HIVEMANAGER AND HIVEMANAGER ONLINEmindspeed.eu/wp-content/uploads/2013/03/HiveManager-Online.pdf ·...
Transcript of HIVEMANAGER AND HIVEMANAGER ONLINEmindspeed.eu/wp-content/uploads/2013/03/HiveManager-Online.pdf ·...
© 2011 Aerohive Networks CONFIDENTIAL
Q3 2012
HIVEMANAGER AND HIVEMANAGER ONLINE
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager - Management System
3
• Unified management interface for configuration, monitoring, reporting, and administration of thousands of Aerohive devices in a wired and wireless network.
• Real-time topology, performance and user views simplify troubleshooting, capacity planning and security remediation
• Flexible deployment options – in the cloud, appliance, or VMware available
• Zero configuration Aerohive device deployment
• Non-essential to Aerohive device operation
Platform Independent Web Interface
Database Device Server
Ajax GUI Server
HiveOS Devices
© 2011 Aerohive Networks CONFIDENTIAL
Enterprise Mode • Enterprise sophistication • Multiple WLAN policies • Multiple user profiles/SSID • Active Directory support
HiveManager Appliance 2U • Redundant power& fans • HA redundancy • 5000 APs
HiveManager Online • Cloud-based SaaS management • HA redundancy • Flexible scaling
HiveManager Virtual Appliance • VMware ESX & Player • HA redundancy • 5000 APs with minimum configuration
HiveManager 1U Appliance • HA redundancy • 500 APs
Express Mode • Optimized for ease of use • Uniform company-wide policy • One user type per SSID
Complete, Flexible Wireless Management Solutions
4
Seamless Upgrade
Path
• Increasing deployment
size • Increasing
network complexity
Heat Maps
RF Planner SW, Config, & Policy Topology
Reporting SLA Compliance
Guest Mgmt Spectrum Analysis
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager Product Line
5 5
HiveManager Online
HiveManager 1U
Appliance
HiveManager Virtual Appliance
HiveManager 2U Appliance
Cloud-based SaaS
1U Appliance VMWare ESX or Player 2U Appliance
Full Configuration and Monitoring Functionality
Yes Yes Yes Yes
RF Planner Yes Yes Yes Yes
Managed firmware updates Yes No No No
Redundant Power and HDD Options
Yes (Cloud-based) No Dependent on hardware No
Topology Maps with heat map coverage
Yes Yes Yes Yes
HA Redundancy Yes Yes Yes Yes
Pricing – Starting At $80/AP/yr $4999 $1999 $9999
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager Positioning
6
HiveManager Online HiveManager On Site
§ Customer Premise Equipment § Robust Appliance/Software that can
reside anywhere and APs will “phone home” to find it
§ Customer responsible for upgrades, equipment placement, backups, and logging
HiveManager 1U Appliance
Dedicated Appliance Supports 500 Access Points Supports 5 Virtual HiveManagers
HiveManager High Capacity (2U)
Supports Redundant Power and Hard Drives Supports 5000 Access Points Supports up to 500 Virtual HiveManagers
HiveManager Virtual Appliance
Lowest Cost On-Site Deployment Option Supports 5000 Access Points Up to 500 Virtual HiveManagers
HiveManager Online
Fastest deployment, lowest initial cost Robust redundancy and disaster recovery Flexible AP support and virtual HiveManager scaling
• SaaS Offering in the Cloud
• Fastest to deploy and easiest to manage
• No initial equipment costs • Aerohive handles all operational
activities, including upgrades and backups
• Ideal for multi-site deployments
• Ideal for MSP outsourcing
© 2011 Aerohive Networks CONFIDENTIAL
Start Small and Grow
7
Plan Demo Order & Deploy Expand Expand
Order & Deploy Expand Expand
HiveManager Online or HiveManager Appliance (1U, 2U, VA) Enterprise Mode
HiveManager Online: Express Mode
www.aerohive.com
• Demo for free at www.aerohive.com/demo • Start small with simple configurations in
HiveManager Online Express Mode • Seamlessly upgrade to Enterprise Mode • Same system whether Online, Appliance or
Virtual Appliance platform
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager Online
8
• SaaS delivery of enterprise Wi-Fi and Branch On Demand Mgmt
› Per AP service / Customer domain › Policy-based mgmt, topology, reporting, heat
maps, SLA compliance, and RF survey and planning tools
› Virtualized, resilient infrastructure › Two modes – Express & Enterprise › Role-based customer administration › Seamless transition between online and on-
premise HiveManager • APs with distributed control and
data forwarding › Minimal onsite hardware › Pay as you go expansion › No single points of failure!
» WAN outage does not impact WLAN Connectivity or Functionality (Roaming, Auto RF, QoS, Authentication)
• Intelligent APs and branch routers (Integrated Firewall, RADIUS, QoS, VPN, Mesh)
FW WIDS
RADIUS
QoS
MESH
Data Control
Web Interface
WAN
HiveManager Online
Topology
Reporting
Heat Maps
SLA Compliance
RF Survey & Planner
© 2011 Aerohive Networks CONFIDENTIAL
Server Infrastructure and Connectivity
• Infrastructure › Uses HiveManager
» AJAX interface
» Database virtualization
› Customer and system management back-end provides support and customer automation
› Automatic system backup and recovery
• Network Connectivity › AP initiates connection
» Requires no firewall configuration, just drop in the AP
» Traffic is secured using SSH and DTLS
› Policy and configuration is pushed to APs and routers
› HiveManager Online monitoring / configuration not essential to WLAN operation due to distributed control and data forwarding
› No actual data traffic from managed Aerohive devices (APs and routers) is forwarded or traverses the Aerohive Cloud Services Platform.
Customer A
Aerohive Virtualized Hosted Infrastructure
Customer Sites
Aerohive Virtualized Hosted Infrastructure
…
Customer B Customer C
Public Network
© 2011 Aerohive Networks CONFIDENTIAL
Aerohive Global Cloud Services
US West
Multi-tenant With Partner
Portal
Availability & Reliability
Robust data security
US East (Virginia)
EMEA (Ireland)
Asia Pac (Australia)
• Local HA redundancy and cross data center Disaster Recovery • SAS 70 Type II data centers • EMEA data center for EU Privacy Controls with non-US DR • Software developed in ISO 27001 development center
No control nor data path
point of failure
Possible LTAM DC
99.99
%
© 2011 Aerohive Networks CONFIDENTIAL
Connectivity Options
11
• Because the Aerohive APs and routers are often located on separate networks than the HiveManager, they are equipped with intelligence to support Proxy Servers, Standard Access Ports, and even Distributed Download functionality
HiveManager
APs and Routers
Communication: CAPWAP UDP port 12222 SCP TCP port 22 – or – HTTP TCP port 80 HTTPS TCP port 443
Distributed Download allows a single AP of each type to download the new firmware and then distribute it among peers at the same location
© 2011 Aerohive Networks CONFIDENTIAL
HiveAP Auto-Discovery Functionality
12
APs and Routers
HiveManager 1U, 2U, and Virtual Appliance
HiveManager Online
Staging Server
1
2
3
4 Staging Server
5
If Staging is not configured, then back to number 1
§ Zero Pre-Configuration Needed! § Aerohive devices discover the
HiveManager and “Phone Home” from anywhere in the world
*Note: It is also possible to statically configure the HiveManager information, which disables the auto-discovery functionality
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
Powerful User-Centric Configuration
• Flexible mapping of SSIDs and Users access to the network › QoS Policy › Firewall Policy › Mobility Policy › VLAN and Tunnel mapping › Routing policy
• Configurations can be applied across any number of APs and routers
• Enables easy large scale management – a wide reaching change can be pushed across a network in seconds
© 2011 Aerohive Networks CONFIDENTIAL
WLAN Policy-Hospitals Network Policy-Hospitals
SSID: Guest
Hive-San Jose
WLAN Policy-Clinics Network Policy-Clinics
SSID: Ops-1X
Hive-San Jose
Flexible Policy Configurations
15
SSID: Ops-1X
SSID: Guest
Patients
Contractors
Drs., Nurses 7x24 VLAN 5 Vocera = P1 Data = P2
SSID: Clinic Visiting Doctors
Element Specific Configurations: Map, Interfaces, Mesh, On-board Radius …
Drs., Nurses 5x8 Tunnel
Imaging 7x24 VLAN 6
Maintenance 5x8 Tunnel Maintenance 5x8 Tunnel
Patients 7x24 Tunnel
Contractors 7x24 Tunnel
© 2011 Aerohive Networks CONFIDENTIAL
Sophisticated NMS Functionality
16
• Object-based Classification › Allows an administrator to create a single policy with different
objects applied based on identity, location, or custom tag
• Built-in Certification Authority to simplify authentication requirements
• Simple web-page editor to customize Captive Web Portal pages
• Auto-Provisioning support to allow administrators to deploy firmware and configuration updates without even logging in
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • HiveManager Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
Topology and Network Status
• Provides quick topology view of the network › What APs are connected › AP Status – Alarms, mesh
connections › Heatmap to show AP coverage › Rogue AP and Client Locations
• Flexible map management capabilities to work across multiple sites and multi-floor buildings
• Drill down on each AP to get client information, debug issues, and update configuration and firmware
© 2011 Aerohive Networks CONFIDENTIAL
Fully-Featured RF Planner
19
• Included in the HiveManager is a new free RF planning tool • The planning tool is also available as part of the HiveManager Online demo
system and part of a separate web-based tool available at www.aerohive.com/planner
• Free Wi-Fi planner tool will work for virtually any vendor AP and will allow enterprise customers to easily answer their first question, “How many APs do I need?”
© 2011 Aerohive Networks CONFIDENTIAL
Planner Auto AP Placement
• Places APs automatically after drawing perimeter and walls
• Customize deployment options for density and client type
• Option to manually adjust or add APs
1 Upload a Floor Plan or Draw a Custom Map
Draw the Walls
2
3 Select Auto-Place APs!
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • HiveManager Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
Network Summary and Customizable Dashboard
• Quick status of network using fully customizable dashboard with widgets including: › Number and types of clients › Number of clients over time › Alarms and SLA Compliance status › Client Health Statistics
• Details can be found by drilling into users and logs
© 2011 Aerohive Networks CONFIDENTIAL
Powerful Client Monitoring Tools
23
• Client Monitor to help troubleshoot and identify client issues
• Rogue and Friendly Client Location Tracking › Easy mitigation for
unauthorized users
© 2011 Aerohive Networks CONFIDENTIAL
Client Health Monitoring
24
• Client Health makes it easy to see what is going on with groups of clients on the network
• Easy to drill into problem client info
Good connection High data rates & high successful transmission rates
Marginal connection Lower data rates / lower successful transmission rates
Poor connection Low data rates / low successful transmission rates
Client Health
Calibrated to the organizations deployment goals • High density, performance oriented network
• Normal density network
• Low density, coverage oriented network
© 2011 Aerohive Networks CONFIDENTIAL
Network Summary Report
• Reports by location, device groups and SSIDs › E.g. Number of clients on “Guest-SSID” at head-quarters
• Default templates with pre-selected views
• Easy PDF and Email options
25
© 2011 Aerohive Networks CONFIDENTIAL
Out of the box reports
• Client capacity and OS distribution
• Bandwidth and client trends by SSID
• Top N APs by bandwidth, clients, errors
• Top N clients/usernames
26
• Scheduled and on-demand reports
• Day/Week/Month and custom time options
© 2011 Aerohive Networks CONFIDENTIAL
Spectrum Analysis
27
• Detection of typical sources of non-Wi-Fi interference Typical interference sources identified by name through interference signatures Can be run in either 2.4 Ghz or 5 Ghz band
• Supports simultaneous spectrum analysis and data collection
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • HiveManager Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager Role Based Administration
29
Policy Design & Configuration
Monitoring & Maintaining
Upgrading & Adjusting
Network Policies Hive, Services, WLAN Mappings (SSID), Ethernet Access, Backhaul, QoS, Routing
Reporting Network Summary, Radio, SSID, Client, Security, Inventory, Bandwidth
New Network Policies User Profiles, Services (Applications)
Security Policies DoS Prevention, Firewall, Rogue Detection, Filters
Active & Rogue Clients MAC/IP Address, Host/User Name, AP Name/MAC
Certificate & Key Updates Upload Captive Web Pages and Keys Upload AAA Certificates & Keys
Authentication AAA client settings, LDAP Settings, Captive Web Portal
Fault Events & Alarms Severity, Date, Description
SW & Config. Updates Upload & Activate Config Upload & Activate SW
Administration Management Admin Groups Administrators
Aerohive Device Status Device name, type, # of clients, uptime, OS version
HiveManager Operations Backup Database, Update SW, Tech Support Data
NMS
Device Life Cycle
© 2011 Aerohive Networks CONFIDENTIAL
HiveManager Role Based Administration
30
Policy Design & Configuration
Monitoring & Maintaining
Upgrading & Adjusting
Network Policies Hive, Services, WLAN Mappings (SSID), Ethernet Access, Backhaul, QoS, Routing
Reporting Network Summary, Radio, SSID, Client, Security, Inventory, Bandwidth
New Network Policies User Profiles, Services (Applications)
Security Policies DoS Prevention, Firewall, Rogue Detection, Filters
Active & Rogue Clients MAC/IP Address, Host/User Name, AP Name/MAC
Certificate & Key Updates Upload Captive Web Pages and Keys Upload AAA Certificates & Keys
Authentication AAA client settings, LDAP Settings, Captive Web Portal
Fault Events & Alarms Severity, Date, Description
SW & Config. Updates Upload & Activate Config Upload & Activate SW
Administration Management Admin Groups Administrators
Aerohive Device Status Device name, type, # of clients, uptime, OS version
HiveManager Operations Backup Database, Update SW, Tech Support Data
Network Admin
Security Admin
Operations
Device Life Cycle
§ Unlimited set of roles – Tasks and views can be delegated to each role
© 2011 Aerohive Networks CONFIDENTIAL
Virtual HiveManager Functionality
31
• Multiple separate Instances of HiveManager on a single hardware platform
• Complete Separation of Administration for › Enterprise › Managed Services
• Domains are completely segmented and appear as a stand alone management system. › Separate views
› Separate Policies
› Separate Reporting
HiveManager A HiveManager B HiveManager C
Virtualized HiveManager
A B C
© 2011 Aerohive Networks CONFIDENTIAL
Virtual HiveManager Capabilities
• Up to 50 Virtual HiveManagers per physical hardware platform
• Self Administration enables Virtual HiveManager to be accessible to customers in a Managed Service
• SuperUser Admin can create, modify and delete Virtual HiveManagers
• Complete segmentation of all data-objects including SSID and security information
• Role-based administration within a Virtual HiveManager › Read and/or Write per
configuration feature
› Read and/or Write per location
• Automated emailed Reporting, Logs and email alerts available for each Virtual HiveManager
• Aerohive APs establish DTLS tunnel to HiveManager for management traffic › Works across NAT boundaries
32
© 2011 Aerohive Networks CONFIDENTIAL
Large/Distributed Enterprise
33
• Large enterprises with multiple operating companies or distributed IT functions often require separate administrative interfaces.
• Single central HiveManager instance would appear to be dedicated to each organization
• Can be separated by: › Separate IT organizations
› Separate roles › Geographic regions
Subsidiary A Subsidiary B Subsidiary C
A B C
Retail Store
Warehouse
Distribution Center
By Location or Role
Virtualized HiveManager
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration • HiveManager Monitoring and Planning • Dashboard and Reporting • Role-Based Administration and Virtual
HiveManager • Guest Management • TeacherView
Agenda
© 2011 Aerohive Networks CONFIDENTIAL
Comprehensive Guest Management
35
§ User Profiles provide differentiated access
– Separate QoS settings – Separate security settings
§ Segmentation of Guest Traffic
– Support for VLANs – Selectively tunnel guest traffic
to a DMZ – TCP/IP Firewall Rules – MAC Firewall Rules
§ Captive Web Portal – Collect User data – Authenticate users – Agree to “Acceptable Use
Policy”
§ Key Functions – Centralized control over guest
accounts – Assign User Profiles to
segment user access § UserManager role to assign
Private Pre-Shared Keys to users
– Included as a licensed application for HiveManager at no additional fee
© 2011 Aerohive Networks CONFIDENTIAL
UserManager – PPSK Administration
36
• User Manager is license-enabled software that is run through a separate administrative interface from HiveManager and is used for issuing, managing, and revoking guest user accounts with Private Pre-Shared Key SSIDs.
• A UserManager Admin or Operator can create temporary user accounts and assign Private Pre-Shared Keys, and distribute them via print out or email
• A user can connect to an SSID using the pre-shared key and requires no additional configuration
UserManager
Contractor
HiveManager with UserManager
Guest
1.
2.
3.
Employee
User Administrator
User Operator
© 2011 Aerohive Networks CONFIDENTIAL
GuestManager – Guest Administration
37
• Central management of guest accounts
• Role based guest management › Contractors can be differentiated from
hourly visitors › Different company employees can
create different levels of accounts
• Works with policy enforcement on the APs to enable different access and backhaul policy
• Offered with an unlimited user license
GuestManager
Contractor
GuestManager 1.0
Guest
1.
2.
3.
Employee
Guest Administrator
Employee
© 2011 Aerohive Networks CONFIDENTIAL
• HiveManager Overview › Product Description › Product Positioning › HiveManager Online › Connectivity Options
• Network Policy Configuration
• HiveManager Monitoring and Planning
• Dashboard and Reporting
• Role-Based Administration and Virtual HiveManager
• Guest Management
• TeacherView (see Student Manager and TeacherView preso)
Agenda