HIVEMANAGER AND HIVEMANAGER ONLINEmindspeed.eu/wp-content/uploads/2013/03/HiveManager-Online.pdf ·...

© 2011 Aerohive Networks CONFIDENTIAL

Q3 2012

HIVEMANAGER AND HIVEMANAGER ONLINE


• HiveManager Overview ›  Product Description ›  Product Positioning ›  HiveManager Online ›  Connectivity Options

• Network Policy Configuration • Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual

HiveManager • Guest Management •  TeacherView

Agenda


HiveManager - Management System

3

•  Unified management interface for configuration, monitoring, reporting, and administration of thousands of Aerohive devices in a wired and wireless network.

•  Real-time topology, performance and user views simplify troubleshooting, capacity planning and security remediation

•  Flexible deployment options – in the cloud, appliance, or VMware available

•  Zero configuration Aerohive device deployment

•  Non-essential to Aerohive device operation

Platform Independent Web Interface

Database Device Server

Ajax GUI Server

HiveOS Devices


Enterprise Mode •  Enterprise sophistication •  Multiple WLAN policies •  Multiple user profiles/SSID •  Active Directory support

HiveManager Appliance 2U •  Redundant power& fans •  HA redundancy •  5000 APs

HiveManager Online •  Cloud-based SaaS management •  HA redundancy •  Flexible scaling

HiveManager Virtual Appliance •  VMware ESX & Player •  HA redundancy •  5000 APs with minimum configuration

HiveManager 1U Appliance •  HA redundancy •  500 APs

Express Mode •  Optimized for ease of use •  Uniform company-wide policy •  One user type per SSID

Complete, Flexible Wireless Management Solutions

4

Seamless Upgrade

Path

• Increasing deployment

size • Increasing

network complexity

Heat Maps

RF Planner SW, Config, & Policy Topology

Reporting SLA Compliance

Guest Mgmt Spectrum Analysis


HiveManager Product Line

5 5

HiveManager Online

HiveManager 1U

Appliance

HiveManager Virtual Appliance

HiveManager 2U Appliance

Cloud-based SaaS

1U Appliance VMWare ESX or Player 2U Appliance

Full Configuration and Monitoring Functionality

Yes Yes Yes Yes

RF Planner Yes Yes Yes Yes

Managed firmware updates Yes No No No

Redundant Power and HDD Options

Yes (Cloud-based) No Dependent on hardware No

Topology Maps with heat map coverage

Yes Yes Yes Yes

HA Redundancy Yes Yes Yes Yes

Pricing – Starting At $80/AP/yr $4999 $1999 $9999


HiveManager Positioning

6

HiveManager Online HiveManager On Site

§  Customer Premise Equipment §  Robust Appliance/Software that can

reside anywhere and APs will “phone home” to find it

§  Customer responsible for upgrades, equipment placement, backups, and logging

HiveManager 1U Appliance

Dedicated Appliance Supports 500 Access Points Supports 5 Virtual HiveManagers

HiveManager High Capacity (2U)

Supports Redundant Power and Hard Drives Supports 5000 Access Points Supports up to 500 Virtual HiveManagers

HiveManager Virtual Appliance

Lowest Cost On-Site Deployment Option Supports 5000 Access Points Up to 500 Virtual HiveManagers

HiveManager Online

Fastest deployment, lowest initial cost Robust redundancy and disaster recovery Flexible AP support and virtual HiveManager scaling

•  SaaS Offering in the Cloud

•  Fastest to deploy and easiest to manage

•  No initial equipment costs •  Aerohive handles all operational

activities, including upgrades and backups

•  Ideal for multi-site deployments

•  Ideal for MSP outsourcing


Start Small and Grow

7

Plan Demo Order & Deploy Expand Expand

Order & Deploy Expand Expand

HiveManager Online or HiveManager Appliance (1U, 2U, VA) Enterprise Mode

HiveManager Online: Express Mode

www.aerohive.com

•  Demo for free at www.aerohive.com/demo •  Start small with simple configurations in

HiveManager Online Express Mode •  Seamlessly upgrade to Enterprise Mode •  Same system whether Online, Appliance or

Virtual Appliance platform


HiveManager Online

8

•  SaaS delivery of enterprise Wi-Fi and Branch On Demand Mgmt

›  Per AP service / Customer domain ›  Policy-based mgmt, topology, reporting, heat

maps, SLA compliance, and RF survey and planning tools

›  Virtualized, resilient infrastructure ›  Two modes – Express & Enterprise ›  Role-based customer administration ›  Seamless transition between online and on-

premise HiveManager • APs with distributed control and

data forwarding ›  Minimal onsite hardware ›  Pay as you go expansion ›  No single points of failure!

»  WAN outage does not impact WLAN Connectivity or Functionality (Roaming, Auto RF, QoS, Authentication)

•  Intelligent APs and branch routers (Integrated Firewall, RADIUS, QoS, VPN, Mesh)

FW WIDS

RADIUS

QoS

MESH

Data Control

Web Interface

WAN

HiveManager Online

Topology

Reporting

Heat Maps

SLA Compliance

RF Survey & Planner


Server Infrastructure and Connectivity

•  Infrastructure ›  Uses HiveManager

»  AJAX interface

»  Database virtualization

›  Customer and system management back-end provides support and customer automation

›  Automatic system backup and recovery

•  Network Connectivity ›  AP initiates connection

»  Requires no firewall configuration, just drop in the AP

»  Traffic is secured using SSH and DTLS

›  Policy and configuration is pushed to APs and routers

›  HiveManager Online monitoring / configuration not essential to WLAN operation due to distributed control and data forwarding

›  No actual data traffic from managed Aerohive devices (APs and routers) is forwarded or traverses the Aerohive Cloud Services Platform.

Customer A

Aerohive Virtualized Hosted Infrastructure

Customer Sites

Aerohive Virtualized Hosted Infrastructure

…

Customer B Customer C

Public Network


Aerohive Global Cloud Services

US West

Multi-tenant With Partner

Portal

Availability & Reliability

Robust data security

US East (Virginia)

EMEA (Ireland)

Asia Pac (Australia)

•  Local HA redundancy and cross data center Disaster Recovery •  SAS 70 Type II data centers •  EMEA data center for EU Privacy Controls with non-US DR •  Software developed in ISO 27001 development center

No control nor data path

point of failure

Possible LTAM DC

99.99

%


Connectivity Options

11

•  Because the Aerohive APs and routers are often located on separate networks than the HiveManager, they are equipped with intelligence to support Proxy Servers, Standard Access Ports, and even Distributed Download functionality

HiveManager

APs and Routers

Communication: CAPWAP UDP port 12222 SCP TCP port 22 – or – HTTP TCP port 80 HTTPS TCP port 443

Distributed Download allows a single AP of each type to download the new firmware and then distribute it among peers at the same location


HiveAP Auto-Discovery Functionality

12

APs and Routers

HiveManager 1U, 2U, and Virtual Appliance

HiveManager Online

Staging Server

1

2

3

4 Staging Server

5

If Staging is not configured, then back to number 1

§  Zero Pre-Configuration Needed! §  Aerohive devices discover the

HiveManager and “Phone Home” from anywhere in the world

*Note: It is also possible to statically configure the HiveManager information, which disables the auto-discovery functionality



• Network Policy Configuration • Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual


Agenda


Powerful User-Centric Configuration

•  Flexible mapping of SSIDs and Users access to the network › QoS Policy ›  Firewall Policy › Mobility Policy ›  VLAN and Tunnel mapping ›  Routing policy

• Configurations can be applied across any number of APs and routers

•  Enables easy large scale management – a wide reaching change can be pushed across a network in seconds


WLAN Policy-Hospitals Network Policy-Hospitals

SSID: Guest

Hive-San Jose

WLAN Policy-Clinics Network Policy-Clinics

SSID: Ops-1X

Hive-San Jose

Flexible Policy Configurations

15

SSID: Ops-1X

SSID: Guest

Patients

Contractors

Drs., Nurses 7x24 VLAN 5 Vocera = P1 Data = P2

SSID: Clinic Visiting Doctors

Element Specific Configurations: Map, Interfaces, Mesh, On-board Radius …

Drs., Nurses 5x8 Tunnel

Imaging 7x24 VLAN 6

Maintenance 5x8 Tunnel Maintenance 5x8 Tunnel

Patients 7x24 Tunnel

Contractors 7x24 Tunnel


Sophisticated NMS Functionality

16

• Object-based Classification › Allows an administrator to create a single policy with different

objects applied based on identity, location, or custom tag

• Built-in Certification Authority to simplify authentication requirements

• Simple web-page editor to customize Captive Web Portal pages

• Auto-Provisioning support to allow administrators to deploy firmware and configuration updates without even logging in



• Network Policy Configuration • HiveManager Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual


Agenda


Topology and Network Status

•  Provides quick topology view of the network ›  What APs are connected ›  AP Status – Alarms, mesh

connections ›  Heatmap to show AP coverage ›  Rogue AP and Client Locations

•  Flexible map management capabilities to work across multiple sites and multi-floor buildings

•  Drill down on each AP to get client information, debug issues, and update configuration and firmware


Fully-Featured RF Planner

19

•  Included in the HiveManager is a new free RF planning tool •  The planning tool is also available as part of the HiveManager Online demo

system and part of a separate web-based tool available at www.aerohive.com/planner

•  Free Wi-Fi planner tool will work for virtually any vendor AP and will allow enterprise customers to easily answer their first question, “How many APs do I need?”


Planner Auto AP Placement

• Places APs automatically after drawing perimeter and walls

• Customize deployment options for density and client type

• Option to manually adjust or add APs

1 Upload a Floor Plan or Draw a Custom Map

Draw the Walls

2

3 Select Auto-Place APs!





Agenda


Network Summary and Customizable Dashboard

• Quick status of network using fully customizable dashboard with widgets including: ›  Number and types of clients ›  Number of clients over time ›  Alarms and SLA Compliance status ›  Client Health Statistics

•  Details can be found by drilling into users and logs


Powerful Client Monitoring Tools

23

• Client Monitor to help troubleshoot and identify client issues

• Rogue and Friendly Client Location Tracking ›  Easy mitigation for

unauthorized users


Client Health Monitoring

24

•  Client Health makes it easy to see what is going on with groups of clients on the network

•  Easy to drill into problem client info

Good connection High data rates & high successful transmission rates

Marginal connection Lower data rates / lower successful transmission rates

Poor connection Low data rates / low successful transmission rates

Client Health

Calibrated to the organizations deployment goals •  High density, performance oriented network

•  Normal density network

•  Low density, coverage oriented network


Network Summary Report

• Reports by location, device groups and SSIDs ›  E.g. Number of clients on “Guest-SSID” at head-quarters

• Default templates with pre-selected views

• Easy PDF and Email options

25


Out of the box reports

• Client capacity and OS distribution

• Bandwidth and client trends by SSID

•  Top N APs by bandwidth, clients, errors

•  Top N clients/usernames

26

• Scheduled and on-demand reports

• Day/Week/Month and custom time options


Spectrum Analysis

27

•  Detection of typical sources of non-Wi-Fi interference Typical interference sources identified by name through interference signatures Can be run in either 2.4 Ghz or 5 Ghz band

•  Supports simultaneous spectrum analysis and data collection





Agenda


HiveManager Role Based Administration

29

Policy Design & Configuration

Monitoring & Maintaining

Upgrading & Adjusting

Network Policies Hive, Services, WLAN Mappings (SSID), Ethernet Access, Backhaul, QoS, Routing

Reporting Network Summary, Radio, SSID, Client, Security, Inventory, Bandwidth

New Network Policies User Profiles, Services (Applications)

Security Policies DoS Prevention, Firewall, Rogue Detection, Filters

Active & Rogue Clients MAC/IP Address, Host/User Name, AP Name/MAC

Certificate & Key Updates Upload Captive Web Pages and Keys Upload AAA Certificates & Keys

Authentication AAA client settings, LDAP Settings, Captive Web Portal

Fault Events & Alarms Severity, Date, Description

SW & Config. Updates Upload & Activate Config Upload & Activate SW

Administration Management Admin Groups Administrators

Aerohive Device Status Device name, type, # of clients, uptime, OS version

HiveManager Operations Backup Database, Update SW, Tech Support Data

NMS

Device Life Cycle


HiveManager Role Based Administration

30

Policy Design & Configuration

Monitoring & Maintaining

Upgrading & Adjusting

Network Policies Hive, Services, WLAN Mappings (SSID), Ethernet Access, Backhaul, QoS, Routing

Reporting Network Summary, Radio, SSID, Client, Security, Inventory, Bandwidth

New Network Policies User Profiles, Services (Applications)

Security Policies DoS Prevention, Firewall, Rogue Detection, Filters

Active & Rogue Clients MAC/IP Address, Host/User Name, AP Name/MAC

Certificate & Key Updates Upload Captive Web Pages and Keys Upload AAA Certificates & Keys

Authentication AAA client settings, LDAP Settings, Captive Web Portal

Fault Events & Alarms Severity, Date, Description

SW & Config. Updates Upload & Activate Config Upload & Activate SW

Administration Management Admin Groups Administrators

Aerohive Device Status Device name, type, # of clients, uptime, OS version

HiveManager Operations Backup Database, Update SW, Tech Support Data

Network Admin

Security Admin

Operations

Device Life Cycle

§  Unlimited set of roles –  Tasks and views can be delegated to each role


Virtual HiveManager Functionality

31

• Multiple separate Instances of HiveManager on a single hardware platform

• Complete Separation of Administration for ›  Enterprise ›  Managed Services

•  Domains are completely segmented and appear as a stand alone management system. ›  Separate views

›  Separate Policies

›  Separate Reporting

HiveManager A HiveManager B HiveManager C

Virtualized HiveManager

A B C


Virtual HiveManager Capabilities

•  Up to 50 Virtual HiveManagers per physical hardware platform

•  Self Administration enables Virtual HiveManager to be accessible to customers in a Managed Service

•  SuperUser Admin can create, modify and delete Virtual HiveManagers

• Complete segmentation of all data-objects including SSID and security information

•  Role-based administration within a Virtual HiveManager ›  Read and/or Write per

configuration feature

›  Read and/or Write per location

• Automated emailed Reporting, Logs and email alerts available for each Virtual HiveManager

• Aerohive APs establish DTLS tunnel to HiveManager for management traffic ›  Works across NAT boundaries

32


Large/Distributed Enterprise

33

•  Large enterprises with multiple operating companies or distributed IT functions often require separate administrative interfaces.

•  Single central HiveManager instance would appear to be dedicated to each organization

• Can be separated by: ›  Separate IT organizations

›  Separate roles ›  Geographic regions

Subsidiary A Subsidiary B Subsidiary C

A B C

Retail Store

Warehouse

Distribution Center

By Location or Role

Virtualized HiveManager





Agenda


Comprehensive Guest Management

35

§  User Profiles provide differentiated access

–  Separate QoS settings –  Separate security settings

§  Segmentation of Guest Traffic

–  Support for VLANs –  Selectively tunnel guest traffic

to a DMZ –  TCP/IP Firewall Rules –  MAC Firewall Rules

§  Captive Web Portal –  Collect User data –  Authenticate users –  Agree to “Acceptable Use

Policy”

§  Key Functions –  Centralized control over guest

accounts –  Assign User Profiles to

segment user access §  UserManager role to assign

Private Pre-Shared Keys to users

–  Included as a licensed application for HiveManager at no additional fee


UserManager – PPSK Administration

36

•  User Manager is license-enabled software that is run through a separate administrative interface from HiveManager and is used for issuing, managing, and revoking guest user accounts with Private Pre-Shared Key SSIDs.

•  A UserManager Admin or Operator can create temporary user accounts and assign Private Pre-Shared Keys, and distribute them via print out or email

•  A user can connect to an SSID using the pre-shared key and requires no additional configuration

UserManager

Contractor

HiveManager with UserManager

Guest

1.

2.

3.

Employee

User Administrator

User Operator


GuestManager – Guest Administration

37

• Central management of guest accounts

• Role based guest management ›  Contractors can be differentiated from

hourly visitors ›  Different company employees can

create different levels of accounts

• Works with policy enforcement on the APs to enable different access and backhaul policy

• Offered with an unlimited user license

GuestManager

Contractor

GuestManager 1.0

Guest

1.

2.

3.

Employee

Guest Administrator

Employee



• Network Policy Configuration

• HiveManager Monitoring and Planning

• Dashboard and Reporting

• Role-Based Administration and Virtual HiveManager

• Guest Management

•  TeacherView (see Student Manager and TeacherView preso)

Agenda

HIVEMANAGER AND HIVEMANAGER ONLINEmindspeed.eu/wp-content/uploads/2013/03/HiveManager-Online.pdf ·...

Documents

Transcript of HIVEMANAGER AND HIVEMANAGER ONLINEmindspeed.eu/wp-content/uploads/2013/03/HiveManager-Online.pdf ·...