Extend mobility to remote branch networks with Aruba's new cloud services controllers and Aruba Instant

#ATM15 |

Extend mobility to remote branch networksMarch 2015

@ArubaNetworks

CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved2#ATM15 |

Agenda

• Branch Solutions Overview

• Branch Disruptions, Cost Savings

• Cloud Services Controllers and Branch Services

• Instant Solution Update

@ArubaNetworks


Branch Solution Overview

CSCIAP RAP

INTERNET

44#ATM15 |

Branch Disruptions, Cost Savings

5 CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved#ATM15 |

Disruptive Changes for Branch IT

ETHERNET/3G/4G

LEGACY WANCONNECTIVITY

CLOUD APPSLOCAL APP SERVERS

T3T1E3E1MPLS

By 2016, 30% of the advanced attacks will enter organizations via branch networks.

Public cloud IaaS will grow to over $34B worldwide by 2018.

CLOUD SECURITY ARCHITECTURES

DEDICATED SECURITY APPLIANCES


New Requirements for the Branch Network

Unified role-based policies and network rightsizing

WIRELESS + WIRED

Threat management and secure guest access

SECURITY

WAN optimization, WAN health monitoring, and availability during failures

WAN INTELLIGENCEVisibility and quality of services for business critical applications

CLOUD PERFORMANCE


Cost Savings By Rightsizing The Branch

Eliminate the need for separate WAN service router, firewall...

One platform for wireless and wired clients with common policy enforcement

Unified wireless architecture across campus and branch

Deliver the all-wireless branch office with unified communications

88#ATM15 |

Cloud Services Controller Positioning


Branch Cloud Services Controller Positioning


Controller Portfolio

72402048 APs32K Users

40Gbps FW7220

1024 APs24K Users

40Gbps FW

CAMPUSBRANCH

703064 APs

4K Users8Gbps FW

702432 APs

2K Users24 POE

Ports4Gbps FW

7210512 APs

16K Users20 Gbps

FW

7205256 APs8K Users12 Gbps

FW

700516 APs

1K Users2Gbps FW

701032 APs

2K Users12 POE

Ports4Gbps FW


7024 Cloud Services Controller

7024 Front View

24x 10/100/1000BASE-T PoE/PoE+

LCD Display

2x 10GbE

7024 Rear View

Console

USB Integrated Power Supply

Ethernet OOB

Performance• 4Gbps firewall• 3.3Gbps encryption• 32K firewall sessions

Capacity• 32 APs• 2K client devices

Network Interfaces• 24 x 10/100/1000BASE-T PoE/PoE+

• 400W PoE/PoE+ budget• 2x 10GBase-x (SFP+)• 1x USB for 3G/4G backup

Management• RS-232 (RJ-45) + mUSB console• High-Availability RJ45• USB for image/config files• Rack mount kit included• Dimensions: 1RUx 17.5”Wx 12”D• Minimum SW: AOS 6.4.3

1212#ATM15 |

Branch AOS Features & New opportunities


Aruba Cloud Services Controller Software

Zero-touch provisioning

WAN optimization

WAN survivability

WAN health checks

Secured ports wired access

Policy-based WAN routing

Context based firewall

(user, app, device, location,

content, reputation)

Architected to dramatically

reduce the time it takes to

deploy branch networks


Branch AOS Features & New opportunities

Software and Cloud Services driving to Rightsized Branch IT

• Branch device and services consolidation

• Cloud security services. By 2016, 30% of advanced threats will enter via branches (Source – Gartner Branch Office Security)

• Cloud and guest services drive the need for hybrid WAN architectures

Branch Infrastructure Refresh

Trends / Opportunities

ARUBA 7005 ARUBA 7010

ARUBA 7024

1515#ATM15 |

BRANCH WAN SERVICESArubaOS 6.4.3


Zero Touch Provisioning

Public CloudHQ / DC

7240 (Master) 7240 (Standby)

MAS

Internet`

Security UCC MDM Location Analytics

Aruba 7000 CSC

Activate Server

Branch CSC boots up, sends DHCP Request to obtain IP Address.

Branch CSC talks to Activate, obtains head end controller IP and branch mode (local or remote node)

Branch CSC establishes a secure IPSEC tunnel with MC

Branch CSC downloads both local and global configurations from the head end controller

CSCActivate / Head-End Pre-Provisioning

• Identify CSC and provision rules in Activate

• Configure Remote Node in MC, local configurations can be replicated across branches (as it applies)


Intelligent WAN / PBR

• Policy based routing to multiple WAN links (MPLS, Internet, 3G/4G) for cost savings and improved WAN usage, performance

• WAN health check monitors loss and latency on WAN links, Redundancy with multiple next hops on WAN health or performance issues

• Selective traffic routing to Active-Active HQ/DC (DC1, DC2 etc.) IKE IPSEC tunnels (Cellular is Standby)

• Routing inside tunnels, L3 GRE over IPSEC – Corporate (IPSEC) Vs. Guest (L3 GRE)

Public Cloud

HQ / DC7240 7240

MAS

Internet`

Aruba 7000 CSC

CSC


WAN Optimization (Compression)

• WAN compression (hardware enabled) between CSC (70xx) and 72xx Campus Controllers

• 15-25% average payload compression expected on traffic between branch and HQ/DC

• The Master to Branch Cloud Services Controller traffic over IPSEC will be compressed and decompressed, Encrypted traffic has NO compression

HQ / DC7240 7240

MAS

Aruba 7000 CSC

CSC


Intelligent WAN / Bandwidth Contracts

• Application or App Category bandwidth contracts on WAN Uplinks

• Limit App or App category bandwidth on non-critical applications (E.g. Social Media, Entertainment etc.)

• AppRF / DPI and Advanced QoS to prioritize app/app categories on WAN uplinks

Public Cloud

HQ / DC7240 7240

MAS

Internet`

Aruba 7000 CSC

CSC

Business Low

Business Critical


WAN Authentication Survivability

AirWave ClearPass

Aruba 7000 CSC

Aruba 7000 CSC

HQ / DC

7240 7240

Auth TLS Survivability: Local caching of client credentials, clients will stay connected on WAN failure.

Back-Up PSK SSID: Switches from 802.1X SSID to PSK SSID on WAN failure, useful for new clients.

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Aruba / Palo Alto Integration

Data Center

Aruba CSC w/ PA Global Protect

PA Gateway / Portal

Branch (US)


Branch (Shanghai)

1

1


2


2

2

Private Cloud

On Firewall failure or de-commission, traffic will get re-routed to FW with the next highest priority

3

PA Gateway

Aruba 72xx MC

SAAS

Pre-Provisioning:-- Install PA certificates at 72xx (MC)- Configure PA portal IP under PAN options in the MC under

Configuration -> Branch -> Smart Config -> WAN

2222#ATM15 |

Instant Solution Update


Transition Content App category Individual app Web category Web reputation

Allow/deny QoS Throttle Log Blacklist

ON-BOARD DPIo Depth - common apps o LAN traffic

CLOUD-BASED WEB

POLICY ENFORCEMENT o Breadth - less common appso Web traffic

Granular Visibility & Control

with AppRF

New Feature: DPI + Web Policy Enforcement


Granular App Visibility & Control

Deep Packet Inspection

Web Inspection

• Single point of control for all traffic

• Eliminate need for dedicated web filtering solution for wireless clients (CIPA compliance for K-12 in US)

2525#ATM15 |

Key Summary

CONFIDENTIAL © Copyright 2015. Aruba Networks, Inc. All rights reserved 26

Customer Quotes!

“Before Aruba, it was very complicated and expensive to provide network services and remain HIPAA-compliant at our 100-plus branch locations.”

“Collapsing a half dozen network appliances into one zero-configuration cloud services controller offers a tremendous cost savings.”

“The medical devices we develop literally saves lives, so we have no tolerance for best-effort technology.”

70 LOCATIONS $3 BILLION ANNUAL REVENUE

1100 STORES $5 BILLION ANNUAL REVENUE

100 LOCATIONS$1 BILLION ANNUAL REVENUE

27#ATM15 |

THANK YOU

28#ATM15 |

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Solution Overview

Deployment Type Key Requirements Solution

Telecommuter • Security (esp. environments with strict security requirements Banks, Insurance firms, Government, etc.)

• Consistency of Architecture and Network operations for customers with controller based network in their campus

RAPs

Branch Office • Enterprise WLAN for branches with existing WAN services/switching infrastructure.

Instant

Branch Office • Branch-in-a-box (unified architecture with wireless, wired ports, and UTM services)

• Advanced WAN Services• Consistency of Architecture and Network operations for

customers with controller based network in their campus

Cloud services Controllers

Technology

Extend mobility to remote branch networks with Aruba's new cloud services controllers and Aruba Instant