ARUBA EXTENDS WIRELESS GRID ARCHITECTURE TO SECURE ENTERPRISE NETWORKS AGAINST INTERIOR SECURITY THREATS

New Family of Grid Products Protect and Extend Investments in Existing Corporate Networks By Enabling Policy-based Network Security for Wired and Wireless Users

SUNNYVALE, CA, November 15, 2004 - Aruba Wireless Networks (Aruba) today introduced a family of new products that extends its wireless grid architecture to protect corporations against interior security threats on their wired networks. The new products let corporations protect exposed wired ports against unauthorized use, block viruses and worms and audit network usage for compliance with new regulations such as Sarbanes-Oxley, HIPAA and GLBA. Aruba's new grid products were specifically developed to address two emerging enterprise problems:

• Growing insecurities within interior corporate networks caused by user mobility and the existence of wireless technologies.
• The inability of current solutions to address these problems without causing massive disruption to the existing network and requiring major upgrades to every port in every wiring closet.

"Wireless LANs, security and mobility are driving the unprecedented transformation of the corporate network," said Don LeBeau, president and CEO of Aruba. "By embracing wired security, Aruba becomes the first company to deliver a unified solution for addressing wireless, security and mobility issues in corporate networks."

Like the Internet, interior corporate networks have become untrusted due to changing usage patterns that allow mobile users to carry various types of malware inside the network interior, bypassing perimeter security. Additionally emerging wireless technologies allow users to access corporate networks from virtually anywhere and engage in peer-to-peer communication through unprotected radio frequencies. Today there is no easy or comprehensive approach for corporations to ensure that the correct security, wireless and mobility services are delivered to users as they roam or plug into different network jacks.

Extending the Wireless Grid to Protect Interior Wired Networks

Aruba first introduced the grid architecture in the context of a wireless grid that delivers a high performance, multi-service wireless infrastructure solution by enabling a dense deployment of low cost, centrally controlled wireless grid points. Aruba is enhancing its grid architecture by introducing new products that include:

• A new grid policy engine (GPE) purpose-built for enforcing business & regulatory policies for authenticated wired & wireless network users
• A new series of grid controllers that power the grid policy engine with high-performance, programmable network & encryption processors
• A new line of wired grid points that tunnel wired user traffic to grid controllers for policy enforcement
• A grid control system (GCS) that securely controls grid points and scales grid performance with advanced clustering and adaptive radio management capabilities
• A grid services interface (GSI) that integrates best-of-breed security solutions into the grid system

"Wireless LANs, unfettered access to guest users, personal network devices that contain viruses and worms and internal misuse of corporate resources are all security threats that originate inside the firewalled corporate network," said John Harford, director of Network Services for SAP. "We are always looking for new ways to protect our networks from these interior security threats without having to completely change the way we do business. Aruba's grid architecture lets corporations create a security blanket over existing network infrastructure by delivering policy-based security services to every exposed port in the network."

Grids Deliver Universal Authentication for All Enterprise Users and Devices

Aruba's grid controllers now enforce user and device authentication for wired and wireless users prior to allowing network access. This lets corporations build a common authentication system for wired and wireless networks. Grid controllers interoperate with existing AAA systems such as RADIUS and Active Directory to authenticate a user or a device and then dynamically determine the security policy to be used after authentication is complete.

Grid controllers support all standard methods of authentication simultaneously on every grid point letting corporations enforce mandatory authentication since every device and user in the network can be authenticated prior to obtaining network access. Until now, this flexibility was impossible with regular LAN switch ports which tie user authentication to port authentication via 802.1X and effectively lock out any device that does not have an active 802.1X client on it.

Grids Enforce Business Policies and Audit Usage for Regulatory Compliance

Grid controllers are powered by Aruba's Grid Policy Engine (GPE). Aruba's GPE is responsible for enforcing granular access controls based on a multi-layer decision process that uses a wide variety of metrics such as user identity, device identity, device state, resources requested, applications and network protocols being used, access location, time-of-day, and strength of the authentication method before granting access.

Aruba's GPE allows corporations to build a regulatory and business compliance system where users are granted specific permissions to access network resources and applications and their network usage patterns can be audited at any time with advanced accounting and logging capabilities.

Grids Inspect Traffic for Network-based Blocking of Viruses and Worms

Grid controllers also come equipped with an available grid service interface (GSI) that can be used to redirect specific network traffic such as Web content or e-mail attachments to network-based virus scanning systems. This capability allows the grid to enforce mandatory network-based virus scanning for specific traffic types ensuring that the enterprise networks stay clear of viruses and worms. The GSI can also interoperate with leading endpoint remediation solutions to quarantine devices infected with viruses and worms and direct them to remediation servers that can clean up the devices before letting them back into the network.

Grids Protect Investments in Existing Network and Security Infrastructure

With Aruba's new grid products, enterprises can now create a security clearinghouse within corporate networks where all security services for wired and wireless users are enforced. This eliminates having to distribute discrete security products in every wiring closet causing massive disruption, network complexity and added operational and capital cost.

"A major problem we face today is the lack of integration among all the different security products," said Dr. Hank Dardy, chief scientist at the Naval Research Laboratory in Washington, D.C. "To solve our information assurance and security problems today, we need to buy a lot of expensive boxes, embed them all over the network, and spend hours trying to manage them."

User Policy Management, Unified Security and Advanced Wireless Services

Forming the heart of its grid architecture, Aruba introduced a family of new grid controllers, the Aruba 6000 series.

Aruba's grid controllers are the first enterprise systems to centralize different security functions including authentication, encryption, role-based user separation and policy enforcement, application redirection and traffic and device classification.

Grid controllers run the Grid Control System (GCS) operating software that is optimized to securely control and operate Aruba grid points. Grid control messages are secured using IPSEC with 3DES encryption. GCS can cluster multiple grid controllers from a single master grid controller, delivering limitless scaling to any performance level and geography. GCS also includes Aruba's unique adaptive radio management optimized for high-performance wireless grids and high availability capabilities that allow non-stop grid operations.

The Aruba 6000 grid controller series is a modular system architected to deliver unprecedented performance and scalability. The Aruba 6000 comes equipped with a two-port gigabit Ethernet line card and a supervisor module capable of processing up to 3.6 Gbps of encrypted traffic. Aruba's 6100 grid controller is capable of supporting up to 7.2 gigabits of encrypted throughput and comes equipped with two line cards and two supervisor modules. All existing Aruba WLAN switches can be easily transformed to Aruba grid controller by upgrading from Aruba AirOS to Aruba's new GCS thereby delivering investment protection for existing Aruba customers.

Aruba Grid Points Now Protect Exposed Wired Ports

Aruba's new wired grid point, the Aruba 2E, functions as a security check point that tunnels all user traffic back to highly resilient Aruba grid controllers across any Ethernet or IP network. Using the Aruba 2E grid points, enterprises can direct wired user traffic to an Aruba grid controller where policies can be enforced and security services applied, regardless of the authentication method.

The Aruba 2E is built to be deployed in user space next to user desktops with minimal impact on existing wiring closets. They can be powered using standard DC power supply units or using 802.3af power over Ethernet.

Pricing and Availability

General availability of Aruba's new grid controllers and grid points is slated for Q1, 2005. Pricing will be disclosed at that time.

-30-

Aruba Wireless Networks is a trademark of Aruba Wireless Networks all trademarks of their respective companies. All other trademarks are the property of their respective owners.