Presentation on theme: "Transforming your network into a platform for mobility"— Presentation transcript:
1Transforming your network into a platform for mobility Rich Korb – Senior Systems EngineerSoutheast Region
2Introduction to Aerohive: Cloud-managed Mobile Networking CompanyCloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching~$100M annualized run rate5th fastest growing tech company 07-11(Deloitte Fast 500 – 44,569% growth)135% YoY growth ( )~9000 Customers~500 EmployeesMost Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2012Cloud Services PlatformPublicPartnerPrivate(on-premise)Branch & Teleworker RoutersAccess SwitchesEnterprise Wi-FiHealthcareEnterpriseEducationRetailLogistics
3Enterprise Landscape Cloud & Mobility Change Everything Yesterday TodayUsers want to work anywhere, on any deviceCorp deployed enterprise devices, desktop apps & serversExplosion of consumer devices, BYOD, mobile apps & cloudIT needs to enable them, without drowning in complexity$XWi-Fi was a convenience / secondary networkWi-Fi has become essential, ubiquitous & strategicFloor 1VLAN 1“Sales”Floor 2VLAN 2“Finance”Floor 1SSID 2“Corp”SecurityPerformanceReliabilityCostFloor 2VLAN 2“Finance”Floor 1SSID 1“Guest”Users want to WORK anywhere on any deviceYou want to let them without drowning in complexity or compromising security, reliability and affordability.YesterdayCorp deployed enterprise devicesdesktop, laptop, handsets, scannersWLAN overlaycoverage, convenience, HQ orientatedNetwork centricpolicy based on rigid, port/VLAN & SSIDMonolithic“Build it and they will come” scalabilityTodayCorp / BYOD enterprise / consumer deviceslaptop, smart phone, tablet, Apple TVs, “AirPrint” PrintersUbiquitous Wi-Fi Accesscapacity, performance, mission-critical, extended enterpriseUser CentricConsistent policy based on identity, role, contextElasticPay for what you need - leverage the cloudAerohive gives you the ability to achieve this simpli-fi-ing enterprise networking by delivering a self organizing, service aware, identity based infrastructure.SSID 1Floor 1SSID 1“guest”SSID 2SSID 3Floor 2VLAN 2“Finance”Floor 1SSID 2“Corp”SSID 4SSID 5SSID 8SSID 7SSID 6Policy was defined by location & networkPolicy defined by network no longer scalesNetworks were monolithic -”build it & they will come”Infrastructure is now expected to be elastic like cloud apps
4Transforming your network into a platform for mobility Public & Enterprise CloudDeviceDetection&SecurityIdentity& RoleBranch RoutingWi-FiPBXLocation& Time of DayAppVisibility &ControlSwitchingSupport business productivity and regain control
5App & Network Visibility by “Context” HiveManager Dashboard Cloud networking vendor that transforms networks into platforms for mobilityApp & Network Visibility by “Context”ApplicationRoleNetworkLocationPolicy enforcedby “Context”IdentityDeviceTime of DayHiveManager DashboardZero Touch ProvisioningHiveManagerIDManagerClient Health Score*PlannedCloud ServicesCloud delivered Apps & ProvisioningContextual visibility and enforcementSingle Architecture, OS and ManagementNetwork services, automation and APIsSophisticated troubleshooting toolsReduce operational costs and add business value
6“It’s all about me.” Needs a user-centric approach Requires unified policy and enforcementUbiquitous accessAnywhere, on any device
7Optimize the User Experience Based on what is important to that user! Quality of ExperienceMission-Critical,Business relatedRecreational,non-businessEvasive, Harmful, &Non-compliant
8Unified Wired and Wireless Policy One-Time Port Provisioning Can be applied to one or thousands of devicesWi-FiSwitchingRoutingVPNFirewallBonjour
9Policy based on Context Identity, Device, Application, Location, Time of Day CORP PolicyCorp VLANLAN & Web FWPrioritize Work Apps10Mbps per user24HR AccessBYOD PolicyRestricted VLAN& Web FWBlock Video Streaming5Mbps per userM-F 8am-9pmGUEST PolicyDMZWeb Only FWLimit Social Media1Mbps per userM-F 9am-5pmFirewallOS DetectionRADIUSPPSKCWPCorp userCorp user - BYODGuest user
11Unified Management via Cloud Platform Single pane of glassUnified WORKFLOWsSAME policy, configuration and management objects apply to APs, Routers, and SWITCHES!!!ManagementDevice ConfigurationPolicy ConfigurationNetwork & App VisibilityTroubleshootingS/W UpdatingMobility-optimized Access Layer
13How does it work?HiveManager NMSReportingHeat MapsSLA CompliancePolicy ConfigurationWirelessNetworkWiredNetworkWith Cooperative Control, clients can securely and seamlessly roam across the WLANWith a second HiveAP, fast stateful roaming, cooperative RF, station load balancing and seamless resiliency are enabledCooperative RF power levels minimize co-channel interferenceAs more HiveAPs are added, coverage, reliability and backhaul bandwidth increasesMesh networking and best path forwarding can be used for extra resiliency and reachabilityDynamically reroutes around failuresHiveAPs are discovered, policy is pushed and the WLAN is operationalHiveManager is a single mgmt interface for configuration, OS updates & monitoring of thousands of devicesA single HiveAP by itself acts as a full-featured enterprise class access pointIdentity-based security, including stateful inspection FW, rogue detection & mitigationAirtime Scheduling, SLA compliance and local forwarding implemented at the edgeDynamic best path forwarding and stateful roaming provides resiliency without a single point of failureWith Cooperative Control, clients can securely and seamlessly roam across the WLANAnd now I’d like to take you through a brief example of how you can deploy this technology into your enterprise network. On the right of your screen you see a simplified enterprise switch topology, with four access layer switches and two aggregation switches. We can start by bringing in a single HiveAP into the network infrastructure and connecting it to one of the switches.The single HiveAP by itself acts as a full-featured enterprise-class access point -- robust functionality with the identity-based security and quality of service, and local forwarding at the edge of the network. When you bring in a second HiveAP, they are joined together in a hive, and then you start to see the power of the cooperative control architecture.They work together to implement fast, stateful roaming, cooperative RF control, station load balancing, and provide seamless resiliency. For example, on your screen you can see the circles around the two access points are of different colors. Those represent the channels, the access points are working on.There are channel negotiation protocols that work together to make sure they’re running on separate channels. The access point that the laptop is connected to has taken the user state and the keys and has shared that with the next top neighbor, so that next top neighbor is able to implement predictive roaming.So when the laptop moves, he will roam seamlessly to the next top neighbor, with roam times well under 50 milliseconds, because his state and security has been pre-populated at that access point. We can also implement mesh networking and best path forwarding for extra resiliency and reachability. The mesh networking protocols will dynamically re-route around network infrastructure failures.For example, on your screen you can see the two access points are connected together with a mesh link. The red X shows that the switch has failed, but the mesh routing protocols will route the traffic around the switch failure and will allow applications to continue uninterrupted even in the event of a LAN infrastructure failure.The network can be seamlessly scaled by simply adding more HiveAPs as needed, as you need more coverage, you want more reliability or more back-haul bandwidth into the network infrastructure. You don’t have to worry about capacity planning up front because there were no fixed constraints around your controller capacity.In this topology, four of the HiveAPs are wired directly into the Ethernet network, what we call portals, and one of the HiveAPs on the bottom left is wired as a mesh node, where the cell phone is connected to. With a more complex topology like this, we now have many more access points, and many of them are running on the same channel.To eliminate co-channel interference, the cooperative control auto power level adjustment features kick in and power levels are adjusted to provide maximum coverage with minimal co-channel interference, allowing the system to give you the most robust wireless infrastructure possible.With a more complete deployment like this, with more nodes and more alternative routes through it, you have even higher levels of resiliency. You can recover from multiple failures in your wired or wireless infrastructure.As we’re showing here, we have had two switch failures and a wireless LAN access point failure, and the traffic is still routed around through multi-hop mesh into the network infrastructure, providing unprecedented levels of resiliency. And not only does the cooperative control architecture provide these functionality advantages and technological advantages, but it provides substantial economic advantages when deploying a wireless LAN.
14The Right Cloud Solution For Enterprises Data Center / Private CloudPublic CloudMulti-tenantPublic Cloudw/o Control PlanePublic CloudProvisioningPublic CloudProvisioningMid-MarketEnterpriseLarge EnterpriseFunctionality, Reliability, Reduced Opex
18Wired and wireless Infrastructure 2012 MQ Aerohive is a Visionary! A Magic Quadrant Visionary for wired and wireless InfrastructureThe strongest “completeness of vision” in the quadrant (the farthest to the right)An innovation leader with products such as its Bonjour Gateway and its cooperative control architecture, which eliminates the need for a dedicated controller and provides a cost competitive solution without sacrificing functionality.Aerohive should be considered for any overlay WLAN enterprise opportunities in North America, Western Europe or Australia/New Zealand, especially in the education, healthcare and retail markets.Its controller-less, mesh-based architecture provides an easy-to-use and robust solution with lower operational costs, which makes it a standard bearer for market pricing of equivalent functionality.
19Two Approaches to Unified Access Layer CiscoLarge Branch / Medium Campus EnvironmentAerohiveLarge Branch / Medium Campus EnvironmentCloud Mgmt. & ProvisioningAccess SwitchAccess Layer “Hive”AP$$$$$$$$$
20Two Approaches to Unified Access Layer CiscoSmall Branch EnvironmentAerohiveSmall Branch EnvironmentCloud Mgmt. & Provisioning4GBackupIntegrated Switch/Router with 4G b/uAccess Layer “Hive”AP$$$$$$$$$