Automating

SD-WAN branch
configuration

with HCLTech Transport

Independent Site (TIS), powered by
Aruba EdgeConnect

Introduction
While the first round of debate on SD-WAN was centered
around enabling branch access, the discussions are now
maturing towards these areas:
▪ How does SD-WAN cater to IoT traffic.
▪ Does it matter where the application is hosted.
▪ What is the data center to cloud business case.
▪ How to integrate the broken pieces in the network.
▪ What happens to network performance in the cloud.
▪ How do I manage multi-cloud connectivity, security
and costs.
The anywhere dimension is brought forth by the public
cloud providers with a core focus on the DevOps narrative.
As DevOps crosses knee voltage and workloads get
distributed, SD-WAN methodologies for application access
and security should be tightly coupled to capitalize on this
new anywhere-enabled operating model.
According to Gartner®’s Magic Quadrant for
SD-WAN, by the end of 2024, more than 50% of
software-defined, wide-area network (SD-WAN)
customers will be actively adopting secure access
service edge (SASE) architecture, compared with
approximately 35% in 2021. (source).
HCLTech envisions the new advanced SD-WAN on two unique pillars which
are network edge (redefined by uCPE and NFVi stack) and a new wave
of WAN backbone connectivity covering both CSP backbone (like Azure
vWAN) and dedicated backbone (from network service nodes like Equinix
and Digital Reality). This makes the enterprises end-to-end journey from
branch-to-cloud - seamless, modular, virtualized and automated.
We see SD-WAN being critical to enterprise adoption of new-age digital
technologies, with WAN pipe feeding into not only new campus initiatives
but also IoT, Industry 4.0, private 5G, edge computing and WiFi 6 driven
use cases.
Our end-to-end SD-WAN services are based on a platform approach,
designed to help customers achieve a cloud-native state of mind:
transforming business processes, delivering seamless next-gen experiences,
establishing resilient and secure platforms, integrating ecosystems and
enabling lean operations through orchestration and autonomics.
Trends
driving the SD-WAN adoption
With technological requirements for WAN evolving, we
believe there are certain aspects which should become the
key design principals while designing new Age WAN i.e..
▪ “GLOCAL”: Local WAN riding on Global Backbone
▪ Leverage “NFV” and keep the hardware footprint nimble
i.e. uCPE for agility, flexibility
▪ Branch is the “new perimeter, embedding security from
edge” i.e. Convergence of SDWAN & Network Security
▪ “Multi-Cloud: The New Normal” i.e. Cloud Agnosticism
while choosing SD-WAN platform
▪ “Seeing is Believing” i.e. Visibility & “Self-Healing” i.e.
Automation capabilities
▪ Speed of Innovation: Time to Market is key in ever
changing world we live in
Our discussions with customers are now maturing towards
“how does SD-WAN cater to IoT traffic, does it matter where
the application is hosted, what is your ‘To the cloud’ and
‘In the cloud’ network strategy? how do you integrate SASE?
As cloud provider’s WAN and cloud-on-ramp offering brings
economies of scale to the SD-WAN business case, the core
focus is now shifting to the DevOps narrative.
Some of the themes taking centerstage of SD-WAN evolution
in the coming 12-18 months include:
SASE: The opportunity to offer integrated security functionality with
SD-WAN products and support new digital business use cases will make
SASE a key enabler for network transformation in the digital economy.
This will further evolve with more frameworks around native security and
network OEMs working together to garner multi-domain and seamless
architecture possibilities and GTM strategy.
AI/ML: Autonomous and self-driving networks (leveraging AI/ML) have
new frontiers of application, moving beyond just operations and building
into Network as a Code with more focus on reliability engineering and
programmability.
Cloud Onramp: With increasing networking complexities, cloud-first
enterprises are looking to deploy and connect multiple cloud providers
to perform a seamless traffic exchange between platforms and
applications. With on-ramp services, enterprises may ensure ubiquitous
network connectivity to users globally.
Remote connectivity: As enterprises look to bring workforce back
to office and support cloud-native network architectures, WAN/SD-WAN
will become a critically important technology for enabling flexible, agile
and optimized connectivity.
SD-WAN + 5G: Future-forward enterprises will look to leverage 5G in
conjunction with SD-WAN, to leap towards IoT-enabled operations and
other rich-media applications.
NaaS: The days of enterprises procuring assets upfront and figuring out
how to monetize these assets in a monthly OPEX model are slowly fading
away. NaaS provides enterprises an opportunity to scale without having
to figure it out all by themselves. From an SD-WAN perspective, it can be
deployed as a value-added service with NaaS to enhance performance,
security, redundancy and application experience.
uCPE: Combining SD-WAN with the principles of uCPE provides a
consistent and scalable architecture for edge network. And we believe
that more than half of all WAN edge infrastructure refresh initiatives will
be based on uCPE platforms or SD-WAN software or appliances.
Challenges
in traditional SD-WAN branch deployment or configuration and security

Site turn up is time consuming and costly

Significant time is needed for new site turn up.
This includes time for circuit delivery, equipment
provisioning and change management. New sites
can take months to turn up due to the complexities
of change management and project coordination.

Inadequacy in protection from cyber threats

Traditional WANs pass traffic in the clear, a luxury the new
WAN can’t afford. With mounting cyber threats, securing
traffic in transit is no longer an option. It is a requirement.

Overprovisioning of bandwidth Latency and degraded internet performance

Voice, video, CRM and more. WANs accommodate many faced by remote or branch users
types of applications, each with unique requirements.
Delay arises in accessing the internet or cloud applications
Some require significant bandwidth, others require low
when traffic is backhauled from multiple branches or remote
latency. Routing protocols do not provide for those
locations through traditional hub-and-spoke architecture.
differences, forcing IT to overprovision bandwidth.

Gaps in visibility and coverage

Lack of visibility and control leading
Centralized security policies can’t be effectively managed to regulatory compliance violations
and enforced in a decentralized network. This is because
Many WAN monitoring tools fail to differentiate between
most traffic from branch locations to the cloud and internet
business-critical internet applications and general internet
doesn’t cross a centralized policy enforcement point.
browsing. With so many applications and different kinds of
This results in visibility and coverage gaps, which increases
users, insight into the WAN is critical than ever.
the risk of a successful breach or compliance violation.
Solution
HCLTech TIS solution overview

HCLTech’s TIS (Transport Independent Site), DRYiCE NetBot acts as a universal controller solution. Aruba Orchestrator provides an intuitive
powered by Aruba EdgeConnect helps enterprises (i.e. controller of controllers), offering unified user interface where you can centrally define,
dynamically route and intelligently connect their management and orchestration of different assign, and enforce policies across the WAN.
global WAN infrastructure and make it truly sites and controllers across branch sites,
transport-agnostic. It offers unified management on-premises, and public cloud data center HCLTech TIS solution utilizes the centralized
and orchestration of different sites and controllers network environment. network configuration approach and
across branch sites, on-premises and public cloud programming languages such as python or
data center network environment. This service offering heavily utilizes the Aruba ansible to spin up the branch network. As this is
EdgeConnect Enterprise (SD-WAN) solution for an automated solution, it’s error-proof and saves
The business-first and experience-centric automating tasks that are time-consuming and time to implement changes. It also saves costs
structure enables centralized control, repetitive in nature. Aruba Orchestrator is a core occurred by implementing changes in network.
cloud-management, AIOps, global network component of Aruba EdgeConnect Enterprise
automation orchestration, advanced analytics
and carrier-neutral establishments, all in as a
pay-as-you-go (PAYG) service model.
It combines comprehensive WAN capabilities
with automation functions to simplify device
onboarding in SD-WAN setup
(Greenfield/Brownfield deployment). Further,
it is integrated with our DRYiCE NetBot, a network
automation and orchestration platform,
for end-to-end enterprise network lifecycle
management, which auto-remediates, self-heals
and makes your network self-aware.
Apart from being an automation engine, DRYiCE
NetBot also serves as an orchestrator that
integrates monitoring tools, ITSM (ITSM tool used
for change and incident management) and
network controllers, helping in change,
configuration and compliance automation.
 Laptop

End User
Aruba EdgeConnect Appliance
Change open GCP
AWS

Config Approved

ITSM

API UI API
ELEMENT Aruba
MONITORING Orchestrator

BROKER

HCLTech TIS solution offering components

 Use Case 1: Automate device provisioning
1. The customer opens the change request
from ServiceNow and provides the required
template as input for change.
2. ServiceNow is integrated with DRYiCE
NetBot and once the change is validated
it creates a task for DRYiCE NetBot and
places it in the DRYiCE NetBot queue.
3. DRYiCE NetBot schedules a task to
implement based on the date/time
requested by the team in the change
request portal.
4. At the scheduled time/date, the DRYiCE
NetBot tool converts the input template
into the corresponding device
configuration in YAML format and pushes
it to Aruba Orchestrator for further action.
5. Once the appliance is discovered
with a serial number/appliance tag,
the Aruba Orchestrator matches the
tag/serial number (available as part
of preconfiguration) and pushes the
configuration on the discovered appliance.

Template (Excel)

Inputs
Benefits
Automate device provisioning
Service Now (ITSM) Netbot
(HCLTech proprietary)
YAML push
▪ Seamless and automated provisioning of
Aruba EdgeConnect SD-WAN appliances.
Data Center
Aruba ▪ Reduced onboarding time
Programming Orchestrator Security service
chaining to
script
local cloud-based ▪ Bulk device provisioning without raising
or HQ DC separate changes.
MPLS ▪ Standardized device configuration
Internet-breakout connecting throughout the customer network
directly to SaaS apps infrastructure
Aruba
EdgeConnect ▪ Programmable constructs leading
Broadband to increased efficiency
▪ Cost effective with easy-to-execute
SaaS change management
Figure 1 Use Case 1
 Use Case 2: Automate SASE integration to Aruba EdgeConnect Enterprise.
1. The customer will open the change request requested by the team in the 5. Similarly, DRYiCE NetBot pushes
from ServiceNow, and he will provide the change request. Third party tunnel configuration on the
required template as input for change. SASE cloud portal to the nearest POP
4. On the scheduled time/date DRYiCE location to the branch.
2. ServiceNow is integrated with DRYiCE NetBot tool converts the input template
NetBot and once the change is validated it to the corresponding device 6. Once the configuration is pushed
will create a task for DRYiCE NetBot and configuration in YAML format (source on the Aruba EdgeConnect appliance
place it in DRYiCE NetBot queue. tunnel configuration) and pushed it and Third party SASE portal, the tunnel
to Orchestrator for further action. will be created automatically between
3. DRYiCE NetBot scheduled a task to the edge and POP location.
implement based on the date/time

Change Request
Benefits
(Excel) Automate SASE integration to
Aruba EdgeConnect Enterprise (SD-WAN)
Inputs
Tunnel configuration push
Service Now (ITSM) Netbot
(HCLTech proprietary) ▪ Simplified appliance integration with SASE
Device
configuration push
(including third-party tools) without manual
intervention.
▪ Robust security posture with seamless
Cloud-hosted
Programming Aruba
Branch
Security Service branch (multiple) integration to SASE
script Orchestrator
▪ Standardized device configuration making
Aruba the customer environment predictable.
EdgeConnect
8x8 ▪ Reduced time-per-task for complex
integration configurations for cloud and
Direct Internet Breakout SD-WAN devices.
Breakout via
(e.g. customer specified
Cloud Security
trusted applications)

Figure 2 Use case 2

Success Story
HCLTech TIS

The challenge
A leading heavy equipment and automotive manufacturer, headquartered
in the US, was struggling with high recurring costs due to redundant
MPLS connectivity, user experience and WAN complexity.
The customer's existing environment was spread across 550+ sites and
incorporated 1 thousand SD-WAN devices and over 2 thousand WAN
circuits globally. It sought a partner which could perform an end-to-end
SD-WAN transformation, including application awareness policy routing,
intelligent traffic steering and adequate redundancy at remote offices.

Solution
The customer evaluated HCLTech’s Transport Independent Site (TIS), its
SD-WAN framework, encompassing design and consultancy services
coupled with building, migration and operational capabilities.
Following the PoC and assessment services, HCLTech evaluated a
centralized SD-WAN configuration and management via Aruba
Orchestrator, providing application signature-aware forwarding and
branch connectivity via internet-based WAN circuits.
This first-of-its-kind SASE integration with Aruba EdgeConnect Enterprise
solution, leveraged scripts to generate device specific configuration, and
end-to-end IPSEC tunnel creation tasks between third-party POPs and
Aruba EdgeConnect Appliances.

Benefits
The manufacturer was able to achieve easy, quick and secure
internet-based WAN connectivity. It gained an enhanced user experience
for cloud/internet-based applications and a seamless integration with
existing monitoring and reporting tools.
Unlocking business value with a synergy between
TIS and Aruba EdgeConnect Enterprise
TIS, powered by Aruba EdgeConnect Enterprise solution, offers unique solutions, assets and accelerators
to simplify your SD-WAN transformation journey. These include:
1 Automating branch
provisioning and
configuration
4 Reduction in infrastructure
costs with utility constructs
available as NaaS
The future roadmap
As SD-WAN adoption goes mainstream,
HCLTech believes that enterprises would look
less at pointed SD-WAN solutions and more at
platforms that solve a wider range of network
management and security needs. Our Network
Services Orchestrator (NSO) framework with a
one-of-a-kind blend of capabilities, backed by
resolute customer relationships, value-centric
culture, and entrepreneurial spirit, firmly put us
2 Simplifying
SD-WAN workflows
and deployment
3 Strategic support via certified
SD-WAN engineers, solution
architects and SMEs
5 Single vendor contact
for support on
day-to-day issues
6 Secure and reliable
communication to
cloud applications
in pole position to lead the coming decade’s SD While technology relevance exists at both
WAN revolution. infrastructure and application creating business
relevance while bringing together both the
Our partnership with Aruba Networks enables us
application and infrastructure as a triple play
to address the changing SD-WAN paradigm and
has been a challenge for many organizations.
cultural infrastructural shift. Through our GTM
This is where this partnership focuses on.
roadmap, HCLTech plans to launch new use
cases regarding provisioning SD-WAN instances
on the cloud via DRYiCE NetBot, which will lead
to exploring new collaboration opportunities.
We are a Network Service
Orchestrator (NSO)
HCLTech's as a NSO offers a unique perspective,
combining experience from different business
streams cutting across enterprise network services,
product engineering (OEM, NEP, Cloud, I4.0), and
telecom network services. This places HCLTech in a
pole position to embrace digital tech convergence
from end user to the edge and cloud.
Leveraging ecosystems for
breakthrough innovation
We harness systematically orchestrated
ecosystems which empowers us not only to
create special value for our clients today but
HCLTech?
innovate for the future. With a strategic focus
on edge, HCLTech accelerates digital journey
of our clients though leveraging existing
partnerships with leading technology firms,
along with cultivating a unique innovation
ecosystem through niche startups.
A legacy of pioneering technology innovation
Leveraging our network of next-generation innovation labs, we
foster innovation across new digital technologies to create
unparallel customer delight, and help customers with smart
decision making across network transfcemabon initiatives.
For more information, write to us at Contact.NGN@hcl.com
30+ years of experience
in network transformation
▪ Early mover advantage drives innovation
▪ Unprecedented geographical scale
▪ $10M invested in State-of-the-art labs,
Network Experience Center, Noida, India
▪ 360 degree relationship cycle
▪ Touch points across formulating, realizing OEM roadmaps
and productizing as HCLTech GTM strategy
Leadership across leading
analyst network assessments
Why ▪ 2021 Gartner® Magic Quadrant™ for
Managed Network Services
▪ Everest Group’s PEAK Matrix®
Assessments on Network Transformation,
Managed Service Providers and
SD-WAN Services
▪ Avasant's SD WAN Managed Services
2021-22 RadarView™
Network services verticalization
As there is no one size fits all approach, our technology-agnostic
services team supports business of all shapes and sizes. Our wide
assortment of vertical use-cases are tailored to address individual
customers' pain points, and help them with a flexible consumption
model that fits their budget.
 BI-102204331839810-EN00GL
hcltech.com

HCLTech is a global technology company, home to 222,000+ people across 60 countries, delivering
industry-leading capabilities centered around digital, engineering and cloud, powered by a broad portfolio of
technology services and products. We work with clients across all major verticals, providing industry solutions
for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and
Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2022
totaled $12.3 billion. To learn how we can supercharge progress for you, visit hcltech.com.