Mobile-First-Infrastrukturvom Access Point bis zum Controller

Wolfgang Gumprecht

Aruba Category Managerwolfgang.gumprecht@hpe.com

ARUBA IS THE LEADER IN GARTNER’S WIRED / WIRELESS MAGIC QUADRANT

“Clients globally should consider HPE Aruba for all

wired/WLAN access layer opportunities.”

Gartner MQ for Wired and Wireless LAN

Access Infrastructure, October 2017

Leader in campus networks

ARUBA RECEIVES HIGHEST PRODUCT SCORES IN 6 OUT OF 6 USE CASES IN GARTNER’S CRITICAL CAPABILITIES REPORT*

1 2 3

4 5 6

Unified Wired and WLAN Access Wired-Only Refresh/New Build WLAN Only Refresh/New Build

Performance Stringent ApplicationsMultivendor Networking

EnvironmentRemote Branch Office With Corporate HQ

*Gartner, Critical Capabilities for Wired and Wireless LAN Access Infrastructure, Menezes, Canales, Zimmerman, November 2017This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Gartner – Link. Gartner does not endorse any

vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner's research

organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.

GENMOBILE IS AT THE HEART

OF OUR TECHNOLOGY STRATEGY

WHAT CHARACTERIZES A ‘MOBILE-FIRST’ NETWORK?

Policy is unified and multi-vendor

Manageability is end-to-end

Wireless is best-in-breed

Wired is optimized for Wireless aggregation

IT, BUSINESS APPS

AND DEVELOPER TOOLS

IT SERVICES BUSINESS AND USER FACING APPLICATIONS

WIREDACCESS

WAN

MOBILE FIRST

INFRASTRUCTURE

MOBILE FIRST

PLATFORM

WIRED CORE/AGG

Wi-Fi AND BLE

VIA CLIENT

REMOTE ACCESS

Policy

Management

Network

ManagementUser Experience and

Behavioral InsightsMicro-Location

Services and Analytics

POWERED BY ARUBA MOBILE FIRST INFRASTRUCTUREINTELLIGENT EDGE

ARUBA WIRED LANSOLUTION OVERVIEW

Access

Ag

gre

gati

on

C

ore

COMPLETE PORTFOLIO TO MEET CUSTOMER NEEDSARUBA CAMPUS SWITCHING

ARUBA CAMPUS AND BRANCH ACCESS SWITCH UNIQUE VALUES

− Based on 30+ years of networking leadership

− Broad Portfolio of differentiated hardware

− Investment in world-class switch OS

− SDN leadership

− Aruba wireless integration

− Switch licensing simplicity

− Limited lifetime warranty

Quality

Scale

Features

Instrumentation

and

supportability

Aruba OS-Switch

ARUBA CAMPUS EDGE SWITCH PORTFOLIO

Campus, branch and SMB networks

− Advanced Layer 3

− 24 or 48 port Gig

− Smart Rate multi-gigabit

Ethernet

− Modular 10GbE and

40GbE uplinks

− Modular uplinks

− 10 unit stacking

− OpenFlow

− 1440W PoE/Redundant

Power

− Central Support

− Advanced Layer 3

− 6 and 12- slot compact

chassis

− Smart Rate multi-

gigabit Ethernet

− Wire speed 40GbE

− Redundant mgmt. and

power

− 96 10GbE ports, 288 1

GbE ports

− 288 ports full PoE+ capable

− OpenFlow

− Central support

5400R

− Layer 2

− 8, 24 or 48 ports with

10/100 or Gig

− sFlow, ACLs, IPv6

− Fanless & compact

models

− PoE+ models

− Central support

3810

2530

− Standard Layer 3 with

static, RIP routing &

Access OSPF

− 4 Unit VSF Stacking

− 8, 24, 48 ports Gig

− PoE+ models

− Fixed 1GbE and 10GbE

Uplinks

− Internal Power supply

− OpenFlow

− Central support

2930F

− Standard Layer 3 with

static, RIP routing &

OSPF

− 10 Unit Backplane

Stacking

− Redundant power

− Modular 10GbE and

40GbE uplinks

− OpenFlow

− 1440W PoE/Redundant

Power

− Central support

2930M

2540

− Layer 2 with static & RIP

routing

− 24, 48 ports Gig

− PoE+ models

− Fixed 10GbE Uplinks

− Internal Power supply

− Central support

ARUBA CAMPUS AGGREGATION AND CORE SWITCH PORTFOLIO

Campus Core

Advanced Layer 3

1 RU

Wire speed 10GbE

Wire speed 40GbE

Redundant power

Multi-Chassis LAG

2 Unit Virtualization on the

Roadmap

Full Programmability

8320

Advanced Layer 3

Carrier class reliability

8- slot compact chassis

Redundant mgmt. switch fabric

and power

Wire speed 10, 40GbE and 100GbE

48* 100GbE

Multi-Chassis LAG

2 Unit Virtualization on the Roadmap

Full Programmability

8400

Aruba 8400 and ArubaOS-CX

Optimized form factor & cost, carrier

class availability, 10/25/40/100 GbE

Mobile First Core/Aggregation

Architecture

Tightly integrated to policy

management, analytics and

management services

Network Analytics Engine

Programmable next-gen OS for

switching, with massive Open Source

leverage, and analytics to automate

troubleshooting

EXTENDING THE MOBILE FIRST ARCHITECTURE TO AGGREGATION AND CORE

Network Component / Layer Network Hardware Network protocols

Network

Control Plane

Controller Aruba mobility controller

Core Solution

ARP > 128K

IPv4,v6 > 256K (1M), 64K

ACLs > 64K

Multicast > 64K

3-4 Buildings (6-8 Agg Switches)

OSPF, BGP (Internet), MLAG,

VSX*, MPLS*, ACL (policy routing),

et al

Aggregation

Solution

ARP > 64K (128K)

IPv4,v6 > 128K, 32K

ACLs > 64K (256K)

24-48 Access (96-192x10G)

OSPF, MLAG, VSX*, VXLAN*,

VRF, ACLs (user policy

aggregation),

et al

Access Switch Aruba 5400R, 3810, 29XX

AP AP-320, AP-330, AP-340

BuildingCore: 40/100G

Agg: 10/25/40G2-4 ports/LAG

DEPLYOMENT SCENARIO

* Future

ARUBA WIRELESS LANSOLUTION OVERVIEW

RemoteAPs connecting using IPSec VPN to a central Controller

CentralizedManaged from WLAN Controller

One AP Hardware

several deployment

options

InstantAPs form virtual ControllerCloud or on premise managed

Instant or Unified

Access Points

MOST FLEXIBLE SOLUTION IN THE MARKET

ARUBA INSTANT WI-FI

BUILT-IN RF MANAGEMENT

Adaptive Radio Management™

ClientMatch™

BUILT-IN SECURITY

Firewall/Role-based Access

RADIUS/DHCP/Application visibility

Intrusion Prevention/Detection/Guest access

BUILT-IN RESILIENCY

Site Survivability

Uplink Redundancy

Easy deployment

Truly controller-less

Enterprise grade & free software

Investment protection-upgradeable to controller

✓ SIMPLE

✓ POWERFUL

✓ COST EFFECTIVE

HOW IT WORKS

First AP configured

READY…

It becomes the “master” & performs firewall and controller functions

SET…

New APs automatically connect to the “master” & download configuration

GO!!

Instant APs

✓ NO ONSITE IT NEEDED

✓ NETWORK SURVIVABILITY

ARUBA MANAGEMENT CHOICE

DEPLOYMENT n/a

CLOUD

Management as a Service

No Hardware, No Software

ON-PREMISE

MANAGEMENTDECENTRALIZED

Instant Clusters

CENTRALIZED MANAGEMENT

Instant APs, Aruba Switches

Multiple Sites, Multiple Clusters

CENTRALIZED MANAGEMENT

Instant APs, ArubaOS APs, Aruba Switches, Third-

Party Wired & Wireless

ADVANCE

CAPABILITIESSimple Guest Wi-Fi

Guest/Visitor Management w/ Custom Captive

Portal

VisualRF, Advanced Reporting, Alerts &

Customizations

PRICING Free

NO UPFRONT COSTS

Subscription per AP/Switch - 1/3/5yr

Tech Support Included

LOWER RECURRING COSTS

Perpetual S/W License per AP/Switch + Recurring

Annual Maintenance + HW (optional)

INSTANTLOCAL MGMT CENTRAL AIRWAVE

ARUBA MOBILITY CONTROLLER WIRELESS LAN OVERVIEW

FLEXIBLE DEVICE DEPLOYMENT MODELS -APPLIANCES OR VIRTUAL

Mobility Master and Mobility Controllers can be deployed as Appliance or VMWare Hypervisor

Virtual Mobility Controller –

Easy deployment for VMware Hypervisor current customers

Easy to scale by adding more CPU and storage resources

Cost effective as no need for redundant controller

Same capabilities as Mobility controllers -Firewall throughput of ~5 Gbps

Virtual Mobility Controller

Hardware Mobility

Controller

ARUBA OS - KEY BENEFITS

SIMPLICITY Multi-versioning, enhanced UI, campus ZTP,

user load balancing, centralized licensing

STABILITY In-service upgrades, seamless client failover

in cluster, auto configuration rollback

INNOVATION ClientMatch, AirMatch, MultiZone,

AirGroup, AppRF

7005 & 700816 APs/1K Users2 Gbps Firewall

701032 APs/2K Users

12 POE Ports4 Gbps Firewall

703064 APs/4K Users8 Gbps Firewall

7210512 CAP/512 RAP

16K Users20 Gbps Firewall

7205256 APs/8K Users12 Gbps Firewall

72201024 CAP/1024 RAP

24K Users40 Gbps Firewall

72402048 CAP/2048 RAP

32K Users40 Gbps Firewall

702432 APs/2K Users

24 POE Ports4 Gbps Firewall

MC-VA-5050 APs/4K Users

MC-VA-250250 APs/8K Users

MM-VA-500500 Devices/5K Users

MM-VA-5K5K Devices/ 50K Users

MC-VA-10001000 APs/24K Users

MM-VA-1K1K Devices/10K Users

VM-VA-10K10K Devices/ 100K Users

MM-HW-5K5K Devices/ 50K Users

MM-HW-10K10K Devices/ 100K Users

MM-HW-1K1K Devices/ 10K Users

PRODUCT PORTFOLIO

ARUBA WIRELESS HIGHLIGHTS

AppRF™ FOR INTELLIGENT COMMUNICATION CONTROL

ON-BOARD DPI

Depth - common apps

Enterprise traffic

CLOUD-BASED

WEB POLICY ENFORCEMENT

Breadth - less common apps

Web traffic

App category

Individual app

Web category

Web reputation

Allow/deny

QoS

Throttle

Log

Blacklist

GRANULAR VISIBILITY & CONTROL

Prioritize business critical apps

Block inappropriate content

Enforce per user/device/location

ARUBA CLIENTMATCH™

Move to AP

REAL-TIME RF CORRELATION

- 98% higher signal quality for mobile devices

- 94% increased performance for “sticky” clients

- No client software required

Patent: 8,401,5540

DEVICE TYPE INTERFERENCELOCATION DENSITY

AIRMATCH – BETTER USER EXPERIENCE FOR HIGH DENSITY NETWORKS

– Centralized RF Optimization with no overlap of power/channel to accommodate RF plan of large networks

– Automatic assignment of channel , channel width and power for APs to have better throughput for clients i.e. based on client density

– Long term network stability and performance

ARUBA ACCESS POINT PORTFOLIO

ARUBA ENABLES DEPLOYMENT FLEXIBILITY WITH UNIFIED ACCESS POINTSAll new APs from January 2017+ are Unified

Unified AP

(UAP)

Controller-based (CAP)Centralized encryption/switching

Larger mobility domains

Advanced services at scale

Controllerless (IAP)Many individual remote sites

Simplified management

Minimal onsite HW and IT

All APs can also be deployed as Remote Access Points

360303H 203H

203R340 318 370

Indoor Access Points

INDOOR ACCESS POINT PORTFOLIO

330 Series (AP/IAP-33x)802.11ac 4x4:4SS, MU-MIMO, VHT160

2.5Gbps1x 1GE + 1x 2.5GE, USB, BLE

11ac W2 Flagship

320 Series (AP/IAP-32x)Dual radio, 802.11ac 4X4:4SS MU-MIMO

2xGE, USB, BLEHigh performance 11ac W2 platform

310 Series (AP/IAP-31x)802.11ac 4x4:4SS*, MU-MIMO, VHT160

1x GE, USB, BLE, 802.3af POEBaseline 4x4 11ac W2 platform

802.11ac Wave 1 802.11ac Wave 2

300 Series (AP/IAP-30x)802.11ac 3x3:3SS*, MU-MIMO

1x GE, USB, BLE, 802.3af POEEntry-level 3x3 11ac W2 platform

207 Series (AP/IAP-207)Dual radio, 11ac 2x2:2SS, 1xGE

Low-cost 2x2 11ac platform

340 Series (Unified-AP 34x)802.11ac 4x4:4SS, MU-MIMO, VHT160

Dual 5GHz, 4.3Gbps,1x 1GE + 1x 2.5GE, USB, BLE

11ac W2 Flagship

HOSPITALITY AND OUTDOOR ACCESS POINT PORTFOLIO

Outdoor Access Points

802.11ac Wave 2

Hospitality Access Points

Hardened Access Points

802.11ac Wave 2

802.11ac Wave 1 / 802.11n

Outdoor Access Points

802.11ac Wave 2

Hospitality Access Points

802.11ac Wave 1

802.11ac Wave 2

ARUBA MANAGEMENT SOLUTIONOVERVIEW

ARUBA CENTRAL OVERVIEW

–Aruba Central is a software-as-a-service subscription and cloud-based platform

–Centralized location to monitor and control network devices

–No need for overlay network management system

–Aruba Central manages and provisions Aruba wired and wireless hardware

ARUBA AIRWAVEManagement and monitoring designed for mobile-first networks

Airwave covers common wired and wireless LAN use cases− Device Discovery

− Topology Views

− Backup & Recovery

− Firmware Upgrade

− Monitoring

− Zero touch provisioning

− Template based Configuration

− Client Troubleshooting

− Application Visibility

− RF Visualization

− Rogue AP Detection

− UCC Voice

ARUBA AIRWAVEManagement and monitoring designed for mobile-first networks

Performance for mobile− Live RF & client monitoring, VisualRF

− Aruba Clarity: live user monitoring &

synthetic testing

Reliability for critical apps− App & web analytics

− MobileUC visibility

ARUBA CLEARPASSOVERVIEW

– Identity based and non AAA Enforcement

– 802.1X: TLS, PEAP/MSCHAP, TTLS, PEAP/GTC, etc.

– MAC Address Authentication

– TACACS+

– Media independent

– External Authentication source

– Typically AD integration

– Two factor authentication

– Standards based: LDAP, SQL, Kerberos, HTTP, etc.

– Extra Authorization

– LDAP attributes– Group membership

– 3rd Party Posture compliance status– Typically via SQL

– SCCM, Symantec, McAfee…

– MDM integration

CLEARPASS POLICY MANAGER

CLEARPASS FOR MOBILE, IoT AND GUEST POLICY ENFORCEMENT

CLEARPASS POLICY MANAGER

Onboard OnGuard

System - asHardware or

VM Appliances

Expandable Applications

Access License -Guest Access, 802.1x,

MAC-AuthenticationOnConnect…

–We have been at the forefront of Common Criteria certification across our product portfolio, including wireless access points, switches, mobility controllers, and remote VPN software. Now, we are proud that ClearPass Policy Manager is the first network access control (NAC) solution in the industry to be awarded Common Criteria certification under a government-approved protection profile.

–In January 2018, ClearPass was awarded Common Criteria certification under both the Network Device collaborative Protection Profile (NDcPP) and the Authentication Server Extended Package. The certification was awarded by the National Information Assurance Partnership (NIAP), the US government initiative that oversees the Common Criteria program. ClearPass certification was validated through Gossamer Security Solutions, a world-renowned independent testing lab.

CLEARPASS COMMON CRITERIA CERTIFIED

ARUBA MOBILE ENGAGEMENTOVERVIEW

SOLUTION OVERVIEW

–Aruba Mobility Ecosystem: Connectivity – Security - Convenience

–Solution components

– Hardware

–Battery-powered Beacons, USB-Beacons, Asset Tags

– Meridian Software

–White Label App - Meridian AppMaker with CMS system included

–Software Development Kit (SDK) for Apps integration

–Meridian Editor

–Added value through data analysing

–Use Cases and successfull implementations

– Wayfinding (Navigation) vs. Push-Notification (Proximity)

– Museums, Stadiums, Casinos, Airports, Retail, Healthcare...

–Asset tracking ...

ARUBA MOBILE ENGAGEMENT

ArubaBeacons

Blu

eto

oth

ClearPass Guest for Guest Internet Access and promoting the App

Indoor NavigationLocation Based Push-

Notifications

App contentCloud management for Beacons and Analytics

Aruba ClearPass

Internet Access

App on mobilenDeviceApple/Android

Aruba Meridian

ArubaWLAN

Beacon ManagementConnectivity

Security

Convenience

BETTER OUTCOMESBE THE HERO

Reduce Business

Risk

Keep the enterprise and customer data

secure from the in- and outside

Right-Size IT

Investments

Future-proof IT with a networking

foundation for flexibility and

agility

Deliver Winning

Experiences

Securely handle mobile, IoT, and digital demands