Aruba has partnered with chipmaker Pensando to develop a switch with embedded security. The device lets companies build a switching fabric across multiple data center locations.
Aruba, a Hewlett Packard Enterprise company, introduced the CX 10000 on Tuesday. The 48-port L2/L3 Ethernet switch contains two Pensando ASICs dedicated to running security services, load balancing and firewalls. Under the partnership, Aruba has exclusive rights to the chips for the next 12 months.
The embedded security means companies can perform it directly at the leaf level of a leaf-spine architecture. That avoids directing traffic through separate devices in the private data center or colocation facility.
John Gray, Aruba's data center marketing lead, said having security services in the data center switch bolsters performance by having them as close as possible to the applications. "Architecturally, it's a better solution," he said.
The proximity of security in cloud computing environments is crucial when the east-west network traffic comes from high-volume cloud-native applications built on a microservices architecture.
Aruba has designed the CX 10000 to manage multiple switches across locations as a single fabric.
"You can almost think of it as creating a distributed switch fabric," said Zeus Kerravala, the founder and principal analyst of ZK Research.
Last December, Aruba introduced Fabric Composer, network orchestration software for its CX line of data center switches, which run the AOS-CX network operating system. The software lets network managers provision and perform switch-by-switch configuration changes in a leaf-spine architecture.
Aruba's integration of switching and security functionalities could receive pushback from IT teams in large enterprises that historically manage those operations separately. However, Brad Casemore, research vice president at IDC, said the technology appeared sound.
"I'm sure this is very robust technology, but you're asking people to change," he said. "You're asking people to change for good reasons, but you're still asking people to change."
Despite the skepticism, the concept of a distributed switch with multiple capabilities is the direction that analysts expect the network market to go.
Distributed switches are "going to be a very big market as enterprises realize that traditional networking constructs really don't work as [they] move into these distributed environments," Casemore said. "I can see why Aruba HPE would want to get a piece of that -- it's going to be a very key need for enterprises as we roll forward over the next few years."
Kerravala went so far as to predict impending "distributed switch wars" between vendors. Pensando's rival Nvidia has similar technology for running security on the network interface card plugged into switches.
The $45,000 CX 10000 provides the most cost savings when deployed at scale, analysts said. Therefore, the product will likely appeal to large enterprises with multiple data centers. Aruba plans to add IPsec support for that audience soon. The added security feature will cost more.
Aruba plans to make the CX 10000 generally available in January.
Madelaine Millar is a news writer covering network technology at TechTarget. She has previously written about science and technology for MIT's Lincoln Laboratory and the Khoury College of Computer Science, as well as covering community news for Boston Globe Media. She is a class of '21 graduate of Northeastern University, and originally hails from Missoula, Montana.