Aruba taps ClearPass, Central for SD-Branch management

Aruba, a Hewlett Packard Enterprise company, has unveiled software-based wired and wireless networking for the branch that includes a cloud-managed software-defined WAN.

This week, Aruba introduced the software-defined branch technology at the HPE Discover conference in Las Vegas. The latest product, which comprises software and hardware, operates in conjunction with the Aruba Central cloud-based management platform and the Aruba ClearPass policy manager for network access control.

Combined with Aruba access points and switches, the system provides everything a customer needs to run a LAN and an SD-WAN. The latter is for routing traffic to and from the corporate data center, IoT devices and SaaS and IaaS applications. IoT devices could include surveillance cameras, point-of-sale systems, and air conditioning and heating systems.

Aruba's offering is best-suited for enterprises with a wireless-first strategy in the branch, said Will Townsend, an analyst at Moor Insights & Strategy, based in Austin, Texas. "When you look at SD-Branch and look at what Aruba is doing, it's going to be ideally suited for a greenfield deployment -- with mobile the trick -- and a midmarket-type profile of the customer."

SD-Branch is a recent concept. The approach simplifies networking by using one device for multiple services, such as routing and firewalls. Aruba's multi-function device is a gateway appliance a customer would deploy on each site.

The device includes an SD-WAN that routes traffic across the branch's various links, including MPLS, LTE and broadband. The hardware also executes ClearPass access policies for individuals, groups of people, desktops and mobile and IoT devices. IT staff create the policies that define the available infrastructure, applications and data.

"We're collapsing that SD-WAN functionality into the gateway and now the gateway becomes the central point of policy enforcement within the branch," said Lissa Hollinger, a vice president of product and solutions marketing at Aruba.

Aruba Central oversees the SD-WAN, as well as the branch's access points (APs), switches and routers. The cloud-based application also stores reusable configuration templates for gateways, APs and switches. Central uses the ClearPass-generated templates to automatically provision new devices.

Other components of the Aruba system include a headend gateway at the corporate data center that creates an IPsec tunnel to each branch. The device also has a firewall with essential features for bidirectional filtering of data center traffic.

For customers that want more security, Aruba provides the option of integrating the branch gateway with cloud-based firewalls from Check Point Software Technologies, Palo Alto Networks and Zscaler.

"The integration of [data protection] for WAN services and ClearPass for policy management makes this a competitive offering in the marketplace," said Mark Hung, an analyst at Gartner.

To lessen the workload of IT staff, Aruba offers a mobile installer app. When a gateway, switch or AP arrives at a branch office, a nontechnical person can scan its barcode with the app to ensure the device is for that location. The process avoids getting hardware that isn't registered to download the preset configurations for that branch.

Primary users of LANs built with Aruba technology include businesses within the retail, hospitality and healthcare industries. Aruba's largest enterprise customers typically have an IT staff of less than a dozen people managing from 2,500 to 3,000 branch offices, according to Hollinger. 

Aruba sells the SD-Branch technology as part of Aruba Central. The gateways have a starting price of $1,495, plus an annual subscription of $450. Aruba plans to release the technology in July.