 Welcome back to theCUBE's coverage of the power of and and the collaboration between HPE Aruba and Pensando, where the two companies are setting out to create a new category in network switching. Joining me now is Simon McCormack, who looks after product management at HPE Aruba. Welcome Simon, good to see you. Good morning, thanks for having me today. You're very welcome. So Simon, we've been talking all day about the Aruba switching fabric that you're bringing to market, embedding the Pensando technology. Can you tell us what's the primary value prop that AFC brings to its customers? Sure, Aruba fabric composer, this is orchestration and management for the Aruba-wide switching platform, primarily for data centers. It does a lot of things. I'll give you three key ones, just to get a feel for it. So in data center networking, there's a lot of complex technologies, I'm afraid to say, leaf spines, overlays underlays, EVPN, OSPF, BGP, I can throw out loads of acronyms for you. Fabric composer can really simplify through a bunch of intent-based workflows, the deployment and management of these fabrics. We can do it either interactively through a UI or fully API-driven if you want to. So it really takes away a lot of the complexities there, makes it dead easy to deploy these and that scale. Number two, in a data center, a lot of compute, storage, hypervisor technologies that you have to interact with with your network products. So in Fabric Composer, we built an integration layer into it that interacts with other orchestrators. VMWare vCenter is a good example of that. So an operator may make changes to vCenter that affect the network. You don't wanna call the network team for it. Fabric Composer can automate that network side configuration on the Aruba switch, making your day two operations, insertion of new services much more simpler. And then finally, number three, because we've got all these capabilities I've just told you about, we actually have a great topology model that we build from it. And we can use that to visualize this virtual to physical network layer that is really powerful for troubleshooting the environment. Great, so three things, actually four, right? Simplify, you integrate and automate. That's kind of two and two A, I'm gonna call it. And then the visualization piece for troubleshooting. Awesome. What about security policy? How are you thinking about that in this release? Yeah, so that's where in this release we're extending it with the Passando PSM technologies embedded into the 10K. Now we can use Aruba Fabric Composer to actually orchestrate the policy in addition to the network. So you think about today, Fabric Composer does network primarily. You bring policy into it. You've got one single pane of glass now that does network and policy. It actually provides a really powerful capabilities for operators of different skill sets to be able to manage and orchestrate this environment. What about the sort of operational model as it pertains to the network and security? I'm interested in how flexible that is. For instance, if a customer wants to use their own tooling or operational frameworks or frameworks, so what if they want to leverage multi-vendor fabrics like a third-party spine? How do you deal with all of that? Yeah, and I think we built that into essentially the DNA of this technology is that we're expecting to often go into brownfield environments where they've already got best practices for security and networking. They've already got networking vendors there. The 10K is a very powerful lease switch on its own. We want those lease switches to go in all of these different environments, not just Greenfield. It's really great for Greenfield. And I'm going to explain this a little bit in a few ways. First of all, the technology we have with the Ruba Fabric Composer and Pensando PSM, you can do a pure operational split between them. SecOps, NetOps, a lot of customers, that's how they deal with it. They've got the security operations team, network operations team. If they're split, you can use the two tools and make a fantastic product using that. However, they're not split and you've got a single policy for it. You can use a Ruba Fabric Composer to do both of them. So you've got the options there and we fully embrace that in the architecture of what we built. This extends to multiple layers for the technology build as well. Again, as I said, the 10K is a lease switch. It can connect to third-party spines. So you could use Fabric Composer to manage this lease switch and the policy, you could use Fabric Composer just to manage the lease switch and connect and interoperate the lease to the spine or you can do a full of Ruba solution, the full of Ruba lease spine and use that operating model. There's one final thing in this area is Fabric Composer's a UI-based orchestrator, API-driven. Some customers love it, some customers that love their CLIs. We fully embrace the operation of what a way customers still use their own APIs and their own CLIs. So the customer may be using Ansible to automate through API. They can still use that directly to the switch and they can use it to AFC and mix the two. If you talk directly to a switch and change it, Fabric Composer detects it and basically syncs its configuration together. So we can insert all or any part of this solution into existing or new networks. Yeah, that's nice, right? Because, I mean, the network, hard guys, they want that CLI access, so you're accommodating that. And then as well, being able to bring those SecOps view and the NetOps view together is important because let's face it, a lot of organizations, especially some of the smaller ones, they don't actually have a full-blown SecOps team, that's really the NetOps responsibility. And so that's nice flexibility, you can handle both worlds. How about segmentation? What are customers telling you that they want regarding segmentation and how are you guys approaching that? Yeah, I mean, it's actually a key feature of what we're doing in this area. Now, VLAN segmentation generally, it's kind of a wide area with many layers to it. We could talk about it for hours. So let me talk briefly about some of the areas we're going into when it comes to the segmentation, particularly of a compute and virtual type environment. So when you're typically creating policies in today's world, you create policies based on addresses, IP addresses or MAC addresses. You have lots of rules and big lists of addresses. It's really annoying. Customers generally don't talk in addresses, they talk in machines and names of machines. So if you think about what I've already told you with a fabric composer, we've already got these hooks in the compute hypervisor layer. So we don't know about the virtual machines. So it's obviously a natural extension now for you to be able to create these policies based on the machines. So there's a scale problem in policy distribution at two levels at the top and the bottom. The top level is you're trying to create the policy. You've got this massive distribution addresses. So fabric composer can really help you by allowing you to then create these groups, sensible groups using the names that then you can distribute. The 10K solution with the distributed architecture at the bottom layer now allows you to distribute these policies and rules across your racks within your data center. So it scales really well. But that's one level I've described. You know, you're creating groups of machines with names so it's easier to define it. But there's auto and automation angle to this as well. You might not want to even create it interactively. A lot of customers with VM, where vCenter for example, are tagging the virtual machines. So the tag tells you a group information. Again, fabric composer can already get the tag within its database model. So we can use the tag now either to fully automate or use as a hint to creating these groups. So now I've got a really simple way to basically just categorize my machines into the groups so that now I can push rules down onto them. And there's one final thing that I just want to tell you before we move on. There's often a zero trust model you want to do in the data center for segmentation, meaning I've got two virtual machines on the same network, on the same host. Normally they can talk to each other, nothing stopping them. But sometimes you want to isolate even those two. You can do it in products like vCenter with PV land technologies. Bit cumbersome to configure on the vSphere side. You've got to match it with what you see on the switch side. It's one of those that's a real headache unless you've got an orchestrator to do it. So Fabric Composer could basically orchestrate this isolated solution. You're now grouping your machines and you're saying they're isolated. We can do the smarts on both the vCenter side and the switch side. Get them in sync, get it all configured. And now the masses can start to do this kind of segmentation at scale. Got it. Thank you, Simon. Can the Fabric Composer kind of be used as the primary prism for troubleshooting? How do you handle troubleshooting in this combined architecture? Who do I call when there's a problem? How do you approach that? Well, definitely start by calling me or actually call my product first. So Fabric Composer, if you're using it, use that as the front tool for what you're going to try and figure out what's going on. There is a global health dashboard. It encompasses networking security policy across the solution, across the fabric. So that tells you what's going on immediately down to port stats on what's happening within the physical topology of the network, down to the end-to-end view we have in terms of policy, connectivity between machines. So Fabric Composer is your first port of call. But we've built a solution here that we don't want to hide the pieces underneath you. It's any networking guy knows when they're deep troubleshooting networking stuff, they're gonna end up at the switch. So you start at the orchestrator, but sometimes in the deep troubleshooting, not day-to-day, hopefully, you'll go to the switch and you'll troubleshoot that way. We've got the same technology here with the policy, with the firewalls, with Pensando PSM. We still fully embrace, for deep troubleshooting, go to Pensando PSM. They have really advanced tools in their bag of tricks in their product to give you advanced troubleshooting down to the policy layer. They have a really powerful firewall log capability where you can search and sort and see exactly what rule is allowing or stopping any traffic going through the environment. And the two orchestrated model, we really like it because it scales really well. It allows Fabric Composer to remain lightweight. PSM focused on the policy orchestration bit. But again, as you're the customer that wants to do single pane of glass, use Fabric Composer for the standard day-to-day stuff, but you've got the tools there to do the advanced troubleshooting between the different elements that we have within the Pensando and the Aruba tools. Yeah, really well thought out. You got the simplification angle nailed, the integration automation, we talked about that, the visualization and the topology map, zero trust and then remediation with deep inspection. Simon, thanks so much for taking us through the announcements. Really appreciate your insights and time today. Thank you very much. You're welcome. Okay, keep it right there. This is Dave Vellante for theCUBE. More content from the HPE Aruba Pensando announcements coming right up.