By Gabriel Gomane, Aruba Networks
The COVID-19 crisis has accelerated digital transformation initiatives to offer an improved customer experience and personalized services, all while tackling increasingly sophisticated cybersecurity threats. More than ever, organizations need flexibility to keep pace with business change, but they are often hindered by a sluggish and rigid network infrastructure.
In this blog post, we will describe five key benefits of implementing an advanced SD-WAN solution and how it can accelerate business growth.
1. Improve business agility while reducing overall WAN cost
To connect branch offices to the corporate data center, organizations have traditionally used expensive MPLS lines. As more bandwidth is required to support increasing connectivity demands, MPLS lines become cost-prohibitive, preventing organizations from fully satisfying their business needs. New MPLS circuits can take up to four months to be provisioned, greatly slowing down the ability to spin up a new branch. This hinders business changes, agility, and flexibility.
An SD-WAN leverages less expensive internet and 5G connections by virtualizing and bonding network links, creating secure tunnels from the branch offices to the data center and to the cloud. To overcome deficiencies inherent to internet and wireless connections such as packet loss and jitter, the Aruba EdgeConnect SD-WAN edge platform uses path conditioning techniques including Forward Error Correction (FEC) and Packet Order Correction (POC) to increase the performance and reliability of these connections. FEC can rebuild lost packets at destination without having to retransmit them. In case of link bonding, POC automatically reorders packets coming from different links.
With SD-WAN, organizations can realize the agility needed by the business while reducing costs.
2. Increase security and seamlessly transition to a SASE architecture
Organizations with an MPLS router-based architecture are not able to easily enforce security policies in branches due to the rigidity and the complexity of their network, especially in hybrid-cloud environments. The security perimeter is dissolving as users and devices now connect from anywhere. Traditional security measures such as VPNs are limited as a VPN doesn’t support enforcement of granular security policies. Indeed, once a user has been identified and authenticated with a VPN connection, they can access critical resources inside the network even if they shouldn’t.
Aruba EdgeConnect SD-WAN includes a zone-based firewall that provides role-based segmentation, granting users or IoT devices access to certain areas of the network but ensuring that they can only connect with destinations on the network that are consistent with their role. And by segmenting the network, IT can ensure that malware doesn’t spread rampantly across the entire network; threats are contained within the segment.
Aruba EdgeConnect can also provide automated orchestration and native integration to modern cloud security providers supporting features such as ZTNA (Zero Trust Network Access), SWG (Secure Web Gateway) or CASB (Cloud Access Security Broker). It enables organization to select the best-of-breed cloud security vendors to deliver a SASE architecture that best fits their needs.
SD-WAN is the foundational component to implement a robust SASE architecture. By choosing best-of-breed security capabilities with a tight SD-WAN integration, organizations ensure maximum protection to their employees and other stakeholders accessing the network.
3. Enable a cloud architecture
Organizations are migrating their applications to the cloud and use software as a service (SaaS) cloud-hosted business applications such as Microsoft 365, Salesforce, Box, Dropbox, ServiceNow and many more instead of hosting them in the data center. However, organizations with traditional router-based WAN architectures continue to backhaul cloud-destined traffic from branch locations to the data center, mainly for security reasons, severely impacting the performance of cloud applications at the branch.
Aruba EdgeConnect uses local internet breakout to intelligently steer traffic to its destination. It can identify the application on the first packet and intelligently route it back to the data center, or directly to the cloud destination, or first to a cloud security enforcement point, depending on the application and its security policy enforcement requirements. For example, trusted business traffic such as Microsoft 365 is sent directly to the cloud, traffic from in-house applications or suspicious traffic is directed back to the data center, and other web traffic steered to a cloud-hosted security provider for further inspection before handing it off to its final destination.
Additionally, Aruba EdgeConnect seamlessly integrates to cloud providers such as AWS and Azure establishing secure tunnels from the edge to the cloud provider. The process of connecting branch offices is seamless and can be performed with one click.
Enable a cloud-first secure architecture with Aruba EdgeConnect and automated orchestration
SD-WAN enables organizations to embrace the flexibility of a cloud architecture while improving cloud application performance by steering traffic directly to the cloud using local internet breakout.
4. Simplify WAN infrastructure
Over the years, organizations have built their network infrastructure as their business grows. Branch offices often ended up with a stack of appliances in their facilities including routers, firewalls, VPN concentrators, and WAN optimization devices. Updating a business or security policy such as moving an application to the cloud or improving quality of service often requires manually reconfiguring multiple devices. Not only does equipment sprawl require advanced networking skills to maintain and manage, but it also results in multiple maintenance contracts to administer.
Aruba EdgeConnect enables organizations to reduce the footprint of their devices by unifying routing, firewall, WAN optimization, and SD-WAN in a single platform. Network architects simply define policies that, for example, link WAN optimization with MPLS routing, or in the case of a SaaS applications, steer the traffic to the embedded firewall and then to the cloud.
SD-WAN enables organizations to move to a thin-branch model by reducing the amount of equipment in branch locations streamlining the network architecture and significantly reducing WAN management overhead.
5. Centrally manage network operations and get visibility
Very often, organizations must manage their network operations on a local basis resulting in a lack of flexibility. The network deployment of new remote sites can be tedious and can take several weeks to accomplish. Corporate IT departments often don’t have complete network visibility to comprehensively monitor transport throughput, packet loss, latency, and jitter. An advanced SD-WAN such as Aruba EdgeConnect continuously monitors network health and automatically adapts to changing conditions to always deliver optimal application performance.
With Aruba EdgeConnect, zero-touch provisioning greatly simplifies connecting and deploying a new site, by automatically receiving its configuration from a central orchestrator. Centralized orchestration also ensures that QoS and security policies are seamlessly and consistently enforced at the new branch.
Aruba EdgeConnect also provides health maps with aggregated views of WAN transport loss, latency and jitter, as well as a real-time view to proactively identify potential performance impacts. Dashboards display a centralized summary of the health of appliances connected on the network, top talkers, applications, topology map, Mean Option Score (MOS), and more. All application traffic is easily identified by name and location, and alarms and alerts allow for faster resolution of network issues.
With SD-WAN, new branch offices are set up quickly and easily, and security policy changes can be automatically distributed to hundreds or thousands of branches in minutes while minimizing errors. Network administrators can monitor network health through a single pane of glass and dashboards.