SlideShare a Scribd company logo

Enabling the Virtual Enterprise

Download as PPTX, PDF
Aruba, a Hewlett Packard Enterprise company, profile picture
Aruba, a Hewlett Packard Enterprise company

The document outlines Facebook's implementation of zero-touch provisioning for their wireless network infrastructure using Aruba's services. It discusses the requirements for deployment, the provisioning process, and the integration of ClearPass Policy Manager for authentication and authorization. The focus is on creating an efficient and standardized network deployment adaptable to various global environments.

Technology
1 of 30
Downloaded 99 times
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
Enabling the Virtual Enterprise Dave Blank Network Engineer Facebook Michael Wong Product Manager
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Wireless @ Facebook • 6,337 employees* • Approximately 10,000 wireless clients every day • 35 offices globally (11 US offices, 24 international) • EVERYONE is mobile (open floorplan… employees work from anywhere) • 1.23 billion monthly active users* *as of Dec 2013
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 3 #AirheadsConf Agenda Facebook Lighthouse @ Home RAP Zero Touch Provisioning Configuring Zero Touch Provisioning With Activate and CPPM Demo
4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Remote AP Provisioning • AP Provisioning .. Need I say more?
5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller: Provisioning Whitelist • Controller Provisioning Steps – Add AP to Whitelist on each controller – Defines a list of APs allowed to connect to controller – RAP Whitelist Definition • AP mac address • AP Group • AP Name – CLI: whitelist-db rap add mac-address [mac-addr] ap-group [ap-grp] ap-name [ap- name]
6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook Requirements • Zero Touch Deployment – Easy for a non-techie to deploy • Performance • Form Factor • Standardize Global Deployment • Deploy in Challenging RF Environments • Support Latest Technology including IPv6 • Extend Corporate Service – Wired IP Phone – Wired Video Conference Endpoint
7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook: HelpDesk Provisioning Tool • Custom Portal to Adapt to Business Workflow
8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook LightHouse@Home
9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf To Datacenters Client VPN WAN Plug-Play Client Enterprise Secure Wi-Fi LAN Local Connectivity Enterprise Secure Wired Remote Access Points LAN/WAN/Internet Access Forwarding Priority Per User/Device/Session Dynamic Policies via Controller PEF Distributed Policy Enforcement Firewall Engine
10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf RAP Bootstrapping Process • RAP obtains wired IP address using DHCP • RAP contacts master controller using FQDN or static IP • RAP attempts to form IPsec connection – Certificate (name = mac address) • IPsec SA is established between RAP and controller
11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info
12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Activate to Provision AP Info
13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Activate Service What: Activate is a free Cloud Service that enables customers to deploy Aruba infrastructure more efficiently • http://activate.arubanetworks.com How: Enhances a device’s ability to find its configuration master Model: Device centric DB correlating various attributes Activate’s Inputs
14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: Define Rules •Activate (https://activate.arubanetworks.com) 1. Identify Configuration  IAP-to-RAP 2. Define Rules  Controller IP  AP-Group
15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: AP Attributes 1. Select Device  Devices are initially assigned the default folder 2. Assign Devices to Folder  Define AP-Name
16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Define ClearPass Policy for Central Whitelist
17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Manager • Authentication, Authorization, Accounting (AAA) with Policy Management • Guest Management • Device Onboarding
18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Activate Configuration • Provide Activate credentials in CPPM
19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Add Controller
20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint List • Validate that CPPM is receiving info
21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint Info • EndPoint Info – Orange • Attribute for Authorization – Yellow • Attributes sent to Controller
22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Service • Allows ClearPass Policy Manager to test Requests • Provide differentiation by access method, location or other network vendor-specific attributes
23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Authentication • Controller will perform mac authentication to CPPM – Note: RAP will still use certificate to establish IPSec tunnel
24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement • Define Authorization Conditions
25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement Profile • Define Radius Attributes (Aruba VSA)
26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration
27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration • Define Authentication Server • Define Server Group • Assign Server Group for RAP / IAP authentication aaa authentication-server radius CPPM_01 host [CPPM_IP_ADDRESS] key PASSPHRASE ! aaa server-group CPPM_WHITELIST auth-server CPPM_01 ! aaa authentication vpn default-iap server-group CPPM_WHITELIST ! aaa authentication vpn default-rap server-group CPPM_WHITELIST ! • Controller perform whitelist lookup on CPPM instead of local-db
28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info
29 Thank You #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
30

More Related Content

PPTX
Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Advanced Aruba Airwave Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Wireless LAN Security Fundamentals #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Breakout: Advanced Airwave Workshop
Aruba, a Hewlett Packard Enterprise company
 
PDF
Advanced rf troubleshooting_peter lane
Aruba, a Hewlett Packard Enterprise company
 
PDF
Cisco switch setup with cppm v1.2
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Secure Enterprise Mobility
Aruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba Airwave Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Aruba, a Hewlett Packard Enterprise company
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Advanced Airwave Workshop
Aruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Aruba, a Hewlett Packard Enterprise company
 
Cisco switch setup with cppm v1.2
Aruba, a Hewlett Packard Enterprise company
 
Secure Enterprise Mobility
Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

PDF
2012 ah emea top 10 tips from aruba tac
Aruba, a Hewlett Packard Enterprise company
 
PDF
Industry breakout government military forum_jon green_stuart schulte
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Breakout: Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
PDF
Security advanced rich langston_jon green
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Breakout: Advanced RF Design and Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PDF
Building an aruba proof of concept lab javier urtubia
Aruba, a Hewlett Packard Enterprise company
 
PDF
Next generation remote networks aruba instant gokul rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
PDF
2012 ah apj wlan design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Advanced RF Design & Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
PDF
Aruba instant the easy button for wireless gokul rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
PDF
Wlan designfor highdensityenvironments_chuck lukaszewski
Aruba, a Hewlett Packard Enterprise company
 
PDF
2012 ah vegas wlan design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
PDF
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba, a Hewlett Packard Enterprise company
 
PDF
Mobile Devices and Wi-Fi
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Remote & Branch Networking Fundamentals #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Breakout: Location Analytics – Key Considerations and Use Cases
Aruba, a Hewlett Packard Enterprise company
 
PDF
Top 10 tips_aruba_tac_madison lee
Aruba, a Hewlett Packard Enterprise company
 
PDF
Clear passbasics derinmellor
Aruba, a Hewlett Packard Enterprise company
 
PDF
Airheads dallas 2011 rap troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
2012 ah emea top 10 tips from aruba tac
Aruba, a Hewlett Packard Enterprise company
 
Industry breakout government military forum_jon green_stuart schulte
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Access Management with Aruba ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Advanced RF Design and Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Building an aruba proof of concept lab javier urtubia
Aruba, a Hewlett Packard Enterprise company
 
Next generation remote networks aruba instant gokul rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
2012 ah apj wlan design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Advanced RF Design & Troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
Wlan designfor highdensityenvironments_chuck lukaszewski
Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas wlan design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba, a Hewlett Packard Enterprise company
 
Mobile Devices and Wi-Fi
Aruba, a Hewlett Packard Enterprise company
 
Remote & Branch Networking Fundamentals #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Location Analytics – Key Considerations and Use Cases
Aruba, a Hewlett Packard Enterprise company
 
Top 10 tips_aruba_tac_madison lee
Aruba, a Hewlett Packard Enterprise company
 
Clear passbasics derinmellor
Aruba, a Hewlett Packard Enterprise company
 
Airheads dallas 2011 rap troubleshooting
Aruba, a Hewlett Packard Enterprise company
 
Ad

Viewers also liked (20)

PDF
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Aruba, a Hewlett Packard Enterprise company
 
PDF
Customer Keynote - Microsoft Lync
Aruba, a Hewlett Packard Enterprise company
 
POTX
Breakout - Airheads Macau 2013 - Cloud WiFi
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Breakout: 802.11ac Wi-Fi Fundamentals
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
IDC Aruba Webinar - 3 Feb 15
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Deploying Microsoft Lync over Wi-Fi #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Aruba Instant Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave
Aruba, a Hewlett Packard Enterprise company
 
PDF
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba, a Hewlett Packard Enterprise company
 
PPTX
WLAN Design for Location, Voice & Video
Aruba, a Hewlett Packard Enterprise company
 
PDF
Aruba Technical Webinar: Unplugging the Last Cord
Aruba, a Hewlett Packard Enterprise company
 
PPTX
E Rate Modernization Overview
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Meridian APPs and ALE at WFD6
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Aruba Networks at WFD6
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Adaptive Trust Security
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Advanced Aruba Mobility Access Switch Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Breaking the Status Quo
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Best Practices on Migrating to 802.11ac Wi-Fi #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Aruba, a Hewlett Packard Enterprise company
 
Customer Keynote - Microsoft Lync
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - Cloud WiFi
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: 802.11ac Wi-Fi Fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
IDC Aruba Webinar - 3 Feb 15
Aruba, a Hewlett Packard Enterprise company
 
Deploying Microsoft Lync over Wi-Fi #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Aruba Instant Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave
Aruba, a Hewlett Packard Enterprise company
 
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba, a Hewlett Packard Enterprise company
 
WLAN Design for Location, Voice & Video
Aruba, a Hewlett Packard Enterprise company
 
Aruba Technical Webinar: Unplugging the Last Cord
Aruba, a Hewlett Packard Enterprise company
 
E Rate Modernization Overview
Aruba, a Hewlett Packard Enterprise company
 
Meridian APPs and ALE at WFD6
Aruba, a Hewlett Packard Enterprise company
 
Aruba Networks at WFD6
Aruba, a Hewlett Packard Enterprise company
 
Adaptive Trust Security
Aruba, a Hewlett Packard Enterprise company
 
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba Mobility Access Switch Workshop #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Breaking the Status Quo
Aruba, a Hewlett Packard Enterprise company
 
Best Practices on Migrating to 802.11ac Wi-Fi #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Ad

Similar to Enabling the Virtual Enterprise (20)

PDF
ARUBA - Remote Branch-networking-fundamentals-2014
Marcello Marchesini
 
PPTX
Enabling AirPrint & AirPlay on Your Network
Aruba, a Hewlett Packard Enterprise company
 
PDF
Remote Wireless LANs
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Defining Advanced AAA Policies for Access Networks
Aruba, a Hewlett Packard Enterprise company
 
PDF
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
PDF
BYOD with ClearPass
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Network Management with Aruba Airwave #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Aruba WLANs 101 and design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Network Management with Aruba AirWave
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Aruba, a Hewlett Packard Enterprise company
 
PDF
Instant overview gokul_rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
PPTX
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Shanghai Keynote: Keerti Demos
Aruba, a Hewlett Packard Enterprise company
 
PDF
Mobility switch security architecture scott calzia madani adjali
Aruba, a Hewlett Packard Enterprise company
 
PDF
Clear pass policy manager advanced_ashwath murthy
Aruba, a Hewlett Packard Enterprise company
 
PDF
Air waveupdate sujathamandava
Aruba, a Hewlett Packard Enterprise company
 
PDF
RAP Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
PDF
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
PDF
2012 ah vegas remote networking fundamentals
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 
ARUBA - Remote Branch-networking-fundamentals-2014
Marcello Marchesini
 
Enabling AirPrint & AirPlay on Your Network
Aruba, a Hewlett Packard Enterprise company
 
Remote Wireless LANs
Aruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Aruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Aruba, a Hewlett Packard Enterprise company
 
BYOD with ClearPass
Aruba, a Hewlett Packard Enterprise company
 
Network Management with Aruba Airwave #AirheadsConf Italy
Aruba, a Hewlett Packard Enterprise company
 
Aruba WLANs 101 and design fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Network Management with Aruba AirWave
Aruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Aruba, a Hewlett Packard Enterprise company
 
Instant overview gokul_rajagopalan
Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
Aruba, a Hewlett Packard Enterprise company
 
Shanghai Keynote: Keerti Demos
Aruba, a Hewlett Packard Enterprise company
 
Mobility switch security architecture scott calzia madani adjali
Aruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Aruba, a Hewlett Packard Enterprise company
 
Air waveupdate sujathamandava
Aruba, a Hewlett Packard Enterprise company
 
RAP Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Aruba, a Hewlett Packard Enterprise company
 

More from Aruba, a Hewlett Packard Enterprise company (20)

PPTX
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads_ Advance Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Switch stacking_ ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Introduction to AirWave 10
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads - AP Discovery Logic and AP Deployment
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
PPTX
EMEA Airheads - What does AirMatch do differently?v2
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Meetups: 8400 Presentation
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Meetups: Ekahau Presentation
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Meetups- High density WLAN
Aruba, a Hewlett Packard Enterprise company
 
PPTX
Airheads Meetups- Avans Hogeschool goes Aruba
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Aruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Advance Aruba Central
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
Aruba, a Hewlett Packard Enterprise company
 
Introduction to AirWave 10
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Aruba Central with Instant AP
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - AP Discovery Logic and AP Deployment
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
Aruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - What does AirMatch do differently?v2
Aruba, a Hewlett Packard Enterprise company
 
Airheads Meetups: 8400 Presentation
Aruba, a Hewlett Packard Enterprise company
 
Airheads Meetups: Ekahau Presentation
Aruba, a Hewlett Packard Enterprise company
 
Airheads Meetups- High density WLAN
Aruba, a Hewlett Packard Enterprise company
 
Airheads Meetups- Avans Hogeschool goes Aruba
Aruba, a Hewlett Packard Enterprise company
 

Recently uploaded (20)

PPTX
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
PDF
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
PDF
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
PDF
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
PDF
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
PPTX
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
PDF
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
PDF
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
PDF
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
PDF
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
PDF
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
PDF
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
PDF
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
PPTX
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
PDF
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
PPTX
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
PDF
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
PPTX
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
PDF
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
PPTX
Spectroscopy.pptx food analysis technology
nawahassan45
 
Big Data Technologies - Introduction.pptx
kuthubussaman1
 
NewMind AI Weekly Chronicles - August'25 Week I
NewMind AI
 
Unlocking AI with Model Context Protocol (MCP)
Brian McKeiver
 
The Rise and Fall of 3GPP – Time for a Sabbatical?
3G4G
 
How UI/UX Design Impacts User Retention in Mobile Apps.pdf
SynapseIndia
 
Digital-Transformation-Roadmap-for-Companies.pptx
David Malick Dieng
 
Advanced methodologies resolving dimensionality complications for autism neur...
IAESIJAI
 
MIND Revenue Release Quarter 2 2025 Press Release
MIND CTI
 
Building Integrated photovoltaic BIPV_UPV.pdf
SandeepSingh286037
 
Agricultural_Statistics_at_a_Glance_2022_0.pdf
SandeepSingh286037
 
Review of recent advances in non-invasive hemoglobin estimation
IAESIJAI
 
Build a system with the filesystem maintained by OSTree @ COSCUP 2025
Jian-Hong Pan
 
Profit Center Accounting in SAP S/4HANA, S4F28 Col11
Libreria ERP
 
ACSFv1EN-58255 AWS Academy Cloud Security Foundations.pptx
23bcla24
 
TokAI - TikTok AI Agent : The First AI Application That Analyzes 10,000+ Vira...
SOFTTECHHUB
 
VMware vSphere Foundation How to Sell Presentation-Ver1.4-2-14-2024.pptx
blackmambaettijean
 
Mobile App Security Testing_ A Comprehensive Guide.pdf
flufftailshop
 
sap open course for s4hana steps from ECC to s4
sreeni2106invites
 
Architecting across the Boundaries of two Complex Domains - Healthcare & Tech...
Peter Tan
 
Spectroscopy.pptx food analysis technology
nawahassan45
 

Enabling the Virtual Enterprise

  • 1. Enabling the Virtual Enterprise Dave Blank Network Engineer Facebook Michael Wong Product Manager
  • 2. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Wireless @ Facebook • 6,337 employees* • Approximately 10,000 wireless clients every day • 35 offices globally (11 US offices, 24 international) • EVERYONE is mobile (open floorplan… employees work from anywhere) • 1.23 billion monthly active users* *as of Dec 2013
  • 3. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 3 #AirheadsConf Agenda Facebook Lighthouse @ Home RAP Zero Touch Provisioning Configuring Zero Touch Provisioning With Activate and CPPM Demo
  • 4. 4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Remote AP Provisioning • AP Provisioning .. Need I say more?
  • 5. 5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller: Provisioning Whitelist • Controller Provisioning Steps – Add AP to Whitelist on each controller – Defines a list of APs allowed to connect to controller – RAP Whitelist Definition • AP mac address • AP Group • AP Name – CLI: whitelist-db rap add mac-address [mac-addr] ap-group [ap-grp] ap-name [ap- name]
  • 6. 6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook Requirements • Zero Touch Deployment – Easy for a non-techie to deploy • Performance • Form Factor • Standardize Global Deployment • Deploy in Challenging RF Environments • Support Latest Technology including IPv6 • Extend Corporate Service – Wired IP Phone – Wired Video Conference Endpoint
  • 7. 7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook: HelpDesk Provisioning Tool • Custom Portal to Adapt to Business Workflow
  • 8. 8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook LightHouse@Home
  • 9. 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf To Datacenters Client VPN WAN Plug-Play Client Enterprise Secure Wi-Fi LAN Local Connectivity Enterprise Secure Wired Remote Access Points LAN/WAN/Internet Access Forwarding Priority Per User/Device/Session Dynamic Policies via Controller PEF Distributed Policy Enforcement Firewall Engine
  • 10. 10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf RAP Bootstrapping Process • RAP obtains wired IP address using DHCP • RAP contacts master controller using FQDN or static IP • RAP attempts to form IPsec connection – Certificate (name = mac address) • IPsec SA is established between RAP and controller
  • 11. 11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info
  • 12. 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Activate to Provision AP Info
  • 13. 13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Activate Service What: Activate is a free Cloud Service that enables customers to deploy Aruba infrastructure more efficiently • http://activate.arubanetworks.com How: Enhances a device’s ability to find its configuration master Model: Device centric DB correlating various attributes Activate’s Inputs
  • 14. 14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: Define Rules •Activate (https://activate.arubanetworks.com) 1. Identify Configuration  IAP-to-RAP 2. Define Rules  Controller IP  AP-Group
  • 15. 15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: AP Attributes 1. Select Device  Devices are initially assigned the default folder 2. Assign Devices to Folder  Define AP-Name
  • 16. 16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Define ClearPass Policy for Central Whitelist
  • 17. 17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Manager • Authentication, Authorization, Accounting (AAA) with Policy Management • Guest Management • Device Onboarding
  • 18. 18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Activate Configuration • Provide Activate credentials in CPPM
  • 19. 19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Add Controller
  • 20. 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint List • Validate that CPPM is receiving info
  • 21. 21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint Info • EndPoint Info – Orange • Attribute for Authorization – Yellow • Attributes sent to Controller
  • 22. 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Service • Allows ClearPass Policy Manager to test Requests • Provide differentiation by access method, location or other network vendor-specific attributes
  • 23. 23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Authentication • Controller will perform mac authentication to CPPM – Note: RAP will still use certificate to establish IPSec tunnel
  • 24. 24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement • Define Authorization Conditions
  • 25. 25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement Profile • Define Radius Attributes (Aruba VSA)
  • 26. 26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration
  • 27. 27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration • Define Authentication Server • Define Server Group • Assign Server Group for RAP / IAP authentication aaa authentication-server radius CPPM_01 host [CPPM_IP_ADDRESS] key PASSPHRASE ! aaa server-group CPPM_WHITELIST auth-server CPPM_01 ! aaa authentication vpn default-iap server-group CPPM_WHITELIST ! aaa authentication vpn default-rap server-group CPPM_WHITELIST ! • Controller perform whitelist lookup on CPPM instead of local-db
  • 28. 28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info
  • 29. 29 Thank You #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
  • 30. 30

Editor's Notes

  • #10: To understand more, let’s take a look at the RAP architecture:On one side, the RAP looks like a VPN client-in-a-box. Plug in to any network, it gets an address, then “dials” up a VPN tunnel to the data center so you don’t have to. VPN-in-a-box is not new – “hard clients” have been around for a while. But they usually stop at a simple connectivity model of attaching one or more wired ports to a VPN tunnel. The RAP is much more than that.On the LAN side that faces the end user, we provide wired and wireless connectivity options. The wireless side delivers the full enterprise-grade security, management, and control that Aruba is known for in its campus WLAN deployments. The wireless also provides full wireless intrusion prevention services to control rogue APs and misconfigured clients.In the middle is the most important part - our “secret sauce” – a technology we call PEF, or policy enforcement firewall. PEF is a technology we developed originally for our wireless LAN platform. It is a per user/device/session state access forwarding engine. What it does is function as a policy enforcement switch, controlling who/what can get in, who can do what, and even controls prioritization. Best of all it does this based on users and dynamic policies versus ports and subnets, thus dramatically simplifying and virtualizing service delivery and security policies to users. PEF is the key feature that makes the RAP different than simple “VPN-in-a-box.”
  • #31: 21:44 – 24:16