RealTime IT News

Aruba Gets Wired for Remote Access

Aruba RAP-2 and RAP-5
Aruba RAP-2 (left) and RAP 5. Source: Aruba. Click to enlarge.

Remote workers and offices are commonplace now, but it's not always as easy as it should be to properly set up and deploy fully secured remote-access solutions. Aruba Networks, a vendor best known for its wireless LAN (WLAN) hardware, is now offering its own approach for remote-access connectivity that it claims is zero-touch and inexpensive.

Aruba (NASDAQ: ARUN) is using a combination of a Linux-based operating system, low-cost hardware, virtualization and IPsec technology to power its new Virtual Branch Network (VBN) solutions. In total today, Aruba is announcing three new product families that will compete against traditional remote access and virtual private network (VPN) technology from wired networking vendors like Cisco and Juniper. For VBN, Aruba is taking the experience it said it's gained in deploying secure WLANs to help enterprises deploy secure remote access, whether it's wired or wireless.

"Based on the experience we've had with wireless LANs, we do not create security policies based on the port you connect through -- rather, we assign [security policies] to each user," Mike Tennefoss, head of strategic marketing for Aruba, told InternetNews.com. "Those policies are enforced regardless of where you enter the network."

Aruba's new VBN portfolio is made up of three product families. Inside the main datacenter, there is the 600-series Branch Office Controller (BOC), which provides all the policies for the remote users.

Remote users can connect via the RAP-2 wireless remote access point, designed for small offices of 1 to 5 users. The RAP-2 has a 802.11b/g Wi-Fi radio and two Ethernet ports, and is being offered by Aruba for $99. The company also offers the RAP-5, with five Ethernet ports, 802.11n Wi-Fi and hardware-accelerated encryption for the data tunnel.

Tennefoss explained that the BOC virtualizes branch office services and then pushes them out to the RAPs. So instead of each endpoint administrator having to manually set policies on their devices, policies are centrally managed. The security policies are run on the RAP with what Aruba describes as a "dissolvable" firewall.

"The Policy Enforcement Firewall (PEF) is a dissolvable agent that gets loaded on the new RAP products and provides network access control for the wired ports," Tennefoss explained. "So as soon as you plug something in, the user instantly is managed. On Wi-Fi, each user gets their own policy as soon as they connect to the network."

As opposed to backhauling local traffic from the branch all the way back to the central branch to enforce policy, Aruba RAP users' traffic can stay within their local branch. As a result, the VBN splits off traffic locally but still provides enterprise security policies for the access point.

The VBN solutions use IPsec to create a secure tunnel between the access point and the central office. In some cases, IPsec can be a performance bottleneck for users, but Aruba is including hardware-based acceleration on its RAP-5 appliance to provide up to 100 Mbps of encrypted throughput, it said.

Andy Logan, product marketing manager at Aruba, noted that the RAP-2 would be a little slower since its encryption is all done in software, but still provide about 5 Mbps of throughput.

Linux inside

Powering Aruba's RAP is a Linux-based operating system.

"It's embedded Linux and it has been highly modified by us to do what we need it to do," Logan said. "It is running our code and the services that we need to run. We use parts of the Linux kernel and we use the drivers, but it's in a limited way, as most of the software was written in house and is custom-built."