Transcription
DATA SHEETENTERPRISEARUBA EDGECONNECTSD-WAN EDGE PLATFORMAs cloud-based application adoption continuesto accelerate, geographically distributedenterprises increasingly view the wide areanetwork (WAN) as critical to connecting usersto applications.As enterprise applications migrate from the corporate datacenter to the cloud, private line connections such as multiprotocol label switching (MPLS) have proven to be overlyrigid and expensive. With greater reliance on the internet,the opportunity to achieve “cloud speed” is better served byintegrating broadband services into the WAN transport mix.Recently acquired from Silver Peak, the Aruba EdgeConnectSD-WAN edge platform enables enterprises to dramaticallyFigure 1: Aruba EdgeConnect physical appliances shown here are also availableas virtual appliances. Aruba Boost WAN Optimization is an optional WANoptimization performance pack that combines Aruba WANoptimization technologies with Aruba EdgeConnect tocreate a single, unified WAN edge platform. Aruba Boostallows companies to accelerate performance of latencysensitive applications and minimize transmission ofrepetitive data across the WAN in a single, unified SD-WANedge platform.ARUBA EDGECONNECT KEY FEATURES Zero-Touch Provisioning: A plug-and-play deploymentreduce the cost and complexity of building a WAN bymodel enables Aruba EdgeConnect to be deployed at aleveraging broadband to connect users to applications. Bybranch office in seconds, automatically connecting withempowering customers to use broadband connections toother Aruba EdgeConnect instances in the data center,augment or replace their current MPLS networks, Arubaother branches, or in cloud Infrastructure as a Serviceimproves customer responsiveness, increases application(IaaS) such as Amazon Web Services, Microsoft Azure,performance, and significantly reduces capital andOracle Cloud Infrastructure and Google Cloud Platform.operational expenses by up to 90 percent. Business Intent Overlays: Aruba EdgeConnect is builtupon an application-specific virtual WAN overlay model.ARUBA EDGECONNECT PLATFORMMultiple overlays may be defined to abstract the underlyingThree components comprise the Aruba EdgeConnectphysical transport services from the virtual overlays, eachSD-WAN platform: Aruba EdgeConnect physical or virtual appliances(supporting any common hypervisors and public clouds)deployed in branch offices to create a secure, virtualnetwork overlay. This enables customers to move to abroadband WAN at their own pace, whether site-by-site,or via a hybrid WAN approach that leverages MPLS andbroadband internet connectivity. Aruba Orchestrator, included with the ArubaEdgeConnect platform, provides unprecedented levelsof visibility into both legacy and cloud applications withthe unique ability to centrally assign policies based onbusiness intent to secure and control all WAN traffic.Policy automation speeds and simplifies the deploymentof multiple branch offices and enables consistent policiesacross applications.supporting different QoS, transport, failover and securitypolicies. Groups of applications are mapped to differentbusiness intent overlays to deliver applications to usersin alignment with business requirements. Business intentoverlays may also be deployed to extend micro-segmentationof specific application traffic from the data center across theWAN to help maintain security compliance mandates. Tunnel Bonding: Configured from two or more physicalWAN transport services, bonded tunnels form a singlelogical overlay connection, aggregating the performanceof all underlying links. Real-time traffic steering is appliedover any broadband or MPLS link, or any combinationof links based on company-defined policies based uponbusiness intent. In the event of an outage or brownout,Aruba EdgeConnect automatically continues to carrytraffic on the remaining links or switches over to asecondary connection.
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMNetwork traffic traversing an Aruba EdgeConnectfor trusted SaaS and web traffic. Trusted traffic is sentSD-WAN can be tuned for availability, quality, throughputdirectly across the Internet while unknown or suspiciousand efficiency. This is accomplished on a per-applicationtraffic may be sent automatically to more robust securitybasis through the use of Business Intent Overlays.services in accordance with corporate security policies.Multiple business intent policies can be created, each Routing: Aruba EdgeConnect supports standard Layerwith its own specific bonding policy. As part of this policy2 and Layer 3 open networking protocols such as VLANdefinition, the customers have the ability to customize(802.1Q), LAG (802.3ad), IPv4 and IPv6 forwarding, GRE,the link prioritization and traffic steering policies basedIPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.on multiple criteria, including physical performance Cloud Intelligence: Real-time updates on the bestcharacteristics, link economics, link resiliencyperforming path to reach hundreds of Software-as-characteristics and customer-definable attributes.a-Service (SaaS) applications, ensuring users connect WAN Hardening: Each WAN overlay is secured edge-toedge via 256-bit AES encrypted tunnels. No unauthorizedoutside traffic can enter the branch. With the option todeploy Aruba EdgeConnect directly onto the internet,WAN hardening secures branch offices without theappliance sprawl and operating costs of deploying andmanaging dedicated firewalls. Zone-based Stateful Firewall: Centrally visualize, defineand orchestrate granular security policies and createsecure end-to-end zones across any combination ofusers, application groups and virtual overlays, pushingconfiguration updates to sites in accordance with businessintent. Using simple templates to create unique zones thatto those applications in the fastest, most intelligent wayavailable. Additionally, automated daily updates of theapplication IP address database to Aruba EdgeConnectappliances keep pace with SaaS and web addresschanges. Automated Integration and Orchestration: ArubaEdgeConnect supports automated orchestration, usinga drag-and-drop interface, to enable enterprises toautomate and accelerate the integration of securitypartners’ advanced services like Check Point, Forcepoint,McAfee, Netskope, Palo Alto Networks, Symantec, Zscaler,and secure DNS (e.g. Infoblox) utilizing private secureencrypted IPsec tunnels.enforce granular perimeter security policies across LANWAN-LAN and LAN-WAN-Data Center use cases. Path Conditioning: This feature provides private-line-likeperformance over the public internet. Includes techniquesto overcome the adverse effects of dropped and out-oforder packets that are common with broadbandinternet and MPLS connections to improve applicationperformance. First-packet iQ Application Classification: ArubaEdgeConnect First-packet iQ application classificationidentifies applications on the first packet to deliver trustedSaaS and web traffic directly to the Internet while directingunknown or suspicious traffic to the data center firewallor IDS/ IPS. Identifying applications on the first packet isespecially important when branches are deployed behindFigure 2: Aruba Orchestrator enables centralized definition and automated distribution of network-wide business intent policies to multiple branch offices.Network Address Translation (NAT); the correct path mustbe selected based on the first packet to avoid sessioninterruption. Local Internet Breakout: Granular, intelligent trafficsteering enabled by First-packet iQ eliminates theinefficiency of backhauling all HTTP/HTTPS traffic tothe data center. The solution eliminates the potentialfor wasted bandwidth and performance bottlenecks2
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORM High Availability: The Aruba EdgeConnect HA cluster Centralized Network Monitoringprotects from hardware, software and transport failures. Global Network VisibilityHigh Availability is achieved by providing fault tolerance on Cohesive policy configurationboth the network side (WAN) and on the equipment side.The Aruba EdgeConnect appliances are inter-connectedwith a HA link that allows tunnels over each underlay toconnect to both appliances.ARUBA ORCHESTRATOR KEY FEATURES Single Screen Administration: Enables quick and easyDELIVERING THE HIGHEST QUALITY OFEXPERIENCE FOR MICROSOFT O365With the Microsoft Office 365 REST API integration,Aruba continuously learns and discovers new Office 365 endpoints and/or IP addresses and automatically re-configuresAruba EdgeConnect if a new, closer Office 365 end pointimplementation of network-wide business intent policies,becomes available. By doing so, users always achieve optimalwhich eliminates complex and error-prone policy changesOffice 365 connectivity and performance by reducing theat every branchround-trip time (RTT). The Aruba EdgeConnect SD-WAN edge Real-Time Monitoring and Historical Reporting:platform has been independently tested and certified toProvides specific details into application, location, andsupport the Microsoft Office 365 Connectivity Principles. Asnetwork statistics, including continuous performancea result of the independent testing, the Aruba EdgeConnectmonitoring of loss, latency, and packet ordering for eachplatform has been inducted into the Microsoft 0ffice 365enterprise customers’ network path. All HTTP and nativeNetworking Partner Program and has been given the officialapplication traffic are identified by name and location, and“Works with Office 365” designation.alarms and alerts allow for faster resolution of networkissues Bandwidth Cost Savings Reports: Documents the costsavings for moving to broadband connectivityINTEGRATION WITH MICROSOFT AZURE VIRTUALWAN (VWAN) AND AWS TRANSIT GATEWAYNETWORK MANAGER (TGNM)By integrating the Microsoft Azure vWAN and AWS TransitGateway Network Manager (TGNM) REST APIs, the ArubaEdgeConnect SD-WAN edge platform enables customersBranch-to-Cloud and Branch-to-Branch Connectivity Using Azure vWANto quickly build a cloud on-ramp and automate networkdeployments, removing the manual complexity of connectingbranch offices to local Azure or AWS Points of Presence(PoPs). The API integration enables Aruba EdgeConnectAWS GlobalNetworkto identify the locations of branches in the network anddetermine the closest VPN Gateway (vWAN hub or headVPC1end gateway in AWS) to connect to. Aruba EdgeConnectautomatically establishes standards-based IPsec tunnels and,configuring both of the tunnel endpoints for each branch to aVPN #2TransitGateway#3AWS Transit Gateway Network ManagerKey Features:IPsec TunnelsAruba EdgeConnect Automate branch connectivity to Azure and AWS Points ofPresence (PoPs) Simplify network expansion and troubleshootingLos Angeles, CAMunich, GermanyChicago, ILBranch-to-Cloud and Branch-to-Branch Connectivity using AWS TGNM Faster onboarding to applications and workloads — bothto and from Azure and AWS Optimized routing within Azure or AWS network3
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMADVANCED SEGMENTATION WITH VIRTUALROUTING AND FORWARDING (VRF)configure a custom application definition that enables ArubaEdgeConnect to identify it on the first packet.Network managers can now configure and manage separateaddressing, routing and security policies consistently with1.Identify, Classify and Steer Trafficthe Aruba EdgeConnect SD-WAN edge platform across endto-end segments and micro-segments for traffic traversinglarge-scale multinational enterprises and federations of3rd Party AppsOffice 365(Salesforce, Workday,Box.)independent companies. Advanced segmentation eliminates(Cloud API Integration)User-Defined Apps(Homegrown Apps)Continuous Data Validationthe arduous task of manually stitching together VRF, firewalland NAT policies in a consistent manner, dramatically2.Best Internet LinkBased on Packet Loss, Jitter, Latencysimplifying the management of diverse scenarios andproviding unprecedented flexibility when contending withoverlapping IP address spaces.First Packet-iQAll continuously in real-timeINTELLIGENT INTERNET BREAKOUTEFFICIENT DNS QUERY RESOLUTIONOften customers provision two or more WAN links fromA critical step in the DNS proxy is to resolve the DNS querythe remote branch site to increase network and applicationquickly. With Aruba EdgeConnect, customers can reachavailability and performance. These links are used forDNS servers in close proximity to branch sites eliminatingbreaking out traffic locally at each branch. Using the internetbackhaul of the DNS request to the remote data centersas an underlay transport is less expensive than provisioningwhere enterprise DNS servers are hosted. From the branchprivate leased line connections like MPLS. To optimizelocation itself, DNS requests can be made directly toutilization of the provisioned WAN internet links, ArubaGlobal DNS servers, which reduces the impact of latency inEdgeConnect monitors the performance of all WAN links byestablishing a SaaS application session, thereby improvingcontinuously measuring packet loss, jitter, latency and meanSaaS application performance.opinion score (MOS) in real-time. Aruba EdgeConnect usesstatistical learning to determine the optimal forwarding link,ensuring maximum application performance.Corp. HQ/OfficeARUBA ORCHESTRATOR ENABLES FASTER SD-WANDEPLOYMENTSAruba Orchestrator, included with Aruba EdgeConnect foron-premise installations and available as an optional ArubaAruba EdgeConnectSD-WAN ege platformwith integrated Office 365REST APIcloud-hosted service subscription, enables zero-touchprovisioning of Aruba EdgeConnect appliances in the branch.Aruba Orchestrator automates the assignment of businessintent policies to ensure faster and easier connectivity acrossmultiple branches, eliminating the configuration drift that canBranchcome from manually updating rules and access control lists(ACLs) on a site-by-site basis. Aruba Orchestrator enablesSUPPORT FOR CUSTOM USER-DEFINEDAPPLICATIONSMany organizations continue to support applicationscustomized for or internal to the company that are hostedin the corporate data center. Such custom applications arecritical for the enterprise and with the Aruba EdgeConnectSD-WAN, customers can ensure optimal performance ofthese applications. From Aruba Orchestrator, IT can easilycustomers to: Avoid WAN reconfigurations by delivering applications tousers in customized virtual overlays Align application delivery to business goals through virtualWAN overlays based on business intent Simplify branch deployments with Aruba EdgeConnectprofiles that describe the virtual and physicalconfiguration of the location4
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMBUSINESS DRIVEN SD-WAN POLICIESApps, IaaS, PaaSCircuitsBonding SLATopologySaaS, Cloud, Internet AppsInternet Policy & FirewallOverlay DefaultsReal Time :1%Latency: 400msJitter:200msMPLSHighQualityBest Circuit Local FirewallMeshLocalFirewallDatacenter(Backup)FW Zone: Real TimeQoS: Real TimeBoost: DisabledEnterprise Apps OverlayInternetLTE(Backup)Loss:2%Latency: 600msJitter:300msMPLSHighEfficiencyBest Circuit Cloud FirewallHub &SpokeDatacenter(Backup)FW Zone: RestrictQoS: EnterpriseBoost: EnabledDefault OverlayInternetLTE(Backup)Loss:5%Latency: 800 msJitter:500 msLoad Balance Cloud FirewallHub &SpokeDatacenter(Backup)FW Zone: DefaultQoS: Best EffortBoost: Disabled2 CONFIDENTIAL 2020 Silver Peak Systems, Inc. All Rights Reserved.In addition to centralized and automated control of the entireSD-WAN topology (Figure 3), Aruba Orchestrator providesspecific detail into WAN performance, including: Detailed reporting on application, location, and networkstatistics Continuous performance monitoring of throughput, loss,latency, jitter and packet ordering for all network paths Identification of all application traffic by name and location Alarms and alerts to visualize and prioritize software andhardware issues within the WAN allow for faster problemresolution Bandwidth cost savings report for documenting the costsavings of moving to broadbandGAIN CONTROL OVER THE CLOUDGain an accurate picture of how Infrastructure-as-a-Service(IaaS) and Software-as-a-Service (SaaS) and are being usedwithin your organization. Name-based identification and reporting of all cloudapplications Tracking of SaaS provider network traffic Cloud Intelligence provides Internet mapping of optimalegress to SaaS servicesFigure 3: Aruba Orchestrator enables centralized and automated overlaymanagement.5
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMSTRENGTHENING WAN SECURITYWHY ADD ARUBA BOOST?Advanced capabilities provide cloud-first enterprises withAruba EdgeConnect appliances alone provide enhancedthe control to centralize and automate security policyapplication performance for broadband or hybrid WANgovernance and safely connect users directly to applications.deployments, utilizing the included packet-based tunnelThey enable distributed enterprises to centrally segmentbonding, dynamic path control (DPC), and path conditioningusers, applications and WAN services into secure zonesfor overcoming the adverse effects of dropped and out-of-and automate application traffic steering across the LANorder packets that are common with Internet connections.and WAN in compliance with predefined security policies,regulatory mandates and business intent. For enterpriseswith multivendor security architectures, Aruba Orchestratoroffers seamless drag and drop service chaining to nextgeneration security infrastructure and services.However, sometimes additional performance is neededfor specific applications or locations. As distance betweenlocations increases over the WAN, application performancedegrades.This has less to do with the available bandwidth, and is moreabout the time it takes to send and receive data packets overdistance, and the number of times data must be re-sent.ARUBA BOOST USE CASE EXAMPLES Customers replicating to a disaster recovery (DR) sitethousands-of-miles away might want to add ArubaBoost to ensure recovery point objectives (RPOs) are notcompromised. Enterprises with remote sites located in rural areas, orwith sites that are exceptionally farther away from thecompany’s data center, might want to add Aruba Boost toovercome the effects of high latency.Figure 4: A matrix view from Aruba Orchestrator, provides an easy-to-read,intuitive visualization of configured zones and defined whitelist exceptions.With Aruba Boost, customers gain the flexibility to enableenhanced WAN optimization capabilities where and when it isneeded in a fully integrated solution. Aruba Boost is licensedBOOST APPLICATION PERFORMANCE AS NEEDEDper-megabit-per-second, per-month, so customers do notAruba Boost WAN Optimization is an optional WANhave to pay for WAN optimization across the entire network.Optimization performance that includes: Latency Mitigation: TCP and other protocol accelerationtechniques are applied to all traffic, minimizing the effectsof latency on application performance and significantlyimproving application response times across the WAN. Data Reduction: Data compression and deduplicationeliminates the repetitive transmission of duplicate data.Aruba software, acquired from Silver Peak, inspects WANtraffic at the byte-level and stores content in local datastores. Advanced finger-printing techniques recognizeOVERCOME EFFECTS OF LATENCYThe time it takes for information to go from sender toreceiver and back is referred to as network latency. Sincethe speed of light is constant, WAN latency is directlyproportional to the distance traveled between thetwo network endpoints. Aruba offers a variety of TCPacceleration techniques to mitigate WAN latency, includingWindow Scaling, Selective Acknowledgement, Round-TripMeasurement, and High Speed TCP.repetitive patterns for local delivery. Data Reduction can beapplied to all IP-based protocols, including TCP and UDP.6
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMonly by improving the underlying TCP transport, but alsoby accelerating CIFS through CIFS read-ahead, CIFS writebehind, and CIFS metadata optimizations.INCREASE THROUGHPUTAs packets flow through Aruba EdgeConnect appliances,Aruba Boost inspects WAN traffic at the byte-level and storescontent in local data stores. As new packets arrive, Arubacomputes fingerprints of the data contained within thepackets, and checks to see whether these fingerprints matchFigure 5: Aruba Boost enables customers to add application performance asneeded.data that is stored locally.Windows and other applications that rely on the CommonIf the remote appliance contains the information, there is noInternet File System (CIFS) often take longer to performneed to resend it over the WAN. Instead, specific start-stopcommon file operations over distance, such as retrievinginstructions are sent to deliver the data locally.and sharing files. Aruba Boost helps these applications notARUBA EDGECONNECT HARDWARE mentSmall Branch/Home OfficeSmall BranchLarge BranchHead OfficeSmall HubData CenterLarge HubData CenterLarge HubTypical WANBandwidth1-100 Mbps2 - 200 Mbps10 - 1000 Mbps50 - 2000 Mbps1 - 5 Gbps2 - 10 000,0002,000,0002,000,000RecommendAruba Boostup to25 Mbps50 Mbps500 Mbps500 Mbps1 Gbps5 GbpsNoNoPower(optional) andSSDPower and SSDPower and SSDPower and SSD3 x RJ4510/100/1000Mbps4 x RJ4510/100/1000MbpsEC-M-B:4 x RJ4510/100/1000Mbpsplus 2 x 1/10Gbps fiber;Fail-to-Glass(Bypass)EC-L-B/EC-L-BNM*: 4 x RJ4510/100/1000Mbpsplus 2 x 1/10Gbps fiber;Fail-to-Glass(Bypass)EC-XL-B/EC-XL-BNM*:4 x 1/10Gbps fiber;Fail-to-Glass(Bypass)EC-M-P:4 x RJ4510/100/1000Mbpsplus 2 x1/10Gbps SFP (Pluggable)EC-L-P/EC-L-PNM*: 4 x RJ4510/100/1000Mbpsplus 2 x1/10Gbps SFP (Pluggable)PartIdentifierRedundancy /FRUsDatapathInterfaces8 x RJ4510/100/1000Mbpsplus4 x 1/10GbpsSFP (Pluggable)EC-XL-P/EC-XL-PNM*:6 x 1/10Gbps SFP or 6 x1/10/25GbpsSFP28(Pluggable)*Models with suffix "-NM" are recommended for applications employing the Aruba Boost WAN Optimization performance pack7
DATA SHEETENTERPRISE: ARUBA EDGECONNECT SD-WAN EDGE PLATFORMARUBA EDGECONNECT SD-WAN EDGE PLATFORM SPECIFICATION LargeARUBA EDGECONNECT TECHNICAL SUPPORTTermSupport is included as part of the Aruba EdgeConnect subscription licenseWeb-basedSupport PortalUnlimited access 24 / 7 / 365 includes software downloads, technical documentation, and online knowledge baseSoftware UpdatesMajor and minor features releases; maintenance releasesTechnical Support24 / 7 / 365 Phone / E-mail / WebResponse Time2-HoursHW Warranty andMaintenanceRefer to the Aruba EdgeConnect Warranty and Maintenance Policies Data Sheet for further information.FLEXIBLE DEPLOYMENT MODELS Aruba EdgeConnect Virtual (EC-V) — Download andARUBA EDGECONNECT SUBSCRIPTIONLICENSINGinstall Aruba EdgeConnect from anywhere in the world.Aruba EdgeConnect licenses are sold as a subscription, inThe software runs on all common hypersors, includingeither single or multi-year increments (1, 2, 3, 4, 5 and 7VMware ESXi, Microsoft Hyper-V, Citrix XenServer, andyears) at multiple bandwidth tiers.KVM. Aruba customers who have an IaaS presence inAWS, Microsoft Azure, Oracle Cloud Infrastructure orGoogle Cloud Platform can deploy Aruba EdgeConnectwithin their hosted cloud environment. Aruba EdgeConnect Physical (EC) — For enterprises thatare not virtualized in the branch, choose one of the ArubaEdgeConnect hardware appliance models for plug-andplay deployment.Aruba EdgeConnect includes Aruba Orchestrator that canbe installed either on premise or in a customer’s virtualprivate cloud. An optional cloud-hosted Aruba Orchestratorlicense provides a highly reliable alternative deploymentmodel supporting all Aruba Orchestrator features withoutthe complexity of managing on premise virtual computeand storage resources. Aruba Boost WAN Optimization is anoptional WAN Optimization performance pack that may beordered and deployed flexibly to sites that require applicationacceleration. Aruba Boost is offered in 100Mbps or 10Gbpsblocks.8 Copyright 2020 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change withoutnotice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statementsaccompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HewlettPackard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.DS Enterprise:ArubaEdgeConnectSD-WANEdgePlatform EM 121620Contact UsShare
SUPPORT FOR CUSTOM USER-DEFINED APPLICATIONS Many organizations continue to support applications customized for or internal to the company that are hosted in the corporate data center. Such custom applications are critical for the enterprise and with the Aruba EdgeConnect SD-WAN, customers can ensure optimal performance of these applications.
