Recently, Aruba, a Hewlett Packard Enterprise company, held its annual Atmosphere user conference in digital format. At the event, the company announced a new set of cross-portfolio, edge-to-cloud security features for its Edge Services Platform (ESP) solution. The new capabilities include the integration of the popular ClearPass policy manager secure NAC (network access control) product with the Aruba EdgeConnect SD-WAN edge platform, which came to the company with the acquisition of Silver Peak. The company also announces the integration of Aruba Threat Defense with EdgeConnect and the expansion of Aruba ESP multi-vendor security partner program.
The latter enables Aruba to provide customers with a “best-of-breed” approach to secure access service edge (SASE), while maintaining the simplicity of a single stack. There are many, many SASE options and customers have been forced to choose between the complexity of bringing together their preferred security vendor or going with a single vendor solution. Both have challenges that are not ideal. Aruba’s multi-vendor offering creates a “best-of-both worlds” scenario.
Aruba has always been security first
The announcements demonstrate Aruba’s strength in security. Historically, I’ve referred to Aruba–not as a WiFi or network vendor–but more as a security vendor that delivers its value through wired and wireless networking and now WAN with Silver Peak. In the past, Aruba’s scope was limited to the campus network, but it has been aggressive with expanding its scope, leading to this announcement of edge to cloud, where it can secure the entire end-to-end network.
Traditionally, most businesses, particularly enterprise-class companies have thought of the network not as a single entity but as a collection of smaller subnetworks, such as the WAN, LAN, WiFi network, etc. These have historically been managed independently, but that needs to come to an end because application performance is based on the end-to-end network. Aruba solved the performance and visibility problem with its cloud-native Central management tool. One of the interesting announcements at Atmosphere is that Aruba is now making Central available on-premises, and while this may seem counter to the trends in the industry, there are a number of companies, particularly large enterprises in regulated verticals, that can’t put both feet in the cloud world.
AIOps is at the center of Aruba’s strategy
Whether it’s on-premises or in the cloud, the heart of Central is AIOps. During his keynote, Aruba founder and GM of the business unit, Keerti Melkote, stated that “AIOps will be the foundation for the intelligent edge”, because of the complexity of the edge. He went on to further explain, “If you look at the intelligent edge, you’ll see many types of environments: warehouses, stores, bathrooms, lecture halls, dormitories, stadiums, etc. And these environments all have different behaviors. You add to that the device types, smartphones, tablets, laptops, video cameras and more, and the complexity goes up. And then you add to that all the requirements of your business and suddenly, complexity grows exponentially.”
That complexity that Melkote referred to has a big impact on manageability, which is why Aruba is infusing Central with AIOps. It also has significant implications to security and threat protection. As companies grapple with the new realities of work from anywhere, hybrid working, cloud and mobility, this will accelerate the adoption of SASE, which enables dynamic provisioning of security services from the network. One of the big transitions for security teams will be applying zero trust across the network or from the “edge to cloud” in Aruba vernacular.
Security is needed on-premises and at the edge
Aruba’s approach is a nice balance between delivering security at the network edge balanced with on-premises capabilities while giving the customers the option of integrating into leading security providers such as Netskope, Check Point, Palo Alto Networks, Zscaler and more. The multi-vendor architecture helps simplify taking a best-of-breed approach. At Atmosphere, Aruba introduced the new Orchestrator management console, formerly Silver Peak Unity Orchestrator, which enables customers to quickly and easily associate branch locations to the security partner points of presence and data centers.
Other key announcements included:
ClearPass Policy Manager integration with Aruba EdgeConnect
This augments application intelligence with the identity of users and IoT endpoints and combines that with roles and security posture forming the basis of the SASE WAN edge. The combination of role, security posture and dynamic segmentation simplifies the process of creating the hundreds of VLANs needed to secure the environment.
Aruba Threat Defense integration with EdgeConnect
This extends intrusion detection and prevention capabilities to the EdgeConnect physical and virtual appliances enabling the platform to utilize Aruba’s broad threat infrastructure. The ability to share threat intelligence between the systems delivers full visibility across the end-to-end network. This is critical to the process of bringing security and networking together.
SD-WAN for hybrid work
I don’t believe Aruba actually announced anything new here, but this was a nice summary of connectivity options and highlights the breadth of what the company can offer. The Aruba ESP platform is a broad set of secure wired, wireless and WAN solutions that can connect customer locations in a variety of ways including:
- Virtual Intranet Access Client (VIA): maximum mobility for work-from-anywhere users whether connecting to private or public networks
- Remote Access Points (RAPs): minimal footprint for mobile, remote and temporary workspaces, delivering secure connectivity to the corporate enterprise network
- SD-Branch: maximum integration and simple unified management across WLAN, LAN and SD-WAN with Zero Trust security
- EdgeConnect: optimal QoE (Quality of Experience) from edge-to-cloud with an advanced SD-WAN edge platform and unified SASE components
It’s fair to say the pandemic has changed the world in ways we could never have imagined, and it looks like these changes are now permanent. As this new reality sets in, business and IT leaders need to shed conventional thinking of the network being composed of discrete elements and treat the entire “edge-to-core” as a single entity. This is the best way to deliver a high-quality application experience but also provide the necessary threat protection.