Introduction
The Aruba Edge Services Platform (ESP) architecture provides components necessary to design and implement a comprehensive, zero-trust network across a modern enterprise. Aruba ESP ensures consistent policy administration in the campus, across the WAN, within branches, and in the data center.
Table of contents
Policy configured on Aruba’s cloud management platform, Aruba Central, is propagated across the network infrastructure to ensure consistent policy enforcement wherever and whenever the organization provides network connectivity.
This “single pane of glass” configuration approach ensures consistent policy application across different device types in both large and small network environments. Use of a conditionally assigned, access-based role associates a device or user with a set of privileges for each network interaction. The roles are configured consistently throughout the enterprise, facilitated by automation delivered by Aruba Central.
Fundamentals of Policy Design
When designing a security policy, first review the following activities and concepts:
- Complete network requirements for users and devices.
- Required authentication types or mechanisms.
- Device-to-device traffic requirements
- Device-to-cloud or Internet requirements.
- Traffic inspection capabilities within the network.
- Device attributes and available profiling capabilities.
- Network hardware capabilities.
- Compute resources.
Aruba ESP is designed to provide a flexible network system that increases accessibility while addressing the important need to enforce a consistent end-to-end, zero-trust security policy.
This guide delves into three key facets of policy management:
Step 1 Policy Definition: Establish roles and specify their access levels.
Step 2 Authentication and Role Assignment: Onboard users and devices to the network and allocate roles that align with their designated policies.
Step 3 Enforcement: Implement the defined policy for authenticated users throughout the network infrastructure.
Purpose of This Guide
This guide provides an overview of the design decisions involved in developing an effective ESP policy layer implementation, with best practice guidance for designing effective security policies while interoperating with a commonly available user database such as Microsoft Active Directory.
Design Goals
The desired result is a highly reliable and scalable design that is easy to maintain and adapt to changing organizational needs. Key features addressed by the Aruba ESP policy design guide include:
- End-to-end zero trust.
- Manageable design for any deployment type or size.
- Selection criteria to determine the most effective policy and implementation method.
- Information on each component and the role it plays in policy enforcement.
- Design options to provide flexible segmentation.
- Information on third-party integration.
The guide is not intended to provide an exhaustive discussion of all options, but it presents the most commonly recommended designs, features, and hardware.
Audience
This guide is written for IT professionals responsible for designing an Aruba ESP campus network. These IT professionals perform a variety of roles:
- Systems engineers who require a standard set of procedures for implementing solutions
- Project managers who create statements of work for Aruba implementations
- Aruba partners who sell technology or create implementation documentation.
Customer Use Cases
This version of the guide focuses on the policy needs of a typical campus network.