EdgeConnect Models and Hardware Platforms

1. The EdgeConnect Appliance Family

All the SD-WAN intelligence covered in earlier chapters has to run somewhere — a physical box in a wiring closet, a VM on a hypervisor, or a cloud instance. EdgeConnect provides a tidy, predictable family that scales cleanly from a closet-sized branch to a multi-gigabit data center, plus virtual and cloud editions that run the very same software. Picking the wrong appliance is a common, expensive mistake: under-size a hub and it throttles every branch behind it; over-size a tiny outlet and you have bought a rack server to do a deskside job.

Think of the family like a line of delivery trucks from one manufacturer: a compact van, a box truck, and an 18-wheeler all drive the same way and obey the same rules, but each is built for a different size of load. The physical line spans five named classes, smallest to largest: EC-XS, EC-S, EC-M, EC-L, and EC-XL.

EC-XS and EC-S: small branches

The EC-XS is the entry point — a compact, fan-cooled desktop-class unit (not a rack server) for very small or remote sites such as a single retail outlet or kiosk. It carries 2–200 Mbps of WAN bandwidth (all features + encryption), tracks up to 256,000 simultaneous connections, and presents 4 × RJ45 10/100/1000 Mbps copper ports — enough to land one or two WAN circuits plus the LAN.

The EC-S (part identifier EC-S-P) steps up to larger branches: 10–1000 Mbps WAN bandwidth, the same 256,000 connections, but doubles the port count to 8 × RJ45 copper interfaces — useful at a busy branch with MPLS plus two Internet links plus LTE and several internal segments. The EC-XS is the espresso machine for a one-person coffee cart; the EC-S is the machine behind a busy café counter. Same coffee, very different volume.

EC-M and EC-L: medium and large sites

As sites grow into regional offices, head offices, and small hubs, aggregate bandwidth climbs into the gigabit range and the box must track far more sessions. The EC-M (EC-M-B / EC-M-P) targets a head office or small hub: 50–2000 Mbps and a major jump to 2,000,000 simultaneous connections. That eight-fold leap (256K to 2M) is what separates a branch box from a hub-capable box — a hub terminates traffic from many branches at once and needs a far larger session table. Ports: 4 × RJ45 1 GbE copper plus 2 × 1/10 GbE fiber.

The EC-L (EC-L-B / EC-L-P) is positioned for data centers and large hubs: 1–5 Gbps WAN bandwidth, the same 2M connections, and the same port layout as the EC-M. It is the workhorse for a regional hub or a mid-sized data center aggregating dozens of branches.

EC-XL: high-end data center platform

At the top sits the EC-XL (EC-XL-B / EC-XL-P): 2–10 Gbps with all features and encryption enabled, 2,000,000 connections, and the richest port options — EC-XL-B offers 4 × 1/10 GbE fiber with fail-to-glass bypass, while EC-XL-P offers 6 × 1/10 GbE SFP+ or 6 × 1/10/25 GbE SFP28 (the only model reaching 25 GbE). It is a 1U rack-mount platform with dual-redundant power supplies and optional NVMe "Network Memory" for WAN optimization.

The B, P, and -NM variants (and Boost)

Across the EC-M, EC-L, and EC-XL classes the suffix letters describe physical interface and optimization options, not a capacity tier:

• -B — fixed fiber ports with fail-to-glass bypass: if the appliance loses power the optical path closes through so the link stays up (like a relay that "fails closed").
• -P — pluggable optics (SFP+ or, on the EC-XL, SFP28), giving freedom to choose transceivers and reach.
• -NM — adds NVMe Network Memory, the high-speed local storage that powers Aruba Boost.

Boost is not a separate model; it is an optional WAN-optimization capability (deduplication, compression, TCP acceleration) layered onto the hardware. Recommended Boost capacity scales with the platform: 50 Mbps on EC-XS, 500 Mbps on EC-S and EC-M, 1 Gbps on EC-L, and 5 Gbps on EC-XL.

Figure 5.1 — The EdgeConnect appliance family

2. Specifications and Selection

Reading specifications well is the heart of model selection. The table below consolidates the authoritative datasheet figures for the physical family.

Figure 5.2 — EdgeConnect physical model comparison

A note on precision: newer QuickSpecs occasionally publish slightly different bounds for the same class (e.g. "2–1000 Mbps" for the EC-S or "50 Mbps–5 Gbps" for the EC-L) depending on software version and test profile. Always confirm against the current datasheet for the release you intend to run.

Throughput and tunnel scale

The same appliance reports very different throughput figures depending on what you ask it to do. From highest to lowest: maximum (unencrypted, large packets) > encrypted (IPsec) > encrypted with Boost/WAN-OP > IMIX (realistic packet mix). For sizing, use sustained encrypted IMIX with all required features on — the datasheet's "WAN bandwidth (all features + encryption)" column already reflects this view, which is why it is the right column to size against.

Connection (session) scale is 256,000 for branch-class (EC-XS/EC-S) and 2,000,000 for hub-class (EC-M/L/XL). The datasheets do not publish an explicit "tunnels per appliance" number; exact tunnel counts live in Aruba's detailed sizing guides. In real designs the tunnel count is rarely the bottleneck — throughput and enabled features run out first.

Sizing guidance (the methodical process)

1. Gather requirements — access bandwidth per site, traffic direction, topology, branches per hub, expected growth.
2. Determine the real performance requirement — peak WAN utilization, encryption on, plus 20–40% headroom.
3. Define the feature set — encryption, Boost/WAN-OP, segmentation, firewall, IDS/IPS, URL filtering. Every feature lowers effective throughput.
4. Estimate tunnel/connection scale — roughly branches × hubs-per-branch plus cloud/partner tunnels; add growth headroom (often 2×).
5. Map to a hardware class — XS/S for branches, M/L for head offices and hubs, XL for campus/data center cores.
6. Add redundancy — single box at most branches; an HA pair at critical sites, sized so one unit carries the full load on failover.
7. Validate with vendor tools — confirm Mbps and tunnel limits against the current datasheet and Aruba's sizing tool before ordering.

Branch example: 2 × 100 Mbps DIA (200 Mbps total), ~150 Mbps peak. Apply 30% headroom → size for ~200 Mbps encrypted → lands on an EC-XS or low-end EC-S. Data center example: 100 branches at ~100 Mbps each → ~10 Gbps aggregate → with headroom you want ~15 Gbps+, which exceeds a single EC-XL's 2–10 Gbps → the answer is two or more data-center-class EdgeConnects in HA or scale-out, not one bigger box.

Figure 5.4 — Model-selection decision flow

The data center example illustrates a core design principle: at hubs, scale out, not just up. Use multiple moderate or regional hubs, or cloud-hosted virtual EdgeConnects, rather than betting everything on a single maximum-sized appliance. When a site's throughput is borderline between two classes, move up to the next class or offload on-box features.

3. Virtual and Cloud Form Factors

Not every SD-WAN endpoint is a physical box. A cloud site has no wiring closet, and many organizations prefer to run network functions as software on infrastructure they already own. EdgeConnect answers both needs with EC-V. If the physical appliances are delivery trucks, EC-V is the same delivery service on rented vehicles — you choose how big a vehicle to rent (the throughput tier and instance size), but the cargo and the rules of the road are identical.

EC-V on hypervisors

EC-V is packaged as a VM image and licensed per instance, sized by throughput tier. It runs on the major type-1 enterprise hypervisors:

• VMware ESXi / vSphere — delivered as an OVA; import it, assign port groups, set vCPU/RAM to match the tier, power on. Works on standalone ESXi, vCenter clusters, and vSphere private clouds.
• KVM — a KVM-compatible image, commonly used with Linux virtualization stacks and OpenStack, deployed via libvirt/virt-manager or OpenStack.
• Microsoft Hyper-V — a VHD/VHDX image for Hyper-V on Windows Server, deployed with the appropriate vNICs and resources for the tier.

Cloud marketplace deployments

EC-V is also a cloud-native virtual appliance, generally BYOL with a chosen bandwidth tier, where you match the cloud instance/VM size to the tier:

• AWS — an EC2-based appliance from the AWS Marketplace or a shared AMI; pick a supported instance family/size plus a tier license. Common in transit-VPC hubs and VPC-to-VPC designs.
• Azure — a pre-built Marketplace image deployed as an Azure VM (e.g. DSv2/DSv3 or F-series) mapped to a tier. Used in hub-and-spoke virtual-network topologies.
• GCP — a Compute Engine VM from a public image or marketplace listing, with a machine type sized for the tier plus the EC-V license. Used as a regional hub or gateway.

Figure 5.3 — EC-V throughput tiers

You scale up by redeploying or resizing to a higher tier and, where needed, a larger instance type. Exact tier names and Mbps/Gbps values vary by software release and entitlement — the canonical reference is Aruba's EC-V Deployment Guide and QuickSpecs, not a fixed table. The tier-to-class alignment above is approximate guidance, not a published SKU equivalence.

Ruggedized and specialized variants

For the physical line, the documented specialization axis is interface and optimization variants: -B (fixed fiber, fail-to-glass bypass), -P (pluggable SFP+/SFP28), and -NM (NVMe Network Memory for Boost), plus the EC-XL-H and EC-XL-H-10G high-end data center variants. The research material does not document a distinct ruggedized (extended-temperature / hardened) SKU — confirm any industrial or outdoor requirement directly against current HPE Aruba SKU lists and QuickSpecs rather than assuming it from the standard family.