Aruba extends policy enforcement across campus networks, WANs
Aruba Networks is aiming to give customers greater application visibility and the ability to control security policy enforcement across their campus and wide area networks.
The network subsidiary of Hewlett Packard Enterprise is enhancing NetConductor, a cloud-based service that let enterprises centrally manage the security of distributed networks, simplify policy provisioning, and automate the orchestration of network configurations in wired, wireless, and WAN infrastructures.
NetConductor works by delivering a network overlay based on Ethernet VPN (EVPN) and virtual extensible LAN (VXLAN) across a customer’s wired and wireless networks, with the aim of bringing a unified and simplified view of the network and allowing the networking and security management teams to collaborate to solve problems, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.
The new release of NetConductor specifically extends and brings application visibility and policy enforcement to its flagship CX 6300 enterprise network access and aggregation switches and 6400 data center core switches.
NetConductor now can express access-control policies based on role and identity and the business outcome that they’re looking for, with those switches at the center, Lunetta said. “So instead of having to individually program each switch, access point and gateway, the specific VLAN configurations and ACLs [access control lists], that’s all abstracted now in NetConductor. The security and the networking team can very simply express those access-control policies without having to know every device address and detail.”
The new release also now extends NetConductor’s ability to propagate security policies throughout the distributed enterprise via HPE Aruba Networking EdgeConnect SD-WAN and SD-Branch solutions. With WAN support for standards-based EVPN-VXLAN gateways, organizations can now define policy once and enforce it everywhere, from the edge to the cloud, Lunetta said.
Regardless of where a user or device is connecting from, the same application-aware access-control policy can be globally enforced, Lunetta said. And adding enforcement capabilities within the campus switching and WAN infrastructure eliminates unnecessary transit of data through central policy enforcement points, effectively bringing policy enforcement closer to the user and optimizing network performance, Lunetta said.
In the past, NetConductor had application awareness, which let customers set bandwidth policies, for example. Now it adds support for EVPN and VXLAN capabilities, so it can simply read the traffic tags and implement security policies in addition to operations policies across the board, Lunetta said.
The new version of NetConductor can also better discover any IoT devices that are in the enterprise and then automatically assign, propagate, and enforce policies for those IoT devices just as they do for users, Lunetta said.
“So, let’s take MRI machines in a healthcare company that may have just been installed, often outside of the purview of IT. NetConductor client insights will find them, fingerprint them, and assign the policy automatically,” Lunetta said.
Aruba’s long-term goal is to unite all its software and hardware and let customers secure and manage it under a single policy, Lunetta said. For example, the company has security software from its recent purchase of cloud security vendor Axis Security, and it has its own secure service edge (SSE) software, and each has a policy manager.
At the August Black Hat event, Aruba previewed an overarching centralized policy manager that it said will operate and control its entire enterprise networking and security system. Such a policy manager would stretch across Aruba’s EdgeConnect SD-WAN, SD-Branch and Microbranch offerings as well as its developing Aruba SSE platform and be centered on its ClearPass policy management platform and central management platform, Aruba Central.
“The bigger picture here is that we want to get to a universal policy that’s uniform, that customers can execute and enforce across all applications and services. [It’s] very powerful, and that’s where we are heading,” Lunetta said.
The new release of NetConductor is available now.
Copyright © 2023 IDG Communications, Inc.