Ask your Local SE...
@redford1980 wrote: I understand there’s a new CX range of switching; but am unclear about how you can implement and manage a multi tenanted network. What software is used to manage the entire fabric / network of switches?
Hi! I just chime in with regards to the switching part (I'm interested too, especially about how to deal with a multi-tenant network where "tenants" should be segmented and segregated at Switch layer...see here a thread about a possible approach with VRF and VRF route leaking using ArubaOS-CX): If you are planning an ArubaOS-CX only environment there is Aruba NetEdit for configuration orchestration but as NMS you need Aruba AirWave or HPE IMC (just to stay on the same vendor of your network switches), both AirWave and IMC aren't able to configure (SNMP write) ArubaOS-CX driven switches but for gathering some data they should be quite good (otherwise you can use other free/non-free NMS with less or more drawbacks). If you instead are planning a mixed environment where ArubaOS-Switch are used along ArubaOS-CX ones then probably the couple Aruba AirWave + Aruba NetEdit would be of help; if your network has also 3rd party switches or 3rd party WiFi controllers HPE IMC could support them (check) and would be potentially a better solution (eventually HPE IMC is capable of backing up ArubaOS-CX running configuration with a minimal customization, see here).
As you mentioned ACI and DNA we don't have to worry too much about "one nice GUI to handle everything without any CLI stuff". As those Cisco thingies require you to do lot's of stuff with CLI and then a lot's of stuff between different GUIs to get to that "yes it's just a single click" level.
Aruba version of GUI would be Aruba Central, but as I haven't used that myself I can't say anything about that. Except that it's a web thingie to handle all the APs, switches, SD-branch routers (SD-WAN) etc. Waiting to get some gear to try that out too, would probably be good for our remote branches.
And I think some Aruba presentation said that they are planning to do on-prem central, which would be great for us.
We ended up choosing Aruba's dynamic segmentation and Aruba wireless. Even though there's no "single pane of glass" management and monitoring for enterprise networks, the different management softwares etc. still amount to less work than what it is to deal with that "some other vendors".
With Aruba you tunnel everything from the switches to controllers. Then you assign users to different roles, and it doesn't matter if the user is wired or wireless client you still assign the same role. And you do your fw rules based on those roles. And the firewall rules are stateful, unlike that "some other vendor" that uses just switch ACLs. Also there are upper level stuff available like web site categorizations and VoIP/(Skype/Teams) recognition.
When you tunnel everything to the controller, you can assign every single user (authenticated either based on MAC address or preferably with 802.1X) to a role that you can assign fw rules to. Yes, you tunnel everything and it might eat some bandwidth etc. but in our network most of the traffic is towards the DC anyways. We could do some split-tunneling at the remote sites if we decided to. And tunneling everything towards the controller is better than just being able to do ACLs on the switches.
Of course with the new CX-series you can do VXLAN tunneling between endpoints at the access layer, controller by BGP EVPN.
At Aruba, we believe that the most dynamic customer experiences happen at the Edge. Our mission is to deliver innovative solutions that harness data at the Edge to drive powerful business outcomes.
© Copyright 2021 Hewlett Packard Enterprise Development LPAll Rights Reserved.