Link Search Menu Expand Document

Introduction

Software-defined branch (SD-Branch) is a technology shift towards solutions that are agile, open, and cloud-integrated. SD-Branch includes SD-WAN components that deliver a secure, service provider independent network with enterprise-level performance over disparate wide-area network (WAN) technologies. However, although SD-WAN solves a real IT problem, it only addresses part of the issue organizations face when dealing with distributed locations.

Organizations often roll out and operate distributed, heterogeneous networks with centralized teams. These distributed networks offer many services besides just WAN connectivity. Branch networks need wired and wireless LANs, security and policy enforcement, and of course, WAN interconnects. SD-Branch extends the concepts beyond SD-WAN to all elements in the branch, delivering a full-stack solution that includes SD-LAN and security that address all network connectivity needs.

When formulating the strategy for a SD-Branch rollout, Aruba recommends:

  • Purchase as much WAN bandwidth as possible to alleviate potential bottlenecks during the busiest times of the day.

  • Increase Internet bandwidth, instead of buying additional private bandwidth.

  • Use cloud-based tools to simplify the configuration, operation, and management of the WAN.

Purpose of This Guide

This deployment guide covers the Aruba SD-Branch in the Edge Services Platform (ESP) architecture. It contains an explanation of the requirements that shaped the design and the benefits it provides your organization. The guide describes a single unified infrastructure that integrates access points (APs), switches, gateways, and network management with access-control and traffic-control policies. Please refer to volume one of this VSG for design guidance:

Aruba VSG: SD-Branch Design

This guide assumes the reader has an equivalent knowledge of an Aruba Certified Mobility Associate or Aruba Certified Switching Associate.

Design Goals

The overall goal is to create a simple, scalable design that is easy to replicate across all sites in your network. The solution components are limited to a specific set of products to help with operations and maintenance. The key features addressed by Aruba SD-Branch include:

  • Simplicity with zero-touch provisioning:SD-Branch devices can be factory-shipped directly to a remote site, by automatically matching orders to an Aruba customer account, the mobile Installer app is available for third-party systems integrators to quickly install equipment. Combined with group and device-level configuration, which configures APs, switches, and gateways to specific configurations, networks are brought up quickly.

  • Unified policy management:For Aruba and third-party network infrastructure, Aruba ClearPass delivers a common policy framework for multivendor wired and wireless networks. This software-defined approach makes it easy for the network administrator to distribute changes quickly based on corporate risk and compliance requirements. ClearPass Device Insight (CPDI) adds AI-powered device profiling to help automate discovery of the latest mobile and IoT endpoints.

  • Predictive analytics and assurance:Aruba Central’s artificial intelligence (AI), machine learning (ML), and automation capabilities identify issues and notify IT of problems while recommending changes. When you shift to a cloud-hosted model, data is collected and crowdsourced from Aruba’s large installed base while taking advantage of Aruba’s data science expertise.

  • Secure WAN connectivity:Enable SD-WAN technology to support the use of the Internet to replace or augment private WAN services. Elements of the solution include path quality monitoring (PQM) to track the available paths, stateful firewall with application fingerprinting to identify traffic flows, dynamic path selection (DPS) to use the optimal path, and centralized routing to offload the branch gateways (BGWs) from participating in the routing decisions. You can also use end-user identity information when selecting the available WAN paths.

  • LAN automation with dynamic segmentation:Most branch networks are needlessly complex because designs are based on a proliferation of VLANs, complex IP addressing schemes, access control lists (ACLs), and architectures that are tailored to the needs of automation software. The SD-Branch architecture seeks to flatten the branch into fewer subnets or even a single subnet, eliminating the dependence on static IP addressing schemes and hardwired ACLs across multiple devices. This is achieved by consolidating all policy enforcement into a single device in the branch.

You can use this guide to design new networks or to optimize and upgrade existing networks. It is not intended as an exhaustive discussion of all options but rather to present commonly recommended designs, features, and hardware.

Audience

This guide is written for IT professionals who need to design an Aruba SD-Branch network. These IT professionals can fill a variety of roles:

  • Systems engineers who need a standard set of procedures for implementing solutions

  • Project managers who create statements of work for Aruba implementations

  • Aruba partners who sell technology or create implementation documentation

Customer Use Cases

Branch networks are changing rapidly. The most pressing challenges include an increasing number of mobile and IoT devices, growing bandwidth requirements of the business, and modern users who expect connectivity for work and personal use from anywhere at any time. The teams that run these distributed networks are not getting any bigger and often, they are shrinking. Organizations expect new network rollouts to be complete in shorter timeframes, and IT organizations are asked to improve service levels, reduce costs, and shift spending from capital expense to operating expense.

This guide discusses the following use cases:

  • Secure WAN communications using IPsec tunnels over an independent transport

  • ZTP for all networking components in the branch

  • Switch stacking for simplified management, high availability, and scalability

  • Link aggregation for high bandwidth, redundancy, and resiliency between switches and gateways

  • 无线的s the primary access method for branch employees

  • 无线和有线的客人访问客户、标准tners, and vendors

  • Consistent security for wired and wireless devices based on roles

Deploying the SD-Branch

The Aruba SD-Branch design provides SD-WAN, wired, and wireless connectivity for branch users. The SD-WAN interconnects the corporate site with the remote-site locations, making it a critical part of the network. Modern WAN networks require a flexible and scalable design to support mission-critical applications and real-time multimedia communications from any location on the corporate network. Access to cloud-based services from each branch location is also critical to the success of keeping the network running as efficiently as possible.

The SD-Branch design:

  • Combines SD-WAN, wireless, and wired infrastructure with cloud-based orchestration

  • Provides location-independent network access to improve employee and guest productivity

  • Simplifies setup with zero-touch provisioning and plug-and-play branch deployment

  • Provides wireless connectivity to hard-to-wire locations, eliminating the need for costly construction

  • Simplifies configuring, managing, and operating, by using cloud-based controls

Back to top

© Copyright 2021 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go toAruba EULA.

Baidu