HPE Aruba - Corporate-grade Wi-Fi
"People move, networks must follow them"
Mobility is one of the key advantages in modern business. If you can react to changes faster, quickly answer a question, redo a proposal or transfer resources to another task, then you have significantly more chances for success than competitors. At the same time, mobility not only makes it possible to influence a business 24x7, but also provides the necessary comfort in work - choose a workplace without reference to fixed wires and freely move around the office / warehouse / house without losing access to the network.
What else do businesses need from mobility solutions? Let us briefly formulate these requirements:
')
1. The solution should be simple so that it can be started and maintained with minimal IT resources.
2. The solution should provide the necessary functionality in the corporate WiFi:
- Single SSID
- Guest Access
- Seamless roaming
- Access control and management
- Detection of "enemies"
- Radio control
3. The solution should be safe and cost effective:
- Affordable
- Comply with the information policy
- Provide guest access needs
- Provide control and management of infrastructure
- Provide investment protection
One of the best product portfolios in the industry to meet the above requirements is the Hewlett Packard Enterprise product line, marketed under the HPE Aruba brand. As analysts IDC and Gartner , HPE Aruba solutions occupy the world's leading position in its segment.
HPE Aruba allows you to create secure wireless local area networks in offices / geographically distributed companies. We briefly summarize what makes the HPE Aruba portfolio unique:
HPE Aruba has one of the largest product and solution catalogs:
- access points
- controllers
- sensors and control system
- guest access solutions
- integration with mobile devices
In various ways, HPE Aruba solutions support:
- Gigabit WiFi of the latest generation (standard 802.11ac)
- Built-in firewall
- Built-in Wireless IPS
- Spectrum analyzer
- DPI
- Routing
- Radio monitoring and control system
- High performance at high density (> 120 customers per point)
HPE Aruba has a powerful management system:
- excellent integration with equipment
- unified management interface
- Wireless IPS management
- guest access control
- convenient diagnostic and troubleshooting tools
HPE Aruba - First WLAN Manufacturer FIPS 140-2 and Suite B Certified
- constant focus on safety
- a significant number of clients in the state and defense segments of the market
Each specific of the above items has counterparts from a number of other vendors, but in the aggregate and in terms of price / possibility ratio, there are no such solutions on the market. The scope of this article does not allow us to consider the entire line of HPE Aruba products. Therefore, we will focus on several key products and features of solutions, as well as discuss in more detail about HPE Aruba Instant .
HPE Aruba Instant is a one-of-a-kind solution on the market that allows you to deploy an enterprise-grade "controllerless" WiFi network. It is easy to install, network security, automatic RF control and enough intelligent features are already built into it to run a complete solution without additional licensing. A cluster of access points is controlled using a virtual controller that is located on one of the access points (IAP). The controller is responsible for the process of autoconfiguring new access points, authorization and authentication, guest access and network services (NAT, DHCP, etc.). It is selected according to a special algorithm, which includes criteria such as the availability of an alternative uplink (eg, 3G), performance, and the access point operating time.
During the Instant boot process, the IAP access point sends a DHCP request and searches the network for a virtual controller (VC). If the controller is found, then it connects to it and receives the configuration. If the controller is not found, the access point loads the local configuration or, if there is no local configuration file, it tries to find the Airwave control system and download the configuration from it. If this fails, the default configuration is loaded, with the open SSID "Instant".
Functionally, HPE Aruba Instant is a complete solution that supports all the corporate functions mentioned above. In the firewall, access policies are applied separately for each SSID or user; for example, a separate bandwidth can be allocated for each user. At the same time, the mechanism for creating rules is very simple and allows you to filter traffic by different categories, domains, applications, as well as based on the reputation of individual resources. WLAN IPS is able to identify and actively suppress "fake" access points (Rogue AP). At the same time, AppRF functions are available on HPE Aruba Instant, which provides in-depth packet analysis (DPI) of local traffic. At the same time, more than 1500 network applications can be detected and various actions can be configured according to results (disable, allow, limit speed, etc.) with reference to the user.
As HPE authentication technologies, Aruba Instant supports 802.1x / EAP-TLS, EAP-TTLS (MSCHAPv2), EAP-PEAP (MSCHAPv2) and the Captive portal. At the same time, the authentication infrastructure can be both external and internal, for example, the built-in user base, dynamic RADIUS Proxy, integrated RADIUS server for 802.1x termination.
HPE Aruba Instant also has a dynamic spectrum analyzer with an advanced reporting system. It allows you to identify sources of interference and adjust the device under the current radio environment:
At the same time, the patented HPE Aruba ClientMatch radio control technology allows you to adapt the WiFi network in real time so that all clients receive the highest possible level of service, taking into account the type of device connected, its current location, network load, interference, etc.
Finally, go through the HPE Aruba Instant product line. The simplest Instant Access Point - HPE Aruba IAP 103:
It is suitable for solutions with potentially low customer density and low network performance requirements. The point supports two radio interfaces (300 Mbps (5 GHz) +300 Mbps (2.4 GHz)) and only built-in antennas.
The following performance points for Instant Access are internal series 200 points.
HPE Aruba Instant 204/205 with 2x2 support: 2SS, 867 Mbps (5 GHz) + 300 Mbps (2.4 GHz). As well as IAP 103, it is more suitable for solutions with low user density. HPE Aruba Instant 214/215 with 3x3 support: 3SS, 1300 Mbps (5 GHz) + 450 Mbps (2.4 GHz), 1xGE, 1xUSB port, able to withstand more serious loads and are suitable for solutions with increased customer density. And finally, HPE Aruba Instant 224/225 - 3x3: 3SS, 1,300 (5 GHz) + 450 Mbps (2.4 GHz), 2xGE, 1xUSB port. They have the highest performance in this series and are designed for high density solutions.
HPE Aruba Instant 324 and 325 Series 300 dots are the most advanced and productive series of internal points - they support 4x4 MU MIMO, up to 1733 Mbps in the 5 GHz band and up to 800 Mbps in the 2.4 GHz band and up to 255 clients on one radio. These points are designed for solutions where maximum performance is needed and the density of users per point can be very high. These points can work with external or internal, built-in antennas.
In addition to internal points, the portfolio has external HPE Aruba Instant access points. They are represented by 270 series access points. In this series there are points with internal, built-in antennas (IAP 274, two radio 11ac 3x3: 3SS) and with external antennas (IAP 275, two radio 11ac 3x3: 3SS). The points are designed to work at temperatures from -40 to +65 degrees Celsius and powered by PoE + or a separate AC adapter.
A separate class of devices are points like HPE Aruba Instant RAP. These points operate under the control of a remote controller, to which they will connect via a secure channel, while the user traffic is locally switched to the wired infrastructure.
The RAP-108/109 has two radios, 2x2 MIMO, USB 3G / 4G uplink, as well as built-in and external antennas and 5 Ethernet ports. RAP-155 has two radio interfaces, 3x3 MIMO, USB 3G / 4G uplink, optional PoE Out, up to 5 Ethernet ports. RAP3 has one radio interface, 2x2 MIMO, USB 3G / 4G uplink, PoE Out, 3 Ethernet ports. It makes sense to use points either in home offices or in remote branch offices, where it is difficult with staff able to manage the wireless infrastructure.
In addition, in the HPE Aruba Instant portfolio there are different versions of the described points, for example, there is an IAP 205H access point (2x2 802.11ac, USB, 3xGbE ports) in wall and outdoor versions. In fact, this is a more productive alternative to IAP 103 or RAP 109.
So, let's summarize. HPE Aruba Instant is a flexible, modern, productive and scalable wireless network that can be deployed in as little as 5 minutes. In conclusion, I would like to emphasize three key points. HPE Aruba Instant is:
Easy
- Wireless Setup
- Setup using the “wizard” in <5 minutes
- Virtual controller
Available
- Low cost; no controller needed
- Less equipment, cables
- Low operating costs, simple training
Safely
- Security of communications; fake access point detection, role access
- Cloud services for content filtering and software management
- Easy migration to network with controller
Thank you for your attention, we are ready to answer your questions.
Mobility is one of the key advantages in modern business. If you can react to changes faster, quickly answer a question, redo a proposal or transfer resources to another task, then you have significantly more chances for success than competitors. At the same time, mobility not only makes it possible to influence a business 24x7, but also provides the necessary comfort in work - choose a workplace without reference to fixed wires and freely move around the office / warehouse / house without losing access to the network.
What else do businesses need from mobility solutions? Let us briefly formulate these requirements:
')
1. The solution should be simple so that it can be started and maintained with minimal IT resources.
2. The solution should provide the necessary functionality in the corporate WiFi:
- Single SSID
- Guest Access
- Seamless roaming
- Access control and management
- Detection of "enemies"
- Radio control
3. The solution should be safe and cost effective:
- Affordable
- Comply with the information policy
- Provide guest access needs
- Provide control and management of infrastructure
- Provide investment protection
One of the best product portfolios in the industry to meet the above requirements is the Hewlett Packard Enterprise product line, marketed under the HPE Aruba brand. As analysts IDC and Gartner , HPE Aruba solutions occupy the world's leading position in its segment.
HPE Aruba allows you to create secure wireless local area networks in offices / geographically distributed companies. We briefly summarize what makes the HPE Aruba portfolio unique:
HPE Aruba has one of the largest product and solution catalogs:
- access points
- controllers
- sensors and control system
- guest access solutions
- integration with mobile devices
In various ways, HPE Aruba solutions support:
- Gigabit WiFi of the latest generation (standard 802.11ac)
- Built-in firewall
- Built-in Wireless IPS
- Spectrum analyzer
- DPI
- Routing
- Radio monitoring and control system
- High performance at high density (> 120 customers per point)
HPE Aruba has a powerful management system:
- excellent integration with equipment
- unified management interface
- Wireless IPS management
- guest access control
- convenient diagnostic and troubleshooting tools
HPE Aruba - First WLAN Manufacturer FIPS 140-2 and Suite B Certified
- constant focus on safety
- a significant number of clients in the state and defense segments of the market
Each specific of the above items has counterparts from a number of other vendors, but in the aggregate and in terms of price / possibility ratio, there are no such solutions on the market. The scope of this article does not allow us to consider the entire line of HPE Aruba products. Therefore, we will focus on several key products and features of solutions, as well as discuss in more detail about HPE Aruba Instant .
HPE Aruba Instant
HPE Aruba Instant is a one-of-a-kind solution on the market that allows you to deploy an enterprise-grade "controllerless" WiFi network. It is easy to install, network security, automatic RF control and enough intelligent features are already built into it to run a complete solution without additional licensing. A cluster of access points is controlled using a virtual controller that is located on one of the access points (IAP). The controller is responsible for the process of autoconfiguring new access points, authorization and authentication, guest access and network services (NAT, DHCP, etc.). It is selected according to a special algorithm, which includes criteria such as the availability of an alternative uplink (eg, 3G), performance, and the access point operating time.
During the Instant boot process, the IAP access point sends a DHCP request and searches the network for a virtual controller (VC). If the controller is found, then it connects to it and receives the configuration. If the controller is not found, the access point loads the local configuration or, if there is no local configuration file, it tries to find the Airwave control system and download the configuration from it. If this fails, the default configuration is loaded, with the open SSID "Instant".
Functionally, HPE Aruba Instant is a complete solution that supports all the corporate functions mentioned above. In the firewall, access policies are applied separately for each SSID or user; for example, a separate bandwidth can be allocated for each user. At the same time, the mechanism for creating rules is very simple and allows you to filter traffic by different categories, domains, applications, as well as based on the reputation of individual resources. WLAN IPS is able to identify and actively suppress "fake" access points (Rogue AP). At the same time, AppRF functions are available on HPE Aruba Instant, which provides in-depth packet analysis (DPI) of local traffic. At the same time, more than 1500 network applications can be detected and various actions can be configured according to results (disable, allow, limit speed, etc.) with reference to the user.
As HPE authentication technologies, Aruba Instant supports 802.1x / EAP-TLS, EAP-TTLS (MSCHAPv2), EAP-PEAP (MSCHAPv2) and the Captive portal. At the same time, the authentication infrastructure can be both external and internal, for example, the built-in user base, dynamic RADIUS Proxy, integrated RADIUS server for 802.1x termination.
HPE Aruba Instant also has a dynamic spectrum analyzer with an advanced reporting system. It allows you to identify sources of interference and adjust the device under the current radio environment:
- control power and switch channels
- customize lane and customers
- scan range for customers
- choose broadcast time
At the same time, the patented HPE Aruba ClientMatch radio control technology allows you to adapt the WiFi network in real time so that all clients receive the highest possible level of service, taking into account the type of device connected, its current location, network load, interference, etc.
Finally, go through the HPE Aruba Instant product line. The simplest Instant Access Point - HPE Aruba IAP 103:
It is suitable for solutions with potentially low customer density and low network performance requirements. The point supports two radio interfaces (300 Mbps (5 GHz) +300 Mbps (2.4 GHz)) and only built-in antennas.
The following performance points for Instant Access are internal series 200 points.
HPE Aruba Instant 204/205 with 2x2 support: 2SS, 867 Mbps (5 GHz) + 300 Mbps (2.4 GHz). As well as IAP 103, it is more suitable for solutions with low user density. HPE Aruba Instant 214/215 with 3x3 support: 3SS, 1300 Mbps (5 GHz) + 450 Mbps (2.4 GHz), 1xGE, 1xUSB port, able to withstand more serious loads and are suitable for solutions with increased customer density. And finally, HPE Aruba Instant 224/225 - 3x3: 3SS, 1,300 (5 GHz) + 450 Mbps (2.4 GHz), 2xGE, 1xUSB port. They have the highest performance in this series and are designed for high density solutions.
HPE Aruba Instant 324 and 325 Series 300 dots are the most advanced and productive series of internal points - they support 4x4 MU MIMO, up to 1733 Mbps in the 5 GHz band and up to 800 Mbps in the 2.4 GHz band and up to 255 clients on one radio. These points are designed for solutions where maximum performance is needed and the density of users per point can be very high. These points can work with external or internal, built-in antennas.
In addition to internal points, the portfolio has external HPE Aruba Instant access points. They are represented by 270 series access points. In this series there are points with internal, built-in antennas (IAP 274, two radio 11ac 3x3: 3SS) and with external antennas (IAP 275, two radio 11ac 3x3: 3SS). The points are designed to work at temperatures from -40 to +65 degrees Celsius and powered by PoE + or a separate AC adapter.
A separate class of devices are points like HPE Aruba Instant RAP. These points operate under the control of a remote controller, to which they will connect via a secure channel, while the user traffic is locally switched to the wired infrastructure.
The RAP-108/109 has two radios, 2x2 MIMO, USB 3G / 4G uplink, as well as built-in and external antennas and 5 Ethernet ports. RAP-155 has two radio interfaces, 3x3 MIMO, USB 3G / 4G uplink, optional PoE Out, up to 5 Ethernet ports. RAP3 has one radio interface, 2x2 MIMO, USB 3G / 4G uplink, PoE Out, 3 Ethernet ports. It makes sense to use points either in home offices or in remote branch offices, where it is difficult with staff able to manage the wireless infrastructure.
In addition, in the HPE Aruba Instant portfolio there are different versions of the described points, for example, there is an IAP 205H access point (2x2 802.11ac, USB, 3xGbE ports) in wall and outdoor versions. In fact, this is a more productive alternative to IAP 103 or RAP 109.
So, let's summarize. HPE Aruba Instant is a flexible, modern, productive and scalable wireless network that can be deployed in as little as 5 minutes. In conclusion, I would like to emphasize three key points. HPE Aruba Instant is:
Easy
- Wireless Setup
- Setup using the “wizard” in <5 minutes
- Virtual controller
Available
- Low cost; no controller needed
- Less equipment, cables
- Low operating costs, simple training
Safely
- Security of communications; fake access point detection, role access
- Cloud services for content filtering and software management
- Easy migration to network with controller
Thank you for your attention, we are ready to answer your questions.
Source: https://habr.com/ru/post/276335/
All Articles