Aruba Central needs to become more and more capable, but also more and more user-friendly. This creates a lot of work behind the scenes at HPE Aruba Networking. We discuss recent developments with EMEA CTO and Vice President of Systems Engineering, Dobias van Ingen. What do these developments mean for the networking market and the company’s customers.
The past few years at HPE Aruba Networking (from here on: Aruba) it was all about the integration of Aruba Central into HPE GreenLake, HPE’s edge-to-cloud platform. That has now been fully completed; you can now work with Aruba Central from HPE GreenLake without having to leave the GreenLake environment in the process. This was a really big step forward, Van Ingen points out. Among other things, it ensures that everyone is developing on the same platform, something that should improve the speed of innovation. The integration of Aruba Central into HPE GreenLake runs well now, according to him. In fact, we are several Aruba Central releases along since the integration.
With the integration into HPE GreenLake behind us, it is now time for Aruba to start looking at what Van Ingen calls “Aruba Central Next Gen.” After all, with the changes taking place in the marketplace, more and also different things are being asked of a platform like Aruba Central. For a long time, the emphasis has been on making it as easy as possible to build and deploy networks in distributed enterprise environments. That’s still important, of course, but today it’s also about a better user experience. Users need to get where they want to be in fewer clicks. The latest version already has these improvements. System Engineers (pre-sales) at Aruba already use it. In addition, selected partners test it at the moment. It will become more widely available in early 2024.
Reduce complexity
A platform like Aruba Central offers many possibilities, which only increase over time. In the long run, that is no longer tenable within an existing environment. As Van Ingen readily admits, “It all became too complex, with the addition of the SD branch piece, among other things.” He specifically mentions making the network topology transparent. That became increasingly difficult as more and more devices ended up in Aruba Central.
To provide better visibility, Aruba has changed and added a few things. The most fundamental, as far as we’re concerned, is the way the latest version of Aruba Central shows the network topology. That used to be a rather static thing, now it uses a view that you can compare to that of a solar system. That is, you can look at the network topology from the perspective of a specific device. The device you select is like the sun, and all the other parts of the network topology orbit around it. That shows very clearly at a glance the dependencies and relationships between different components.
Another way to provide a better overview in complex environments is through the so-called time travel functionality. With this, Aruba Central produces a slice of the network every minute. You can then quickly see what the network was like at a specific moment. This can be useful when researching specific devices and their history within the network.
Finally, Aruba has made improvements in the area of identifying endpoints. Within Aruba, something called Client Insights was already available. From that, Aruba has further developed the algorithms. Van Ingen now claims a 98 percent score when it comes to correctly identifying endpoints. Perhaps more importantly, the same engine is now also available for the wired part of the network. There, the identification of endpoints “was always a bit so-so, but that’s now greatly improved as well,” he points out.
ClearPass still plays an important role
At the end of the day, visibility and observability are important focal points for Aruba as a whole. In particular, this involves properly protecting devices and users on the network. For that, insight into what is happening and who is part of the network are critical. “If you don’t know what’s on the network, how can you protect it at all,” to use the rhetorical question Van Ingen used during our conversation.
Aruba has done quite a bit of work in this regard in the past, particularly within its ClearPass offering. That has traditionally been an on-prem product, but can also be linked to the cloud, Van Ingen tells us. We hear stories here and there in the market that ClearPass’ days are somewhat numbered due to the current focus in the market on the full, distributed landscape. According to Van Ingen, that is certainly not the case. In fact, “ClearPass is still undergoing a lot of further development,” he points out.
In part, this continued development is necessary because of ClearPass’ on-prem availability. That is still very important for large organizations. Mid-market organizations often choose Azure AD in combination with Aruba Cloud Auth. There’s not a whole lot of really new things Aruba can add to ClearPass, Van Ingen has to admit. Unless you add AI to it. But that happens from the cloud, not from the “traditional” ClearPass environment.
These days, it’s hard to talk about security without talking about NIS2. This new legislation, which has yet to be drafted but must be finished and take effect next year, will have quite an impact. This is where Van Ingen sees a lot of added value for ClearPass. It allows organizations to be compliant fairly easily by knowing exactly what they have in their network. Many new factories are moving to ip-based environments, so ClearPass can do its job there as well. Of course, by no means everything within the industries that NIS2 is going to impact is ip-based. That’s why Aruba is partnering with Nozomi Networks, for example. That integrates with ClearPass, so there is still an overview in one place of what equipment is connected.
IDS and EVPN/VXLAN are on the rise
Furthermore, Van Ingen sees increasing demand for IDS, or Intrusion Detection Systems. It allows organizations to monitor the network. You can use it to detect suspicious activity, especially via rogue access points. These access points do not belong on the network and Aruba Central doesn’t manage them. Obviously, those access points should not be authenticated and the devices connected to them should also be able to be kept out.
When it comes to security, besides IDS you can also arrange all kinds of things within EVPN/VXLAN. There, micro-segmentation is possible and user-based tunneling. The latter takes place at Layer 7, or the application layer. That can be very valuable from a security perspective. Van Ingen also points out the possibility of adding some more slicing via EVPN/VXLAN. In this respect, a hard separation for ip cameras comes to mind.
HPE GreenLake and Aruba Central get more network security capabilities
So far, we’ve mostly talked about the developments within Aruba Central and ClearPass, which is tightly linked to it. However, more things are happening, both within Aruba and HPE GreenLake, that benefit HPE’s overall security proposition.
First, there are the latest data center switches that Aruba is developing with Pensando, part of AMD. Launched several years ago, these CX 10000 switches are a key pillar in Aruba’s security story. Thanks to the collaboration with Pensando, there is now a DPU in the CX 10000. This makes it possible to take east-west security to a significantly higher level through the firewall capabilities available therein, Van Ingen points out. East-west security has traditionally been very difficult.
Looking more broadly at the network offerings within HPE GreenLake and the integrations with Aruba, HPE made two interesting acquisitions in the past year. Axis Security is an interesting one. This adds even more security to HPE’s network offerings. More specifically, this acquisition adds SSE to Aruba’s already existing SD-WAN capabilities within HPE GreenLake. Even though the acquisition took place not too long ago (in early March 2023), HPE has already integrated Axis Security’s offerings into Aruba Central/GreenLake.
The intention is not necessarily to market a single SASE offering (SSE and SD-WAN together), Van Ingen indicates when asked about this. “We see that organizations often choose SSE first, to replace VPN, then they start looking at what to do with the WAN.” What is particularly striking is that Axis Security’s SSE has no fewer than 365 PoPs. That’s more than any other player on the market (as far as we know) and means that lots of people at lots of organizations at all cloud providers can establish a (zero-trust) connection to their enterprise networks and SaaS solutions, at low latency. Aruba can guarantee the latter thanks to monitoring.
Private 5G comes together with WAN, WLAN and LAN
Another acquisition that HPE recently made and intends to integrate into HPE GreenLake, specifically its Aruba component, is Athonet. This acquisition was also announced at the beginning of 2023 and adds Private 5G to HPE’s offerings. HPE has already done quite a bit in the area of 5G Core, for example with the Open RAN Solution Stack it offers. With Athonet, it is also adding Private 5G (and, of course, 4G/LTE).
Asked about Private 5G ambitions within HPE and Aruba, Van Ingen replies that they want to combine all of Athonet’s engineering with HPE’s existing telco knowledge and develop it further. It is particularly about the “enterprise experience” that HPE and Aruba can bring to it, according to him.
When we remark that the market for Private 5G is not huge and seems to be limited to niches such as ports, wind farms and large factory halls, Van Ingen responds that there is another interesting use case for this technology. Critical services such as healthcare will also begin to see the added value of 5G over Wi-Fi, according to him. That’s where slicing, and thus guaranteed bandwidth for a specific use case, can make a substantial impact. You can basically do that with wifi as well, but 5G needs fewer antennas. In addition, with 5G the core controls roaming, whereas with wifi it is the endpoint. Roaming from the core is usually faster and better than from the endpoint. At the very least, you have more control over it.
From Aruba’s perspective, this means that Aruba Central will live up to that name even more. Because the intention is to bring together not only all WAN, WLAN and LAN insights and telemetry but also those from Private 5G within Aruba Central. This is not optional. If Aruba wants to achieve full network visibility and security, it is a necessity. If this doesn’t happen, it still won’t give relevant insight into everything that happens within an organization’s network. And that is precisely what it is all about at HPE Aruba Networking nowadays, based on our discussion with Van Ingen. After the successful integration with HPE GreenLake, we expect a further increase in the pace of innovation at Aruba. There’s much more to come in 2024, that’s for sure.
Also read: HPE expands GreenLake with NaaS, data and HPC options
18 hours ago
