Now, let's look at the Aruba EdgeConnect Enterprise solution. Let's recap, SD-WANs are an attractive solution. We discussed a bit of how there are generally two types of SD-WAN implementations, basic SD-WAN and business-driven SD-WAN. This session, we'll look at the Aruba EdgeConnect Enterprise SD-WAN. This is also formerly known as the Silver Peak SD-WAN remember that the emergence of SD-WAN is a result of many applications and services moving to the Cloud, such as Office 365, Salesforce. The increased use of social media for businesses with Facebook, LinkedIn, Instagram, YouTube, as well as infrastructure-as-a-service solutions via AWS, Azure, and Google Cloud. This type of traffic makes sense to directly forward out to the Internet instead of traditionally forwarding it to a data center. Likewise, trusted apps such as Zeus also are secured using their own encryption protocols such as SSL. The other type of traffic that needs to be managed is internal traffic. Think of this traffic as carrying anything you might need your laptop client to access using Pulse Secure or Aruba VPNs. With Software Defined WAN the networking gods have more control and can efficiently manage internal traffic dynamically, especially with a business-driven SD-WAN like ours utilizing the Orchestrator, which we'll look at in a bit. As you can see with the orange pipes, we can utilize one or more different transport mechanisms and control how, when and what traffic is handled. Let's look at encapsulation and tunnels between EdgeConnect appliances. We'll define both of these and see how it's done at a very high level. The basic job of the EdgeConnect is to form tunnels between each other. Tunnels or logical connections between two devices, as shown by the orange lines. The tunnels are used to encapsulate data. Encapsulation is putting a data packet inside another data packet for transporting across the network. If you took the networking essentials, you were introduced to IP addresses. Even if you weren't, you already know Internet addresses like websites, amazon.com, YouTube, etc. Or how to get to internal sites like file servers, SharePoint, HPE insider. When you decide to browse to an internal server, your laptop composes an IP packet with a source address of itself, and the destination being the IP address of that server. That packet is sent to the gateway where it needs to be routed. To keep things simple, let's say the EdgeConnect is that the default gateway for the Internet at your remote office. EdgeConnect A gets it and knows the file server is an internal resource. It secures it by encapsulating the original user's packet with additional encapsulation information, namely its own address as the source and the EdgeConnect B's address as the destination as depicted in red. It then forwards the encapsulated packet over a tunnel to the remote EdgeConnect, in this case B on the right. When EdgeConnect B receives the packet, it looks at the destination address and says, this is for me. That's how it knows that it needs to do something with it. In this case, remove the red encapsulation header and forward the original user's yellow packet to the internal server. Note that the original user data from the host was not altered, it was just securely transported across the tunnel. In today's Cloud-first world, where SaaS and infrastructure-as-a-service are extensions of the enterprise network, it's critical for the business to reach these Cloud services by the most efficient and highest performing means. Frequently Cloud applications like Microsoft Office 365 performed better from home than from the branch. This is called local intranet breakout and it's a form of passthrough traffic. The term SD-WAN or Software Defined Wide Area Network is something you might hear about from multiple sources and each one says something different. At this time, there is no SD-WAN RFC or other specification for describing a universal standard on how it should work. This is because SD-WAN is an emerging technology and each vendor in this area has their own proprietary solutions. These solutions do not generally inter-operate. Let's look at a Aruba's approach and how to use our devices to automate many aspects of the SD-WAN deployment and operation.
