E-Handbook: SD-branch devices promise network, security benefits Article 3 of 4

Gain SD-branch benefits through automation, orchestration

SD-branch technology is evolving, but don't put off learning about what this tool can do now and the advantages it will deliver in the near future.

The software-defined branch is poised to become a central element of IT architectures for distributed organizations. SD-branch benefits include deployment speed, simplified network operations and improved user experience. The goal of SD-branch is to build a common orchestration between the LAN, wireless LAN, WAN and security.

With SD-branch, distributed organizations can greatly reduce the need to send trained IT personnel to remote branch locations, which results in significant cost and time savings. SD-branch operations use centralized data center and cloud-based intelligence to improve automation and reduce Opex. SD-branch should act as a unified platform for fast deployment and centralized control of security policies, quality of service, applications, users and devices.

Many SD-branch offerings are in the initial stages of integrating management between the various elements of the platform, including Ethernet, Wi-Fi, SD-WAN and security. SD-branch vendors will gradually deliver improved management, automation and orchestration (MANO) capabilities with better end-to-end visibility and functional element integration.

Bunches of SD-branch benefits

The branch network must adapt to new connectivity requirements, be responsive to evolving application requirements and be secure. SD-branch deployments have illustrated the power of software-defined networking and virtualization to improve bandwidth efficiency and deliver application performance. SD-branch is the next evolution in branch technology and will deliver SD-WAN, routing, integrated security and LAN and Wi-Fi functions in a converged platform with centralized management.

SD-branch is currently best suited for new or temporary locations that require rapid deployment.

SD-branch offers IT managers operational agility. They can rapidly deploy and provision a network solution for new branch locations. Managers can use a centralized management console to control and adjust all branch network and security functions.

The early options for SD-branch are largely proprietary and have limited functionality for some of the network and security applications. SD-branch is currently best suited for new or temporary locations that require rapid deployment. Over time, SD-branch will become the standard architecture for branch networking.

The MANO of SD-branch

SD-branch offers a number of potential MANO benefits, including deployment, centralized management and lower costs of ongoing operations. Operating network and security systems at the branch can be very challenging due to the lack of trained IT staff at branch locations. Opex is typically much higher than the purchase price of hardware and software for branch network and security (Capex).

MANO in the context of SD-branch is complex and involves a number of distinct elements. From a functional perspective, it includes four work processes:

  • installation
  • application and security policies
  • ongoing maintenance
  • customization through integration

Rapid installation. SD-branch technology should be easy to set up and not require trained IT personnel to visit the remote site. Ideally, the SD-branch appliance is shipped to the branch, plugged in to AC power and the internet and configured by a centralized console. Ease of installation with the ability to preset templates for configuration for dozens or hundreds of branches is obviously critical to a smooth SD-branch rollout.

Application and security policy. SD-branch products offer the capability to set consistent application and security policies for locations or groups of users. Depending on the number of applications and IoT devices at the branch, these policies can be difficult to maintain. Over time, SD-branch technology will improve its ability to automate policy management and deliver on the intent of IT without manual intervention.

Ongoing maintenance of SD-branch systems. SD-branch offers management consoles that experienced IT personnel can use at a centralized location. Managers can use these consoles to add new users, devices or applications and to adjust security policies. These dashboards use graphical interfaces to show the health of the network and the current performance of key applications. They also help IT quickly identify the likely cause of any problem, including potential security breaches.

Integration with IT management systems. The integration between SD-branch management consoles and existing network, security and other management systems is important to maintain overall IT health. Some examples of this type of management integration include unified communications, network security and application performance management systems.

SD-branch providers offer open APIs to integrate with other platforms and to enable customized development on their platforms. The depth and breadth of SD-branch suppliers' developer ecosystems will be critical to achieving MANO goals over time.

SD-branch vendor MANO examples

A number of networking and security suppliers have introduced SD-branch offerings. Two examples of SD-branch MANO include the following:

Aruba Networks. Aruba SD-branch delivers a full range of networking and security functionality with operational simplicity. With Aruba's cloud-based centralized management, distributed organizations can manage SD-branch, WLAN and LAN with unified policy across branch locations.

Fortinet. The Fortinet Secure SD-Branch solution integrates firewalls, switches and access points. Fortinet extends the security of the firewall out to the edge of the network while simplifying the management of the network, including security policies.

Conclusions and recommendations

The branch network is a critical piece of the IT infrastructure for most distributed organizations. The branch network must be secure, easy to deploy, able to be managed centrally and cost effective to operate.

SD-branch technology is still in its early stages. Initial SD-branch implementations will be primarily single vendor and may lack state-of-the-art technology in some applications. Over time, the SD-branch will become easier to deploy, less complex to manage and provide a more automated response to branch networking and security challenges.

IT leaders should carefully evaluate the SD-branch benefits for their distributed organizations. Migration to SD-branch will likely require significant changes to the existing branch network and security systems. SD-branch technology is ideal for greenfield deployments, rapid deployment of new branch networks and branches with end-of-life equipment, such as routers or Wi-Fi.

A critical future challenge of SD-branch MANO development is its ability to seamlessly integrate with installed network, security and data center management systems. This requires open APIs to customize the specific SD-branch MANO elements. SD-branch vendors will need a large partner ecosystem that includes leading networking, security and IT management providers.

Dig Deeper on WAN technologies and services

Unified Communications
Mobile Computing
Data Center