Close

HPE Aruba Networking Blogs

Policy-Driven Access is Critical for the Digital Workplace

By Mark Verbloot, Senior Director, Product, Solutions and Systems Engineering, Asia Pacific Region, Aruba

The digital workplace is all around us. Invisible Wi-Fi keeps businesses humming, giving employees access to the applications and resources they need to be productive. Wi-Fi is essential, connecting devices and sensors that keep control our office environments. Digital signage and location sensors help people find their way across office complexes, hospitals, and schools.

Today, we hardly give a thought to the technologies that power our workplace. But a few years back, the concept of the all-wireless workplace was new. Customers came to Aruba for our reliable, secure wireless LANs. More recently, our advances in unifying wireless and wired networks delivered even more value for customers. We pioneered role-based access and context-aware policies for wireless, and we are now doing the same for wired, so wherever the person moves or wired device moves, the network follows.

Aruba’s Mobile First Architecture continues to advance as the digital workplace evolves. Today, with advanced intelligence and automation, an Aruba network continuously adapts, protects and informs across all IT and business processes.

Consistent policy controls
As the digital workplace advances, IT managers often struggle to manage a large number of devices, whether user or IoT. With Aruba ClearPass, we enable organizations to enforce consistent, policy-based controls—and not just for wireless devices. The ability to apply the same policies across a unified wireless and wired infrastructure delivers a better user experience, and significantly streamlines IT operations.

As a central point for policy orchestration, ClearPass enables IT to create and enforce policies consistently for all devices and users, no matter how or where they connect. Policy-driven controls enable IT to adapt quickly to changing business needs, support new applications and services quickly, and remain confident that those policies are enforced consistently everywhere across the enterprise.

On the wired side, two key technologies allow for simpler and more secure operations: dynamic segmentation and colourless ports. Dynamic segmentation gives IT managers the ability to direct selected wired traffic to the same enforcement point as their wireless traffic – a mobility controller. Colourless ports simplifies the complexity not only of the initial configuration of the wired environment, but also moves, adds and changes become automatic. Simply plug your wired device into any port on the switch and the port will configure according to the policy defined for the device. The number and variety of  user and IoT devices in the digital workplace are exploding. With dynamic segmentation and colourless ports, the mobility controller, in conjunction with ClearPass, is a unified policy enforcement point for both wired and wireless clients. This simplifies policy management, improves security and reduces operational cost.

Automation lightens the IT workload
Automation is critical to simplify the configuration and operation of today’s networks, enabling the network to adapt rapidly as business conditions evolve. Reconfiguring or expanding a network to support new business needs or applications typically involves a lot of time-consuming manual work. Aruba makes that simpler with zero-touch provisioning, so that mobility controllers, branch controllers and wired switches can be automatically configured based on predetermined policies.

Industry standard programing tools such as Ansible and Python can also be used via a range of APIs to fully automate a deployment. Our customers are starting to take advantage of APIs to customize deployment workflows for their specific deployment use cases.

It’s all about user experience
People don’t really want to think about connectivity—they want Wi-Fi to work, invisibly and in the background. But delivering a consistent user experience can be difficult – especially as applications stretch from private data centers and public clouds to users in corporate headquarters or branch office locations.

Aruba’s new SD-Branch solution simplifies that challenge. Aruba extends intelligence across users, devices and applications, which enables application-level insights across the entire enterprise—right down to the user and device. What’s great about SD-Branch is that the same policy-driven access controls can now be applied at the branch as get applied at the campus using ClearPass and the SD-Branch controllers. Dynamic segmentation and colourless ports work in the same way in the branch as they do across the campus.

Built-in, active security
Aruba networks are built around a secure core. We’ve consistently introduced ground-breaking innovations in the area of encryption, physical hardening, remote access and embedded firewalls.

On top of proactive network access control and policy controls with ClearPass is machine-learning-based attack detection. Aruba IntroSpect User and Entity Behavioral Analytics (UEBA) spots small changes in behavior that are often indicative of exploits that have evaded traditional security monitoring and analytics. ClearPass and IntroSpect, overlaid on Aruba’s secure core provide unmatched analytics-driven protection against attacks.

Aruba's Mobile First Architecture delivers the foundation for uniform policy driven access that the digital workplace must have.