Last week, I had the pleasure of attending the Aruba Networks 2011 Partner Summit. This event ran from Monday 4/4 through Wednesday 4/6 with the most significant density of activity on Tuesday.
I took about 14 pages of notes – more than usual for an event of this sort and feel like the event was worthwhile, in spite of the invariable backlog I accumulated back at the office.
We’ve been working with the Aruba Air Mesh (their outdoor industrial mesh product acquired from Azalea Networks) since 2008, but are a “newly-minted” Aruba Indoor Partner, so I had a lot of ground to cover.
First and foremost, I walked away with a very crisp vision of Aruba’s place in the market – how they view their products and the marketplace itself. Understanding the way they see the world helped me to understand a lot of things, especially their recent entrance into the closet switching market (see their Mobility Access Switches).
I’ll have to admit that, though the switching platforms seemed like great devices, I didn’t understand why Aruba would want to increase their competitive overlap with big players like Cisco, Juniper (did you know we’re now a Juniper partner?!) and HP. It didn’t make a lot of sense on the surface – until I heard from the Aruba CEO, Dominic Orr.
The Security Philosophy
I’ve long said that one of the biggest problems we face as IT professionals is the schizophrenic nature of security policies applied using differing tools, protocols and devices all over the network like a patchwork quilt. There are too many seams and too much complexity. The reality is that increased complexity is less secure – human nature has too many opportunities to slip us up as we make things more complex.
So how does Aruba simplify things? It all boils down to a radically different philosophy about network attachment: for as long as I’ve been involved in networking, the underlying vision has always been port-centric. Everything tied back to the port in some way. Granted, there were complex schemes to make bits and parts more “user focused”, but they were inelegant and inefficient. Aruba has really stepped up the game with a model that provides what we’ve really needed all along. I’m frankly amazed that nobody’s gone here before – though hindsight usually works like that!
Aruba’s focus is on identifying the user and device, independant of where and how they connect – and then applying a security edge that’s tailored to that user and their device (and even their OS/browser, etc.), no matter what media they use to connect. With this user-centric contextual model, security can be adapted to the requirements of the individual user and then further enhanced to account for the different types of devices they use to access the network. You don’t need to think about how they connect at all – it’s just enough to know that they can connect and leave it at that.
What happened to “Core/Distribution/Access”?
To see how this plays out, you need to understand how Aruba’s view of the future world for networking differs philosophically from the view of traditional providers (read: Cisco) in a fairly significant way: they see it consisting of essentially two big “buckets”. The first is datacenter – this can be internal to an organization, or in the cloud. It’s a market in which Aruba seems to have no horse or interest. The second (and final, in their mind) is the “access” layer. This encompasses EVERYTHING else: wired access, wireless access, VPN access. Any method a user can connect to the datacenter.
What’s particularly important here is that Aruba’s product strategy provides for a centralized user-centric AAA model that’s unified across all of the connection methods that also pushes a security policy to the point of connection based not only on user identity, but also based on other context information (such as device type and OS).
For example, if I connect to the network via WiFi with my laptop, and then via WiFi with my iPad, the context is different based on the device and OS – so a differential layered security policy can be applied: first the one for my user and then what amounts to an overlay on top of that for my device type (and even OS/Browser version). This policy can be applied to my wired ports, my wifi access and my VPN access (soft or hard client).
It’s all managed through the same centralized Mobility Controller architecture that Aruba wireless customers already know so well – just extended to wired access. Also, it’s all manageable by the Aruba AirWave management suite.
This is a significant break from the view of traditional wired access vendors – and amounts to the equivalent of a “wired access point” if you want to think of it that way.
Bad news for Intel and Microsoft? We’re plumbers?
Dominic got a few good laughs during his presentation on Wednesday, but one of his semi-humorous comments resonated with me when he was discussing the huge shift in the marketplace away from traditional architectures (wired to wireless), devices (PCs to smart phones and tablets) and vendors (away from Intel/MSFT to an architecture dominated by players like ARM/Apple). He said that Aruba’s role and Aruba’s partner’s roles were as “plumbers”. I like that particular analogy a lot.
His central point was that a HUGE amount of money will change hands as these marketplace and technology transitions take place and that the core infrastructure providers (us plumbers) are well positioned to capture a significant part of that.
It’s the people
Another key take-away for me was purely qualitative – and was with regard to the people at Aruba Networks and their corporate culture. They feel, to me, like Cisco used to feel back in the mid to late 1990s and early 2000s (yes, I’ve been a Cisco partner for that long!). They want to innovate, to disrupt, to partner, to team. They want to get deals done and they have the flexibility to make a deal happen. There wasn’t a single big ego to be found among the Aruba staff. THESE are the kind of people I want to work with and I want my customers to work with. They get things done and have fun doing it.
So, lest I sound like a total Aruba fan-boy, I’d be remiss if I didn’t mention a significant place where Aruba has been totally silent (at least so far as I’ve observed). It’s the inside of the device – especially the new wave of mobile devices like smart-phones and tablets.
We can make connection of these devices easy and flexible, we can implement a user-centric, device modified security perimeter at the point of connection, but that device still ends up with access to the network. So we still need to make sure that the device isn’t owned by malware. I think this is obvious, but it’s notably absent from Aruba’s articulation of their world view and the picture they paint is a little too rosy for my taste. I don’t want them to help customers lose sight of this important part of a secure architecture. In the meantime, it just means that we, as a partner, need to emphasize this element a little more carefully.
Seriously? The iPad will drive my business?
What else stood out? Tablets. The iPad in particular. It really is everywhere. It’s in the hands of all of the participants. It (and iPhone) is in the hands people in >80% of Fortune 100 companies. It was a $54.8M market in 2011 and is expected to be a $300M market by 2013 (thanks Gartner Group for the data that Aruba passed on to us!). Given my concerns about the security of such devices in enterprise environments, I’m still hesitant about this development, but cannot deny its impact.
It’s clear to me that helping my customers understand how to handle this inrush of “iDevices” will help me to better help them. I’ve been seeing them in the marketplace with increasing frequency and we’re actually making significant changes to our own network and internal security to support them securely – so too do our customers need to invest in the planning and implementation of policies and infrastructure to handle this massive new challenge.
A few more stand-out statistics (from Gartner as well, according to Aruba) that were scattered in various presentations throughout the event:
- The SmartPhone market was $289M in 2011 and expected to be $1B in 2013.
- Virtual desktops should be 45M strong by 2013. They accounted for 2% of desktops in 2009 and should be 13% by the end of 2012.
- The enterprise access market is $11B for 2013 – of which ~$3B is WLAN and with the impact of the iPad alone may be as high as $3.75B.
- Mobility budgets are increased 10% year-over-year since 2007 – despite the recession.
- 2011 – 2014 compound annual growth of network access for traditional Ethernet Switching is expected to be -2% and WLAN is +80%!
- Licensed band wireless infrastructure (cellular) costs 8-10X as much as WLAN to provide similar density coverage (this stat is an Aruba source, not Gartner – Aruba didn’t cite a source here).
Other notable items were:
- Aruba is increasingly hearing about WLAN coverage problems in non-traditional coverage locations: Bathrooms. Stairwells. Elevators. People want coverage EVERYWHERE! Remind me not to use other people’s iPads from now on. Ick!
- Density requirements for WLAN have changed: 5 years ago in a conference room meeting of 25 people, a handful might have had laptops with active WiFi. Today, every person could reasonably be expected to have one or MORE devices that could actually be active on WiFi. Smart phones, tablets and still even laptops. So a meeting of 25 people might have 30 or 50 (or more) active devices!
- Cloud architectures put users on the “wrong side” of the corporate firewall. I suppose I’ve been aware of the perimeter implications of cloud, but haven’t thought of it in quite this context.
That Tesla guy was smarter than everyone thought
In closing, I was reminded during a presentation of a quote by Nikola Tesla in 1926. This is, truly, mind blowing prescience:
“When wireless is perfectly applied the whole earth will be converted into a huge brain, which in fact it is, all things being particles of a real and rhythmic whole. We shall be able to communicate with one another instantly, irrespective of distance. Not only this, but through television and telephony we shall see and hear one another as perfectly as though we were face to face, despite intervening distances of thousands of miles; and the instruments through which we shall be able to do his will be amazingly simple compared with our present telephone. A man will be able to carry one in his vest pocket.”