ARUBA R0G57AAE, JZ120AAE, JW679A Quick Start Guide

DATA SHEET

ARUBA SD-WAN

Extend Context to the WAN Edge

Aruba Software-dened WAN (SD-WAN) technology
simplies branch operations and optimizes
WAN management.

Ideally suited for distributed enterprises undergoing digital

transformations, Aruba Central-managed SD-WAN provides

simplied operations and increased visibility and control for the

branch. Mid-size oces, retail stores and medical clinics can

benet from the transition to more agile, open and cloud-hosted

environments.

ARUBA CENTRAL

With exible policy, conguration and monitoring capabilities,

organizations can simplify network operations by providing

zero-touch provisioning and customizable templates to

quickly deploy branch networks, centralize management for

Aruba SD-WAN gateways, provide historical data reports,

monitor for PCI compliance, and troubleshoot regional

and global locations. Key insight into WAN health and

optimization helps IT determine the best link and routes

to send trac to corporate data centers or access cloud

applications directly via the Internet. Path Steering can be

based on per-user, per-device, or per-application policies.

With support for multiple WAN connection types, the branch

gateway routes trac over the most ecient link based on

availability, application, user-role, and link health. This allows

organizations to take advantage of high-speed, lower-cost

broadband links to supplement or replace traditional WAN

links such as MPLS.

Product summary

Aruba Central oers a exible subscription option that

ranges from 1, 3, 5, 7, and 10 year oers. A base capacity

license which limits total clients to 75 is also available for the

7005 Branch Gateway only. Features will continue to grow

with successive cloud updates.

BR ANCH GATE WAY

The Aruba 7000 Series is a versatile family of hardware that

can operate as an SD-WAN gateway at the branch to optimize

and control WAN, LAN, and cloud security services. The

branch gateway provides features such as routing, rewall,

security, URL ltering, and compression.

Product summary

Aruba oers a wide portfolio of branch gateways to meet the

WAN and security requirements for small and large branches:

• 7005 is a compact, fanless entry-level platform for small

branch or headend locations. Provides up to 2 Gbps

of throughput, 4 gigabit switch ports, dual uplink

capabilities, and can be powered by a Power over

Ethernet (PoE) switch.

• 7008 is a compact, fanless entry-level platform for small

branch or headend locations with additional switch

requirements. Includes all of the features of the 7005 plus

up to 8 PoE/PoE+ gigabit switch ports.

DATA SHEET

ARUBA SD-WAN

• 7010 is designed for mid-sized branch and headend

deployments with up to 4 Gbps of throughput, 12

PoE/PoE+ gigabit switch ports and 2 SFP ports.

• 7024 is designed for mid-sized branch and headend

deployments and includes all of the features of the

7010 plus up to 24 PoE/PoE+ gigabit switch ports and 2

SFP/SFP+ ports.

• 7030 is ideal for large branch or mid-size headend

deployments with up to 8 Gbps of throughput and 8

dual-personality ports.

10/100/1000
BASE-T Ports

(E0 supports PoE-In)

Front of a 7005

Console

Ports

USB
Port

Indicator

Lights

The headend gateways support active/standby or active/

active uplinks out of the branch. The most widely deployed

topology is the dual hub-and-spoke where branches are

multi-homed to a primary and backup data center. The

headend gateway would sit at the hub site data center,

and can be deployed in active/standby or active/active

congurations. Any of the headend gateways can perform

the function of VPNC at the hub site. These devices oer

high-performance and high tunnel scale to aggregate data

trac from hundreds to thousands of branches.

Product summary

Aruba oers a family of headend gateways for VPN

concentration and routing functions for corporate data

center locations:

• 7210 provides higher performance and availability with up

to 20 Gbps of throughput, 2 dual-personality ports, 4 10G

SFP+ ports, hot-swappable redundant power supplies and

eld-replaceable fan trays.

• 7220/7240/7240XM provides scale, performance, and

availability with up to 40 Gbps of throughput, 2 dual-

personality ports, 4 10G SFP+ ports, hot-swappable

redundant power supplies and eld-replaceable fan trays.

• 7280 provides unprecedented scale, performance, and

maximum availability with up to 80 Gbps of throughput,

8 10G SFP+ ports, 2 40G QSFP+ ports, hot-swappable

redundant power supplies and eld-replaceable fan trays.

Security

Dock

Back of a 7005

Power

connector

HEADEND GATEWAY

The Aruba 7200 Series acts as a headend gateway, or VPN

concentrator (VPNC) for all branch oces. Branch gateways

establish IPSec tunnels to one or more headend gateways

over the Internet or other untrusted networks – private

WAN or public Internet connections. High availability options

support either multiple headend gateways deployed at a

single site or headend gateways deployed in pairs at multiple

sites for the highest availability.

KEY CAPABILITIES

Stateful Firewall

Introduces contextual, role-based awareness across

WLAN, LAN, and WAN. Information on branch-wide users,

devices, applications and WAN state enhances visibility and

security end-to-end.

Dynamic Segmentation

Provide a simpler approach to segment the branch network

across WLAN, LAN and WAN in a consistent way. Micro-

segmentation policies based on user-roles helps with

secure onboarding of IoT devices such as sensors and video

cameras at branch locations, without the additional overhead

of VLANs and subnets.

DATA SHEET

ARUBA SD-WAN

Trac Analysis

Gain rich application awareness into over 2,600 applications

across 21 categories. WebCC provides protection from

malicious or unauthorized web URLs.

Deep Packet Inspection (DPI)

Monitors application usage and performance while

optimizing bandwidth, priority and network paths in real

time, including apps that are encrypted or appear as web

trac. DPI is vital to understanding usage patterns that may

require changes to network design and capacity.

Zero-touch Provisioning and Install Manager with

Installer App

Simplify on-site deployment with ZTP through cloud-based

Aruba Central, and deploy new branches more eciently with

a customizable mobile app.

Path Quality Monitoring

The branch gateway can actively and passively monitor trac

ows for latency, jitter, packet loss, and throughput.

Policy-based Routing

Trac can be routed across private or public WAN uplinks

based on application or user role (e.g. guest or employee), in

addition to traditional destination-based routing.

Dynamic Path Steering

When multiple WAN links exist, Dynamic Path Steering (DPS)

will help choose the best available path for an application

based on characteristics like throughput, latency, jitter, and

packet loss.

WAN Compression

To improve overall bandwidth eciency, the branch gateway

can enable data compression on the IPsec sessions between

the branch and headend gateways. Compression eciency

varies depending on the trac type, but real-world scenarios

typically show 40-60% bandwidth savings.

Hybrid WAN

The branch gateway can support multiple uplinks, such as

Internet broadband, existing MPLS, and cellular connectivity,

with multiple transport overlays across uplinks. Trac

destined for the Internet can be routed locally, while trac

destined for the data center can be routed either over MPLS

or any available Internet path.

Third-party Integration

To reduce local branch complexity, integration with cloud

services provided by rewall vendors such as ZScaler, Palo

Alto Networks*, CheckPoint* and UCC applications such

as Microsof t Sk ype for Business make extending security

and Quality of Service easier and more reliable across the

distributed enterprise.