[MUSIC] Hello and welcome back. My name is Tyler McMinn with Aruba and this is our Cloud basics part 2. And we're going to start with this first topic, SASE and ESP before going on to some of these other features. So taking a look at SASE, what exactly is SASE or maybe the weather way to put this is, why SASE? SASE stands for secure access service edge. And what it is, is more of a strategy than an actual product or anything that you would actually knock on or pick up or install. So according to Derek Granath at Aruba Senior Director SD WAN product and Technical marketing, SASE is the combination of SD_WAN and security functions delivered from the Cloud. There's a focus on this Cloud central intelligence. So it's a new enterprise technology category from Gardner introduced in the summer of 2019. And SASE is the convergence of SD_WAN Edge and Cloud delivered security capabilities. Advanced SD_WAN capabilities are then integrated with modern Cloud delivered security services which ensures a consistent policy enforcement and full access control of users, devices, applications and IOT. If you were going through the previous part one video series, we spent a bit of time talking about this strategy of pushing your intelligence to the Cloud. So that no matter where you're plugging in, your users can benefit from that intelligence, that policy making your control, your security features and services that are Cloud based. So you do need products at the Edge switches, access points, gateways that are software defined or intelligent enough to be able to take advantage of these centralized policies. And that's what SASE really is, is kind of this combination of or this approach and strategy of deploying intelligent Edge. Traditional when architectures, if you look at how we used to or how you might currently see a lot of deployments, you have a centralized data center, user applications. Traffic comes from these office branches would traverse or the public or private land to a corporate data center typically at the HQ. And then this was done for service chaining to enable features such as deep packet inspection, fire walling and to impose policies. This makes sense when applications were only hosted at the data center. A good example, maybe like a public school network where teachers and students whether their on premise or remote or at home or whatever. They're all sending all their traffic to the school where you have a pair of beefy firewalls that are deploying all your policies. And unless the traffic goes through those firewalls that are hosted at the school's data center, you have no real policy or any kind of security. So therefore you're taxing your network and frankly the patients of your students and teachers to try and get all their traffic in one place before they then go to Facebook or go to whatever they need to go to. So now with SASE, the idea here is that the customer hosted can host applications and services in the Cloud. And the traditional network architecture is inefficient. Cloud destined traffic must first traverse through the data center in corporate firewall before reaching these Cloud hosted services. And that's where I was just describing the performance hit and the experience hit to the customer. So there's also a security concern with this older type of deployment with huge increases in remote workers needing to be connected directly to Cloud applications. Traditional perimeter based security approach may be insecure. How are you going to update all of those perimeter devices. Strategy used by SASE is to leverage win and security architecture so that the enterprise can ensure direct secure access to applications and services across multi Cloud environments regardless of location. So here you have much more reliance on centralized Cloud based services and this could be a hybrid Cloud. This could be fully Cloud based but then where the user connects doesn't really matter as long as the method of connection allows these policies to be deployed. So regardless of location or the devices used to access them. The strategy by SASE is to kind of leverage these WAN connections, these STJ ways, these remote access points via software VPN clients and CX switches or traditional Aruba OS switches. So what makes up SASE? So if we want to deploy SASE, what boxes are we trying to check? Well, start with pack of identification, what kind of traffic is actually going through? Is it office 365 Traffic, is it corporate based web traffic, is a student traffic that needs to access resources at the school or the hospital or whatever. Or is it someone ordering a pizza or looking at Facebook or something like that? Automated definition of applications. So you want to quickly be able to through Cloud policies, to find what type of traffic are looking for on a daily basis and update your address tables accordingly for better routing. And that falls in line with automated orchestration, how you want your traffic to flow. Maybe we want Facebook traffic just go right to the Internet and not bother going to the corporate data center. Automated failover, so a secondary Cloud security enforcement point, if the primary is unreachable. And meaning if you're using AWS to host your Cloud based applications, maybe have a follow up plan with Google, Cloud GCP or with Azure. And then automated enforcement point reconfiguration in the event that access point becomes unreachable. And then staged deployment, enabling enterprises to implement assassinate architecture at their own pace. And finally, something that standardized using standard tools like, rest IPI access to avoid vendor lock-in. With ESP and I do have a few slides at the end of the very last video that we'll do, we'll touch on this again. This is just a review of a previous slide that we looked at, where you looked at your AIOPS, your unified infrastructure and your zero trust security. In other words, gathering information as users are connecting with their applications on their secure devices that have been authenticated and authorized. And doing that through unified infrastructure, wireless, wired switching and SD Gateways, even 5G Internet of things devices to give a consistent experience whether someone's plugged in or wireless. This is something that Aruba strives for with dynamic segmentation. Tunneling and remote access points and the ability to do that deep packet inspection through the SD gateway right there at the branch. And that all ties in with zero trust security. This tunneling, checking what type of devices are connecting, not just looking at the authentication but the actual device time of day applications that are being run the situation. Gathering as much information about the instance of connection, not just who they are connecting or what they're connecting from. So that is an overview of SASE as a strategy and the way that Aruba deploys SASE through their Edge services platform, through Aruba ESP. Hope this has been helpful. Let's go ahead and pause and we'll jump back in our next video looking at Cloud devices, how we actually on board. Let's get down to some nuts and bolts here.
