Aruba Fully Integrates Silver Peak SD-WAN, Unveils SASE Strategy

HPE bought Silver Peak last year and brought it into the Aruba business unit.

James Anderson, Senior News Editor

April 13, 2021

7 Min Read
SASE network edge
Getty Images

ARUBA ATMOSPHERE — Aruba Networks has built more automation, visibility and security into the Silver Peak SD-WAN offering it acquired last year.

The networking vendor on Tuesday unveiled upgrades and integrations to its Edge Services Platform (ESP). Aruba enhanced its EdgeConnect SD-WAN edge offer (formerly of Silver Peak) in addition to updating its Orchestrator management console (also formerly of Silver Peak). Aruba also added Netskope to its roster of cloud security partners and emphasized its commitment to taking a best-of-breed approach to the secure access service edge (SASE).

The vendor rolled out its Edge Services Platform (ESP) back in June. The company said at the time that it intended to use the AI-powered, cloud-based platform to “unify and protect the edge.” Then HPE, which owns Aruba, announced the purchase of SD-WAN provider Silver Peak a month later. The $925 million acquisition brought Silver Peak into the Aruba Business unit.

Integration

Muralt-Rolf_Aruba-1-e1618324973659-217x300.jpg

Aruba’s Rolf Muralt

Rolf Muralt, Aruba’s senior director of product management, said that although Aruba wanted to make the Silver Peak EdgeConnect solution more complete, the buyer wanted to maintain Silver Peak’s distinctive “elements of innovation.” He said Silver Peak uses centralized orchestration to assign business-intent policies. In addition, he said the updated offering keeps an interface that Silver Peak partners and customers will find familiar.

“For years as an independent company, customers understood that we had this great application identification engine and how important that was from a quality of experience point of view to use MPLS, internet [and] LTE connections, but be sure that the network that was delivered to the application actually fit the topology and the quality of experience that the app wanted,” Muralt said.

However, Muralt said customers were requesting more visibility into their users and devices.

“Whose flow did we just classify from an application point of view? Who was the user that triggered that? What was the device that triggered that? What was the role? Is it maybe the small percentage of traffic that needs closer inspection?” Muralt said.

IoT Problems

According to Muralt, customers in the 50-200 site range were seeing more IoT devices on the network. For example, devices like cameras and point-of-sale terminals were multiplying and presenting problems.

“That traffic was very hard to secure, because you can’t go and install an agent on top of them,” Muralt said.

Therefore, Aruba has integrated its ClearPass Policy Manager with EdgeConnect in order to improve visibility and segmentation. ClearPass ensures that users and devices can only communicate with destinations consistent with their role. For example, a camera only needs to communicate with the surveillance department. A point-of-sale device needs to go to the financial transaction back end but perhaps also to an onsite printer. ClearPass keeps the IoT device in that segment to keep it out of trouble.

Here’s our most recent list of new products and services that agents, VARs, MSPs and other partners offer.

“The only way you can secure this device’s traffic is by limiting its lateral movements,” Muralt said. “If something is compromised, make sure it can’t take over something else. If your HVAC is compromised, make sure that it can’t then move over to getting insights into the point-of-sale stuff.”

Partner Opportunities

Paul Kaspian, Aruba’s senior marketing manager for enterprise security, said EdgeConnect partners and customers can now establish more granular policies pertaining to users, roles and devices. Previously, Silver Peak relied on application-centric intelligence in order to steer traffic, but now it can utilize Aruba’s “rich user telemetry.”

Kaspian-Paul_Aruba-4-150x150.png

Aruba’s Paul Kaspian

Kaspian pointed to the ClearPass/EdgeConnect integration as an opportunity to add professional services. They can help customers handle their proliferating number of IoT devices. Partners can go into the customer location, take inventory of the customer’s various IoT devices using ClearPass, and help the customer segment and protect the traffic.

“We see that as an engagement a partner can do, being the adviser and guiding the customer on the journey of getting better security,” Kaspian said.

Security and SASE

Aruba also integrated Threat Defense, its unified threat management (UTM) solution, into EdgeConnect. As a result, the Silver Peak-based solution and Aruba’s pre-existing SD-Branch solution share a common defense infrastructure. That defense includes …

… advanced intrusion detection and prevention (IDS/IPS) capabilities for physical and virtual appliances.

Aruba also introduced a new service orchestration provisioning workflow to the Silver Peak Unity Orchestrator. The change gives the orchestrator preconfigured default information for multiple cloud security services. As a result, branch network administrators can more easily onboard the security vendor partners of their choice. Previously, partners and customers went through a tedious process of connecting branch locations to security partners’ points of presence and cloud data centers.

“The automation helps them deploy it a lot more quickly with a lot less complexity. The partner’s not sitting around configuring manual tunnel after tunnel across 800 sites,” Kaspian said.

Netskope most recently joined Aruba’s six other security partners: Check Point, Forcepoint, McAfee, Palo Alto Networks, Symantec and Zscaler. However, Aruba has made its platform more open so that partners can bring additional security partners on board. The platform allows a partner who comes to Aruba asking if they can create a solution around a different security vendor, such as Cloudflare.

Flexibility

Aruba’s multivendor approach to security reveals its vision for SASE. The company cited a Ponemon Institute survey that found that 70% of customers want to take a best-of-breed approach to zero trust and SASE infrastructure.

DePuy-Chris_650-Group-e1618263938812-233x300.jpg

650 Group’s Chris DePuy

Chris DePuy, founding technology analyst at 650 Group, said enterprises are more and more often considering multivendor cloud security services rather than attempting to consume all of the SASE features from the same vendor.

“Aruba’s approach strikes a balance between delivering on-premises security functionality at the WAN edge and providing customers with the freedom of choice to integrate leading cloud-delivered security services from partners like Zscaler, Netskope and Check Point. This multivendor partnering strategy provides enterprises with the flexibility to continue working with existing vendors or shift toward ‘best-of-breed’ systems,” DePuy said.

David Hughes, who founded Silver Peak and now leads Aruba’s WAN business, praised the integrations. He said customers can “move at their own pace” as they transition to a “cloud-centric WAN.”

Hughes-David_Silver-Peak.jpg

Aruba’s David Hughes

“Enterprise customers can deploy our on-premises EdgeConnect WAN edge platform to enforce policy from the edge, and easily integrate with leading cloud-delivered security services from the vendor of their choice, all centrally controlled within Aruba Orchestrator.”

Integrating Differently

Muralt said Aruba sought to integrate Silver Peak in a manner different than other buyers have integrated SD-WAN companies into their portfolios. Specifically, how does the SD-WAN solution relate to pre-existing solutions in the buyer’s portfolio?

Aruba already offers a virtual intranet access client (VIA) that serves mobile workers, remote access points (RAP) that can set up a micro-branch, a software-defined branch (SD-branch) solution and now the EdgeConnect SD-WAN solution. Muralt said Aruba wanted to unify the experience among these four solutions so that customers don’t feel locked into using a single one.

For example, consider a large grocery chain that has both corporate offices and hundreds of store locations. Customers can deploy the EdgeConnect SD-WAN offering at the head offices in order to meet the more complex routing needs. But they can use SD-branch offering at the “cookie-cutter” grocery store locations.

Muralt said this approach differs from other vendors that require the customer to “go down one path or the other.” He pointed to Cisco’s Viptela and Meraki as solutions that customers need to decide between.

“We’re committing and converging the management and connectivity of these different footprints so that a customer can mix and match all of these,” Muralt said.

Aruba executives will detail more of the product updates at their Atmosphere virtual conference Tuesday and Wednesday.

About the Author

James Anderson

Senior News Editor, Channel Futures

James Anderson is a senior news editor for Channel Futures. He interned with Informa while working toward his degree in journalism from Arizona State University, then joined the company after graduating. He writes about SD-WAN, telecom and cablecos, technology services distributors and carriers. He has served as a moderator for multiple panels at Channel Partners events.

Free Newsletters for the Channel
Register for Your Free Newsletter Now

You May Also Like