2K Aruba Staff 30K+ Customers

1. Aruba Networks Intelligent Access Solutions for Enterprise Mobility 2K Aruba Staff 30K+ Customers $600M Global Company NASDAQ: ARUN

2. Quick Facts >30k Customers 2K Employees : ARUN Annual Revenue ($MM) Deployed in over 120 Countries ~$2Billion Shipped

3. Aruba MOVE: Intelligent Access for Mobility ClearPass ArubaOS NETWORK GUEST ONGUARD Wi-Fi AP SWITCH CONTROLLER ONBOARD MDM DEVICE APP Flow-based Security & QoS Monitor Mobility Experience Policies & Workflows Analytics & Location For Multivendor Networks Self-Service Meridian WorkSpace

4. Recognized as an Industry Leader Leader:2013 Wireless LAN MarketScape Champion:2013 Wired & Wireless Landscape Leader:2013 Wired & Wireless Magic Quadrant

5. Also a Leader in NAC! Leader:2013 Network Access Control Magic Quadrant

6. Trusted by Enterprises Worldwide Technology Finance Social & New Media Media & Ent, Higher Education Healthcare Government Retail Public Venues Primary Education Public Transit Services Oil & Gas Manufacturing Telecom Hospitality

7. Education

8. Healthcare

9. Retail, Industry, Transport

10. Finance, High-Tech

11. Vitoria Gasteiz PublicAdmin and GuestAccess

12. Fixed • Most Wired • Some Wireless • Mobile • All Wireless… • And wired where you must

13. Enabling All Wireless Office Move to 802.11ac Mobilize your Apps Unplug the phone Aruba 220 series with ClienMatch Clear Pass BYOD Guest MDM AppRF with Microsoft Lync Visibility

14. All Wireless Office

15. Movilidad y Roaming

16. Challenges for the Wireless Network Unintelligent Clients Many devices are “sticky” in nature • Client Diversity • New device models every 6 months • Mix of Wi-Fi speeds and capabilities • Crowded Wi-Fi • Multiple devices per user • Carriers pushing users to Wi-Fi

17. Campus Access Points

18. AP220 Series: Unique Hardware Features • Operates w/ 802.3af PoE • No forklift upgrades for 802.11ac migration • Fully Backwards Compatible • > 802.11a/b/g/n/ac • 802.11ac rates for 2.4GHz • Higher 2.4GHz rates*

19. AP-270 Series • Antenna Gain: 5 dBi • 2G: 3x3:3 11ac (2.4 GHz) • 5G: 3x3:3 11ac (5.15 to 5.875 GHz) • 11ac Beamforming • Conducted Tx Power • 2G: 23 dBm per branch (27.7 aggregate) • MAX EIRP = 36 dBi • 5G: 23 dBm per branch (27.7 aggregate) • MAX EIRP = 36 dBi • Power Interface: AC and 802.3at (PoE+) • Power Consumption: 25 W • WAN + LAN Port • Advanced Cellular Coexistence • IP66 and IP67 • -40° to +65°C • No Heater. Start and operate.

20. AP-275: Campus Access / Outdoor Retail • Unit does not look like radio • Omni antennas are fully integrated in the chassis • Resembles video cameras and light fixtures • Multiple Bracket Options 21.6 cm

21. AP-274: Flexible Connectorized Solution • Compact size • Under Mounted Connectors reduces/removes need for weatherproofing • Aesthetic cover reduces visual impact of connectors/cables • Multiple Bracket Options 14.6 cm

22. Expected Data Rates for 802.11ac

23. Wi-Fi Biggest Problem: Sticky Clients

24. Solution: Aruba ClientMatch™

25. Manage the Air: Aruba’s ARM Fair distribution of clients across bands eg. 2.4-GHz and 5-GHz Fair distribution of air-time per radio eg. iPad vs. MacBook vs. iPod Fair distribution of clients across channels eg. Ch 36, 40, 44 Channel 1 Channel 6 Channel 11

26. Roaming • Roaming from AP to AP is a function of both the infrastructure and the client • The target roaming delay to avoid interruptions on a voice call is 100ms or less Min. Max. Avg. Other Main Vendor Roaming Performance (WPA2-AES Enterprise)

27. Use of OKC • Security determines handover performance • Organizations want 802.1X-type security with pre-shared key speed: • 802.11r is a new standard, intended to improve handover performance • Use WPA2 with 802.1X and opportunistic key caching (OKC) in centralized-controller WLAN • Advantages of OKC for All HMDs • An OKC handover is more likely to succeed vs. a full 802.1x re-authentication • OKC involves ¼ the number of frames – much less susceptible to errors or retries • Advantages of OKC for Voice Devices • Most VoIP clients transmit and receive one frame every 20 ms • Handover interruption of 40 ms normally results in the loss of 1 or 2 frames (imperceptible to listeners); rather than the 30 to 50 frames that would be lost during full re-authentication • VoIP devices maintain jitter buffers. If handover interruptions can be kept infrequent so the jitter buffer does not expire, the codec finds it easier to maintain a constant media stream, typical with the sub-50 ms interruptions observed during OKC handovers Controller Scaling With OKC No OKC Aruba Lab’s Test of HMD Data Clients

28. L2/L3 Mobility L2 Mobility design • Layer 2 Mobility • User keeps application connectivity within domain, if its layer 3 network address is maintained • Client maintains IP address as it roams and is assigned address from same IP subnet L3 Mobility design • Layer 3 Mobility • User roams from AP-Subnet A to an AP-Subnet B. Layer 3 network address must change to maintain L3 connectivity on Subnet B • Aruba L3 Mobility allows the HMD client to maintain the same IP address even though it is roaming to a different subnet

29. What’s Aruba’s most famous trademark?SECURITY

30. Aruba’s Magic Sauce: the Firewall Role-Based Access Control Access Rights SSID-Based Access Control RADIUS LDAP AD Staff Executive Virtual AP 1 SSID: Corp Finance Contractors Legal Voice Corporate Services DMZ HR Virtual AP 2 SSID: GUEST Video Secure Tunnel To DMZ Guest Captive Portal Guest

31. Secure the Air: Wireless IDS/IPS Integrated to all APs, always-on eg. 40 radios for IPS with 20 APs 5-MHz visibility to Wi-Fi spectrum eg. channels 36,37,38,39 No air-time waste during threat mitigation, against any rogue device Rogue Client Rogue AP Aruba 802.11n

32. Clear the Air: Spectrum Analyzer SPECTRUM ANALYZER Cost effective, integrated to all 802.11n APs No specialized chip or time slicing eg. 100% channel visibility Detailed charts, on-demand record/playback eg. No external laptop

33. Controladores, Arquitectura y Alta Disponibilidad

34. Mobility Controllers CAMPUS 7240 2048 CAP/2048 RAP 32K Users 40 Gbps Firewall 7210 512 CAP/512 RAP 16K Users 20 Gbps Firewall Scale 7220 1024 CAP/1024 RAP 24K Users 40 Gbps Firewall LARGE OFFICE M3 512 CAP/1024 RAP 8K Users 20 Gbps Firewall 3600 128CAP/512 RAP 8K Users 4Gbps Firewall 3400 64 CAP/256 RAP 4KUsers 4 Gbps Firewall 3200 32 CAP/128 RAP 2K Users 3 Gbps Firewall Performance

35. Summary Scale Performance

36. Scalability and Performance Highlights

37. Controller Throughput

38. HA Models with Fast Failover • Active / Active • Controller 1 serves APs and acts as Standby for AP served by Controller 2 and vice versa. If one controller fails, the APs will fail over to other controller • Active / Standby • The Active controller serves all AP. If the Active controller fails, all APs will fail over to the Standby controller • N+1 • The Standby controller supports APs from multiple controllers • The AP capacity of the Standby controller must be able to support the total number of APs from the Active Controllers

39. AP Fast Failover Times • Failover times from AOS 6.3

40. AP Fast Failover Times In AOS 6.4 < 1 sec

41. AP Image Preload AP Image Preload feature minimizes the downtime required for a controller. The APs associated download the new images BEFORE the controller actually boots with the new image. WLAN Downtime = tcontroller (reboot) + tap (boot-process) An AP can download (preload) its new image while serving clients at the same time.

42. Centralized Licensing • Allows licenses to be pooled and shared amongst controllers • Box licenses are not eligible, eg. lic-pefv and built-in AP, eg. 3200-16 • Eval licenses can be part of the pool • Master License Server will be allowed only on Master Controllers and will serve its Local • Local Controllers cannot be a License Server • Each Master-Local sets will have its own Licensing Server • Existing Licenses on controller will become part of the pool • There is no need to transfer licenses • Arubapedia: search for “centralized licensing”

43. Centralized Licensing (II) • Supported Topologies Master1 Master2 Master3 Master4 Master5 Master1 Master2 Local1 Local2 Local3 All Masters Deployment Master Local Deployment

44. Centralized Licensing (III) • Supported Topologies Master1 Master2 Local1 Local2 Local3 Master1 Master2 Local1 Local2 Local3 Multiple Master Local Deployment

45. New Features

46. AppRF • Incorporates Application-Aware Deep Packet Inspection technology • Over 1500 Applications • Operates at user role level to provide application control • Block application or categories of apps • QoSapplications • Bandwidth contracts for applications • New Category Dashboard element • Shows apps by category such as Peer-to-Peer, Streaming video • Graphically based application blocking work flow

47. Bandwidth contract examples

48. Plug-n-Play Services vs. Enterprise WLANs 2. 3. 1. • Limited WiFi performance • L3 forwarding of mDNS discovery (multicast) will flood the network • Multicast will use lowest 802.11 data rates over the air • Prone to end user errors • Services, such as AirPlay, do not require authorization by default • Device name assignments prone to errors and repetitions • Designed for home • Devices and services will be on different VLANs in WLANs • Printers and Apple TVs use Pre-Shared Key over Wi-Fi, if not wired

49. Aruba AirGroup™ AppleTV in the meeting room AppleTV in the classroom • Step 1 • Service Registration ClearPass Guest Printer in CFO’s office Printer in the copy room • Step 2 • Service Discovery over L3 • Traffic Optimization • Access Control Aruba Access Network

50. Aruba AirGroupPersonal, Shared, Local Plug-n-Play Services Local AirGroup “Apple TVs” AppleTV in the meeting room AppleTV in the classroom Teacher Macbook Personal AirGroup “CFO” CFO’s iPad Laptop in close proximity Printer in CFO’s office Printer in the copy room Shared AirGroup “Teachers” Local AirGroup “Printers” iPhone in close promixity Aruba Access Network