The Aruba Edge Services Platform (ESP) architecture provides components necessary to design and implement a comprehensive, zero-trust network across a modern enterprise. Aruba ESP ensures consistent policy administration on the campus, across the WAN, within branches, and in the data center.
Table of contents
Policy configured on Aruba’s cloud management platform, Aruba Central, is propagated across the network infrastructure to ensure consistent policy enforcement wherever and whenever the organization enables user connection to the network.
This “single pane of glass” policy configuration approach ensures that the required configurations are deployed to the correct devices and device types in large, complex, and distributed networks as easily as in smaller and less complex environments. Use of a unique conditionally assigned, access-based role associates a device or user with a set of privileges for each network interaction. The roles are configured consistently configured throughout the enterprise, facilitated by automation delivered by Aruba Central.
When designing a security policy, first review the following activities and concepts:
- Complete network requirements for users and devices.
- Required authentication types or mechanisms.
- Device-to-device traffic requirements
- Device-to-cloud or Internet requirements.
- Traffic inspection capabilities within the network.
- Device attributes and available profiling capabilities.
- Network hardware capabilities.
- Compute resources.
Aruba ESP is designed to provide a flexible network system that increases accessibility while addressing the important need to enforce security policy consistently and manageably to create an end-to-end, zero-trust environment throughout the network.
This guide provides an overview of the design decisions involved in developing an effective ESP policy layer implementation.
The guide provides best practice guidance on design choices, with considerations for designing effective security policies while interoperating with a commonly available user database such as Microsoft Active Directory.
The desired end product is a highly reliable and scalable design that is easy to maintain and adapt to the changing needs of the organization. The key features addressed by the Aruba ESP policy design guide include:
- End-to-end zero trust.
- Manageable design for any deployment type or size.
- Selection criteria to determine the most effective policy and implementation method.
- Information on each component and the role it plays in policy enforcement.
- Design options to provide flexible segmentation.
- Information on third-party integration.
The guide is not intended to provide an exhaustive discussion of all options, but it presents the most commonly recommended designs, features, and hardware.
This guide is written for IT professionals responsible for designing an Aruba ESP campus network. These IT professionals perform a variety of roles:
- Systems engineers who require a standard set of procedures for implementing solutions
- Project managers who create statements of work for Aruba implementations
- Aruba partners who sell technology or create implementation documentation.
This version of the guide focuses on the policy needs of a typical campus network.