Aruba Amplifies Mobile Network Strategy

In a push to address the "bring your own iPad" movement, Aruba Networks has introduced a new networking architecture that the company said better reflects the changing nature of computing in the campus setting. Named Mobile Virtual Enterprise, or MOVE, this new model addresses the dramatic increase in the use of personal mobile devices and a shift to predominantly multimedia-rich applications. Along the way, MOVE also takes on the goal of simplifying the administration of the network that needs to support usage via wired, wireless, remote, and outdoor means.

As part of the announcement, the company also introduced several new access points to its line of networking gear.

During the next couple of months the company will be rolling out several components of its new architecture for mobility. First to appear this month will be Aruba Instant and Aruba Amigopod.

Aruba Instant virtualizes controller capabilities on newly purchased Aruba 802.11n access points to allow the APs to work cooperatively without a controller. Those APs can be managed through the cloud, and, the company promised, a three-minute wireless LAN installation.

According to Robert Fenstermacher, Aruba's director of education solutions, Instant will be especially useful in a remote building where a wired network exists. "Now you can easily override that with wireless without having to integrate a controller," he said. The controller-less group can consist of up to 16 APs. Should one of those devices go down, the others will detect its absence and reconfigure themselves to provide gap coverage. The software is upgradeable to join a controller-based wireless network as well.

Amigopod, which comes via a recent acquisition of a company by the same name, provides a self-registration portal that enables guests and authorized users to register their devices. Amigopod determines the type of device, either by user-selection or HTTP inspection, and prepares a self-install configuration profile for that user's device, sending it over the IP connection or via e-mail or SMS. Scalable up to 10,000 concurrent sessions, Amigopod, which can be installed as a virtual or hardware appliance, also enables Integration of an institution's branding for captive portals and works in multi-vendor networks.

In April the company will be releasing ArubaOS 6.1, the operating system for its controllers and access devices. The new release addresses the requirements of delivering network services in a mobile environment. ArubaOS is centrally deployed, with private or public cloud-based management. The major new features include device fingerprinting, an IPv6-capable firewall, the ability to optimize traffic for the Apple FaceTime video call application, and spectrum and multicast enhancements.

The security challenge has always been "much different in a mobile environment," said Fenstermacher. "If I come in with a smart phone and use my user name and password, I can get the same level of access as I do with my laptop. But [as the administrator], you may want to provide a different level of access to a person's smart phone. A person may not have a screen password on the phone, whereas they do have it on the laptop." The new software performs a "fingerprint" of the device and installs a certification to authorize users. "We know if it's a laptop, iPad, iPhone, Android device, or whatever, and then we can apply a policy that's appropriate for that device." For example, while on a laptop, the user might gain access to the campus network; while on a smart phone, that same user may only gain access to the Internet.

"A mobility-centric approach delivers better security and easier user administration across wireless, wired, remote office, and outdoor networks," said Philippe Hanset, a senior network engineer at the University of Tennessee in Knoxville "The granular visibility that Aruba's mobile access network services, based on its MOVE architecture, give us into users, devices and applications, speeds troubleshooting, and enables us to improve service quality for every user across the network." The university moved to Aruba gear when upgrading its wireless network to 802.11n in 2009.

As part of the broad announcement Aruba is talking up a solution specifically to address the management of Apple iOS devices on the network without IT intervention. Mobile Device Access Control, or MDAC, will have three pieces:

  1. The fingerprinting functions of ArubaOS 6.01 to identify the device;
  2. The use of the Amigopod appliance to automate device configuration and enrollment for authentication on the network; and
  3. Aruba AirWave, an appliance that enables device-specific monitoring, troubleshooting, and reporting.

"In a world where users are always on the move and utilizing more than one device, the need for IT to enable context-aware mobility, which identifies the user, device, application and location is critical," said Dominic Orr, president and CEO of Aruba. "Securely enabling users to work when and where they like results in increased productivity for both IT and users, as well as the opportunity for significant cost reduction."

Aruba has also announced three new access points. The AP-134 and AP-135 802.11n APs can handle up to 50 percent more clients than a previous generation, according to the company, by adding a third stream per radio. "Each radio can get you 400 megabits to almost a gigabit of throughput," said Fenstermacher. The APs include a stateful firewall and spectrum analysis capabilities.

The S3500 is a new wired switch with 24 or 48 Gigabit Ethernet ports designed to accommodate flexible port use without having to reprovision them. In a school environment, said Fenstermacher, "You don't want to have to go through a detailed checklist to change a port to support a different use. You want that intelligence to be cloud based. When you plug something in, you want it to figure out what type of device it is, what types of applications it runs, and then configure that port dynamically." The S3500, he added, will allow a customer to deploy fewer ports. "You won't need to dedicate ports for phones or unique users or one port for university staff and another for guests."

Featured