Aruba is emphasizing that the enhancement to SD-Branch, their integration of their SD-WAN products with Aruba Central management, has multi-faceted advantages for channel partners.

Today, Aruba, a Hewlett Packard Enterprise company, is making a three-pronged announcement that is enhancing their SD-Branch solution, a key element of their Edge-to-Cloud strategy. It is extending security with a new Zero Trust  identity-based capability to unite security and connectivity in a single box at the branch. It is enhancing the existing SD-WAN Orchestrator in Aruba Central to integrate with public Cloud Service Providers. And it has added an embedded cellular capability to their branch gateway, that provides a backup connectivity capability in case of disaster.

SD-Branch, originally launched in 2018, is Aruba’s integration of their SD-WAN products with Aruba management through Aruba Central, to provide a holistic integrated solution.

“SD-WAN is the compelling event, but it is just a component of SD-Branch that solves the bigger picture,” said Patrick LaPorte, Senior Director, Cloud and Software Marketing, for Aruba.

The announcement has been timed for release at the NRF 2020 event in New York City, so the focus is on the advantages for retail, but the solution is much broader than that.

“A lot of the capability is horizontal,” LaPorte said. “Retail is important, but so are other verticals like hospitality and health care. This plays broadly across the distributed enterprise.”

LaPorte described the first of the three enhancements, the extension of the Zero Trust Security framework, as the most important.

“We are adding identity-based IDS/IPS into the branch gateway, to provide better security and simpler, and do it in a way that is simpler,” LaPorte noted. “Security and connectivity is now all in a single box for each branch. That’s especially important at the edge. In the past, they would have had to deploy multiple boxes.  SD-WAN solutions have focused on security, WAN acceleration and optimization, and just SD WAN. That has often led to three different boxes, often from three different vendors, which are managed through different interfaces. The industry as a whole has moved to simplify it, combining connectivity and security all managed in a single box, and we are doing that here.”

LaPorte stressed that the addition of IDS/IPS into the gateway lets Aruba identify and monitor both north- south and east-west traffic, which allows them to monitor traffic like incoming malware from contractor devices.

“Even more compelling for administrators and partners who manage these systems is the ability to holistically see all their customers, the threats to different branch offices, and to quickly determine the sources of those threats,” he continued. “The solution all runs on a unified platform, to give a unique capability to overlay information – the threat’s IP address, location, what it is, its OS, the user, and what access point they connect to. The identity-based IDS capability can triangulate all the information, and let admins take appropriate steps with a couple of different clicks. They can then determine what action to take, such as  restricting the activity a device can do, with fine-grained control, and without the partners having to send a technical person to a site.”

The enhancements to the SD-WAN Orchestrator are designed to make it easier for network operators to securely integrate with public Cloud Service Providers and assure SaaS application performance.

“We now treat the public cloud services just like another branch,” LaPorte said. “You are able to manage resources in the cloud as if you owned them outright.”

One of these new enhancements is SaaS Express, which provides packet classification and dynamically identification of optimal routes for high-priority SaaS solutions like Office 365.

“SaaS express is a cool enhancement that probes all the locations where Office 365 is being hosted and determines the closest point of presence for each branch office for the best performance,” LaPorte stated.

Another Orchestrator enhancement is an integration with AWS Transit Gateway Network Manager, which was actually announced last month at AWS Re:Invent.

“It accelerated VPN connections to close POPs for AWS, and lets you ride on an all-AWS infrastructure so that you can speak to the closest POP on an AWS backbone,” LaPorte said “It also ties in with inter-region TGW peering, and lets you peer into all virtual private cloud resources on the AWS infrastructure.” They have a similar immigration with Azure vWAN.

“We are also making it super-simple to connect to cloud security providers, with one-click integration to Zscaler, Palo Alto PRISMA, Symantec Cloud, and CheckPoint Cloud,” LaPorte added.

The third capability being announced, which is also a net-new addition, is the addition into the Aruba gateways of embedded cellular capability to provide reliable, high-performance connectivity with seamless failover that can be managed centrally.

“It allows distributed enterprises to have non-stop connectivity while simplifying network operations,” LaPorte said. “It provides a very reliable backup link if power is lost so some level of service can always be maintained. This is important in retail and health care.”

While the SD-WAN Orchestrator enhancements and the additional Zero Trist Security are both available now, the embedded cellular is still a few months off.

“It is planned for June 2020, and is going through certification now,” LaPorte said.

LaPorte said that the SD-Branch enhancements will have significant benefits for partners and service providers.

“This is all about simplicity,” he said. “Complex stuff is hard and expensive for partners to implement, and it erodes margins.

“SD-WAN is also now a huge opportunity for partners. It has become a compelling event for customers because costs are so immense that customers are changing technology mid-cycle. For partners, it’s a perfect scenario because they don’t have to convince customers that they should do that.”

LaPorte noted that this makes SD-WAN an even better revenue opportunity.

“In the 18 months we have deployed SD-WAN, it has a 3x drag multiplier, and generates on average three years of recurring revenue,” he said. “It is also very flexible in that it can be sold as a DIY, or with management, or provided as a service. We do both and so do partners. The product is the same, but they can use the one which works best for their business.”

Finally, LaPorte emphasized that partners can be confident of Aruba’s support here.

“Aruba has had a great partner relationship historically, and that won’t be different with SD-Branch.”