Remote Wireless LANs
-
Upload
aruba-networks-an-hp-company -
Category
Technology
-
view
296 -
download
0
Transcript of Remote Wireless LANs
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf #airheadsconf
Remote Networks with Aruba Instant
Presented by: Gokul Rajagopalan – Product Management Santa PalChaudhuri – Engineering Neil Kulkarni – Technical Marketing
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf
Key Applications & Verticals Requirements & Challenges Aruba Instant for Remote Networking
Agenda
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf #airheadsconf 3
Applications & Verticals
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf
Who should care?
Branch office / Remote teleworker
Retail
K-12 Healthcare
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf #airheadsconf 5
Requirements & Challenges
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf
The Challenge of Mobility
Complex to deploy and manage
Unreliable connection & poor app performance
Lack of security for employee & guest personal devices
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf
Remote Networking Requirements
• Few components on-site • No special expertise on-site • Full functionality • Resiliency • Centralized management
and debug-ability
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf #airheadsconf 8
The Instant advantage
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf
Instant – VPN Solution Architecture
Branch 1
Datacenter
AirWave Network Management
Aruba Mobility Controller ClearPass solution
Instant Cluster
VRRP Link
Master Standby
Instant Cluster
Branch 2
L3 branch L2 branch
DMZ
IAP-175 outdoor extension Mesh Link
IAP for indoor extension
Aruba Activate for zero touch deployment.
Master Active
RF
Firewall
Uplink options
VPN
Fast Failover
Mobility
Application Awareness
Central Management
BYOD and Guest Services
Zero-touch provisioning
Internet / WAN
Self-organizing network
Central or local AAA & IP Management
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf
Optional • VPN – Aruba Mobility Controllers • Whitelist Management - ClearPass • Switching – Mobility Access Switches
Instant – VPN Solution Components
Access Points AirWave Activate
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf
Zero-Touch Provisioning IAP + VPN
Home/Remote Location Campus Network
Remote L2 Network
Segment
Aruba Instant AP
IAP tries Cloud provisioning Sends: Serial #, MAC
IAP tries DHCP provisioning
Cloud Responds: AirWave IP, Shared Secret, Org
AirWave
IAP contacts AMP Sends: Shared Secret, Org
AirWave Responds Sends: Image and Config
Additional IAPs Discover Initial AP and download image and config
Access Point 2
Access Point 5
ClearPass automatically downloads whitelist from Activate
Controller authenticates APs against ClearPass
Aruba Activate
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf
Centralized Management Demo
Private-cloud Management
• New device-NMS communication model • NMS Scalability • Bulk configuration • Remote troubleshooting
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf
Key Features • Zero-touch (remote) VPN configuration • Automatic whitelisting • No controller licensing required • Single IPSec tunnel per IAP network • Scalability • Site survivability
Instant VPN - Setup Demo
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf
802.1x Authentication – Dynamic RADIUS Proxy – External RADIUS & load-balancing – Role-derivation – Authentication Survivability
Guest Authentication – Centralized guest management – ClearPass Guest – RADIUS accounting
Instant VPN - AAA
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf
• Local – User traffic NATted, virtual-controller assigned IP
• Centralized Layer-2 – User traffic bridged, IP assignment from datacenter
• Distributed Layer-2 – User traffic bridged, IP assignment locally managed
• Distributed Layer-3 – Layer-3 subnet on-site, routed to datacenter, IP assignment
locally managed
Instant VPN – client IP & data flow
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf
Aruba Mobility Controller
VRRP Link
Master Standby
DMZ
Master Active
Aruba Mobility Controller
VRRP Link
DMZ
Master Active Master Standby
Internet / WAN
Data Center A Data Center B
Instant Cluster
Branch 1
Traffic in Tunnel A
Traffic switched to Tunnel B
Primary Tunnel
Backup Tunnel
Instant VPN – Fast Failover Demo
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf #airheadsconf 17
Advantages over conventional solutions
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf
Platform – Independent regulatory domains – Phased firmware upgrades – Increased controller scalability, lower licensing costs – Local management plane - resilient to WAN failure – Local control plane - enables local services – Local data plane – highly scalable branch
• Deployment – Zero-touch provisioning
Advantages of Instant-based solution
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf
Traffic engineering – Enables mobility in multi-AP branches – Enables full site survivability – Constrained broadcast domains – Fast failover for VPN – Locally enforced QoS, mDNS optimization, etc.
Management – Centralized configuration, firmware management,
troubleshooting – Investment protection as branch grows into campus
Advantages of Instant-based solution
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf #airheadsconf 20
Roadmap
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf
• Uplink intelligence • Secondary role-derivation • Bandwidth management • Aruba switch integration • Cloud services
Direction
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf #airheadsconf
Thank You
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf #airheadsconf 23