What is the HPE Aruba SD WAN Solution?
HPE Aruba’s SD WAN solution is primarily comprised of three main components:
Aruba EdgeConnect is HPE Aruba’s SD WAN solution. This can be implemented as either physical or virtual appliances, which allows it to support most public clouds (Refer to How Does HPE Aruba Access Cloud Vendors?). Aruba EdgeConnect supports hybrid WAN architecture, which includes: DIA, MPLS, VPLS and all underlay types.
The second major component of the HPE Aruba SD WAN solution is the Aruba Orchestrator. This part of the solution is designed to act as a central administration console, providing insight into legacy and cloud applications. The orchestrator uses business intent (See, Business Intent Overlays) to assign policies that secure and control all WAN traffic in the network. It also features policy automation, which creates a more efficient deployment of multiple branch offices, enabling consistent policies across applications.
The final component is Aruba Boost. This is an optional WAN Optimization performance pack, which is designed to improve the performance of latency-sensitive applications such as VoIP, whilst reducing the transmission of repetitive data across the WAN, all combined into a single SD WAN platform (See, Pros list).
The Silver Peak SD WAN offering includes a number of key features, which include:
Configuration-Based Key Features:
- Business Intent Overlays: HPE Aruba’s Business Intent Overlays are built on an application-specific virtual WAN overlay model. This means that each overlay has it’s own specific bonding policy, and clients are able to customize link prioritization and traffic steering policies based on various different criteria.
- Tunnel Bonding: This allows users to configure multiple physical WAN transport services, forming a single logical overlay connection.
- Routing: HPE Aruba supports Layer 2 and Layer 3 open networking protocols which include; VLAN (802.1Q) , LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.
Security-Based Key Features:
- Intrusion Detection Service (IDS)/Intrusion Prevention Service (IPS): HPE Aruba offer their First-packet iQ Application Classification security product, which is designed to identify applications on the first packet and deliver trusted SaaS and web traffic directly to the internet, whilst diverting unknown and suspicious traffic to the data center firewall or IDS/IPS.
- Zone-Based Stateful Firewall: is a firewall-based granular security policy, which is able to create end-to-end zones that can be used for multiple application groups, users and virtual overlays. This allows HPE Aruba to push configuration updates to sites in line with business intent, using simple templates to create unique zones that enforce granular perimeter security policies across LAN-WAN-LAN and LAN-WAN-Data Center user cases.
- WAN Hardening: HPE Aruba offers WAN hardening to secure branch offices. This means that each WAN overlay is secured edge-to-edge via 256-bit advanced encryption standard (AES) encrypted tunnels - with the option to deploy Aruba EdgeConnect direct to the internet without the need for multiple dedicated firewalls.
- IPSec: the Aruba EdgeConnect product offers Automated integration and orchestration. This enables enterprises to automate and accelerate the integration of HPE Aruba security partner’s advanced services, that include: Check Point, Forcepoint, McAfee, Netskope, Palo Alto Networks, Symantec, Zscaler, and secure DNS (e.g. Infoblox), all of which utilize private secure encrypted IPsec tunnels.
Performance-Based Key Features:
- Local Internet Breakout: HPE Aruba’s First-Packet iQ product is designed to eliminate wasted bandwidth and performance bottlenecks, by enabling intelligent traffic steering.
- Cloud Intelligence: offers clients real-time updates on the best performing path to reach a wide range of Software-as-a-Service (SaaS) applications. The platform chooses the most efficient way to connect users into the SaaS, whilst also providing automated daily updates of the application, IP address database. Because of this, Aruba EdgeConnect makes sure appliances can keep pace with SaaS and web address changes.
- Path Conditioning: designed to boost application performance, path conditioning creates performance levels similar to a private-line, delivered over the public internet.
- High Availability: Aruba EdgeConnect provides fault tolerance on both WAN (network) and equipment sides. These appliances are connected using a High Availability (HA) by allowing tunnels over each underlay.