simplifying the branch network - aruba...hybrid wan networks that leverage multiple wan connections...
Post on 13-Mar-2020
5 Views
Preview:
TRANSCRIPT
SimplifyingtheBranchNetwork
By:LeeDoyle,PrincipalAnalystatDoyleResearch
SponsoredbyAruba,aHewlettPackardEnterprisecompany
ExecutiveSummaryAmajorityofITorganizationsareexperiencingsignificantchangesthatimpacttherequirementsfortheirdistributedbranchnetworks.Mobility,cloud-basedapplications,andInternetofThings(IoT)arealteringtrafficflowsandincreasingbandwidthrequirements.EmployeesandguestsexpectInternetconnectivity,whichmeansthatemployee-facingandIoTdevicesneedreliable,lowlatencyaccesstotheirdataandapplications,andmustbesecurelyon-boardedastheyinteractwithcentralizedservices.ITorganizationsdonothavethelevelofcontroltheyoncedidwithtraditionalarchitectures,andnowfaceincreasingpressuretosupportthesenewinitiativesevenasbudgetandresourcesremainlean.ITislookingtoSoftware-definedWAN(SD-WAN)tosatisfyprice-performancebenefitsofusingtheInternet,deeperapplicationvisibilityintoWANtraffic,simplertransportacrossmultipleuplinks,andgreaterflexibilitytoconnectwithcloudservice.ThismeansthatnewWANarchitecturecanimproveTotalCostofOwnership(TCO)withsimpleroperations,reducedhardwarecosts,andmoreefficientbandwidthutilization.AsITorganizationstaketheselearningsandapplysoftware-definedarchitectureacrossallbranchnetworkelements,theycandelivergreaterCAPEXandOPEXsavings.Thoseelementsinclude:
- WirelessandWiredaccessforemployeeandguestusers- Policyandsecurityservicesforonboardingendpoints- QualityofServiceforapplicationtrafficend-to-end- Closerintegrationwiththird-partyapplicationsandservices
ThisexpandedapproachtonetworkingdeliversaSoftware-definedBranch(orSD-Branch)solutiontoconvergeallnetworkelementsontoasingle,easy-to-manageplatform.ThisunifiedapproachprovidescloudmanagementandpolicyenforcementtosimplifyWAN,WLAN,andLAN,introducesrole-basedcontextawarenesstotheWAN,andintegratesmultipleservicestoeliminateonsiteappliances.SD-Branchsimplifiesbranchdesign,reducesCapitalExpenses(CAPEX),andoptimizesWANutilizationforgreatersavingsthanSD-WANalone.
ChallengesofBuildingandOperatingBranchNetworksLeadingITtrends,includingthemigrationofkeyapplicationstothecloud,useofawiderangeofmobiledevices(BYOD),andtheincreaseddeploymentofnumerousIoTend-points,posenewchallengesforoperatorsofdistributedbranchnetworks.IncreasedcloudandSoftware-as-a-Service(SaaS)utilizationhasresultedinprofoundchangesintrafficflows(towardstheInternetandawayfromthecorporatedatacenter)thatincreasedemandsonbranchperformance.Theincreasednumberandvarietyofdevices(personalandIoT)mandatesreal-timeapplicationperformanceandsecuritymonitoringtoensureuserexperience.Forecastsfromleadinganalystfirmshighlightthechallenges:
• GrowingIoT:Therewillbeover25billionIoTdevicesby2020• IncreasedBranchsecuritythreats:30%ofadvancedattacksenterviathebranch
(Gartner)• Changingtrafficflows:AccordingtoIDC,40-60%ofenterprisedatatrafficis
migratingfromWANstotheInternetLeadingITorganizationsrealizethattheinevitablechallengesformanagingcurrentbranchnetworksincludeeaseofdeploymentandoperations,applicationidentificationandprioritizationtoensureQualityofService(QoS),andreal-timesecurity/networkhealthmetrics.Capitalandoperationalcostsarealsokeyconcernsasitisexpensivetodeployandmanageacomplexassortmentofhardwareandsoftwareremotebranchlocations.SeeFigure1.
SimplifyingBranchNetworkOperationsTomeetthechallengesofevolvingbranchnetworkrequirements,ITorganizationsaredeployingnewsoftwareandcloud-basedtoolstooptimizeWAN,WLAN,andLAN.ByapplyingSDNandSD-WANmethodology,existingnetworkcontextinformationaboutusers,devices,andapplicationscanbeusedtodynamicallyimproveQualityofService(QoS),policy,andconfiguration.ThisinformationprovidesSD-WANfunctionalitywithdeepernetworkandapplicationinsightsevenashybridWANarchitecturesleveragecommodityInternetbandwidthtoaugmenttraditionalMPLSnetworks.Centralizedmanagementprovidesforrapid(zero-touch)provisioning,pre-stagingconfigurations,andreal-timechangesatremotebranchlocations.Cloud-basedintelligenceprovidesforimprovedvisibilityintotrafficflowswithitsabilitytoidentifypotentialsecuritythreats.Centralizedpolicymanagementallowsthepolicytofollowtheclient/userandeliminatessecurityrisksassociatedwithtime-consuming,manualmanagementtasksforvariousnetworkoverlaysandfunctions.Withcentralized
New Requirements for Cloud, Mobile, and IoT
Users and Devices
Apps and DataWAN
Web AppsSaaS
Cloud
Internet of Things
Broadband
T1 E1 MPLS
Cellular Data Center
Disrupt traditional network architecture
Employees Contractors
Guests
Executives Unknown
HQ
Video Voice
managementconsoles,ITcanleverageestablishedbranchandheadendrulestoreducethecomplexityofsettingupsecureVPNtunnelsandestablishingthevirtualWANtopology.Newsecurityservicescaneasilybeservicechainedwithexistingbranchnetworksoftware.SeeFigure2.Figure2:SD-WANArchitecture
FurtherbenefitsaccruewhenorganizationscollapseanarrayofWAN,WirelessLocalAreaNetworks(WLAN),andLANservicesontoasinglebranchgatewayplatform.Underthismodel,completebranchnetworkfunctionalityiscombineduntoaunifiedandcentralizedmanagementframework.Thisfunctionalityincludes:
• WirelessLAN(Wi-Fi)• Ethernetswitching• SD-WANandWANoptimization• RoutingandVPN• Firewallandnetworksecurity
Theplatformprovideswirelessandwiredaccessforemployees,guests,mobiledevices,
andIoTdevices.Allpolicymanagementiscentralized,thusrequiringlittleornointerventionatthebranchlocation.SeeFigure3.Figure3:BranchNetworkElementConsolidation
BenefitsoftheSoftwareDefinedBranchNetworkIntelligentsoftwareprovidesanumberofsignificantbenefitsforbranchnetworkdeploymentandongoingoperations.SD-BranchprovidescontextawarenesstooptimizeQoSforcriticalapplicationsintheaccesslayerandimproveSD-WANroutingfunctionality.Theconsolidationofnetworkfunctionstosoftwareonacommonplatformreducesinitialhardwarecosts(CAPEX)andongoingmaintenancefees.Cloud-basedmanagementspeedsdeploymentandreducescomplexity–thusprovidingoperational(OPEX)benefits.Servicescanbedeployedviaasubscription-basedmodelthatreducesequipmentcostsandallowsITtoeasilydeploynewservices.
WLAN
LAN
WAN Opt
Firewall
VoIP
Cloud-based AppsCentralized Services
Branch-in-a-Box
ReduceBandwidthCosts
AsacriticalelementofSD-Branch,SD-WANprovidesorganizationstheabilitytobuildhybridWANnetworksthatleveragemultipleWANconnections(e.g.MPLSandInternet)toefficientlydeliverbandwidthtobranchlocations.Itscontextawareroutingidentifiesapplicationsandsteerstraffictotheappropriatenetworkwiththecorrectqualityofservice.Thisallowsorganizationstobenefitfromthe“Interneteconomics”wherecircuits(ethernet,DSL,cable,etc.)typicallyare1/3thecostofcomparablespeedMPLSlinks.InternetservicesalsohavetheadvantageofwideavailabilityandrapidprovisioningtimesascomparedtoMPLS.SD-WANalsoprovidestheabilityfororganizationstoleveragemultipleInternetserviceproviderswiththebenefitsofcostcompetitionanddiversityofcircuitsforhighreliability.
CAPEXSD-BranchallowsorganizationstoselectivelyconsolidateWANservicesincludingrouting,Wi-Fi,ethernet,firewalls,VPNs,andapplicationvisibilityintoasingleplatform.Thisconsolidationprovidesthepotentialforasignificantreductioninthehardwarecostsassociatedwiththemultipleboxsolutions.Consolidationofhardwarealsoreducesongoingmaintenancecosts(typically15%oftheinitialpurchasefee)foreachboxateachbranchlocation.
OPEX
OPEXprovidesameasureofongoingoperationalbenefitsprovidedbySD-Branchsolutions.OPEXbenefitsaccrueacrossanumberofcategoriesincludingagility,scale,management,andsecurity.
Agility:SD-Branchprovidesareductioninthetimetodeploynetwork
resourcestoneworexistingbranches.Theabilitytoquicklymakeadjustmentstothenetworktosupportthebusinessandoptimizetheapplicationexperienceimprovesthevalueofthenetwork.
Scale:Manyorganizationsarechallengedtodeployandmanagenetworksto
hundredsorthousandsofbranchnetworks.SD-Branchenableszero-touchprovisioning,centralizedmanagement,andcustomizablelogstoenablerapidremediationofnetworkingissuesatbranchlocations.
Management:SD-Branchsolutionsarecloud-basedtoenableITtocentrally
controlalargenumberofbranchnetworks.Pre-configurationinthecloudprovidesforeaseofinstallationandabilitytoimprovenetworkfunctionalityviasoftwareupdates.
Security:SD-BranchprovidesunifiednetworksecuritywithUTM,firewall,and
VPNcapabilities.Onesecurityconsolewithenhancedcontextawarevisibilitycanidentifyanomaloustrafficandspeedresolutionofsecuritythreats.ItprovidesvirtualWANtopologythatreducesthecomplexityofsettingupsecureVPNtunnels.
ArubaTCOmodelsindicatesignificantsavingsbymovingtoaconvergedbranchsolutionleveragingSD-WANtoaugmentorreplaceMPLSlinks.Atypicalorganizationwith100distributedbranchlocationscansave$millionsover3years.SeeTable1
Table1
CostSavingsasComparedtoUnconvertedMPLSOnlySolution
MPLS+Internet31%
InternetOnly76%
Aruba’svaluepropositionforBranchNetworksAruba7000seriesBranchGatewaysofferintegratedwireless,switching,andhybridWANservicesfordistributedenterprises,allmanagedbycloud-basedArubaCentral.TheyareoptimizedforcloudservicesandhybridWANconnections,andaredesignedtodelivertheperformance,reliabilityandsecurityrequiredtosupportthenumberofIoTdevices.Built-inWANoptimizationandgranularcontroloverapplicationsensureappropriateQoSforbusinesscriticalapplications.Arubacollapsesthecomplicatedpatchworkofbranchappliancesandaccessserversintoasingle,compactcloudservicesplatform.TheAruba7000seriesBranchGatewayseliminatethetime,costandcomplexityofmanagingdisparatesingle-purposepointproductsinthebranch.KeyfeaturesoftheBranchGatewayinclude:
• Zero-TouchProvisioning–Reducesthetime,costandcomplexityofinstallingbranchofficenetworks.
• ProgrammablePolicyEnforcementFirewall–Deliverscontext-awarecontroltoavarietyofbranchnetworkingrequirements.
• Cloud-basedApplicationQoS–WANoptimizationandapplicationvisibilityandcontrolimprovetheperformanceofbusiness-criticalappsinthecloud.
• AdvancedRouting–Implementscontext-basedroutingacrossdualEthernetWANandLTEWANlinkstopreservebandwidthforprioritized,business-criticaltraffic.
Aruba’sSD-BranchsolutiontakesadvantageofthecloudtomanageandmonitorWAN,Wi-Fi,andethernetlinks.Monitoring,reportinganddeploymentishandledcentrallywithArubaCentral.Inaddition,ArubaoffersintegrationwithPaloAltoNetworksfirewallsandenhancedperformanceforMicrosoftUCcustomers.
Figure4
ConclusionandRecommendationsforCXOsTheemphasisofmobilityandcloud-basedapplicationsischangingtherequirementsfordistributedbranches.ITorganizationscontinuetobechallengedtoprovidehighquality,cost-effectiveservicestodistributedusers.TheadventofpervasiveIoTdeploymentsattheedgeofthenetworkwillfurtherstressexistingbranchWANconnectivity.ITorganizationsarechallengedtoupdateandmanagethedisparateelementsoftheremotebranch–i.e.routers,firewalls,Wi-Fi,switching,etc.ThesenewWANrequirements(e.g.changesintrafficflows)willrequireatransformationofthewaybranchnetworksarebuiltandoperated.Newsoftware-basednetworkingtechnologiessuchasSD-WANsignificantlyreduceoperationsandcapitalcostswhileimprovingqualityofserviceforcriticalapplications.Withintelligentnetworksoftware,ITorganizationscanconsolidateahostofnetworkfunctionsontoasingleplatform.TheSD-BranchisaconvergedbranchnetworkunifiesWi-Fiandethernetconnections,identifiestraffictypesandroutesthemtotheappropriatelink,
ARUBA SD-BRANCH SOLUTION
Branch Gateway
(7000 Series)
Headend Gateway
(7200 Series)
Aruba SD-WAN fabric
Access Point
Dynamic
Path
Selection
• Centralized Cloud
Management
• Branch-wide Network
Health and Configuration
• User-centric Policies with
Role-based Awareness
• UCC metrics and QoS for
2,600+ Applications
• Dynamic Segmentation
with Tunneled Node
Data Center3rd
Party Apps
KEY Internet Traffic
Corporate TrafficVoice Traffic
Cellular Failover
Internet
Branch Offices
Access Switch
andprovidesenhancedsecurity.Cloud-basedpolicymanagementallowscentrallybasedITstafftoefficientlytroubleshootnetworkissuesatremotebranchlocations.SD-Brancharchitecturesprovidecompellingbenefitsviaefficientbandwidthutilization,improvedapplicationQoS,andincreasedsecurity.ItsSD-WANfeaturesenablestheuseofhighlyefficient(andlowercost)Internetbandwidth.SD-Branchleveragesvirtualsoftwaretoreplacededicatedhardware(e.g.networksecurity,routers,Wi-Fi,ethernet,SD-WAN)withanall-in-oneplatform–thusconsiderablyreducingbranchhardwareandassociatedmaintenancecosts.Itscloud-basedmanagementsystemprovidesforrapidprovisionandnetworkupgrades–positivelyimpactingITagilityandimprovingoperations.ArubadeliversnetworkaccessandhybridWANsolutionstoremotelocationsthatneedsimplifiedenterprise-classconnectivityandsecureaccesstocorporateresources.Bycombiningintelligentwired,wireless,andWANintooneplatform,the7000SeriesdeliversasinglesolutionforLANandWANconnectivity.ITleadersshouldconsiderthebenefitsofbranchnetworkconsolidation,includingreducedhardwareandmaintenancecosts,improvedoperationsagility,andsuperiorapplicationQoS.
MeettheAuthor
LeeDoyleisPrincipalAnalystatDoyleResearch,providingclientfocusedtargetedanalysisontheEvolutionofIntelligentNetworks.Hehasover25years’experienceanalyzingtheIT,network,andtelecommarkets.LeehaswrittenextensivelyonsuchtopicsasSDN,NFV,enterpriseadoptionofnetworkingtechnologies,andIT-Telecomconvergence.BeforefoundingDoyleResearch,LeewasGroupVPforNetwork,Telecom,andSecurityresearchatIDC.LeecontributestosuchindustryperiodicalsasNetworkWorld,LightReading,andTechTarget.LeeholdsaB.A.inEconomicsfromWilliamsCollege.
top related