Aruba reinforces SD-Branch with security, management upgrades

Aruba reinforces SD-Branch with security, management upgrades

Aruba adds IDS/IPS, LTE to branch-office networking gear

Credit: Dreamstime

Aruba has taken steps to bolster the security and manageability of its branch-office networking package for customers with lots of branch sites.

The Hewlett Packard Enterprise (HPE) company enhanced its SD-Branch software with identity-based attack detection and intrusion prevention, and improvements to its SD-WAN Orchestrator to make it easier to deploy security features on a large scale.

Aruba’s SD-Branch software runs on its branch gateways and includes a variety of integrated features like a firewall that support LAN, WAN, Wi-Fi networks, and segmentation as well integration with the company’s ClearPass policy-management software and its cloud-based package Aruba Central.

The package can integrate its data with partner security platforms such as Check Point, Palo Alto Networks, and Z-Scaler.

Aruba has added role-based intrusion detection/intrusion prevention (IDS/IPS) features that let customers watch over and set security policies on individual or role-based access to branch endpoints, according to Kishore Seshadri, Aruba’s vice-president and general manager of SD-WAN Solutions.

Controlling the access each user has to resources is a component of zero-trust security, which is the direction Aruba has been heading, Seshadri said.

A recent Network World article defined the idea of zero-trust networks as simply: “trust no one. Verify everyone. Enforce strict access-control and identity-management policies that restrict employee access to the resources they need to do their job and nothing more.”

According to a recent 451 Group survey, only around 13 per cent of enterprises have started down the zero-trust path.

The new support lets customers monitor individual endpoints and block traffic when necessary, all based on policies set locally in ClearPass, Seshadri said.

The new package also supports threat visibility and trend analysis as well as the ability to correlate security events with sites, clients, applications and network infrastructure to help customers support larger branch implementations, the company said.

These capabilities allow enterprises to quickly detect and prevent unwanted traffic from entering or exiting their networks, said Brandon Butler, a senior research analyst with IDC.

“The IDS and IPS systems allow users to set levels such as lenient, moderate, strict for traffic controls, and there are available integrations with messaging systems for alerting," Butler said.

"These features are atop what Aruba already has for security, including dynamic segmentation of traffic based on users, devices and apps, firewall capabilities and integration with cloud-based security solutions such as Zscaler.”

For its cloud-based network management, Aruba Central, the company bolstered the Orchestrator feature with the ability to deploy secure overlay topologies in a large-scale edge-computing infrastructure. The idea is to securely connect thousands of remote locations to applications in data centres and the cloud, Aruba said.

“We continue to see customers move away from traditional on-premises data centers and move more toward the cloud, and the Orchestrator can now help customers secure those environments,” Seshadri said.

Being able to extend security coverage will be important for Aruba and other networking companies as they link to cloud resources.

For example, Aruba announced support for Amazon Web Services AWS Transit Gateway, which lets customers connect their Amazon Virtual Private Clouds (VPCs) and their on-premises networks to a single gateway. The idea is to simplify and enhance the performance of SD-WAN integration with AWS cloud resources.

Cisco, Versa and others have also announced support for the Transit Gateway. Aruba has an SD-WAN tie-in to Microsoft Azure and Google as well.

The final component of Aruba’s branch-connectivity upgrade was adding support for cellular backup, particularly LTE, to its branch-office gateways.

Built-in cellular access in Aruba 9004 Series Gateways gives customers the option to use the connection as a primary, secondary uplink or back-up in a load-shared active-active mode with other broadband links, Seshadri said.

“IT staff are able tune and optimise connectivity by defining SLA policies across a combination of MPLS, internet and cellular links enforced with dynamic path steering in real-time with the ability to select the preferred cellular link,” Aruba stated.

“The cellular link can also be used for remote locations or to accelerate the deployment of a new store until the dedicated MPLS or internet links are installed.”

This overall announcement is evidence of a broader shift in the market, said IDC’s Butler.

“As deployments of SD-WAN scale up, enterprises are thinking more holistically about what network and security functions are needed at the edge of their networks, and enhanced security functionality is a key," he said.

"When enterprises deploy multiple network and security functions at the edge of their networks (such as SD-WAN with firewall, IPS/IDS, network analytics or WAN Op) we call this SD-Branch. We expect most SD-WAN vendors will increase their security and network-function capabilities that are packaged with SD-WAN, creating a new SD-Branch market.”

SD-WAN continues to be one of the fastest-growing segments of the network infrastructure market, Butler added.

In the first half of 2019, the market doubled in size compared to the year earlier: $1.1billion for SD-WAN infrastructure (hardware and software, but not services) revenues in the first half of 2019, versus $1.4 billion for the full year 2018, he said.

Follow Us

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags Aruba networksHewlett Packard Enterprise



Reseller News Platinum Club celebrates leading partners in 2019

Reseller News Platinum Club celebrates leading partners in 2019

The leading players of the New Zealand channel came together to celebrate a year of achievement at the annual Reseller News Platinum Club lunch in Auckland. Following the Reseller News Innovation Awards, Platinum Club provides a platform to showcase the top performing partners and start-ups of the past 12 months.

Reseller News Platinum Club celebrates leading partners in 2019
Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosts alumnae breakfast for Women in ICT Awards

Reseller News hosted its second annual alumnae breakfast for the Women in ICT Awards in New Zealand, designed to showcase the leading female leaders in the industry. Held at The Cordis in Auckland, attendees came together to hear inspiring keynotes and panel discussions, alongside high-level networking among peers. Photos by Gino Demeer.

Reseller News hosts alumnae breakfast for Women in ICT Awards
Reseller News Innovation Awards 2019: meet the winners

Reseller News Innovation Awards 2019: meet the winners

Reseller News honoured the standout players of the New Zealand channel in front of more than 480 technology leaders in Auckland on 23 October, recognising the achievements of top partners, emerging entrants and innovative start-ups.

Reseller News Innovation Awards 2019: meet the winners
Show Comments