Professional Documents
Culture Documents
Automating SD-WAN Branch Configuration With HCLTech TIS Powered by Aruba Edge Connect
Automating SD-WAN Branch Configuration With HCLTech TIS Powered by Aruba Edge Connect
SD-WAN branch
configuration
While the first round of debate on SD-WAN was centered HCLTech envisions the new advanced SD-WAN on two unique pillars which
around enabling branch access, the discussions are now are network edge (redefined by uCPE and NFVi stack) and a new wave
maturing towards these areas: of WAN backbone connectivity covering both CSP backbone (like Azure
▪ How does SD-WAN cater to IoT traffic. vWAN) and dedicated backbone (from network service nodes like Equinix
▪ Does it matter where the application is hosted. and Digital Reality). This makes the enterprises end-to-end journey from
▪ What is the data center to cloud business case. branch-to-cloud - seamless, modular, virtualized and automated.
▪ How to integrate the broken pieces in the network. We see SD-WAN being critical to enterprise adoption of new-age digital
▪ What happens to network performance in the cloud. technologies, with WAN pipe feeding into not only new campus initiatives
▪ How do I manage multi-cloud connectivity, security but also IoT, Industry 4.0, private 5G, edge computing and WiFi 6 driven
and costs. use cases.
The anywhere dimension is brought forth by the public
Our end-to-end SD-WAN services are based on a platform approach,
cloud providers with a core focus on the DevOps narrative.
As DevOps crosses knee voltage and workloads get designed to help customers achieve a cloud-native state of mind:
distributed, SD-WAN methodologies for application access transforming business processes, delivering seamless next-gen experiences,
and security should be tightly coupled to capitalize on this establishing resilient and secure platforms, integrating ecosystems and
new anywhere-enabled operating model. enabling lean operations through orchestration and autonomics.
Trends
Some of the themes taking centerstage of SD-WAN evolution
in the coming 12-18 months include:
driving the SD-WAN adoption SASE: The opportunity to offer integrated security functionality with
SD-WAN products and support new digital business use cases will make
With technological requirements for WAN evolving, we SASE a key enabler for network transformation in the digital economy.
believe there are certain aspects which should become the This will further evolve with more frameworks around native security and
key design principals while designing new Age WAN i.e.. network OEMs working together to garner multi-domain and seamless
▪ “GLOCAL”: Local WAN riding on Global Backbone architecture possibilities and GTM strategy.
▪ Leverage “NFV” and keep the hardware footprint nimble
AI/ML: Autonomous and self-driving networks (leveraging AI/ML) have
i.e. uCPE for agility, flexibility
new frontiers of application, moving beyond just operations and building
▪ Branch is the “new perimeter, embedding security from into Network as a Code with more focus on reliability engineering and
edge” i.e. Convergence of SDWAN & Network Security programmability.
▪ “Multi-Cloud: The New Normal” i.e. Cloud Agnosticism
while choosing SD-WAN platform Cloud Onramp: With increasing networking complexities, cloud-first
▪ “Seeing is Believing” i.e. Visibility & “Self-Healing” i.e. enterprises are looking to deploy and connect multiple cloud providers
Automation capabilities to perform a seamless traffic exchange between platforms and
▪ Speed of Innovation: Time to Market is key in ever applications. With on-ramp services, enterprises may ensure ubiquitous
changing world we live in network connectivity to users globally.
Our discussions with customers are now maturing towards Remote connectivity: As enterprises look to bring workforce back
“how does SD-WAN cater to IoT traffic, does it matter where to office and support cloud-native network architectures, WAN/SD-WAN
the application is hosted, what is your ‘To the cloud’ and will become a critically important technology for enabling flexible, agile
‘In the cloud’ network strategy? how do you integrate SASE? and optimized connectivity.
As cloud provider’s WAN and cloud-on-ramp offering brings
economies of scale to the SD-WAN business case, the core SD-WAN + 5G: Future-forward enterprises will look to leverage 5G in
focus is now shifting to the DevOps narrative. conjunction with SD-WAN, to leap towards IoT-enabled operations and
other rich-media applications.
NaaS: The days of enterprises procuring assets upfront and figuring out
how to monetize these assets in a monthly OPEX model are slowly fading
away. NaaS provides enterprises an opportunity to scale without having
to figure it out all by themselves. From an SD-WAN perspective, it can be
deployed as a value-added service with NaaS to enhance performance,
security, redundancy and application experience.
HCLTech’s TIS (Transport Independent Site), DRYiCE NetBot acts as a universal controller solution. Aruba Orchestrator provides an intuitive
powered by Aruba EdgeConnect helps enterprises (i.e. controller of controllers), offering unified user interface where you can centrally define,
dynamically route and intelligently connect their management and orchestration of different assign, and enforce policies across the WAN.
global WAN infrastructure and make it truly sites and controllers across branch sites,
transport-agnostic. It offers unified management on-premises, and public cloud data center HCLTech TIS solution utilizes the centralized
and orchestration of different sites and controllers network environment. network configuration approach and
across branch sites, on-premises and public cloud programming languages such as python or
data center network environment. This service offering heavily utilizes the Aruba ansible to spin up the branch network. As this is
EdgeConnect Enterprise (SD-WAN) solution for an automated solution, it’s error-proof and saves
The business-first and experience-centric automating tasks that are time-consuming and time to implement changes. It also saves costs
structure enables centralized control, repetitive in nature. Aruba Orchestrator is a core occurred by implementing changes in network.
cloud-management, AIOps, global network component of Aruba EdgeConnect Enterprise
automation orchestration, advanced analytics
and carrier-neutral establishments, all in as a
pay-as-you-go (PAYG) service model.
It combines comprehensive WAN capabilities
with automation functions to simplify device
onboarding in SD-WAN setup
(Greenfield/Brownfield deployment). Further,
it is integrated with our DRYiCE NetBot, a network
automation and orchestration platform,
for end-to-end enterprise network lifecycle
management, which auto-remediates, self-heals
and makes your network self-aware.
Apart from being an automation engine, DRYiCE
NetBot also serves as an orchestrator that
integrates monitoring tools, ITSM (ITSM tool used
for change and incident management) and
network controllers, helping in change,
configuration and compliance automation.
Laptop
End User
Aruba EdgeConnect Appliance
Change open GCP
AWS
Config Approved
ITSM
API UI API
ELEMENT Aruba
MONITORING Orchestrator
BROKER
Template (Excel)
Inputs
Benefits
Automate device provisioning
Service Now (ITSM) Netbot
(HCLTech proprietary)
YAML push
▪ Seamless and automated provisioning of
Aruba EdgeConnect SD-WAN appliances.
Data Center
Aruba ▪ Reduced onboarding time
Programming Orchestrator Security service
chaining to
script
local cloud-based ▪ Bulk device provisioning without raising
or HQ DC separate changes.
MPLS ▪ Standardized device configuration
Internet-breakout connecting throughout the customer network
directly to SaaS apps infrastructure
Aruba
EdgeConnect ▪ Programmable constructs leading
Broadband to increased efficiency
▪ Cost effective with easy-to-execute
SaaS change management
Figure 1 Use Case 1
Use Case 2: Automate SASE integration to Aruba EdgeConnect Enterprise.
1. The customer will open the change request requested by the team in the 5. Similarly, DRYiCE NetBot pushes
from ServiceNow, and he will provide the change request. Third party tunnel configuration on the
required template as input for change. SASE cloud portal to the nearest POP
4. On the scheduled time/date DRYiCE location to the branch.
2. ServiceNow is integrated with DRYiCE NetBot tool converts the input template
NetBot and once the change is validated it to the corresponding device 6. Once the configuration is pushed
will create a task for DRYiCE NetBot and configuration in YAML format (source on the Aruba EdgeConnect appliance
place it in DRYiCE NetBot queue. tunnel configuration) and pushed it and Third party SASE portal, the tunnel
to Orchestrator for further action. will be created automatically between
3. DRYiCE NetBot scheduled a task to the edge and POP location.
implement based on the date/time
Change Request
Benefits
(Excel) Automate SASE integration to
Aruba EdgeConnect Enterprise (SD-WAN)
Inputs
Tunnel configuration push
Service Now (ITSM) Netbot
(HCLTech proprietary) ▪ Simplified appliance integration with SASE
Device
configuration push
(including third-party tools) without manual
intervention.
▪ Robust security posture with seamless
Cloud-hosted
Programming Aruba
Branch
Security Service branch (multiple) integration to SASE
script Orchestrator
▪ Standardized device configuration making
Aruba the customer environment predictable.
EdgeConnect
8x8 ▪ Reduced time-per-task for complex
integration configurations for cloud and
Direct Internet Breakout SD-WAN devices.
Breakout via
(e.g. customer specified
Cloud Security
trusted applications)
The challenge
A leading heavy equipment and automotive manufacturer, headquartered
in the US, was struggling with high recurring costs due to redundant
MPLS connectivity, user experience and WAN complexity.
The customer's existing environment was spread across 550+ sites and
incorporated 1 thousand SD-WAN devices and over 2 thousand WAN
circuits globally. It sought a partner which could perform an end-to-end
SD-WAN transformation, including application awareness policy routing,
intelligent traffic steering and adequate redundancy at remote offices.
Solution
The customer evaluated HCLTech’s Transport Independent Site (TIS), its
SD-WAN framework, encompassing design and consultancy services
coupled with building, migration and operational capabilities.
Following the PoC and assessment services, HCLTech evaluated a
centralized SD-WAN configuration and management via Aruba
Orchestrator, providing application signature-aware forwarding and
branch connectivity via internet-based WAN circuits.
This first-of-its-kind SASE integration with Aruba EdgeConnect Enterprise
solution, leveraged scripts to generate device specific configuration, and
end-to-end IPSEC tunnel creation tasks between third-party POPs and
Aruba EdgeConnect Appliances.
Benefits
The manufacturer was able to achieve easy, quick and secure
internet-based WAN connectivity. It gained an enhanced user experience
for cloud/internet-based applications and a seamless integration with
existing monitoring and reporting tools.
Unlocking business value with a synergy between
TIS and Aruba EdgeConnect Enterprise
TIS, powered by Aruba EdgeConnect Enterprise solution, offers unique solutions, assets and accelerators
to simplify your SD-WAN transformation journey. These include:
1 Automating branch
provisioning and
configuration
2 Simplifying
SD-WAN workflows
and deployment
3 Strategic support via certified
SD-WAN engineers, solution
architects and SMEs
4 Reduction in infrastructure
costs with utility constructs
available as NaaS
5 Single vendor contact
for support on
day-to-day issues
6 Secure and reliable
communication to
cloud applications
HCLTech is a global technology company, home to 222,000+ people across 60 countries, delivering
industry-leading capabilities centered around digital, engineering and cloud, powered by a broad portfolio of
technology services and products. We work with clients across all major verticals, providing industry solutions
for Financial Services, Manufacturing, Life Sciences and Healthcare, Technology and Services, Telecom and
Media, Retail and CPG, and Public Services. Consolidated revenues as of 12 months ending December 2022
totaled $12.3 billion. To learn how we can supercharge progress for you, visit hcltech.com.