Dynamic Segmentation

What is Dynamic Segmentation?

Driven by the ballooning number of mobile and IoT devices connecting to the network, we’re seeing a fundamental shift in the complexity of campus and branch networks.

Dynamic Segmentation simplifies and secures the network by unifying policy enforcement across the wired, wireless, and VPN infrastructure.

What is Dynamic Segmentation?

Aruba’s Device Segmentation simplifies and secures the network by unifying policy enforcement across the wired, wireless, and VPN infrastructure. With a Policy Enforcement Firewall (PEF), Layer 7 application visibility, and automated profiling, Aruba’s unified Policy Enforcement Firewall can apply rich, role-based access control to automatically shape traffic behavior.

Because policies define access and segmentation, there’s no need to configure VLANs, ACLs, subnets or port-based controls anymore. This eliminates complex network segmentation, sprawling VLANs and costly administrative functions.

The graphic below shows a left-to-right flow for how traffic can be segmented across the network based on the applications being used by users and devices. With Device Segmentation, traffic flows simply adapt to the assigned user and device roles.

Diagram of traffic flow between users and applications

Aruba ClearPass and the Mobility Controller are instrumental in Device Segmentation. All wired and wireless traffic is encapsulated in GRE tunnels back to a Mobility Controller for inspection by the built-in Policy Enforcement Firewall (PEF). This is where the user firewall and Layer 7 application visibility reside. Aruba ClearPass creates contextual policies based on identities, device type, and location for different groups of users or devices. Aruba ClearPass provides centralized policy definitions and integrated device profiling capabilities.

Why use Dynamic Segmentation?

The need for policy-centric networking is growing. Organizations are increasingly converging multiple systems onto the same infrastructure, and they need to segment that traffic more efficiently and securely. They may need to protect sensitive applications and ensure data privacy in a more highly controlled way. They may be rolling out IoT systems, such as video surveillance, building access control or smart lighting, and want to ensure that any IoT device vulnerabilities don’t spread across the organization.

In addition, IT needs more visibility and control of devices that are on their network. The reality is that most IT managers simply aren’t aware of all the connected devices—and with the growing number of IoT and smart workplaces, this problem is only going to get worse. IT needs visibility into what devices are on their network as well as a way to control network access and the quality of experience for those devices in real-time.

Benefits of Dynamic Segmentation

  • Automate connectivity to reduce the IT workload

    Device Segmentation reduces the burden of manual configuration. It saves time and energy that IT would otherwise spend configuring managing access policies for mobile, IoT and other devices. Automated policy also minimizes the errors that creep in when configurations are done individually. Strong, consistent controls across both wired and wireless access are imperative to maintaining integrity and preventing breaches.

  • Segment users and devices to enhance security

    With Device Segmentation, users and devices are granted access to the appropriate network route based on their role, location, time of day, and other factors. Dynamic Segmentation is ideal for IoT devices, which are notoriously insecure and are often located in unsecured public areas. But now, for example, security cameras can be dynamically assigned roles with rights that restrict their traffic to a specified server, and nowhere else.

  • Centralize policy to ensure enterprise-wide consistency

    Administrators can define rules that leverage user, device, application, and location data—all from one place. With centralized policies, there are no variations based on the location or the style of the network administrator. Policy changes don’t need to be made multiple times for each individual network element. Policies are consistent and up-to-date everywhere in the enterprise and enforced within a broader context.

Want to speak with an Aruba expert?