aruba SD-WAN

Pfaffinger的团队集中第一阶段的journey on deploying SD-WAN across both divisions. This involved adopting阿鲁巴接入点（APS）, andedge switches也cloud-based Aruba Central network managementand阿鲁巴基金会护理for ongoing support.

Benefits quickly realized
部署后，主要集团的新SD-WAN迅速提供了非凡的价值。Pfaffinger说：“性能提高了二十倍，可靠性提高了，节省成本可观。”

Among other things, the implementation enabled migrating multiple back-office solutions to the cloud. “For business productivity, we transitioned to Microsoft Office 365, including the cloud-hosted Microsoft Phone System for voice telephony, and Skype for Business,” Pfaffinger says.

“Although we were concerned about audio quality over public Internet connections, we discovered it was considerably better than our private MPLS set-up,” he adds.

Aruba SD-Branch Adds Productivity, Security and Cost Advantages

More recently, Pfaffinger’s team embarked on the SD-Branch phase, which leverages Aruba Central. This phase included upgrading to higher-performance indoor and outdoor Aruba APs and Aruba Branch Gateways as well as migrating to Aruba Access Switches for continuity.

Pfaffinger说：“我们希望提高业务连续性，生产率，效率和安全性，同时简化网络以节省成本。”

他补充说：“我们还需要有效的可扩展性来支持我们公司扩大足迹和追求新市场的计划，而无需为我们的精益IT团队增加员工。”

提供来宾功能和超速部署

SD-Branch的即时福利包括能够在俱乐部，休息室和泳池区等公共空间中推出来宾网络。

“By segregating guest access from corporate traffic, we’re supplying a competitive amenity for residents and guests while also securely mobilizing our staff to work anywhere they’re needed on a property, indoors or out,” Pfaffinger says.

安装程序将网站部署时间缩短了一半

Another benefit comes from Aruba’s zero-touch provisioning along with management technologies within Aruba Central and the Aruba Installer app. The Installer app enables IT staff to create templates and group locations with similar attributes, such as lobbies, back office/maintenance locations and resident common areas, to simplify and automate configurations.

This means non-technical staff at remote sites can quickly and easily install Aruba APs, switches and gateways, with Central ensuring configurations are consistently applied across the entire distributed enterprise.

“The Installer helped us cut branch deployments to less than four hours, even when some site-specific adjustments were needed,” says Pfaffinger. “Before, it required at least a day to provision a site.”

Managing and updating branches is also speedy. “Whenever we adjust a configuration setting, or apply an update, the Installer automatically flows the changes to the associated components, including our APs, gateways and switches,” Pfaffinger says.

更好地在一起：Aruba PEF防火墙 + Microsoft Azure

为了安全性，Prime Group依靠Aruba的综合Policy Enforcement Firewall (PEF), a feature integrated into every branch gateway. With over 4 million installations worldwide, the stateful firewall works alone, or in concert with other network and security solutions, to control access and traffic based on policies and roles.

Pfaffinger说：“我们对Aruba的防火墙的创新性但直观的特征感到非常兴奋。”“这是我们迁移到基于云的业务应用程序的关键基础。”

Secure, role-based access

Via an open-source approach, Pfaffinger has combined Aruba access enforcement with their Azure active directory (AD) to enhance their authentication security. “By using SAML with Azure Active Directory we can easily differentiate access for our admins versus our tech support staff,” he says. “This multi-factor authentication and conditional access gives us granular control. For instance, the tech support staff is only granted read-only privileges versus admins receiving read/write privileges via their defined roles in the AD.”

Pfaffinger继续说：“除了创造比我们的传统防火墙提供的更安全的环境外，还将我们的Aruba的PEF与Azure Ad Sparlines的员工登上和出发相结合。”

他补充说：“当一名员工加入我们的公司时，我们会根据其角色和防火墙动态执行访问权限的访问权限。”“当员工离开时，我们只是取消了该人的Azure帐户，就完成了。”

优化性能并保护用户

除了访问控制之外，防火墙还包括第7层对基于策略的内容和带宽控件的3,000多个应用程序的认识。Pfaffinger说：“我们利用过滤和带宽控制的好处，包括我们的公司和客人网络。”

他继续说：“可以调查并进行调查并进行调查，以确保他们不会影响他人，”他继续说道。“在来宾网络上，我们可以限制带宽以保护公司绩效，并通过不适当的应用程序和内容来确保未成年人的安全。”

Up to 40% Productivity Gains

Another transformative benefit of the SD-Branch deployment comes from granting read-only network visibility to Prime Group’s help desk staff for sophisticated troubleshooting. Previously, only the company’s lone network engineer could perform such tasks, causing resolution delays.

Pfaffinger说：“我们估计服务台团队可以更快地解决高达40％的问题，从而大大提高IT员工和企业用户的生产率。”

“Also, with the help desk team monitoring the health of our environment, we’ve more IT staff contributing to network optimization,” he adds. “In addition to making the help desk position more satisfying, we’ve enhanced our management capabilities with the same headcount and freed our network engineer to concentrate on higher-value tasks.”

Next Steps: Continuity, IoT and Other Enhancements

根据Pfaffinger的说法，下一步包括连续性增强，物联网采用和网络进步。

为改善弹性主要金融分支机构,their secondary Internet connection will no longer operate in standby mode. “Using capabilities within Aruba Central and the SD-Branch Gateways, we’re setting up hot failovers,” he says.

IoT to enhance residence experiences

Like most enterprises, the Prime Group plans to take advantage of IoT opportunities, such as installing leasing kiosks at Prime Residence offices. “The kiosks would provide prospective residents with information and other services until a leasing staff member becomes available,” Pfaffinger says.

将来，采用智能人行道照明，在公共区域中采用智能环境控制，以增加维护或物理安全性。

评估SD-WAN编排和SaaS优先级

Moving forward, Prime Group plans to explore Central’s latest features, such as the SD-WAN Orchestrator, the Virtual Gateway for Azure and the SaaS Prioritizer. The Orchestrator boosts efficiency by automating various networking tasks, while the Prioritizer enables fine-tuning experiences by prioritizing traffic for cloud-based applications.

“We’re always interested in anything that makes us more efficient and our environment less complex,” Pfaffinger says.

不管新的连接能力最终都将推出，Pfaffinger倡导与专家合作以取得最佳成绩。

他说：“与阿鲁巴工程团队互动确保我们设计了解决方案，以与平台一起发展，以满足不断变化的市场需求。”“事实证明，开发一个功能强大，灵活和可扩展的平台具有适合我们的功能。”