5 Benefits CIOs Need to Know about SD-WAN

BrandPost By Aruba Experts
Feb 25, 2022
woman computer abstract
Credit: iStock

By: Gabriel Gomane, Sr Product Marketing Manager, Aruba, a Hewlett Packard Enterprise company.

The COVID-19 crisis has accelerated digital transformation, from improving online customer experience to offering remote and hybrid-work scenarios for employees. The dual migration to Network-as-a-Service (NaaS) models and Multi-cloud hosted applications, in addition to implementing work-from-home (WFH) initiatives has helped support this transformation. This also includes the ever present need to fight against cyber threats with increasingly sophisticated network security concerns. 

CIOs understand that organizations need IT flexibility to keep pace with a rapidly changing business environment; however, organizations are often hindered by a sluggish and rigid network infrastructure as they travel deeper into the digital transformation journey.

In response, CIOs can look to SD-WAN as a means to break through the rigidity and accelerate digital transformation initiatives to drive future business growth.  

Below are five benefits CIOs and their respective organizations can enjoy through the implementation of SD-WAN. 

1. Reduce the cost of WAN while improving business agility 

Traditionally, organizations connect branch offices to the corporate data center through expensive MPLS lines. But as organizations continue to expand bandwidth to account for greater use of data-hogging applications like video conferencing and remote backup, more bandwidth is required to the point MPLS lines can become cost-prohibitive. Those spiraling costs prevent the IT group from fully supporting critical business needs. Compounding the issue, new MPLS circuits can take up to four months to be provisioned, which greatly slows new branch expansion, regardless of cost. The consequences include a lack of agility and flexibility required by organizations that are increasingly leveraging hybrid work environments that require a significant increase in branch or micro-branch locations.

To counter these challenges, CIOs can look to SD-WAN, which leverages less expensive internet and 5G connections by virtualizing and bonding network links, creating secure tunnels from the branch offices to the data center and to the cloud. The Aruba EdgeConnect SD-WAN edge platform uses path conditioning techniques including Forward Error Correction (FEC) and Packet Order Correction (POC) to increase the performance and reliability of these connections. Furthermore, in the event of link bonding, POC automatically reorders packets coming from different links.

FEC can also rebuild lost packets at destination without having to retransmit them. These features can help organizations better manage the inherent deficiencies commonly found within internet and wireless connections such as packet loss and jitter.  With SD-WAN, organizations benefit with additional mission-critical agility while reducing expenses. 

2. Build the foundation for SASE architecture to improve cloud security

Organizations with an MPLS router-based architecture not only must contend with higher costs and longer lead times for expansion, they lack visibility into the branch environment. IT cannot easily enforce security policies in branches, especially within hybrid-cloud environments. 

That ability to effectively provide security is further eroded as the security perimeter dissolves. Users and their devices, along with an increasing array of IoT-enabled endpoints are growing in number while connecting from virtually anywhere. Meanwhile, traditional security measures, such as VPNs, are limited. A VPN doesn’t support enforcement of granular security policies. Indeed, once a user has been identified and authenticated through a VPN connection, they can access critical resources inside the network where they likely should not have gained entry.

To empower CIOs and their respective organizations to meet modern security challenges, Aruba EdgeConnect SD-WAN includes a zone-based firewall that provides role-based segmentation, granting users or IoT devices access to certain areas of the network, as required, while preventing access to sensitive information or other areas of the network that are unrelated to the role or task at hand. Through network segmentation, IT can better isolate malware and prevent its spread across the entire network, containing the threat within the given segment. 

Aruba EdgeConnect also offers automated orchestration and native integration to modern cloud security providers to deliver a robust secure access service edge (SASE) architecture. Instead of relying on a single vendor to manage a rapidly evolving security threat landscape, organizations have the flexibility to choose best-of-breed cloud security vendors to meet the current and future needs of the business. That support includes such features as ZTNA (Zero Trust Network Access), SWG (Secure Web Gateway) or CASB (Cloud Access Security Broker).

3. Embrace the flexibility of cloud architecture

Organizations are migrating applications to the cloud, leveraging software-as-a-service (SaaS) cloud-hosted business applications including Microsoft 365, Salesforce, Box, Dropbox, ServiceNow, and many more, versus hosting them in the traditional corporate data center. However, organizations with traditional router-based WAN architectures continue to backhaul cloud-destined traffic from branch locations to the data center. Although effective for maintaining security, such practices can significantly impact the performance of cloud applications, and the ensuing user experience, within the branch environment.

To counter this issue, Aruba EdgeConnect uses local internet breakout to intelligently steer traffic to its destination. It can identify the application on the first packet and intelligently route it back to the data center, or directly to the cloud destination, or first to a cloud security enforcement point, depending on the application and its security policy enforcement requirements. 

For example, organizations typically trust the business traffic from Microsoft 365, so that data is sent directly to the cloud. Meanwhile, traffic from in-house applications or suspicious traffic is directed back to the data center. Other, less trustworthy web traffic is then steered to a cloud-hosted security provider for further inspection before sending it to its final destination.

Additionally, Aruba EdgeConnect seamlessly integrates to established cloud providers such as AWS and Azure, generating secure tunnels from the edge to the cloud provider. The process of connecting branch offices is seamless and can be performed with one click.

SD Wan


A cloud-first secure architecture with Aruba EdgeConnect paired with automated orchestration

4. Reduce the complexity of WAN infrastructure

Organizations typically have built network infrastructure over many years or even decades as the business grows. Tied to that growth, new branch offices are typically commissioned with a stack of appliances, including routers, firewalls, VPN concentrators, and WAN optimization devices. For organizations going through digital transformations, moving an application to the cloud or improving quality of service often requires manually reconfiguring multiple devices. Not only does equipment sprawl require advanced networking skills to maintain and manage, but it also results in multiple maintenance and procurement contracts that are difficult to track. 

Aruba EdgeConnect enables organizations to reduce the footprint of those appliances by unifying routing, firewall, WAN optimization, and SD-WAN into a single platform, or a thin-branch model, while significantly reducing the WAN management overhead. Network architects simply define policies that, for example, link WAN optimization with MPLS routing, or in the case of SaaS applications, steer the traffic to the embedded firewall and then to the cloud.

5. Manage network operations through a single pane of glass 

With the lack of flexibility inherent in traditional network architectures, the deployment of new remote sites can be tedious while taking many months to complete. Furthermore, corporate IT departments often lack complete network visibility to comprehensively monitor transport throughput, packet loss, latency, and jitter. With Aruba EdgeConnect, administrators can enjoy a single pane of glass in which to provision and manage the network. 

This includes zero-touch provisioning, which greatly simplifies connecting and deploying a new site, by automatically receiving its configuration from a central orchestrator. Centralized orchestration also ensures that QoS and security policies are seamlessly and consistently enforced at the new branch.

An advanced SD-WAN solution such as Aruba EdgeConnect can also continuously monitor network health and then automatically adapt to changing conditions. This way, CIOs can ensure the IT organization always delivers optimal application performance through a central dashboard via health maps. These aggregated views displayed on a user-friendly dashboard can show WAN transport loss, latency, and jitter in real time, enabling network administrators to proactively identify performance issues. Administrators can also monitor the health of appliances connected on the network, top talkers, applications, topology map, Mean Option Score (MOS), and more. All application traffic is easily identified by name and location, and alarms and alerts allow for faster identification and resolution of network issues.

For more, watch this short video on the top benefits of SD-WAN

To learn how Aruba EdgeConnect SD-WAN can help facilitate digital transformation, visit here