Microsoft’s Security Service Edge (SSE) solution provides a robust set of capabilities to increase security and improve performance of your Microsoft and Entra ID federated applications products. The following list includes some of these existing and planned capabilities:
- Verify user permissions and conditional access policies before giving access to the network.
- Protect against token replay attackes with compliant network check
- Leverage location-based conditional access, risk detection, and enhanced activity logs by taking advantage of source IP restoration.
HPE Aruba Networking EdgeConnect SD-WAN is an advanced SD-WAN platform that provides a secure network foundation for Zero Trust and SASE. It includes a best-in-class SD-WAN that increases SaaS application performance and enforces security policies with intelligent traffic steering to the cloud to support real-time monitoring of enterprise networks.
This integration enables customers to use an ecosystem of SSE integrations with HPE Aruba Networking EdgeConnect SD-WAN, including Microsoft Entra Internet Access. This integration builds upon the existing partnership between HPE Aruba Networking and Microsoft Entra that includes the integration of configuring Cloud Authentication in Microsoft Entra ID is via HPE Aruba Networking Central Cloud Auth.
This joint solution enables enterprises to adopt a hybrid SASE architecture that combines the use of Microsoft Entra Internet Access for all Microsoft traffic by steering traffic to Microsoft’s SSE solution, while simultaneously forwarding non-Microsoft web traffic to HPE Aruba Networking SSE or one of the many other SSEs supported by EdgeConnect SD-WAN.
The details of this integration are illustrated in Figure 1 and are included with HPE Aruba Networking Orchestrator release 9.4 and are available in the solution document entitled HPE Aruba Networking SD-WAN and Microsoft's SSE solution.
One of the most important customer benefits of this integration is the use of policy-based traffic steering that EdgeConnect Business Intent Overlay provides. This enables the automation of IPSec tunnels to connect SD-WAN branch sites to Microsoft SSE PoPs as shown in Figure 2.
In the case of branch locations served with multiple WAN services, both Microsoft SSE and HPE Networking SSE solutions support active load balancing of traffic from the branch EdgeConnect to the Microsoft’s SSE solution service across all WAN links as shown in Figure 2.
On the Microsoft end, Microsoft’s SSE solution supports high availability via “zone redundancy,” ensuring that customer traffic can be serviced by Microsoft’s PoPs in distinct Azure availability zones. The joint solution includes automated monitoring of IPsec tunnel health using EdgeConnect’s IP-SLA mechanism, enabling EdgeConnect to detect failures and trigger automatic traffic failover to a healthy tunnel.
We will evaluate and explore opportunities to extend this integrated SSE and SD-WAN solution through automation including extending the use of dynamic routing using BGP as we deploy this solution into diverse customer environments and evolve supported customer use case examples.
Meanwhile, thousands of existing HPE Aruba Networking SD-WAN and Microsoft Entra ID customers will immediately benefit from this integration between EdgeConnect SD-WAN and Microsoft Entra SSE to help them on their journey to a cloud-enabled SASE architecture.
Microsoft Azure and Microsoft Entra are either a registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. Google Cloud is a trademark of Google LLC. All third-party marks are property of their respective owners.
nav_chander
Nav Chander is responsible for developing content, thought leadership, and programs for HPE Aruba Networking's SD-WAN, multi-cloud networking, and SASE solutions. Prior to joining HPE Aruba Networking via the Silver Peak acquisition, Chander was responsible for leading service provider marketing and helping expand partner managed service offerings. He also previously served as a research manager at IDC where he led the U.S. enterprise network services and worldwide networking infrastructure research program.
