With its cloud-based control panel, Aruba Central, HPE Aruba has created a single pane of glass for all its network products. Whether this comprises access points, switches or SD-WAN gateways, you can manage everything via Aruba Central. However, Aruba’s ambition goes even further, especially with the improved ClearPass Device Insight.
Aruba Networks has now been part of HPE for more than three years. It has been given the freedom to grow independently with the help of HPE. The capital powerful HPE has been able to give Aruba the necessary injections to accelerate its growth. However, it has also resulted in more technology and products coming together. For example, the data center switches portfolio has been transferred from HPE to HPE Aruba, projects are being taken up together, and finally, HPE Aruba has also become part of HPE GreenLake. One of the projects that HPE and HPE Aruba are tackling together is conquering the IoT/edge market, more about this later.
Aruba Central
What we see with many network parties today is that they still have a lot of legacy technology and have difficulty finding their way to the cloud. From the beginning, HPE Aruba has opted for a software-defined approach, which they say makes them more agile and able to switch faster. Like many other network parties, Aruba customers often also work with an on-premise application for managing the network, in this case, Aruba Airwave. However, this is only a matter of time, because the future is Aruba Central. An application that is currently only available in the cloud, but with which all Aruba equipment can be managed. In time, the features that are not yet in Central will have to be migrated out of Airwave. Like that, Airwave can get to an end-of-life eventually.
For Aruba customers who are worried about the cloud, rest assured. There will also be an on-premise version of Aruba in due course, probably in the form of a VM. This will allow the customer to choose where to run the single pane of glass of his network, although the cloud will, of course, remain a good option for most businesses. In that case, HPE Aruba also ensures that the customer always has the latest version of the control panel at his or her disposal.
Aruba Central with ClearPass Device Insight is a good match
As mentioned before, with Aruba Central, the complete network can be managed. However, the combination with ClearPass Device Insight makes the offer of HPE Aruba much more interesting. With ClearPass Device Insight, Aruba is able to detect what kind of client is connected to the network. This can be wireless or wired. For this purpose, it analyses the traffic patterns and compares them with a gigantic database that HPE Aruba has created, which is getting better every day with the help of customers. In this way, Aruba can not only detect whether something is a laptop or a smartphone, because that’s not so difficult. It can also detect what kind of industrial machines are part of the network.
Subsequently, policies can be applied to the connected client, based on all kinds of different types of devices. As standard, HPE Aruba offers a whole series of templates for this, which are designed together with customers and based on best practices. Companies can implement these templates or use them as a basis for their own policies. Some examples of templates are guest users (lowest network access), PC’s, mobile devices, camera systems, printers, IoT devices, industrial devices, telephony and medical devices. Each of these categories requires a different policy. For example, camera systems and telephone traffic can be treated completely separately. For example, not every PC in the network needs to be able to connect to the security cameras. Also, telephone traffic (VoIP) is traffic that must have priority, but might be separated from other traffic. We can go on like this for a while.
HPE Aruba classifies clients in the right category using ClearPass Device Insight. If that doesn’t work, a client is given access as a guest user and can’t connect to anything within the company network. Should it still be an old industrial application, the administrator can indicate in ClearPass in which category the device belongs and have HPE Aruba analyse it, so that the technology may be able to recognise this device automatically in the future. As a result, HPE Aruba’s database continues to improve itself.
Dividing the network into VLANs with ports and configurations per switch is therefore truly a thing of the past. Everything is software-defined and is done on the basis of classifications of the endpoint, either in a category or individually. This all comes from Aruba Central, on one single pane of glass. This makes managing a network much simpler and less time-consuming. In addition, enterprise networks are getting bigger and bigger and tackling problems is becoming more and more complex. The next step is to apply AI and machine learning to solve problems automatically. This is somewhat the point where many network parties are now, including HPE Aruba. Some automatic detection and troubleshooting is already possible, but it is certainly not perfect or fully automated yet. In the coming years, we will probably see a lot of development in this area.
Hybrid network, old and new together
One of the issues we encountered with various partners of network parties is the challenge to roll out a new software-defined network based on an endpoint or category policy. The network equipment that now often hangs there is not always suitable for this, because it is outdated. Replacing a complete enterprise network in one fell swoop is also impossible, because we often talk about hundreds of switches and thousands of access points. You can’t replace such an amount in one night or weekend. HPE Aruba offers a hybrid mode where old and new can work together. The company starts at the top of the network by replacing the equipment, and the current configuration is migrated one-to-one to a new Aruba switch. As a result, all VLAN policies remain in place and the policy-based setup of the network can then begin. This is because the software layer of HPE Aruba overrides the old familiar network. In this way, the network can be replaced in phases, and as soon as people think they have replaced everything, the VLANs can all be downgraded to guest access. Any problems or missed configurations are quickly revealed.
Ultimately, large organisations with hundreds of switches and thousands of access points do not know what their network looks like exactly. As a result, the network cannot be replaced at once. By doing it in phases and using ClearPass Device Insight to take a close look at what kind of devices are found, the IT department has much less stress and time pressure when rolling out a new software-defined network.
The next step is the Internet of Things
Something where HPE and HPE Aruba are going to work together is in the field of Internet of Things and edge computing. In the coming years, more and more “stupid” devices will be connected to the Internet by means of edge computing. Industrial equipment will be provided with sensors or the existing sensors will be linked to edge computers that HPE will build. These will then be connected to the network and all data will have to be brought together in a data pool to apply analytics. Some data will be more important than others. Aruba can ensure that the priority is properly arranged. Devices can also be detected and automatically assigned to the right category. If necessary, SD-WAN can also be used to establish an optimal connection to cloud services to ensure an optimal connection. Ultimately, the entire edge and IoT strategy depends on HPE and HPE Aruba. HPE must provide the right hardware or storage solution and HPE Aruba must ensure that the data gets to the right place as quickly as possible. One step that still needs to be taken is a single pane of glass where HPE and HPE Aruba come together. For now, this is not possible yet, but it is also not something that is very unrealistic, given HPE’s great IoT/edge ambitions.