LAS VEGAS — Aruba, a Hewlett Packard Enterprise (HPE) company, bundled SD-WAN, wired, and wireless networking technologies, along with unified security and policy enforcement, into a new edge offering it calls Software-Defined Branch (SD-Branch).
“Software-Defined Branch is a unified, software-defined architecture that spans the entire branch, ranging all the way from WiFi to SD-WAN,” said Lissa Hollinger, VP of product and solution marketing for Aruba, during a press conference at HPE Discover, today. “It’s cloud-managed by Aruba Central and also includes policy management and enforcement.”
“The idea is to impose some sort of security discipline without increasing difficulty from a network perspective,” said Larry Lunetta, Aruba VP of security.
Aruba’s SD-Branch architecture integrates new 7000 series branch gateways to provide a single point for SD-WAN, wired, and wireless networking policy and security enforcement. Context-awareness capabilities are embedded in the new controllers in addition to other features such as policy-based routing and dynamic path selection.
This means the gateways can use this contextual data and awareness to dynamically route traffic across the WAN based on user, device, or group affiliation. For example, retail organizations can prioritize point-of-sale system and video traffic versus guest traffic, while hotels can prioritize voice traffic for anyone involved with customer service.
The SD-Branch architecture also uses Aruba Central, the company’s cloud management platform, which now supports SD-WAN. This provides automated configuration capabilities and granular visibility. “This allows a customer to have a single pane of glass that allows them to manage and secure branch architectures,” Hollinger said.
For the security component, SD-Branch uses consistent role-based enforcement across the LAN and WAN. Aruba’s network access control product, ClearPass, automates policy management across different layers of network and application access.
Additionally, all network traffic within a branch can be forwarded to the branch gateway for deep packet inspection using the build-in stateful firewall. IT teams can assign policies for specific device types to segment their traffic up to the application layer. In a retail environment, for example, this makes it more difficult to hack in-store security cameras or PoS devices.
“And the third leg of the security strategy has to do with our partner ecosystem,” Lunetta said.
The company’s security partner program has more than 140 technology partners. Today it added three new cloud-based partnerships bringing on Zscaler as a new partner and additional integrations with Check Point Software Technologies and Palo Alto Networks. These security companies provide cloud-based firewall and advanced threat protection to secure traffic over the public internet.
What About VMware and Cisco SD-WAN?
The SD-Branch announcement sounds similar to what VMware’s doing by integrating SD-WAN with its NSX networking and security portfolio. The NSX portfolio now includes SD-WAN technology VMware acquired when it bought VeloCloud last year, and stretches from the data center to the edge and the cloud.
Aruba’s offering differs from VMware’s in that “VMware attacks it from a data center perspective,” said Mani Ganesan, director of product management for Aruba. “They want to extend NSX from the data center out. We come at it from the edge, in.”
Plus, the singular policy enforcement simplifies policy management “because we don’t have to do it at the wireless level and the SD-WAN,” he added.
Photo: Lissa Hollinger, VP of product and solution marketing for Aruba, defines the software-defined branch.