Aruba Networks is aiming to give customers greater application visibility and the ability to control security policy enforcement across their campus and wide area networks.\nThe network subsidiary of Hewlett Packard Enterprise is enhancing NetConductor, a cloud-based service that let enterprises centrally manage the security of distributed networks, simplify policy provisioning, and automate the orchestration of network configurations in wired, wireless, and WAN infrastructures.\nNetConductor works by delivering a network overlay based on Ethernet VPN (EVPN) and virtual extensible LAN (VXLAN) across a customer\u2019s wired and wireless networks, with the aim of bringing a unified and simplified view of the network and allowing the networking and security management teams to collaborate to solve problems, according to Larry Lunetta, vice president of wireless local area network and security solutions marketing at Aruba.\nThe new release of NetConductor specifically extends and brings application visibility and policy enforcement to its flagship CX 6300 enterprise network access and aggregation switches and 6400 data center core switches.\nNetConductor now can express access-control policies based on role and identity and the business outcome that they're looking for, with those switches at the center, Lunetta said.\u00a0\u201cSo instead of having to individually program each switch, access point and gateway, the specific VLAN configurations and ACLs [access control lists], that's all abstracted now in NetConductor. The security and the networking team can very simply express those access-control policies without having to know every device address and detail.\u201d\nThe new release also now extends NetConductor\u2019s ability to propagate security policies throughout the distributed enterprise via HPE Aruba Networking EdgeConnect SD-WAN and SD-Branch solutions. With WAN support for standards-based EVPN-VXLAN gateways, organizations can now define policy once and enforce it everywhere, from the edge to the cloud, Lunetta said.\nRegardless of where a user or device is connecting from, the same application-aware access-control policy can be globally enforced, Lunetta said.\u00a0And adding enforcement capabilities within the campus switching and WAN infrastructure eliminates unnecessary transit of data through central policy enforcement points, effectively bringing policy enforcement closer to the user and optimizing network performance, Lunetta said.\nIn the past, NetConductor had application awareness, which let customers set bandwidth policies, for example. Now it adds support for EVPN and VXLAN capabilities, so it can simply read the traffic tags and implement security policies in addition to operations policies across the board, Lunetta said.\nThe new version of NetConductor can also better discover any IoT devices that are in the enterprise and then automatically assign, propagate, and enforce policies for those IoT devices just as they do for users, Lunetta said.\n\u201cSo, let's take MRI machines in a healthcare company that may have just been installed, often outside of the purview of IT. NetConductor client insights will find them, fingerprint them, and assign the policy automatically,\u201d Lunetta said.\nAruba\u2019s long-term goal is to unite all its software and hardware and let customers secure and manage it under a single policy, Lunetta said.\u00a0For example, the company has security software from its recent purchase of cloud security vendor Axis Security, and it has its own secure service edge (SSE) software, and each has a policy manager.\nAt the August Black Hat event, Aruba previewed an overarching centralized policy manager that it said will operate and control its entire enterprise networking and security system. Such a policy manager would stretch across Aruba\u2019s EdgeConnect SD-WAN, SD-Branch and Microbranch offerings as well as its developing Aruba SSE platform and be centered on its ClearPass policy management platform and central management platform, Aruba Central.\n\u201cThe bigger picture here is that we want to get to a universal policy that's uniform, that customers can execute and enforce across all applications and services. [It\u2019s] very powerful, and that\u2019s where we are heading,\u201d Lunetta said.\nThe new release of NetConductor is available now.