You are here: Home > Aruba SD-Branch Solution > Configuring Your SD-Branch Network Using the Advanced Setup > Managing SaaS Application Traffic with SAAS Express

SaaS Application Traffic Management with SaaS Express

As more businesses are adopting the SD-WANSoftware-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. fabric to take advantage of inexpensive broadband Internet services and also adopting Software-as-a-Service (SaaS) applications such as Office365, Box, Slack, and Zendesk , the SD-WANSoftware-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. business solutions must ensure that the users at a branch site can seamlessly and securely connect to their applications in the cloud.

Aruba SD-WANSoftware-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. solution introduces the SaaS Express feature on Branch Gateways to enable discovery of the SaaS application servers, monitor application performance, and steer traffic to the best available servers, and thus provide an improved user experience.

The SaaS Express feature offers the following benefits:

Real-time probe measurement criteria to determine the optimal exit for routing user traffic.
Ability to choose the best network path to connect users to SaaS applications for better user experience.
Improved service reliability with multiple network paths and dynamic traffic-steering.

Criteria for SaaS Express Optimal Path

SaaS Express determines the optimal path for SaaS application traffic based on the following criteria:

SaaS Application Profile Parameters

By default, Aruba Branch Gateways support a set of applications and application categories in their Deep Packet Inspection (DPIDeep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. ) library. The built-in application list includes a set of SaaS applications; for example, Adobe, DropBox, Amazon, Google, Saleforce, Slack, Webex, and so on.

If a SaaS application is not available in the list, administrators can configure it on Branch Gateways using the Aruba Central management interface. For more information, see Configuring an SD-Branch Network.

Each SaaS application profile includes the following elements:

Application name—Name of the SaaS application.
FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet.—A list of domain URLsUniform Resource Locator. URL is a global address used for locating web resources on the Internet. bound to the SaaS application.
Exit profile—Traffic steering policy for determining an optimal path exit.
SLA—Threshold profile for measuring path quality and performance.
Health Check Probe URIUniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format.URIUniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format. to use for HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. probes to determine the best available path.

HTTP Probes

Aruba Gateways send HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. requests to each SaaS application over every available path. Based on the response, Gateways calculate the average packet loss and latency for each path, based on which path quality and performance are determined. When a user requests for access to a SaaS application, Gateways send an HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. probe over each available circuit and determines the best performing ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. circuit. Gateways then steer the application traffic to the best available path.

DNS Resolution

When a client requests for SaaS application access, the Aruba Gateway router tries to resolve the FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the SaaS application into IP addresses. Based on the type of SaaS application, the location of DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. caching servers for a given ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet., and geographical location of the device that initiates the DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. request, Gateways determine the best available uplink for a given SaaS application on each ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. circuit.

 

For DNSDomain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. resolution, DPIDeep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. must be enabled on Branch Gateways.

Traffic Steering and Path Selection

Network administrators can use a WANWide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. policy with a path steering criteria based on key performance indicators such as jitter, latency, and packet loss to attach the policy to each SaaS application profile. By default, the ArubaOS software includes a BestforSaaS SLA profile, which can be used for SaaS application profiles. Administrators can also use a custom SaaS policy for steering SaaS application traffic.

Supported Deployment Scenarios

The SaaS Express feature on Branch Gateway supports Direct Cloud Access from a Branch with Dual ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. Circuits.

In this scenario, when a client requests access to a SaaS application, Branch Gateways resolve the FQDNFully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet. of the SaaS application and send HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. probes on all ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. circuits to collect performance measurements; for example, latency or loss. Based on the HTTPHypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. response and SLA threshold profile configured for the SaaS application, Branch Gateways determine the optimal path and route the designated SaaS application traffic from a branch site using the best available ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. circuit.

The following figure illustrates SaaS traffic steering from a branch site with dual ISPInternet Service Provider. An ISP is an organization that provides services for accessing and using the Internet. circuits:

Figure 1  Branch Sites with Dual ISP Circuits

To know how to configure SaaS Express, see Configuring SaaS Express .

/*]]>*/