For IT teams, this means finding a solution that offers increased flexibility, quicker implementation and better security than traditional branch options. Aruba Software-Defined Branch (SD-Branch) solutions offer all of that and more.
In comparison to traditional management methods for branch needs, which typically include operational silos, Aruba SD-Branch unifies networks and delivers a full-stack solution. Features include zero-touch provisioning (ZTP) for most network devices, SD-WAN and WLAN/LAN visibility and control, a zero-trust security model, and a policy approach that is consistent across wired, wireless, and WAN.
Additionally, Aruba SD-Branch supports rapid implementation using simple, local resources and centralized cloud services for IT teams. Traditional branch solutions often require a technical installer, and on-boarding large distributed networks can require a great deal of time and resources. In comparison, Aruba SD-Branch solutions provide simple onboarding using ZTP.
Aruba Central is used to deliver a cloud-based, single-pane-of-glass management and monitoring solution, which also enables a subscription-based consumption model. It allows IT to improve efficiency, implement timely software updates, and add enterprise-grade security, while still maintaining core functionality and flexibility. Aruba Central also allows IT to work off of a central point of management for all Aruba access points. Additionally, it provides insights into network operations by aggregating information from across the cloud.
To ensure end-users experience smooth, uninterrupted access to the network, Aruba SD-Branch integrates with SD-WAN technology, like path quality monitoring, in which the branch gateway can monitor connections for latency and other interruptions. Additionally, it makes use of dynamic path selection (DPS) for health monitoring information to intelligently route-traffic based on policy and ensure applications are sent over the best possible path.
For enterprises that require remote working capabilities, Aruba SD-Branch solutions also offers increased simplicity while setting up secure VPN tunnels. This is done by automatically establishing the overlay topology and advertising routes available on top of the overlay. Secure IPsec VPN and Client VPN are both supported, allowing employees or contractors to access internal systems, while also supporting high-performance access for secure overlay networking.
In addition to the aforenoted benefits, Aruba SD-Branch solutions also offer improved security compared to traditional branch options and other SD-Branch competitors.
The main line of defense, the Aruba Policy Enforcement Firewall (PEF), offers full firewall protection and tightly controls user and device permissions. Differing user-roles are provided separate layers of permission, while network admins are given increased insight into the applications running on the network and the users running them. Common role-based policy framework is provided through Aruba SD-Branch. Application fingerprinting is also available for up to 2600 applications to block, allow, or limit based on application, user and role, as well as policy-based routing for roles, application, or IP destination to allow IT to route traffic as they see fit.
Automatic Dynamic Segmentation ensures that policies across wires and wireless networks are consistent, meaning traffic for any user or device is separate and secure. In addition to ensuring end-users experience uninterrupted and secure access, IT teams will benefit from the automated features included in Aruba SD-Branch, allowing them to reallocate resources towards other projects.
Other security features include web content classification and reputation, which makes use of Webroot cloud-based machine-learning classification technology to classify websites for content-based filtering, and cloud security integration, allowing IT to route select traffic bound for the internet to cloud security services.
Aruba SD-Branch solutions are designed for simplicity and security at scale, with enterprise-level performance. All elements of the branch, including WAN, WLAN, wired networks, and security are included to ensure uninterrupted network performance from end-to-end. WEI is more than happy to help with design and implementation, and we can start with a discussion to learn more about the network challenges you’re currently facing in your distributed enterprise environment. Contact us to start a discussion.
NEXT STEPS: Many of our wireless engagements start with a wireless networking assessment. Learn more about what’s included, what you can expect and how to sign up by clicking the button below.