Cisco DNA? Stay leaps ahead with Aruba Mobile First

By Dave Chen, Senior Product Marketing Manager
Share Post

What does a high-tech luxury manufacturer like Tesla have in common with a traditional automaker? They both provide vehicles that get you where you need to go, and competitive performance, options, and features. But the difference really comes in how these vehicles are designed. The former brings a cloud-first architecture with new technologies, over-the-air software updates, and machine learning, while the latter is grown from a legacy model that's slow to change, and may require more-than-annual maintenance.

…Do you see where I'm going with this?

Customers are not easily fooled. Coming off of HPE Discover 2017 in Las Vegas last week, we talked to many customers who are tired of Cisco's propaganda and vendor lock-in strategy using complex architecture. They want to build networking that secures for IoT and delivers a better user experience with open APIs, flexible deployment, and always-on availability – not held back by closed, proprietary updates from any single vendor. As Aruba delivers this with best-of-breed 21st-century innovation, Cisco finds itself in reverse, sowing FEAR, UNCERTAINTY, and DOUBT (FUD) by touting technologies they created back in the mid-90's when Al Gore created the Internet.

Cisco loses all credibility


Let's take their latest bold claim against standards-based sFlow vs. NetFlow stewarded by Miercom. Providing no scientific procedure, configuration, sample frequency, nor the latest software like ArubaOS 8 or sFlow version info, the bias in this Cisco-sponsored report is unsurprising. Miercom did not mention that sFlow packet sampling is configurable, and fails to recognize that just identifying traffic type and volume neglects how and what kind of data is transferred and analyzed. NetFlow's impact on CPU performance is based on how much and what kind of data it transfers to a collector, which quickly proves hard at scale. Cisco's NetFlow is also deployed inconsistently across their portfolio, focused on the distribution/campus core level. It's not supported on the Catalyst 2K, and only supported via software with the Catalyst 6K. For more information on sFlow technology, check out

Now let's take this conversation in context. By focusing on just a specific feature to a specific switch series, Cisco is losing their credibility by claiming they can boost overall network performance and security. What's more, Cisco never took the behavior and intent of users and devices into account, which is more critical for threat mitigation. We'll take a closer look at Aruba's Niara technology in a future blog, so stay tuned. Much like their attack on sFlow, Cisco's competitive strategy hypocritically samples specific features listed in the Miercom report to justify their network solution. In any professional or academic setting, Cisco's modus operandi is just to create 'fake news'.

Aruba takes immense pride in our customer-first, customer-last culture. A customer that chooses to partner with us as a vendor humbles us with their trust in us to deliver their solution. In many cases, our customers have run a certain level of risk in going all-in with Aruba and training on our software-centric solution vs. their incumbent, legacy hardware, however that all changes now with the resources of HPE. Just like in the car analogy, the benefits of a new approach outweigh the history they've had with their legacy model – and all the maintenance and appliances that go with it.

A True Game-Changer


With Aruba's Mobile First Platform, we introduce the game-changing 8400 Series Campus Core Switch to analyze traffic and accelerate application troubleshooting. Rather than require disparate network elements to mitigate risk, the 8400 Series takes a unifying role in performing network analytics from access to aggregation. The 8400 introduces RESTful programmability and automation with ArubaOS-CX and integrated Network Analytics Engine to analyze and pull data for dynamic decision-making. In other words, when a user's voice stream begins consuming more bandwidth than a threshold permits, the 8400 can respond to the event by establishing an IPSec tunnel to the local area network, identifying a problem switch, and performing a root cause analysis. Using RESTful APIs, IFTTT (If this, then that), and other automated policies, the 8400 can proactively trigger a capture and potentially close the port. This is a sweeping technology that redefines and revitalizes the core of your network with no impact to performance.

Mobile First Solution for Digital Work

Screenshot 2017-06-13 13.31.12.png

The adoption of cloud-based solutions positions Aruba's Mobile First Platform in the heart of customer networks. Aruba's Mobility Controller assumes the role of a wired and wireless traffic cop with Tunneled Node. The Mobility Controller treats a switch as a "wired AP", and processes wired packets just as it does with wireless packets to perform authentication, stateful firewall and application identity with deep packet inspection based on role-based policy. This means the rich application visibility that Aruba has on the wireless is seamlessly extended from WLAN to LAN and WAN. Aruba's application engine, AppRF, supports over 2500 apps and categories (and counting) and is fully integrated into the Mobility Controller. Cisco's standalone APIC-EM appliance requires an EasyQoS app that only supports 1300 apps.

For the constant mobility in digital workspaces, Aruba also integrates a Unified Communications and Collaboration (UCC) dashboard complete with call quality metrics to correlate with network diagnostics. The dashboard visualizes Skype and Lync traffic, as well as Cisco Jabber, SIP, Vocera, and others. Cisco, in stark contrast, doesn't provide a UCC dashboard for voice and video diagnostics gave their heavy investment in legacy SIP telephony - Aruba solutions continue to focus on the innovative. Read more here.

Screenshot 2017-06-13 13.37.23.png

Regarding security, Cisco-Miercom comes up short by claiming ISE was "easier and faster" than ClearPass with no justification. ClearPass enables profiling without any licenses, and doesn't require the use of dedicated "personas", meaning 40 ISE appliances all of a sudden becomes as little as four ClearPass ones. ClearPass can also be deployed as a multivendor, wired and wireless policy system to act as a AAA, RADIUS CoA, and Extension service for RESTful third party integration. In the case of a threat being identified and contained by the network, ClearPass with Extensions can proactively restrict access based on user context, inform MobileIron to lock the device and apps, and notify a Helpdesk system like ServiceNow to log a ticket for immediate follow-up. This deployment flexibility and automation empower IT by delivering a simple platform to detect and protect the network from risky behavior end-to-end.

As legacy network vendors like Cisco continue at questionable speeds and feeds argument, customers are recognizing more and more their limited and incoherent range of benefits. Aruba, in its role as the leading networking vendor, offers a wide range of benefits through all stages of a customer's journey, providing a platform to unify management and policy, optimize performance and security through analytics, and deliver unparalleled customer intimacy and service.