Branch Office Deployment Considerations Part 1

By sassy posted Nov 14, 2011 06:21 PM


A branch office can be defined as any location that is designated as a workspace away from the headquarters. Employees that are located at these branch offices should be able to have the same level of access to documents and services similar to those employees at the central corporate site. The size of the branch office is a deciding factor in the design and deployment of the WLAN infrastructure at the branch office.

Branch Type

Number of users








Figure 1 Typical Branch Sizes that influence the WLAN network requirements and design


Typical requirements for a branch office network

In the first phase of the WLAN network design, the IT staff has to decide on the specific requirements that will help them design the network.

  1. Employee and guest access to the WLAN – The company policy will dictate who can actually connect to the WLAN network. Only a subset of the employees may be able to connect to the WLAN network and access corporate resources depending on their job responsibilities. Guests may or may not be allowed to connect to the network to access the Internet. These different devices and users will require different levels of access and privileges.
  2. Supported client devices - The types of client devices that have to be supported on the WLAN network will include wireless or wired printers, mobile devices such as smart phones, tablets, corporate owned devices such as VOIP phones, laptops, etc.
  3. PCI compliance – The Payment Card Industry Data Security Standard (PCI DSS) is a set of requirements designed to ensure that all companies that process, store or transmit credit card information maintain a secure environment. Some IT organizations have to choose a WLAN vendor that will help them meet the PCI compliance requirements. This is especially important for retail customers who operate point-of-sale machines and handle credit card transactions.
  4. Security Policy – This is the most critical of all requirements. The security policy will define who has access to the WLAN network and ultimately protects the corporate resources from external and internal threats. Firewall rules, Network Access Control, Authenticated and Authorized users, detection of threats over the wired and wireless network should all be part of the security policy for a branch. In addition to the above, the infrastructure should provide a secure and reliable connection back to the data center. The most important question to ask here is whether the WLAN network can adequately meet the company’s security policy requirements.
  5. Integrated redundancy – A remote branch office requires secure connectivity via the WAN to the data center. The challenge is to provide redundancy at reasonable cost. For example, WAN back-up using 3G or 4G, redundancy controllers, are some of the ways that vendors provide redundancy to the branch office.
  6. Quality of Service – Voice and video are hugely prevalent in the branch. The WLAN component should be able to handle all the different types of traffic – data, voice, and video in an optimized fashion.

Consideration factors in a WLAN network design coming next in part 2, stay tuned!




Dec 08, 2011 08:18 PM

Hi  - RAPs are mainly deployed for telecommuter users and you  will not need both a 620 controller and a RAP at the same site. Can you please let us know what your requirements are for this deployment: 

- small office

- wired and wireless access?

- applications - voice/video?

- employee and guest access?


Depending on your requirements, Aruba Instant may be a better fit to provide a campus WLAN network.





Dec 04, 2011 03:06 PM

Can I use a 620 controller and rap 5WNs to provide wireless to small group 5 employees without having to install data center devices.  I just want to provide wiless lan internet to only wireless clients.


Internet-----------Aruba Controller 620---------5 WN AP   )))))))))))))((((((((((( Client PC