|
|
This Presentation date is January 27, 2012 at 08:00-12:00.
Presenters: Cameron Esdaile, Carlos Gomez, Keerti Melkote, Pradeep Iyer
Keerti Melkote of Aruba Networks suggests wireless as a primary network strategy
Watch on YouTube
Watch on Vimeo
Keerti Melkote, Founder and Chief Strategy Officer of Aruba Networks, presents a case for building networks starting with wireless. He discusses the Aruba architecture and strategy, and goes deep into the company’s approach to wireless and networking. Also joining the discussion is Aruba founding engineer, Pradeep Iyer.
In his presentation at Wireless Field Day 2, Keerti Melkote describes how Aruba Networks is advocating a shift in enterprise network design: leading with wireless as the primary network medium instead of treating it as a supplement to wired infrastructure. He emphasizes that modern computing trends—particularly the widespread adoption of BYOD (Bring Your Own Device)—have changed user behavior and network demands, making wireless central to network strategy. Melkote highlights that new mobile devices, like tablets and smartphones, are entering the enterprise network in increasing numbers and often lack wired ports, rendering traditional wired-first network designs inefficient and outdated. Aruba’s solution involves redesigning networks for wireless capacity rather than mere coverage, optimizing application delivery, and addressing security challenges presented by untrusted endpoints.
To support this shift, Melkote outlines a need for new network architecture that captures user and application context at connection time and enforces security and performance policies dynamically, without relying on traditional VLAN segmentation. He states that Aruba has developed an integrated policy enforcement engine that spans both wired and wireless environments, allowing for user-aware and application-aware traffic control directly at the edge. This approach replaces static ACLs and VLANs with role-based access control that adapts in real time, addressing both security issues and performance concerns like prioritizing video streams or disabling BitTorrent traffic. This is part of Aruba’s broader goal to simplify network management, unify services, and deliver a consistent user experience across access methods.
Melkote also delves into the technical considerations of scaling such architecture, introducing Aruba’s “Instant AP” solution which embeds controller functionality directly into wireless access points. He argues that for small to medium deployments, virtual controllers within access points can manage up to 512 users effectively. However, for large-scale networks with frequent Layer 3 mobility, centralized controllers are needed to avoid performance pitfalls like backhauling wireless traffic between VLANs. The presentation concludes with a discussion on the need for dynamic firewall functionality integrated into the access layer, support for IPv6, and future trends such as personalized networks, location-aware services, and single sign-on integration—all of which are made possible by reimagining the network foundation as wireless-first.
Personnel: Keerti Melkote
Carlos Gomez and Cameron Esdaile demonstrate Aruba’s security and policy controls
Watch on YouTube
Watch on Vimeo
Carlos Gomez and Cameron Esdaile walk through a few use cases for Aruba Networks’ security and policy controls. They talk about visitor self-registration with sponsor approvals, BYOD for employees, pre-registration, and 3rd party integration for Wi-Fi devices.
In their Wireless Field Day 2 presentation, HPE Aruba’s Carlos Gomez and Cameron Esdaile demonstrated the capabilities of Aruba’s AmigoPod platform for managing secure network access and policy enforcement. They began by showing how guests can self-register for Wi-Fi through a captive portal that includes sponsor approval, which both automates provisioning and ensures network security. This process allows a guest to submit their details and receive approval from a designated sponsor (such as a host or IT help desk), with the workflow fully integrated through AmigoPod. The presenters highlighted how this mechanism supports a diverse set of environments such as hospitals where guest access is linked to patient check-in systems, thereby avoiding the need for staff training or manual provisioning.
The presentation then shifted to onboarding for employee BYOD devices, specifically showing how AmigoPod enables seamless installation of 802.1X configuration profiles on Windows laptops without requiring IT involvement. Using a dissolvable agent, users are guided through a fully automated workflow that configures the native supplicant for secure network access, including delivery of certificates and policy settings. This approach not only improves user experience but dramatically reduces help desk load—a benefit seen particularly in large-scale educational deployments. Additionally, the solution intelligently distinguishes user roles, applying differentiated access policies based on attributes like Active Directory group membership, such as providing unthrottled access to executives versus restricted rates for regular users.
Finally, the team walked through Aruba’s certificate-based onboarding for Apple devices using built-in MDM APIs, applying a similarly automated process to enroll iOS and macOS endpoints. AmigoPod acts as a certificate authority or can integrate into an enterprise PKI, enabling flexible policy enforcement based on endpoint characteristics such as device type and serial number. This contextual intelligence enables robust authorization decisions like distinguishing between corporate and personally owned devices on the same network. Aruba’s workflow-oriented design, device fingerprinting, and support for multi-vendor environments position it as a comprehensive, scalable solution for secure wireless access and BYOD challenges.
Personnel: Cameron Esdaile, Carlos Gomez
Virtual Controller technology and RF management Q&A with Pradeep Iyer of Aruba Networks
Watch on YouTube
Watch on Vimeo
Pradeep Iyer of HPE Aruba Networking discusses virtual controller-based wireless LANs, a concept developed by Aruba to meet evolving hardware capabilities and network management needs. Historically, Aruba built their platform around controller-based WLANs, but advances in access point hardware—such as significantly increased processing power, memory, and storage—allowed Aruba to embed many controller functions directly into APs. These functions include provisioning, configuration, image management, firewall, role-based access, and adaptive radio management, resulting in the Aruba Instant product. Instead of using a physical controller, one access point acts as the “virtual controller,” coordinating the network based on shared configurations and providing centralized management. The system also supports automatic election and failover, simplifying deployments and reducing points of failure.
Iyer highlighted the user interface (UI) and management experience engineered into Instant, focusing on operational simplicity and accessibility. The HTML5-based UI supports a range of devices, from iPads to high-resolution monitors, avoiding the use of Flash for performance and compatibility reasons. The design prioritizes tools for monitoring and troubleshooting, aligning with the tasks most frequently performed by administrators. Graphing tools accommodate Wi-Fi’s bursty traffic nature via log scales and synchronized timelines, enhancing the ability to correlate signal strength, throughput, and retries. Internationalization features, including support for multiple languages and local time zones, are automatically configured based on the device’s locale, demonstrating attention to usability and detail.
In addition to management features, the discussion covered advanced RF management and spectrum analysis capabilities typically associated with enterprise-level solutions. Aruba’s Adaptive Radio Management (ARM) is split into ARM 1.0 and 2.0—where 1.0 governs AP behavior (e.g., channel and power adjustments) and 2.0 influences client behavior (e.g., band steering and airtime fairness). These features are available on Instant, matching the functionality found in controller-based architectures. Furthermore, Aruba emphasized innovation at the implementation level rather than relying on proprietary client interfaces like Cisco’s CCX, favoring standard-based adaptability. Aruba’s approach to integrated spectrum analysis balances cost-efficiency with performance by leveraging newer chip technologies capable of running FFT concurrently with client service, allowing continuous RF visibility without dedicated scanning chips.
Personnel: Pradeep Iyer