Aruba Networks News

Subscribe to Aruba Networks News feed
Technology Blog articles
Updated: 17 hours 14 min ago

Onion Approach to WiFi Troubleshooting Basics - Trend Your WiFi Help Desk Tickets

Wed, 05/23/2018 - 09:47

A few years ago while working on down access points. It occurred to me I should track the resolution and trend this data. I wanted to know the top causes for down access points.


To my surprise an interesting trend started to develop. 


5% - Access point failure 

40% - Ethernet cable pulled from switch port 

5% - Switch POE issue 

30% - Down due to construction 

5% - DHCP issue 

15% - OTHER 


Based on the data we collected 70% of our issues revolved around folks pulling our access points from switch ports to make room for other devices and construction events. Armed with this data we worked with desktop and our project managers to help limit the impact to our wireless user base. 


You can trend other data too. Perhaps you have application folks blaming WiFi for everything. Trend this data and if its not WiFi start to track that data.  


Data is powerful in the right hands.

Onion Approach to WiFi Troubleshooting Basics - Pelican Pick n Pluck Foam

Mon, 05/21/2018 - 14:00


As network engineers many of us have access to very expensive tools. These tools come in different shapes and sizes. Some tools reside on laptops as software, while others may be handheld devices. When traveling with your tool set it can be very challenging. Sometimes you just can't put them in your backpack because of size and weight. This is where the pelican cases come in. 


I own over 20+ pelican cases of various models and foam configurations to meet specific project needs. The one headache I had from the very beginning was the pick and pluck foam. A great idea of course, allowing the customer to pick and pluck the foam to meet their custom needs. The problem is the pick and pluck foam fails apart after just a few uses. 


Returning from a short project I was removing my gear and became very frustrated. The foam was falling apart which means I would need to purchase more foam and spend time recutting it. I did look at the option of sending my foam to have molds made but it was expensive. Someone told me about spraying Plasti Dip on the pick and pluck foam to give it added strength. I got on the googles and found that some folks were already doing this. 


So here is my story of trial and error strengthening the pick and pluck foam.

After 10 cases I have refined my process a lot from when I first started. 


  1. You will want to pick and pluck your foam to meet your needs. You'll need to make sure you don't make the fit to tight because when you apply  PD its likely to get a bit tighter. 

  2.  Make sure when you cut your foam you don't go less then 2 foam
    pieces thick. I try and do 3 in most cases unless I have to do 2. 

  3. VERY IMPORTANT! Having done this more then a few times  I highly suggest putting a minimum of 4 light coats of PD. Allow the coats to dry between each coat. Of course you will want to do this outside. The smell is a bit strong. The left side is 4 coats while the right side is where I started to apply a heaver 5th coat. 

  4.  Don't allow the foam pieces to dry while in contact of each other. Otherwise this can happen.

  5. Should for any reason your foam tear or rip apart. Use a hot heat gun to glue the pieces back together. 
  6. As you apply each coat you will notice the foam absorbing most of the PD. As I apply heaver coats I allow the PD to puddle and then gently take the cap and pat the foam to help it absorb the PD.
  7. Don’t forget to apply generous coats to the inside cut outs too. 
  8.  Depending how strong you require the foam will depend on how many coats will be applied. Here is one example of my normal travel case. Notice how the rubber keeps the foam together. 

A fun little project for the do-it-yourselfer. Enjoy!
















Explore the Power of Network Analytics Engine to Assure User Experience

Mon, 05/21/2018 - 10:00

This two-part series explores Aruba’s Network Analytics Engine (NAE), a unique framework for network assurance and remediation that’s built into the ArubaOS-CX network operating system. The first blog Using Network Analytics to Spot and Fix Network Issues Faster dives into the architecture of NAE and how it speeds network troubleshooting. This blog discusses the implementation examples more deeply.


Customer expectations in today’s fast-paced digital world have never been higher—and customer loyalty has never been more fleeting. That leaves scant room for IT infrastructure problems that spoil the customer experience. IT teams are under intense pressure to find and fix looming problems before they cause unplanned downtime and to continually improve the user experience.


Network Analytics Engine is an innovation that’s built into ArubaOS-CX running on the Aruba 8400 and 8320 core and aggregation switches. NAE is a unique built-in framework for network assurance and remediation that allows for monitoring, troubleshooting and easy network data collection through the use of simple scripting agents.


Quite simply, NAE lets you analyze a problem in real time. Network operators gain the insight needed to troubleshoot and resolve the issue, or even better, let NAE take corrective action based on established policies.


Let’s take a look at some ways that NAE can help network operators.


Identify Network Anomalies and Security Breaches

Operators generally want to notified if network behavior deviates from the norm. A change in behavior may be due to planned events or unplanned events. In the case of planned events, it is to ensure that the network is flexible to absorb the resulting change. In the case of unplanned events, the operator probably wants to get to the root cause of the anomaly. In situations such as adding IoT devices like security cameras or building management systems, the operator may start monitoring traffic parameters or patterns that cross normal operating modes or threshold boundaries. But first, baselining is required to set these thresholds.


NAE baselines traffic patterns to automatically set network thresholds. It observes user-selected traffic parameters for a predetermined length of time and provides a baseline under normal operating conditions. These parameters could be network-related, such as OSPF neighbor health, or device-related, such as transceiver power levels. Once the thresholds are set, NAE continues to observe these parameters. If a threshold slowly changes over a period of time, NAE considers it to be the new norm and absorbs it into the new threshold. If, on the other hand, spikes are observed in the monitored traffic parameters, an alert is sent to the operator.


Traffic classifiers or ACLs can be used to count very specific types of traffic. A common example is to see if the ratios of DHCP requests and responses are within a certain threshold. NAE observes requests and responses under normal operating conditions and sets a threshold. If there is a sudden unexplained spike in the DHCP request/response ratio, NAE sends an alert to the operator.


Perform Faster Root Cause Analysis

When a VoIP/UC conference call experiences poor voice quality or bad video reception and the network operator receives a complaint from an end user, the operator tries to correlate network events and identify root cause. Event logs from applications and infrastructure are gathered into log analytics tools for root cause analysis.


Poor voice quality or bad video reception may be caused by increased latency due to congestion or packet drops. Often the immediate next step is to gather additional context around the event. This additional information is logged with the original event and sent to the log analytics tool for root cause analysis.Determining root cause can be a time-consuming, manual task.

Instead, NAE agents can be triggered the moment users experience poor voice quality to gather additional switch context surrounding this event in real time. For example, NAE agents can gather events such as “excessive STP TCNs” and contexts such as “STP link states”. Immediately gathering information provides a more accurate representation of the context at the time the event occurred and helps network operators drill down to the root cause more quickly. This is especially useful if the events are intermittent and the operator has to wait an indeterminate amount of time before the event occurs again and the cycle repeats itself.

Root cause analysis is faster with NAE.


More Ways to Take Advantage of Network Analytics

NAE can be used in a broad range of use cases, including:


  • System health - NAE agents can monitor the health of system resources like CPU and memory. These agents monitor and track changes in the switch across time. A CPU alert is archived with detailed information about the system context when the CPU was high, ensuring rapid root cause and resolution to a potentially important alert.
  • Network analytics - Having the capability to monitor nearly every statistic in the system and tying in with the time series database for analysis offers a wide range of use cases. Transceiver health and OSPF route health are a couple of examples.
  • Security - NAE can inspect traffic and detect anomalous behavior in conjunction with user and entity behavioral analytics (UEBA) security tools such as IntroSpect. Inspecting IoT traffic for spurious behavior is one example of this use case.
  • Application visibility - NAE Visibility Lists (using L2/L3/L4 traffic classifiers) enable agents to monitor application traffic as it traverses the core of the network. With NAE Visibility Lists, operators can setup lists to monitor cloud applications like Office365 or Google Suite and track their performance across time in the network. When a degradation is detected, robust network diagnostics can be performed automatically.
  • Network optimization - NAE’s deep traffic visibility, analytics capabilities and REST APIs can be used for network optimization. For example, leveraging the knowledge of application performance, operators can adjust the weights of routes to direct application traffic to different links or service providers to ensure a better class of service for the business.

It’s Time for a Better Way to Troubleshoot

Traditionally, context surrounding a network event is gathered by running scripts outside the device, often well after the event has occurred. The delay in gathering of event context makes it less useful for purposes like identifying anomalies, root cause analysis and performance tuning. The turnkey NAE that’s built into AOS-CX running on the 8400 and 8320 switches collects context around network events in real time, giving network operators the freedom and flexibility to respond to network events and anomalies with the new level of speed and accuracy crucial in today’s agile business environment.


Go Deeper

Read the first blog in the series, “Using Network Analytics to Spot and Fix Network Issues Faster."


Read my blog “The Three Biggest Network Automation Benefits of REST APIs.”


Read the blog “ArubaOS-CX: A Modern, Programmable Network for the Mobile and IoT Age,” by Tom Black, VP and GM of the campus switching business unit at Aruba.


PG Menon is senior director of product and solutions marketing at Aruba.


Did you like this blog? Give it a thumbs-up or share it on social media using the buttons below.

Dynamic Segmentation: Together is Better

Mon, 05/21/2018 - 10:00

IoT is everywhere and changing everything. From smart lighting to Internet-connected equipment—from magnetic resonance imaging (MRI) machines to heating, ventilation and air conditioning (HVAC) to security cameras and badge readers, operational technology (OT) is increasingly merging with information technology (IT) to increase the efficiency of conducting business.


About 50% of IoT devices are wired, and unlike mobile devices such as laptops and mobile phones, there is a wider range of IoT devices. And many, if not most, don’t come with security reinforcements such as antivirus software. They’re not subjected to the same level of scrutiny. As more Internet-connected devices come online, identifying them and authenticating their roles becomes critically important.


Let’s take an airport analogy. The moment you get to an airport, you’re asked to identify yourself using a passport, another form of identity or an iris scan. After this, your luggage is screened. Then you get access to the area near the gate. All the while, you are monitored via cameras and sometimes armed guards. When something strange happens, you may even be questioned or asked to move to a restricted area.


Unified Policy and Management to Secure IoT Networks

As organizations integrate IT and OT networks, unifying authentication and authorization for wired, wireless and IoT devices with existing IT usage models makes sense. Additionally, IT staff needs tools that help them automate the tasks of assigning policy and enforcing rules. Aruba’s Better Together story for wired, wireless and IoT centers on “Unified Policy, One Network Management System (NMS).”


ClearPass, Aruba’s unified policy manager, offers the ability to centrally manage and enforce access policy. It uses standards-based technologies to automate and secure wired, wireless and IoT networks. Its primary functions are device profiling, authentication and authorization. In addition, ClearPass identifies any change in device posture or device behavior.


Aruba IntroSpect, a User and Entity Behavior Analysis (UEBA) solution, monitors how users and entities behave while on the network or as users roam between locations. IntroSpect provides a risk score similar to your credit score. Like the airport scenario, when strange behavior is noticed, IntroSpect can request that ClearPass take action to quarantine or even blacklist the device.


Aruba’s wired and wireless products can be managed by Aruba AirWave or Aruba Central network management systems (NMS). This not only provides a single NMS to manage both wired and wireless, but also offers organizations a unified option for on-premises (AirWave) or cloud-based (Central) management.

Aruba: Better Together

The Aruba Mobility Controller is a crucial part of the solution, as it acts as the policy enforcer for wired, wireless and IoT traffic. All firewall policies, bandwidth contracts and other traffic restrictions are enforced by the controller.


Automatically Enforce Policy with Dynamic Segmentation

The overall solution comprising Aruba switches, Mobility Controllers, ClearPass Policy Manager and AirWave or Central is called Dynamic Segmentation. Together, the network is segmented a automatically based on device profiles and diverts traffic from selected devices to the controller for further inspection and policy enforcement.


Two features crucial to delivering Dynamic Segmentation are Downloadable User Roles and Tunnel Node. Downloadable User Roles enables ClearPass to act as a centralized policy definition point. It gives ClearPass the ability to tell an Aruba switch whether a device’s traffic should be processed locally or tunneled to a Mobility Controller for further inspection. It allows switches to automatically load policy to identify, profile and authenticate devices connected to it.


Aruba’s access switches implement Tunnel Node, a feature that allows wired traffic entering a switch port to be sent to an Aruba Mobility Controller in a GRE-encapsulated tunnel. In conjunction with Downloadable User Roles, Tunnel Node is a mechanism by which selected device traffic is automatically segmented and redirected to the controller. This enables stateful firewall processing of redirected traffic and advanced application control at the controller when necessary. Integration with IntroSpect can analyze traffic behavior and identify anomalies from these devices so no unauthorized activity occurs.


The cost and time savings of automatically managing policy and user roles during connections of users or IoT devices in an enterprise campus network is substantial. Manual configuration is time-consuming and error-prone, and dynamic segmentation eliminates this costly exercise.


How Dynamic Segmentation is Used

Businesses are deploying PoE-connected LED lighting, holographic workstations and 3D printers to create a digital workplace that inspires creativity and innovation. Hospitals are turning to connected medical devices to improve patient care and installing connected MRI machines to make maintenance more efficient and. Schools are using smart TVs and augmented reality/virtual reality to engage students more deeply in learning.


The time to physically connect these wired or wireless IoT devices may be the same, but manually configuring policies on every switch is painstaking, manual work. The security risks are very real: IoT devices are usually built for specialized tasks and optimized for cost and easy maintenance. They are not built with enterprise-class encryption or authentication. They depend on the network to provide security.


With Aruba, Dynamic Segmentation can provide that security and control.


ClearPass acts as a central repository of policies from which user profiles can be pushed out to the entire network—wired and wireless. Wired switches use these policies and authenticate users using 802.1X or MACAuth and quarantine unauthorized users in a captive portal.


This capability is especially useful when adding wired IoT devices such as security cameras, badge readers or 3D printers. Traffic from badge readers or PoE LED lights can be redirected to the Mobility Controller where policy is enforced, so no unauthorized or spurious connectivity is allowed. For example, if a PoE LED light tries to set up 1,000 TCP sessions, it will be quarantined. A connected HVAC will not be allowed to access the company’s ERP system.


Let’s quantify the benefits with an example where we install an additional security camera.

That is a total of 10 minutes for each IoT device. Considering the explosion of IoT devices, a manual process can be extremely time-consuming and prone to careless mistakes. An error can double, triple or quadruple the time it takes to bring a device online. Dynamic Segmentation secures your IoT network and completely eliminates these repetitive network configuration tasks, reducing the expensive risk of human error.


Deploy IoT with Confidence

IoT promises to deliver new efficiencies and user experiences, but it’s critical for organizations to have tight controls over the broad variety of new devices connecting to the network. Identifying connected devices and authenticating their roles before they connect to the wired or wireless network is critical to ensure smooth operations and mitigate security risks.


Aruba’s Better Together approach helps ensure this security, and Dynamic Segmentation leverages innovation and technology in a unified operations model. It seamlessly unifies NMS, policy management and enforcement functions for wired, wireless and IoT devices, enabling organizations to advance their IoT initiatives with confidence.


PG Menon is senior director of product and solutions marketing at Aruba. 


Did you like this blog? Give it a thumbs-up or share it on social media using the buttons below.


Wi-Fi Design: APs in Hallways

Thu, 05/17/2018 - 07:24

A common design problem in wireless networks is the tendency to place access points conveniently down a hallway. This creates problems because all the APs in the hallway can hear each other. Much like the idea of one AP per classroom, this seems like a good convenient way to design and install an access point deployment. We’re going to look at some predictive models for an example residence hall so you can visually see some the impact of these design choices. In all these examples, the cutoff for the grey areas is -70dBm. Most clients won’t actually see the signal that well, but this works to illustrate the point.


Here we have our APs installed in the hallways with initial power set to 25mw. Coverage looks pretty decent, though room 309 looks like it could use some help. So far, so good.Initial coverage heat mapHowever, because the access points can hear each other pretty loudly, they will constantly interfere with each other in 2.4GHz, since we don’t have enough channels to prevent overlap. Let’s see how far the signals travel down these hallways:

How the radio signal travels down a hallway

As you can see, the AP provides a little room coverage, but is able to reach significant distances down the hall. This is what makes hallway APs less than ideal in most circumstances. Now look at the channel overlap (aka, co-channel interference) and think about what that means for capacity:Channel overlapGreen means one AP can be heard on the same channel, orange is two APs, and red is 3 APs. It’s mostly green, so that’s good, right? Not so fast. Only one device can transmit on a given channel at a time. If two APs can hear each other on the same channel, that means they must take turns talking. This means that you only get one channel and one AP worth of capacity because only one can transmit at a time. This is not good for your 2.4GHz performance! You might think you can work around this by moving as many clients to 5GHz as possible. I’m sure that would help, but there may be bad news in the 5GHz band, as well.


If we use Adaptive Radio Management, the APs will hear all the neighboring radios and will start to turn their power down. Now that the power is turned down, the signal in the rooms will suffer. For example, if you left ARM configured for defaults it may drop power down to 9dBm and this is what your coverage would look like:Potential impact of ARMThat’s no good.


You could tweak the ARM settings, but that doesn’t solve the 2.4GHz issues. A better solution is to move the APs out of the hall and into the rooms and solve both issues. Here’s the channel overlap if the APs are installed in the rooms:Channel overlap with APs installed in roomsLooks a lot better, but why is that? Check out the coverage pattern for an AP in a room:

Single AP in room heat mapThe RF is much more controlled. This is what we want to see. How does the rest of the design look?Heat map with APs installed in roomsNow our coverage is much more even than the original design and we’ve greatly reduced the co-channel interface/channel overlap while still providing coverage to the hallways. This means enhanced performance for both 2.4GHz and 5GHz clients. There’s certainly more that could be done here:

  • We could use 40MHz channels on 5GHz to improve throughput and capacity.
  • We could add additional APs to provide more redundancy in case of an AP failure.
  • We could experiment with disabling 2.4GHz radios and playing with power levels.
  • We could experiment with different models of AP or antennas.


There are many options you can choose when designing a Wi-Fi network. AP placement is just one of them, but if you choose to place APs in a hallway, you better be very sure that is the best choice for your design and your requirements.

NetInsight: Advanced Network Analytics for a Mobile First Campus

Mon, 05/14/2018 - 10:00

Great network connectivity is a base expectation these days. People want to move about freely, working and communicating how they please. But for many organizations, it can be harder and harder to assure a great Wi-Fi experience as mobile demand grows.  People commonly use multiple mobile devices, and IoT devices are on the rise as organizations deploy surveillance cameras, smart lighting and sensors to create digital workplaces.


People have little tolerance for poor connectivity, and impatience is measured in a fraction of a second. They might complain to the helpdesk that they got kicked off the wireless or their connection is slow – or they might take their complaint straight to social media. For IT, trying to troubleshoot wireless incidents, especially intermittent ones, can be time-consuming and tricky.


It’s Time for Network Analytics-as-a-Service

Aruba’s latest innovation is NetInsight. NetInsight takes a data-driven approach to help network managers operate better mission-critical wireless networks more efficiently than ever. NetInsight combines state-of-the-art machine learning with Aruba’s 16-year history of RF engineering innovation to automate insights into the wireless LAN, quickly find the root cause of problems, and make recommendations to improve the network.


With NetInsight, you can benchmark your campus Wi-Fi against similar networks. NetInsight collects rich metadata about your wireless LAN performance and uses the data anonymously in the cloud. Leveraging advanced analytics and machine learning, NetInsight looks at essential characteristics at the AP level and creates an environmental classification for each building or floor. At a university, for example, NetInsight can classify academic buildings, residential halls or outdoor spaces by their environmental characteristics.


NetInsight compares your wireless with similar networks, and provides a score based on how your network is performing. For the first time, you have hard evidence of whether your network is on par, or if your network is much better (or worse). NetInsight also provides configuration recommendations to improve performance, and IT can implement those changes for a best-in-class network.


NetInsight makes it possible to proactively identify wireless connectivity anomalies, rather than waiting for users to report them. Troubleshooting connectivity issues can be very difficult, especially when problems are fleeting. NetInsight monitors different factors that impact the user connection, such as Wi-Fi quality, authentication and DHCP services, and flags problems that fall outside the established baseline. Then it correlates that data to find patterns that can affect the user experience.


A powerful combination of machine learning and Aruba’s wireless expertise helps you deliver a better user experience with less effort. For example, NetInsight can show you if there’s a spike of anomalous airtime events at a certain time or location, and pinpoint that non-Wi-Fi interference was the cause. You aren’t reacting anymore – you’re proactively fixing issues before large numbers of users and devices are affected.


You also can validate the impact of network changes with NetInsight. In most IT shops, changes are made at night or over the weekend when fewer users are impacted. Once the change is made, IT usually monitors the network for a couple of hours or a day before they have to move onto other priorities. NetInsight continuously monitors the network and tracks changes to AP configurations, firmware updates or other network changes and shows a clear before-and-after snapshot.  


Empower IT to Deliver a Better Network

NetInsight uses powerful data analytics and machine learning to remove the complexity behind running mission-critical wireless networks. It makes it easier to identify anomalies, provide quicker time to resolution, and gives IT the assurance that any changes deliver the desired impact.


NetInsight leverages the power of the Aruba community. Not only is NetInsight powered by the expertise of Aruba’s wireless engineers, but its insights and recommendations are validated across best-in-class campus networks.


NetInsight enables network managers to do their jobs better, spend less time troubleshooting and be more productive. As the IT workload continues to grow, with constant pressure to deliver greater business value, NetInsight can lift that load and enable IT to deliver a better user experience more easily.  


Go Deeper 

Watch the video. 

Learn more about NetInsight.



Like this blog? Share it on social media or give it a thumbs-up using the buttons below.


Sujatha Mandava is senior director of network analytics at Aruba.

Recreating a Technical Keynote Demo: Chatbot

Thu, 05/10/2018 - 08:30

One of the things I always enjoy after ATM is sitting down and figuring out how they created some of their technical demos, and more importantly, how I can do this myself. 


Note: The following is not necessarily how Aruba chose to solve these problems in their demo. This is meant to be a representative demo, with a simple approach as to how people in the community could approach building similar functionality with easy to consume pieces.


This year’s keynote showed Partha Narasimhan running his fictitious company Alpine Orange Superfoods (AOS) with the help of a chatbot to operate the Aruba infrastructure.  He showed off everything from onboarding a contractor to ClearPass for guest wireless access.


Now let’s break down how we can recreate this, using some easy to consume tools.


ChatBot with Native Language Processing (NLP)

This is a bot that you can interact with in a natural kind of way.  It can understand what a user wants to be done, prompt them for information, and then calls other systems to perform actions.


Connectivity to ClearPass API:

We need some way for the bot to talk to ClearPass.  Unless your ClearPass server is internet accessible, you probably need some way to deal with how to connect your chatbot to the ClearPass server.


Calling ClearPass to Create a Guest User:

And then we need to call ClearPass to create a guest user.


Sending notifications to the user with their credentials:

Finally, we need some way to inform the user that their credentials have been created.


Components used to recreate the functionality:

Chat Engine with NLP:

NGROK to deal with connectivity to my python box:

Python and Flask to handle the incoming webhook

Python with the Requests library to call the ClearPass API.

ClearPass with Twilio setup for SMS Gateway to send SMS


Step 1: Determine what we need to send to ClearPass

The first step we need to do is determine what info we need to pass ClearPass to create the user.  To do this, we are going to hit the API Explorer.  You can find this in ClearPass Guest > Administration > API Services > API Explorer. Since we are interested in creating a guest user, click on GuestManager > Guest > POST /guest.  This will tell us what we need to get for data.   (Or hit https://ClearPassfqdn/api-docs)



For our purposes, we really need a username, enabled, email, role and visitor_phone, password and the auto_send_sms.


Step 2 - Setting up a chatbot

The Company AOS used Facebook Messenger to interact with ClearPass, but since I rarely use this platform, I’m going to work with Slack instead.  Now we just need a platform to talk to the Slack and deal with some of the dialogs for us.  For this, I’m going to use DialogFlow (formerly  This is going to give us the ability to define Intents (things that the user wants to do) and the necessary prompts to get the needed information from the client. It also dramatically reduces the code I’ll actually have to write.


Let’s deal identifying that a user wants to create a guest.  These training phrases will help DialogFlow determine what I’m want to be done for the “intent” of creating a guest ClearPass user.

Now that identified what needs to be done; I need to know what data we are going to send towards ClearPass.  I suspect that “enabled” will always be true when we are creating it.  Really, I need their First/Last names, email, and phone number.


Let’s define these parameters, and put in some options to prompt the user for that information.


Now that we have these pieces, Let’s plumb this into Slack. Fortunately, DialogFlow has a built-in integration to Slack.  


Now let’s test the bot to see if it prompts for the right values:

Sweet, my bot knows how to talk to me.  Now I need to pass this info to my ClearPass Server.


Now the issue of how to get the DialogFlow engine to talk to my ClearPass server.  The easy way to do this is making my ClearPass box accessible to the internet.  Most security folks just died a little after reading that.  So how do we do this in a way that isn’t a security issue?  The other option is to create a web application to receive the post and make that publicly acceptable.  The challenge there is my home lab doesn’t have any public address space.


Step 3: Connecting the Cloud to On-Premises services.

Ngrok is a cloud tunneling service used to do exactly what we are trying to accomplish.  It allows us to make an outbound tunnel from our Linux box to URL in the cloud.


With the free account, you can start ngrok and get a URL you can point Dialog flow. This essentially builds a tunnel from the public URL to our machine running python on the Lan.  I’ll have to change this every time I launch


This is the output from ngrok on my Mac, mapping port 5000

Now we have a tunnel into our python box; we need to build a service that can receive the webhook push from DialogFlow.




For this, I’m going to build a simple web site with python using the Flask library.  This will essentially take a post from DialogFlow with the info it collects and make the call to ClearPass.


I started with some sample code here:

This is a simple listener for a web hook.  I’ve modified it to process the http POST from Dialog flow.


For the /webhook route, here is the following logic: 

@app.route("/webhook", methods=["GET", "POST"])

def tracking():

    """Endpoint for receiving webhook from bitbucket."""

    if request.method == "POST":

        data = request.get_json()

        #Parse the data coming from DialogFlow

        processed_data = parse_Chatbot(data)

        #Using the processed data, create a ClearPass User

        results = create_ClearPassUser(processed_data, ClearPass_auth_token)



        print "Webhook received!"

        my_response = {}

        my_response['displayText'] = "User has been created, they should receive an SMS with their login"

        return json.dumps(my_response) 


This calls the parse_Chatbot function and passes in the data sent from DialogFlow.  This prepares the JSON request to send to ClearPass.


def parse_Chatbot(my_data):

    #Create a dictionary to put all the of the values into

    process_data = {}

    #Create a username from the first and last names and append a unique number to the end

    process_data['username'] = my_data['result']['parameters']['FirstName'] + my_data['result']['parameters']['LastName'] + str(randint(1000, 9999))

    process_data['email'] = my_data['result']['parameters']['Email']

    process_data['visitor_phone'] = my_data['result']['parameters']['Phone']

    process_data['enabled'] = True

    process_data['role_id'] = "2"

    process_data["auto_send_sms"] = "1"

    process_data['password'] = str(randint(1000,9999))


    return process_data


Here we set the username, password, phone number, role, and a few other specifics directly out of the ClearPass API documentation.  For username I’m combining their First and Last names, along with a 4-digit number.  The password is simply a 4 digit pin.


Note: Some of these values don’t appear in the documentation, but I found elsewhere on the airheads community. 


Now I also define the functions that make the call to ClearPass to create the user with the data I return.  The aruba_Post is a generic function to post data to the ClearPass server.  The create_ClearPassUser function calls this to post the data specific to the /guest API. 


def aruba_Post(url_extention, payload, my_auth_token):


    my_session = requests.Session()

    my_req_url = "https://" + ClearPass_fqdn + url_extention



    headers = {'Authorization': my_auth_token, 'Cache-Control': "no-cache", 'Content-Type': "application/json"}

    response =, headers=headers, data=payload, verify=False)

    return response


def create_ClearPassUser(my_data, my_auth_token):


    headers = {'Authorization': my_auth_token, 'Cache-Control': "no-cache"}

    response = aruba_Post("/api/guest", json.dumps(my_data), ClearPass_auth_token)



    return response


Now, to bring it all together.  Let’s repeat talking to the slack bot, but this time, we’ll be running the flask app with NGROK running.


We can check out the NGROK status page, and see that it is sending us the info:


So far we’ve recreated the basic demo from the technology keynote.  We could continue down this path to add additional functionality, check if the user exists, perform password resets, etc.


And there you have it.  One thing to keep in mind that my goals are not necessarily the goals Aruba used to create their chatbot.  My goal was to create a simple chatbot that users in the community could do without a lot of programming.

5 Reasons to Attend Aruba’s Federal User Symposium on Secure Mobility

Mon, 05/07/2018 - 10:29

As the federal government increasingly adopts mobile and wireless technologies, ensuring secure mobility is critical to mission success. That’s why the Aruba federal team has convened a one-day symposium with government and civilian IT experts on the future of mobility and secure connectivity.


The Federal Mobility Symposium takes place on Thursday, May 31. We’re excited about the great speakers from NOAA, DoD, USG, PA ANG, SPAWAR and more, and think you should be too.


Here are five reasons to get out of the office and spend the day with us:


  1. Learn from other agencies’ secure mobility successes. Hear directly from DoD and Civilian IT leaders who have successfully deployed secure mobility solutions, even for classified information. Hear from your peers at DoD, SPAWAR, Air National Guard, NOAA and others. You’ll get real-world perspective. See who is speaking.
  1. Sharpen your skills. No matter how experienced you are, there’s always more to learn. Come away with new ideas and proven approaches for what works in secure mobility (and learn what didn’t work).
  1. Network with peers. Get out from behind your desk, and meet people with similar objectives and challenges. It’s always good to make (human) connections.
  1. Better position yourself as an expert. Technology changes fast, and you can learn what’s next in wireless communications and how mobility trends apply to federal.
  1. Bring back what you learned. Make your learning even more valuable by sharing your new knowledge with your colleagues.

The Federal Mobility User Symposium takes place on May 31, 2018 at The Westin at Tysons Corner in Falls Church, VA.


The event is free, but space is limited. So don’t hesitate. Register today.


It’s All About the User Experience

Mon, 05/07/2018 - 10:00

We depend on reliable access to Wi-Fi to send emails, make phone calls, share files, communicate with customers and file our expenses. When the Wi-Fi is flaky, we get impatient, frustrated and stressed out. As individuals, we ignore the incredible interdependencies behind delivering a flawless network experience. But with our lives increasingly dependent on mobile, cloud and IoT, it’s becoming even harder for IT departments to deliver the exceptional service availability that people expect.


The User Experience Lifecycle

Historically, when we think about user experience, we tend to consider the initial interaction the user has with the network. But the true user experience is far broader: It starts with how a user connects to the network. Is it via a captive portal, 802.1X or an onboarding workflow? I call this the “Pre-Connection User Experience.”


Once on the network, it then involves the application experience. A user just wants to do their work and use their apps anywhere and at any time in a completely seamless manner. The network should be invisible. I call this the “Post-Connection Experience.”


For IT, the ability to be proactive and quickly resolve any problems that may impact the user experience even before the user is aware. I call this the “Time to Resolve Problem Experience.” This is the User Experience Lifecycle, and at Aruba, we are focused on addressing each component of this lifecycle.




The Initial Interaction

A great Pre Connection Experience goes well beyond a beautiful splash screen. People want the ability to connect their devices without hassle, time after time.


Organizations have long used Aruba ClearPass to provide secure access for guest, corporate and personal devices, and through our ecosystem of partners, we continue to enhance that experience. For instance, integration with Sine enables you to easily provide Wi-Fi credentials to guests when they check in at your offices. Guests simply check in on a mobile device or web browser when they arrive in your lobby, and Wi-Fi logon details are sent via text message and email. Different rules can be set for different types of guests, such as visitor, contractor or courier. Behind the scenes, ClearPass authenticates the request and generates the Wi-Fi credentials.


Once Connected, Stay Connected

The initial interaction is just the start. People want to use their applications and make phone calls without issue. Aruba has put a lot of innovation behind delivering a great experience once people are connected.


From the pioneering Adaptive Radio Management (ARM) to Client Match and more recently AirMatch, Aruba has been developing software that ensures the user connection is always optimized. AirMatch is an illustration of just how sophisticated the software has become where a holistic view over a long period of time is now taken before making changes to the RF environment. It is no longer isolated point changes. These technologies are fundamental to a trouble-free “Post Connection Experience.”


More recently, we have been focusing on providing insights into what the user experience looks like from the user’s perspective or the “Time to Resolve Problem Experience.” Access to these insights is a foundational element of the Aruba Mobile First Network Architecture.


Aruba Clarity enables administrators to monitor the key components of the user connection such as association, authentication, DNS and DHCP times for individual users and the overall network and provides up-to-the-minute insights into user connectivity that can impact the user experience.


For example, there was an instance where a customer started using Clarity after deploying Aruba and noticed their DHCP times were around four seconds. Users were not significantly impacted; it was just that their initial connection was slow. With this data, the network manager checked the DHCP server and noticed it was low on memory. With a simple upgrade to the RAM, the DHCP times went down to a few 100 milliseconds. This is a great example of active user experience monitoring and management.


A Consistently Excellent Experience

The bar for service excellence continues to rise, and emerging technology is making it easier than ever to deliver on people’s expectations. We can consider the network not only to be the entity that allows devices to communicate with each other, but also one enormous sensor that we can now use with the help of artificial intelligence (AI). The application of AI to improve user experience relies on having access to a large volume of data and being able to compare data sets.


If I am teaching a machine how to recognize a dog, I will show the machine thousands and thousands of dog pictures so it can learn what a dog looks like in all kinds of situations. Applying this idea to the network involves looking at the characteristics of many different networks and “learning” what a well-performing network looks like as opposed to one that is not optimized. With these insights, I can now make recommendations based on all of the well-performing networks I have sampled, and because I know the characteristics of a well-performing network, I can predict the outcome of my recommended changes. This is essentially how Aruba NetInsight works.


NetInsight automatically baselines your network to identify performance and connectivity patterns across multiple locations, remote offices, and indoor and outdoor Wi-Fi. NetInsight benchmarks your network performance against similar networks—comparing, say, university campus networks—and gives you an detailed understanding of how your network performance stacks up. NetInsight also uses AI to detect hard-to-identify problems and makes pinpointed prescriptive recommendations for changes that will improve the user experience.


Aruba IntroSpect User and Entity Behavioral Analytics (UEBA) also taps into the growing power of the network as a sensor. In this case, AI is being applied to a security problem. IntroSpect uses machine learning to spot changes in user behavior that often indicate inside attacks that have evaded perimeter defenses. These are legitimate users or devices that have authorized access to the network but are exhibiting malicious intent.


Aruba continues to advance end-to-end visibility and control to improve the user experience. Our recent acquisition of Cape Networks expands our AI-powered analytics and assurance capabilities. Cape Networks provides a sensor-based service assurance solution that gives customers a simple, proactive and network-agnostic way to measure and monitor SaaS, application and network services. IT can get ahead of service quality issues before they occur as well as resolve issues faster.



 Mark Verbloot is director of systems engineering, Asia Pacific Japan at Aruba, a Hewlett Packard Enterprise company.


Did you like this blog? Share it on social media or give it a thumbs-up using the buttons below.


We Built an Event Network in <48 Hours. Here’s What We Learned

Wed, 05/02/2018 - 10:00

We built our own event network to support Atmosphere18 so we could showcase our latest innovations to 3,000 attendees. Showing our vision and our products meant running brand-new software and code that has never been released on a production network. We knew we were taking risks, but also we knew it was worth it.


The event network supported everything—registration, keynotes, product demos, educational sessions, and of course, our attendees. We had detailed plans to install about 50 switches, 250 access points and a cluster of mobility controllers—with a team of seven and in less than 48 hours.


Through the highs and lows, here’s what we learned:


1. Be ready for anything. We staged the event network in Sunnyvale to validate our design. When we got to the Mandalay Bay in Vegas, we had some surprises. We pulled the switches out of the boxes and plugged them in, only to discover that a bug in beta code had wiped out the configurations. We viewed the event network as a showcase of how quickly our engineering teams could solve critical issues for customers. They delivered.


We also discovered that the documented location of the Ethernet drops in the convention center didn’t always match reality. That meant we needed more switches, longer cables and more time. Fortunately, adding switches was pretty easy, because we used AirWave to create templates and push and manage the configurations. It was a busy 48 hours, but the network was up and running, just in time.


Our grace under pressure was tested during the conference too. A bug in beta software, related to a specific monitoring use case, caused all of our Aruba 7240  controllers to crash. We saw the problem coming hours before, and we were hoping the conference would close for the evening before anything went down. Our team was in the Innovation Zone socializing with attendees when we saw the crash happen on both the AirWave dashboard and our custom NOC dashboard. We ran back to the war room to investigate. Luckily, it was a rolling crash, and each controller in the cluster rebooted a few minutes apart. Because the controllers were clustered, no one even noticed.


We were happier when the NOC dashboard looked like this:


2. Get creative when you don’t have total control. And who ever has total control? We worked with the MGM IT staff to get access to the wiring closets during the installation. Then we received a late request—after the MGM IT staff went home for the evening—to supply Ethernet drops for the registration team’s in the Oceanside Ballroom. I knew I had already planned these drops and they should have been ready to use, so why were they requesting them again? Of course, they were having connectivity issues and they didn’t know why. It was a vague problem statement, just like any network administrator receives on a daily basis. We troubleshot it and discovered that the Ethernet drop was patched to a SmartRate port, with a minimum speed of 1Gbps, but the devices only supported 100Mbps. Of course, the problem had to be solved within hours and the MGM staff went home already. Since we couldn’t enter the IDF to change the patch to a 100Mbps-compatible port, we added another switch, which functioned as a media converter.


Another issue we had was with the ISP uplink provided to MGM, then from MGM to us. We paid for a 1Gbps up/down link but never got close to that bandwidth. Additionally, on the first day, the link was constantly dropping and coming back up. We were not happy. How could we provide stable Wi-Fi without a stable uplink? Using our dashboards, we were able to discover the poor uplink performance and provide proof in the form of speed test history to the ISP. The service provider quickly fixed a connector issue on the fiber.  


3. People disappear. People with the best intentions can find it hard to resist 24-hour entertainment in Vegas. I don’t want to name names, but certain volunteer commitments vaporized. There were several long nights for the seven die-hards of the event network team. A huge thanks to everyone who helped out, in both large and small ways!!!


4. The user experience was great. We knew we had a tough crowd—our customers and partners (and lots of Wi-Fi nerds), and we designed the network to perform. We expected people to run Wi-Fi speed tests, and with a network that delivered 100Mbps up and down, even in high-density areas like the keynote room. Sweet.

We didn’t really know what to expect with our live experiment of Next-Generation Hotspot and Passpoint. The goal was to make it easy for people to connect their phones to the Wi-Fi, without having to enter new credentials. It worked. A large majority of attendees used the event Wi-Fi, with higher adoption than we have ever seen.


5. Event networks are a great opportunity to walk in our customers’ shoes. There’s no substitute for real-world deployments and customer conversations. At Aruba, we believe that our employees in headquarters understand the issues faced by our customers and partners, so we create better products and workflows, from the documentation to day-to-day operations.


I fed my experience using AirWave for planning and deployment directly back to the product teams. The AOS team hears our feedback on things like AirMatch, Passpoint and clustering. These are great examples of the value we get by building our own Atmosphere network.


In the end, the sleepless nights were worth it.




Check Out the  #ATM18 Blogs

#ATM18: We’ve Got <48 Hours to Build the Show Network, and It’s Going to Be Lit


Five Reasons Why Building an Event Network is So Stressful


Live Showcase of Next-Generation Hotspot at #ATM18


Ben Lowe is a technical marketing engineer at Aruba.


Like this blog? Share it on social media or give it a thumbs-up using the buttons below. 

We are Honored

Tue, 05/01/2018 - 04:55

Most of us who have been in the security business for a while have a history of interactions with SC Magazine. If you go back far enough when the magazine published a paper edition, interactions included regular in-person visits pitching new products or technologies to the editorial staff.


That’s all changed, of course, but one constant is that the person shepherding the magazine’s editorial content has remained the same. Illena Armstrong was the person we met with on press tours and now, as the VP of Editorial for SC Media, she continues to help the security industry make sense of the myriad of threats, defenses, products and services that organizations need to deal with. 


Given her experience and the longevity of SC Magazine, it’s easy to see why their annual security awards are so coveted. As Illena observes in her column introducing this year’s award winners, entitled “Celebrating Security’s Best”, “It calls out the leading vendors and service providers actually bringing some clarity to a sometimes convoluted market.”


This year SC Magazine recognized 18 products and services providers for the best product or service in a specific category. Aruba IntroSpect UEBA was given the 2018 Trust Award for Best Threat Detection Technology. Given that a panel of 50 industry leaders across the spectrum of organizations and functions—many of them CISO’s—made the selection, the impact of the award cannot be understated.

We are particularly excited that the award citation highlighted the IntroSpect strengths that our customers have come to rely on:


  1. A new dimension of attack detection. The machine learning-based techniques that find attacks before they do damage (we absolutely love the “digital Sherlock Holmes” metaphor).
  2. SOC Efficiency. We have measured improvements in incident investigation of up to 30 hours per investigation—and we deliver that to the SOC and underlying SIEM without changing their user interface or workflow.
  3. Better together. The tight integration between Aruba’s market-leading NAC solution (ClearPass) and IntroSpect illustrates Aruba’s 360 degrees of protection. This occurs by closing the loop between IntroSpect’s attack detection and ClearPass’ policy-based attack response actions ranging from re-authentication to quarantine to outright block.

To be one of 18 vendors selected for a Trust award from a sea of often confusing products and vendors not only honors IntroSpect but illustrates the momentum in the overall Aruba security business. Our security portfolio consists not just of ClearPass Secure Network Access Control and IntroSpect User and Entity Behavior Analytics, but a wealth of security solutions embedded in our wireless and wired networking products ranging from military-grade encryption to application-layer firewalls. Add to that deep integrations with over 120 technology partners in an open, multi-vendor architecture and you can see why this award is a capstone acknowledgement of our overall security business.

Those who know the security business know what this award means which is why we are so excited and honored to be recognized. We also see it as a responsibility to continue to provide valuable and meaningful security solutions to our customers and partners for, as Illena says, an industry at a “tipping point.”

Using Network Analytics to Spot and Fix Network Issues Faster

Mon, 04/30/2018 - 10:00

This two-part series dives into Aruba’s Network Analytics Engine (NAE), a unique framework for network assurance and remediation that is built into the ArubaOS-CX network operating system. This blog dives into the NAE architecture and how it speeds network troubleshooting. The second blog explores implementation examples and use cases for NAE.  


Today’s fast-changing markets expect businesses to be more agile. Increasing business agility is crucial to growth and profitability. Since IT is an essential part of business operation, the same applies to IT operations. Innovations in IT infrastructure that reduce downtime, identify anomalies, improve performance and resolve problems quickly contribute directly to business agility and business continuity. The Network Analytics Engine (NAE), which is  built into the ArubaOS-CX network operating system for the Aruba 8400 and 8320 core and aggregation switches, is one such innovation designed for networking and network operators.


IT departments have sophisticated systems in place to monitor and manage their infrastructure. A vast array of tools help operators to collect event logs, watch key performance metrics and capture traffic flow data to improve performance, spot anomalies and analyze failure. In conjunction with these existing tools, NAE enables network operators to have a rules-based framework that will quickly find the root cause, trigger follow-up actions and lower their mean time to repair.


What is Network Analytics Engine?

NAE is a first-of-its-kind built-in framework for network assurance and remediation. Combining the full automation and deep visibility capabilities of ArubaOS-CX, this unique framework allows monitoring, troubleshooting and easy network data collection by using simple scripting agents.


Quite simply, NAE lets you analyze a problem in real time. It gives you the insight you need to resolve the issue, or even better, it takes corrective action based on established policies. When it detects an anomaly, it can proactively collect additional statistics and data to proactively troubleshoot the problem.


NAE is made up of agents, rules, databases, APIs and a web UI.

  • NAE Agents - NAE makes use of agents to collect context. Agents are user-defined scripts that get triggered in the device when a specific event occurs and they collect additional interesting and relevant network information.
  • NAE Rules - Agents are triggered by rules that are also defined by the user. An example of a rule is short-term-high-CPU, where additional context is collected when the CPU utilization exceeds a certain threshold for a specified period of time.
  • NAE Databases - NAE is tied to the configuration and state database as well as a time series database.
    • Configuration and state database - The tie-in with the configuration and network state database is what makes NAE possible, because NAE has direct access to the entire current state of ArubaOS-CX, all statistics included. This also helps the agent to correlate a network event to a configuration change, which is useful in determining root cause by checking if the event was related to a configuration change.
    • Time series database - The tie-in with a time series database give users the ability to rewind and playback the network context surrounding a network event. Under normal use, storage is estimated at 400 days.
  • REST APIs - NAE has REST APIs for integration with external systems such as security information and event management (SIEM) tools and log analytics engines. In addition, operators can use the APIs to request information from other devices in the network to create a complete picture of the network state when a specific event occurs and automatically take corrective action based on policy.
  • Web UI -  The Aruba OS-CX web user interface gives operators quick and easy visibility. Besides providing the ability to monitor the status of a switch, it gives you access to view and configure NAE agents, scripts and alerts. Automatically generated graphs provide additional context that is required for troubleshooting networks.Network Analytics Engine components


Three Benefits of Built-in Network Analytics

NAE delivers clear benefits to network operators:


  1. Addressing administrative boundaries saves time. In many networks, administrative boundaries limit operator access to network visibility. Event logs are processed by log analytics systems that are usually under a different administrative domain. Network visibility, performance insights and subsequent corrective actions often require people to work across administrative boundaries. Sometimes working across administrative boundaries causes unnecessary delays and may not be agile or flexible enough for operators to address business needs. The built-in NAE gives some freedom and flexibility for network operators to directly deal with appropriate network related issues. 
  2. Real-time context helps faster troubleshooting. Event logs from applications and infrastructure are generally gathered into standalone log analytics tools for root cause analysis. The task of requesting additional context around the event is carried out by scripts associated with log analytics tools. These tools service a large number of devices in the network, and as a result, delays may be encountered before the tools react to an event and request additional context from any particular device. This delay may result in loss of the exact context at the time when the event occurred. The built-in NAE automatically triggers the gathering of additional information at the time the event occurred giving meaningful context and enabling faster trouble shooting. In addition, the rules-based framework can trigger follow-up actions to remedy the problem. Besides troubleshooting, real-time context also is useful in system optimization, such as when CPU utilization suddenly peaks, remedial action can be taken immediately. Additionally, when the centralized servers and tools are unreachable or unavailable, this information cannot be collected at all. 
  3. NAE is a turnkey solution. Most analytics toolsets have to be pulled together and integrated before they can be used. This includes database integration, time series data stores, streaming data feeds and scripts. NAE is a prepackaged solution that can be used out-of-the-box. It comes with integrated databases and prepackaged scripts for common use cases. In addition, supplementary assistance in the form of scripts and use cases can be found on GitHub or at the Aruba Solutions Exchange.

NAE is an innovative new way for network operators to identify and resolve problems faster. In my next blog, I will explore implementation examples. 


Go Deeper

Read my blog “The Three Biggest Network Automation Benefits of REST APIs.”


Read the blog “ArubaOS-CX: A Modern, Programmable Network for the Mobile and IoT Age,” by Tom Black, VP and GM of the campus switching business unit at Aruba.


PG Menon is senior director of product and solutions marketing at Aruba.



Did you like this blog? Give it a thumbs-up or share it on social media using the buttons below.





IDC MarketScape Report Ranks Aruba, a Hewlett Packard Enterprise company, a Leader in the Enterprise

Mon, 04/30/2018 - 08:45

We are honored to share that in recognition of our Mobile First vision and what we have been able to accomplish, IDC, one of the leading global providers of market intelligence, advisory services, and events for the technology community, has recognized Aruba-HPE as a leader in the new IDC MarketScape: Worldwide Enterprise WLAN Vendor Assessment.


According to the IDC1, "There have been significant advancements in the WLAN market in recent years with vendors offering exciting new features that can help drive new business opportunities for enterprises. As organizations increasingly rely on wireless technologies to address business challenges, the importance of choosing the right vendor has risen considerably." This IDC MarketScape is a vendor assessment, which profiles 11 vendors in the worldwide enterprise WLAN market and Aruba-HPE is one of only two companies named to the Leaders Category.  


IDC MarketScape vendor analysis model is designed to provide an overview of the competitive fitness of ICT suppliers in a given market. The research methodology utilizes a rigorous scoring methodology based on both qualitative and quantitative criteria that results in a single graphical illustration of each vendor’s position within a given market. The Capabilities score measures vendor product, go-to-market and business execution in the short-term. The Strategy score measures the alignment of vendor strategies with customer requirements in a 3-5-year timeframe. Vendor market share is represented by the size of the icons. 


Ready for Innovation in a Mobile First World

The IDC MarketScape states “Aruba is well-tuned to the future of enterprise WLAN, wired and WAN innovations.” Aruba’s software-defined Mobile First Architecture is designed for exactly that, rapid innovation in the mobile, IoT and cloud era. We believe that The Mobile First Architecture provides a robust offering that meets all the metrics the IDC MarketScape used to evaluate vendors in this report. Aruba’s Mobile First Architecture gives enterprises a secure, intelligent and automated network, providing IT the visibility and control needed for digital transformation and self-service networking. 


Mobile First: Purposefully built for mobility, an Aruba network allows users and things to connect and receive the same policy no matter how they are connected, via wired or wireless. According to the IDC MarketScape, “Aruba is noted for its flexibility of deployment options, which includes Aruba Instant APs with integrated control, the Aruba Central cloud-managed solution, and a broad range of controller-based solutions. Also, since true mobility requires business continuity.” At Aruba, we deliver a non-stop networking experience for environments where mobile, IoT and cloud are mission-critical.


Secure: The IDC MarketScape notes that “It is important to consider the security capabilities of any WLAN solution.” Aruba’s 360 Secure Fabric provides an integrated security framework for IT and security teams to gain back visibility and control of their network, centered around analytics. Starting with infrastructure security capabilities embedded in the foundation of all of Aruba’s APs, Mobility Controllers and switches.


Aruba builds on this foundation by integrating IntroSpect machine learning-based attack detection (UEBA) with Aruba ClearPass network access control. According to the IDC MarketScape, “Aruba is noted for its ClearPass network access control (NAC) and policy management solution.” A critical advantage of the Aruba security framework is an open, multivendor integration of Aruba security solutions with over 100 partners in the Aruba 360 Security Exchange Program. Customers can leverage existing security investments by seamlessly integrating them with Aruba solutions. 


Autonomous:  Aruba delivers AI-powered analytics and provides proactive, prescriptive and adaptive network performance monitoring and optimization.  And it’s all driven by machine learning to revolutionize the quality of experience for users, IoT devices and IT staff. The flexibility of deployment for network management is recognized as one of Aruba’s strengths. Aruba’s automated RF optimization in the ArubaOS 8 WLAN portfolio uses machine learning as well to provide the best user experience even in very dense client environments.


Open: The IDC MarketScape comments on the network industry’s move to embrace multivendor initiatives. Aruba understands that networks need to be open and support multivendor capabilities. Aruba ClearPass policy management and Aruba AirWave network management are both multivendor. In the Mobile First platform, all the software solutions, including ArubaOS, policy management, network management, analytics and location-based services, are equipped with rich APIs for easy integration with a third-party solution. Organizations need to be able to innovate at their pace and not be locked in and limited by a single vendor’s architecture.


Here at Aruba, we believe our innovative and differentiated portfolio, combined with our “Customer First and Customer Last” philosophy is what makes us a leader in the market. We believe this report further validates our philosophy and we take pride in the recommendation that the IDC MarketScape makes to its readership, “IDC recommends considering Aruba for environments where wireless security and performance requirements are paramount.”


If you would like to learn more about what makes Aruba-HPE a leader in the market you can read an excerpt of the IDC MarketScape: Worldwide Enterprise WLAN 2018 Vendor Assessment or visit


Like this blog? Share it on social media or give it a thumbs-up using the buttons below.



Source: IDC MarketScape: Worldwide Enterprise WLAN 2018 Vendor Assessment, doc #US42018017, March 2018


1 - New IDC MarketScape Assesses Worldwide Enterprise WLAN Vendors for 2018 – April 2018, IDC Press Release

The New World

Mon, 04/30/2018 - 07:00

 We are constantly bombarded with catchy phrases and technology said to be the next big thing. This ends up simply being another block on buzzword bingo but there is one area that I feel isn’t just a fad that will go away soon. That fad or buzzword is programmability. For a while now we have heard about Software Defined Networking or SDN for short and how that is going to change the networking world as we know it. However, this hasn’t necessarily occurred. The statement has been to continue in this networking world you need to learn programming of some sorts, this much I completely agree with.


Let’s look at a brief history lesson if we may. Back in college, I started down a Computer Science path and was bombarded with Java, C++, Scheme, Perl, etc. As I sat in those classes I thought to myself “This is really boring!” Thankfully I made a migration towards networking and thought I put all that programming behind me. While working through college I started developing web applications using Perl/CGI and then PHP. These apps were typically just tying together systems and automating repetitive tasks. Little did I know how much of an impact this would have on my future mobility career.


Fast forward to today and where we are now in the industry. If you don’t know some programming language, you could struggle to finish a project. Recently at Atmosphere 2018 in Las Vegas, a lot of time in breakout sessions was spent on how you can use the various Aruba APIs to integrate various systems together. This was in contrast to less of the discussion is around the actual 802.11 hardware and standards. The shift is very pronounced and important to realize.


Customers are looking for solutions that can combine things like Aruba ClearPass with building guest systems so when a badge is created at the front desk a guest wireless account can be created as well. Emergency management personnel are looking for ways to tell if a building has been evacuated or not. Using the Meridian APIs, we can provide a large portion of that data. SDN isn’t doing much of anything for Wireless networking but what is key is the programmability aspect. Companies that provide easy to use APIs allow a product to be more “sticky” (thanks Jake Snyder for the term!) and harder to replace in the long run. Extending a product or solution and integrating it with your systems is a key point in evaluation.


So how do you get started working with the Aruba APIs? The first place you usually need to start is with picking a language to use. The preferred language these days is Python. Python is fairly easy to use and learn with a lot of resources available online to help you such as

Once you have learned the basic usage of a language you need to understand what an API is and what it isn’t. If the solution only provides only SNMP information this isn’t an API. An API is typically referred to as a RESTful (REpresentational State Transfer) web service. By making a specific call to a resource URI a response is elicited. This response might be XML, JSON, HTML, or other. XML and JSON both represent a formatted data structure that is easy to parse in your programming language with JSON being preferred. Let’s take Aruba ClearPass as an example: a quick look at the ClearPass TechNote repository from Aruba Support gave the following guide:

From here, we can see how the ClearPass REST API is built, how to authenticate and how to find the API Explorer which lives at https://{server}/api-docs


Let’s say we want to retrieve a guest user value, navigating to the GuestManager section in API Explorer, we find that the call we need to make is: 


GET https://{server}/api/guest


where {server} is the IP address or FQDN of your ClearPass server.


When this call is successful you would receive a response with the results. For many, starting off with programming and APIs can seem daunting because when you sift through the API documentation it seems all too foreign. Thankfully people in the community have shared some of their scripts to use as starting points for creating solutions. Many developers use a system called git to manage their code. This system allows you to store files in a repository that others can have access to if you allow it. Everyone can check out the latest version of the files from the repository and even provide commits which contain fixes or modifications to the code. Aruba has a public git located on GitHub at providing numerous examples to get you started faster with the APIs. From here you can download or checkout various code examples that you can build off instead of starting from scratch.


While I don’t foresee the commoditization of the access points happening too soon I do feel that there needs to be more focus on integrations and programming as it will be the future of our mobility solutions. RF will always be a somewhat complex technology that is misunderstood and deployed incorrectly. However, integrating the systems together has been where I have seen more of the market headed in terms of needs and wants. I encourage you to look at the APIs and see what kind of interesting things you could do when combined with other APIs such as building lighting systems, physical access management, and space management. There are some really interesting integrations that you can create!