CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf #airheadsconf

Remote Networks with Aruba Instant

Presented by: Gokul Rajagopalan – Product Management Naveen Manjunath – Engineering Neil Kulkarni – Technical Marketing

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf

Key Applications & Verticals

Requirements & Challenges

Aruba Instant for Remote Networking

Agenda

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf #airheadsconf 3

Applications & Verticals

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf

Who should care?

Branch office / Remote teleworker

Retail

K-12 Healthcare

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf #airheadsconf 5

Requirements & Challenges

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf

The Challenge of Mobility

Complex to deploy and manage

Unreliable connection & poor app performance

Lack of security for employee & guest personal devices

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf

Remote Networking Requirements

•  Few components on-site •  No special expertise on-site •  Full functionality •  Resiliency •  Centralized management

and debug-ability

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf #airheadsconf 8

The Instant advantage

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf

Instant – VPN Solution Architecture

Branch 1

Datacenter

AirWave Network Management

Aruba Mobility Controller ClearPass solution

Instant Cluster

VRRP Link

Master Standby

Instant Cluster

Branch 2

L3 branch L2 branch

DMZ

IAP-175 outdoor extension Mesh Link

IAP for indoor extension

Aruba Activate for zero touch deployment.

Master Active

RF

Firewall

Uplink options

VPN

Fast Failover

Mobility

Application Awareness

Central Management

BYOD and Guest Services

Zero-touch provisioning

Internet / WAN

Self-organizing network

Central or local AAA & IP Management

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf

Optional •  VPN – Aruba Mobility Controllers •  Whitelist Management - ClearPass •  Switching – Mobility Access Switches

Instant – VPN Solution Components

Access Points AirWave Activate

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf

Zero-Touch Provisioning IAP + VPN

Home/Remote Location Campus Network

Remote L2 Network

Segment

Aruba Instant AP

IAP tries Cloud provisioning Sends: Serial #, MAC

IAP tries DHCP provisioning

Cloud Responds: AirWave IP, Shared Secret, Org

AirWave

IAP contacts AMP Sends: Shared Secret, Org

AirWave Responds Sends: Image and Config

Additional IAPs Discover Initial AP and download image and config

Access Point 2

Access Point 5

ClearPass automatically downloads whitelist from Activate

Controller authenticates APs against ClearPass

Aruba Activate

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf

Centralized Management Demo

Private-cloud Management

•  New device-NMS communication model •  NMS Scalability •  Bulk configuration •  Remote troubleshooting

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf

Key Features •  Zero-touch (remote) VPN configuration •  Automatic whitelisting •  No controller licensing required •  Single IPSec tunnel per IAP network •  Scalability •  Site survivability

Instant VPN - Setup Demo

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf

802.1x Authentication –  Dynamic RADIUS Proxy –  External RADIUS & load-balancing –  Role-derivation –  Authentication Survivability

Guest Authentication –  Centralized guest management – ClearPass Guest –  RADIUS accounting

Instant VPN - AAA

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf

•  Local –  User traffic NATted, virtual-controller assigned IP

•  Centralized Layer-2 –  User traffic bridged, IP assignment from datacenter

•  Distributed Layer-2 –  User traffic bridged, IP assignment locally managed

•  Distributed Layer-3 –  Layer-3 subnet on-site, routed to datacenter, IP assignment

locally managed

Instant VPN – client IP & data flow

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf

Aruba Mobility Controller

VRRP Link

Master Standby

DMZ

Master Active

Aruba Mobility Controller

VRRP Link

DMZ

Master Active Master Standby

Internet / WAN

Data Center A Data Center B

Instant Cluster

Branch 1

Traffic in Tunnel A

Traffic switched to Tunnel B

Primary Tunnel

Backup Tunnel

Instant VPN – Fast Failover Demo

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf #airheadsconf 17

Advantages over conventional solutions

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf

Platform –  Independent regulatory domains –  Phased firmware upgrades –  Requires minimal head-end resources –  Local control-plane

Traffic engineering –  Enables mobility in multi-AP branches –  Enables full site survivability –  Constrained broadcast domains

Management –  Centralized troubleshooting –  Investment protection as branch grows into campus

Advantages of Instant-based solution

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf #airheadsconf 19

Roadmap

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf

•  Uplink intelligence •  Secondary role-derivation •  Bandwidth management •  Aruba switch integration •  Cloud services

Direction

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf #airheadsconf

Thank You

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf #airheadsconf 22