View
833
Download
0
Category
Preview:
Citation preview
#ATM15 |
Extend mobility to remote branch networksMarch 2015
@ArubaNetworks
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved2#ATM15 |
Agenda
• Branch Solutions Overview
• Branch Disruptions, Cost Savings
• Cloud Services Controllers and Branch Services
• Instant Solution Update
@ArubaNetworks
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved3#ATM15 |
Branch Solution Overview
CSCIAP RAP
INTERNET
44#ATM15 |
Branch Disruptions, Cost Savings
5 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Disruptive Changes for Branch IT
ETHERNET/3G/4G
LEGACY WANCONNECTIVITY
CLOUD APPSLOCAL APP SERVERS
T3T1E3E1MPLS
By 2016, 30% of the advanced attacks will enter organizations via branch networks.
Public cloud IaaS will grow to over $34B worldwide by 2018.
CLOUD SECURITY ARCHITECTURES
DEDICATED SECURITY APPLIANCES
6 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
New Requirements for the Branch Network
Unified role-based policies and network rightsizing
WIRELESS + WIRED
Threat management and secure guest access
SECURITY
WAN optimization, WAN health monitoring, and availability during failures
WAN INTELLIGENCEVisibility and quality of services for business critical applications
CLOUD PERFORMANCE
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved7#ATM15 |
Cost Savings By Rightsizing The Branch
Eliminate the need for separate WAN service router, firewall...
One platform for wireless and wired clients with common policy enforcement
Unified wireless architecture across campus and branch
Deliver the all-wireless branch office with unified communications
88#ATM15 |
Cloud Services Controller Positioning
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved9#ATM15 |
Branch Cloud Services Controller Positioning
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved10#ATM15 |
Controller Portfolio
72402048 APs32K Users
40Gbps FW7220
1024 APs24K Users
40Gbps FW
CAMPUSBRANCH
703064 APs
4K Users8Gbps FW
702432 APs
2K Users24 POE
Ports4Gbps FW
7210512 APs
16K Users20 Gbps
FW
7205256 APs8K Users12 Gbps
FW
700516 APs
1K Users2Gbps FW
701032 APs
2K Users12 POE
Ports4Gbps FW
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved11#ATM15 |
7024 Cloud Services Controller
7024 Front View
24x 10/100/1000BASE-T PoE/PoE+
LCD Display
2x 10GbE
7024 Rear View
Console
USB Integrated Power Supply
Ethernet OOB
Performance• 4Gbps firewall• 3.3Gbps encryption• 32K firewall sessions
Capacity• 32 APs• 2K client devices
Network Interfaces• 24 x 10/100/1000BASE-T PoE/PoE+
• 400W PoE/PoE+ budget• 2x 10GBase-x (SFP+)• 1x USB for 3G/4G backup
Management• RS-232 (RJ-45) + mUSB console• High-Availability RJ45• USB for image/config files• Rack mount kit included• Dimensions: 1RUx 17.5”Wx 12”D• Minimum SW: AOS 6.4.3
1212#ATM15 |
Branch AOS Features & New opportunities
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved13#ATM15 |
Aruba Cloud Services Controller Software
Zero-touch provisioning
WAN optimization
WAN survivability
WAN health checks
Secured ports wired access
Policy-based WAN routing
Context based firewall
(user, app, device, location,
content, reputation)
Architected to dramatically
reduce the time it takes to
deploy branch networks
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved14#ATM15 |
Branch AOS Features & New opportunities
Software and Cloud Services driving to Rightsized Branch IT
• Branch device and services consolidation
• Cloud security services. By 2016, 30% of advanced threats will enter via branches (Source – Gartner Branch Office Security)
• Cloud and guest services drive the need for hybrid WAN architectures
Branch Infrastructure Refresh
Trends / Opportunities
ARUBA 7005 ARUBA 7010
ARUBA 7024
1515#ATM15 |
BRANCH WAN SERVICESArubaOS 6.4.3
16 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Zero Touch Provisioning
Public CloudHQ / DC
7240 (Master) 7240 (Standby)
MAS
Internet`
Security UCC MDM Location Analytics
Aruba 7000 CSC
Activate Server
Branch CSC boots up, sends DHCP Request to obtain IP Address.
Branch CSC talks to Activate, obtains head end controller IP and branch mode (local or remote node)
Branch CSC establishes a secure IPSEC tunnel with MC
Branch CSC downloads both local and global configurations from the head end controller
CSCActivate / Head-End Pre-Provisioning
• Identify CSC and provision rules in Activate
• Configure Remote Node in MC, local configurations can be replicated across branches (as it applies)
17 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Intelligent WAN / PBR
• Policy based routing to multiple WAN links (MPLS, Internet, 3G/4G) for cost savings and improved WAN usage, performance
• WAN health check monitors loss and latency on WAN links, Redundancy with multiple next hops on WAN health or performance issues
• Selective traffic routing to Active-Active HQ/DC (DC1, DC2 etc.) IKE IPSEC tunnels (Cellular is Standby)
• Routing inside tunnels, L3 GRE over IPSEC – Corporate (IPSEC) Vs. Guest (L3 GRE)
Public Cloud
HQ / DC7240 7240
MAS
Internet`
Aruba 7000 CSC
CSC
18 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
WAN Optimization (Compression)
• WAN compression (hardware enabled) between CSC (70xx) and 72xx Campus Controllers
• 15-25% average payload compression expected on traffic between branch and HQ/DC
• The Master to Branch Cloud Services Controller traffic over IPSEC will be compressed and decompressed, Encrypted traffic has NO compression
HQ / DC7240 7240
MAS
Aruba 7000 CSC
CSC
19 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Intelligent WAN / Bandwidth Contracts
• Application or App Category bandwidth contracts on WAN Uplinks
• Limit App or App category bandwidth on non-critical applications (E.g. Social Media, Entertainment etc.)
• AppRF / DPI and Advanced QoS to prioritize app/app categories on WAN uplinks
Public Cloud
HQ / DC7240 7240
MAS
Internet`
Aruba 7000 CSC
CSC
Business Low
Business Critical
20 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
WAN Authentication Survivability
AirWave ClearPass
Aruba 7000 CSC
Aruba 7000 CSC
HQ / DC
7240 7240
Auth TLS Survivability: Local caching of client credentials, clients will stay connected on WAN failure.
Back-Up PSK SSID: Switches from 802.1X SSID to PSK SSID on WAN failure, useful for new clients.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
Aruba / Palo Alto Integration
Data Center
Aruba CSC w/ PA Global Protect
PA Gateway / Portal
Branch (US)
Aruba CSC w/ PA Global Protect
Branch (Shanghai)
1
1
Aruba CSC w/ PA Global Protect
2
Aruba CSC w/ PA Global Protect
2
2
Private Cloud
On Firewall failure or de-commission, traffic will get re-routed to FW with the next highest priority
3
PA Gateway
Aruba 72xx MC
SAAS
Pre-Provisioning:-- Install PA certificates at 72xx (MC)- Configure PA portal IP under PAN options in the MC under
Configuration -> Branch -> Smart Config -> WAN
2222#ATM15 |
Instant Solution Update
23 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Transition Content App category Individual app Web category Web reputation
Allow/deny QoS Throttle Log Blacklist
ON-BOARD DPIo Depth - common apps o LAN traffic
CLOUD-BASED WEB
POLICY ENFORCEMENT o Breadth - less common appso Web traffic
Granular Visibility & Control
with AppRF
New Feature: DPI + Web Policy Enforcement
24 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |
Granular App Visibility & Control
Deep Packet Inspection
Web Inspection
• Single point of control for all traffic
• Eliminate need for dedicated web filtering solution for wireless clients (CIPA compliance for K-12 in US)
2525#ATM15 |
Key Summary
CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved 26
Customer Quotes!
“Before Aruba, it was very complicated and expensive to provide network services and remain HIPAA-compliant at our 100-plus branch locations.”
“Collapsing a half dozen network appliances into one zero-configuration cloud services controller offers a tremendous cost savings.”
“The medical devices we develop literally saves lives, so we have no tolerance for best-effort technology.”
70 LOCATIONS $3 BILLION ANNUAL REVENUE
1100 STORES $5 BILLION ANNUAL REVENUE
100 LOCATIONS$1 BILLION ANNUAL REVENUE
27#ATM15 |
THANK YOU
28#ATM15 |
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
Solution Overview
Deployment Type Key Requirements Solution
Telecommuter • Security (esp. environments with strict security requirements Banks, Insurance firms, Government, etc.)
• Consistency of Architecture and Network operations for customers with controller based network in their campus
RAPs
Branch Office • Enterprise WLAN for branches with existing WAN services/switching infrastructure.
Instant
Branch Office • Branch-in-a-box (unified architecture with wireless, wired ports, and UTM services)
• Advanced WAN Services• Consistency of Architecture and Network operations for
customers with controller based network in their campus
Cloud services Controllers
Recommended