All Featured Tech Field Day Events

Moving Past The Edge with Aruba SD-Branch

We’ve been talking about SD-WAN for a long time now. It feels like decades, when in fact it’s been about 4-5 years. The real landslide has already come and gone as startups have been acquired. The novelty of having software controlling your edge WAN devices has faded into the drudgery of management of yet another device. But for all the talk of this revolution on the edge of your remote offices, what happens inside that boundary?

One of the biggest issues I faced in my former VAR life had nothing to do with the edge equipment. Sure, it was quite the relief to get some kind of device out on the edge that could control multiple links or have some sort of central management system that allowed for secure VPN connectivity or application awareness. But for all the intelligence found at the edge, there was still a network behind it that needed to be managed. There were still VLANs that needed to be provisioned and devices that needed to be dealt with. How is the WAN edge device supposed to help with that?

Building Into The Branch

Aruba has always taken a slightly different approach to its SD-WAN offering. The first big clue is that they refer to it as SD-Branch instead of just WAN. That nomenclature betrays the fact that Aruba sees the branch network as something that goes beyond the WAN edge. Instead of stopping at the Ethernet handoff, Aruba wants to delve into the management of your branch networks to help you out.

That means having a system that can provision policies on the remote edge of the branch and ensure they are enacted. If you’re an Aruba user you know this means ClearPass. ClearPass can help you provision the network to add separation to devices through VLANs or VPNs. Have some new IoT devices that have been popping up on the network? ClearPass can add them to their own network. Have some equipment being delivered in a week? Set up on-boarding so your remote techs can get online and configured quickly before they access internal resources.

During Networking Field Day 21 this past October, Aruba gave the delegates a great overview of their SD-Branch solution. Check out this overview video:

The power of ClearPass is almost limitless. Giving it a portal into the branch means having a powerful, centralized system that’s capable of running larger enterprise networks but available for the remote branch. This is a huge selling point for SD-Branch. If you already have ClearPass you have the basic systems you need to implement it in place. You just have get the right devices and turn up the features. And once you build it right you can replicate that success to any number of branches.

Remote Monitoring

Moreover, you can leverage another big piece of the Aruba portfolio to help you keep an eye on things in the far off lands of your remote offices. Aruba Central can consume the policies that are created in ClearPass and help you ensure they are being implemented correctly. This is huge because it means you no longer have to have remote technicians at every site enforcing your configurations. Or, worse yet, hoping for the best that everything is running smoothly with no way to verify because you have no visibility beyond the WAN edge.

Imagine being able to query your branches for new devices that aren’t in the correct policy spec. Or being able to quickly push a new guest SSID to all your branches to implement new PCI policies. Then being able to see that policy and figure out who is still not in compliance. It’s the kind of assurance you can’t get without sending someone to the site to do an audit. Instead of spending the time and money to make that happen, you can simply log into Central and get the confirmations you need to meet regulatory requirements.

More importantly, you can scale this monitoring to include all your branches. Far too often we build some kind of solution to help us keep tabs on things in the far off places only to find out when we add one more site or four more sites that everything starts falling apart because we can’t keep up with that flow of information. With Aruba Central, we can scale far and wide past those simple limits and include as many branches as is reasonable for the size of our organization. All monitored. All capable of being audited quickly and easily.

Bringing It All Together

The post-WAN world is here. We’ve solved the issues of the edge and we need to make sure we’re meeting the needs of our branch users. That means keeping up with the needs of provisioning networking devices to support our users in remote locations. It also means ensuring that we can keep up with the ever-growing needs of those users quickly and efficiently. Instead of looking at the WAN edge, you need to consider a holistic solution like Aruba SD-Branch. That way you’ll have end-to-end control of your infrastructure and you won’t be living on the wrong edge any longer.

For more information about Aruba’s SD-Branch solutions, make sure you check out For additional coverage of Aruba SD-Branch from Networking Field Day 21, please check out the following posts from Ed Horley and Remington Loose.

About the author

Tom Hollingsworth

Tom Hollingsworth is a networking professional, blogger, and speaker on advanced technology topics. He is also an organizer for networking and wireless for Tech Field Day.  His blog can be found at

Leave a Comment