AEROHIVE NETWORKS - True IP · PDF fileIntroduction to Aerohive: • Visionary Network Infrastructure Company › Redefining Enterprise Access Cloud Services Platform › Cloud-enabled,

AEROHIVE NETWORKSAEROHIVE NETWORKS

© 2011 Aerohive Networks CONFIDENTIAL

Introduction to Aerohive:

• Visionary Network Infrastructure Company› Redefining Enterprise Access Cloud Services Platform› Cloud-enabled, Controller-less Wi-Fi,

Routing, VPN, Switching› Growing 2-3x y/y

Cloud Services Platform

Public Partner Private (on-premise)

› 5000+ Customers› 350+ Employees› Most Visionary Vendor - Gartner MQ › Most Visionary Vendor Gartner MQ

for Wired & Wireless LAN 2012Branch & Teleworker Routers / Switches

Enterprise Wi-Fi

EducationEnterpriseHealthcare Retail Logistics

© 2011 Aerohive Networks CONFIDENTIAL 2Gartner MQ

Customer Focus

Healthcare Retail / Logistics Education Distrib. Enterprise

Intelligent, scalable, cost effective, resilient infrastructure

Seminole County Public Schools

© 2011 Aerohive Networks CONFIDENTIAL 3

Reducing Capex and Opex costs

• Less Infrastructure Cost› Wi-Fi access reduces cabling

» Integrated Mesh RADIUS AD integration and » Integrated Mesh, RADIUS, AD integration and QoS also reduces costs

› Controller-less architecture + Cloud» Reduced H/W, sparing & energy costs

Cl d M t C t O› Cloud Mgmt moves Capex to Opex

• Start Small & Expand› Cloud Wi-Fi Mgmt per AP service

Cost Comparisons

g p› No over provisioning› No feature licenses› Linear cost growth curve – add APsea cos g o cu e add s

• Easy to Use Management› Easy to use, cloud-enabled, policy-based

mgmt simplifies deployments

Aerohive Cisco


mgmt simplifies deployments› Vertical specific apps

The new Wi-Fi paradigm

Wi-Fi as the primary access layer• Majority of network devices will not have an Ethernet port

› Faster clients more demanding applications require faster › Faster clients, more demanding applications require faster, more deterministic, reliable, and affordable Wi-Fi infrastructure

Wi-Fi client explosion• 3 4x increase in number of devices• 3-4x increase in number of devices• As IT staff are typically not RF experts and Wi-Fi can

be more difficult/expensive to manage› IT headcount will not increase to compensate and Wi-Fi needs p

to easier to use, deploy, and support

Consumer Wi-Fi devices are flooding the enterprise• IT has to manage employee/exec desire to BYODIT has to manage employee/exec desire to BYOD• Virtual Desktop Infrastructure (VDI) enables inexpensive

consumer devices to run enterprise apps• Consumer device Wi-Fi performance characteristics differ


from enterprise devices› Wi-Fi infrastructure must compensate and harness

5

Distributed (Controller-less) Wi-Fi Architecture Delivering simplicity, reliability and affordability

ManagementCentralized cloud-based or Local management

Management within the network only

Redundancy

g

No single point of failure Requires multiple controllers

Scalability and future proofing

No single point of failure Self healing mesh architectureNo controller tax

Requires multiple controllersLocal data forwarding..what do you lose?

Scalability and future proofingNo feature licensing Start small and growDistributed intelligence

Controller capacity?Feature licenses?

No data bottlenecksi

Performance

g

Data bottlenecks

(FW, RADIUS, CWP, BYOD, Bonjour GW)


Service Level AgreementsQoS & Spectrum analysis included

6

QoS, Spectrum analysis..$$$

How does it work? Architectural Alternatives Central Vs. Distrib. Control

How does it work?

Wireless Network

Wired Network

Reporting Heat Maps

SLA Compliance

Policy Configuration

A single Hi eAP b itself acts

pg

HiveManager NMS

A single HiveAP by itself acts as a full-featured enterprise

class access pointHiveAPs are discovered, policy is pushed and the

WLAN is operational

With a second HiveAP, fast

stateful roaming, cooperative RF, station load balancing

Mesh networking and best path forwarding can be used

for extra resiliency and As more HiveAPs are added,

coverage, reliability and backhaul bandwidth

Cooperative RF power levels minimize

With Cooperative Control, clients can securely

and seamlessly roam

Dynamic best path forwarding and stateful

roaming provides resiliency With Cooperative Control,

clients can securely and seamlessly roamIdentity-based security, including stateful

inspection FW, rogue detection & mitigation Airtime Scheduling, SLA compliance and local forwarding implemented at the edge

pHiveManager is a single mgmt interface for configuration, OS updates & monitoring of

thousands of devices

, gand seamless resiliency are

enabled

yreachability

Dynamically reroutes around failures

backhaul bandwidth increases

eco-channel interferenceand seamlessly roam

across the WLANg p y

without a single point of failure

and seamlessly roam across the WLAN

Secure Fast L2/L3 RoamingTraffic Flow Comparison


Resiliency ComparisonSeamless Wired Integration

Enhanced Visibility and Control

Client Health Score at a glance…understanding a client’s health.

Good connectionGood connection

High data rates & high successful transmission rates

Marginal connection

Lower data rates / lower successful transmission rates

Poor connection

Low data rates / low successful

Automatically Remediate Client & Network Issues

Low data rates / low successful transmission rates

• Move Clients› Band steer or load balance clients triggered by low client health

score

• Airtime Boost


› Boosts clients’ airtime if unable to hit performance target

Visibility and Control Detail8

Policy based on Context Identity, Device, Location, Time of Day

CORP Policy

Corp VLAN

LAN & Web FW

BYOD Policy

Restricted VLAN

Email & Web FW

GUEST Policy

DMZ

Web Only FWLAN & Web FW

10Mbps per user

24HR Access

Email & Web FW

5Mbps per user

M-F 8am-9pm

Web Only FW

1Mbps per user

M-F 9am-5pm

L2-4 Firewall OS Detection

RADIUSRADIUS PPSK CWP


Corp user Corp user - BYOD Guest user

Aerohive Platforms

AP110 AP121 AP330 AP350 AP170AP141BR100

*

AP110

Dual Radio 802.11n

Indoor IndustrialIndoor Outdoor

AP121 AP330 AP350 AP170

1-Radio 802.11n

AP141BR100

1-Radio 802.11b/g/n

3x3:3 450 Mbps High Power Radios

2x2:2 300 Mbps 11n High Power

Radios

TPM Security Chip

2x2:2 300 Mbps High Power

Radios

1x1:165 Mbps

Radio

N/A

2x2:2300 Mbps

Radio

2X Gig.E 1X Gig.E

PoE (802.3af + 802.3at) and AC Power PoE (802.3at)

Plenum & Dust Water Proof (IP

1X Gig.E5X Fast.E

N/A

-20 to 55°C0 to 40°C -40 to 55°C

N/A

Plenum & Dust ProofPlenum Rated Water Proof (IP

68)

USB for 3G ModemN/A

N/A

USB for future use


$1499$999$649$449$99*BR acting as AP does not support WIPS, DFS (no 5Ghz radio), RADIUS proxy or server, SNMP, locationing or TeacherView

Aerohive cloud-enabled services

Cloud Services IPAM End-user

ProvisioningRemote

DiagnosticsBackup & Recovery

Visibility &Reporting

CloudProxy

On-DemandUpgrades

RADIUSAuthentication RoutingDHCP VPN Track IP Active

DirectoryAuthentication

Caching

Networkingand Security Services

Firewall Guest( i CWP)

VLANS t ti802.1X WIPS Private

PSK QoS

Wireless

Firewall (via CWP) Segmentation802.1X WIPS PSK QoS


Wireless Services Mesh Fast

RoamingMesh

FailoverAirtime

ManagementLoad

Balancing Bridging SLA

11

Customer Focus - Retail

• Key Considerations

Aerohive Advantage

Mixture of device typesPerformance SLA and Dynamic Airtime SchedulingLoad balancing and band steering

Payment details secured PCI compliance, Firewall, VPN, WIPSSecurity Secure guest access Captive web portal with PPSKSecurity

Reliability Downtime costs moneyNo single point of failure Self healing architecture

ManagementMultiple sitesMonitor system security

C t ff ti

Centralized cloud based managementPCI reporting and security auditing

f t li i


ScalabilityCost effectivenessAbility to scale

No feature licensing Linear scalability – start small and grow


Aerohive benefits for Distributed Enterprise

SecurityIntegrated advanced – Integrated advanced security

Deterministic and high performance

– Business productivity, VoWi-Fi, CAD, SaS Apps

– Immune to slow clients consuming all the airtime

Wi-Fi Enabled ApplicationsS G t A

consuming all the airtime Highly resilient

– No single points of failure– Path resilience

– Secure Guest Access– Secure Employee Access– Voice over WiFi– Wireless branches

– Survivable branches Mesh connectivity

– Coverage in hard to wire l ti


– Video Surveillance locations

14

Aerowho?

Fastest growing company making Enterprise Wi-Fi Infrastructure products~3X annual growth rate>400 employees and growing fast 400 employees and growing fast >5,500 + customers

Global presenceSilicon Valley headquarters: Sunnyvale, CASales in US EMEA APACSales in US, EMEA, APACR&D in Silicon ValleyBegan shipping products globally in 2007

Proven team combining deep networking experience with the best Wi-Fig p g pCore product team from NetScreen/JuniperNetwork veterans from Cisco, Airespace, Aruba, Trapeze, Pareto, & CWNP

Financially solidKPCB Lightspeed Northern Light NEA Four Rivers GroupKPCB, Lightspeed, Northern Light, NEA, Four Rivers Group


New Requirements of the Network Edge

Users want to work anywhere, on any device

You need to enable them, without drowning in complexity

$XY t d T dYesterday Today

• Corp deployed enterprise devices • WLAN overlay

• Corp / BYOD enterprise / consumer devices • Ubiquitous Wi-Fi Access

C t i • Network centric • Monolithic

• User Centric • Elastic

Aerohive Networks - Simpli-fi Enterprise Networking


Cloud-enabled, self organizing, service aware, identity-based infrastructure

Distributed (Controller-less) Wi-Fi Architecture Delivering simplicity, reliability and affordability

ManagementCentralized cloud-based or Local management

Management within the network only

Redundancy

g

No single point of failure Requires multiple controllers

Scalability and future proofing

No single point of failure Self healing mesh architectureNo controller tax

Requires multiple controllersLocal data forwarding..what do you lose?

Scalability and future proofingNo feature licensing Start small and growDistributed intelligence

Controller capacity?Feature licenses?

No data bottlenecksi

Performance

g

Data bottlenecks

(FW, RADIUS, CWP, BYOD, Bonjour GW)


Service Level AgreementsQoS & Spectrum analysis included

17

QoS, Spectrum analysis..$$$

How does it work? Architectural Alternatives Central Vs. Distrib. Control

Enterprise Deployments

HQ RetailBranchVirtualized Mgmt & VPN Termination

Wi-Fi Primary Access

Unified Wired, Wi-Fi, VPN, FW

yGuest, Corp, BYOD Guest, Corp,

BYOD

Credit Cards. PCI, Inventory, Voice, Kiosks

Data Center

Logistics

Cloud-enabledPerformance, Receive Sensitivity, MDM enrollment

Training

iPad1:1

Apple TVs Coverage, Reliability, Voice Picking, Outdoor

Healthcare

Cloud-enabled

Faculty, Guests

Remote Worker

Work, Home, 4G, Cloud Security EMR, eMAR, Asset

Tracking, Voice MessagingHigh Density, AD integration, Bonjour, Ease of Use


Tracking, Voice Messagingg e s y, eg a o , o jou , ase o Use

Security and Authentication Features

Captive Web PortalMultiple CWPs able

Wireless Intrusion Prevention (WIPS)

WIPS

pto serve scalably

from every AP

Multiple users, same SSID - easy but unique

Stateful Inspection FW• MAC (L2) based firewall• Stateful TCP/IP firewall (L3/L4)

Private Pre-Shared Key (PPSK)

Remote Site Content SecurityDirectory Integration

revocable keys • ALGs for DNS/FTP/SIP• Policy Based Client Isolation

• Authentication support for common directory servers

• Eliminates standalone RADIUS server


• Credential caching for remote/branch survivability

Secure Authentication Features

Captive Web Portal

Multiple CWPs able to serve scalably from every AP

Private Pre-Shared Key

Directory Integration

Multiple users, same SSID - easy but unique revocable keys

Directory Integration

• Authentication support for common directory servers

• Eliminates standalone RADIUS server


• Credential caching for remote/branch survivability

Enterprise Wi-Fi Performance

Load Layer 3 R i

BandSt i

SLA, QoS & Dynamic Ai ti S h d li

Optimization Mobility Distribution

Balancing Roaming Steering

54Mbps

450Mbps

Airtime Scheduling

2.4 GHz

11Mbps

5 GHz

Resilient Layer 2 High Powered Radios


Resilient Mesh

Layer 2 Roaming

High Powered Radios, Receive Sensitivity & RRM

21Receive SensitivityLayer 2/3 Roaming

Policy based on Context Identity, Device, Location, Time of Day

CORP Policy

Corp VLAN

LAN & Web FW

BYOD Policy

Restricted VLAN

Email & Web FW

GUEST Policy

DMZ

Web Only FWLAN & Web FW

10Mbps per user

24HR Access

Email & Web FW

5Mbps per user

M-F 8am-9pm

Web Only FW

1Mbps per user

M-F 9am-5pm

L2-4 Firewall OS Detection

RADIUSRADIUS PPSK CWP


Corp user Corp user - BYOD Guest user

Monitoring and Reporting Features

Manage

Cloud Simple Cloud Management

Simple GUI

Client Health Reporting

MonitorGood connection

High data rates & high successful transmission rates

Marginal connection

Lower data rates / lower

ScoreLower data rates / lower successful transmission rates

Poor connection

Low data rates / low successful transmission rates

Support

Automated Client Monitor &


Email AlertsPacket Capture

Management Views

Customer Focus - Education

Key Considerations Aerohive Advantage

1:1 ProgramsMixture of device types

Capacity No data bottlenecksSLA and Dynamic Airtime Scheduling

Restrict network access Integrated RADIUS, Firewall, WIPSSecurity Secure guest access Captive web portal with PPSKSecurity

Reliability Downtime costs learningNo single point of failure Mesh support

ManagementSimple to useVisibility of clients

C t ff ti l ti

Simple GUI based management Client health score and TeacherView

f t li i


ScalabilityCost effective solutionAbility to scale


Customer Profile - Education

Problem/Requirement• Accommodate an influx of Apple iPAds, iPods

and other Wi-Fi devices• Enable students to use the same device in the

classroom and at home• A WLAN that was resilient,, centrally administered,

easy to manage, secure and cost-effective.

Located in North Carolina, the sprawling Rowan-Salisbury School System is an educational force to be reckoned with. It’s comprised of 35 schools, about 20,000 students, and about 3,000 employees. It’s the largest employer in Rowan County

“It was probably not the most known product when I first started looking at it. But the more I looked, I thought: this is just a really neat product. And then when we started doing the

Solution• Aerohive’s controller-less cooperative control

Access Points deployed pervasively

County

product. And then when we started doing the tests, everything that they said the product would do, it did. It’s just been a great experience for us.”

Phil Hardin

• HiveManager used to monitor entire wireless network and all client activity

• Highly resilient WLAN network that both easy to manage and cost effective

Phil Hardin Executive Director for Technology Rowan-

Salisbury School System • Students and teachers making great strides in

using Apple iPads and iPods for everything from data collection to video

Results

© 2011 Aerohive Networks CONFIDENTIAL25

data collection to video• “Everything worked flawlessly. We knew then

that product, in terms of providing us with the service and the bandwidth, was going to be there.”

Customer Focus - Healthcare


Voice over IPBedside monitoring and telemetry

Mobility Full voice support with QoS engineLocation tracking integration

Restrict network access Integrated RADIUS, Firewall, VPN, WIPSSecurity Secure guest access Captive web portal with PPSKSecurity

Reliability Downtime costs livesNo single point of failure Self healing mesh architecture

ManagementCentralized visibilityRF management

Centralized GUI based managementSpectrum analysis as standard

f t li i C t ff ti


ScalabilityNo feature licensing Linear scalability – start small and grow

Cost effectivenessAbility to scale

Customer Profile - Healthcare

Problem/Requirement• Make electronic medical records applications

portable and provide wireless access to p pBrookdale’s guests and families

• Meet compliance standards for secure healthcare environments

• A WLAN that offered resiliency, reliability, and f d t th i ht i

Largest Assisted Living and Retirement Community Company in the US delivers higher levels of care

“We found that when we wanted to get into true enterprise wireless, we wanted to reduce costs by not having controllers in place,” Fadrowski said.

Solution

performance and at the right price

• Aerohive’s controller-less cooperative control A P i t

p y gwith Wi-Fi and EMR, and Provides Wireless Internet Access to Residents

g p“In a controller-based solution … to deliver the functionality we required we had to have a controller here in Milwaukee (where the data center resides) and a controller in every community, thus raising costs quite a bit, adding

Access Points • HiveManager NMS provides centralized

configuration and monitoring and simplifies provisioning for system-wide policy management

to single points of failure, and having to build in more redundancy and more cost with controller-type systems.”.

Chris Fadrowskif f

• Engineering team has so far purchased more than 1,000 Aerohive APs for about 55 sites.B kd l h l t h b t 6 000

Results


Senior Director of IT Infrastructure • Brookdale has plans to purchase about 6,000 Aerohive APs over the next five quarters to deploy WLAN’s to all of its 645 communities.

Customer Focus - Distributed Enterprise


Cost effectiveness Ability to start small and grow

Scalability

Restrict network access Integrated RADIUS, Firewall, WIPSSecurity

No feature licensing Linear scalability – no controllers

Guest access Captive web portal with PPSKSecurity

Reliability Downtime costs moneyNo single point of failure Branch survivability

Management Multiple sites

R t it d t l k

Centralized cloud based management

C t ff ti t l k /b h


AccessibilityRemote sites and teleworkersBYOD

Cost effective teleworker/branch VPNBYOD flexible/secure policy enforcement

Customer Profile – Enterprise

Problem/Requirement• Foster collaboration and productivity among

employees

Aerohive met all of our requirements –it was hands down the best in terms of cost and value add,”. “From a cost

p y• Reliable support voice over Wi-Fi• Provide a wireless guest network for visitors• Reduce infrastructure costs by deploying wireless

perspective alone, Aerohive made the most sense because the cost of installing everything is modular with Aerohive. We avoided that big up-front cost you get with the controller-

Solution• Controller-less architecture resulted in significantly

lower costs • WLAN reliably handles bandwidth-sensitive

based vendors.”

Eric LeSatz, VP of Technical Operations, Folio Investing

yapplications e.g. voice over Wi-Fi

• Users no longer forced to connect and reconnect when moving within buildings

• Guests, or employees with personal devices, can l th i t t

• Were able to move headquarters and spend half the money

Resultssecurely access the internet


y• Folio has also achieved seamless user mobility

employees who are now free to move around the office using softphones in order to collaborate on customer issues

Customer Focus - Retail


Mixture of device typesPerformance SLA and Dynamic Airtime SchedulingLoad balancing and band steering

Payment details secured PCI compliance, Firewall, VPN, WIPSSecurity Secure guest access Captive web portal with PPSKSecurity


ManagementMultiple sitesMonitor system security

C t ff ti

Centralized cloud based managementPCI reporting and security auditing

f t li i


ScalabilityCost effectivenessAbility to scale


Customer Profile – Retail

Problem/Requirement• Required compliancy with PCI and other security

capabilities, including rogue access point

We set up our Aerohive HiveManager network management system and built default t l t b d th d l f th

p g g pdetection and mitigation

• Needed a solution that is easy to manage without technical staff needing to be present at restaurant locations for trouble- shooting A l ti th t ld ith t t’ d templates based on the model of the

equipment,” says Stafford. “We were up and running in less than an hour. It was pretty much plug and play.” Once that template was set up we shipped the APs directly to the

t t O th d i l d

Solution• A solution that could grow with restaurant’s needs

• Secure access at the restaurants by area directors, who are mobile and constantly different locations

restaurants. Once the devices were plugged in at the restaurants they automatically received their initial configuration including security settings. This really impressed me because it saved us a tremendous amount of time and money on pre staging each

y• Aerohive’s Private Pre-Shared Key (Private PSK) lets

legacy and hard-to-manage wireless LAN clients use strong encryption and authentication

• Automated Rogue access point scans time and money on pre- staging each device.”

Drew Stafford VP of Information Technology, Macaroni Grill

• I am completely satisfied with the PCI-compliance I get from Aerohive. There is a high probability of receiving a fine if your company

Results


probability of receiving a fine if your company doesn’t comply,” says Stafford. “All credit card information is being kept completely separate from the WLAN.”

Customer Focus – Manufacturing & Distribution


Seamless RoamingVoice over IP

Mobility Fast secure L2/L3 roamingFull voice support with QoS engine

Restrict network access Integrated RADIUS, Firewall, VPNSecurity Protect external threats Wireless intrusion prevention systemSecurity


ManagementMultiple sitesRF management

C t ff ti l ti

Centralized cloud based managementSpectrum analysis as standard

f t li i


ScabilityCost effective solutionAbility to scale


Customer Profile – Logistics

Problem/Requirement• Improve reliability of wireless network • Find solution that supports cloud-based • Find solution that supports cloud-based,

centralized management to improve ease-of-use • Achieve 100% wireless network uptime required of

a global freight transportation and supply chain management provider

As a leading provider of freight transportation and supply chain management, and with 40 years in the industry, Averitt Express knows the value of dependability. Customers in the more than 100 countries it serves expect their goods to be

“Aruba and Cisco offer a resolution to the redundancy problem by suggesting a backup

Solution• Upgraded from autonomous APs to a controller-

less, centrally-managed wireless architecture

countries it serves expect their goods to be delivered as promised, and Averitt enjoys a solid reputation for customer satisfaction.

redundancy problem by suggesting a backup controller for each location, but why would we spend extra money when we didn’t have to? Aerohive’s controller-less wireless architecture was the way to go—hands down..”

Angie Tellmann

y g• Deployed HiveManager Online, which lets

companies grow their network without upfront capital costs beyond Aps

• Utilizing Aerohive’s PPSK to secure wireless accessgNetworking Services, Averitt Express

• Network uptime goal achieved, ensuring freight is delivered accurately and on time

Results


Documents

AEROHIVE NETWORKS - True IP · PDF fileIntroduction to Aerohive: • Visionary Network Infrastructure Company › Redefining Enterprise Access Cloud Services Platform › Cloud-enabled,