Aruba SD-Branch : SaaS Express
Aruba SD-Branch : SaaS Express
In this article, we are going to talk about the SaaS Express
feature of the Aruba SD-Branch solution. We are seeing a trend where
applications are being offered as a service from the public cloud and
enterprises face a new kind of challenge to ensure the Quality of Experience
for these applications.
Today’s top priority is to provide a great experience to
SaaS applications such as Microsoft 365, Dropbox, Salesforce, and others. To
achieve this, organizations follow a split-tunnel / Direct Internet Access
approach where SaaS-bound application traffic is sent directly to the Internet
from the branch and internal application traffic is backhauled to central
sites. Once the traffic is directly sent to the Internet from the branch, the
network team loses the visibility of the traffic, and they cannot improve on
what they cannot see or monitor.
Aruba SaaS Express feature solves this problem where the
SD-Branch appliance (called Branch Gateway) steers traffic to SaaS applications
and provides the best performance by continuously monitoring the application
and WAN link health.
⭐Related : Aruba EdgeConnect: BOOST in Action!
It measures the Quality of Experience score across all the
Internet links that provide access to SaaS applications. It is done by probing
the next-hop address and the tunnel endpoints. These probes not only provide
the health status of the overlay but the underlay network too.
It continuously proxies the DNS requests for SaaS
applications to ensure the nearest PoP is selected for application delivery.
DNS requests are intercepted by the Branch Gateway, and all the SaaS
applications-related queries are sent to the best ISP DNS. Internal application
queries are sent to the corporate DNS server.
Finally, to identify an application, the Branch gateway uses
various tools like DNS Snooping, Deep Packet Inspection, and APIs to classify
Microsoft 365.
DNS Snooping & Packet Inspection is generally available
let’s take a look at API’s capability to classify Microsoft 365. API
capabilities SD-WAN providers to classify IP addresses and FQDNs. The branch
gateway probes Microsoft and learns what IP/FQDNs are being used by the
applications in Microsoft 365 suit. Aruba Central pools Microsoft APIs every 90
minutes to be up to date with any changes. The branch gateway queries the API
through the dedicated management control session (gRPC) to get the information.
Figure 1:
API to Microsoft 365
Once the application is identified, the SaaS express feature
steers the application traffic through the defined best path based on the
performance captured through synthetic probes monitoring.
At last let’s talk about some of the benefits of SaaS Express Feature –
- Improved performance for SaaS applications
- Network visibility for SaaS applications
- Enhanced user experience as applications are always reachable through the best reliable path.
- Dynamic traffic steering for SaaS application in case of black or brownout scenarios
So, things that were not in the enterprise domain now can be
managed through the SaaS Express feature. Hope you find this informative!
