Network professionals should think SD-Branch, not just SD-WAN

Earlier this year, fellow industry analyst Lee Doyle wrote a blog post on the software-defined branch (SD-Branch) market hitting $3 billion by 2022. Doyle defines the SD-Branch as having SD-WAN, routing, network security, and LAN/Wi-Fi functions all in one platform with integrated, centralized management. An SD-Branch can be thought of as the next step after SD-WAN, as the latter transforms the transport and the former focuses on things in the branch, such as optimizing user experience and improving security.

I don’t often critique other analysts work, as their opinion is theirs and not everyone agrees. However, in this case, I don’t think “all in one platform” should be a requirement. The integrated and centralized management hits the nail on the head, but the software should act as a management overlay, so even though the infrastructure isn’t a “single box,” it’s managed like it.

Modernizing the WAN and branch

This week, Aruba, a Hewlett Packard Enterprise (HPE) company, announced its SD-Branch solution that’s aimed at modernizing the WAN and the branch for an optimized experience. The components of the solution include a newly introduced Aruba Branch Gateway, an Ethernet switch, and a Wi-Fi access point. The Aruba Central cloud management portal provides a single pane of glass to manage the wired and wireless network, enforce policies, and manages branch connectivity. The policies are still created in Aruba’s ClearPass, but the Branch Gateway acts as the translator between ClearPass and Central.

This proves my case that even though the product isn’t physically unified into a single platform, Aruba Central can push configurations down to the Branch Gateway, switch, and AP at the same time. This lets the customer upgrade APs or the switch at a later date without having to swap out the gateway.

Aruba

Aruba SD-Branch integrates with best-of-breed security partners

Aruba did do a nice job consolidating functionality into its new gateway. Instead of retrofitting another product, the gateway was built from the ground up to meet the specific needs of an SD-Branch. It is a full-featured branch appliance with a complete set of SD-WAN capabilities, such as path control, QoS, and several security functions, including an application- and user-aware firewall and web content filtering.

Customers that require additional security functions can choose from one of Aruba’s 140-plus tech partners — many of which are security partners — including Check Point, Palo Alto Networks, and newly added Z-Scaler, who is red hot coming off its successful IPO. Many of Aruba’s security partners can exchange information with ClearPass, so policies can be made once and enforced by multiple vendors.

In addition to SD-WAN support, Central includes granular visibility, troubleshooting tools and an installer app that can be run from a mobile device. Through a combination of Aruba’s Zero Touch Provisioning (ZTP) and mobile app, non-technical branch staff can turn up the infrastructure. This is much faster and more cost-effective than having to send a technical person on site and incur the cost of a truck roll. The mobile app is very slick and works by scanning the device.

Consider the whole network not just specific places in the network

Most SD-WAN solutions focus on WAN transport, but apps continue on inside the branch. Aruba’s SD-Branch provides fine-grained contextual awareness and QoS across the WAN, but also inside the branch, and can be extended to mobile users.  This is an important step in breaking down the management silos of remote networks, in office, and WAN. Network engineers should think of the end-to-end network instead of discrete places. Apps don’t care about network boundaries, and it’s time for network operations to think that way, as well.

From an operations perspective, Aruba’s SD-Branch would enable IT organizations to manage more branches with fewer people. The automated capabilities and ZTP takes care of many of the tasks that were historically done manually. Aruba claims as much as a 75 percent reduction in operational expenses, which I believe could be attained given my research shows that over 80 percent of a network operation’s time is used to simply keep the lights on.

The list pricing for Aruba’s SD-Branch starts at $1,495 per gateway, with an additional software subscription of $450 per gateway per year. The gateways can be deployed without having to upgrade your switches or APs, making the solution almost plug and play. The product is currently in beta, with customer shipments starting in July of 2018.

Note: Aruba is a client of ZK Research.