CRN Exclusive: Aruba President On Cisco's Software Shortcomings, Aruba's 30-1 Scaling Advantage And Why Cisco Customers Are 'Sick Of Being Dictated To'

Orr: Why Aruba Is A Software Company, And Cisco Is Not

Hewlett Packard Enterprise Aruba Networks President Dominic Orr, who has competed against Cisco for more than 20 years, says Aruba's software prowess – including its highly regarded ClearPass software and its Mobile First Platform – has forever changed the networking landscape for both customers and partners.

"Half of the customers have come up and said, 'Thank God there is now truly another choice," he says referring to Cisco's once tight grip on the networking market. "Until now, it's [been] one guy with a catalog and everybody has a one-page menu. Seriously, I walk into places, and people say, 'I've waited for 10 years, why did it take so long? Because I am being sick of being dictated to.'"

In a wide-ranging interview at Aruba headquarters in Sunnyvale, Calif., Orr talked about Aruba's software strengths, why Cisco is not a software company and he detailed Aruba's architectural and API (Application Programming Interface) advantages over the Cisco 'proprietary' networking model. He also explained why he thinks Aruba is the best platform for partners looking to build a recurring-revenue, wireless-as-a-service platform, under their own brand.

What do you think when you hear Cisco now calling itself a software company?

I can understand because typically when people say that, they mean, 'Look at what percentage of my engineers are writing software code rather than making hardware components.' But that's not an indication of whether you’re a software company or not, because if you look into a Tesla, I'm sure that you'll see a lot of software code, but I don't think Tesla positions themselves as a software company.

The real differentiation of whether you are or are not a software company is: What percentage of your customers are actually buying software from you [and] not buying hardware? And how much of your software is exposed to your customer and your partners so they can write interface to it, and so on. You cannot be a software company until other software companies can interact with you through APIs, and so on. That's kind of my simple criteria.

I would challenge Cisco and say, 'Okay, so how is your API doing? Which companies are interfacing to your software? And how many customers are actually just buying your software without having to buy your hardware?'

So is Aruba a software or hardware company?

Aruba is a software company no doubt about it … Even when you go down to the radio and the RF (radio frequency) components, everything is software-defined. The difference in the Aruba and Cisco architecture is Cisco has gotten themselves into four separate architectures [by] buying four separate companies and they were never able to integrate [them] because they were very hardware-oriented … Aruba has been doing software-defined architecture since day one and one dramatic expression of that software definition is that we have an end-to-end, complete, scalable product line that is the same hardware -- ranging from if you have to deploy 5,000 access point in the network in the campus … to a small home office with one AP.

Are you building out a partner network that's going to sell network infrastructure as-a-service or wireless as-a-service?

The reception of the Mobile-First Platform is very enthusiastic, and that's because the VARs that we talk to, everybody has the vision and direction to convert a one-off equipment sale to a recurring sales model.

When you change to a recurring revenue model, there's two major sources that you go to: you go to Cisco or HPE-Aruba. If you go to Cisco they say, 'If you want Wi-Fi as a service, security as a service -- that's Meraki.' Meraki is a cloud provisioning platform that they are starting to use to provision first Wi-Fi, then security, now they've introduced video cameras and IP phones. The idea there is to provide, at least in the SMB environment, the ability to provide this service. Or you can come to Aruba and adopt your service with the Mobile First Platform.

So what's the major channel different between Cisco Meraki and Aruba's Mobile First Platform?

The difference is, Meraki cannot be changed – it's a service. And the service provider is Cisco. So if you're a VAR and you adopt that approach, you are a reseller of Cisco services and you have no differentiation then the other 9,999 VARs that sell the same services. You cannot preconfigure; you cannot add anything.

Now at Aruba, we believe that most VARs that want to offer recurring, managed network services want that differentiation. At HPE-Aruba, we are not in the end service provider game, so we offer a platform to let our partners add their own services. If you really want to stitch-in WorkDay as a HR management system tied into the access policy management system, [or if] you want to tie the next generation firewall into the policy engine, you can do so and therefore you are able to customize a service and put your own brand on it and therefore it can create more unique differentiation and its more sticky to your customer and it creates more margin. That is the fundamental difference between the two companies.

Looking at your technology roadmap ahead for ClearPass and Mobile First Platform, where's the biggest competitive advantage for partners?

It is not surprising that, like most situations for a large incumbent like Cisco, sometimes your past strengths is your future weakness. Cisco's major force in the marketplace is the hundreds-of-billions of dollars of installed IOS … running the proprietary IOS equipment. All this equipment has embedded IOS; they cannot just swap that out for another operating system.

The IOS is designed for proprietary end-to-end and also not for dynamically updatable, in terms of the new way of software-defined network. Meaning that if you have a software-defined network you can literally ­– when using what we call this open system protocol, APIs – you can dynamically update a network and change configurations and update them on security posture, and so on, while the network is running. When you have a more traditional embedded OS, you have to bring down network down, reload all the firmware, and so on, and then bring it back up. So it's the fact they cannot dynamically use the SDN technology to address the posture of the network.

Is there another Aruba competitive advantage that sticks out?

Secondly, to do anything meaningful in software in a Cisco world, you have to assume everything, 100 percent of the components are Cisco. Customers are increasingly not tolerant to that approach.

Cisco has a large channel with many of them installing Cisco gear. How do you get them to say, 'You should rip it out and go with Aruba?'

That's a good point. It was not by accident that every piece of Aruba's software and platform are multi-vendor. You look at [Aruba's] AirWave network management capability – we actually bought the AirWave company seven years ago because they were the number one mobility management software [provider] managing Cisco's hardware. We bought two companies that formed the ClearPass platform … We are able to provide security policy on top of Cisco switches and Wi-Fi in large environments because Cisco's competitive hardware called ISE cannot scale. We have a 30-to-1 scaling advantage to Cisco's own hardware, managing the security policy on top of their own hardware. If you look at [Aruba's] Meridian software to apply beacon-based location services, some of our larger deployments, again, are on top of the Cisco network.

So what is the go-to-market strategy against Cisco here?

The incumbent starting point with a lot of these large Cisco customers and therefore the Cisco resellers' customers is that, 'Hey we respect that you have invested all this money for the past decade, [but] let's talk about investing for the future when you come up with a new building or refresh a new floor, put in some Aruba equipment for a superior price-performance, but, can we offer you a single management interface, a single policy interface so that your operators do not need to differentiate which hardware components.' This is strategy number one … and that has been very effective strategy for us. In fact, most of the large Cisco accounts and resellers that we penetrate, we penetrate through software. It is hard to just go in and rip out the hardware.

Cisco built a whole infrastructure of CCIEs (Cisco Certified Internetwork Experts) and a large channel environment. How can you compete against that?

I've competed with Cisco all my professional life. I would say they never have state of the art technology, but one thing they did do a very good job at is creating an educational machine of turning out the CCIE and so on. When you teach one generation of [engineers] to how to make that stuff work, people like to stick with the traditional recipe. In fact, that is really why Aruba put a lot of our marketing effort behind our Airheads program. We're basically coming in and saying, 'We get that everybody who wants to understand routers and switches [will] get CCIE certified. But in this new world of mobile-first, cloud-first, a cybersecurity dominant world – CCIE is just table stakes.'

Why is becoming CCIE 'just table stakes?'

What you really need to put on top of your router and switch design knowledge is mobility management, (radio frequency) design, next generation firewall, mobile device management, unified communication in a mobile environment ­– and how do you achieve all of that? That is where a lot of the CCIE are coming to Aruba to get the Airheads certification. So we basically position ourselves as, 'Okay, you get a general education [at Cisco] and now if you really want to shine, you get your graduate education here.'

Why is now the time for CCIEs to shift their skillsets?

It is through a rapid revolution of technology change that [allows] the next vendor to get a chance to come re-educate. If you don't have a massive shift in technology people say, 'I don’t need to go out to re-educate [myself].' The CCIE is very well trained to set up a desktop network. If all you have about the edge – the access network – is to connect a Wintel desktop and an IP phone and how to scale it up and give it quality of service guarantee on voice delivery and multicast and so on, then CCIE does it well. But that desktop access is getting increasingly irrelevant.

Aruba is saying, 'If you really want to chase the relevant problem -- track the user, track where the server has gone and so on.' So we're using that transition to re-educate the world.

How many CCIE's are you seeing moving to Aruba's Airheads?

I don't know the portion of those that are converted … We have a general population of 5,600 [Airhead] members today. So we saw an 86 percent increase in that in the last 18 months or so … Since the acquisition by HPE, our rate of Airhead adoption and certification has drastically increased because now we have a very targeted population of partners.

What makes your multi-tenant capabilities in the Aruba platform different from competitor's products like Cisco Identity Services Engine (ISE)?

The difference there is the architecture and resiliency of when you have a system you need to authenticate tens-of-thousands of people at a time, you need to have the backend database that is scalable. We were much more thoughtful when we put the systems together to think about this kind of scale as compared to when you quickly bought a few companies together and try to stitch it together.

Is multi-tenancy important in the market today?

Multi-tenancy is very important. Most multi-tenancy building is now getting to a requirement of a single physical infrastructure. So basically the idea there is if you walk into some public venue – a shopping mall or airport – a lot of these venues has been traditionally patched up with each tenant putting in its own equipment. In a switch network, it's okay … But when you're talking about wireless equipment, it's all sharing the same RF and you get to a point that you're working on cross[ed] frequencies. So the idea there is: Can you put in a single physical infrastructure and support 28 different entities, for example, and each one of the 28 perceive that network as their own network – except that they have a bandwidth contract – if you pay more, you get more? But from a security point of view, from compliance point of view, maybe this [entity] is a doctor with HIPAA compliance and this [entity] is in retail with PCI compliance. So how can you guarantee that you have one physical network, and you take it into 28 pieces, and each piece has the right quality of service and the right compliance? This is where Aruba-OS 8.0 comes in. Basically, we now have the capability for you to have a single access point in the ceiling that is homing back to 28 controllers.

Does anybody else have that technology in any form?

Absolutely not.

So does it take the cost way down?

Absolutely. It takes the cost way down and also the feasibility of administering such a network is finally possible. Amazingly, when you say, 'You are a tenant here and your security policy is managed by this box. This is all your traffic in the building just goes through this box. By the way, until it hits this box, it's all encrypted. And so nobody in the building can actually see your naked traffic.' That's a huge thing we call the multi-zone capability.

What deal are you most proud of winning when going head-to-head against Cisco?

I can come up with multiple examples, picking one is very hard. Generally speaking, forget about what features and so on, half of the customers have come up and said, 'Thank God there is now truly another choice. Until now, it's [been] one guy with a catalog and everybody has a one-page menu. Now I can suddenly come out with a guy who has an equally complete catalog, but I can pick and choose rather than have to take the whole catalog.'

Seriously, I walk into places and people say, 'I've waited for 10 years, why did it take so long? Because I am sick of being dictated too to the point that if I have to go build this end-to-end [solution] I only have one choice and get terms dictated to me. Now I have a person who is coming in with an open system and they are really good in multiple things.'

How is HPE helping you broaden Aruba development roadmap?

First of all, the total number of our R&D engineers has more than doubled since the acquisition and part of that doubling is that we now tuck into the HP networking business as part of the Aruba business. We are able to consolidate some of the overlapping programs, and so on, and we actually overall have been able to add resources.

The next stop we need to bring in the fold is the SMB. We traditionally have not been very focused on SMB, so for us, it is totally an untapped market. So we have to tap into the HP SMB engine which they have. Traditionally, Aruba's product is not low-end oriented. Since the merger, we have been working on a low-end line of products.

When will that new line of low-end, SMB-focused products come out?

I would say within the next calendar year … It will be earlier than the later part of the [next] year. In this SMB market, cloud-based management is important. That is another area that we want to enable our channel partners so that they have the price-point and the [ability] to centrally manage a lot of small customers. So it involves the cloud-based management we call Aruba Central, the low-end product lines for both the switching and wireless components and then tapping into the HPE SMB engine.

HPE has the cash, so talk about how that might help Aruba's innovation development?

If you look at the Aruba history, we are quite successful every nine months or so [buying] a small software company and we call it 'tuck-in'. If you look at most of our differentiation in software, most of those differentiations are from companies that we buy and we can quickly tuck it into our platform architecture, and you should expect that we accelerate the rate of acquisitions.

So if you look into our product roadmap and how we're going to spend R&D money and M&A dollars, you can summarize it with four words: stable, secure, smart, simple.

How are you leveraging HPE to enter new markets or customers?

When we [were growing rapidly] and were stretched to have to deploy in 100 countries, we said, 'We really need a big brother who has that footprint.' When you're deploying to a Fortune 500 company, you have to get the endorsement of the CIO and typically, we got in the network director level, then work our PoC [proof of concept], work our credibility … then when it's really decision [time for] a global deployment, we get the chance to meet the CIO. With HPE, literally we can get access to a VP of global infrastructure and the CIO within an hour. The throughput of people to coming in to visit our Executive Briefing Center has quadrupled since the (HPE) acquisition 18 months ago. We know that once they hear us out, they start a PoC and our win rate is like 90 [percent to] 95 percent.