SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE

Similar documents
ARUBA 360 SECURE FABRIC

CLEARPASS EXCHANGE. Open third party integration for endpoint controls, policy and threat prevention SOLUTION OVERVIEW MAKE BETTER-INFORMED DECISIONS

Secure wired and wireless networks with smart access control

Virtualized Network Services SDN solution for service providers

Your wireless network

Enterprise Guest Access

HiveManager Local Cloud

ClearPass Ecosystem. Tomas Muliuolis HPE Aruba Baltics lead

Pluribus Adaptive Cloud Fabric

Outnumbered, but not outsmarted A 2-step solution to protect IoT and mobile devices

DEFINING SECURITY FOR TODAY S CLOUD ENVIRONMENTS. Security Without Compromise

Introducing. Secure Access. for the Next Generation. Bram De Blander Sales Engineer

NETWORKING &SECURITY SOLUTIONSPORTFOLIO

How a Unified Wired and Wireless Architecture Addresses BYOD

MASERGY S MANAGED SD-WAN

Simplifying the Branch Network

WIND RIVER TITANIUM CLOUD FOR TELECOMMUNICATIONS

Delivering the Wireless Software-Defined Branch

Pluribus Adaptive Cloud Fabric Powering the Software-Defined Enterprise

FLEXIBLE NETWORK SERVICES TO DRIVE YOUR ENTERPRISE AT CLOUD SPEED. Solution Primer

Virtualized Network Services SDN solution for enterprises

Cisco Network Admission Control (NAC) Solution

Mobility Optimized Access Layer

SteelConnect. The Future of Networking is here. It s Application- Defined for the Cloud Era. SD-WAN Cloud Networks Branch LAN/WLAN

HPE Aruba Focus Areas

Cisco SD-WAN. Securely connect any user to any application across any platform, all with a consistent user experience.

Portnox CORE. On-Premise. Technology Introduction AT A GLANCE. Solution Overview

Data Sheet: Endpoint Security Symantec Network Access Control Starter Edition Simplified endpoint enforcement

Symantec Network Access Control Starter Edition

Ciprian Stroe Senior Presales Consultant, CCIE# Cisco and/or its affiliates. All rights reserved.

Cisco Cloud Application Centric Infrastructure

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

McAfee epolicy Orchestrator

Aruba ridefinisce il futuro del Mobile, Cloud e IoT

WHITE PAPER ARUBA SD-BRANCH OVERVIEW

VMWARE CLOUD FOUNDATION: INTEGRATED HYBRID CLOUD PLATFORM WHITE PAPER NOVEMBER 2017

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

Aruba Campus Switching

Transformation through Innovation

ForeScout ControlFabric TM Architecture

SOLUTION BRIEF Enterprise WAN Agility, Simplicity and Performance with Software-Defined WAN

MANAGING THE COMPLEXITY.

VM-SERIES FOR VMWARE VM VM

EdgeConnectSP The Premier SD-WAN Solution

SIEM Solutions from McAfee

Aerohive and IntelliGO End-to-End Security for devices on your network

VMWARE CLOUD FOUNDATION: THE SIMPLEST PATH TO THE HYBRID CLOUD WHITE PAPER AUGUST 2018

How SD-WAN will Transform the Network. And lead to innovative, profitable business outcomes

Mobility First How Tomorrow Moves for Education

Symantec Network Access Control Starter Edition

Security Automation. Challenge: Automatizzare le azioni di isolamento e contenimento delle minacce rilevate tramite soluzioni di malware analysis

STRATEGIC WHITE PAPER. Securing cloud environments with Nuage Networks VSP: Policy-based security automation and microsegmentation overview

Alcatel-Lucent OmniVista Cirrus Simple, secure cloud-based network management as a service

The threat landscape is constantly

Securing Your Most Sensitive Data

McAfee MVISION Cloud. Data Security for the Cloud Era

AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS AN ARUBA AIRGROUP SOLUTION GUIDE

Cisco Meraki Overview. March 21, 2017

Cisco DNA. Digital Network Architecture.

NETWORKING 3.0. Network Only Provably Cryptographically Identifiable Devices INSTANT OVERLAY NETWORKING. Remarkably Simple

Our Virtual Intelligent Network Overlay (VINO) solutions bring next-generation performance and efficiency to business networks throughout North

VeloCloud Cloud-Delivered WAN Fast. Simple. Secure. KUHN CONSULTING GmbH

Intelligent Edge Protection

VMware vcloud Networking and Security Overview

BROCADE CLOUD-OPTIMIZED NETWORKING: THE BLUEPRINT FOR THE SOFTWARE-DEFINED NETWORK

Zero Trust with Okta: A Modern Approach to Secure Access from Anywhere. How Okta enables a Zero Trust solution for our customers

MR Cloud Managed Wireless Access Points

Symantec Network Access Control Starter Edition

Cisco.Network.Intuitive FastLane IT Forum. Andreas Korn Systems Engineer

Virtualizing Managed Business Services for SoHo/SME Leveraging SDN/NFV and vcpe

ARUBA CLEARPASS NETWORK ACCESS CONTROL

EXTENSIBLE WIDE AREA NETWORKING

SOLUTION BRIEF RSA ARCHER IT & SECURITY RISK MANAGEMENT

MICRO-SEGMENTATION FOR CLOUD-SCALE SECURITY TECHNICAL WHITE PAPER

We re ready. Are you?

MAKING THE CLOUD A SECURE EXTENSION OF YOUR DATACENTER

ARUBA CLEARPASS NETWORK ACCESS CONTROL

Cisco Application Centric Infrastructure

Network Configuration Example

ARUBA, A HEWLETT PACKARD ENTERPRISE COMPANY, IS REDEFINING THE INTELLIGENT EDGE WITH MOBILITY AND IOT SOLUTIONS FOR ORGANIZATIONS

Cisco ISE Plus SIEM and Threat Defense: Strengthen Security with Context

IBM Internet Security Systems Proventia Management SiteProtector

Mobile-First. Campus Switching. Introducing Aruba Aruba Inspiration Day. Dennis Ladefoged - Systems Engineer

The Aruba S3500 Mobility Access Switch

USP Network Authentication System & MobileIron. Good for mobile security solutions

Service Description VMware Workspace ONE

The Need In today s fast-paced world, the growing demand to support a variety of applications across the data center and help ensure the compliance an

Meraki 2018 Solution Brochure

Meraki Z-Series Cloud Managed Teleworker Gateway

Software-Defined Secure Networks in Action

SUB-TITLE WLAN Management-as-a-Service

M365 Powered Device Proof of Concept Overview

This solution is fully reproducible and has been deployed in live environments.

Next-Generation Data Center Interconnect Powered by the Adaptive Cloud Fabric

BROCADE ARUBA PARTNERSHIP ANNOUNCEMENT FREQUENTLY ASKED QUESTIONS

Extreme Policy Access Control

CLEARPASS GUEST. A ClearPass Policy Manager Application DATA SHEET KEY FEATURES THE CLEARPASS ADVANTAGES

JUNIPER NETWORKS PRODUCT BULLETIN

Unity EdgeConnect SP SD-WAN Solution

CHARTING THE FUTURE OF SOFTWARE DEFINED NETWORKING

Transcription:

SOLUTION OVERVIEW THE ARUBA MOBILE FIRST ARCHITECTURE March 2018

Table of Contents Introduction...1 Design...2 Use Cases...2 Underlay...3 Overlay...3 Dynamic Segmentation...3 Non-Stop Networking...4 Summary...5

Introduction The Aruba networking architecture for the software-defined enterprise is designed to be mobile first, and it delivers a network that is open, secure, and autonomous. The velocity, variety, and volume of users and things connecting to networks have forced IT to change the way they build and operate next-generation networks. Mobile First Allows users and things to connect to the network and receive the same policy and permissions regardless of how they connect, wired or wireless, making them truly mobile. Purposefully designed to deliver a non-stop networking experience for environments where mobile, IoT, and cloud are mission critical. Open Networks are multi-vendor and need to be open. This means not only supporting open standards but providing rich API support in order to enable easy integration and automation end-to-end in the network by IT, line of business, and even users. Organizations need to be able to innovate at their pace and not be locked-in and limited by a single vendor s architecture. Secure Security at all layers in the network is critical. Aruba secures the wired and wireless infrastructure with signed code, secure boot, and cryptographic hardware protection. User data is protected with strong encryption and per-user level policy, both granting appropriate access and protecting devices from threats. Analytics-driven security, market leading policy management, and an extensive ecosystem of trusted security partners enables IT to design and operate their network. Autonomous Machine learning uses massive amounts of analytics data in order to understand the operational and security state of the network. Automated systems optimize performance and alert administrators of changes or highlight potential changes that require acceptance via on-premise and cloud-managed network operations. Traditional networks have become a mess of VLANs and ACLs because organizations have enforced policy and security on an infrastructure never designed to handle policy based on applications. Switch ports have static configurations and VLAN interfaces have hundreds, sometimes thousands of ACLs leading to network designs that are fragile and that IT is afraid to touch. 1

Design There is not one network in the future; there are thousands, and Aruba is delivering infrastructure with a model to support the diversity and complexity required in next-generation software-defined networks. In the software defined enterprise, IT runs the infrastructure and underlay network and gives the users and line of business the ability to self-provision overlay networks. USE CASES Temporary guest access to network resources Users can create temporary guest accounts and give permission to access network resources such as conference room video systems, printers, and Internet via an ephemeral secured overlay. Facilities needs to allow vendor access to building IoT systems The building manager can create a secure IoT overlay for the building control systems and provision VPN service for the vendor so they can access and monitor equipment. Users have devices and want own personal network Users with multiple wired and wireless devices need to be able to securely onboard their devices and allow them to communicate with each other regardless of how they connect to the organization s network. Delivering the network as a service to users is the core of software defined enterprise. BYOD and its normalization has shown that IT needs to be able to support a wide range of user devices and the avalanche of IoT devices means the scale of what needs to be supported is beyond what an IT group in front of an IT management system by themselves can handle. Tools that allow IT to delegate service creation to users based on defined privileges are necessary to enable the enterprise and prevent a whole new wave of shadow IT. Figure 1 Aruba Mobile First Architecture Wired & Wireless Devices Access Layer Overlay Overlay Enforces User & Device Policies - App Firewall, QoS, & Shaping Per User/Device Tunnels High Availability Mobility Controller Cluster Management AIRWAVE NETWORK MANAGEMENT Central Management and Monitoring for Network & Zero-Touch Provisioning CLEARPASS ACCESS MANAGEMENT Legacy Devices Supported in Underlay Access Layer Aggregation Layer Underlay High Performance Routed Underlay Core Layer Central Policy Orchestration for Wired and Wireless Users and Things 1036A 2

UNDERLAY Enterprise networks need to support the current endpoints, including many legacy systems, while they transition into a software defined model. Designs that require a full network redesign, including hardware and network protocol stack, can cause serious interruption and risk-compatibility issues, especially with legacy systems. Mobile First maintains the existing routed network, using a standard interior gateway protocol (IGP), such as OSPF, as an underlay, allowing IT to continue to run and operate existing hardware when new network is rolled out. Legacy devices can continue to operate on the underlay, and enhancements to policy allow for additional security and control on the network underlay beyond what is commonly deployed in traditional networks. OVERLAY The overlay allows organizations to safely tunnel Layer 2 or Layer 3 traffic over the top of the existing network. Aruba has been delivering wireless networks with an overlay model since the beginning, enabling IT to deliver service that would not be secure or stable otherwise across multi-vendor networks. Aruba is extending this functionality to wired networks, allowing the access layer switch to act as a wired access point. Network traffic from wired and wireless users and devices is tunneled to centralized mobility controller clusters. All user and device level policy can be enforced in the overlay using the mobility controller firewall, QoS, and traffic shaping and user context is easily shared to other domains. Existing VLAN and IP addresses structures can be maintained, but because policy is enforced at the user and group levels, VLAN and IP address are not tied to policy. DYNAMIC SEGMENTATION The Aruba Mobile First Architecture does not rely on static port configurations, VLANs, or access lists on access points or access switches in the network to apply policy to users and devices. Tunnel node Allows an access switch to act like a wired access point. Users who connect to the switch can be tunneled to the mobility controller to give the same policy and user experience as when connected to the wireless network. For high availability, multiple tunnels are created, and if a controller needs to be taken offline for maintenance or an unplanned outage occurs, the user seamlessly fails over to a standby controller. Downloadable roles If users or legacy devices connect to the wired network and need direct connectivity to the underlay, downloadable roles allow for the access port configuration to loaded dynamically based on the user and device posture and policy. Centralized policy Aruba ClearPass handles all users and devices connected to the network. Devices can be profiled upon connection to the network, posture checked, and then the appropriate policy downloaded to the access port. 3

Adaptive trust After devices are granted access to the network, their behavior is continually monitored by behavioral analytics tools, firewall, and IPS systems. If the security posture of the device changes, a security analyst can take a number of manual or automated actions such as reauthentication to verify the user, quarantining the device with limited access to network resources to allow for easy remediation, or fully isolating the device on the network while any incidents are investigated. If everything is found to be ok or the device is remediated the security analyst can quickly restore standard access. Aruba s dynamic segmentation allows organizations to connect users and devices to wired ports and tunnel them to a controller or connect them to the appropriate VLAN and subnet and to download a dynamic policy (with security and QoS settings) to the port to which they are connected. This extends the functionality of traditional wired 802.1X to workflows that were typically deployed only in wireless networks, such as easy onboarding by users of unknown devices (BYOD), wired guest access with the same captive portal on the wireless network, and automated support and remediation for devices failing policy or posture checks with captive portal. NON-STOP NETWORKING Wireless is viewed as a utility level service in enterprise networks today, meaning users expect it to be always available and perform at its best. The Aruba architecture delivers a number of wired and wireless features to support wireless networks deployed as a non-stop service with high availability an inherent part of the design. Controller Clustering Up to 12 Aruba mobility controllers can form a high availability load-sharing cluster that scales to hundreds of Gbps of traffic and tens of thousands of users. In-Service Upgrades With Aruba OS 8, the wireless network is able to upgrade software on access points and controllers in a manner that is transparent to users on the wireless network. Users are gracefully steered off select APs and controllers while they are upgraded and then seamlessly added back into the network. Seamless Failover Access points connect to multiple controllers in a cluster, and in the event of a failure with the primary controller, the access points switch to the secondary with no noticeable interruption to the user. Non-Stop Switching Aruba OS-CX in the core and aggregation layers of the network delivers high availability and hitless upgrades, allowing IT to service the network without taking an outage. Together these features allow an Aruba network to deliver wireless that can run non-stop in an organization s network. The network can be upgraded while users are connected, with no interruption. And because of best-in-class high availability, the network can handle access point and controller failures without users experiencing interruption. 4

Summary The Aruba Mobile First Architecture allows organizations to gracefully transition their existing network to a software-defined enterprise, enabling new features and functionality while supporting legacy systems. An open, multivendor network infrastructure allows organizations to innovate at their pace and not become locked-in to a single vendor solution but also leverage their existing investments. Security built in at all layers in the network protects infrastructure, users, and devices from existing and emerging threats from the outside and inside. Intelligent use of analytics by administrators and machine-learning based automation provides network assurance and begins the shift to a self driving network where IT maintains the infrastructure and policy and users provision services dynamically. 5

2018 Aruba Networks, Inc. All rights reserved. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to www.arubanetworks.com/assets/legal/eula.pdf You can use the feedback form to send suggestions and comments about this solution overview. B-000110A-1 03/18

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback