(fastpaced upbeat music) >> Welcome back to theCubes coverage of the power of N and the collaborations between HPE Aruba and Pensando. Where the two companies are setting out to create a new category in network switching. Joining me now is Simon McCormack, who looks after product management at HPE Aruba. Welcome Simon. Good to see you. >> Good morning. Thanks for having me today. >> You're very welcome. So Simon, we've been talking all day about the Aruba switching fabric that you're bringing to market, embedding the Pensando technology. Can you tell us what's the primary value prop that AFC brings to its customers? >> Sure. Aruba Fabric Composer. This is orchestration and management for the Aruba wide switching platform. Primarily for data centers. It does a lot of things. I'll give you three key ones just to get a feel for it. So in data center networking, there's a lot of complex technologies. I'm afraid to say, lease spines, overlays, underlays, EDP and OSPF BGP. I can throw out loads of acronyms for you. Fabric Composer can really simplify through a bunch of intent based workflows, the deployment and management of these fabrics. We can do it either interactively through a UI or fully API driven, if you want to. So it really takes away a lot of the plexity there makes it dead easy to deploy these and that scale. Number two, in a data center, a lot of compute storage hypervisor technologies that you have to interact with the THEO network products. So in Fabric Composer, we built an integration layer into it that interacts with other orchestrators, vCenter, VMware vcenter is a good example of that. So an operator may make changes to vCenter that affect the network. You don't want to call the network team for it. Fabric Composer can automate that network side configuration on the Aruba switch, making your day to operations, insertion of new services, much more simpler. And then finally, number three, because we've got all these capabilities I've just told you about. We actually have a great typology model that we build from it. And we can use that to visualize this virtual to physical network layer that is really powerful for troubleshooting the environment. >> Great? So three things, actually four right. To simplify or integrate and automate. And it's kind of two and two way, I'm going to to call it. and then the visualization piece for troubleshooting. Awesome. What about security policy? How are you thinking about that in this release? >> Yeah, so that's where in this release, we're extending it with the Pensando PSM technologies embedded into the 10K. Now we can use Aruba Fabric Composer to actually orchestrate the policy in addition to the network. So you think about today, Fabric Composer does network primarily. You bring policy into it. You've got one single pane of glass now that does network and policy. It actually provides a really powerful capabilities for operators of different skill sets to be able to manage and orchestrate this environment. >> What about the sort of operational model as it pertains to the network and security, I'm interested in how flexible that is. For instance, if a customer wants to use their own tooling or operational frameworks. What if they want to leverage multi-vendor fabrics like a third-party spine? How do you deal with all of that? >> Yeah, and I think that's, we built that into essentially the DNA of this technology is that we're, we're expecting to often go into brownfield environments. Where they've already got best practices for security and networking. They've already got networking vendors there. The 10K is a very powerful lease switch on its own. We want those lease switches to go in all of these different environments, not just Greenfield. It's really great for Greenfield. And I'm going to explain this a little bit in a few ways. First of all, the technology we have with Aruba fabric Composer and Pensando PSM, you can do a pure operational split between them SecOps, NetOps. A lot of customers that's how they deal with it. They've got the security operations team, network operations team. If they're split, you can use the two tools and make a fantastic product using that. However, if they're not split, and you've got a single policy for it. You can use Aruba Fabric Composer to do both of them. So you've got the options there and we fully embrace that in the architecture of what we built. This extends to multiple layers for the technology build as well. Again, as I said, the 10K's is a lease switch, it can connect to third-party spines. So you could use Fabric Composer to manage this lease Spitch and the policy you could use Fabric Composer just to manage the least switch and connect and interoperate the lease to the spine, or you can do a full Aruba solution, the full Aruba spine and use that operating model. There's one final thing in this area is fabric Composers are a UI based orchestrator, API driven. Some customers love it. Some customers love their CLIs. We fully embrace the operational model where customers still use their own APIs and their own CLIs. So the customer may be using Ansible to automate through API. They can still use that directly to the switch and they can use it to AFC and mix the two. If you talk directly to a switch and change it, Fabric Composer detects it and basically sinks its configuration together. So we can insert all or any part of this solution into existing or new Netflix. >> Yeah, that's nice. Right? Because I mean, so there's the network hard guys, right they, they want that CLI access. So you you're accommodating that. And then as well, being able to bring those SecOps view and the netOps view together is important because let's say, let's face it. A lot of organizations, especially some of the smaller ones, they don't actually have a full blown SecOps team. That's really the netOps responsibility. And so that's nice flexibility, you can handle both worlds. How about segmentation? What a customer is telling you that they want regarding segmentation and how are you guys approaching that? >> Yeah, I mean, it's, it's actually a key feature of what we're doing in this area. Now the iland segmentation generates it's kind of a wide area with many layers to it and we could talk about it for hours. So let me talk briefly about some of the areas we're going into when it comes to the segmentation. But particularly of a compute and virtual type environment. So when you, when you're typically creating policies in today's world, current policies based on addresses, IP addresses, or Mac addresses. You have lots of rules and big lists of addresses. It's really annoying. Customers generally don't talk in addresses. They talk in machines and names of machines. So if you think about what I've already told you with the Fabric Composer, we've already got these hooks in the compute hypervisor layer. So we didn't know about the virtual machines? So it said obviously, a natural extension now for you to be able to create these policies based on the machines. So there's, there's a scale problem in policy distribution at two levels, at the top and the bottom. The top level is your chronic create the policy. You've got this massive distribution addresses. So Fabric Composer can really help you by allowing you to then create these groups, sensible groups, using the names then you can distribute. The 10K solution with the distributed architecture of the bottom layer, now allows us to distribute these policies and rules across your racks within your data center. So it scales really well, but that's one level I've described. You know, you're creating groups of machines with names, so it's easier to define it, but there's auto and automation angle to this as well. You might not want to even create it interactively. Now a lot of customers with VMware vCenter, For example, are tagging the virtual machines. So the tag tells you a group information. Again, Fabric Composer can already get the tag within its database model. So we can use the tag now either to fully automate or use as a hint to creating these groups. So now I've got a really simple way to basically just categorize my machines into the groups so that now I can push rules down onto them. And there's one, one final thing that I just want to tell you before, before we move on. There's, there's often a zero trust model you want to do in the data center for segmentation. Meaning I've got two virtual machines on the same network on the same host. Normally they can talk to each other, nothing's stopping them, but sometimes you want to isolate even those two. You can do it in products like vCenter with PV land technologies. A bit cumbersome to configure on the vSphere side, you got to match it with what you see on the switch side. It's one of those that's a real headache, unless you've got an orchestrator to do it. So Fabric Composer could basically orchestrate this isolated solution. You're now grouping your machines and you're saying they're isolated. We can do the smarts and both of the vCenter side and the switch side, get them in sync, get it all configured. And now the masses can start to do this kind of segmentation at scale. >> Got it. Thank you Simon. Can the Fabric Composer kind of be used as the primary prism for troubleshooting? How do you handle troubleshooting and this art combined architecture? Who, who do I call when there's a problem? How do you approach that? >> Well, definitely start by calling me or actually call my product first, so fabric Composer. If you're using it, use that as the front tool for what you're going to try and figure out what's going on. There is a global health dashboard. It encompasses networking security policy across the solution, across the fabric. So that's your, tells you what's going on immediately. Down to port stats on what's happening within the physical topology of the network. Down to the end-to-end view, we have in terms of policy connectivity between machines. So Fabric Composer is your first port of call, but we built a solution here that we don't want to hide the pieces underneath it. Any networking guy knows when they're deep troubleshooting networking stuff, they're going to end up with the switch. So you started the orchestrator, but sometimes in the deep troubleshooting, not day-to-day, hopefully. You'll go to the switch and you'll troubleshoot that way. We've got the same technology here with the policy, with the firewall rules, with Pensando PSM. We still fully embrace for deep troubleshooting, go to Pensando PSM. They have really advanced tools in their bag of tricks in the product to give you advanced troubleshooting down to the policy layer. They have a really powerful firewall log capability, where you can search and sort, and see exactly what role is allowing or stopping any traffic going through the environment. And the two orchestrated model, we really like it 'cause it scales really well. It allows Fabric Composer to remain lightweight, PSM focused on the policy orchestration bit. But again, if your that customer that wants to do single pane of glass use Fabric Composer for the standard day-to-day stuff. But you've got the tools there to do the advanced troubleshooting between the different elements that we have within the Pensando and the Aruba tools. >> Yeah, really well thought out. You got the simplification angle nailed, the integration automation we talked about that, the visualization and the topology map, zero trust. And then remediation with deep^ened inspection. Simon, thanks so much for taking us through the announcements. Really appreciate your insights and time today. >> Thank you very much. >> You're welcome. Okay. Keep it right there, this is Dave Vellante for theCube. More content from the HPE Aruba Pensando announcements coming right up. (soothing music)

(upbeat music) >> Welcome back to the cubes coverage of the power of N and the collaborations between HPE Aruba and Pensando. Where the two companies are setting out to create a new category in network switching. Joining me now is Simon McCormack, who looks after product management at HPE Aruba. Welcome Simon. Good to see you. >> Good morning. Thanks for having me today. >> You're very welcome. So Simon, we've been talking all day about the Aruba switching fabric that you're bringing to market embedding the Pensando technology. Can you tell us what's the primary value prop that AFC brings to its customers? >> Sure. Aruba fabric composer. This is orchestration and management for the Aruba wide switching platform, primarily for data centers. It does a lot of things. I'll give you three key ones just to get a feel for it. So in data center, networking, there's a lot of complex technologies. I'm afraid to say, lease spines, overlays, underlays, EDPs, OSPs PGP. I can throw out loads of acronyms for you. Fabric composer can really simplify through a bunch of intent based workflows, the deployment and management of these fabrics. We can do it either interactively through a UI or fully API driven if you want to. So it really takes away a lot of the complexity there makes it dead easy to deploy these and that scale. Number two, in a data center, a lot of compute storage hypervisor technologies that you have to interact with with your network products. So in fabric composer, we built an integration layer into it, that interacts with other orchestrators. V-Center, VMware Vcenter is a good example of that. So an operator may make changes to V-Center that affect the network. You don't want to call the network team for it. Fabric composer can automate that network side configuration on the Aruba switch, making your day to operations, insertion of new services, much more simpler. And then finally, number three, because we've got all these capabilities I've just told you about. We actually have a great typology model that we build from it. And we can use that to visualize this virtual to physical network layer that is really powerful for troubleshooting the environment. >> Great, so three things actually for right simplify, you integrate and automate, and it's kind of two and two way I'm going to call it and then the visualization piece for troubleshooting. Awesome. What about security policy? How are you thinking about that in this release? >> Yeah, so that's where in this release, we're extending it with the Persando PSM technologies embedded into the 10 K. Now we can use Aruba fabric composer to actually orchestrate the policy in addition to the network. So you think about today, fabric poser does network primarily you bring policy into it, you've got one single pane of glass now that doesn't network in policy, it actually provides a really powerful capabilities for operators of different skill sets to be able to manage and orchestrate this environment. >> What about the sort of operational model as it pertains to the network and security, I'm interested in how flexible that is. Like for instance, if a customer wants to use their own tooling or operational frameworks or frameworks so what if they want to leverage multi-vendor fabrics like a third-party spine? How do you deal with all of that? >> Yeah, and I think that's, we built that into essentially the DNA of this technology is that where we're expecting to often go into brownfield environments where they've already got best practices for security and networking. They've already got networking vendors there. The 10 K the very powerful lease switch on its own. We want those lease switches to go in all of these different environments, not just Greenfield. It's really great for Greenfield. And I'm going to explain this a little bit in a few ways. First of all, the technology we have with Aruba fabric composer and Pensando PSM, you can do a pure operational split between them. SecOps, NetOps a lot of customers that's how they deal with it. They've got the security operations team network operations team. If they're split, you can use the two tools and make a fantastic product using that. However, they're not split and you've got a single policy for it. You can use Aruba fabric composer to do both of them. So you've got the options there and we fully embrace that in the architecture of what we built. This extends to multiple layers for the technology build as well. Again, as I said, the 10 K's at Leafs, which it can connect to third-party spines. So you could use fabric composer to manage this lead switch and the policy you could use fabric composer just to manage the lease switch and connect and inter-operate the Leaf's to a spine, or you can do a full Aruba solution, the full Rube Leaf spine and use that operating model. There's one final thing in this area is fabri Composers are a UI based orchestrator, API driven. Some customers love it. Some customers that love their CLIs, we fully embrace the operational model where customers still use their own API APIs and their own CLIs. So the customer may be using Ansible to automate through API. They can still use that directly to the switch and they can use it to AFC and mix the two. If you talk directly to a switch and change it, fabric composer detects it and basically sinks its configuration together. So we can insert all or any part of this solution into existing or new Networks. >> Yeah, that's nice. Right? Because I mean, so there's the network hard guys, they want that CLI access, so you you're accommodating that. And then as well, being able to bring those SecOps view and the NetOps view together is important because let's face it. A lot of organizations, especially some of the smaller ones, they don't actually have a full blown SecOps team, that's really the NetOps responsibility. And so that's nice flexibility. You can handle both worlds. How about segmentation? When a customer is telling you that they want regarding segmentation and how are you guys approaching that? >> Yeah, I mean, it's actually a key feature of what we're doing in this area. Now the land segmentation generates it's kind of a wide area with many layers to it and we could talk about it for hours. So let me talk briefly about some of the areas we're going into when it comes to the segmentation, particularly the compute-virtual type environment. So when you, you're typically creating policies in today's world, current policies based on addresses, IP addresses, or Mac addresses. You have lots of rules and big lists of addresses. It's really annoying. Customers generally don't talk in addresses. They talk in machines and names of machines. So if you think about what I've already told you with a fabric composer. We've already got these hooks in the compute hypervisor layer. So what do we know about the virtual machines? So it's undoubtedly a natural extension now for you to be able to create these policies based on the machines. So there's a scale problem in policy distribution, at two levels, at the top and the bottom. The top level is your chronic create the policy. You've got this massive distribution addresses. So fabric composer can really help you by allowing you to then create these groups, sensible groups, using the names. Then you can distribute the 10 K solution with the distributed architecture of the bottom layer, now allows us to distribute these policies and rules across your racks within your data center. So it scales really well, but that's one level I've described. You know, you're creating groups of machines with names, so it's easier to define it, but there's also an automation angle to this as well. You might not want to even create it interactively. A lot of customers with VMware Vcenter for example, are tagging the virtual machines. So the tag tells you a group information. Again, fabric composer can already get the tag within its database model. So we can use the tag now either to fully automate or use as a hint to creating these groups. So now I've got a really simple way to basically just categorize my machines into the groups so that now I can push rules down onto the, and there's one, final thing that I just want to tell you before we move on, There's often a zero trust model you want to do in the data center for segmentation, meaning I've got two virtual machines on the same network on the same host. Normally they can talk to each other, nothing's stopping them, but sometimes you want to isolate even those two. You can do it in products like V-Center with PV land technologies. A bit cumbersome to configure on the VSphere side, you've got to match it with what you see on the switch side. It's one of those, that's a real headache, unless you've got an orchestrator to do it. So fabric composer could basically orchestrate this isolated solution. You're now grouping the machines and you're saying they're isolated. We can do the smarts and both of the center side and the switch side, get them in sync, get it all configured. And now the masses can start to do this kind of segmentation at scale. >> Got it. Thank you Simon. Can the fabric composer kind of be used as the primary prism for troubleshooting? How do you handle troubleshooting and this art combined architecture? Who, who do I call when there's a problem? How do you approach that? >> Well, definitely start by calling me or actually call my product first, so fabric composer. If you're using it, use that as the front tool for what you're going to try and figure out what's going on. There is a global health dashboard. It encompasses networking security policy across the solution, across the fabric. So that's your tells you what's going on immediately, down to port stats on what's happening within the physical topology of the network down to the end to end view, we have in terms of policy connectivity between machines. So fabric composer is your first port of call, but we built a solution here that we don't want to hide the pieces underneath it. Any networking guy knows when they're deep troubleshooting networking stuff, they're going to end up at the switch. So you started the orchestrator, but sometimes in the deep troubleshooting, not day-to-day hopefully, you'll go to the switch and you'll troubleshoot that way. We've got the same technology here with the policy, with the firewall rules, with Pensando PSM, we still fully embrace. For deep troubleshooting, go to Pensando PSM. They have really advanced tools in their bag of tricks in the product to give you advanced troubleshooting down to the policy layer that they have a really powerful firewall log capability, where you can search and sort and see exactly what role is allowing or stopping any traffic going through the environment. And the two orchestrated model, we really like it because it scales really well. It allows fabric composer to remain lightweight, PSM focused on the policy orchestration bit. But again, if you're the customer that wants to do single pane of glass, use fabric composer for the standard day-to-day stuff. But you've got the tools there to do the advanced troubleshooting between the different elements that we have within the Pensando and the Aruber tools. >> Yeah, really well thought out, you get the simplification angle nailed, the integration automation we talked about that, the visualization and a topology map, zero trust, and then remediation with deepened spend inspection. Simon, thanks so much for taking us through the announcements, really appreciate your insights and time today. >> Thank you very much. >> You're welcome. Okay. Keep it right there. This is Dave Vellante for theCUBE. More content from the HPE Aruba Pensando announcements, coming right up. (soft music)