This document discusses branch network solutions from Aruba Networks. It begins with an overview of branch solutions and the disruptions and cost savings they enable. It then covers centralized WLAN solutions with cloud services controllers and features of Aruba's branch operating system. The document also discusses decentralized WLAN with Aruba Instant, intelligent WAN services, and integration with Palo Alto Networks. It concludes by providing guidance on choosing the right branch solution based on factors like network size, branch type, and existing campus architecture.

1. #ATM16
Extending mobility to remote
branch networks
@ArubaNetworks |

2. 2#ATM16
Agenda
– Branch Solutions Overview
– Branch Disruptions, Cost Savings
– Centralized WLAN in Branch
– Cloud Services Controllers Positioning
– Branch AOS Features & New Opportunities
– Branch WAN Services
– Decentralized WLAN in Branch
– Aruba Instant with VPN
– Choosing the right solution for your business
@ArubaNetworks |

3. 3#ATM16
Branch Solution Overview
@ArubaNetworks |
CSC
IAP RAP
INTERNET

4. 4
Branch Disruptions, Cost Savings

5. 5#ATM16
Disruptive Changes for Branch IT
@ArubaNetworks |
ETHERNET/3G/4G
LEGACY WAN
CONNECTIVITY
CLOUD APPS
LOCAL APP SERVERS
E3
By 2016, 30% of the advanced
attacks will enter organizations via
branch networks.
Public cloud IaaS will grow to over
$34B worldwide by 2018.
CLOUD SECURITY
ARCHITECTURES
DEDICATED SECURITY APPLIANCES

6. 6#ATM16
New Requirements for the Branch Network
@ArubaNetworks |
Unified role-based policies
and network rightsizing
WIRELESS + WIRED
Threat management and secure
guest access
SECURITY
WAN optimization, WAN health
monitoring, and availability during
failures
WAN INTELLIGENCE
Visibility and quality of services
for business critical applications
CLOUD PERFORMANCE

7. 7#ATM16
Cost Savings By Rightsizing The Branch
@ArubaNetworks |
Eliminate the need for separate WAN service
router, firewall...
One platform for wireless and wired clients
with common policy enforcement
Unified wireless architecture across campus
and branch
Deliver the all-wireless branch office with
unified communications

8. 8
Cloud Services Controller Positioning

9. 9#ATM16
Branch Cloud Services Controller Positioning
@ArubaNetworks |

10. 10#ATM16
Controller Portfolio
@ArubaNetworks |

11. 11
Branch AOS Features & New opportunities

12. 12#ATM16
Cost Savings By Rightsizing The Branch
@ArubaNetworks |
Zero-touch provisioning
WAN optimization
WAN survivability
WAN health checks
Secured ports wired access
Policy-based WAN routing
Context based firewall
(user, app, device, location, content,
reputation)

13. 13#ATM16
Branch AOS Features & New opportunities
@ArubaNetworks |
Software and Cloud Services driving to Rightsized Branch IT
• Branch device and services consolidation
• Cloud security services. By 2016, 30% of advanced threats will enter
via branches (Source – Gartner Branch Office Security)
• Cloud and guest services drive the need for hybrid WAN architectures
Branch Infrastructure Refresh
Trends / Opportunities
ARUBA 7005 ARUBA 7010
ARUBA 7024

14. 14
Branch WAN Services

15. 15#ATM16
Intelligent WAN / PBR
– Policy based routing to multiple WAN links
(MPLS, Internet, 3G/4G) for cost savings
and improved WAN usage, performance
– WAN health check monitors loss and
latency on WAN links, Redundancy with
multiple next hops on WAN health or
performance issues
– Selective traffic routing to Active-Active
HQ/DC (DC1, DC2 etc.) IKE IPSEC tunnels
(Cellular is Standby)
– Routing inside tunnels, L3 GRE over
IPSEC – Corporate (IPSEC) Vs. Guest (L3
GRE)
@ArubaNetworks |
Public Cloud
HQ / DC
7240 7240
MAS
Internet`
Aruba 7000 CSC
CSC

16. 16#ATM16
WAN Optimization (Compression)
– WAN compression (hardware enabled)
between CSC (70xx) and 72xx Campus
Controllers
– 15-25% average payload compression
expected on traffic between branch and
HQ/DC
– The Master to Branch Cloud Services
Controller traffic over IPSEC will be
compressed and decompressed, Encrypted
traffic has NO compression
@ArubaNetworks |
HQ / DC
7240 7240
MAS
Aruba 7000 CSC CSC

17. 17#ATM16
Intelligent WAN / Bandwidth Contracts
– Application or App Category bandwidth
contracts on WAN Uplinks
– Limit App or App category bandwidth on
non-critical applications (E.g. Social Media,
Entertainment etc.)
– AppRF / DPI and Advanced QoS to
prioritize app/app categories on WAN
uplinks
@ArubaNetworks |
Public Cloud
HQ / DC
7240 7240
MAS
Internet`
Aruba 7000 CSC
CSC
Business Low
Business Critical

18. 18#ATM16
Aruba / Palo Alto Integration
Data Center
Aruba CSC w/ PA
Global Protect
PA
Gateway /
Portal
Branch (US)
Aruba CSC w/
PA Global Protect
• Aruba CSC gets cloud
provisioned via Activate and
downloads configurations
(including PA) via ZTP
• Aruba CSC Initiates a HTTPS
connection to PA portal and
downloads list of PA FW’s and
FW priorities.
Branch (Shanghai)
1
1
Aruba CSC w/ PA
Global Protect
2
Aruba CSC w/
PA Global Protect
2
2
• Branch offices establish secure
IPSEC tunnels to all PA
Gateways
• Branch routing policies (PBR)
selectively routes traffic to the
highest priority Gateway
Private Cloud
On Firewall failure or de-
commission, traffic will get re-
routed to FW with the next
highest priority
3
PA
Gateway
Aruba 72xx MC
Internet, SAAS or selective
traffic can get inspected via PA
Cloud SAAS
Advanced security threats
(ATP/APT, Zero Day, DLP etc.)
to distributed enterprise
enabled via Wild Fire
integration
4
SAAS
Pre-Provisioning:-
- Install PA certificates at 72xx (MC)
- Configure PA portal IP under PAN options in the MC under
Configuration -> Branch -> Smart Config -> WAN

19. 19
Aruba Instant WLAN

20. 20#ATM16
ARUBA INSTANT WI-FI
EASY DEPLOYMENT
Less hardware, faster set-up
BUILT-IN RF MANAGEMENT
Adaptive Radio Management™
ClientMatch™
BUILT-IN SECURITY
Firewall/Role-based Access
Intrusion Prevention/Detection
App Visibility, Compliance
BUILT-IN RESILIENCY
Site Survivability
Uplink Redundancy
ENTERPRISE-GRADE &
ALL INCLUSIVE
 SIMPLE
 POWERFUL
 COST EFFECTIVE

21. 21#ATM16
HOW IT WORKS
• First AP configured through built-in UI use Activate for zero-touch
provisioning
–READY…
• It becomes the “master” & performs firewall and controller functions
–SET…
• New APs in the same VLAN automatically connect to the “master” &
download config
–GO!!
• New APs in different locations can also use Activate or import configuration from
the first AP
• Data center connectivity can be established with VPN tunnel between the master
AP and Aruba controllers as needed
–EXPAND!!
Instant APs
 NO ONSITE IT NEEDED
 NETWORK SURVIVABILITY

22. 22#ATM16
WI-FI THAT CAN EVOLVE WITH BUSINESS
Internet
Mobility
Controller
AD / RADIUS
Enterprise HQ
Instant UI
Instant
Aruba Central Aruba Airwave
MULTIPLE MANAGEMENT OPTIONS - MULTIPLE DEPLOYMENT OPTIONS

23. 23#ATM16
Easily transition from simple…

24. 24#ATM16
… To Complex

25. 25
Choosing the right solution for your business

26. 26#ATM16
Decision Criteria for Wireless in a Branch
Branch Network
Size and complexity of
the branch
Type of branch:
Greenfield or
Brownfield
Backhaul and Wired
Infrastructure Choices
Services
Requirements
Existing campus
Network in place?

27. 27#ATM16
Benefits of a Centralized WLAN in Branches
Branch in a Box
– Intelligent WAN - PBR, Bandwidth Contracts
– WAN Optimization – acceleration, caching
– Secure WAN – URL filtering, web reputation,
PEF
– Integrated wired ports for a greenfield branch
with wireless services
– Architectural parity with Campus Network
– Earlier Access to Advanced services – Lync
SDN, Full Palo Alto Firewall Integration, etc

28. 28#ATM16
Benefits of a de-centralized WLAN in a Branch
Add WLAN and VPN to wired inftrastructure
– Cost-effective, especially for smaller
branches or when wired/backhaul
infrastructure is already in place or well-
planned
– Less redundant hardware required for local
WLAN survivability
– Easier to understand and set-up (No master-
local architecture required in data center)
– Great value in the form of AppRF,
ClientMatch, Cloud guest, Basic Palo Alto
Firewall Integration

29. 29#ATM16
Guidance for a Branch
– Consider Service Requirements
– Centralized architecture for branch in a box services
– Decentralized architecture for wireless and VPN services
– Consider Type of branch (Greenfield, Brownfield)
– For greenfield branches lead with centralized architecture
– Consider Existing Campus Wireless Architecture
– Customers might prefer architectural uniformity, especially if master-local architecture is already present in the data center
– Consider Local WLAN Survivability and Simplicity
– Customers that primarily use local branch services with occasional data center access may prefer the simplicity
and local survivability of a de-centralized solution

30. 30#ATM16
Join Aruba’s Titans of Tomorrow
force in the fight against network
mayhem. Find out what your
IT superpower is.
Share your results with friends
and receive a free superpower
t-shirt.
www.arubatitans.com

31. Thank you