Prime Group combines Aruba’s SD-WAN and SD-Branch to power operations across nearly 50 locations nationwide
USE CASE: Support growth, enhance productivity and reduce cost by adopting software-defined Wi-Fi networking, including SD-WAN and SD-Branch.
Providing streamlined, secure Wi-Fi to employees at nearly 40 leasing offices spread over 1,300 miles required Prime Group to adopt a new networking strategy.
“Our Prime Residential division operates an expanding list of mid-market and upscale multi-family properties,” explains Luke Pfaffinger, Vice President of Business Technology at the 500-employee LA-based company. “To meet our high customer service standards and achieve our growth goals, we needed a reliable, future-proof solution that would easily scale and adapt.”
Software-defined Journey Begins
At the outset, Prime Group sought to overcome limitations of using an MPLS-based WAN and aging Cisco networking equipment by moving to software-defined networking. In addition to modernizing branch office connectivity for Prime Residential, the company wanted to standardize on a single vendor that could streamline connectivity for its other division, Prime Finance.
Engaging with Aruba and its engineering team has proven key to developing a powerful, flexible and scalable software-defined networking platform with the right features for us. Luke Pfaffinger, Vice President of Business Technology, Prime Group
“Prime Finance has offices in New York, Chicago and San Francisco, as well as Los Angeles,” says Pfaffinger. “To empower our employees with mobility and adopt cloud-delivered applications, across both Prime Residential and Prime Finance, we needed to eliminate bottlenecks inherent with our existing hub-and-spoke MPLS system.”
After evaluating several options, Prime Group selected a comprehensive SD-WAN and SD-Branch solution from Aruba, a Hewlett Packard Enterprise company, for a two-phase deployment. “We were excited about Aruba’s commitment to software-defined networking and the innovative management tools,” Pfaffinger says.
20X Performance Boost with Aruba SD-WAN
Pfaffinger’s team focused the first phase of its journey on deploying SD-WAN across both divisions. This involved adopting Aruba access points (APs), and edge switches as well as cloud-based Aruba Central network management and Aruba Foundation Care for ongoing support.
Benefits quickly realized
Once deployed, the Prime Group’s new SD-WAN quickly delivered exceptional value. “Performance improved twentyfold, reliability shot up and the cost savings were considerable,” says Pfaffinger.
Among other things, the implementation enabled migrating multiple back-office solutions to the cloud. “For business productivity, we transitioned to Microsoft Office 365, including the cloud-hosted Microsoft Phone System for voice telephony, and Skype for Business,” Pfaffinger says.
“Although we were concerned about audio quality over public Internet connections, we discovered it was considerably better than our private MPLS set-up,” he adds.
Aruba SD-Branch Adds Productivity, Security and Cost Advantages
More recently, Pfaffinger’s team embarked on the SD-Branch phase, which leverages Aruba Central. This phase included upgrading to higher-performance indoor and outdoor Aruba APs and Aruba Branch Gateways as well as migrating to Aruba Access Switches for continuity.
“We wanted to improve business continuity, productivity, efficiency and security, while simultaneously streamlining the network for additional cost savings,” says Pfaffinger.
“We also required effective scalability to support our company’s plans for expanding our footprint and pursuing new markets without adding headcount to our lean IT team,” he adds.
Delivering Guest Capabilities and Speeding Deployments
Immediate SD-Branch benefits include the ability to roll out a guest network in common spaces like clubhouses, lounges and pool areas.
“By segregating guest access from corporate traffic, we’re supplying a competitive amenity for residents and guests while also securely mobilizing our staff to work anywhere they’re needed on a property, indoors or out,” Pfaffinger says.
Installer slashes site deployment time by half
Another benefit comes from Aruba’s zero-touch provisioning along with management technologies within Aruba Central and the Aruba Installer app. The Installer app enables IT staff to create templates and group locations with similar attributes, such as lobbies, back office/maintenance locations and resident common areas, to simplify and automate configurations.
This means non-technical staff at remote sites can quickly and easily install Aruba APs, switches and gateways, with Central ensuring configurations are consistently applied across the entire distributed enterprise.
“The Installer helped us cut branch deployments to less than four hours, even when some site-specific adjustments were needed,” says Pfaffinger. “Before, it required at least a day to provision a site.”
Managing and updating branches is also speedy. “Whenever we adjust a configuration setting, or apply an update, the Installer automatically flows the changes to the associated components, including our APs, gateways and switches,” Pfaffinger says.
Better Together: Aruba PEF Firewall + Microsoft Azure
For security, Prime Group relies on Aruba’s comprehensive Policy Enforcement Firewall (PEF), a feature integrated into every branch gateway. With over 4 million installations worldwide, the stateful firewall works alone, or in concert with other network and security solutions, to control access and traffic based on policies and roles.
“We’re very excited about the innovative, yet intuitive, features of Aruba’s firewall,” Pfaffinger says. “It’s a critical foundation for our migration to cloud-based business applications.”
Secure, role-based access
Via an open-source approach, Pfaffinger has combined Aruba access enforcement with their Azure active directory (AD) to enhance their authentication security. “By using SAML with Azure Active Directory we can easily differentiate access for our admins versus our tech support staff,” he says. “This multi-factor authentication and conditional access gives us granular control. For instance, the tech support staff is only granted read-only privileges versus admins receiving read/write privileges via their defined roles in the AD.”
“In addition to creating a more secure environment than was available with our legacy firewall, combining our Aruba’s PEF with Azure AD streamlines employee onboarding and departures,” Pfaffinger continues.
“When an employee joins our company, we grant access in Azure based on their role and the firewall dynamically enforces access privileges,” he adds. “When an employee leaves, we simply cancel the person’s Azure account and we’re done.”
Optimizing performance and protecting users
Beyond access control, the firewall also includes Layer 7 awareness of over 3,000 applications for policy-based content and bandwidth control. “We’re leveraging benefits of filtering and bandwidth control for both our corporate and guest networks,” says Pfaffinger.
“High-bandwidth users or IoT devices can be investigated and throttled to ensure they don’t impact others,” he continues. “On the guest network, we can limit bandwidth to protect corporate performance and ensure the safety of minors by disallowing inappropriate applications and content.”
Up to 40% Productivity Gains
Another transformative benefit of the SD-Branch deployment comes from granting read-only network visibility to Prime Group’s help desk staff for sophisticated troubleshooting. Previously, only the company’s lone network engineer could perform such tasks, causing resolution delays.
“We estimate the help desk team can resolve issues up to 40 percent faster, significantly improving productivity for IT staff and business users alike,” says Pfaffinger.
“Also, with the help desk team monitoring the health of our environment, we’ve more IT staff contributing to network optimization,” he adds. “In addition to making the help desk position more satisfying, we’ve enhanced our management capabilities with the same headcount and freed our network engineer to concentrate on higher-value tasks.”
Next Steps: Continuity, IoT and Other Enhancements
According to Pfaffinger, next steps include continuity enhancements, IoT adoption and networking advances.
For improved resiliency at Prime Finance branches, their secondary Internet connection will no longer operate in standby mode. “Using capabilities within Aruba Central and the SD-Branch Gateways, we’re setting up hot failovers,” he says.
IoT to enhance residence experiences
Like most enterprises, the Prime Group plans to take advantage of IoT opportunities, such as installing leasing kiosks at Prime Residence offices. “The kiosks would provide prospective residents with information and other services until a leasing staff member becomes available,” Pfaffinger says.
In the future, adopting smart walkway lighting, intelligent environmental controls in common areas for augmenting maintenance or physical security are all IoT possibilities.
Evaluating SD-WAN Orchestrator and SaaS Prioritizer
Moving forward, Prime Group plans to explore Central’s latest features, such as the SD-WAN Orchestrator, the Virtual Gateway for Azure and the SaaS Prioritizer. The Orchestrator boosts efficiency by automating various networking tasks, while the Prioritizer enables fine-tuning experiences by prioritizing traffic for cloud-based applications.
“We’re always interested in anything that makes us more efficient and our environment less complex,” Pfaffinger says.
Regardless of the new connectivity capabilities Prime Group ultimately rolls out, Pfaffinger advocates working with the experts to achieve the best results.
“Engaging with Aruba’s engineering team ensured we designed our solution to evolve along with the platform to meet ever-changing market needs,” he says. “It’s proven key to developing a powerful, flexible and scalable platform with the right features for us.”
