aruba - remote branch-networking-fundamentals-2014

Remote and Branch Networking Fundamentals June 9-14, 2014

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

2 #AirheadsConf

Agenda

•  Challenges of Deploying Remote networks •  Aruba Solution •  Aruba Instant •  Aruba Instant for Private WAN based Deployments •  Aruba Instant-VPN •  Management and Zero-Touch Deployment

Challenges of Deploying Remote Networks

4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Who should care?

Branch office / Remote teleworker

Retail

Healthcare

5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Challenges

Aruba Solution

7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Aruba Solution

Home Office On The Road Branch

Datacenter

AirWave Aruba Mobility Controller ClearPass Access Management

Instant-VPN

Mobility Switch

Instant Cluster

Virtual Intranet Access (VIA) Client

Internet / WAN

Instant Cluster

Management and Zero-Touch Deployment

9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Internet

Airwave and Aruba Central

Campus Network

Aruba Central Aruba AirWave

Data Center

•  Advanced  guest  services  

•  Mobile  device  onboarding    

•  Unified  wired/wireless  policy    

Airwave

ClearPass

Mobility Switch

10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Aruba Activate: Zero-touch Deployment

Aruba Instant

12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Aruba Instant

•  Redundancy for internal failure

•  Redundancy for external failure

•  Organic growth •  Mobility-ready

•  RF optimization •  Master AP

selection

•  Over-the-air provisioning

•  WiFi oriented configuration

Simple to deploy

Self-optimizing

Self-healing Scalable

13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Aruba Instant Architecture

•  Distributed data-plane –  Wireless encryption / decryption, firewall

•  Distributed control-plane –  Authentication, DHCP, ARM, WIPS

•  Centralized (local) management-plane –  Configuration, firmware management, GUI, SNMP

14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Automatic RF Management

Infrastructure control

•  Automatic RF optimization for coverage & capacity

•  Real-time spectrum analysis and interference avoidance

•  Load / Application awareness

•  Self-healing

Channel 11

Channel 6

Channel 1

Client Control

•  Moves clients towards less congested frequency band

•  Distributes clients across available spectrum*

•  Bandwidth controls

15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Security tailored for Mobility

Context Aware

On-boarding

Role-based access

Policy Enforcement

•  Aruba RFProtect + AirWave RAPIDS •  RF Scanning, Rogue AP detection / containment, Valid-station protection

•  Encryption •  Over-the-air AES encryption, IPSec VPN to datacenter (where applicable)

•  Role-based Access •  Per-user, per-device access

•  Policy Enforcement Firewall •  Segregation of business traffic from guest traffic. •  Blacklisting for session violation

•  Centralized Monitoring and Alerting

16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

•  No need for separate SSID for QoS.

•  Session based DSCP tagging & prioritization

•  Multicast-to-unicast conversion for video

•  Media-classification for encrypted voice –Apple Facetime

•  AirGroup* to manage Apple AirPlay, AirPrint, etc

Mobility Services: Real-time Applications

ClearPass

IAP

IAP IAP

17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Mobility Services: Guest Access

•  Securely Manage Visitor Access –  Streamlined workflow; No IT •  Sponsored-based, Visitor Self-Registration, Pre-registration,

Anonymous Guest Access •  3rd Party Integrations

•  APIs for integration with existing applications / CRM tools –  Assignable roles, expiration times, user names, passwords

•  Highest Customization –  Skin technology, software plugins, APIs –  Targeted advertising and content delivery

Private WAN based Deployments

19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Private-WAN based Deployments

20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Private-WAN based Deployments

21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Auto-GRE for Guest

Branch office

Datacenter

AirWave ClearPass

Instant Cluster

VRRP Link

Master Standby

Guest Anchor

Master Active Servers

MPLS

Employee Traffic

Guest Traffic

Aruba Instant-VPN

23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Datacenter

AirWave/Aruba Central Aruba Mobility Controller ClearPass solution

Internet / WAN

VRRP Link

Master Standby

DMZ

Master Active

Home Office

Instant

Home office Solution

Home Office

Instant

24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Branch Office Solution

Branch office

Datacenter

AirWave/Aruba Central Aruba Mobility Controller ClearPass solution

Instant Cluster

Internet / WAN

VRRP Link

Master Standby

DMZ

Master Active

Branch office

Instant Cluster

25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

DHCP - How does Distributed L3 work ?

Network 10.0.0.0/8 VLANs 10 to 99

Data Center

Remote Branch

Internet / WAN

Active VPN Tunnel

Client A Browsing to Intranet

Browsing to Youtube

Route on IAP – For 10.0.0.0/8 network, next hop is VPN terminating controller’s IP address

Master IAP Memeber IAP

Client B Browsing to Intranet

Browsing to Youtube

VLAN 250 IAP-VC is the DHCP Server

DHCP Request

VC SRC NATs traffic using IAPs local IP VC routes the traffic to the tunnel

Intranet

26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

DHCP - How does Centralized L2 work ?

Network 10.0.0.0/8 VLANs 10 to 99

Data Center

Remote Branch

Internet / WAN

Active VPN Tunnel

Client A Browsing to Intranet

Browsing to Youtube

Route on IAP – For 10.0.0.0/8 network, next hop is VPN terminating controller’s IP address

Master IAP Member IAP

Client B Browsing to Intranet

Browsing to Youtube

VLAN 50

DHCP Request

VC SRC NATs traffic using IAPs local IP VC bridges traffic in the tunnel

VLAN 50 DHCP Server and Default Gateway

Intranet

27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

DHCP - How does Local Subnet work ?

Intranet

Network 10.0.0.0/8 VLANs 10 to 99

Data Center

Remote Branch

Internet / WAN

Active VPN Tunnel

Client A Browsing to Intranet

Browsing to Youtube

Route on IAP – For 10.0.0.0/8 network, next hop is VPN terminating controller’s IP address

Master IAP Slave IAP

Client B Browsing to Intranet

Browsing to Youtube

VLAN 200 IAP-VC is the DHCP Server

DHCP Request

VC SRC NATs traffic using IAPs local IP VC SRC NATs traffic using inner IP

28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Recommendations

IAP-VPN Modes  

Usage Recommendations

Distributed L3   Recommended for all deployments.  

Local   Recommended for Guest networks with centralized captive portal servers.  

Centralized L2   Recommended only if Multicast to branch is a requirement. If Multicast to branch networks is not required, use L3 modes.  

29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Branch ID Algorithm

Aruba Instant-VPN Design Options

31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Single AP deployments

32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Single AP deployments

33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Multi-AP deployments

34 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Multi-AP deployments

35 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Thank You

#AirheadsConf

36 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Distributed-L2

37 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Central-L2

38 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Central-L3

39 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Dist-L3

40 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Local Mode

41 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

DOWNLOAD: Airheads Mobile

JOIN: community.arubanetworks.com

FOLLOW: @arubanetworks

DISCUSS: #AirheadsConf

ATMOSPHERE 2014AIRHEADS@

42 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Thank You

#AirheadsConf