The company that helped pioneer the controller-based enterprise wireless LAN is now selling wired Ethernet switches -- with a twist.
According to Aruba Networks, the WLAN is changing the face of network access, and the corporate access layer has to adapt to that new reality. The company is introducing an array of hardware and software-based services to reshape network access, including a line of wired Ethernet switches that can handle not only the burgeoning array of Wi-Fi clients but also wired clients.
IN DEPTH: Wi-Fi 802.11n: Still evolving
The company this week announces the S3500 series of 24- and 48-port Ethernet switches aimed at the wiring closet. The main difference compared to standard switches: The S3500 automatically seeks out an Aruba Mobility Controller, which handles Aruba's Wi-Fi access points and downloads a set of client policies for configuration, security and management. The switch can apply those policies to Wi-Fi-based laptops, tablets and other mobile clients as well as to desktop PCs or docked laptops.
The line of Aruba controllers is being updated with a new release of the ArubaOS firmware. One change is that the firmware now supports IPv6. Another is Mobile Device Admission Control (MDAC) for Apple iOS. The controller now can identify a device setting up a Wi-Fi connection as an iPhone or iPad, and automatically provision it with certificates, and with security and access policies tailored to these devices. Aruba labels this capability "device fingerprinting."
A related product is Amigopod, based on software that Aruba picked up with the January acquisition of the company bearing the same name. The software creates an easy-to-use, self-service Web portal that lets employees register their own mobile devices and then get network credentials and access policies tailored to that class of device.
Finally, Aruba is unveiling three new access points. First, there are two high-performance 802.11n access points, the AP-134 and -135, both of which have two radios using three data streams, known as 3x3 MIMO, for a maximum data rate of 450 Mbps per radio. The model 134 is outfitted for external directional antennas.
Second is the new Aruba Instant access point family: In a remote site, with a group of these access points deployed, one runs a subset of Aruba's controller software, acting as a controller to the rest of the WLAN. Aruba says the Instant access point can be up and running after a three-minute installation process, and they cluster automatically to receive configurations and updates from their "virtual controller."
Finally, the new AP-175 is Aruba's first outdoor 802.11n product, in a 2x2 MIMO configuration.
Part of Aruba's intent in this announcement is to bring a new level of intelligence about clients to the corporate network, in order to deal with an authorized user who may connect at different times via a wired or wireless connection, and with different devices, such as a corporate laptop or a personal Wi-Fi tablet.
"Users no longer sit at a desk, and servers are no longer near a user's [wired] desktop, but virtualized and remote," says Keerti Melkote, Aruba founder and chief technology officer. "Today, the LAN needs to be able to handle mobile clients and cloud-based servers."
One resulting impact, Melkote says, is that fewer access ports are needed in wiring closet switches. That's where the new Aruba S3500 switches come in. The Aruba switches can handle today's clients, factoring in user identity, the specific device and its location.
"When you refresh the wiring closet, replace that [conventional] switch with ours: It enables 802.1X authentication, it confirms the user is in fact who he claims to be, and it knows what policies to apply," Melkote says. "The switch knows who you are even if your MAC and IP addresses change. The network will let you in, and apply the appropriate policies, regardless of how you connect to it."
The "device fingerprinting" technology in the new ArubaOS 6.1 firmware is part of this capability. It's being used, with the new S3500 switch, in a beta test at Boston Medical Center, a 639-bed academic medical center in Boston's South End, and an Aruba customer.
"We're starting to see a big push for 'bring your own device' to work. It's mainly driven by the iPad: The doctors love it," says Lee Cullivan, manager, data/voice/security networks at BMC.
Cullivan can tell these iPad users to connect to the BMC wireless LAN using their existing Active Directory password. Currently, network access is based on being matched with a database of valid MAC addresses, and the doctor-owned iPads are not part of the database. But now, with the 6.1 release, the Aruba switch can identify the unauthorized device as "this is an iPad" and then, through a setup portal, provision the tablet with a specific set of permissions and privileges, including the use an iOS version of Citrix Receiver, which gives the iPad user access to a set of corporate applications.
BMC had already been evaluating Amigopod for handling guest access to the hospital's WLAN, when Aruba acquired the company. The appliance plugs into the network and then automatically connects to an Aruba controller. A guest user trying to log in is given a log-in screen in a Web browser. "Amigopod gives us more options for administering this registration process," Cullivan says.
The new Aruba Instant AP is expected to be available this month, in two models, priced at $395 and $695. Amigopod also will ship in March. The new S3500 switch, with the ArubaOS 6.1 firmware release, and the other new access points, all ship in April. Aruba will announce product prices for these at that time.
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.