Subscribe to receive notifications of new posts:

Cloudflare and Aruba partner to deliver a seamless global secure network from the branch to the cloud

03/17/2022

5 min read

This post is also available in 简体中文 and 日本語.

Today we are excited to announce that Cloudflare and Aruba are working together to develop a solution that will enable Aruba customers to connect EdgeConnect SD-WAN’s with Cloudflare's global network to further secure their corporate traffic with Cloudflare One. Whether organizations need to secure Internet-bound traffic from branch offices using Cloudflare's Secure Web Gateway & Magic Firewall, or enforce firewall policies for east/west traffic between offices via Magic Firewall, we have them covered. This gives customers peace of mind that they have consistent global security from Cloudflare while retaining granular control of their inter-branch and Internet-bound traffic policies from their Aruba EdgeConnect appliances.

SD-WAN solution

A software-defined WAN (SD-WAN) is an evolution of a WAN (wide area network) that simplifies the underlying architecture. Unlike traditional WAN architecture models where expensive leased, and MPLS links are used, SD-WAN can efficiently use a combination of private lines and the public Internet. It brings together the best of both worlds to provide an integrated solution to network administrators in managing and scaling their network and resources with ease.

Aruba’s EdgeConnect SD-WAN solution

We are proud to announce our first enhanced SD-WAN integration. Aruba’s EdgeConnect solution is an industry leader for WAN edge infrastructure. Aruba’s solution offers both physical and virtual appliances to create logical network overlays across the wide area network, enabling network administrators to create multiple distinct traffic profiles that govern how enterprise application traffic is forwarded between office branches and the Internet. In the Aruba EdgeConnect solution, the Aruba Orchestrator is used to configure and manage the entire SD-WAN including EdgeConnect appliances located in branch offices.

EdgeConnect UI showing overlays directing traffic to Cloudflare or to local breakout.
EdgeConnect UI showing overlays directing traffic to Cloudflare or to local breakout.

Cloudflare One on-ramps

Cloudflare One unifies cloud-native security and access services to meet today's demanding and evolving architecture needs. Our Zero Trust and Magic network services products securely connect remote users, branch offices, and data centers to the application and Internet resources they need with smart routing and traffic acceleration — all with a single control plane to apply network and Zero Trust security policies to application access and Internet browsing.

So what's new? We previously announced many ways to on-ramp customer traffic to Cloudflare One. Our goal with this integration is simple: help our mutual & prospective customers leverage their existing SD-WAN investments, allowing them to connect their devices to Cloudflare for additional organizational security and control across all of their business entities. This gives our customers both the security and control they require without employing a rip and replace solution.

An integrated solution

At a high level, tunnels are established (Anycast GRE or IPSec) between the EdgeConnect appliances in each branch office or public cloud and Cloudflare’s edge. This means the appliances are now connected to the nearest Cloudflare data center anywhere on earth. The Network Administrator then uses Aruba Orchestrator’s Business Intent Overlays to create intuitive policies which automatically identify and steer application traffic to Cloudflare. For example, a customer can choose to match and send certain Internet-bound traffic over the established tunnels to Cloudflare, while ensuring other traffic types can be sent out through other EdgeConnect interfaces. This could be directly to other EdgeConnect devices in other offices, other service providers, or broken out locally to the Internet depending on the overlays that match the other traffic profiles. A typical use case is business applications go through established tunnels while video streaming may go directly to the Internet.

Complete integration details can be found in our guide. In the future we expect to tighten this integration so EdgeConnect devices only need authorization credentials and can automatically configure themselves using the Magic WAN management API.

Customer benefits

Simplicity: The primary benefit of our partnership is the ability and simplicity of connecting to Cloudflare’s global edge using SD-WAN appliances that customers already own and are familiar with. They may already have a comprehensive SD-WAN deployment, sending traffic to and from a variety of destinations, services, and clouds. Cloudflare and the benefits of Magic WAN and Cloudflare’s Zero Trust offering can now be easily incorporated into this type of network topology.

Security and Control: For traffic sent to Cloudflare, Gateway and Access policies make security more robust, targeted, and seamless. Cloudflare’s dashboard represents a single pane of glass that offers policy management, logging and analytics, providing a wide range of security granularity while remaining easy to use. Gateway policy types include DNS, Network, and HTTP(s). Remote browser isolation is also available to help protect end user devices from Internet threats such as malware and crucially, Zero-Day vulnerabilities. Access Applications continue to allow customers to create conditional zero-trust policies for applications regardless of whether they are hosted publicly, internally or are SaaS based. Magic WAN and Magic Firewall can further provide advanced cloud-based network firewalling capabilities for Internet-bound or inter-branch traffic.

Speed and Performance

Stitching together corporate networks with complicated and expensive leased lines or MPLS is now a headache of the past. With our new SD-WAN integration, it’s never been easier to simultaneously connect branch offices to one another and to the cloud. With a simple GRE or IPSec tunnel between EdgeConnect appliances and Cloudflare, each branch location now leverages Cloudflare’s highly performant and secure global anycast network as its WAN backbone - a connection that spans 250+ cities in 100+ countries operating within 95% of the Internet-connected population globally.

Conclusion

Our joint solution expands existing Aruba EdgeConnect SD-WAN capabilities by plugging into our cloud-native, zero-trust WAN architecture on the world's largest and fastest global edge network to keep organizations secure.

If your organization currently leverages EdgeConnect SD-WAN appliances (or any SD-WAN appliance) and wants to take the next step into your network transformation, we would love to speak with you. Reach out to us at https://www.cloudflare.com/partners/technology-partners/aruba/.

Aruba, a Hewlett Packard Enterprise company, is pleased to collaborate with Cloudflare to develop solutions that will enable our customers to easily deploy the Aruba EdgeConnect SD-WAN platform, as the enterprise connectivity onramp to the Cloudflare Magic WAN and Magic Firewall. This new solution builds on the Aruba EdgeConnect platform’s best-in-class integration with leading cloud connectivity and security services, and will enable customers to utilize Cloudfare’s Global Edge Network to protect and accelerate cloud workloads.”
– Fraser Street, Head of WAN technical alliances for Aruba
We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit 1.1.1.1 from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.
Security WeekPartnersSecurityServerless

Follow on X

Cloudflare|@cloudflare

Related posts

March 08, 2024 2:05 PM

Log Explorer: monitor security events without third-party storage

With the combined power of Security Analytics + Log Explorer, security teams can analyze, investigate, and monitor for security attacks natively within Cloudflare, reducing time to resolution and overall cost of ownership for customers by eliminating the need to forward logs to third-party SIEMs...