aruba clearpass
Post on 30-Dec-2016
299 Views
Preview:
TRANSCRIPT
Copyright 2015 Hewlett Packard Enterprise Development LP
Horizont 2016
Enable Workplace ProductivityAchieving successful digital workplace productivity& Exceeded IT business needs by using HPE and Aruba networking solutions
Igor Grčić – HPE & Aruba Networks Sales and partner manager for the
Adriatic region and Bulgaria
06. 10. 2016
2
CONFIDENTIAL © Copyright 2015. Aruba Networks, an HP Company. All rights reserved
HPE Aruba Products Overview
Cloud networking
Central with REST APIs to share
context and program infrastructure
Policy management
ClearPass with a unified API library
and Extensions repository
Network management
AirWave with northbound XML APIs
for data consumption
Network controls
AOS8 with REST APIs to share
context and program infrastructure
Location analytics
Analytics and Location Engine (ALE) with
northbound REST APIs
Micro-location services
Meridian with mobile app
development SDK and REST
APIs
2930F
Wired Infrastructure
Switches
Wireless Infrastructure
APs, RAPs, Sensors, Beacons…
304/305 Wave 2 207 Wave 1
103/205/215/225 indoor + outdoor
How Aruba Instant works
5
First Access Point configured
Ready …
It becomes the “master” & performs firewall and
controller functions
Set …
New APs automatically connect to the “master” &
download configuration
Go!! Up to 128 AP’s without controller in
local cluster. Instant APs
NO ONSITE IT NEEDED
NETWORK
SURVIVABILITY
AppRF technology
6
On-Board DPI
• Depth - common apps
• Enterprise traffic
Cloud-Based Web Policy
Enforcement
• Breadth - less common
apps
• Web traffic
App category
Individual app
Web category
Web reputation
Allow/deny
QoS
Throttle
Log
Blacklist
GRANULAR VISIBILITY & CONTROL
Prioritize business critical apps
Block inappropriate content
Enforce per user/device/location
REAL-TIME RF CORRELATION
DEVICE TYPE INTERFERENCELOCATION CONGESTION ‘MU-MIMO Aware’
Desk Phones Are So 19th Century
Enterprise reference architecture
Aruba 802.11ac APs
Aruba 7200 Mobility Controller
Aruba 5400R chassis (or Aruba
3810 stacking) Aruba 7200 Mobility Controller
Aruba 2930F Aruba 2930F
10
Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure
This graphic was published by Gartner, Inc. as part of a larger research document and should be evaluated in the context of the entire document. The Gartner document is available upon request from Aruba, a Hewlett Packard Enterprise company. Gartner does not endorse any vendor, product or service depicted in its research publications, and does not advise technology users to select only those vendors with the highest ratings or other designation. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties or merchantability or fitness for a particular purpose.
Source: Gartner Magic Quadrant for the Wired and Wireless LAN Access InfrastructureAugust 2016. Tim Zimmerman, Christian Canales, Bill Menezes, Danilo CiscatoID Number: G00291908
11
So we got the
Best and actually
saved money???
12
13
Switching That Meets the Needs of Today and Tomorrow
Gigabit Access Multi-Gig Access
Aruba 2920 Aruba 3810 Aruba 5400
POE+
SDN Ready
Smart Rate
Multi-Gig Ports
Aruba 2530
AirWave &
ClearPass
Stacking VSF
Aruba 2930F
Broad 802.11ac Aruba Instant PortfolioModel Location Performance Density Vertical
200 Series Indoor Moderate Moderate
(50 active)
K-12
Retail
Hospitality
210 Series Indoor HighModerate
(75 active)
Carpeted space
Hospitality - Lobby
220 Series Indoor HighHigh
(125+ active)
Lecture Halls
Venues
310 Series Indoor HighModerate
(75 active)
Carpeted space
across verticals
320 Series Indoor HighHigh
(125+ active)
Higher Ed
Venues
330 Series Indoor Very HighHigh
(125+ active)
Higher Ed
Venues
270 Series Outdoor HighHigh
(125+ active)Outdoor
207 Series Access PointsMaking fast 802.11ac affordable for everyone
• Dual radio 2x2:2SS VHT160
• 5GHz: 867Mbps max, 2.4GHz: 400Mbps max
• Support for approved 5GHz bands in the future
• Transmit Beamforming and Advanced Cellular Coexistence
• Integrated BLE radio: locationing, beacon management
• Temperature range: 0C to +50C
• 1x GbE, 802.3af POE / 12Vdc, ~12W max
• Same size as 205 series (150mm x 150mm x 40mm)
Availability
ArubaOS 6.5: Q4’FY16
ArubaOS 8: Q1’FY17
Instant: Q1’FY17
Confidential – For Training Purposes Only 17
It’s cold here!!!
270 Series and 228 Hardened AP Portfolio
AP-275
Integrated OmnisDual Radio 11ac 3x3:3SS
AP-274
ConnectorizedDual Radio 11ac 3x3:3SS
AP-277
Integ. DirectionalDual Radio 11ac 3x3:3SS
AP228
6 x RPSMADual Radio 11ac 3x3:3SS
19
Can you work
from home?
Extending Your Enterprise with Remote APs
– Light up a remote office with simple plug-and-play
– Extends corporate Wi-Fi, wired, VPN and firewall
– Easily connect printers and power VoIP phones
– Enhanced failover options with a 2nd ISP or cellular
handoff
20
Cloud-based management with Aruba Central, and zero-touch
Network configured
& running4
Plug in Aruba
Instant AP or
Aruba Switch
1
Secure connection
(HTTPS) 2
Central* sends config
details to AP/Switch3
ZERO-TOUCH PROVISIONING
NO ON-SITE EXPERT NEEDED
*Now DHCP-based ZTP with 16.01
Activate-based ZTP with 16.02
Confidential – For Training Purposes Only 22
How do you
manage?
Flexible management choices
23
Deployment n/a Cloud
Management as a Service
no hardware, no software
On-site
Management Decentralized
Instant Clusters
Centralized Management
Instant APs, multiple sites,
multiple clusters
Centralized Management
Instant & ArubaOS APs,
Third-Party Wired & WLAN
Advanced
Capabilities
Simple Guest Wi-Fi Guest/Visitor management
with custom captive portal
VisualRF, advanced reporting
alerts & customizations
Pricing Free No upfront costs
Subscription per AP - 1/3/5yr
Tech Support included
Lower recurring costs
Perpetual SW license per
AP/Switch + recurring annual
maintenance + HW (optional)
Instant Local
Management Central Airwave
Confidential – For Training Purposes Only 24
Can we Grow?
Controllers scale from branch to campus
7030Large branchUp to 64 APs and up to 8Gbps throughput
Midsize branch with integrated switch12 or 24 ports of PoE+ for unified branches
Up to 32 APs
Small branchVirtualized or PoE-powered controllers
Midsize CampusHigh performance, fixed form factor
Up to 256 APs, 12 Gbps throughput
Large CampusHigh performance, redundant power/fan
512 – 2048 APs, up to 40Gbps throughput
7240
7220
7210
7205
7024 (24 PoE+)
7010 (12 PoE+)
VMC-TACT (8/16 AP)
7005/7008 (16 AP)
Bra
nc
h
Ca
mp
us
26
27
28
References?
Telecom
Services
Retail
Media & Ent
Primary Education Public Venues
Healthcare
Finance
Manufacturing
Public Transit
Government
Social & New Media
Oil & Gas Hospitality
Higher Education
Technology
Confidential – For Training Purposes Only 31
They are
comming!!!
Managing risk in today’s digital enterprise
Rapid transformation of enterprise IT
Shift to hybrid
Mobile connectivity
Big data explosion
Cost and complexity of regulatory pressures
Compliance
Privacy
Data protection
Increasingly sophisticated cyber attacks
More sophisticated
More frequent
More damaging
User Behavior and the shifting perimeter
* Aruba 2015 “Running the Risk” report
30% of users lost
data on mobile
Younger users are
less responsible60% of users share
devices
Aruba, HPE 2015 Survey of 4300
Enterprises
IT Solution Overload
How do I onboard personal devices?
NAC?
MDM?
MAM?
How do I keep enterprise data safe?
How do I protect my network?
What if a mobile device is lost?
How do I maintain user privacy?
Internet of
Things (IoT)
BYOD and
corporate owned
Security monitoring and
threat prevention
Multi-vendor
switching
Multi-vendor
WLANs
Aruba ClearPass
Aruba ClearPass with
Exchange EcoSystem
Device Management
and multi-factor auth
Helpdesk and voice/SMS
services in the cloud
REST API / Syslog
Aruba ClearPass
37
The most comprehensive BYOD and IoT management platform
• Role-based network access enforcement for Wi-Fi, wired
and VPN
• Supports NAC and Microsoft NAP posture and health
checks
• Advanced reporting of all user activity, authentications and
failures
• Device onboarding, profiling, guest access, and
compliance reporting
• Enterprise-grade AAA, including RADIUS/TACACS+,
802.1X and non-802.1X services.
38
39
Can I use my
device?
40
• Automate device provisioning for secure BYOD (Data about devices
from Active Directory and LDAP)
• Issue unique certificates for every mobile device - SCEP and EST
(RFC 7030)
ClearPass Onboard: Automated device provisioning for secure BYOD
41
ClearPass OnGuard
42
•
•
•
•
•
•
•
43
44
T-SystemsCustomer story, T-Systems
High Visibility,
Managed Service
– ThyssenKrupp is their 1st
customer
– Use of AAA, Guest, Onboard
and OnGuard with multiple
expansion opportunities
47
Can we do
something for
marketing?
48
•
•
•
AOS8 : Multiple tenants on the same access point with MultiZone
LoCtrl2
CSw1 CSw1
LoCtrl1
Aruba 7200Mobility Controller
Aruba 7200Mobility Controllers
Network A Network B
• Requires Mobility Master and AOS8
• SSIDs terminate on different controllers to
ensure physical separation of traffic flows
• Efficient use of Wi-Fi resources and reduced
cost of AP hardware deployment
Offer significant cost savings to
operators of public venues, by
eliminating use of separate Wi-Fi
systems
MultiZone: Use Cases and Benefits
Airport
Shopping Mall
H&MPrivate Wi-Fi
Levi’sWi-Fi
UniqloPrivate Wi-Fi
Shoppin
g M
all
public
Wi-
Fi
Public Wi-FiSecurity Wi-Fi
British Airways Wi-Fi
United Airlines Wi-Fi
Singapore Airlines Wi-Fi
Air France Wi-Fi
Give additional Wi-Fi
sponsorship opportunities to
your existing customers in
public venues
Traffic Pattern Analytics Enabled by ALE
Presence (Inside Venues / Conference Rooms)
Capture Rates (Inside versus Walk-Bys)
Dwell Times by Geofence
Repeat versus New Visitors
User Classification (Employees versus Guests)
70,000seats
10.3 TB offloaded
Access Points and Blootooth navigation
56
Typ
e A
Typ
e B
Typ
e C
Typ
e D
Typ
e E
Typ
e F
Non-intrusive beacon setup
57
Wayfinding
58
In seat delivery & Express Pickup
59
Video replays; App optimization; content management…
60
http://www.levisstadium.com/stadium-info/stadium-app/
….
HOW WE DID IT…
63
Thank youIgor.grcic@he.com
64Confidential – For Training Purposes Only
top related