The influx of smartphones, tablets and other wireless devices into businesses is making many employees more productive, but Aruba Networks is seeing firsthand how much strain all of this newfound mobility is putting on the enterprise IT and security staffs that are its customers. In this installment of the IDG Enterprise CEO Interview Series, IDGE Chief Content Officer John Gallant spoke with Aruba CEO Dominic Orr about the changing wired/wireless network architecture, competing with Cisco Systems, exploiting the cloud and the rise of 802.11n.
The influx of smartphones, tablets and other wireless devices into businesses is making many employees more productive, but Aruba Networks is seeing firsthand how much strain all of this newfound mobility is putting on the enterprise IT and security staffs that are its customers. In this installment of the IDG Enterprise CEO Interview Series, IDGE Chief Content Officer John Gallant spoke with Aruba CEO Dominic Orr about the changing wired/wireless network architecture, competing with Cisco Systems, exploiting the cloud and the rise of 802.11n.
Read other interviews from this series.
You guys are having a great year financially (and just reported strong Q1 '11 numbers). What's behind the success?
Three trends are working in our favor. One is the workforce is getting more virtualized and mobile. Second is this whole explosion of more capable mobile devices people want to bring to work and a significant migration of enterprise application processing capabilities to those devices. The third is this whole cloud computing concept where you're embedding your application servers into an always-on data center.
Those three trends are forcing one fundamental issue: It is very hard to define what is the enterprise security boundary. It used to be so perimeter based and now it is very virtual. That whole movement across the enterprise is forcing a fundamental re-architecting of what we have built over the last decade and is one of the biggest driving forces for our business.
How are you seeing people fundamentally changing their network architecture as a result of these trends?
The end-to-end network is segregating into three subfields.
First is the big battle between the titans in the data center trying to build what I call the system bus where everything is hanging off there and trying to kind of generalize the Ethernet -- 10G, 100G -- technology to build that data center. That is occupying a lot of the R&D energy of traditional powerhouses like Cisco and now HP.
The second battle is to upgrade the Internet backbone to support all this multimedia quality-of-service video, and that is really where big guys like Cisco, Juniper Networks, Ericsson and so on are playing.
The third front is what we call the new edge. As recently as five years ago, the edge of the network was defined simply by a high-quality managed Ethernet delivery to the desktop. You put firewalls around that perimeter to protect those desktops and servers. Then fast forward a bit, and what feeds traffic into this Ethernet is primarily a Windows-over-Intel platform. But if you look into the trend currently and two years forward, you will see that stack is evolving into Android, Apple iOS, BlackBerry OS and so on, and underneath that is no longer x86, it is really all kinds of ARM processors. Underneath that, nobody supports a native Ethernet stack anymore; it's all either licensed band wireless or unlicensed band wireless. And with this kind of new connectivity, where is the secure access boundary?
Coupled with that, the servers are flying out of the building because of the cloud, data center consolidation and virtualization. So what is the point of those secure architectures sitting in my Sunnyvale headquarters pointing to my desk when I'm not at the desk?
Aruba does not participate in the data center. We will happily leave it between the big guys, and then the network infrastructure is really a service provider play.
Now this big new edge. We're taking advantage of the fact that the biggest incumbent in the industry has to move slowly. They cannot move the network edge too fast from the desktop infrastructure because billions and billions of dollars of equipment transacted every quarter is still based on that. The incumbent is trying to create more work for the desk, primarily through the video paradigm. So telepresence, video work groups and all that. So you are seeing a polarization of two activities. One is if and when you are by your desk, you do more based on video so you actually need to have finer quality equipment. However, for the increasing amount of time you're not working at your desk, you have to redefine your access strategy.
Traditionally there's an overlay wireless network to the wired network. Does that change?
The biggest shift in the last 12 months is the mindset difference between using laptops, netbooks, iPads and smartphones. The laptop is always equipped with a wireless connection and then there's a default Ethernet port. It's what I call an enterprise hotspot model -- you build a wireless overlay on top of a wire infrastructure to hotspots or hot zones where you have workgroups clustered with chairs and tables.
With the shift towards the tablet and smartphone, you're starting to see people demanding ubiquitous coverage, and because these devices do not have a default wired Ethernet connection, you suddenly have a drastic requirement to make the wireless network resilient.
Do you think we'll ultimately see even enterprise networks designed without wired access?
Yes. In higher education, we're seeing in the last 12 months a lot of dormitory projects going all wireless. When was the last time you saw a student come in with a new Apple laptop and look for some place to plug in to the Internet? Wireless supporting multi-media is really the killer combination. How do you have enough quality of service in the air with a high density multi-media deployment in all wireless environments?
Let's talk about the uptake of 802.11n. What are you seeing customers doing and what does that opportunity bring to Aruba?
Well over 95% of our new projects have already shifted to 11n. People really appreciate the speed and resiliency, but also if you look into the deployment of a wireless infrastructure in a corporation, the cost of the access point is a relatively small portion of the overall cost. A good portion of the cost is tied to the construction cost of opening up the tiles, putting up conduits to hang the access point and so on. And then upgrading the switching infrastructure to Gigabit power-over-Ethernet. By the time you add everything up there's a pretty dramatic reduction in 11n access point cost over traditional 11a/b/g.
You recently launched Aruba OS 6.0, which brings some additional support for 802.11n. Talk about what that product launch brings to the company.
The three key features sets that we're bringing to the market are: high-density deployment; multi-media support; and bring-your-own-device-to-work support.
When you bring a new iPad to work you do not reduce the number of devices you own. It becomes like your old laptop, you carry it around. Your old laptop becomes your new desktop, and you still carry a BlackBerry-like device. So there's a drastic multiplication of devices the organization needs to support.
When you design a wire infrastructure, the capacity planning aspect of the network is very well controlled. But for wireless design it could be totally different. Imagine a college auditorium. At 8:55 a.m. it could be zero connectivity. By 9:00 a.m. there could be 500 students in the room, and when the bell rings and there's a test, everybody starts connecting. Aruba OS 6.0 addresses the issue of sudden large density.
The second key problem is with all these smart mobile devices people are not just pushing e-mails or little text messages around. They really want a multi-media experience with social networking and video streaming applications. How do you handle the quality of service to arbitrate fairness between different clients and different traffic classes over a shared media? Aruba OS 6.0 addresses the application processing, classes of service and client fairness.
The third component is probably the biggest headache, but has the biggest upside opportunity as well for a lot of the enterprise network managers. It used to be that independent of whether you were connecting through a wire or wireless, the employee's device was normally property of the company and therefore you have all the rights policy-wise and technology-wise for a very defined environment. Now suddenly you have a new class of employee-owned devices that have contents that is personal in nature. It raises questions about being able to wipe devices that are lost. Suppose I remotely wipe your iPod or iPad with pictures of your children that you have not backed up yet? Suddenly a user is not a user anymore as defined in terms of traditional network access. Aruba OS 6.0 addresses this very dynamic way of access control.
Talk about the public Wi-Fi market. Is that a market for Aruba?
There is the carrier infrastructure market and internal infrastructure. That is absolutely not our market. Aruba's target market is medium to large enterprises with distributed operations and virtual workforces, with more and more of the employees accessing their enterprise network through the service provider network or the cloud. People are trying to access sets of information from Starbucks, the airport and so on. So in that sense we have to support the service provider to provide this kind of secure access to distributed enterprise workers.
Now you have some capabilities that you're providing for customers up in the cloud. Talk about those and how that strategy evolves.
Take security as an example. If you look into the traditional way of building a distributed enterprise network, the starting point of any network design is your main headquarters or main campus. It's a very facilities-oriented approach. Now with this whole new mobile world, we're saying the way that you design a network is by the number of users and their roles. Once you define the roles of these 10,000 employees, you create user profiles, access rights, what we call a virtual firewall.
Then you're saying that I really do not need to put all these fancy firewalls and security services in all the branch offices because that is where the complexity of a large-scale network lies. Basically, you should design your network as 10,000 branches of one -- a person should be self-defined in this new mobile world. He should be able to carry his virtual secure branch office from the headquarters to the branch to the Starbucks to the home. If that's the case, you cannot send out IT guys to 10,000 locations, so what do you do? You keep all your network security attributes or your URL filtering, your virus detection and so on in the cloud.
Which makes sense. And in that instance, who's the cloud provider? Aruba or a partner?
Typically we have customers who either believe in owning their private cloud or who believe they could time share with a public cloud. In the first case, the owner is really the large enterprise's centralized IT organization. In the second case, we team up with a service provider, according to what services you need, and we basically are the one provisioning services to make sure all end points are self-installable.
Let's talk about the competitive marketplace. You are No. 2 in market share to Cisco, which is the dominant player in wireless. How do you win deals against Cisco?
We have announced that we have over 11,000 enterprise customers worldwide, and probably 75% to 80% of those are pretty large, loyal Cisco customers for the wire infrastructure.
You can do wireless as an extension of the Ethernet port, which is what I call the cordless network. All your security infrastructure is still built to secure the wired port and then you use wireless to extend the port. The way that we differentiate ourselves is we fundamentally come in with a set of equipment that sits on top of the Layer 2 and 3 network of either Cisco or other vendors, and we provide a secure mobile infrastructure.
As much as Cisco talks about video, as much as they talk about mobility, is it your sense that they're too fundamentally tied to wired networking to make this shift aggressively enough?
It is business model issue, if you have multi-billion dollars of your business, which is a significant portion of your company, tied to continuously upgrading desktop switching, you really cannot be motivated to tell the industry to stop upgrading your desktop and invest in the mobile users. A lot of large corporations will still have a lot of deskbound workers, and I don't want to give you the vision that everybody will not have a desk, even though in Aruba now we have close to a thousand workers, and I probably have 400 desks, which is very sufficient. I think there is enough room for the incumbent to try to keep innovating for a more productive environment for those people who by nature need to sit by the desk. We're just saying there is also enough of a market there for people who are untethered that need all of the quality of service and so on to support a company like Aruba.
Let's talk about a few other things before we wrap up. Who are your key partners and how do you need to expand that partner set?