Prime Group combines Aruba’s SD-WAN and SD-Branch to power operations across nearly 50 locations nationwide

用例：支持增长，通过采用软件定义的Wi-Fi网络，增强生产率并降低成本，包括SD-WAN和SD-Branch。

---

Providing streamlined, secure Wi-Fi to employees at nearly 40 leasing offices spread over 1,300 miles required Prime Group to adopt a new networking strategy.

“我们的素质住宅司经营了扩大的中市和高档多家庭物业列表，”500夫雇员洛杉矶公司商业技术副总裁卢克Pfaffinger解释道。“为了满足我们的高客户服务标准并实现我们的增长目标，我们需要一种可靠，未来的解决方案，可以轻松扩展和适应。”

自定义的旅程开始

At the outset, Prime Group sought to overcome limitations of using an MPLS-based WAN and aging Cisco networking equipment by moving to software-defined networking. In addition to modernizing branch office connectivity for Prime Residential, the company wanted to standardize on a single vendor that could streamline connectivity for its other division, Prime Finance.

与阿鲁巴和其工程团队接触已证明开发强大，灵活，可扩展的软件定义网络平台，具有适合我们的合适功能。Luke Pfaffinger,Vice President of Business Technology, Prime Group

“Prime Finance has offices in New York, Chicago and San Francisco, as well as Los Angeles,” says Pfaffinger. “To empower our employees with mobility and adopt cloud-delivered applications, across both Prime Residential and Prime Finance, we needed to eliminate bottlenecks inherent with our existing hub-and-spoke MPLS system.”

After evaluating several options, Prime Group selected a comprehensiveSD-WAN.andSD-Branch来自Aruba，Hewlett Packard Enterprise Company的解决方案，用于两阶段部署。“我们对Aruba对软件定义网络和创新管理工具的承诺感到兴奋，”Pfaffinger说。

20X Performance Boost with Aruba SD-WAN

Pfaffinger的团队的重点是其在整个部门部署SD-WAN的第一阶段。这涉及采用阿鲁巴access points (APs), and边缘开关as well as基于云的阿鲁巴中央网络管理and阿鲁巴Foundation Carefor ongoing support.

好处很快意识到
Once deployed, the Prime Group’s new SD-WAN quickly delivered exceptional value. “Performance improved twentyfold, reliability shot up and the cost savings were considerable,” says Pfaffinger.

Among other things, the implementation enabled migrating multiple back-office solutions to the cloud. “For business productivity, we transitioned to Microsoft Office 365, including the cloud-hosted Microsoft Phone System for voice telephony, and Skype for Business,” Pfaffinger says.

“虽然我们对公共互联网连接的音频质量感到担忧，但我们发现了比我们的私人MPLS设置更好，”他补充道。

Aruba SD-Branch增加了生产力，安全性和成本优势

最近，Pfaffinger的团队踏上了SD-分支阶段，利用了阿鲁巴中心。此阶段包括升级到更高绩效的室内和室外Aruba AP和Aruba分支网关，以及迁移到Aruba Access交换机以进行连续性。

“We wanted to improve business continuity, productivity, efficiency and security, while simultaneously streamlining the network for additional cost savings,” says Pfaffinger.

“We also required effective scalability to support our company’s plans for expanding our footprint and pursuing new markets without adding headcount to our lean IT team,” he adds.

Delivering Guest Capabilities and Speeding Deployments

Immediate SD-Branch benefits include the ability to roll out a guest network in common spaces like clubhouses, lounges and pool areas.

“通过从公司交通中分离客人，我们为居民和客人提供竞争舒适度，同时也可以安全地调动我们的员工在任何地方的工作，在室内或外商，”Pfaffinger说。

安装程序斜杠站点部署时间减半

Another benefit comes from Aruba’s zero-touch provisioning along with management technologies within Aruba Central and the Aruba Installer app. The Installer app enables IT staff to create templates and group locations with similar attributes, such as lobbies, back office/maintenance locations and resident common areas, to simplify and automate configurations.

This means non-technical staff at remote sites can quickly and easily install Aruba APs, switches and gateways, with Central ensuring configurations are consistently applied across the entire distributed enterprise.

“安装人员帮助我们将分支机构部署到不到四个小时，即使需要某些特定的特定调整，”Pfaffinger说。“之前，至少需要一天提供一个网站。”

管理和更新分支机构也很快。“每当我们调整配置设置或应用更新时，安装程​​序都会自动将更改流到相关组件，包括我们的AP，网关和交换机，”Pfaffinger说。

Better Together: Aruba PEF Firewall + Microsoft Azure

For security, Prime Group relies on Aruba’s comprehensive策略执行防火墙（PEF），集成到每个分支网关中的功能。全球拥有超过400万辆的安装，有状态防火墙仅使用其他网络和安全解决方案，以基于策略和角色来控制访问和流量。

“We’re very excited about the innovative, yet intuitive, features of Aruba’s firewall,” Pfaffinger says. “It’s a critical foundation for our migration to cloud-based business applications.”

Secure, role-based access

Via an open-source approach, Pfaffinger has combined Aruba access enforcement with their Azure active directory (AD) to enhance their authentication security. “By using SAML with Azure Active Directory we can easily differentiate access for our admins versus our tech support staff,” he says. “This multi-factor authentication and conditional access gives us granular control. For instance, the tech support staff is only granted read-only privileges versus admins receiving read/write privileges via their defined roles in the AD.”

“In addition to creating a more secure environment than was available with our legacy firewall, combining our Aruba’s PEF with Azure AD streamlines employee onboarding and departures,” Pfaffinger continues.

“When an employee joins our company, we grant access in Azure based on their role and the firewall dynamically enforces access privileges,” he adds. “When an employee leaves, we simply cancel the person’s Azure account and we’re done.”

Optimizing performance and protecting users

Beyond access control, the firewall also includes Layer 7 awareness of over 3,000 applications for policy-based content and bandwidth control. “We’re leveraging benefits of filtering and bandwidth control for both our corporate and guest networks,” says Pfaffinger.

“High-bandwidth users or IoT devices can be investigated and throttled to ensure they don’t impact others,” he continues. “On the guest network, we can limit bandwidth to protect corporate performance and ensure the safety of minors by disallowing inappropriate applications and content.”

高达40％的生产率收益

Another transformative benefit of the SD-Branch deployment comes from granting read-only network visibility to Prime Group’s help desk staff for sophisticated troubleshooting. Previously, only the company’s lone network engineer could perform such tasks, causing resolution delays.

“We estimate the help desk team can resolve issues up to 40 percent faster, significantly improving productivity for IT staff and business users alike,” says Pfaffinger.

“此外，随着帮助的服务台团队监测我们环境的健康，我们将更多的员工助长网络优化，”他补充道。“除了让帮助台的位置更加令人满意，我们还通过相同的头部，并释放了我们的网络工程师来专注于更高价值的任务的管理能力。”

下一步：连续性，物联网和其他增强功能

According to Pfaffinger, next steps include continuity enhancements, IoT adoption and networking advances.

为改善弹性主要金融分支机构,their secondary Internet connection will no longer operate in standby mode. “Using capabilities within Aruba Central and the SD-Branch Gateways, we’re setting up hot failovers,” he says.

IoT to enhance residence experiences

与大多数企业一样，素质集团计划利用物联网机会，如在盛会居留办事处安装租赁信息亭。“售货亭将为潜在居民提供信息和其他服务，直到租赁工作人员可用，”Pfaffinger说。

In the future, adopting smart walkway lighting, intelligent environmental controls in common areas for augmenting maintenance or physical security are all IoT possibilities.

Evaluating SD-WAN Orchestrator and SaaS Prioritizer

向前迈进，Prime Group计划探索中央最新功能，例如SD-WAN Orchestrator，Azure的虚拟网关和SaaS优先级。Orchestrator通过自动化各种网络任务来提升效率，而优先级通过优先考虑基于云的应用程序的流量来实现微调体验。

“We’re always interested in anything that makes us more efficient and our environment less complex,” Pfaffinger says.

Regardless of the new connectivity capabilities Prime Group ultimately rolls out, Pfaffinger advocates working with the experts to achieve the best results.

“Engaging with Aruba’s engineering team ensured we designed our solution to evolve along with the platform to meet ever-changing market needs,” he says. “It’s proven key to developing a powerful, flexible and scalable platform with the right features for us.”