1 / 51

Aerohive Overview

Aerohive Overview. INTL Enterprise Sales Mar 2013. Introduction to Aerohive :. Cloud-managed Mobile Networking Company Cloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching ~$100M annualized run rate 5 th fastest growing tech company 07-11

adeola
Download Presentation

Aerohive Overview

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Aerohive Overview INTL Enterprise Sales Mar 2013

  2. Introduction to Aerohive: • Cloud-managed Mobile Networking Company • Cloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching • ~$100M annualized run rate • 5th fastest growing tech company 07-11 • (Deloitte Fast 500 – 44,569% growth) • 135% YoY growth (2011-2012) • ~8000 Customers • ~450 Employees • Most Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2012 Education Enterprise Healthcare Retail Logistics Cloud Services Platform Private (on-premise) Public Partner Branch & Teleworker Routers Access Switches Enterprise Wi-Fi

  3. New Requirements of the Network Edge Users want to work anywhere, on any device You need to enable them, without drowning in complexity $ X Yesterday Today Aerohive Networks - Simpli-fiEnterprise Networking Cloud-enabled, self organizing, application aware, identity-based infrastructure Corp deployed enterprise devices WLAN overlay Network centric Monolithic Corp / BYOD enterprise / consumer devices Ubiquitous Wi-Fi Access User Centric Elastic

  4. Education Focus – Customer Sample K-12 Primary Secondary College / University

  5. Customer Focus - Education Key Considerations Aerohive Advantage No data bottlenecks SLA and Dynamic Airtime Scheduling 1:1 Programs Mixture of device types Capacity Restrict network access Secure guest access Integrated RADIUS, Firewall, WIPS Captive web portal with PPSK Security No single point of failure Mesh support Reliability Downtime costs learning Simple to use Visibility of clients Simple GUI based management Client health score and TeacherView Management Cost effective solution Ability to scale No feature licensing Linear scalability – start small and grow Scalability

  6. Education Deployments Middle School Primary CAMPUS Virtualized Mgmt & VPN Termination Guest, Student, Faculty School deployed / BYOD Data Center Guest, Student, Faculty + Carts • Guest, Student, Faculty +Library High School Performance, Unified Access Layer, MDM enrollment Cloud-enabled Class Room Apple TVs • Guest, Student, Faculty + Field House iPad1:1 High School Teleworker/ Ext. Absence Faculty, Guests Work, Home, 4G, Cloud Security • Guest, Student, Faculty + Portable High Density, AD integration, Bonjour, TeacherView

  7. Distributed (Controller-less) Wi-Fi Architecture Delivering simplicity, reliability and affordability Management Management within the network only Centralized cloud-based or Local management Redundancy No single point of failure Self healing mesh architecture No controller tax Requires multiple controllers Local data forwarding..what do you lose? Scalability and future proofing No feature licensing Start small and grow Distributed intelligence Controller capacity? Feature licenses? (FW, RADIUS, CWP, BYOD, Bonjour GW) Performance No data bottlenecks Service Level Agreements QoS & Spectrum analysis included Data bottlenecks QoS, Spectrum analysis..$$$ How does it work? Architectural Alternatives Central Vs. Distrib. Control

  8. Enterprise Wi-Fi Features Distribution Optimization Mobility Band Steering SLA, QoS & Dynamic Airtime Scheduling Layer 3 Roaming Load Balancing 450Mbps 54Mbps 11Mbps 2.4 GHz 5 GHz High Powered Radios, Receive Sensitivity & RRM Resilient Mesh Layer 2 Roaming Layer 2/3 Roaming Receive Sensitivity

  9. BYO and Corp Deployed Devices MDM Enrollment Access defined by ID & Device User Profiles Corp www MDM Quarantine Enroll L2-7 Firewall OS Detection Bonjour Gateway CWP PPSK RADIUS Corp user Guest user Corp user - BYOD L7 BYOD & MDM Bonjour GW

  10. Security and Authentication Features • Authentication support for common directory servers • Eliminates standalone RADIUS server • Credential caching for remote/branch survivability • MAC (L2) based firewall • Stateful TCP/IP firewall (L3/L4) • L7 App Visibility & Enforcement • ALGs for DNS/FTP/SIP • Policy Based Client Isolation Wireless Intrusion Prevention Captive Web Portal Multiple CWPs able to serve scalably from every AP WIPS Private PSK Stateful L2-L7 Firewall Multiple users, same SSID - easy but unique revocable keys Directory Integration Remote Site Content Security

  11. Routing, VPN and Switching features Cloud-enabled Networking Unified Wired & Wireless Mgmt Address/L3 Service PoE-PSE, 3G/4G USB PoE 3G/4G PoE Wi-Fi L2 & L3 IPSec VPN Robust Voice Support Same Policy and Network • SIP/SCCP/Spectralink support • Voice Enterprise (Q1) • Detection of IP phone OS • 802.1X/Access control • Dynamic QoS for voice traffic Wired Routing / FW VPN Branch on Demand

  12. Monitoring and Reporting Features Monitor Support Manage Simple GUI Cloud Management Topology & Location Tracking PCI Compliance Spectrum Analysis Client Monitor & Packet Capture Management Views

  13. Reduced Capex and Opex Less Operational Costs Less Infrastructure Costs Cloud Management Self Healing Zero Touch Provisioning Client Health Score Client Health Score

  14. AerohivePlatforms * AP170 AP350 AP141 AP330 BR100 AP121 AP110 Indoor Industrial Indoor Outdoor 1-Radio 802.11b/g/n Dual Radio 802.11n 1-Radio 802.11n 1x1:1 65 Mbps Radio 2x2:2 300 Mbps Radio 2x2:2 300 Mbps High Power Radios 3x3:3 450 Mbps High Power Radios 2x2:2 300 Mbps 11n High Power Radios N/A TPM Security Chip 5X Fast.E 1X Gig.E 2X Gig.E 1X Gig.E N/A PoE (802.3af + 802.3at) and AC Power PoE (802.3at) Water Proof (IP 68) Plenum Rated Plenum & Dust Proof N/A -40 to 55°C 0 to 40°C -20 to 55°C N/A USB for future use N/A USB for 3G Modem $449 $649 $999 $1499 $99 *BR acting as AP does not support WIPS, DFS (no 5Ghz radio), RADIUS proxy or server, SNMP, locationing or TeacherView

  15. Aerohive Routing Platforms * Cloud VPN Gateway BR100 BR200 WP AP330 AP350 L2 & L3 IPSec VPN Gateway (VMware) Single Radio Dual Radio 1x1 11bgn 3x3:3 450 Mbps 11abgn 5-10 Mbps FW/VPN 30-50Mbps FW/VPN ~500 Mbps VPN 5X 10/100 5X 10/100/1000 2X 10/100/1000 Ethernet 1000 Tunnels 2 Virtual Interfaces 0 PoE PSE 2X PoE PSE 0 PoE PSE ~1 - 10 Users ~1 - 50 Users ~1 - 50 Users (as a router) $99 $699* $999 * Also available as a non-Wi-Fi, non PoE device - $499 (BR200)

  16. Aerohive Switching Platforms SR2024 SR2124P SR2148P 24 Gigabit Ethernet 48 Gigabit Ethernet 8 Ports PoE+ (195 W) 24 Ports PoE+ (408 W) 48 Ports PoE+ (779 W) 4 Ports 1G SFP Uplink 4 Ports 10 Gigabit SFP/SFP+ Uplink Routing with 3G/4G USB support and Line rate switching 56Gbps switching 128Gbps switching 176Gbps switching Single Power Supply Redundant Power Supply Capable $1799 $2599 $3999 Available Mid 2013

  17. Aerohive software platforms SW Config, & Policy, RF Planning, Reporting, SLA Compliance, Guest Management, Trouble Shooting, Spectrum Analysis • Scalable multi-tenant platform, Redundant data centers with diversity, Backup & Recovery, Zero touch device provisioning, Flexible expansion, On demand upgrades, Pay as you grow HiveManager Online • VMware ESXi, HA redundancy • 15,000s APs with specified configuration HiveManager Virtual Appliance • Redundant power & fans, HA redundancy, 5000 APs HiveManager Appliance – 2U • HA redundancy, 500 APs HiveManager Appliance – 1U • VMware ESXi • Up to 50,000 students StudentManager

  18. Aerohive Networks Asingle architecture for the network edge Unified policy and security mgmt, from the cloud Service Aware e.g. AP know the Bonjour services to advertise across the L3 enterprise boundaries Wi-Fi Same Policy and Network Aerohive Networks where increased performance and capacity does not mean increased complexity! Wired Aerohive Networks - Simpli-FiEnterprise Networking Routing / FW Cloud-enabled, self organizing, service aware, identity-based infrastructure VPN Identity & Context Aware e.g. Network firewall on the router knows identity & role of the clients on APs

  19. Thank you!

  20. Wired and wireless Infrastructure 2012 MQ Aerohive is a Visionary! A Magic Quadrant Visionary for wired and wireless Infrastructure The strongest “completeness of vision” in the quadrant (the farthest to the right) • An innovation leader with products such as its Bonjour Gateway and its cooperative control architecture, which eliminates the need for a dedicated controller and provides a cost competitive solution without sacrificing functionality. • Aerohive should be considered for any overlay WLAN enterprise opportunities in North America, Western Europe or Australia/New Zealand, especially in the education, healthcare and retail markets. • Its controller-less, mesh-based architecture provides an easy-to-use and robust solution with lower operational costs, which makes it a standard bearer for market pricing of equivalent functionality.

  21. How does it work? Wireless Network Wired Network Reporting Heat Maps SLA Compliance Policy Configuration HiveManager NMS   

  22. Architectural Alternatives Fully Distributed Forwarding & Control Redundant Centralized Data Forwarding & Control High Performance Highly Reliable & Cost Effective  More Reliable But Expensive • Authentication • Auto RF • L2/L3 Roaming • QoS • WIPS / Rogue Detection  $ Controller Controller Controller Controller Controller Controller Controller Controller Controller Controller Reliability Centralized Data Forwarding & Control Distributed Forwarding with Centralized Control HQ  HQ HQ HQ Or  Controller in the Data Center Controller in the Cloud  NMS NMS NMS NMS • Authentication • Auto RF • L2/L3 Roaming • QoS • WIPS / Rogue Detection WAN WAN WAN WAN Controller Failure = WLAN Failure  Loss of control means they become expensive Fat APs Performance & Cost Effectiveness

  23. Centralized versus Distributed Control Parallel Control Plane Processing Shared Control Plane Processing • Control Functions • User Authentication • Role-based Access Control • Captive Web Portal and Guest Access • Self-Tuning RF Management • Channel selection & power level • Client load balancing & band steering • RF Threat Protection and WIPS • Secure Fast Roaming (L2 & L3) • Voice over WLAN & QoS support • Dynamic Mesh Failover Over Provisioning (Pay too much) Scalable Processing (Pay for what you need) Processing & Cost Under Provisioning (Impact Performance) Physical Controller (Virtual Controller) ( ) Cooperative Control

  24. Layer 2 Roaming RADIUS Server • User associates and authenticates and keys are distributed • AP predicatively pushes keys and session state to one hop neighbors • As client roams and associates with another AP the traffic continues uninterrupted Roam 24

  25. Layer 3 Roaming Router Subnet B Subnet A GRE Tunnel In order to maintain IP connectivity a tunnel is created to home subnet. Like Layer 2 roaming the Layer 3 roam predicatively pushes keys to one hop neighbors. Tunnel continues to follow roaming user until sessions end then tunnel is terminated and the user accesses the local network

  26. Topology Floor Plan View Global View “Subnet 2” “Subnet 3” Access Point Client Rogue AP

  27. Dashboard - Network Summary

  28. Dashboard - Troubleshooting

  29. Dashboard – Application Visibility

  30. Single architecture for the enterprise • Cooperative control enables the same functions across multiple devices to work as if they are one device • Network firewall on the router knows identity of the clients on APs? Context Aware Switch Unified policy and security mgmt, from the cloud Service Aware Wi-Fi Same Policy and Network Wired Routing / FW VPN

  31. Handling the Client Explosion:RF Guru on the Help Desk? • Client Health Score at a glance…understanding a client’s health. Automatically Remediate Client & Network Issues • Move Clients • Band steer or load balance clients triggered by low client health score • Airtime Boost • Boosts clients’ airtime if unable to hit performance target

  32. Low Power Mobile Devices Demand an Even Better Wi-Fi Infrastructure Gartner: "Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi” • The extra 5 dB sensitivity beyond a standard AP can even out coverage for various client types • Better 5Ghz coverage enables 2.4GHz to be preserved for single band devices 5 dB 5 GHz 15 -17 dB 2.4 GHz 20 dB 5 dB 5 GHz 8 -10 dB 2.4 GHz 20 dB HiveAP 330 Typical AP 2.4 GHz 5 dB 10 – 15 dB

  33. Huge Questions on Device Ownership and Management What is the difference between these iPads? Almost Everything • BYOD • Enable employees to bring their device of choice • Not owned or controlled by IT • Wide range of devices • Driven by employee satisfaction and shifting of CapEx spend • Consumerization of IT • Consumer devices qualified, bought and deployed by IT • Replace legacy devices • Lower HW costs • Flexible, powerful • Enable new working models Contain Network-based MDM Secure Apps Only (e.g. VDI, Citrix) Embrace MDM Agents on Devices More App Flexibility

  34. Solution Scenarios:Network & Agent Based MDM Solutions Contain (BYOD) Embrace (Consumerization of IT) Corp Corp www www MDM Access Isolate Quarantine Enroll • Network-based MDM • Enrollment • - CWP, PPSK • - AD integration • Access Control • - Device/OS Type • - Domain Membership • Policy Enforcement • - QoS, Security • - Apps (e.g., VDI only) • Profile-based MDM • Device Mgmt • App Mgmt • Policy Enforcement and Compliance Force MDM profile install

  35. Policy based on Context Identity, Device, Location, Time of Day L2-4 Firewall OS Detection RADIUS CWP PPSK Corp user Guest user Corp user - BYOD

  36. Solution automates MDM Enrollment HiveManager Administrator specifies JAMF enrollment URL in HiveManager Policy Configuration iOS device MDM server Aerohive AP Apple device attaches to network AP queries JSS server: is this a known device? If an unknown device, the device is redirected to JSS Server for enrollment 1 2 3 4 Click here to enroll your device and begin using the network. . . Please enroll your device on the following page. . .

  37. Contain Strategies Enhanced by Service Aware Infrastructure Contain Strategy Access to the Right Resources Corp www • Bonjour Gateway • Let AirPlay and AirPrint work in the Enterprise • Service aware network • Enable & control service advertisement and discovery across subnets Guest, BYOD AppleTV (AirPlay) Printer (AirPrint) Bonjour

  38. Bonjour Gateway – Aerohive & Non Aerohive Networks Router / L3 Switch AppleTV (AirPlay) Optionally attach to both subnets for non Aerohive 192.168.1.1 192.168.200.1 Share Services List Bonjour GW Feature ON “with filters” Printer (AirPrint) SSID “Subnet #2” Server: (file sharing etc) SSID “Subnet #1” • Multi-Vendor – Works in both Aerohive and Non-Aerohive networks • Plug and Play – No requirement for VLAN and Multicast gymnastics • Flexible – Supports bi-directional service advertisements • Efficient – No tunneling, only sends changes in service, with option to filter • Secure and Scalable – Preserves enterprise security & data forwarding methodology • Available for beta Q2; shipping mid year iPad can AirPrint or AirPlay iPad can print and project via AirPrint & AirPlay

  39. Branch / Teleworker OptionsHow does an IT organization scale to meet the needs of today’s evolving “Branch”? Consumer SSL VPN Traditional • Pros: • Works great for a single client • Cons: • Per-connection licensing • Client for VoIP phones? • No consistent policy • Pros: • Inexpensive • Wired/Wireless Support • Cons: • No centralized management • No consistent policy • Pros: • Centralized Management with consistent policy • Cons: • Start around $1000 • Requires expensive head-end solution • Pre-staging required

  40. Deployment Scenarios – Small Branch Deployment Scenarios - Teleworker HQ Cloud VPN Gateway (VPN Concentration) 3G/4G Primary/Backup WAN/VPN Gateway Cloud Service Platform Internet HiveManager Online Guest Access Corporate Access via VPN & Internet via Cloud Security Home Network - Internet Access Only Corporate Access

  41. Customer Focus - Education Key Considerations Aerohive Advantage No data bottlenecks SLA and Dynamic Airtime Scheduling 1:1 Programs Mixture of device types Capacity Restrict network access Secure guest access Integrated RADIUS, Firewall, WIPS Captive web portal with PPSK Security No single point of failure Mesh support Reliability Downtime costs learning Simple to use Visibility of clients Simple GUI based management Client health score and TeacherView Management Cost effective solution Ability to scale No feature licensing Linear scalability – start small and grow Scalability

  42. Customer Profile - Education Problem/Requirement • Accommodate an influx of Apple iPAds, iPods and other Wi-Fi devices • Enable students to use the same device in the classroom and at home • A WLAN that was resilient,, centrally administered, easy to manage, secure and cost-effective. Located in North Carolina, the sprawling Rowan-Salisbury School System is an educational force to be reckoned with. It’s comprised of 35 schools, about 20,000 students, and about 3,000 employees. It’s the largest employer in Rowan County Solution “It was probably not the most known product when I first started looking at it. But the more I looked, I thought: this is just a really neat product. And then when we started doing the tests, everything that they said the product would do, it did. It’s just been a great experience for us.” Phil Hardin Executive Director for Technology Rowan-Salisbury School System • Aerohive’s controller-less cooperative control Access Points deployed pervasively • HiveManager used to monitor entire wireless network and all client activity • Highly resilient WLAN network that both easy to manage and cost effective Results • Students and teachers making great strides in using Apple iPads and iPods for everything from data collection to video • “Everything worked flawlessly. We knew then that product, in terms of providing us with the service and the bandwidth, was going to be there.”

  43. Customer Focus - Healthcare Key Considerations Aerohive Advantage Full voice support with QoS engine Location tracking integration Voice over IP Bedside monitoring and telemetry Mobility Restrict network access Secure guest access Integrated RADIUS, Firewall, VPN, WIPS Captive web portal with PPSK Security No single point of failure Self healing mesh architecture Reliability Downtime costs lives Centralized GUI based management Spectrum analysis as standard Centralized visibility RF management Management Cost effectiveness Ability to scale No feature licensing Linear scalability – start small and grow Scalability

  44. Customer Profile - Healthcare Problem/Requirement • Make electronic medical records applications portable and provide wireless access to Brookdale’s guests and families • Meet compliance standards for secure healthcare environments • A WLAN that offered resiliency, reliability, and performance and at the right price Largest Assisted Living and Retirement Community Company in the US delivers higher levels of care with Wi-Fi and EMR, and Provides Wireless Internet Access to Residents Solution “We found that when we wanted to get into true enterprise wireless, we wanted to reduce costs by not having controllers in place,” Fadrowski said. “In a controller-based solution … to deliver the functionality we required we had to have a controller here in Milwaukee (where the data center resides) and a controller in every community, thus raising costs quite a bit, adding to single points of failure, and having to build in more redundancy and more cost with controller-type systems.”. Chris Fadrowski Senior Director of IT Infrastructure • Aerohive’s controller-less cooperative control Access Points • HiveManager NMS provides centralized configuration and monitoring and simplifies provisioning for system-wide policy management Results • Engineering team has so far purchased more than 1,000 Aerohive APs for about 55 sites. • Brookdale has plans to purchase about 6,000 Aerohive APs over the next five quarters to deploy WLAN’s to all of its 645 communities.

  45. Customer Focus - Distributed Enterprise Key Considerations Aerohive Advantage Cost effectiveness Ability to start small and grow No feature licensing Linear scalability – no controllers Scalability Restrict network access Guest access Integrated RADIUS, Firewall, WIPS Captive web portal with PPSK Security No single point of failure Branch survivability Reliability Downtime costs money Management Multiple sites Centralized cloud based management Remote sites and teleworkers BYOD Cost effective teleworker/branch VPN BYOD flexible/secure policy enforcement Accessibility

  46. Customer Profile – Enterprise Problem/Requirement • Foster collaboration and productivity among employees • Reliable support voice over Wi-Fi • Provide a wireless guest network for visitors • Reduce infrastructure costs by deploying wireless Aerohive met all of our requirements – it was hands down the best in terms of cost and value add,”. “From a cost perspective alone, Aerohive made the most sense because the cost of installing everything is modular with Aerohive. We avoided that big up-front cost you get with the controller-based vendors.” Eric LeSatz, VP of Technical Operations, Folio Investing Solution • Controller-less architecture resulted in significantly lower costs • WLAN reliably handles bandwidth-sensitive applications e.g. voice over Wi-Fi • Users no longer forced to connect and reconnect when moving within buildings • Guests, or employees with personal devices, can securely access the internet Results • Were able to move headquarters and spend half the money • Folio has also achieved seamless user mobility employees who are now free to move around the office using softphones in order to collaborate on customer issues

  47. Customer Focus - Retail Key Considerations Aerohive Advantage SLA and Dynamic Airtime Scheduling Load balancing and band steering Performance Mixture of device types Payment details secured Secure guest access PCI compliance, Firewall, VPN, WIPS Captive web portal with PPSK Security No single point of failure Self healing architecture Reliability Downtime costs money Multiple sites Monitor system security Centralized cloud based management PCI reporting and security auditing Management Cost effectiveness Ability to scale No feature licensing Linear scalability – start small and grow Scalability

  48. Customer Focus – Manufacturing & Distribution Key Considerations Aerohive Advantage Fast secure L2/L3 roaming Full voice support with QoS engine Seamless Roaming Voice over IP Mobility Restrict network access Protect external threats Integrated RADIUS, Firewall, VPN Wireless intrusion prevention system Security No single point of failure Self healing architecture Reliability Downtime costs money Multiple sites RF management Centralized cloud based management Spectrum analysis as standard Management Cost effective solution Ability to scale No feature licensing Linear scalability – start small and grow Scability

  49. Customer Profile – Retail Problem/Requirement • Required compliancy with PCI and other security capabilities, including rogue access point detection and mitigation • Needed a solution that is easy to manage without technical staff needing to be present at restaurant locations for trouble- shooting • Asolution that could grow with restaurant’s needs We set up our Aerohive HiveManager network management system and built default templates based on the model of the equipment,” says Stafford. “We were up and running in less than an hour. It was pretty much plug and play.” Once that template was set up we shipped the APs directly to the restaurants. Once the devices were plugged in at the restaurants they automatically received their initial configuration including security settings. This really impressed me because it saved us a tremendous amount of time and money on pre- staging each device.” Drew Stafford VP of Information Technology, Macaroni Grill Solution • Secure access at the restaurants by area directors, who are mobile and constantly different locations • Aerohive’s Private Pre-Shared Key (Private PSK) lets legacy and hard-to-manage wireless LAN clients use strong encryption and authentication • Automated Rogue access point scans Results • I am completely satisfied with the PCI-compliance I get from Aerohive. There is a high probability of receiving a fine if your company doesn’t comply,” says Stafford. “All credit card information is being kept completely separate from the WLAN.”

  50. Customer Profile – Logistics Problem/Requirement • Improve reliability of wireless network • Find solution that supports cloud-based, centralized management to improve ease-of-use • Achieve 100% wireless network uptime required of a global freight transportation and supply chain management provider As a leading provider of freight transportation and supply chain management, and with 40 years in the industry, Averitt Express knows the value of dependability. Customers in the more than 100 countries it serves expect their goods to be delivered as promised, and Averitt enjoys a solid reputation for customer satisfaction. Solution • Upgraded from autonomous APs to a controller-less, centrally-managed wireless architecture • Deployed HiveManager Online, which lets companies grow their network without upfront capital costs beyond Aps • Utilizing Aerohive’s PPSK to secure wireless access “Aruba and Cisco offer a resolution to the redundancy problem by suggesting a backup controller for each location, but why would we spend extra money when we didn’t have to? Aerohive’s controller-less wireless architecture was the way to go—hands down..” Angie Tellmann Networking Services, Averitt Express Results • Network uptime goal achieved, ensuring freight is delivered accurately and on time

More Related