Crush Policy Chaos with Dynamic Segmentation

By Dave Chen, Senior Product Marketing Manager
Share Post

This blog is the fourth in a series that explores use cases for Aruba’s Dynamic Segmentation solution. In the first blog, I explored how Dynamic Segmentation can simplify and secure networks. Next, I focused on how Dynamic Segmentation is a more efficient way to enforce application priorities to deliver a great user experience. Dynamic Segmentation also can improve device visibility, a growing necessity with the accelerating adoption of IoT.

The champagne corks have popped, and the acquisition is inked. Now the real work of business integration begins.

Matteo is overseeing the technology integration of Crystal Springs Gourmet Foods' 50 locations into Forge Mountain Country Market. During the last acquisition, Mateo created a massively complicated spreadsheet to map policies to users, devices, locations and applications, and to track the VLANs needed. Then he spent many, many hours individually configuring policies on hundreds of network devices.

Matteo is taking a different approach this time. He will create, configure and manage all policies centrally – which will then automatically update the configurations for access points, switches, mobility controllers and other network devices.

With centralized policy configuration and management, Matteo doesn’t have to worry about the gaps between what’s in the spreadsheet and what actually got implemented. He doesn’t have to worry about fat-fingering a configuration and causing network downtime. He doesn’t have to worry about an update failing because different switches have different configurations. Nor does he worry about committing huge resources to future policy updates, as new regulations come into play or software updates or patches need to be applied to network devices.

Centrally Create and Manage Policies to Reduce Risk
In a distributed enterprise, policy management is quite complex and understanding the interlocking dependencies can be difficult.

Aruba’s Dynamic Segmentation solution is a modern, simpler way to centralize and manage security policies consistently across wired and wireless networks, reducing the risk of policy gaps and human errors, and improving the user experience, network availability and compliance.

Dynamic Segmentation functionality is built into the Aruba Policy Enforcement Firewall (PEF), and it leverages other elements in the Aruba infrastructure, including ClearPass, access points, switches and mobility controllers.

Aruba ClearPass is used to centrally define and manage policies. IT can set detailed, role-based access control polices for each user, device type and application across all locations. PEF is leveraged to gain awareness into more than 3000 applications, so IT can prioritize traffic by application as well to deliver a better user experience.

PEF is also used to dynamically manage the traffic flows across the enterprise. Traffic from a particular user or device role is encapsulated in GRE tunnels, inspected and assigned the appropriate priority, and sent to its destination. Add the Aruba SD-Branch solution into the mix, and centralized policies and dynamic enforcement are extended to branch offices.

Dynamic Segmentation eliminates the need to setup and maintain a spiderweb of VLANs to enforce policies across the enterprise, which dramatically simplifies the network architecture. Granular policies are enforced across the wired and wireless network, everywhere in the enterprise. And Matteo is ready for the company’s next acquisition, the latest privacy regulation to emerge or the upcoming compliance audit.

Go Deeper
Read our other blogs about Dynamic Segmentation.

Watch Dynamic Segmentation in action.


  • ClearPass
  • ClearPass Policy Manager
  • Dave Chen
  • Dynamic Segmentation
  • Network Design
  • Network Infrastructure
  • Network Security
  • network virtualization
  • Networking
  • Policy Enforcement Firewall
  • Security