HPE Aruba SD WAN & SASE Cybersecurity Solutions

HPE Aruba SD WAN Solution: Comparisons, Review, Benefits, Use Cases, Pros & Cons

Author: Netify Research Team

If you have questions about HPE Aruba and how their capability is aligned to your needs, email the Netify research team. UK: uk@netify.co.uk North America: northamerica@netify.com

(Please use the UK email for ROW - Rest of the World - questions or inquiries)

Netify Review

Good choice for clients looking to optimize their WAN across large, global networks, due to HPE Aruba’s known ability to offer support for complex services using their wide range of powerful features. These features may be excessive for small-medium national businesses.

HPE Aruba does not offer their own SASE security solutions, therefore meaning that businesses will have to seek SASE from a third party. However, HPE Aruba is known to integrate well with their SASE partners (Zscaler is an example) enabling them to provide a single seamless end-to-end solution. Further, HPE Aruba have a strong history with WAN optimization, making them a good choice for companies who are already using the technology but are interested in boosting it’s performance.

About HPE Aruba

HPE Aruba is a North American SD WAN vendor based in California. They also offer solutions in Europe, the Middle East, Africa, and Asia-Pacific Countries. HPE Aruba delivers support across hybrid WAN architectures, including DIA, MPLS and VPLS. They offer SD WAN solutions such as WAN Optimization, WAN Edge Security (not SASE) and Cloud App Performance solutions. These solutions include their Aruba EdgeConnect, Aruba Orchestrator and Aruba Boost WAN Optimization products (See What is the HPE Aruba SD WAN Solution?). The company was formerly known as Silver Peak before its acquisition by Aruba (Hewlett Packard Enterprise Company) and is predicted by Gartner to have over 2000 SD WAN customers, focusing its product offering towards large global firms. HPE Aruba is noted to be a good fit for complex requirements due to the comprehensive features offered by their SD WAN platform. Services are procured mainly via their partners due to the expertise required to deliver solutions. For the fifth consecutive year, HPE Aruba was named a Leader in the 2022 Gartner® Magic Quadrant for SD WAN.

What is the HPE Aruba SD WAN Solution?

HPE Aruba’s SD WAN solution is primarily comprised of three main components: 

Aruba EdgeConnect is HPE Aruba’s SD WAN solution. This can be implemented as either physical or virtual appliances, which allows it to support most public clouds (Refer to How Does HPE Aruba Access Cloud Vendors?). Aruba EdgeConnect supports hybrid WAN architecture, which includes: DIA, MPLS, VPLS and all underlay types. 

The second major component of the HPE Aruba SD WAN solution is the Aruba Orchestrator. This part of the solution is designed to act as a central administration console, providing insight into legacy and cloud applications. The orchestrator uses business intent (See, Business Intent Overlays) to assign policies that secure and control all WAN traffic in the network. It also features policy automation, which creates a more efficient deployment of multiple branch offices, enabling consistent policies across applications.

The final component is Aruba Boost. This is an optional WAN Optimization performance pack, which is designed to improve the performance of latency-sensitive applications such as VoIP, whilst reducing the transmission of repetitive data across the WAN, all combined into a single SD WAN platform (See, Pros list). 

The Silver Peak SD WAN offering includes a number of key features, which include: 

Configuration-Based Key Features:

• Business Intent Overlays: HPE Aruba’s Business Intent Overlays are built on an application-specific virtual WAN overlay model. This means that each overlay has it’s own specific bonding policy, and clients are able to customize link prioritization and traffic steering policies based on various different criteria. 
• Tunnel Bonding: This allows users to configure multiple physical WAN transport services, forming a single logical overlay connection. 
• Routing: HPE Aruba supports Layer 2 and Layer 3 open networking protocols which include; VLAN (802.1Q) , LAG (802.3ad), IPv4 and IPv6 forwarding, GRE, IPsec, VRRP, WCCP, PBR, BGP (version 4), OSPF.

Security-Based Key Features:

Performance-Based Key Features:

What is the HPE Aruba SASE security solution?

Aruba offer their Aruba Edge-to-Cloud Security service, which offers clients zero trust and SASE frameworks. The Aruba SASE service offers clients Unified Threat Management and Dynamic Segmentation, with web filtering, IDS and application-aware firewalls for SD WAN and integration with cloud security vendors. The Aruba EdgeConnect SD WAN solution (see, What is the HPE Aruba SD WAN solution?) integrates with cloud security vendors to make cloud-based security services easier to introduce to pre-existing network and security infrastructures. SASE also includes Zero Trust Network Access (ZTNA), Cloud Access Security Broker (CASB), Firewall as a Service (FWaaS), Secure Web Gateway (SWG), obfuscation/privacy services and threat prevention/detection. Further security products include:

• Zero Trust Security: Aruba Zero Trust Security is designed to enforce the same controls for campus and branch networks and extend them to remote workers. The solution allows clients to enable IT access using identity and roles, whilst customizing access privileges as needed based on real-time threat data and offers visibility into the network. Zero Trust Security for SD WAN extends from the Edge to the cloud and offers clients security for branch locations with dynamic segmentation, Intrusion Detection Systems and Intrusion Prevention Systems (IDS/IPS) and a built-in firewall.
• Edge Services Platform (ESP): Aruba ESP allows organizations to adopt an end-to-end network architecture with SD WAN, switching, AIOps and WLAN with built-in security. The solution leverages SASE and Zero Trust security foundations. 
• Aruba ClearPass Policy Manager: The Aruba ClearPass Policy Manager is designed to integrate with third-party security architectures, with the ability to automatically update solutions and change access rights when a user or device connects to the network. ClearPass Policy Manager is also designed to secure IT resources using role-based access policies, continuous attack response and centralized user and device authentication. 
• Unified Threat Management for SD WAN: Offers Edge and cloud-based security controls for improved performance and lowered costs for cloud and broadband connections. 
• Device Discovery and Profiling: ClearPass Device Insight offers visibility into unidentified and unmanaged devices accessing a client’s network. 
• Policy Enforcement Firewall (PEF): Aruba offer clients their next generation role-based user, device and application PEF. This offers users automated Dynamic Segmentation functionality in ant Aruba environment for wired and wireless access security. 
• Aruba Central: Aruba Central is a cloud networking solution that serves as a central management and orchestration console for Aruba ESP. The service provides visibility into branch, campus and remote office locations. The solution includes a security dashboard with threat intelligence data, IDS/IPS alerts and the capability to correlate with incident management capabilities.

How does HPE Aruba access cloud vendors?

HPE Aruba’s offering is able to access Cloud vendors through third parties such as, Oracle Cloud, AWS, Azure or Google’s Cloud Platform. HPE Aruba offers the ability to activate Aruba Orchestrator, Aruba EdgeConnect and Aruba VX facilities directly into the Azure backbone via the Azure marketplace. HPE Aruba is also an AWS Transit Gateway Connect and Network Manager Partner. HPE Aruba is able to deploy applications and new use cases in a simple and coherent manner through its integration with cloud vendors. HPE Aruba’s offering benefits from an exceptionally high bandwidth between EdgeConnect and AWS Transit Gateway. AWS Transit Gateway Network Manager can be used for branch automation, and Amazon VPC offers native support for EdgeConnect.

Does HPE Aruba offer WAN acceleration and optimization?

HPE Aruba offers WAN acceleration and optimization through the optional Aruba Boost performance package. Aruba Boost increases latency by encompassing multiple networks under a single SD WAN network to improve performance.

How does HPE Aruba support remote users?

HPE Aruba does not include particular support for remote users however it is recommended to use Aruba Boost in areas where the client site is remote or at a large distance from the company’s datacenter to negate the effects of high latency. Aruba Boost is flexible so WAN optimization does not have to cover the full network.

What is the HPE Aruba managed, co-managed and DIY services solution?

HPE Aruba offers primarily DIY managed SD WAN, with the deployment and installation of SD WAN solutions provided by partner resellers such as Axians and Xalient. HPE Aruba’s offering can be co-managed by service provider partners such as NTT Global or Verizon. HPE Aruba do not provide a managed services solution and instead rely on service partners. 

What Reporting and Management is available via the HPE Aruba Portal?

The HPE Aruba portal is web based and enables customers to access technical specs, software updates and an online knowledge base. The HPE Aruba portal tracks SaaS provider network traffic and integrates Azure vWAN and AWS transit gateway manager. Support access is included as part of the EdgeConnect license. The HPE Aruba portal offers historical reporting and real time monitoring, via single screen administration, with the capability to produce bandwidth costs savings reports. The features and functionality of the HPE Aruba portal are further enhanced when used in conjunction with Microsoft Azure Virtual WAN or AWS Transit Gateway Network Manager.

What is the HPE Aruba SLA?

Below is a table displaying the main focus points of the HPE Aruba Service Level Agreement (SLA).