SD-WAN

 View Only
last person joined: yesterday 

Forum to discuss HPE Aruba EdgeConnect SD-WAN and SD-Branch solutions. This includes SD-WAN Orchestration WAN edge network functions - routing, security, zone-based firewall, segmentation and WAN optimization, micro-branch solutions, best practics, and third-party integrations. All things SD-WAN!
Back to discussions
Expand all | Collapse all

Q&A: Ask the Experts HPE Aruba Networking SSE

This thread has been viewed 123 times

  • 1.  Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 12:01 AM

    Hello, Airheads! It’s @JSpieg and @Jaye.Tillson from HPE Aruba Networking. We’re looking forward to answering your questions today. Just post them to this thread and we’ll get back to you. (Friendly reminder: Your HPE Aruba Networking support team is available to help with specific troubleshooting questions.) 

    You might be wondering, why are we talking about security and SSE today? Well, the stakes have never been higher for organizations when it comes to digital transformation and information security. Did you know: 

    • The biggest challenge organizations face in securing the modern workplace is adopting a Zero Trust access strategy? 

    • 63% of businesses use over 3 security solutions just to provide employees and partners with access to business resources? 

    • 65% of organizations plan to adopt SSE within the next 2 years? 

    (Get more details in the report.) 

    We want to know: What questions do you have about security, SSE, and protecting your organization? 



  • 2.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    Posted Oct 18, 2023 09:07 AM

    What is needed to take advantage of SSE on an existing network with only Aruba controllers, edge switches, and APs?


    Original Message


  • 3.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 09:25 AM

    Security Service Edge (SSE) is a framework to deliver elements of the security stack that were previously on-prem (remote access, proxy firewalling, data loss prevention to name a few) in a software format via the Cloud. As a result, it can run over any network type as long as there is access to the Internet.  Its goal is to address the distributed nature of today's applications and employees.  Both have left the 4 walls of the data center and campus/branch office.  Think of it as a next generation application delivery system….

    Now, to answer your question, does HPE/Aruba's SSE have an advantage over other SSE solutions when used on conjunction with Aruba APs and switches?  Stay tuned.  We are in the garage working on something really cool.  Can't say what yet but I think you will like it!


    Original Message


  • 4.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    Posted Oct 18, 2023 11:01 AM

    Thanks.

    Can you tell me what I would need to enable SSE? Which elements of the security stack are you referring to?


    Original Message


  • 5.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 11:21 AM

    Great question.  In the past, network and security elements were provided as point products from various vendors.  This was all well and nice until the rise of Cloud.  The change led to a great rethink of networking and security in industry.  The result was the identification of the need for an integrated set of services aligned with a significant change in the delivery of Wide Area Network (WAN) access, namely SDWAN. The result was a framework called Secure Access Service Edge (SASE).    SSE is a subset of SASE focused on security. 

    The SSE framework includes the following elements - Zero Trust Network Access (ZTNA), Secure Web Gateway (SWG), Cloud Access Security Broker (CASB), Data Loss Prevention (DLP) and Digital Experience Management (DEM).   It is delivered in an "as a service" format via the Cloud.  The focus is about delivering applications whether they are in the Cloud or on-prem. 


    Original Message


  • 6.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    Posted Oct 18, 2023 01:03 PM

    I have Aruba hardware secured by NPS in a single site. It seems like without a distributed network it may not apply to me. It that a correct assumption?


    Original Message


  • 7.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 09:28 AM

    @Jaye.Tillson what is ZTNA and how can it be leveraged to accelerate a zero trust program?


    Original Message


  • 8.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 09:54 AM

    @jspieg ZTNA stands for Zero Trust Network Access and is a new way of doing remote access that connects users just to the service that they require access to. This means that unlike with a legacy VPN users do not get access to the 'full network' allowing them to go anywhere and also there are no hardware devices 'beaconing' their IP's to the Internet and open to attack. Instead, a connector creates an outbound-only connection to the SSE cloud.



    ------------------------------
    Jaye Tillson
    Field CTO, and Co-Host of the SSE Forum
    ------------------------------

    Original Message


  • 9.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 10:04 AM

    @Jaye.Tillson what is zero trust and why as networkers should we be learning it and considering it as we build our networks?


    Original Message


  • 10.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 12:03 PM

    Zero trust is a concept created by John Kindervag in 2010 when he was at Forester. The concept is 'never trust, always verify'. It is about connecting a user and their device to the 'service' they require and nothing more. This is almost the opposite of how we have historically developed our networks which has left the door open for things like ransomware and insider threat. The rise of these types of cyber attacks has raised the profile of zero trust again and it should be at the core of all the architectural designs we do moving forward.



    ------------------------------
    Jaye Tillson
    Field CTO, and Co-Host of the SSE Forum
    ------------------------------

    Original Message


  • 11.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    EMPLOYEE
    Posted Oct 18, 2023 10:22 AM

    For everyone looking for an overview of SSE, excellent light board session by @Jaye.Tillson -https://www.arubanetworks.com/video/?v=Products%20and%20Solutions/LB1_SSE-WITH-AXIS-2.mp4&width=960&height=540&t=Protecting%20Hybrid%20Workers%20with%20SSE


    Original Message


  • 12.  RE: Q&A: Ask the Experts HPE Aruba Networking SSE

    Posted Oct 18, 2023 09:31 AM

    Any SSE solution requires traffic to the Internet to be sent via the SSE-service. This can be done using an agent on an end-point or through routing it via a tunnel from a site. Unless your AP is a RAP/Microbranch it will not support that tunnel. Switches are L2 by design and do not build (IPsec) tunnels.

    If you don't have a Branch Gateway or SD-WAN router, then you would need to either use agents on all devices to be protected or build the IPsec tunnel from a (non-Aruba) router, which is possible too.

    This only is relevant for the SWG, CASB and DLP features. ZTNA is inbound and only needs a connector hosted on the internal network.



    ------------------------------
    Jan-Willem
    ------------------------------

    Original Message