1 / 71

Corporate Overview

Corporate Overview. October 2010. Introduction to Aerohive. Next generation enterprise WLAN systems vendor The only WLAN solution built from the ground up for Wireless 2.0 WLAN Visionary – Gartner Breakthrough, distributed WLAN architecture Eliminates WLAN controllers

duyen
Télécharger la présentation

Corporate Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Corporate Overview October 2010

  2. Introduction to Aerohive • Next generation enterprise WLAN systems vendor • The only WLAN solution built from the ground up for Wireless 2.0 • WLAN Visionary – Gartner • Breakthrough, distributed WLAN architecture • Eliminates WLAN controllers • Built for 802.11n transition • Breakthrough performance, resilience and flexibility • Up to 75% lower cost • Innovative cloud-based management Visionary Gartner Magic Quadrant 2010 HiveAPs HiveManager NMS MQ

  3. Aerohive – Purpose-built for Wireless 2.0 Yesterday’s WLAN - Convenience WiFi - Guest Access - Nomadic Users - Scanners & single mode voice Problems - Security - Management • Wireless 2.0 • - Client Explosion • - Mobile Apps • - 6 X Bandwidth (802.11n) • - Voice / FMC • - Location Services • - Ubiquitouscoverage • - Ethernet Replacement • Problems • - Security, Mgmt & Mobility • - Single Points of Failure • - Performance Limitations • - Deterministic Performance • - Scalability • - Cost

  4. Customer Focus Distributed Enterprise Education Manufacturing, Distribution & Retail Healthcare • Key Requirement • Scalable, cost effective, resilient managed infrastructure • Key Requirement • High performance, easy to manage infrastructure • Key Requirement • Secure, resilient, high performance managed infrastructure • Key Requirement • Scalable, cost effective, survivable, managed infrastructure

  5. Distributed WLAN Architecture • + • Best In Class Management • Up to 75% Lower CapEx and OpEx • Secure, Multi-Service Infrastructure • Wire-like Resilience • Up to 10X Better Performance • No single points of failure • Path resiliency • Branch survivability • Distributed processing • Local data forwarding • Improved airtime utilization • Per user policy enforcement • Advanced Security (WIDS, FW, wireless VPN) • Resource allocation with SLAs • Less hardware, less cabling • Start small & expand • SaaS Wireless Mgmt Why Customers Selected Aerohive

  6. Cooperative Control - A distributed approach • Distributed Forwarding - with Policy Enforcement! • Responsible – Local forwarding • Policy applied before forwarding! • Competitors often forget this • Distributed Intelligence • Cooperative Control: Auto RF, auto discovery & config, secure roaming • Stateful firewall, QoS, RADIUS • Microsecond-granular handling • Airtime management & statistics • Distributed Processing • Throughput & Client Health SLA compliance • Power to track every client in the network and adjust parameters based on client health RF Medium Feedback HiveOS

  7. Wi-Fi’s Networking Detour 802.11b/a 802.11g 802.11n Autonomous APs • Limited Intelligence • No RF / Network Awareness • Hard to manage (Managed directly) 1999 2010 2003 2007 Made possible by Moore’s Law • Cooperative Control • Distributed Intelligence • Auto RF • Secure seamless roaming • Ease of management • Increased Reliability • Improved Performance • Reduced Cost • Cloud or Centralized management Scalability, Resilience & Determinism • Centralized Control • Centralized Intelligence • Auto RF • Secure seamless roaming • Ease of management • Single points of Failure • BW Bottleneck • Increased Cost Security, Manageability & Mobility

  8. Enterprise Wireless LAN comparison Controller-Based Distributed Control • Aerohive Benefit • No U-turns, Bottlenecks or Single Points of Failure • Flexible Expansion • Superior Branch Performance & Survivability • Real Mesh Support • Increased Reliability & Reduced Cost (No Controller$) • Advanced Value-Added Functionality Data Center NMS HiveManager Access Layer Access Layer Cooperative Control APs Thin APs Network Network FW WIDS RADIUS QoS MESH Tunnels Control Data

  9. Architectural Alternatives Fully Distributed Forwarding & Control Redundant Centralized Data Forwarding & Control High Performance Highly Reliable & Cost Effective  More Reliable But Expensive • Authentication • Auto RF • L2/L3 Roaming • QoS • WIPS / Rogue Detection  $ Controller Controller Controller Controller Controller Controller Controller Controller Reliability Centralized Data Forwarding & Control Distributed Forwarding with Centralized Control HQ  HQ HQ HQ Or Or  Controller in the Cloud VMware Controller  NMS NMS NMS NMS WAN WAN WAN WAN Controller Failure = WLAN Failure • Authentication • Auto RF • L2/L3 Roaming • QoS • WIPS / Rogue Detection  Loss of control means they become expensive Fat APs Performance & Cost Effectiveness

  10. Distributed Control:A Proven, Effective Model Performance, Resilience, Cost Effectiveness and Scalability

  11. How does it work? Reporting Heat Maps SLA Compliance Policy Configuration HiveManager NMS • HiveAPs are full-featured enterprise class access points • Identity-based security, including stateful inspection FW, rogue detection & mitigation • Airtime scheduling, SLA compliance and local forwarding implemented at the edge • HiveAPs are discovered and policy is pushed by HiveManager • A single mgmt interface for configuration, OS updates & monitoring of thousands of devices • Cooperative control protocols create "hives" that share control information between HiveAPs • Enabling functions like secure fast layer roaming (L2/L3), cooperative RF management, station load balancing, wireless mesh and seamless resiliency How does it work detail

  12. Delivering a secure multi-service “App Ready” infrastructure Security & VPN • WPA2/802.1X, Private PSK • Integrated Firewall, VPN, RADIUS • WIDS, Rogue Detection & Mitigation • Directory and NAC integration Traffic Types • Voice • Video • Data Device Types • Laptops, Scanners • Tags, Wi-Fi Phones • Tablets, IV Pumps User Types • Guests, Employees • Doctors , Nurses • Contactors , Teachers Students Guest Administrator User QUEUEs Diff Serv WMM • Resource Management • Prioritization – Voice • BW limiting – student access • Time of Day scheduling • SLA Compliance • Per User Policy Enforcement • User profiles and policy are used to “Virtualize” WLAN infrastructure • User Profiles include L2-L4 policy enforcement including security, QoS and access policy Voice Policy Laptop Policy Guest Policy Quarantine Trusted Client Launching IP DoS attack

  13. Improving application and WLAN performance 6 54 270 10-20X In the Core • Distributed forwarding eliminates controller oversubscription • Best path forwarding minimizes network congestion 10X In the Air • Dynamic Airtime Scheduling optimizes airtime utilization • Reduces contention + keeps slow clients from limiting fast clients 5X Through the AP • Custom Aerohive design - purpose built hardware & optimized software • Dual core network processor Throughput Controller Capacity Limit No Slower 10x faster 5x faster Time # of APs Controller Aerohive Slow Client Fast Client Medium Client Aerohive NWW performance results

  14. Reducing risk with wired-like resilience HiveManager  No Single Points of Failure • Controllers are single points of failure • Resiliency by adding more controller$ • Controller failover is stateless AAA  WAN   WLAN fully functional • Branch Survivability • Distributed control & data forwarding • Integrated RADIUS server allows for local authentication or AAA caching and can link to central directory • Path Resiliency • Dynamic Mesh Failover • Track-IP • Dual homed Ethernet AAA     WAN       AAA Cache

  15. Reducing Capex and Opex costs HiveManager Online Less Infrastructure Cost • Controller-less architecture + SaaS reduces H/W, sparing & energy costs • SaaS Mgmt moves Capex to Opex • Wi-Fi access reduces cabling • Enterprise Mesh reduces cabling • Easy to Use Management • Easy to use, policy-based mgmt simplifies large deployments • Intuitive web management with Express mode or Enterprise mode • Role-based guest mgmt delegation • Start Small & Expand • Saas Wi-Fi Mgmt per AP service • No over provisioning • No feature licenses limiting new apps • Linear cost growth curve – add APs HiveManager Online Controller Solution – Includes APs and Controller$ Aerohive Solution – Includes HiveAPs and HiveManager Online Example: Central Site High Availability (30APs) “…..the physical controller has vanished either into the cloud or into the one or more access points. These new solutions in addition to lower priced access points continue to reduce the total cost of ownership for WLAN connectivity at the edge of the network.” – Gartner Magic Quadrant February 2010

  16. 802.11n HiveAP Product Line Partnerships, Certification and Interoperability 17

  17. Complete, Flexible Wireless Management Solutions Guest Mgmt Topology RF Planner SLA Compliance Reporting SW, Config, & Policy Heat Maps • Seamless Upgrade Path • Increasing deployment size • Increasing network complexity

  18. Summary Aerohive Cooperative Control architecture delivers: Enabling the “Best ROI in Wi-Fi” • A future-proofed secure multi-service infrastructure • Increased network and application performance • Reduced risk with wire-like resiliency • Reduced capital and operational cost

  19. Thank you!

  20. Backup Slides and Custom Shows

  21. HiveManager - Management System Platform Independent Web Interface • Single management interface for configuration, OS updates, monitoring of thousands of devices • Real-time topology, performance and user views simplify troubleshooting, capacity planning and security remediation • Zero configuration HiveAP deployment • HiveManager is provided as an appliance to simplify installation • Non-essential to HiveAPoperation Ajax GUI Server Device Server Database HiveOS Devices

  22. HiveManager WLAN management • Network Summary • Number and types of clients, Number of clients over time • Alarms and status, Roaming • Details can be found by drilling into users and logs • Topology & Network Status • What APs are connected, AP Status – Alarms, mesh connections • Drill down on each AP to get client information, debug issues, and update configuration and firmware • RSSI and Rogue Detection • Channel, Power and RSSI values • Rogue Detection • Powerful User-Centric Policy Management • Flexible mapping of SSIDs and Users access to the network • QoS, Firewall and Mobility Policy plus VLAN and Tunnel mapping • Configurations applied across any # of APs for large scale enterprise wide management

  23. HiveManagerRole Based Administration Device Life Cycle WLAN Manager

  24. HiveManagerRole Based Administration Device Life Cycle Network Admin Security Admin Operations • Unlimited set of roles • Tasks and views can be delegated to each role Virtual HiveManager

  25. The Virtual HiveManager Feature • Multiple separate Instances of HiveManager on a single hardware platform • Complete Separation of Administration for • Enterprise • Managed Services • Domains are completely segmented and appear as a stand alone management system. • Separate views • Separate Policies • Separate Reporting HiveManager A HiveManager B HiveManager C Virtualized HiveManager A B C

  26. Virtual HiveManager Capabilities • Up to 50 Virtual HiveManagers per physical hardware platform • Self Administration enables Virtual HiveManager to be accessible to customers in a Managed Service • SuperUser Admin can create, modify and delete Virtual HiveManagers • Complete segmentation of all data-objects including SSID and security information • Role based admin within a Virtual HiveManager • Read and/or Write per configuration feature • Read and/or Write per location • Automated emailed Reporting, Logs and email alerts available for each Virtual HiveManager • HiveAPs establish DTLS tunnel to HiveMananager for management traffic • Works across NAT boundaries

  27. Large/Distributed Enterprise • Large enterprises with multiple operating companies or distributed IT functions often require separate administrative interfaces. • Single central HiveManager instance would appear to be dedicated to each organization • Can be separated by: • Separate IT organizations • Separate roles • Geographic regions Subsidiary A Subsidiary B Subsidiary C Virtualized HiveManager ByOrganization By Location or Role A B C • Distribution Center • Warehouse • Retail Store

  28. Aerohive Rogue Mitigation & WIDS HiveAP’s periodically scan all channels.. (HiveAP’s coordinate scan & do not impact VoIP or data app’s) http://www.cactusmountain.com/Photos/Patches/PP116.jpg • Rogue Detection • Detect Both Rogue & AdHocPC’s • Detect “On-Network” Rogue • Confirm compliant BSSID, SSID, WMM, Preamble • Generate Reports on rogue activity • Rogue mitigation • Mitigation continuously de-authorizes and disassociates client connected to Rogue AP or Rogue Client • Works in conjunction with Aerohive’s Rogue Detection and Location features • IP & MAC DoS Detection • Detect RF 802.11 Management Layer Attacks (i.e Probes & association floods ect.) • Detect Wireless Authentication attacks • Detect IP Dos (i.e Port scan, flood & TCP syn Check ect) • Mitigate attacks at the RF layer and “BAN” client for determined period of time Trusted Client Launching IP DoS attack “On-Network” Rogue

  29. Edge-based policy enforcement Instantly responds to variations in wireless network characteristics Policy enforced at network ingress Policy Enforcement at the Edge 6 Wired Backhaul Network Wireless Network 24 54 VLANs Bandwidth varies due to instantaneous changes in SNR Tunnel User QUEUEs Diff Serv or .1p WMM • Policy Enforcement • QoS • WMM, 8 QUEUEs per user, 802.1p & Diff Serv • Access control & firewall • Stateful Firewall • WIDS & Rogue mitigation • In-line L2-L4 DoSprotection • Web Portal • Backhaul • Profile-based or dynamic VLAN or Dynamic Network Extension mapping Voice Policy • Identity-based user profiles • User profiles are statically or dynamically assigned • User Profiles include L2-L4 policy enforcement including security, QoS and access policy Laptop Policy Guest Policy Quarantine

  30. Policy Management Example WLAN Policy-Hospitals WLAN Policy-Clinics WLAN Policy-Hospitals WLAN Policy-Clinics SSID: Ops-1X SSID: Ops-1X Vocera = P1 Data = P2 Drs., Nurses 7x24 VLAN 5 Drs., Nurses 5x8 Tunnel Imaging 7x24 VLAN 6 Contractors 7x24 Tunnel Maintenance 5x8 Tunnel Patients 7x24 Tunnel Maintenance 5x8 Tunnel SSID: Guest SSID: Guest 1Mbps Patients 3Mbps Contractors SSID: Clinic Visiting Doctors Hive-San Jose Hive-San Jose Element Specific Configurations: Map, Interfaces, Mesh, On-board Radius …

  31. SLA Compliance Solution SLA Monitoring – How does it work? • “Performance Sentinel” feature compares client throughput and demand with predefined throughput SLA level • Uses client data statistics to determine client throughput • Uses buffer statistics in the QoS engine to determine if client is actually trying to send more. Enterprise application Above the SLA SLA Below the SLA and wants more throughput File transfer Below the SLA Getting enough throughput Low data rate video

  32. SLA Compliance Solution SLA Actions – How does it work? • Actions may be triggered by the failure to meet an SLA • Actions attempt to enable client to achieve required throughput • The first action available is “Airtime Boost” • Provides more airtime to client not meeting SLA • Designed to work in concert with Dynamic Airtime Scheduling • Other actions will be available in future releases Above the SLA Enterprise Application SLA File Transfer Below the SLA and wants more throughput Boost Enabled Below the SLA Getting enough throughput Low data rate video

  33. SLA Compliance Solution Example using HiveManager • HiveManager SLA reporting shows that 3 clients on 1 AP were in violation - Red • When Airtime Boost action is enabled reporting shows all clients and APs are SLA compliant but 3 are a result of an action - Yellow

  34. Layer 2 Roaming • User associates and authenticates and keys are distributed • AP predicatively pushes keys and session state to one hop neighbors • As client roams and associates with another AP the traffic continues uninterrupted RADIUS Server Roam 35

  35. Layer 3 Roaming Router Subnet B Subnet A GRE Tunnel In order to maintain IP connectivity a tunnel is created to home subnet. Like Layer 2 roaming the Layer 3 roam predicatively pushes keys to one hop neighbors. Tunnel continues to follow roaming user until sessions end then tunnel is terminated and the user accesses the local network 36

  36. Wired ArchitectureTraffic Flows Data Center WAN VoIP RTP SAAS Client – Client Client – Workgroup Client – Server/Database Client - Internet

  37. WLAN Controller ArchitectureTraffic Flows Remote/Hybrid AP are a compromise: No WIDS No Self Healing No Layer 3 fast roaming No Locationing No Guest Services Limited WPA-PSK, 802.1x Limited Layer 2 fast roaming Remote controllers offer most of the functionality but: Expensive to Deploy Expensive to Scale Controller Adds Latency Not optimized for Branch Data Center Remote Controller$ WAN VoIP RTP Local Data Center • Local Forwarding • Aruba Remote AP • Split Tunnel (ACL) • Cisco Hybrid-REAPMotorola Adaptive AP • Separate SSIDs SAAS Client – Client Client – Workgroup Client – Server/Database Client – Internet Client – Local/Internet

  38. Cooperative Control Architecture Traffic Flows • No Compromises • Best TCO • Easy to Deploy • Scalable • Best Performance Small Branch/SOHO Central Office Internet/WAN Client – Client Client – Workgroup Client – Server/Database Client – Internet Branch Office

  39. Enterprise Resiliency Traditional WLAN Resiliency Wired Resiliency  AAA DHCP Wireless state is lost  Distribution/ Core Survives multiple inline failures statefully   Access Single point of failure   Phone call long gone Phone call maintained  

  40. Enterprise WLAN resilience with Cooperative Control • Dual homed data and PoE capability • Stateful failover & best path forwarding • 802.11n mesh resilience • Track IP • Seamless secure roaming   

  41. Location and Asset Tracking with AeroScout • Aerohive has partnered with AeroScout and Ekahau to offer Location and Asset Tracking • Aerohive APs can act as a sensor for tags and client devices Location Tracking AeroScoutMobileView RTLS Engine HiveAPs WiFiTags and Clients

  42. GuestManager – Guest Administration • Central management of guest accounts • Role based guest management • Contractors can be differentiated from hourly visitors • Different company employees can create different levels of accounts • Works with policy enforcement on the APs to enable different access and backhaul policy • Offered with an unlimited user license Guest Management Employee Guest Administrator Employee GuestManager 1.0 2. 3. 1. Guest Contractor

  43. GuestManager Overview • Coupled with Aerohive HiveAPs provides a complete Guest Management solution • Enables non-technical users to create and manage guest accounts • Role based administration enables between Different types of guests

  44. Guest Manager Workflow • An authorized employee, like a receptionist logs into guest manager and creates an account • The guest is handed printed credentials • The Guest then accesses the network and is presented a captive web portal • The Guest enters his or her credentials and the guest is authorized to the guest network GuestManager - Guest Administration Solution Corp VLAN Captive Web Portal Authentication Guest VLAN Public Network Corp RADIUS Firewall GuestManager Credentials Authorized Employee Guest

  45. Guest Manager Features • RADIUS Based Backend • Works with Aerohive AP RADIUS based configuration • Works with wired gateways for consistent Guest Solution • Easy to use by non-IT personnel • Administrators can easily set up employee and guest roles. • Bulk import and account creation for large events. • Role Based Administration of Guests • Differentiate between visitors and guests • Send attributes to AP for User Policy and VLAN assignment • Role based Administration of Authorized Employees • User Role Assigned through AD integration (LDAP) • Use role to define what type of guest can be set up • Receptionist can create 2 hour visitor • HR can create a multi week contractor

  46. Other Guest Networking Capabilities • User Profiles provide differentiated access • Separate QoS settings • Separate security settings • Segmentation of Guest Traffic • Support for VLANs • Selectively tunnel guest traffic to a DMZ • TCP/IP Firewall Rules • MAC Firewall Rules • Captive Web Portal • Collect User data • Authenticate users • Agree to “Acceptable Use Policy”

  47. Major Investment in Partnerships, Certifications and Interoperability Network Access Control (NAC) Access Switching and PoE Authentication and Client Management Mobility and FMC HTC Phones Network Access Protection (Server 2008) IAS, AD and Windows Clients Blackberry 8820 S60 Platform SBR and Odyssey Unified Access Control Meetinghouse and ACS +Etherchannel Healthcare, Logistics and Retail eDirectory Scanners and mobile computers Location and Asset Tracking Single Mode Voice Security Industry Affiliations Symbol MC70 Tools CK31 Cisco 7921

  48. Less Infrastructure Cost High Availability Comparison for 30 APs Aerohive HiveAP 120 and HiveManager Online Aruba 105 AP & 3200-32 Controller & FW/WIPS license Cisco 1142 AP (bundle price) & 5508-50 Controller

  49. Start Small and Expand Easily Wireless NMS 1 Site – 10 APs 10 Sites – 10 APs Rack Space Rack Space Rack Space HiveManager Online HiveManager Online Backup Backup

  50. Distributed Enterprise WLAN comparison Cost comparison of 802.11n networks designed to support expansion, mission-critical operation and VoWLAN AC-12 x 2 HQ Distributed Enterprise / Sites AP x 8 AC-50 x 2 NMS Centralized Controller Approach $27,982 AP x 30 $76,995 HiveManager HiveAP x 8 Aerohive Cooperative Control HiveAP x 30 $6,152 $25,069 Based on Cisco 1140 802.11n series APs, 2100/4400 series controllers and WCS management software

More Related