test

In today’s digitally driven world, businesses are becoming increasingly reliant on network connectivity to operate effectively. But with increased connectivity also comes increased risk exposure. Cyberattacks are on the rise, and more businesses are succumbing to security breaches, data loss, and other security-related issues. In fact, cybercrime damages are expected to reach $10.5 trillion by 2025. 

Your ability to protect your network from cyberattacks and unauthorized access while maintaining network performance and compliance with regulatory requirements is not a nice-to-have—it’s essential. With a Network Access Control (NAC) system in place, you can safeguard your network infrastructure and your data while maintaining business continuity.

5 Reasons to Implement a Network Access Control System

NAC is a security solution that restricts access to network resources based on users’ identities, roles, and devices. Today, more businesses are turning to NAC solutions, and here’s why:

1. Improve security: Cyberattacks are a significant threat to businesses of all sizes. Cyber hackers are always looking for new vulnerabilities that make it easy to install malware, access sensitive data, and disrupt business operations. By preventing unauthorized access to your network to protect sensitive data and prevent malicious attacks, network access control systems provide an added layer of security for greater peace of mind. NAC systems can also be used to enforce security policies that ensure only authorized users can access the network. Even if a cyber hacker gets through one layer of security, they will be faced with additional security measures that make it infinitely more difficult to launch an attack.
2. Comply with regulatory requirements: Many industries have strict data protection and privacy regulatory requirements—and failure to comply can result in lofty fines and a tarnished reputation. NAC systems enforce security policies that restrict access to the network based on predefined rules, ensuring only authorized users and devices can access the network. Plus, with the ability to deliver greater visibility and control over all devices that connect to the network, NAS makes it easy for you to monitor and manage the access of devices across the network—and automatically remove a non-compliant or malicious device. And with simpler auditing and reporting capabilities, NAS also simplifies auditing and reporting to support various regulations and standards.
3. Improve performance: Offering a secure and efficient network environment, NAC solutions can help businesses optimize network performance and productivity. As network traffic increases, its performance can take a hit, disrupting operations. By reducing the number of unauthorized devices that connect to the network and ensuring critical business traffic receives priority over non-critical traffic, NAC solutions help to reduce network congestion to boost performance. And with the ability to identify and address issues with connected devices before they create a problem, NAC also improves uptime.
4. Simplify network management: NAC solutions offer a centralized approach to network security, making it easy for administrators to easily control and monitor access to the network and enforce security policies. By automating the process of identifying and authenticating users and devices, NAC eliminates the need for manual configuration and management of network devices, which minimizes the risk of human error, reduces the workload on IT teams, and improves overall network security.
5. Boost productivity: NAC solutions ensure only authorized users can access the resources they need, which reduces the risk of data breaches and other security incidents that can lead to network downtime and lost productivity. By providing visibility into all devices that connect to the network, your IT team can quickly resolve issues and enforce security policies, which allows employees to work with confidence and without interruption.

By implementing an NAC system, your IT team can ensure the network is secure, reliable, and always available, while supporting regulatory compliance, network management, and network performance.

At Zunesis, we can help you protect your network infrastructure, safeguard sensitive data, and maintain business continuity with ClearPass from Aruba, a leading provider of NAC solutions that help businesses secure their network infrastructure while ensuring compliance with regulatory requirements. Providing robust network access control with granular role-based policies for authentication, authorization, continuous monitoring and enforcement, Aruba ClearPass gives you anywhere, anytime connectivity while supporting simplified network security operations and enforcing security policies.

Education and Technology

I recently had the pleasure of attending the 2022 Colorado Association of Leaders in Education Technology (CALET) “Winter Leadership Conference” as a sponsor (on behalf of Aruba Networks and Zunesis.) This annual event brings together Information Technology leaders from primary education institutions all over the state of Colorado. They discuss new innovations, challenges, best practices, and ideas for the future.

Technology has helped aid education for decades. Its significance has increased substantially over the last few years, especially so after the onset of the COVID-19 Pandemic. While manning the Aruba/Zunesis booth, I had great conversations with IT Directors, Network Admins, CTO’s and others, about technological challenges they face in today’s K-12 education landscape. I shared with attendees about the many ways that we are trying to help K-12 education customers navigate these challenge. I wanted to share with the rest of you some ways that we can help. Particularly with Aruba Networks.

 

High-Performance Wireless Networks for  K-12 Student Success

1. Aruba’s Wi-Fi 6 (802.11.ax) infrastructure is designed to support schools of any size with always-on secure connectivity. Seamless roaming allows network access on the move. While high-density capabilities support large classrooms, auditoriums, and outdoor facilities. Learning management and unified communications systems can be prioritized to deliver latency-sensitive data, voice, and video without delay, loss, or jitter.
2. Unified infrastructure: Aruba offers a unified infrastructure from edge to core with wired and wireless networks that work together to deliver a consistent and secure network experience. Aruba designs its own semiconductors so its switches can provide blazing fast and highly granular visibility into the performance of the switching fabric. SmartRate power-over-Ethernet (PoE) allows Wi-Fi 6 access points to operate at >1Gbps over existing cabling, eliminating the need to rip and replace cable plants to obtain multi-gigabit wireless performance.
3. The Network Analytics Engine (NAE), included with AOS-CX, provides a built-in framework for monitoring and troubleshooting networks. NAE detects problems in real-time and analyzes trends using the time-series database so IT can predict future performance and security issues.
4. With ClearPass Policy Manager, devices are profiled, authenticated, authorized, and tightly managed network access using granular, policy-based access controls once they are identified on the network. Users and devices have restricted access to only those network, IT, and application resources for which they have been approved. ClearPass also ensures that users and devices are compliant with regulations governing student privacy and personally identifiable information
5. Aruba Wi-Fi 6 access points include radios for wayfinding, geofencing, location tracking, sensor monitoring, door locking, and actuator control. These capabilities transform Aruba access points into secure, multi-purpose communication systems that are both network access on-ramps and full-fledged IoT platforms.
6. AI-based Maching Learning: Aruba delivers customized recommendations through AI-based machine learning to improve network and application performance based on anonymized comparison with peer environments. If a change could increase performance by 10%, it is recommended to the Network Admin who can then authorize the settings to change. Aruba User Experience Insight provides IT a real-time view of the end-user experience and clear action steps to resolve any issues before a service ticket is opened. These powerful tools bring much-needed help to enable already overwhelmed IT staff to take necessary action and stay ahead of issues.

E-rate

I covered some key technological solutions that Aruba Networks is offering but I didn’t even get to the best part: E-rate. School districts across the country depend on E-rate funding to make infrastructure systems and telecommunication more affordable. Aruba not only has an entire catalog of E-rate eligible networking solutions but even provides an entire team of E-rate professionals to guide customers through the process and maximize their IT spend.

 

Contact Zunesis to find out how we can assist K-12 schools.

Additional Resources: 

Aruba Solutions for Primary Education  

Aruba Solutions Primary Education E-rate

 

Network Access Control (NAC) – keeping the devices and users where they belong.

I work in a lot of network environments and I see a lot of different approaches to security and networking.  One constant I have found is that all IT professionals struggle to adequately identify and secure the devices that may be on their network.  Aside from having insane levels of security and prohibitive onboarding practices for devices, it is almost impossible to dynamically assign network access without the use of a network access control solution.  I will dive into the basics with my mostly vendor agnostic explanation.

 

What a NAC is.

At the most fundamental level, network access control systems are designed to help identify devices and users on your network and then do something with the identification. The solution often integrates with most directory or identity providers. It can be used for authentication, authorization, and access. (AAA) The system can leverage hard-coded attributes of the user or device and enforce a security posture to them.  The NAC can also leverage other components like how the device is connecting, where the devices are connecting from, and other more nuanced dynamic characteristics of the connectivity and identity.

What the system does with that information is the most important part. As an example, it is rare that every person in a business network should have the same access. However, it is not rare that many people in a department or division would have very comparable access or restrictions. Similarly, devices that are generally doing the same job likely require identical network access.  If the NAC can leverage user attributes like department or division then it can use similar attributes for a device. It understands that an HVAC air handler requires the same access as was assigned to the other air handlers that share the same device attributes.

 

Enforcement Policies

With the use of what some vendors call roles with enforcement policies, one can automate the application of access based on identity.  This allows for a scalable solution that can deliver the same application of security without the intervention of an administrator for every network connection. This concept is called role-based access.

I use the term application of security very loosely because each vendor accomplishes this task in different ways. Some will tunnel the user traffic to a firewall or wireless controller and apply stateful firewall policies to the user traffic. Others will change the network or VLAN the device is on so that the access is restricted to that network segment.  Some rely on client-side software to enforce the application of a role assigned from the NAC. 

Other helpful things a NAC can do

• Integrate with endpoint AV software to assess the vulnerability of a client and use that as an attribute for access.
• Apply the same security posture to both wired and wireless clients.
• Centralize the administration and logging for all AAA exchanges.
• Integrate with edge firewalls from Cisco, Palo Alto, Fortinet, and others

What a NAC is not

A network access control solution is not the panacea that will make all your aliments cease.  NACs by themselves hold a great deal of machine learning potential. It does require some semblance of initial administration to create the logic by which they will apply the enforcement of policies from.  They are not infallible.  Like any computing system, they do need some TLC when first deployed. Once they are up and running, you can sleep easier at night knowing that there is an intelligent application of security for anything connecting to your network.

Here are a few other things they cannot do

• NACs are not meant for IP address management. I see a lot of people trying to use them as this and most are ill-suited for the task. Just because it has a record of the IP address does not mean it should be used as a database.
• They are not plug and play. No matter what the vendor tells you it will be a very involved deployment.
• Not every NAC integrates with every other product. Each vendor has their own special sauce that makes using their NAC with their equipment more appealing. Cisco, Aruba, FortiNet all have features that are only available when you are using their equipment with their NAC.

Use Cases

I would recommend a NAC to anyone who runs a network with more than 100 users.  If we assume that each person will likely have three computing devices, then that is 300 end-user devices.  Not all of them being corporate-owned and managed, we would need to delineate access for each user group and device type. We will then need to ascertain if we want to apply different security based on how the device/user connects or if the device presents a risk to the company.  This sounds like a lot of work and it can be. But, the work would only need to be done one time if we were programming logic into a NAC solution.

 

Best application of NACs

• Securing wired ports – We all know that users will bring in devices from home to use so why not protect your environment from the inevitable.
• Wireless for everybody – Just because the device is connected to the same SSID as all the other devices, it does not have to mean that they have the same security applied or are on the same logical network.
• Dynamic logins for your most sensitive devices – Securing your switches, routers, and firewalls with Radius or TACACS+ is how you protect against getting hacked from the inside.

This is not meant as a comprehensive analysis of each of the major players in the marketplace. In fact, there are some decent open source and free NAC-like products out there that are relatively capable.  Most of those do not support machine learning and cannot identify devices very well. However, they can provide authentication and authorization functions.

At the very least my hope was to impress upon anyone in the market that a NAC is a very necessary and essential component to your security arsenal.  The days of having the same login for every switch and router are long behind us. Treating every user and device the same is also a thing of the past. If you desire the scalability that a network access solution provides, I suggest you reach out to your partner of choice. Inquire about what products they offer in this security space. Zunesis is available to help you find the right partner for your organization.

Back in March which seems like ages ago, Aruba Networks announced the release of Aruba ESP. It’s the industry’s first cloud-native platform designed to automate, unify and secure the Edge. Why the need for this new platform in today’s world? What are its secret powers for your network?  And, how does it work?

 

Why the Need for Aruba ESP?

According to IDC, 55 billion devices will be connected within the next two years and are expected to generate 79.4ZB of data by 2025. Combine that with the shifts to work from home and distributed work forces, there is a definite need for the right tools to keep pace. With this large amount of data at the Edge, today’s networks and the teams that manage them are struggling to keep up.

Organizations need to ensure they have the right network foundation while being ready for the next big technology transition or event. This is where the need for Aruba ESP came in.  Aruba ESP combines AIOps, Zero Trust Security, and a Unified Infrastructure.

 

What can Aruba ESP do?

 

 

It helps IT with the following:

• Identify and resolve issues quickly, preempting problems before they impact the business.
• Protect against advanced threats from a vanishing security perimeter.
• Monitor and manage thousands of wired, wireless and WAN devices across campus, branch, data center, or remote worker locations.
• Quickly deploy network services at scale at support changing business needs.
• Allow continued infrastructure investment in the face of uncertain financial changes.

Aruba ESP offers services at the Edge that include onboarding, provisioning, orchestration, analytics, location and management. These are accessed through Aruba Central. The SaaS consumption model enables rapid deployment and provides unified management, AIOps, and security. Through Central, network admins can use AI insights to help quickly troubleshoot, identify, and resolve issues before issues occur.

 

Significant innovations within Aruba ESP

Several new innovations are within the Aruba ESP platform:

• Cloud-native management for any size enterprise: The industry’s only controller-less, cloud-based platform that provides full-stack management and operations for wired, wireless and SD-WAN infrastructure of any size campus, data center, branch, and remote worker locations to be consumed on-premises or in the cloud.
• Simplified daily operations with unified infrastructure: The latest version of Aruba Central has simplified navigation, advanced search, and contextual views.
• Reduced resolution time with AI and automation: Aruba’s new AI Insights reduces troubleshooting time by identifying hard-to-see network configuration issues and providing root-cause, prescriptive recommendations and automated remediation to continuously optimize network operations.
• AI-powered IT Efficiencies: AI Search enables IT Teams to eliminate “swivel chair” investigations. AI Assist uses event-driven automation to collect and post all relevant data for both the internal help desk and Aruba Technical Assistance Center (TAC)
• Granular visibility across applications, devices and the network: User-center analytics from User Experience Insight to identify client, application, and network performance issues faster.
• Extension of next-gen switching to distributed and mid-size enterprises: The Aruba CX6200 switch series brings built-in analytics and automation capabilities to every network edge where user and device connectivity occurs, generating insights that can be applied to informing better business outcomes.
• Ongoing innovation with new Developer Hub: A comprehensive resource for developers that includes Aruba APIs and documentation to streamline the development of innovative, next-generation edge applications leveraging the open Aruba ESP platform.

Recently, new enhancements were announced that help unify IoT, IT and Operational Technology networks to enable customers to quickly adapt to changing environments and user requirements. Unifying these networks, enables hyper-aware facilities that are safer, more adaptive, and enhance productivity. This is a big leap forward over what can be achieved with basic connectivity and machine learning-based monitoring.

These enhancements are integral to sensing, analyzing, and reacting to device data and contextual information. Virtually every subsystem spanning machine inputs and outputs (I/O) on a manufacturing floor through multimedia devices in the CEO suite can be accommodated. Solutions are available for education, enterprise, healthcare, hospitality, industrial, manufacturing, retail, transportation and government applications.

 

Some Use Cases

Some use cases with Aruba ESP-based hyper-awareness include smart buildings, industrial/manufacturing facilities and the broader Intelligent Edge.

Hyper-aware smart buildings for enterprises, education, healthcare, hospitality, retail, and government:

1. Building control and digital twin enablement: Identify sub-optimized processes, recommend operational enhancements, and monitor the trajectory of energy usage needed for proactive interventions.
2. Context- Aware, real-time integrated emergency response and notification.: It actively communicates with tenants, visitors and staff. The use of 4D Graphics for first responders enables them to quickly see where people are within buildings.
3. Seamless extension of the 5G Footprint with Wi-Fi: Mobile operators can extend 5G footprint into the building. It seamlessly powers Wi-Fi calling using Aruba Air Slice Technology.

Hyper-aware industrial facilities:

1. Migrating from break/fix to proactive maintenance: Enables machinery sensors to monitor equipment to identify points of failure. Notifies before they happen, improve productivity, reliability, and efficiency.
2. Reducing mean time to repair with location services: Provides site occupants with turn-by-turn navigation to a destination without human assistance.
3. Monitoring personnel and asset safety: Can deliver real-time 3D situational awareness by tracking the location of people and assets.  It can integrate with automated ventilation, geofencing, and vehicular navigation systems.

Aruba ESP produces AI- powered insights with greater than 95% accuracy.  It helps automatically improve communications and visibility across and among IoT, IT and OT Networks.

Have more questions about Aruba ESP? Attend our webinar on September 30^th or reach out to one of our account reps to learn more.

It will take some time for things to get back to normal.  The term, new normal has been popularized but is not far from the truth.  The way we do business and approach activities of leisure will have to change for a while.  How can we maintain some semblance of normalcy while engaging in the activities we once enjoyed?  Activities like going to restaurants or the library have become seemingly dangerous propositions to undertake.

How can technology help to facilitate social distancing and encourage safer conditions for all of us? 

The tools already exist to change the way we do business and approach the world.  Technologies that would lessen the need for physical contact and allow for non-contact transactions are available. They are inside our cell phones and many of the wireless technologies currently deployed.  The issue lies in the adoption of these technologies.  We will explore a few technologies that can guide our return workplace.

 

Location based services – tracking social distancing

Inside every Aruba access point since the 3xx series, there are Bluetooth beacons. The beacons triangulate the position of people by tracking the location of their personal devices.  Some applications for this technology include way finding, location-based marketing and access control.

In the future, this technology would count the number of people in a specific place to understand if social distancing standards are being followed.   Aruba networks has a product called ALE or analytics and location engine that can be used to track and aggregate data about the location of each person within a building while using Aruba wireless access points.

 

The graphic above is a generic topology for how the environment would look when leveraging the ALE.  Utilizing the components in the graphic, a company identifies where in the building people are. Also, it can track possible issue areas. Using this tool as a guide to rearrange offices or cubicles, it assists support in the distancing measures when people return to their workplaces.

 

Uses in Public Venues

In a public venue where the connectivity to the wireless networks cannot be relied upon, the system utilizes passive scanning of any devices that has WIFI or Bluetooth turned on. This enables one to accurately triangulate the position of this person.  Aruba describes this capability by saying that the system can; “Calculate location for associated and unassociated clients based on received signal-strength information or simply indicate the presence of a device in proximity to a specific AP.”

The ability to passively identify user devices is very important for a business to approximate the current occupancy of a space.   Locations for this device include restaurants, department stores or any other building where occupancy requirements may be a concern.

The accuracy of this system is directly dependent on the density of deployment of the access points or standalone Bluetooth beacons.  If more APs or beacons are deployed in a space, then the accuracy of the system is greatly improved.   It takes three access points or Bluetooth beacons to detect a device for accurate triangulation of a device to occur.

 

Distanced transactions with outdoor WIFI

Several businesses are trying to find a way to support retail transactions without the need for people to go inside the actual brick and mortar store.   In some cases, restaurants and other food service-based businesses would like the ability to process a credit card on their patio without the employee physically interacting with the payment method.

Outdoor wireless would provide a greatly appreciated internet service to their patrons. It facilitates the ability to have a battery powered WIFI point of sale tablet negotiate the transaction.  This would lessen the physical contact the patron and the employee would have in this setting.

With the newest Aruba 5xx series outdoor access points, a business could blanket their existing outdoor seating areas with secure wireless.  The ability to deliver secure wireless for the patrons and the company assets is invaluable. It further supports the initiative to reduce physical contact.

Additionally, by leveraging outdoor WIFI, a company could extend their current outdoor seating space. This helps to maximize their ability to generate revenue. The possibilities for using secure outdoor access are limitless.

 

Rethink How We Do Business

In this time of uncertainty, we need to continue to innovate and rethink the way we do business.  Giving up on interaction isn’t good for any of us.  We should continue to pursue ways to retool our businesses. Augment how we measure occupancy so that we can stay safe but productive.  My hope is that by leveraging technology we can find some semblance of normalcy again.

Contact Zunesis for more information on outdoor access points and other solutions to keep your business moving.

Aruba UXI Sensor

 

In early 2018, Aruba announced they were buying Cape networks, the developers of the Cape sensor. Rebranded as the Aruba User Experience Insight (UXI), the sensor sits on your network. It alerts you whenever your network is having problems.

It may not seem like much, but it is an amazing little device that could help IT departments everywhere. When deployed, the Aruba UXI sensor acts like a user on your network, except much smarter. No more complaints about “the internet isn’t working”. Instead, you get personalized alerts telling you exactly what is going wrong. Whether that means DNS is unresponsive, or merely yahoo.com is having an outage.

 

 

The sensor is designed to work straight out of the box on any network. It just needs to be registered to a dashboard. Then give credentials to the wifi or plug it into the ethernet. It takes so little set up. It can be mailed to a remote site and set up by anyone.  All configuration is done in the web portal. All standard tests and alert thresholds come preconfigured.  No set up is even needed, though you can definitely still customize it.

 

Aruba UXI Overview from Aruba Networks / Cape on Vimeo.

 

Aruba Dashboard

 

 

The dashboard is simple and easy to use. It gives you access to a lot of information about your network. Hover over any piece on the home page to get alert info. Then, click to drill down further and see a trove of other information, such as signal strength, channel, response times for things like dns or dhcp, even websites if you set them up.

 

 

The sensor can be configured to check both internal and external services.  Whether you use internal websites and fileshares, or Google docs and Microsoft OneDrive, you can test them all to be sure they are up and running. If they aren’t, the IT department is the first to know.

 

Proactive Alerts

Alerts are sent via email whenever certain customizable thresholds are met. This enables IT departments to know about a problem before a user has a chance to report it. They will also know exactly what went wrong without having to hunt around for the cause of the issue.

The alert says which service is down. Quickly letting IT know if the entire internet is down, or if its just the DNS service on a server. Website issues can also be shown through the alerts. Knowing exactly whats wrong, quickly enables the IT department to address the issue faster. This results in less down time and less unhappy users.

 

Cloud Accessibility

The dashboard and all data are hosted in the cloud. This allows for you to access it anywhere, at any time. No need to be on site to diagnose an issue. No worries about not being able to see data and alerts while a site is down.

Diagnosing issues is half the battle in the helpdesk world.  Eliminating this problem, enables the IT department to be far more efficient and timely in resolving those issues.

 

Location, Location, Location

Arubas UXI sensor should be placed in a spot where wifi is used most, or problem areas that you would like more information on. It comes with a couple different ways to mount it. It can also be set on a desk or table just as easily.

A secure mounting bracket can be deployed in public areas without the fear of it disappearing. All it needs is power either provided by the included power adapter, or by a PoE solution. The sensor also isn’t just limited to wifi. It works over ethernet as well, so you can check all network connections at once.

A user experience sensor is a valuable tool for any company, small or large. The key feature is that it enhances the response time of any IT department. Faster response times mean less downtime, which means less time your company is running smoothly. The solution is constantly being updated with more features being added every day to make the jobs of you and your IT department easier.

Contact Zunesis for more information on this solution or other networking products for your organization.

Aruba Instant Access Points

Years ago, the concept of purchasing and deploying enterprise grade wireless infrastructure was reserved for only the largest or wealthiest companies.  The average small to mid-sized businesses were left to make compromises on features and performance because of the prohibitive price and deployment complexity associated with wireless infrastructure.  Well no more.

Aruba Instant access points allow any business to deploy a full featured and scalable solution anywhere. Without compromising features often reserved for the most cost prohibitive solution.  Aruba Instant has a place in the hair salon all the way to the corporate office.  If you need a solid and secure wireless solution that doesn’t require a full-time worker to administer, than look no further.

 

What is Aruba Instant?

Aruba Instant is a wireless access point operating system and platform that does not require the purchase of hardware/virtual controllers for deployment.  Instead Aruba instant access points leverage each other as virtual controllers. They work in a cluster like the standard campus deployment most are familiar with.

For small to mid-sized businesses, the most common deployment of wireless is less than 100 access points. This is fully supported by the Aruba instant deployment model.  Not only does the deployment scale in size but it is innately redundant.

Each access point can act as the primary virtual controller if the current controller goes down.  Furthermore, the access points come in a wide variety of models.  Some support the newest Enterprise features such as 802.11ax, WPA3, and M-PSK.

 

Where is the value?

Almost all the current generation Aruba access points are sold as a unified AP. This deploys in an Instant cluster or as a campus AP controlled by dedicated controllers.  By shipping a single image on all access points, Aruba has made the product fit all use-cases. It has simplified the ordering and provisioning of the product.

Additionally, if a customer does outgrow the instant AP deployment model, they can simply convert their existing access points to work with a controller-based solution.  Never losing a penny on their existing investment.  This use-case happens frequently. Aruba customers are always thankful to know that they haven’t thrown money down the drain as their business grow and they need to expand the reach of wireless connectivity.

 

Aruba Instant Tour

I will spend some time showcasing the features and simplicity of the Aruba Instant operating system.  There are numerous guides online showing how to configure the APs in greater detail.  I will give a brief overview of some of the included features.

There is also a community driven YouTube channel dedicated to the education of customers and partners called: Airheads Broadcasting Channel.  This tour is meant for someone with 1-2 years of IT experience. Wired and wireless networking concepts will be used without explanation.

 

Logging In

The virtual controller is accessed through a web interface that is very similar to logging into a traditional Aruba Mobility controller. There are default credentials which are publicly available for the initial login.

 

 

 

User Interface

The dashboard presented after the user logs in is very helpful. It will show everything from active wireless networks, cluster members, connected clients, and performance and health statistics.

Again, keep in mind that using this deployment model is free.  There are no additional licenses or support fees to use the Aruba Instant operating system.  All Aruba access points come with a lifetime warranty that include software/firmware upgrades.

 

 

 

Advanced Features

The Aruba Instant operating system supports features like:

• Guest network with custom captive portal
• Radius authentication with COA
• Stateful firewall policies
• QOS\COS
• Internal guest provisioning for guest network
• IDS

 

Another feature that is surprising to see on this platform is AppRF.  It differentiates what applications are in use on the network.  It is of great value to administrators and engineers to be able to identify unwanted applications on the network and apply QOS policies to either limit or block them entirely.

 

 

 

 

Third Party Integrations

Unlike other platforms that limit features in their respective introductory platform, Aruba supports third party integrations with firewall vendors, and even custom XML API services.  Features that leverage location-based services are available using the Aruba Instant platform.

 

 

 

 

Overall, the platform is feature rich. It can do almost everything a traditional controller-based platform can do. The shear scalability of having the access points act as the controller grants a flexibility many in the industry have been looking for.

Small to mid-sized businesses should explore the possibilities of what the Aruba Instant platform can offer. A budget friendly option to consider for your networking needs.

Use the Networking Product Wizard on our site to find out the right switches, access points and network management solution for your organization.

Increased Vulnerability

 

 

Identifying what connects to the network is the first step to securing your enterprise.  Control through the automated application of wired and wireless policy enforcement ensures that only authorized and authenticated users and devices are allowed to connect to your network.  At the same time, real-time attack response and threat protection is required to secure and meet internal and external audit and compliance requirements.

 

 

 

Laptops, smartphones, tablets and Internet of Things (IoT) devices are pouring in the the workplace.  The average employee now utilizes an average of three devices.  The addition of IoT increases the vulnerabilities inside the business adding to the operational burden.

 

Wired and Wireless Devices

 

 

The use if IoT devices on wired and wireless networks is shifting IT’s focus.  Many organizations secure their wireless networks and devices. Some may have neglected the wired ports in conference rooms, behind IP phones and in printer areas.

 

 

Wired devices – like sensors, security cameras and medical devices force IT to think about securing the millions of wired ports that could be wide open to security threats.  Because these devices may lack security attributes and require access from external administrative resources, apps or service providers, wired access now poses new risks.

 

 

As IT valiantly fights the battle to maintain control, they need the right set of tools. Tools that can quickly program the underlying infrastructure and control network access for any IoT and mobile device – known and unknown.

 

 

Today’s network access security solutions must deliver profiling, policy enforcement, guest access, BYOD onboarding and more. They should offer IT-offload, enhanced threat protection and an improved user experience.

 

 

Mobility and IoT are Changing How We Think About Access Control

 

 

The boundaries of IT domains now extend beyond the four walls of business and the goal for organizations is to provide anytime, anywhere connectivity without sacrificing security.

 

 

How does IT maintain visibility and control without impacting the business and user experience?  It starts with a 3-step plan.

 

 

1. Identify – what devices are being used, how many, where they’re connecting from, and which operating systems are supported. This provides the foundation of visibility.  Continuous insight into the enterprise-wide device landscape and potential device security corruption.  Which elements come and go gives you the visibility required over time.
2. Enforce – accurate policies that provide proper user device access, regardless of user, device type or location; this provides an expected user experience. Organizations must adapt to today’s evolving devices and their use, whether the device is a smartphone or surveillance camera.
3. Protect – resources via dynamic policy controls and real-time threat remediation that extends to third-party systems. This is the last piece of the puzzle.  Being prepared for unusual network behavior at 3 AM requires a unified approach that can block traffic and change the status of a device’s connection.

 

 

 

Organizations must plan for existing and unforeseen challenges.  With their existing operational burden, it’s not realistic to rely on IT and help desk staff to manually intervene whenever a user decides to work remotely or buy a new smartphone.  Network access control is no longer just for performing assessments on known devices before access.

 

 

 

Aruba ClearPass

 

 

The stakes are high. It’s surprising that more companies have not embraced secure NAC to prevent malicious insiders from causing damage to the enterprise.  The uses cases are many-control devices connectivity, simplify BYOD, secure guest access leads to the same answer, Aruba ClearPass.

 

 

 

 

 

Over 7,000 customers in 100 countries have secured their network and their business with Aruba ClearPass.  They have achieved better visibility, control and response.  Shouldn’t you? Contact Zunesis to find out how you can secure your network.

 

 

 

 

End User-Centric Network and Application Performance Analytics

 

Increasing reliance on Wi-Fi for Enterprise and IoT applications mean IT departments are facing new challenges to deliver the best user and client experience possible. To provide a consistent level of performance, the Aruba Service Assurance solution enables IT to proactively simulate real-world user and client experiences.

 

IT can continuously monitor network connectivity and the performance of wireless and Ethernet connections in critical, high-value locations like office spaces, retail, education, healthcare, and similar types of environments.

 

How it works

 

The Aruba Service Assurance solution includes simple to deploy sensors, cloud-based data processing and an easy to learn web-based administrative dashboard. It can be accessed from anywhere using either Chrome or Safari browsers.

 

It’s a great tool for any organization and IT team tasked with delivering the best possible network experience with their user’s connectivity and app performance in mind – especially the “C-suite” or users with cyclical problems reported to the help desk.

 

Components to the Solution

 

Purpose-built Sensor

 

Aruba LTE sensors can be placed within any area where users or IoT devices are located to reduce the time to identify and resolve application responsiveness and user experience issues. The sensor is placed at the same height where user’s devices are placed or held, to run accurate simulated tests over Wi-Fi. Wired connections are also supported.

 

Tests can be set up for LAN and WLAN connectivity, DHCP, DNS, authentication, captive portal response, cloud and internal applications. Installation of the sensor, even in extremely remote locations is easy due to built-in out-of-band cellular connectivity. This reduces the time and effort normally required to go on-site, diagnose a problem and put a resolution into action.

 

 

 

 

Configuration and visibility: Web-based dashboard

 

The cloud-based analytics and insights engine provides a robust and scalable model that allows IT to centrally configure and run tests for today’s cloud-based (SaaS) or internal applications. Pre-configured templates or custom defined tests can monitor the most important apps and services. For example, tests can automatically ping a server to confirm responsiveness, or run a script through a browser to see how an application is performing before users encounter a problem.

 

The web-based service assurance dashboard is designed with simplicity and one-glance visibility in mind. It changes how an assurance dashboard should work. A unique, five-column traffic light model easily lets you see when things are working great and when they’re not.

 

The status of each sensor, SSID, service and application being tested are highlighted under each of the traffic light icons. This provides IT a good understanding of overall user experience, Wi-Fi connectivity and quality, responsiveness of core network services, and the reachability of internal and external services. Smart notifications can be setup to keep you informed on your mobile device.

 

 

 

How can Zunesis help?

 

Zunesis is an Aruba Platinum partner, which is the highest level of achievement. We can help any customer or prospective customer on even a small project with a concern such as we have outlined in this post.

 

A simple deployment of a single sensor and a 1 year subscription to the data and analytics gathering would cost only about $1200. Zunesis can install a quick test solution for our clients who need to get to the bottom of a tough end-user experience issue through our unique Customer Connect Program. This program provides 2-3 hours of no-cost onsite consulting with customers.

 

For instance, we could use that time to setup a basic Service Assurance sensor and dashboard. We then provide another hour or two of time after deployment to work with the client on reviewing results of the data gathering.

 

Plus for that small cost, the sensor is available to use for other testing, and one would simply need to renew the annual service subscription (or purchase up to 5 years up front!).

 

More Information:

Aruba Networking Service Assurance

 

 

 

 

 

Aruba 8400: Designed from the Ground Up for Automation and Network Insight

 

Looking at networking gear over the past several decades, not much has really changed from a high level.  Okay, we’ve gotten bigger pipes to fit the much larger volume of data that needs to pass through them.  We have added more protocols to manage the control plane, but a lot of the core technology is still pretty much the same.

 

OSPF, BGP, VRRP, etc … hasn’t really changed much.  Sure, some of us are over spanning tree and aren’t wasting half of our links anymore, but the point is that many network engineers themselves haven’t changed how they deploy and manage solutions.  Specifically, many of us are still managing our networks statically via the command line, troubleshooting after a problem has caused an outage, and not automating.

 

In the era of mobile, cloud, and IoT, this simply isn’t scalable anymore.  If you’re a forward thinker, you may have already been using ansible, python, etc. for network automation, and it definitely helps when the vendor has designed a platform specifically for this.  Gone are the days of screen scraping and expect scripting over SSH.

 

Aruba has been disrupting the networking industry for some time now in wireless and wired, but one thing missing from the product portfolio was an offering for the core… until now.

 

What’s New:

 

• High-performance Aruba core and aggregation switch with 19.2 Tbps switching capacity and carrier-class high availability.
• ArubaOS-CX automates using built-in REST APIs and Python scripts.
• Monitor and troubleshoot with Aruba Network Analytics Engine.
• High availability, virtualization and simplicity with Aruba VSX.
• High density, line rate 10GbE/40GbE/100GbE connectivity.
• Advanced Layer 2/3 feature set includes BGP, OSPF, VRF and IPv6.

 

Game-Changing Business Agility

 

The Aruba 8400 Switch Series is a core and aggregation switch solution with an innovative and powerful approach to dealing with the new applications, security and scalability demands of the mobile, cloud and IoT era.

 

Fully programmable with ArubaOS-CX, it brings automation and visibility and helps troubleshoot via simple scripting.

 

Aruba Network Analytics Engine provides the ability to monitor and troubleshoot the network, system, application and security related issues easily, through simple python agents and REST APIs.

 

High-availability, high-speed architecture with 19.2 Tbps switching capacity for always on networking.

 

Robust security and QoS with advanced Layer 2 and Layer 3 features including support for BGP, OSPF, VRF and IPv6.

 

Modern Software System Simplifies and Automates

 

The Aruba 8400 Switch Series is based on the new ArubaOS-CX, a modern software system for the core that automates and simplifies many critical and complex network tasks.

 

The built-in time series database enables customers and developers to develop software modules for historical troubleshooting, as well as analysis of historical trends, to predict and avoid future problems due to scale, security and performance bottlenecks.

 

Includes stability, independent monitoring and restart of individual software modules, and enhanced software process serviceability functions. And it allows individual software modules to be upgraded for higher availability; and supports enhanced serviceability functions.

 

Delivers enhanced fault tolerance and facilitates nearly continuous operation and zero-service disruption during planned or unplanned control-plane events.

 

High Performance and Carrier-Class High Availability

 

The Aruba 8400 Switch includes a high-speed, fully distributed architecture and provides up to 19.2 Tbps switching capacity to meet the demands and bandwidth-intensive applications today and in the future.

 

Aruba’s new high availability technology is Aruba VSX which has been designed from ground up to deliver the continuous availability, virtualization and simplicity requirements unique to the core of the network.

 

Resiliency and high availability with hot-swappable, redundant and load-sharing fabrics, management, fan assemblies and power supplies.

 

Scalable, compact 8U chassis delivers industry-leading line rate 10GbE/40GbE/100GbE port density, very low latency, and scalability ideal for the campus core.

 

So how is this any different from other chassis based switches?

 

ArubaOS-CX

 

Meet ArubaOS-CX, a modern network operating system.  The entire state of the system is stored in a database, and all aspects of the system interact with it, and not directly with each other outside of it.  This provides much greater modularity, extensibility, and allows seamless recovery when failures are detected.  If one particular daemon crashes, it simply restarts and restores it’s state back from the database with almost zero downtime.  This is huge!  If you’ve ever had to recover a major process like OSPF and had to deal with the consequences, you know exactly what I’m talking about.  Further, the system automatically generates a REST API for all objects in the data model, and can expose all features, functions, statistics…EVERYTHING to AOS-CX applications/services and to external systems if desired.

 

If that wasn’t enough, Aruba has also provided us with automated monitoring and troubleshooting via the network analytics engine.  This allows IT professionals to easily monitor, detect problems, analyze trends, and immediately resolve issues instead of relying on traditional tools like SNMP and CLI after the fact.  If a particular condition is detected, it is possible to automatically remediate via scripted actions.

 

 

Again, ArubaOS-CX is fully programmable via REST API, and for those of you who are ready to dig in, here’s a handy reference document to help get you started.

 

So are you ready to switch?(Pun intended)