Edge-to-cloud networking with Aruba EdgeConnect SD-WAN

By Shaun Neal, Blog Contributor

Aruba recently presented their vision of the Silver Peak integration into the Aruba family, now branded as EdgeConnect Enterprise. Aruba augmented a number of existing solutions to round out the offering with EdgeConnect SD-Branch, Microbranch, and Mobile. The mix of solutions here enables use-case based right sizing of the hardware. Aruba's pivot to support this space and expand the existing footprint from mostly on-premises solutions to enabling robust solutions for the entire spectrum of work environments from large enterprise to remote worker and SOHO spaces is necessary in today's environment. The traditional practice of "protecting four walls" is antiquated as users connect from everywhere, with a much larger percentage now remote.

Adjusting from the traditional thinking of each device role to its role in this environment makes sense when following the use case:

  • EdgeConnect Mobile - VIA for remote VPN users
  • EdgeConnect Microbranch - RAP/IAP for SOHO users
  • EdgeConnect SD-Branch - "Office in a Box" style use cases
  • EdgeConnect Enterprise - large office, enterprise use cases

Tying together known device types leveraging AOS10 and Aruba's policy engines, and creating intent-based profiles that seamlessly work across the LAN, SD-WAN, endpoints, and now extend out to SASE platforms, creates a great opportunity to meet customers where they are at in their journey and a point of differentiation for Aruba, who has always leaned into the best of breed space. This step is an important shift in the paradigm of providing NAC-like solutions in the corporate environment, while many home connections go unsecured. A holistic approach that weaves these use cases together in a simplified way might take a little adjusting to, but is necessary in today's hybrid work environment.

The Aruba Central management platform enables the extension of role-based policy controls and infusion into the SD-WAN environment through Aruba ClearPass or through options like radius snooping or proxies, or VXLAN to enforce roles out at the enterprise edge. Leveraging existing technologies to then intelligently apply policies to create this new functionality offers numerous new ways to segment and secure traffic. Additionally, being able to dynamically recognize devices and drive them to a user profile based off known characteristics simplifies tasks of dealing with IoT type devices in all cases.

The approach used for EdgeConnect should be able to pair with the existing mobility overlay methods that Aruba is using and allow for automated, yet complex, network topologies that are created by policy rather than extensive engineering. There is room for adding additional capability to the environment, supporting workflows, and providing nuanced control of the network. Enabling an organization to spend more time to focus on policy and intent of its enforcement can enable more reliable delivery of applications and create a better and more customized user experience. Aruba's solution also addresses some of the concerns left by some manufacturers as legacy WAN optimization is no longer enough; the need to distribute internet access and provide control at the edge can facilitate migration to the cloud.

The Edge to Cloud story highlights that these solutions provide the last mile of connectivity from application to user, and if it can be done such that it enables the users to consume that data on their own terms from location to device to media type, it is a big win for everyone. I look forward to watching this solution continue refine and mature and further integrate into the Aruba product portfolio.