Aruba Networks News

Subscribe to Aruba Networks News feed
Technology Blog articles
Updated: 23 hours 56 min ago

Network Automation – The journey is a destination

Thu, 10/12/2017 - 04:07

Don’t believe the hype around network automation, this isn’t about grandiose ten-year plans to build sentient, self-managing networks. It’s about solving those small, repetitive everyday tasks, and that makes it so much more important.


Get real

I’ve noticed a bit of a trend in meetings I’ve attended recently, the topic of conversation is the hottest thing in networking at the moment, namely automation. Often I’ve noticed that the conversation veers towards the notion that this means creating a fantastical, self-aware network that can operate and heal itself. Concerns about physical media and layer 2 encapsulation types and routing protocols are a thing of the past as sites are effortlessly provisioned and interconnected in a fully optimized manner.


Now all this does sound wonderful, but the reality is that while this is very appealing as a concept, this vision is somewhat off in the future, the networking version of a Tomorrow’s World.


In fact, this ‘whole network’ concept is more in tune with the idea of network orchestration, where elements of the network act in tandem, you know, like an orchestra. Whereas network automation focuses on the individual elements of a network, routers and switches. Allowing them to operate more efficiently, like a playing a single instrument more proficiently, maybe even akin to a 15 minutes drum solo from that guy in Rush.


Enough about Rush

These grand orchestration ideals also have the negative effect of raising the question of how? We’re still relying on 30-year-old routing protocol, IPv4 is still a thing. If you can’t see a possible route from the current state to a grand vision with today’s technology, it begs the question of how do we start to realise these aims? We can’t just jump on a 787 and fly to this magical destination, we need to travel towards it, but how?


That’s where network automation comes in. The one piece of advice I hear most often from those that have already started on their automation journey is ‘start small’. While other areas of IT are well on their way to automating end to end processes, networking lags behind with a large number of moves, adds & changes, being performed manually. All those simple small operations that are easy, yet time-consuming. Those are prime for automating.


Take, for example, configuring BGP. That is incredibly repetitive, building the peer statements, adding them to the correct address-families, adding the route-map policies. Or what about OSPF? I tend to always build OSPF links as point-to-point rather than broadcast. Under each L3 interface, I have to remember to add that point-to-point command.


Forget dreaming of building Skynet, there’s no shame in taking initial small steps with automation and stopping all this repetitive command input. At its most basic level, if I have to enter two CLI commands to perform one logical task, like my OSPF point-to-point example, but I invest the time to write a python script that I can call in one line, that’s progress, I’m automating. Now throw in some erroring checking, pause the script for 10 secs and check the links come up and the neighbour state. Now, from a very simple start, and some basic python, we are getting all programmatic and off on our journey.


‘Next Big Thing’ Fatigue?

Small, tangible advances like the above example also help to gain the interest of those out there sceptical of all the hype around automation. Those with ‘next big thing’ fatigue that have seen trends come and go, all the while spanning-tree is still live and clinging on.


For those, I offer for their consideration Zero Touch Provisioning. A pretty uncontroversial approach in networking nowadays. Adoption of such techniques varies amongst customers but I’ve worked on some networks with thousands of remote branches and ZTP is vital. If we can automate workflows on first boot we can build workflows for changes on the network, for decommissioning sites, even for our day-to-day operations of checking VLANs on uplinks and code revision levels across our estates. With this kind of approach, we can merrily set off on our network automation journey.


When the going gets tough…Aruba 8400!

But hang on, what if the going is tough? Progress arduous? What if the time required to write the automation scripts is too great? Engineers simple revert to type and bash out CLI commands from their keyboards. In the past PERL scripting and SNMP were not exactly a walk in the park, many preferred to stick to CLI.

However, with the rollout of APIs across ArubaOS-Switch range and the awesome Aruba 8400 with fully-exposed REST API, things got that much easier. With some basic understanding of python data types and how to process JSON, interacting with the network programmatically and unlocking the power of automation is a reality today.


Think Big but Start Small

Don’t be over-awed with tackling too great a task. Dive into those python tutorials, get familiar with REST APIs. That which was once strictly for software developers is now becoming common parlance amongst a small, but growing, group of network engineers. Focus on those little time-consuming tasks, write functions, share and build. Each process automated is a win.


With the outlook of a traditional network engineer, it is hard to grasp the possibilities that will unfold once you start on this journey. Adopting an ‘I could write a script for that’ approach, learning to interact with the network beyond the confines of the CLI opens up new challenges, for certain, but also new, unrealised opportunities.


First, you need to make a start on this journey, don’t just keep copy-and-pasting those CLI commands into the console. Take a different approach. The network automation trend is just beginning and there’s a long way to go until we’re playing the network like an orchestra. Making a commitment to the journey is the first destination.



Three Considerations When Selecting a UEBA Solution

Tue, 10/10/2017 - 09:00


What’s the first step in choosing a user and entity behavior analytics (UEBA) solution that’s right for you? You could try the incredibly cumbersome feature-by-feature comparison across vendors, but most vendors use similar words to describe vastly different capabilities. A far simpler and more meaningful selection mechanism is to consider these questions:


  1. Is the UEBA solution multidimensional?
  2. Is the UEBA solution scalable?
  3. Does the UEBA solution integrate human and machine learning? 



 A UEBA solution should be multi-dimensional, i.e., it should apply a set of multivariate models to multiple data sources. Why? Because this is the most effective way to bridge the gap between "anomalous" behavior and "malicious" intent. As the Russian Foreign Minister succinctly stated when asked by CNN to define a terrorist: “If it looks like a terrorist, if it acts like a terrorist, if it walks like a terrorist, if it fights like a terrorist, it’s a terrorist.”


In the same way, a multidimensional UEBA solution can provide various lines of evidence that together paint a more compelling picture of malicious intent than any single indicator could. For example, if behavioral analytics modules are applied against:


  • Badge logs that reveal that user “Bob” is entering the office 1) at abnormal times, and 2) more frequently than usual;
  • Network packets that show that Bob is 1) accessing a large number of internal servers that he has never accessed before, and 2) downloading more data than is normal for him; and
  • Endpoint logs that reveal that Bob is 1) downloading the files containing sensitive confidential information that is not permitted to be downloaded to local endpoints, and 2) transferring an unusual volume of data to removable USB storage.

An analyst can then position that all these anomalies tied to Bob are likely leading indicators of malicious intent. If an analyst had to make a decision based on only one of the above anomalies, he couldn’t have that same level of confidence. Only UEBA solutions that are multidimensional can provide analysts with confidence that they aren’t chasing ghosts.




A UEBA solution must be scalable. Today, most large enterprises collect and store terabytes of data every day, with data coming in from tens of different data sources. Buried within the data are many interesting behavior patterns (i.e., feature vectors) that machine learning models will use to detect the abnormal behaviors that traditional rule-based and signature-based systems can’t find.


Modeling many behavior patterns simultaneously enhances detection accuracy and also the visibility into different data sets that all security analysts need for an incident investigation. So an effective UEBA solution needs to monitor hundreds or even thousands of the behavior patterns from this giant data pool in order to automatically detect and correlate anomalies to find real threats.


Obviously, this requires a lot of computing power. Only a UEBA solution that is architected for scalability – i.e., built on a modern big data platform and carefully designed with performance and elasticity in mind – can satisfy the needs for increased compute and storage that comes as an organization grows. 


Human-Driven, Machine-Assisted


A UEBA solution also must integrate human and machine intelligence. Although more and more machine learning-based smarts are being utilized to solve challenging security problems (e.g., detecting multi-stage APT attacks), human intelligence – including knowledge of both enterprise local context and security heuristics – is still a very crucial component that determines the overall effectiveness of a UEBA solution.


Enterprise security is a hunting game between security analysts and attackers or malicious insiders. The role of machine learning is like the weapon in the hunter’s hands: It can shoot down anything, but what the hunter gets at the end – a hippo or a squirrel – totally depends on where the hunter points the weapon.


It’s the same case for UEBA-based detection. UEBA can detect any anomalous behavior, but whether the anomaly caught by UEBA is valid highly depends on what behavior it monitors. Take the case of using UEBA to detect abnormal internal server access behavior (time, volume, etc.). It can be used across all internal servers together, which may add random noises into the feature space, or on a more focused, limited set of high-value servers, which normally yields more valuable findings. Defining meaningful behavior use cases requires a good knowledge of enterprise local context.


In addition, most UEBA solutions use unsupervised or semi-supervised machine learning models due to lack of labeled training data. Both techniques are naturally prone to generating more noise in detection than supervised techniques, so it’s important to use all three. Mated with human knowledge of genuine malicious behavior patterns will not only accelerate the convergence of these models but also improve their accuracy in detecting the anomalous behaviors that warrant analyst investigation.


It’s as simple as that: Multidimensionality, scalability and the ability to integrate human and machine intelligence. If your UEBA solution can do that, you are well positioned to thwart risky behaviors and advanced attacks.


Learn More

Learn how Aruba IntroSpect meets the three considerations for UEBA solutions. Get the product overview.

Lost and Found: Retail Edition

Tue, 10/03/2017 - 10:29

Just before the first big snow of the season, many people make a mad dash to the nearest home improvement store to buy snow blowers. One minute, the floor is full, and the next minute, the stock is dwindling fast.


But where are the crates of snow blowers in the stockroom? The store manager didn’t wait until the last minute. He ordered the snow blowers months ago, got a great deal, and stored them in the stockroom. But in the meantime, patio furniture, refrigerators and plywood were piled in front. 


If the associates can’t find the snow blowers, shoppers will simply go elsewhere. If the situation continues, the manager may place another order. And when the misplaced items show up, the store gets stuck with surplus inventory.


No More Disappearing Acts


Retailers are now turning to Bluetooth tags to track high-value assets, which saves time, improves productivity and reduces inventory discrepancies. Retailers can attach Bluetooth Low Energy (BLE) tags, which are about the size of a quarter, to high-value assets and pallets of merchandise. Associates use a mobile app to find those items fast—complete with a map and directions.


That means an associate can find the mobile POS that his coworker set down when he went to help a customer load her cart with 2x4s. Associates can find the right rolling ladder to reach the backpack leaf blower on the top shelf that a customer wants. In the warehouse, workers know where the forklifts are, and finding pallet jacks isn’t a game of hide-and-seek.


Tags can help retailers find high-value merchandise that may be misplaced on the floor. A shopper may have second thoughts about purchasing that Cookshack SuperSmoker BBQ and left it in the paint department. The manager of the outdoors department will want the $1,200 smoker back as soon as possible. With asset tracking, the tag can notify the manager if it leaves a particular zone in the store, and he can locate it in seconds.


Retailers aren’t the only ones with high-value assets they need to find fast. Hospitals and hotels are also adopting BLE-based asset tracking. In fact, Grand View Research projects that the market for Bluetooth beacons will reach $58.7 billion by 2025—a 95% compound annual growth rate from 2017.


Getting Started with the Aruba Asset Tracking Solution

With Aruba, using tags to track and find high-value assets is quick and easy. BLE-based Aruba Tags work with your existing Aruba BLE-enabled access points, so there’s no need for a dedicated network of tag readers or observers. 


You configure the tags with the Aruba asset tracking mobile app. You simply scan the QR code on the back of the tag and enter the relevant data to create a real-time database of assets. Attach the Aruba Tags to the items, and they’ll periodically report their location via the BLE beacons in the Wi-Fi access points.  The BLE radios in the three nearest APs pick up the signal of nearby tags and triangulate the location. The data is used by the Aruba Meridian platform to update the asset tracking app. From there, associates can locate the item using a map. The app can even provide turn-by-turn directions to the item if mobile engagement has been implemented as well.  


The payback for asset tracking is clear. With an Aruba Wi-Fi infrastructure and standard mobile devices, retailers can have a solution working in days, not weeks or months.


Want to Learn More About Asset Tracking?

Read the blog “The Cost of Not Using an Asset Tracking Solution.”


Get an overview of the Aruba asset tracking solution.


See how wayfinding works.  



Multiplying the Power of Your Security Team with Entity360

Tue, 10/03/2017 - 09:00

Over the last several years, Google search results have morphed from millions of URLs being displayed to a split screen of URL results on the left side of the page and a summarized set of information about the search term on the right side.


If you are looking for a person, place, movie, etc., Google uses advanced analytics and data mining to predict the information you are looking for and present it in an easily consumed and understood format. Informally, this is known as “things, not strings,” and the goal is to use the power of machine learning to reduce the time and effort required to deliver the information you need. Save time, increase productivity.


For example, here are the search results for Alan Turing:














Chances are, anyone searching for Alan Turing will not need to dive into the links on the left side of the page because the information he or she was looking for is already anticipated and delivered by Google on the right. For anyone who has endlessly clicked through links to find a specific piece of information in context, this innovation is a major time saver.


Splunk arguably popularized the concept of easy search access to raw IT data. Debugging a server problem looks a lot like the original Google search: enter an IP address or hostname and all the relevant logs come back. This means lots of strings and lots of follow-on work required to make sense of it all.


For a security analyst, the task of validating, investigating and responding to a high priority alert typically requires looking across many different data sources to assemble a complete picture of the attack: device status, IP address history and authentication, among others. Even if the data is located on a log platform like Splunk, the number of different searches and associated summarization tasks to convert these items into useful information can take hours.


Because Aruba IntroSpect aggregates and analyzes the complete range of security-relevant IT data sources (network, logs, alerts, endpoint, etc.) on a carefully tuned big data platform, we can utilize an extensive set of analytics techniques to watch the data as it comes in, tag it for potential downstream interest and make it instantly available in context for either automated data mining or ad hoc search.


As a result, IntroSpect delivers highly relevant, security-specific information akin to the Google’s information summary – something we call Entity360. Just as Google anticipates what the searcher is looking for, IntroSpect builds an on-demand security dossier for every user, system, IP address and entity, delivering the forensic and risk data a security analyst needs, in one screen, to rapidly make decisions on the severity of the attack and the remediation process. IntroSpect mines the raw data to produce actionable information.


Visually, this is the difference between the Splunk monochromatic “strings” and IntroSpect’s multi-dimensional, information-rich Entity360 integrated decision support.


To complete the comparison, we’ve seamlessly integrated Entity360 with Splunk and other log aggregation and SIEM platforms so that no matter where the user starts, anything they need is just a click away.




In the context of user and entity behavior analytics (UEBA), IntroSpect uses machine learning and advanced analytics not only to detect attacks but also to dramatically reduce the time and effort required to investigate and respond. It’s like adding more security analysts without hiring new employees! Inspired by Google, delivered by IntroSpect, Entity360 is the force multiplier that enterprise security teams need to stay ahead of advanced attacks.


Learn more about IntroSpect and UEBA.
















Tsunami of Cloud? Four steps to retake your branch

Tue, 09/26/2017 - 12:12

Aruba is presenting and exhibiting at SD-WAN Summit Paris to tackle a big shift in branch architecture that is disrupting IT left and right. We’ve seen tremors within the networking industry over the past decade, especially as mobility and Internet of Things (IoT) signaled a change in how IT managed, secured, and onboarded devices that business units themselves brought into the corporate arena. This added complexity and spurred networking innovation with advanced RF automation and policy management, e.g. ClearPass, to help accelerate employee productivity. The compromise that IT made was to cede the primary role of connectivity from wired to wireless access, and adopt SD-WAN to manage hybrid connections.


SD-WAN itself brings many benefits and advancements to the wide area, yet its importance to the larger branch network is understated. SD-WAN signals a greater need to rethink branch architecture across all of its components. Today, IT continues to deploy wired and wireless access, AAA and NAC services, and Quality of Service through disparate workflows. To best address branch-wide challenges and, as Keerti Melkote says, tackle the inherent complexities of operational silos, I’ll dive through four key steps that IT must consider:


Architecting a solution that prioritizes end-user experience

As end-users continue to bring in their own devices (BYOD) and business units adopt their own technologies (cloud services or IoT), IT needs to react quickly to changing behavior. The traditional notion of a security perimeter no longer applies in an environment where users within a traditional business group interact with the network with different devices, in different locations, and using different applications. By re-architecting the network to emphasize roles, we can apply greater granularity to Quality of Service (QoS) requirements such as prioritizing video streams over voice streams based on user information, and extend this control from the WLAN to the LAN and WAN. In effect, this means that user, device, location, and application are key metrics that the network gathers to enhance the overall experience.


Integrate contextual awareness with Network Access Control

We then take these metrics and apply security actions through ClearPass's Network Access Control (NAC). This enables IT organizations to establish deeper policy controls and ensure end-users are abiding by corporate regulations. For instance, we can permit, limit, or deny access to a specific application, such as YouTube, based on the key metrics I mentioned previously. This serves to automate network and policy management with a much simpler approach that requires no manual changes. Being context-aware is the key to designing a more secure, stable, and simple network.


Designing networks for greater performance and capacity

Sources: Gartner, IDC (linked below)

The number of connected devices is projected to grow to 30 billion IoT devices by 2020 and over 75 billion by 2025, and cloud services spending continues to grow, with projections forecasted at $127 billion by 2018.


With increasing focus on user role and behavior, IT can gain greater insight just as traditional infrastructure is reaching capacity. Enterprises can stay ahead of these disruptions to the business by planning for network capacity. Adopting the latest wireless standards with 802.11ac, multi-gigabit wired with 802.3bz, and Software-defined WAN can help IT grow the intelligence they gain from all components of the network and improve user experience end-to-end.


Combine LAN, WLAN, and WAN with common management

The last point here is about cost and complexity. As IT continues to operate on limited resources and simultaneously manage increasingly complex infrastructure, the ability to plan for new network requirements diminishes. By unifying management and policies across LAN, WLAN, and WAN, IT can dramatically simplify the network and reduce the burden on deployment and configuration for both enterprises large and small.  In effect, Aruba uses software-defined controls provided by AirWave and ClearPass. Taking wireless as an example, ClearPass can simplify SSID management by applying context-awareness to users and segment traffic dynamically.



There are many ways to deploy these attributes into your network, so if you have questions, please drop a comment! You can also visit our website, for more information into policy management and user behavior.

Can Cloud-Managed Networks Really Drive Competitive Advantage?

Tue, 09/26/2017 - 09:00

Cloud computing is surely not new to network management. But as I think about all the customer conversations over the years, there is a definite shift in who, how and why businesses are choosing cloud-managed networking.


For the early adopters, it was about not having to buy and maintain additional hardware to manage their Wi-Fi and switches. That meant cloud-managed networks appealed mostly to small and midsize businesses with limited IT resources and networking expertise. They truly appreciated the simplicity of just logging into a management console without worrying about the backend infrastructure.


Today, while simplicity is still a key factor, a lot of businesses are realizing that choosing a cloud-based solution can have a powerful impact on how they run their businesses—and even deliver a competitive edge through faster time to market, better IT operations, and smarter business and IT decisions.


Last week I met with a customer—a large retailer that has been in business for over a century with hundreds of stores and offices across the globe. Over the years, it steadily invested in new technologies, including deploying Wi-Fi across some of its major offices. And now a long list of digital initiatives aimed at improving customer engagement and enabling employees is driving the retailer to expand the Wi-Fi footprint at all its stores.


Faster Time to Market

With shopper experience being a big differentiator, especially as brick-and-mortar retailers continue to transform, how quickly new digital services can be rolled out in stores depends completely on how fast a retailer can build a network that supports these business initiatives.


To create a unique in-store experience across all its locations, with fast guest Wi-Fi, mobile engagement, easy checkout and digital displays, the IT team was tasked with deploying about 200 APs per month, every month, globally for the next 18 to 24 months. 


This is a very different scale and speed from the last time it rolled out Wi-Fi at its offices. The retailer wanted a solution that simplified network deployment. More importantly, spinning up and maintaining more servers to manage these new APs and supporting switches was not an option. It needed something that could continue to scale as business needs evolved.


To move ahead of the competition and launch in-store customer engagement services promptly, Aruba’s cloud-based networking solution was the answer. Instead of wasting valuable time and effort on running multiple management servers and setting up the network, the IT team could quickly start focusing on the core business-centric applications.


Better IT Operations

In addition to fast network setup across all sites, thanks to zero-touch provisioning, moving to cloud-managed networks would allow the IT organization to do a lot more with less.


With role-based access, the IT team could be smart about how admin privileges are tiered and distributed across regions.

Centralized visibility across all global wired and wireless networks would simplify monitoring and troubleshooting without having to send expensive network experts to all the stores.


 More importantly, there would be no painful upgrades to get latest platform features, and accessing the network is easy whether the IT admins are at their desks or on their mobile devices as they travel between locations.


Smarter Business and IT Decisions

Networks are becoming gateways to information, but there is an abundance of data captured that is generally underutilized. Cloud computing makes it easier to extract invaluable nuggets of information faster and easier, that can be used to measure and improve both business and IT outcomes.


In addition to network management features, Aruba’s presence and connectivity analytics, makes it easy for a retailer to easily tap into insights to evaluate foot traffic in its stores and improve the overall user experience.


With Presence Analytics, a retailer can put its Wi-Fi investment to work instantaneously, even before a mobile engagement strategy is executed. Understanding shopper traffic patterns doesn’t require visitors to connect to the network. Therefore, steps to improving the shopper experience can start immediately.


Learn More

Embracing cloud for your network management brings many benefits. Check out Aruba’s Intelligent Cloud Networking solution for more information.

Go faster with new Aruba 2930M Smart Rate switches

Mon, 09/25/2017 - 09:00

Yes, there is a lot more behind a smooth running network than pure speed but more bandwidth sure does feel right. It especially feels right when we know that devices on the network edge, like APs, continue to evolve and get faster. HPE Smart Rate multi-gigabit Ethernet technology prepares your network for these new high-speed devices with by supporting speeds of 1GbE, 2.5GbE, 5GbE and 10GbE with PoE+ while using your existing twisted-pair cabling. This means you can take full advantage of faster devices as they advance in speed without ripping and replacing cabling, which can be costly and disruptive.


This multi-gig technology is now an IEEE 802.3bz standard and has taken off in popularity. We have listened to your requests for more of these future-proofing ports so I am excited to share that we now have two new Aruba 2930M switches with higher density Smart Rate ports.

JL324A – Aruba 2930M with 24 Smart Rate (1, 2.5, 5GbE) ports

JL323A – Aruba 2930M with 8 Smart Rate (1, 2.5, 5, 10GbE) ports and 40 x 1GbE ports

These two new models are designed for the access layer and are ideal for customers who want to create digital workplaces optimized for mobile users with integrated wired and wireless access.

Highlights of the Aruba 2930M Switches are:


  •  Simple deployment, provisioning and management with advanced security and network management tools like Aruba ClearPass Policy Manager and Aruba AirWave and cloud-based Aruba Central with Zero Touch Provisioning.
  • Enhanced security with per-user Tunnel Node so you can use the mobility controller as a unified policy enforcement point for traffic from both wired and wireless clients. I wrote a blog about how per-user Tunnel Node simplifies policy management and ensures consistent access and permissions.
  • Plenty of PoE+ that keeps running with dual redundant, hot swappable power supplies with up to 1440W to power IoT devices, 802.11ac APs and cameras.
  • Pay-as-you-grow modular wire speed 10GbE and 40GbE uplinks for capacity back to a larger aggregation switch.
  • Multi-gigabit Ethernet support with up to 24 built-in Smart Rate ports and an optional 4 port HPE Smart Rate module so you can deliver higher speeds to the latest Aruba 802.11ac 330 Series APs and be ready for the faster devices that are always around the corner.
  • Enormous stacking capability with up to 10 chassis so you can quickly grow your network when new devices show up.
  • No hidden costs with license-free, fully featured software and an industry leading limited lifetime warranty.


To learn more:

Read about the Aruba Campus Switching Solution, Aruba 2930M Switches and the Smart Rate Multi-Gig Solution Brief.




A WAN-tastic Experience

Fri, 09/22/2017 - 10:49

People’s high expectations for speed and mobility have put pressure on IT to deliver better services, including back-end operations and customer experience in stores and branch locations. Supporting the exploding number of mobile and IoT devices that bring value to the overall store experience requires an intensive amount of backend IT work. Most critical is equipping the branch with the right WAN technology to handle customers’ mobile-first mindset. After all, without the bandwidth and intelligence to seamlessly direct network traffic and support the digital transformation in retail, new mobile and IoT devices can do more harm than good to the customer experience.



For retailers and other businesses that have hundreds or thousands of branch locations managed by a limited number of IT staff, rapid growth in mobility has left IT with big challenges to solve around WAN bandwidth and visibility. The network is experiencing more pressure from the spike in users, but IT has limited resources and control over traffic, leaving them with the following questions:


  • How can IT increase bandwidth without increasing costs?
  • How can IT visualize and prioritize network traffic to maximize branch efficiency?

Maximize Bandwidth, Minimize Cost


Business leaders are often forced to make the decision to upgrade after their legacy networks are unable to handle the rise in network traffic. Increasing bandwidth traditionally involves increasing expensive MPLS uplinks, which adds pressure on IT to find a more cost-effective way to meet the organization’s bandwidth needs.


To mitigate costs, branches are utilizing Internet uplinks to supplement their more secure and reliable MPLS uplinks. Enterprises across the board are reacting to changing WAN requirements by implementing hybrid WANs. Networking Computing reports that “by 2020, more than 60% of enterprises will have deployed direct internet access in their branch offices.” By adding cost-effective Internet links, branches can reduce WAN costs and improve connectivity for guests by alleviating pressure on the legacy MPLS uplinks. Legacy MPLS links are freed up for business-critical applications such as real-time video surveillance or point-of-sale (POS) transactions.


Regain Lost Visibility and Control


Having more than one uplink relieves pressure on the network, but given that there are different levels of priority for network activity, it is crucial for IT to manage up links intelligently. A hybrid WAN can help. Critical business operations should be prioritized by utilizing reliable, SLA-quality MPLS up links and less critical activity sent over raw Internet to segment bandwidth use. For example, in retail, a customer’s POS transaction should be prioritized and sent over MPLS while in-store video streaming should be directed to the Internet. However, with traditional WAN technology, IT lacks visibility and control over network traffic, preventing maximum branch efficiency. 



New software-defined WAN (SD-WAN) technology mitigates these issues by providing features such as dynamic routing (and others) for private or public traffic so IT can regain control of the network. As the network is flooded with new users, devices, and applications, IT can leverage application awareness to properly segment and prioritize network activity. With SD-WAN, IT can route traffic over the best-performing hybrid WAN uplinks using application awareness.



It is critical that branches are equipped with the correct WAN technology to maintain reliable connectivity as the success of a business’ digital transformation leans heavily on IT’s ability to prevent and mitigate bandwidth issues. Technology implemented in retail stores meant to improve customer experience and streamline store operations cannot fulfill its role without a properly managed WAN to support IT’s back-end responsibilities.


Learn More


Learn more about how to manage the WAN challenges caused by mobile and IoT devices.

Get a deeper understanding of security. Read the blog “Secure the last mile: From access to the WAN.”


The challenge of Wi-Fi in an 800-year-old University

Thu, 09/21/2017 - 06:22

The University of Cambridge has been around for just a little while, with over eight hundred years of teaching, research and worldwide collaboration we can say, as one of the oldest universities, we have made a real positive difference to the world.


Providing services to such a prestigious institution is a real privilege but can also be daunting.  At Cambridge, the whole City is the campus as University Departments and Colleges span the City. Networking on such a distributed scale is a challenge; we have to take both the narrow and wider view at the same time. 25 years ago, the University had the foresight to begin deploying a pan-city fibre optic network, the Granta Backbone Network, to connect the hundreds of University buildings together. Today this encompasses 60 km of multicore fibre over which we run a core and distribution router network. Therefore, as all our buildings are networked together, you would think that deploying Wi-Fi on the back of that must be easy. That could not be further from the truth, as hinted at already, Cambridge is far from simple.



The most basic thing you do for a wireless deployment is a Wi-Fi survey. Here at Cambridge, we have a myriad of buildings of all shapes, sizes and types. For example, we have buildings that are eight hundred years old right through to modern structures. The construction of these buildings is amazingly diverse, from metre thick stone walls to concrete monoliths right through to simple buildings made up of modern partition walls. The latter sounds simple until you come across that surprise hefty wall with four layers of unexpected insulation or a signal killing chimney hidden in the wall. We also have constructions as varied as residential buildings, (that can also act as hotels out of term), office blocks, state of the art laboratories, lecture theatres and seminar rooms, libraries and warehouses. This means that the University Wireless Team have their work cut out surveying each of these unique environments while trying to get ubiquitous Wi-Fi into all areas. We estimate that if we surveyed each building end to end, it would take more than five years.



So, presuming we can survey the building and find an acceptable deployment (for example, imagine finding cable routes and dealing with the aesthetics in an 800-year-old building), how do we manage the system itself? In the University, we are approaching 5000 indoor and outdoor Aruba access points installed across the City. With such a large deployment, we need a solution that just works and we need a solution that is easy to monitor and manage centrally. Aruba AirWave allows us to have visibility of the status and statistics of every access point from our office in West Cambridge and that avoids the need for time-consuming site visits. The level of information it provides is staggering; we just would not be able to manage such a large and widespread deployment without it.


Wireless connectivity has become essential to University business and for many people, it is the default connection method. If we are to stay ahead in student experience, teaching, research and other areas, we need to continue investing in mobility. To do this we are periodically reviewing our wireless deployment and undertaking continual technology refresh. Right now, we are upgrading to a 2N resiliency model for the central infrastructure, investigating new authentication technologies, including Aruba ClearPass and introducing the new 802.11ac wave 2 access points while making a large investment in phasing out some of the oldest models. We are expanding outdoor coverage to provide mobility in-between University buildings and are working in collaboration with the local authorities to provide public Wi-Fi in the public parks and streets. Lastly, we hope to build on all this hard work to add extra depth to wireless network access. One example would be geolocation technology such as the Aruba Meridian and beacon platform.



This is clearly a lot of hard work and demonstrates we cannot stand still; we have to continue to be responsive. Growth in wireless usage on the University network is going through the roof and reacting to this is a continual challenge. By keeping up with the technology curve, and responding to the demand in network growth and digital transformation we are continuing to ensure that University Wireless is fit for tomorrow’s evolving needs.


If fellow Airheads members have questions around the deployment, feel free to reach out to me @Alexander.



Innovations in Wired Enterprise Switching

Wed, 09/20/2017 - 08:45

The need for increased business agility is pushing every enterprise towards digital transformation. As a result, enterprise networks must demonstrate improved flexibility and hardiness, increased operational visibility and programmable automation. Following the recent announcement of Aruba 8400 chassis-based core switch, the new 8320 fixed-form factor device expands the switching product portfolio and extends Aruba’s intelligent edge architecture into the enterprise aggregation and core.


Intelligent edge invariably consists of both wireless and wired devices. It could be legacy workstations, medical devices, industrial machines or IoT. Aruba’s Mobile First Architecture hence encompasses both wired and wireless edge devices. But digital transformation cannot be limited to the edge and must be pervasive across enterprise networks. The aggregation and core must also evolve to drive business transformation. While hardware speeds and feeds are important, it is the software that’s instrumental is effecting change.


The Aruba 8320 and 8400 wired switches run Aruba’s new OS-CX network operating system that is built from the ground up to drive agility and enable transformation in the digital enterprise. This is achieved by three key tenets of ArubaOS-CX—its micro-services style software architecture, programmable REST APIs and the built-in Network Analytics Engine.




ArubaOS-CX, a modern network operating system

Modular, micro-services style architecture in ArubaOS-CX is usually only seen in high-priced data center switches and not seen in enterprise-optimized campus switches. Micro-services style, database-driven software development is a key innovation that replaces monolithic network operating system code. It simplifies many critical and complex network tasks, enabling independent monitoring and restart of software modules, and improves system availability and fault tolerance by allowing individual modules to be independently upgraded.


REST APIs for programmable network operations

The state information in the database is accessible to internal network functions and to external management and automation software through REST APIs for operational automation.


By implementing programmable REST APIs, Aruba switches may be integrated with Aruba AirWave and ClearPass for policy-based management. Furthermore, rather than manually driven mechanisms that are less agile and more error-prone, configuration and management can be tackled by higher-level software languages such as Python.


Network Analytics Engine

Faster troubleshooting and debug is crucial to network assurance in an agile network. Today network devices produce vast quantities of data to offer visibility into network operations. In conjunction with a built-in time-series database and programmable REST APIs, the onboard network analytics engine (NAE) framework in ArubaOS-CX gives customers a means to analyze the switch’s operational state. By using the REST APIs, a network operator can rewind and playback network behavior, or request additional information from the switch as means to quickly and efficiently troubleshoot problems, avoid performance bottlenecks and predict security problems.  


The age of digital transformation is upon us, driven by the large-scale deployment of mobile devices, sensors and IoT. ArubaOS-CX and the 8320 will help transform the campus network and drive innovation in your enterprise.


Learn More

Read Tom Black’s blog “ArubaOS-CX: A Modern, Programmable Network for the Mobile and IoT Age.”


Read Michael Dickman’s blog “Three Reasons Campus Networking Needs a New Approach.”