Aruba Integrates SD-Branch Security, Wireless


By: Mary Jander

Security upgrades are taking the software-defined networking (SDN) arena by storm. The Aruba subsidiary of Hewlett Packard Enterprise (NYSE: HPE) has announced a major upgrade to its software-defined branch (SD-Branch) gateways focusing on integrating security and software-defined wide-area-networking (SD-WAN) capabilities targeted at the retail sector.

As SD-WAN players scramble to position themselves in a red-hot market that features more than 50 competitors, Aruba is positioned well because of its leadership in wireless networking, HPE's enterprise networking assets, and security resources. In an interesting move, HPE officials said the company has opted to build its own SD-WAN software to integrate into the Aruba portfolio rather than make acquisitions, as major networking competitor Cisco has done.

The Santa Clara, California-based vendor has augmented its SD-Branch series of gateways with identity-based security features geared to a “zero trust” approach; full integration with cloud-based SD-WANs; and embedded cellular connectivity for its 9004 branch gateways. All SD-Branch gateways are now integrated with AWS Transit Gateway, with Office 365 certification on the way.

The new additions are aimed specifically at helping to streamline large retail networks comprising many small branches. According to Aruba, customers like Vera Wang are committed to digital transformation, but they face a host of new security and management challenges in moving to cloud-based networks. If these companies can’t get into SD-WAN, they risk losing sales to online sites, as well as letting down customers who want online coupons, targeted sales information, fast checkout, and other features spawned by smartphone ubiquity.

Zero Trust, Please

Central to today’s announcement is Aruba’s introduction of a Zero Trust security framework based on intrusion detection system and intrusion prevention system (IDS/IPS) functions licensed from ProofPoint (which also is allied with AWS, Crowdstrike, IBM, Palo Alto Networks, Splunk, and Zscaler, among others). Aruba has integrated these features into its ClearPass Policy Manager and Policy Enforcement Firewall module for its ArubaOS operating environment.

All this will allow retailers to distinguish specific users, devices, and applications in a cloud-based network based on their role, not their location. Further, Aruba has integrated the new security functions with its Aruba Central cloud-based management platform, which the vendor says will oversee “thousands of remote locations,” whether those locations are linked to the cloud or to a traditional datacenter.

Embedded Cellular

Aruba has also graced its Aruba 9004 series of gateway devices with embedded cellular access. Specifically geared to supporting retailers, this function will open the way for stores to support applications based on customer information, or to deploy a secondary wireless link for, God forbid, failover. Aruba says the WiFi link can also be used to quickly set up remote stores in rural areas where networks are, frankly, behind the times.

(Note: The new embedded cellular capability won’t yet support 5G networking, but is in line to do so as services become widespread.)

It’s All in the Box

Today’s announcement puts Aruba squarely in competition with a range of other vendors who claim to be putting all the pieces for branch-to-cloud networking — WiFi, security, and SD-WAN — together in a single, easy-to-deploy box.

For at least one of these competitors, Cisco (NASDAQ: CSCO), that single box hasn’t come together as fast or as neatly as customers once hoped; its wireless Meraki gear is still on a separate buying track from its Viptela SD-WAN. In addition, Cisco is in the middle of a question storm surrounding its recent Silicon One announcement.

Aruba may face a stronger threat from Fortinet (NASDAQ: FTNT), which has its own secure SD-branch story, backed by a strong corporate strategy that includes its own chips. Also emerging are Ruckus Networks (owned by Arris and traded via parent CommScope—NASDAQ: COMM).

A Win for SD-WAN

Meanwhile, though HPE/Aruba was a bit of a latecomer to SD-WAN, it’s been quick to catch up. And by integrating the strong wireless gateways acquired with the Aruba purchase in 2015, as well as sensibly targeting its wares to a key market sector, the vendor seems to be headed in the right direction.

“It’s taken a little while for the market to come to us,” said Patrick LaPorte, HPE senior director, cloud and software solutions, in an interview. “We are ready to press the gas on the solution side…. We are competitive in all the critical spaces.”