Manuals+

HPE Aruba Networking SSE Test Drive

Welcome to the HPE Aruba Networking SSE Test Drive!

This is a fully operational SSE (Security Service Edge) environment designed to help you familiarize yourself with the HPE Aruba Networking SSE platform. This guide provides a simple orientation to some of the major features within the product for first-time users.

HPE Aruba Networking SSE Architecture

HPE Aruba Networking SSE securely connects any user to any business application or resource, anywhere, in minutes, through a single, centrally managed service. The solution offers continuous, application-centric visibility and Zero Trust controls, enabling organizations to secure operations in the era of digital transformation, remote work, and integrated employee, contractor, and third-party business models.

The architecture provides a single unified platform for all application access, decoupling application access from the corporate network. Users, regardless of their location (office, remote, or hybrid), receive the same Zero Trust standard and consistent access experience.

Diagram Description: The illustration depicts a network architecture where remote users and internal users from different branches (Branch Office A, B, C) connect to the SSE Platform. The SSE Platform, incorporating ZTNA, SWG, and CASB functionalities, facilitates secure access to various resources. These resources include SaaS applications (like Salesforce, Office 365, Workday), Internet services (via SWG), Data Centers (via ZTNA), and Public Cloud providers (AWS, Azure) via ZTNA. Connections are shown to be outbound from both front-end (user) and back-end (application connectors), emphasizing a shift from IP/network-based access to user and application-level access with minimal privileges.

ZTNA / VPN Replacement

Zero Trust Network Access (ZTNA) is defined by products and services that establish an identity- and context-based, logical-access boundary encompassing an enterprise user and internally hosted applications. Applications are hidden from discovery, and access is restricted via a trust broker to a collection of named entities. The broker verifies user identity, context, and policy adherence for specified participants before granting access, thereby minimizing lateral movement within the network.

ZTNA from HPE Aruba Networking SSE serves as a VPN replacement solution, securing connectivity as a service. It is a scalable, cloud-delivered service with over 250 edge locations and Points of Presence globally. The solution identifies and authenticates users, validates their device posture, and provides connectivity only to specific applications authorized for the user or user group. It brokers the connection between the user and the application.

Connection Model:

  • Front-end: Users connect to the nearest HPE Aruba Networking SSE PoP via agent or agentless access methods.
  • Back-end: App connectors (lightweight Linux VMs) deployed where applications are hosted connect outbound to HPE Aruba Networking SSE.

Access is always outbound from both the front-end and back-end. ZTNA represents a fundamental shift from IP/network-based access to user and application-level access with least privileges.

HPE Aruba Networking SSE Application Portal

The application portal provides Agentless Application access to Web, SSH, RDP, Git, and VNC applications.

Access the portal at: https://axis-hpetestdrive.axisportal.io/apps

Workspace: hpetestdrive

Upon logging into the demo environment with provided credentials, users will see various application tiles representing authorized applications. Applications like SSH and RDP can be accessed directly via a web socket connection or through a native application installed on the endpoint. User identity, authentication, and authorization can be managed via the Axis IDP (local user database) or through SAML/SCIM integration with providers like OKTA and Azure AD.

Available Applications in the Demo Environment:

  • SSE: The HPE Aruba Networking SSE management portal, offering read-only access to the security dashboard, logging, and policy.
  • SD-WAN: EdgeConnect SD-WAN Orchestrator management console for the test drive.
  • RDP (London): Remote desktop access to a Windows machine.
  • SD-WAN Guide: A secure link to HPE Aruba Networking test-drive documentation.
  • SSH (Frankfurt): SSH access to an Ubuntu server located in Frankfurt.
  • Web App: Access to an http(s) static website.

Note: All applications are accessible via both agent and agentless methods. Due to security and compliance, login credentials for RDP and SSH are not provided.

HPE Aruba Networking SSE Management Console

The HPE Aruba Networking SSE management console provides read-only administrator access for visibility, reporting, and policy management.

Access the console at: https://manage.axissecurity.com

Workspace: hpetestdrive

HPE Aruba Networking SSE Dashboard

Upon logging into the management console with credentials from the registration confirmation email, a detailed snapshot of network and user activity is presented. The dashboard displays applications accessed, active sessions with activity/command logs, geographic locations, and other telemetry in a graphical format.

Key dashboard elements include:

  • Insights and summary statistics (e.g., active users, sessions by location, usage by application type, usage by operating system).
  • Latest sessions with details on user, application, device, and location.

HPE Aruba Networking SSE Security Policy

HPE Aruba Networking SSE offers a unified dashboard for managing corporate security policies, including ZTNA, FWaaS, SWG, and CASB. Security rules are processed in a top-down order. Applications and users can be grouped to enable administrators to define consistent security policies irrespective of how users connect to the network.

In this demo environment, pre-configured rules block traffic to High-Risk Nations, Gambling, Adult content, and known Malware/Spam websites. All other traffic is permitted and logged by policy. SSL inspection, a component of FWaaS/SWG, can be performed at scale for all allowed traffic to provide complete visibility and control over user web traffic. However, SSL inspection is not performed in this demo environment due to the complexity of certificate management on end hosts.

The policy view displays rules with priority, enabled status, name, users, context, destinations, action, and profiles.

Security Log

Administrators can view all internet-bound traffic generated by a managed host (with an agent installed) or traffic behind an SD-WAN appliance. Consistent security policy is enforced regardless of where and how the user accesses the internet.

Relevant Links

Documentation:

29 Minutes to Master ZTNA – Webinar recording

PDF preview unavailable. Download the PDF instead.

SSE Test Drive User Guide latest Adobe PDF Library 23.3.20

Related Documents

Preview HPE Aruba Networking 650 Series Access Points Installation Guide
Comprehensive installation guide for HPE Aruba Networking 650 Series Campus Access Points (AP-654, AP-655), covering hardware overview, specifications, safety, and regulatory compliance.
Preview HPE Aruba Networking 650 Serisi Erişim Noktaları Kurulum Kılavuzu
HPE Aruba Networking 650 Serisi Erişim Noktaları için kurulum, donanım özellikleri, bağlantı ve teknik bilgiler içeren kapsamlı kılavuz.
Preview HPE Security ArcSight ESM Administrator's Guide
Comprehensive guide for administrators on configuring, managing, and securing HPE Security ArcSight ESM (version 6.11.0). Covers installation, SSL authentication, administrative commands, and system operations for effective security information and event management.
Preview HPE MSR1000_MSR2000_MSR3000_MSR4000_MSR9XX-CMW710-R6749P14 Release Notes
This document provides release notes for HPE Comware Software, Version 7.1.064, Release R6749P14. It details new features, hardware and software compatibility, upgrade procedures, known issues, and troubleshooting guidance for the HPE MSR router series.
Preview HPE OneView 5.0 User Guide: Manage Converged Infrastructure
Discover how to manage your converged infrastructure with the HPE OneView 5.0 User Guide. This comprehensive manual from Hewlett Packard Enterprise covers IT infrastructure management, server provisioning, network configuration, security, and more for administrators.
Preview HPE Networking Comware Switch Series 5150 EI QuickSpecs
Overview of the HPE Networking Comware Switch Series 5150 EI, detailing its features, specifications, and configuration options for enterprise campus networks.
Preview Building an HPE BladeSystem: A Comprehensive Guide
A step-by-step guide to building and configuring an HPE BladeSystem, covering operating environments, enclosures, interconnects, server blades, storage, management, power, cooling, and services from Hewlett Packard Enterprise.
Preview HP ProLiant Gen10 Service Pack v2020.09.1 for BL Servers
Comprehensive list of drivers and firmware updates for Hewlett Packard Enterprise ProLiant Gen10 BL servers, version 2020.09.1, covering chipset, network, storage, and system management components.