Confidential 2010

October 2010

Corporate Overview

Confidential 2010

Introduction to Aerohive

Next generation enterprise WLAN systems vendor

The only WLAN solution built from the ground up for Wireless 2.0

WLAN Visionary – Gartner Breakthrough, distributed WLAN

architecture– Eliminates WLAN controllers– Built for 802.11n transition– Breakthrough performance,

resilience and flexibility– Up to 75% lower cost

Innovative cloud-based management

2

HiveManager NMS HiveAPs

MQAerohive Named Visionary in Gartner’s WLAN Magic Quadrant 2010

Visionary Gartner Magic Quadrant 2010

Confidential 2010

Aerohive – Purpose-built for Wireless 2.0

Yesterday’s WLAN- Convenience WiFi- Guest Access- Nomadic Users- Scanners & single

mode voiceProblems

- Security- Management

4

Wireless 2.0- Client Explosion- Mobile Apps- 6 X Bandwidth (802.11n)- Voice / FMC- Location Services- Ubiquitous coverage- Ethernet Replacement

Problems- Security, Mgmt & Mobility- Single Points of Failure- Performance Limitations- Deterministic

Performance- Scalability- Cost

Users

Applications

MobilityFlexibility

Productivity

Confidential 2010

Distributed Enterprise

EducationManufacturing, Distribution & Retail

Healthcare

Customer Focus

Key Requirement– Secure, resilient,

high performance managed infrastructure

Key Requirement– High performance,

easy to manage infrastructure

Key Requirement– Scalable, cost

effective, resilient managed infrastructure

Key Requirement– Scalable, cost

effective, survivable, managed infrastructure

Confidential 2010

• No single points of failure• Path resiliency• Branch survivability

Wire-like Resilience

• Distributed processing• Local data forwarding• Improved airtime utilization

Up to 10X Better

Performance

• Per user policy enforcement• Advanced Security (WIDS, FW,

wireless VPN)• Resource allocation with SLAs

Why Customers Selected Aerohive

6

Distributed WLAN

Architecture+

Best In Class Management

Secure, Multi-Service Infrastructure

• Less hardware, less cabling• Start small & expand• SaaS Wireless Mgmt

Up to 75% Lower CapEx

and OpEx

Confidential 2010

Cooperative Control - A distributed approach

Distributed Forwarding - with Policy Enforcement!

– Responsible – Local forwarding • Policy applied before forwarding!• Competitors often forget this

Distributed Intelligence– Cooperative Control: Auto RF, auto

discovery & config, secure roaming– Stateful firewall, QoS, RADIUS – Microsecond-granular handling

• Airtime management & statistics

Distributed Processing– Throughput & Client Health SLA compliance– Power to track every client in the network

and adjust parameters based on client health

Feedback RF MediumHiveOS

Confidential 2010

Wi-Fi’s Networking Detour

8

Security, Manageability & Mobility

Scalability, Resilience

& Determinism

Autonomous APs-Limited Intelligence

- No RF / Network Awareness

- Hard to manage (Managed directly)

Centralized Control- Centralized Intelligence

- Auto RF- Secure seamless roaming- Ease of management- Single points of Failure- BW Bottleneck- Increased Cost

Cooperative Control - Distributed Intelligence

- Auto RF- Secure seamless roaming- Ease of management - Increased Reliability- Improved Performance- Reduced Cost- Cloud or Centralized

management

20031999

Made possible by Moore’s

Law

2007 2010802.11b/a 802.11g 802.11n

Confidential 2010

Enterprise Wireless LAN comparison

9

Controller-Based

NMS

Thin APs

HiveManager

Distributed Control

Network

Cooperative Control APs

Network

FW WIDS

RADIUS

QoS

MESH

Aerohive Benefit• No U-turns, Bottlenecks

or Single Points of Failure

• Flexible Expansion• Superior Branch

Performance & Survivability

• Real Mesh Support• Increased Reliability &

Reduced Cost (No Controller$)

• Advanced Value-Added Functionality

Control DataTunnels

Data Center

Access Layer

Access Layer

Confidential 2010

Architectural Alternatives

Centralized Data Forwarding & Control

Rel

iabi

lity

Performance & Cost Effectiveness

Redundant Centralized Data Forwarding & Control

Distributed Forwarding with Centralized Control

Fully Distributed Forwarding & Control

VMware Controller Controller in the Cloud

Or Or

NMSWAN

HQController

Controller

NMSWAN

HQ

Controller

ControllerController

Controller

NMSWAN

HQController

Controller

Authentication Auto RF L2/L3 Roaming QoS WIPS / Rogue Detection

NMSWAN

HQ

Loss of control means they become expensive Fat APs

High Performance Highly Reliable & Cost Effective

$

Controller Failure = WLAN Failure

More Reliable But Expensive Authentication

Auto RF L2/L3 Roaming QoS WIPS / Rogue Detection

Confidential 2010

Distributed Control:A Proven, Effective Model

Performance, Resilience, Cost Effectiveness and Scalability

The Internet• Dynamic Routing

Switched Campus• Dynamic Routing• Spanning Tree

Wireless access• Cooperative Control

Confidential 2010

How does it work?

12

Reporting Heat Maps

SLA Compliance

Policy Configuration

HiveManager NMS

HiveAPs are full-featured enterprise class access points

– Identity-based security, including stateful inspection FW, rogue detection & mitigation

– Airtime scheduling, SLA compliance and local forwarding implemented at the edge

HiveAPs are discovered and policy is pushed by HiveManager

– A single mgmt interface for configuration, OS updates & monitoring of thousands of devices

Cooperative control protocols create "hives" that share control information between HiveAPs

– Enabling functions like secure fast layer roaming (L2/L3), cooperative RF management, station load balancing, wireless mesh and seamless resiliency

How does it work detail

Confidential 2010

Delivering a secure multi-service “App Ready” infrastructure

Security & VPN WPA2/802.1X, Private PSK Integrated Firewall, VPN, RADIUS WIDS, Rogue Detection & Mitigation Directory and NAC integration

13

Per User Policy Enforcement User profiles and policy are used to

“Virtualize” WLAN infrastructure User Profiles include L2-L4 policy

enforcement including security, QoS and access policy

Resource Management Prioritization – Voice BW limiting – student access Time of Day scheduling SLA Compliance

Trusted Client Launching IP DoS attack

Voice PolicyLaptop Policy

Guest Policy

Quarantine

WMMUser

QUEUEs Diff Serv

Guest Administrator

Device Types Laptops, Scanners Tags, Wi-Fi Phones Tablets, IV Pumps

User Types Guests, Employees Doctors , Nurses Contactors , Teachers

Students

Traffic Types Voice Video Data

Confidential 2010

Improving application and WLAN performance

10-20X In the Core Distributed forwarding eliminates

controller oversubscription Best path forwarding minimizes

network congestion

14

270 54 6

Thro

ughp

ut

Aerohive Controller# of APs

Controller Capacity Limit

Aerohive NWW performance results

5X Through the AP Custom Aerohive design - purpose

built hardware & optimized software Dual core network processor

10X In the Air Dynamic Airtime Scheduling

optimizes airtime utilization Reduces contention + keeps

slow clients from limiting fast clients

Time

Fast Client

Medium Client

Slow Client

10x faster 5x faster No Slower

Confidential 2010

Reducing risk with wired-like resilience

No Single Points of Failure Controllers are single points of failure Resiliency by adding more controller$ Controller failover is stateless

15

Path Resiliency Dynamic Mesh Failover Track-IP Dual homed Ethernet

Branch Survivability Distributed control & data forwarding Integrated RADIUS server allows for

local authentication or AAA caching and can link to central directory

AAA

WANAAA Cache

WAN

HiveManager

AAA

WLAN fully functional

Confidential 2010

Reducing Capex and Opex costs

Less Infrastructure Cost Controller-less architecture + SaaS

reduces H/W, sparing & energy costs SaaS Mgmt moves Capex to Opex Wi-Fi access reduces cabling Enterprise Mesh reduces cabling

16

Start Small & Expand Saas Wi-Fi Mgmt per AP service No over provisioning No feature licenses limiting new

apps Linear cost growth curve – add APs

Easy to Use Management Easy to use, policy-based mgmt

simplifies large deployments Intuitive web management with

Express mode or Enterprise mode Role-based guest mgmt delegation

Example: Central Site High Availability (30APs) Controller Solution – Includes APs and Controller$Aerohive Solution – Includes HiveAPs and HiveManager Online

“…..the physical controller has vanished either into the cloud or into the one or more access points. These new solutions in addition to lower priced access points continue to reduce the total cost of ownership for WLAN connectivity at the edge of the network.” – Gartner Magic Quadrant February 2010

HiveManager Online

HiveManager Online

Confidential 2010

802.11n HiveAP Product Line

1717

Partnerships, Certification and Interoperability

HiveAP 110

HiveAP 120

HiveAP 320

HiveAP 340

HiveAP 340 ODK

Single Radio (2.4/5Ghz) Indoor 802.11n (2x2)

Dual Radio Indoor 802.11n (2x2)

Dual Radio Indoor 802.11n (3x3)

Dual Radio Industrial 802.11n (3x3)

Dual Radio Outdoor 802.11n (2x2)

Antenna Integrated Internal Internal External External

Aggregate Link Rate 300Mbps 600Mbps 600Mbps 600Mbps 600Mbps

Packets per Second Up to 28kpps Up to 28kpps Up to 45kpps Up to 45kpps Up to 45kpps

Dual Core Processor No No Yes Yes Yes

Crypto (VPN) Accelerator No No Yes Yes Yes

TPM Chip Yes Yes Yes Yes Yes

Ethernet GigE GigE Dual GigE Dual GigE 10/100 & GigE

PoE 802.3af 802.3af Smart PoE (802.3af & at)

Smart PoE(802.3af & at)

Proprietary – Lightning Arrester

Console Virtual Access Console

Virtual Access Console

Physical & Virtual Access Console

Physical & Virtual Access Console

Physical & Virtual Access Console

Confidential 2010

Express Mode• Optimized for ease of use• Uniform company-wide policy• One user type per SSID

Enterprise Mode• Enterprise sophistication• Multiple WLAN policies• Multiple user profiles/SSID• Active Directory support

HiveManager Appliance 2U • Redundant power& fans• HA redundancy• 5000 APs

HiveManager Virtual Appliance• VMware ESX & Player• HA redundancy• 1500 APs with minimum configuration

HiveManager 1U Appliance• HA redundancy• 500 APs

HiveManager Online• Cloud-based SaaS management

Complete, Flexible Wireless Management Solutions

HiveManager Appliance 2U • Redundant power & fans• HA redundancy• 5000 APs

HiveManager Virtual Appliance• VMware ESX & Player• HA redundancy• 1500 APs with minimum configuration

HiveManager 1U Appliance• HA redundancy• 500 APs

HiveManager Online• Cloud-based SaaS management

18

Seamless

Upgrade Path

•Increasing

deployment size

•Increasing

network

complexity

Topology Reporting Heat Maps SLA ComplianceRF PlannerSW, Config, & Policy Guest Mgmt

Confidential 2010

Summary

Aerohive Cooperative Control architecture delivers:

Enabling the “Best ROI in Wi-Fi”

19

• A future-proofed secure multi-service infrastructure• Increased network and application performance• Reduced risk with wire-like resiliency• Reduced capital and operational cost

Confidential 2010

THANK YOU!

Confidential 2010

BACKUP SLIDES AND CUSTOM SHOWS

21

Confidential 2010

HiveManager - Management System

Single management interface for configuration, OS updates, monitoring of thousands of devices

Real-time topology, performance and user views simplify troubleshooting, capacity planning and security remediation

Zero configuration HiveAP deployment

HiveManager is provided as an appliance to simplify installation

Non-essential to HiveAP operation

22

Platform Independent Web Interface

DatabaseDevice Server

Ajax GUI Server

HiveOS Devices

Confidential 2010

Topology & Network Status What APs are connected, AP Status – Alarms, mesh connections Drill down on each AP to get client information, debug issues, and update configuration

and firmware

RSSI and Rogue Detection Channel, Power and RSSI values Rogue Detection

HiveManager WLAN management

Network Summary Number and types of clients, Number of clients over time Alarms and status, Roaming Details can be found by drilling into users and logs

Powerful User-Centric Policy Management Flexible mapping of SSIDs and Users access to the network

QoS, Firewall and Mobility Policy plus VLAN and Tunnel mapping Configurations applied across any # of APs for large scale enterprise wide management

Confidential 2010

HiveManager Role Based Administration

Policy Design & Configuration

Monitoring & Maintaining

Upgrading & Adjusting

WLAN PoliciesHive, Services, WLAN Mappings (SSID),Ethernet Access,Backhaul, QoS

ReportingSummary, Radio, SSID, Client, Security, Inventory

New WLAN PoliciesUser Profiles,Services (Applications)

Security PoliciesDoS Prevention, Firewall,Rogue Detection, Filters

Active & Rogue ClientsMAC/IP Address, Host/User Name, HiveAP Name/MAC

Certificate & Key UpdatesUpload Captive Web Pages and KeysUpload AAA Certificates & Keys

AuthenticationAAA client settings,LDAP Settings,Captive Web Portal

Fault Events & AlarmsSeverity, Date, Description

SW & Config. UpdatesUpload & Activate ConfigUpload & Activate SW

Administration ManagementAdmin GroupsAdministrators

HiveAP Status HiveAP name, type, # of clients, uptime, OS version

HiveManagerOperationsBackup Database,Update SW, Tech Support Data

24

WLAN Manager

Device Life Cycle

Confidential 2010

HiveManager Role Based Administration

Policy Design & Configuration

Monitoring & Maintaining

Upgrading & Adjusting

WLAN PoliciesHive, Services, WLAN Mappings (SSID),Ethernet Access,Backhaul, QoS

ReportingSummary, Radio, SSID, Client, Security, Inventory

New WLAN PoliciesUser Profiles,Services (Applications)

Security PoliciesDoS Prevention, Firewall,Rogue Detection, Filters

Active & Rogue ClientsMAC/IP Address, Host/User Name, HiveAP Name/MAC

Certificate & Key UpdatesUpload Captive Web Pages and KeysUpload AAA Certificates & Keys

AuthenticationAAA client settings,LDAP Settings,Captive Web Portal

Fault Events & AlarmsSeverity, Date, Description

SW & Config. UpdatesUpload & Activate ConfigUpload & Activate SW

Administration ManagementAdmin GroupsAdministrators

HiveAP Status HiveAP name, type, # of clients, uptime, OS version

HiveManagerOperationsBackup Database,Update SW, Tech Support Data

25

Network Admin

SecurityAdmin

Operations

Device Life Cycle

Unlimited set of roles– Tasks and views can be delegated to each role

Virtual HiveManager

Confidential 2010

The Virtual HiveManager Feature

Multiple separate Instances of HiveManager on a single hardware platform

Complete Separation of Administration for

– Enterprise– Managed Services

Domains are completely segmented and appear as a stand alone management system.

– Separate views– Separate Policies– Separate Reporting

26

HiveManager A HiveManager B HiveManager C

Virtualized HiveManager

A B C

Confidential 2010

Virtual HiveManager Capabilities

Up to 50 Virtual HiveManagers per physical hardware platform

Self Administration enables Virtual HiveManager to be accessible to customers in a Managed Service

SuperUser Admin can create, modify and delete Virtual HiveManagers

Complete segmentation of all data-objects including SSID and security information

Role based admin within a Virtual HiveManager

– Read and/or Write per configuration feature

– Read and/or Write per location Automated emailed

Reporting, Logs and email alerts available for each Virtual HiveManager

HiveAPs establish DTLS tunnel to HiveMananager for management traffic

– Works across NAT boundaries

27

Confidential 2010

Large/Distributed Enterprise

Large enterprises with multiple operating companies or distributed IT functions often require separate administrative interfaces.

Single central HiveManager instance would appear to be dedicated to each organization

Can be separated by:– Separate IT organizations– Separate roles – Geographic regions

28

Subsidiary A Subsidiary B Subsidiary C

A B C

Retail Store

Warehouse

Distribution Center

By Location or

Role

By Organization

Virtualized HiveManager

Confidential 2010

Aerohive Rogue Mitigation & WIDS

Rogue Detection– Detect Both Rogue & AdHocPC’s– Detect “On-Network” Rogue– Confirm compliant BSSID, SSID, WMM,

Preamble– Generate Reports on rogue activity

Rogue mitigation– Mitigation continuously de-authorizes and

disassociates client connected to Rogue AP or Rogue Client

– Works in conjunction with Aerohive’s Rogue Detection and Location features

IP & MAC DoS Detection – Detect RF 802.11 Management Layer Attacks (i.e

Probes & association floods ect.)– Detect Wireless Authentication attacks – Detect IP Dos (i.e Port scan, flood & TCP syn

Check ect)– Mitigate attacks at the RF layer and “BAN” client

for determined period of time29

HiveAP’s periodically scan all channels..(HiveAP’s coordinate scan & do not impact VoIP or data app’s)

http://www.cactusmountain.com/Photos/Patches/PP116.jpg

“On-Network” Rogue

Trusted Client Launching IP DoS attack

Confidential 2010

Policy Enforcement at the Edge

30

Edge-based policy enforcement– Instantly responds to variations in

wireless network characteristics– Policy enforced at network

ingress

54246

VLANs

Tunnel

Bandwidth varies due to instantaneous changes in SNR

Wired Backhaul NetworkWireless Network

Policy Enforcement – QoS

WMM, 8 QUEUEs per user, 802.1p & Diff Serv

– Access control & firewall Stateful Firewall WIDS & Rogue mitigation In-line L2-L4 DoS protection Web Portal

– Backhaul Profile-based or dynamic

VLAN or Dynamic Network Extension mapping

WMMUser

QUEUEs Diff Serv or .1p

Voice PolicyLaptop Policy

Guest Policy

Quarantine

Identity-based user profiles– User profiles are statically or

dynamically assigned– User Profiles include L2-L4

policy enforcement including security, QoS and access policy

Confidential 201031

WLAN Policy-HospitalsWLAN Policy-Hospitals

SSID:Guest

Hive-San Jose

WLAN Policy-ClinicsWLAN Policy-Clinics

SSID:Ops-1X

Hive-San Jose

Policy Management Example

SSID:Ops-1X

SSID:Guest

Patients

Contractors

Drs., Nurses 7x24 VLAN 5 Vocera = P1Data = P2

SSID: Clinic

Visiting Doctors

Element Specific Configurations: Map, Interfaces, Mesh, On-board Radius …

Drs., Nurses 5x8 Tunnel

Imaging 7x24 VLAN 6

Maintenance 5x8 TunnelMaintenance 5x8 Tunnel

Patients 7x24 Tunnel

Contractors 7x24 Tunnel

1Mbps

3Mbps

Confidential 201032

SLA Compliance Solution SLA Monitoring – How does it work?

“Performance Sentinel” feature compares client throughput and demand with predefined throughput SLA level

– Uses client data statistics to determine client throughput – Uses buffer statistics in the QoS engine to determine if client is

actually trying to send more.

SLA

Above the SLA

Below the SLA and wants more throughput

Below the SLA Getting enough throughput

Enterprise application

File transfer

Low data rate video

Confidential 201033

SLA Compliance Solution SLA Actions – How does it work?

Actions may be triggered by the failure to meet an SLA

– Actions attempt to enable client to achieve required throughput

The first action available is “Airtime Boost”– Provides more airtime to client not meeting SLA– Designed to work in concert with Dynamic Airtime

Scheduling Other actions will be available in future releases

SLA

Above the SLA

Below the SLA and wants more throughput

Below the SLA Getting enough throughput

Boost Enabled

Enterprise Application

File Transfer

Low data rate video

Confidential 2010

SLA Compliance Solution Example using HiveManager

34

HiveManager SLA reporting shows that 3 clients on 1 AP were in violation - Red When Airtime Boost action is enabled reporting shows all clients and APs are SLA

compliant but 3 are a result of an action - Yellow

Confidential 2010

Roam

35

Layer 2 Roaming

User associates and authenticates and keys are distributed

AP predicatively pushes keys and session state to one hop neighbors

As client roams and associates with another AP the traffic continues uninterrupted

RADIUS Server

Confidential 2010

Subnet A Subnet B

Router

GRE Tunnel

36

Layer 3 Roaming

Like Layer 2 roaming the Layer 3 roam predicatively pushes keys to one hop neighbors.

In order to maintain IP connectivity a tunnel is created to home subnet.

Tunnel continues to follow roaming user until sessions end then tunnel is terminated and the user accesses the local network

Confidential 2010

Wired ArchitectureTraffic Flows

37

WAN

Data Center

SAAS

VoIP RTP

Client – ClientClient – WorkgroupClient – Server/DatabaseClient - Internet

Confidential 2010

WLAN Controller ArchitectureTraffic Flows

38

WAN

Data Center

SAAS

VoIP RTP

Remote Controller$

Local Forwarding• Aruba Remote AP

• Split Tunnel (ACL)• Cisco Hybrid-REAP

Motorola Adaptive AP• Separate SSIDs

Local Data Center

Client – ClientClient – WorkgroupClient – Server/DatabaseClient – InternetClient – Local/Internet

Remote controllers offer most of the functionality but:

Expensive to DeployExpensive to Scale

Controller Adds LatencyNot optimized for Branch

Remote/Hybrid AP are a compromise:No WIDS

No Self HealingNo Layer 3 fast roaming

No LocationingNo Guest Services

Limited WPA-PSK, 802.1xLimited Layer 2 fast roaming

Confidential 2010

Cooperative Control Architecture Traffic Flows

39

Internet/WAN

Central Office

Branch Office

Small Branch/SOHO

Client – ClientClient – WorkgroupClient – Server/DatabaseClient – Internet

No CompromisesBest TCO

Easy to DeployScalable

Best Performance

Confidential 2010

Enterprise Resiliency

40

Survives multiple

inline failures statefully

Single point of failure

Access

Distribution/ Core

Phone call maintained

Wired Resiliency Traditional WLAN Resiliency

Phone call long gone

Wireless state is lost

DHCP AAA

Confidential 2010

Enterprise WLAN resilience with Cooperative Control

Dual homed data and PoE capability

Stateful failover & best path forwarding

802.11n mesh resilience Track IP Seamless secure

roaming

41

Confidential 2010

Location and Asset Tracking with AeroScout

Aerohive has partnered with AeroScout and Ekahau to offer Location and Asset Tracking

Aerohive APs can act as a sensor for tags and client devices

42

Location Tracking

WiFi Tags and Clients

RTLS Engine

AeroScout MobileView

HiveAPs

Confidential 2010

GuestManager – Guest Administration

Central management of guest accounts

Role based guest management – Contractors can be differentiated from

hourly visitors– Different company employees can create

different levels of accounts Works with policy enforcement

on the APs to enable different access and backhaul policy

Offered with an unlimited user license

43

Guest Management

Contractor

GuestManager 1.0

Guest

1.

2.

3.

Employee

Guest Administrator

Employee

Confidential 2010

GuestManager Overview

Coupled with Aerohive HiveAPs provides a complete Guest Management solution

Enables non-technical users to create and manage guest accounts

Role based administration enables between Different types of guests

44

Confidential 2010

Guest Manager Workflow

1. An authorized employee, like a receptionist logs into guest manager and creates an account

2. The guest is handed printed credentials

3. The Guest then accesses the network and is presented a captive web portal

4. The Guest enters his or her credentials and the guest is authorized to the guest network

45

Firewall

Guest

Corp RADIUS

Guest VLANCorp VLAN

Public Network

Captive Web Portal Authentication

Authorized Employee

GuestManager

Credentials

GuestManager - Guest Administration Solution

Confidential 2010

Guest Manager Features

RADIUS Based Backend– Works with Aerohive AP

RADIUS based configuration– Works with wired gateways

for consistent Guest Solution Easy to use by non-IT

personnel Administrators can easily

set up employee and guest roles.

Bulk import and account creation for large events.

Role Based Administration of Guests

– Differentiate between visitors and guests

– Send attributes to AP for User Policy and VLAN assignment

Role based Administration of Authorized Employees

– User Role Assigned through AD integration (LDAP)

– Use role to define what type of guest can be set up • Receptionist can create 2 hour

visitor • HR can create a multi week

contractor

46

Confidential 2010

Other Guest Networking Capabilities

User Profiles provide differentiated access

– Separate QoS settings– Separate security

settings Segmentation of

Guest Traffic– Support for VLANs– Selectively tunnel guest

traffic to a DMZ– TCP/IP Firewall Rules– MAC Firewall Rules

Captive Web Portal– Collect User data– Authenticate users– Agree to “Acceptable

Use Policy”

WirelessClients

Firewall DNX Tunnel

Confidential 201048

Major Investment in Partnerships, Certifications and Interoperability

HTC Phones

S60Platform

Blackberry8820

Mobility and FMC

Single Mode Voice

Cisco 7921

Healthcare, Logistics and Retail

Scanners and mobile computers

Symbol MC70

CK31

Authentication and Client Management

Location and Asset

Tracking

IAS, AD and Windows Clients

Network Access Control (NAC)

Network Access Protection (Server 2008)

Unified Access Control

Industry Affiliations

Tools

Security

SBR and Odyssey

eDirectory

Access Switching and PoE

Meetinghouse and ACS +Etherchannel

Confidential 2010

Less Infrastructure Cost

49

Comparison for 30 APs Aerohive HiveAP 120 and HiveManager OnlineAruba 105 AP & 3200-32 Controller & FW/WIPS licenseCisco 1142 AP (bundle price) & 5508-50 Controller

High Availability

Confidential 2010

Start Small and Expand Easily

50

1 Site – 10 APs

$-

$50

$100

$150

$200

Cisco Aruba Aerohive

Thou

sand

s

Support Management Licensing Controller AP

Wireless NMS

Backup

Rack Space

HiveManager Online

Rack Space

Backup

Rack Space

HiveManager Online

10 Sites – 10 APs

Confidential 2010

Distributed Enterprise WLAN comparison

51

# Sites Cost (Controllers + APs + Mgmt)

10 50 100 500

Non Red.

$186K $926K $1.8M $9.2M

Red. $286K $1.4M $2.8M $14.2M

HQ

AC-50 x 2

AP x 30

$76,995

NMS

HiveAP x 30

$25,069

HiveManager

AC-12 x 2

AP x 8

$27,982

Distributed Enterprise / Sites

HiveAP x 8

$6,152

Aerohive Cooperative

Control

Centralized Controller Approach

# Sites Cost (HiveAPs + Mgmt)10 50 100 500$62K $308K $615K $3.1M

Cost comparison of 802.11n networks designed to support expansion, mission-critical operation and VoWLAN

Based on Cisco 1140 802.11n series APs, 2100/4400 series controllers and WCS management software

Confidential 2010

Aerohive benefits for Healthcare

Wi-Fi Enabled Medical Applications– Patient Telemetry and Bedside Monitoring– Medical Equipment Monitoring – Location and Asset Tracking – Barcode Medication Administration– Voice Messaging– Secure Guest Access

Security– Integrated advanced security for

HIPAA compliance Deterministic and high

performance– VoWi-Fi, Imaging, Telemetry– Immune to slow clients

consuming all the airtime Highly resilient

– No single points of failure– Path resilience

Accurate location tracking– Ekahau and Aeroscout certified

Mesh connectivity– Coverage in hard to wire locations

Spectralink

Confidential 2010

Aerohive benefits for Manufacturing, Distribution and Retail

Wi-Fi Enabled Applications– Inventory Management– Voice Picking– Point of Sale Systems– Secure Guest Access– Secure Employee Access

Highly resilient– No single points of failure– Path resilience

Security – Integrated advanced security for

PCI compliance Mesh connectivity

– Coverage in hard to wire locations Deterministic performance

– Voice over Wi-Fi – Seamless roaming

Cost Effective– Linear cost structure and scalability– Centralized management

Central Warehouse

Confidential 2010

Aerohive benefits for Education

Wi-Fi Enabled Applications– Student Access– Secure Guest Access– Secure Faculty Access– Voice over Wi-Fi – Video Surveillance

Ease of Use– Centralized management– Policy-based configuration

Deterministic high performance– Voice over Wi-Fi – QoS and BW management– Immune to slow clients

consuming all the airtime Security

– Advanced integrated security– Sophisticated policy

segmentation Cost Effective

– Linear cost structure and scalability

Central Campus

Confidential 2010

Aerohive benefits for Distributed Enterprise

Wi-Fi Enabled Applications– Secure Guest Access– Secure Employee Access– Voice over WiFi– Wireless branches– Video Surveillance

Security– Integrated advanced security

Deterministic and high performance

– Business productivity, VoWi-Fi, CAD, SaS Apps

– Immune to slow clients consuming all the airtime

Highly resilient– No single points of failure– Path resilience– Survivable branches

Mesh connectivity– Coverage in hard to wire

locations

Confidential 2010

Aerohive benefits for Distributed Enterprise

Wi-Fi Enabled Applications– Secure Guest Access– Secure Employee Access– Voice over WiFi– Wireless branches– Video Surveillance

Security– Integrated advanced security

Deterministic and high performance

– Business productivity, VoWi-Fi, CAD, SaS Apps

– Immune to slow clients consuming all the airtime

Highly resilient– No single points of failure– Path resilience– Survivable branches

Mesh connectivity– Coverage in hard to wire

locations

Confidential 2010

Improving application and WLAN performance – In the core

57

Thro

ughp

ut

AerohiveController

# of APs

Controller Capacity Limit

WLAN Controller capacity and performance limits scalability– Aggregate throughput is limited

by the processing and encryption capacity of the controller

– Controllers are all 10-20x oversubscribed with 802.11n

– Thin APs scale to the limit of the controller. Scalability can only be increased by replacing the controller

– Aerohive HiveAPs scale incrementally up to the limit of the wired network not the WLAN

Confidential 2010

Improving application and WLAN performance – Through the AP

Up 5x faster* in pure 802.11n tests

58

No

Res

ult M

otor

ola

No

Res

ult S

iem

ens

No

Res

ult M

otor

ola

No

Res

ult S

iem

ens

Up to 4x faster* in mixed 802.11ag/n tests

*Derived from NWW and internal testing Q3 2008

The HiveAP was fastest in nearly all of our pure-802.11n tests, and it delivered the highest throughput for downstream traffic (the most common for most enterprises) in tests that mixed 802.11n and non-802.11n clients – David Newman - NetworkWorld

Confidential 2010

Time

2 FastClients

1 Slow Client, 1 Fast Client

With Contention, Fast Clients Wait for Airtime and Perform Like the Slowest Client

Principles of Dynamic Airtime Scheduling

59

Time

2 FastClients

1 Slow Client, 1 Fast Client

Dynamic Airtime Scheduling Allows Fast Clients to Transmit more Packets, Finish Quickly and Free Up the Air for the Slow Clients

Throughput

Fast Client Slow Client

Speed of the network is subject to the slowest client

Throughput

Fast Client Slow Client

Faster clients dramatically improve their performance without impacting slower clients

10x faster

Airtime Capacity

Airtime Capacity

Confidential 2010

Goo

dput

Kbp

s

Time (s)

Veriwave WiMix TCP Downlink TestMixed 802.11a & 802.11n – 20,000 Frames

60

n@270M, n@108M, n@54M a@54M, a@12M, n@6M

~ 100 Seconds

6 x .11a/n clients - n@270M, n@108M, n@54M, a@54M, a@12M, a@6M

Without Dynamic Airtime

Scheduling

With Dynamic Airtime

Scheduling

n@270M - 10sec ~ 10x performance improvement

n@108M - 15sec ~ 6x performance improvement

n@54M - 30sec ~ 3x performance improvement

a@6M

a@54M - 35sec ~ 2.5x improvement

a@12M - 65sec ~ 1.5x improvement

Goo

dput

Kbp

s

Time (s)

Upstream

IxChariot

Confidential 2010

Dynamic Airtime Scheduling How it works

61

Client A(135Mbps)

Client B(48 Mbps)

Client C(5.5 Mbps)

Time

Client A

Web Server

Client B

Client C

Equal Airtime Allocation

Aerohive QoS EngineScheduler • Schedules traffic (based on airtime allocation

& airtime consumed) into the Wireless Multi-Media hardware queues

Client C has used up its

share of airtime

Client B has used up its

share of airtime

Faster clients are able to send more often achieving higher throughput

6 Frames

3 Frames

2 Frames

Confidential 2010

WLAN Controller Resiliency

62

Access

Distribution/ Core

Traditional WLAN Resiliency

Phone call long gone

Wireless state is lost

DHCP AAA

Confidential 2010

Branch Survivability

Remote Office AAA caching– Using integrated HiveAP RADIUS server– Enables caching of user credentials to

prevent downtime when there is a loss of connectivity with the central site.

– Caches user credentials (hash) in volatile HiveAP memory such that if there is a WAN failure, authentication will continue to work

63

AAA

WANAAA Cache

Confidential 2010

200 Mbps FDX

Wired/WLAN integration in the Campus

Switch and VLAN discovery

Etherchannel legacy switch support

Link and Path Resiliency

Unified authentication, attributes, and NAC

Unified Guest Management and segmentation

Support for global event management

64

Datacenter

Authoritative User Store

SEM or Central Monitoring HiveManager Guest Manager

CDP/LLDP Discovery + VLAN Debug

LDA

P/N

TLM

RADIUS/EAP

LDAP

RA

DIU

S

RA

DIU

S

Dual Homing

Track GatewaySN

MP

/Sys

log

SNMP/Syslog

Confidential 2010

Wired/WLAN integration in the Branch

RADIUS Caching and remote office RADIUS functionality

– Act as RADIUS server for wired 802.1X

Full function DHCP Server

Wireless VPN– Split tunneling

support Controllerless

deployment

65

Authoritative User Store

SEM or Central Monitoring HiveManager Guest Manager

RADIUS

DatacenterIPsec VPN

DHCP

Confidential 2010

HiveManager Online

SaaS delivery of enterprise Wi-Fi Mgmt

– Per AP service / Customer domain– Policy-based mgmt, topology, reporting, heat

maps, SLA compliance and RF survey and planning tools

– Virtualized, resilient infrastructure– Two modes – Express & Enterprise– Role-based customer administration– Seamless transition from Online and standalone

HiveManager APs with distributed control and

data forwarding– Minimal onsite hardware– Pay as you go expansion– No single points of failure!

• WAN outage does not impact WLAN Connectivity or Functionality (Roaming, Auto RF, QoS, Authentication)

Intelligent APs (Integrated Firewall, Radius, QoS, Mesh)

66

FW WIDS

RADIUS

QoS

MESH

DataControl

Web Interface

Topology

Reporting

Heat Maps

SLA Compliance

RF Survey & Planner

WAN

HiveManager Online

Confidential 2010

Server Infrastructure and connectivity

Infrastructure– Utilizes HiveManager

• AJAX interface • Database virtualization

– Customer and system management back-end provides support and customer automation

– Automatic system backup and recovery• Although, customer network operation

is not dependant on HiveManager Online

Network Connectivity– AP initiates connection

• Requires no firewall configuration, just drop in the AP

• Traffic is secured using SSH and DTLS– Policy and configuration is pushed to HiveAP– Distributed control and data forwarding limits

HiveManager Online to monitoring / configuration and not WLAN operation

67

Customer A

Aerohive Virtualized Hosted Infrastructure

CustomerSites

Aerohive Virtualized Hosted Infrastructure

……

Public Network

Customer B Customer C

Confidential 2010

HiveManager Demo & RF Planner

Try before you buy!– HiveManager Online demo system will allow

potential customers to try before they buy– Configurations created in the demo system can

be easily moved to production systems to add real APs

Free web-based RF planning tool– Included in the HiveManager is a new RF

planning tool– RF planning tool will be available as a part of

the demo system and part of a separate web-based RF planning tool available at www.aerohive.com

– RF planning tool will work for virtually any vendors AP and will allow enterprise customers to easily answer their first question. How many APs do I need?

68

HiveManager Online

Demo System

Confidential 2010

Enterprise Class Wi-Fi Start small, seamless upgrade path

69

IT SophisticationSmall Enterprise Medium Enterprise Large Enterprise

Dep

loym

ent S

ize

HiveUI

HiveManager Online: Express Mode• Simplified

workflow without compromising features

• Per AP/year fee incl. SW support

HiveManager:Appliance (1U/2U) orVirtual Appliance (VMware)• Express/Enterprise • Appliance + per AP

fee + SW supp.

HiveManager Online: Enterprise Mode• Full HiveManager

Experience Online

• Per AP/year fee incl. SW support

Seamless Upgrade Path

Confidential 2010

Wireless VPN

Easy to Use– L2 IPSec VPN solution simplifies deployment– Automatic certificate creation and distribution– Profile-based Split Tunneling

• Users and Services can be bridged locally or tunneled based on user profile

Flexible– Single mode of operation supports all

deployments – Supported in all HiveAP platforms, Hardware

Acceleration in 300 series– Multiple end point support

• Backup VPN gateway support • Distributed Wireless VPN tunnel termination

Complete Functionality– Multiple AP Support with fast roaming– Mesh Portals and Mesh Points supported– RADIUS, DHCP, NTLM, LDAP and NTP can

selectively go to local or remote network

70

Home Laptop

Corporate Laptop

IPSec VPN

Internet

Confidential 2010

How does it work?A single HiveAP by itself

acts as a full-

featured enterprise class access point

Identity-based security, including stateful

inspection FW, rogue detection & mitigation

Airtime Scheduling,

SLA compliance and local

forwarding implemented at the edge

HiveAPs are

discovered, policy

is pushed and the WLAN is operation

alHiveManager

is a single mgmt interface

for configuration, OS updates & monitoring of thousands of

devices

71

Wireless Network

Wired Network

Secure Fast L2/L3 RoamingTraffic Flow ComparisonResiliency ComparisonSeamless Wired Integration

Reporting Heat Maps

SLA Compliance

Policy Configuration

HiveManager NMS

With a second HiveAP,

fast stateful

roaming, cooperati

ve RF, station load

balancing and

seamless resiliency

are enabled

Mesh networking and

best path forwarding can be used for

extra resiliency

and reachability

Dynamically

reroutes around failures

As more HiveAPs

are added,

coverage,

reliability and

backhaul bandwidt

h increase

s

Cooperative RF power levels

minimize co-

channel interferen

ce

With Cooperat

ive Control, clients

can securely

and seamlessly roam across

the WLAN

Dynamic best path forwardin

g and stateful roaming provides resiliency without a

single point of failure

With Cooperat

ive Control, clients

can securely

and seamlessly roam across

the WLAN

Confidential 2010

WLAN Magic Quadrant - Visionary

72

In its Second Magic Quadrant appearance - Aerohive is a Visionary!

Aerohive is the newest* and one of the most visionary vendors in the magic quadrant• “…..the physical controller has vanished either into the cloud or

into the one or more access points. These new solutions in addition to lower priced access points continue to reduce the total cost of ownership for WLAN connectivity at the edge of the network.”

• “Although Aerohive is one of the smaller companies considered in this research, its record of innovation and product enhancements is impressive”

• “Aerohive supports an innovative service-level agreement (SLA) capability that not only monitors, but proactively manages user-defined SLAs for applications that need a minimum level of wireless access to maintain application performance.”

• “With failover and security functionality built into the access point mesh, and no single point of failure (the controller), Aerohive's solution supports a high degree of redundancy.”

• “Customers gave Aerohive high marks for its experience, including sales, support and performance of the solution.”

* Other vendors included are at least 3 years older than Aerohive

Aerohive moves to the Visionaries

Source: Gartner WLAN Magic Quadrant – Feb 2010