Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Similar documents
Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Rethink Your Branch Network Strategy

BR100 Router Branch Router with built-in n

Aerohive Private PSK. solution brief

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Aerohive Client Management

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Aerohive and JAMF Software

HiveManager Client Management

Branch Router Buyer s Guide

Seven Guidelines to Support Standardized Testing

Smart Mobility Platform for Retailers

Trends in Wireless Networking for Healthcare Organizations

Ubiquitous Wireless Network for Law Firms and Legal Offices

How To Build A Network From Scratch

Cloud Services Platform

Healthcare Solution Brief. Simpli-fi Point of Care Solution Improving patient care with a simple, cost-effective and resilient wireless network

Application Visibility and Control

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable

How To Make A Network Reliable

The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Aerohive and Palo Alto Networks. Partner Solution Brief

Radio Resource Management in HiveOS. solution brief

Wireless LAN Best Practices for Compliant Care

Cloud Services Platform. Security and Availability Controls Overview

Building Secure Wireless LAN. white paper

Connected Store & Restaurant in a Box

A Guide to Modern Wireless LAN Technologies

Optimizing Network and Client Performance Through Dynamic Airtime Scheduling. white paper

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management

Cisco Virtual Office Express

Mobile-first Enterprise: Easing the IT Burden

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

Cisco Virtual Office Flexibility and Productivity for the Remote Workforce

Healthcare Reference Architecture to Support Mobile Access for Point-of-care and Other Critical Applications

MERAKI WHITE PAPER Cloud + Wireless LAN = Easier + Affordable

Executive Summary Introduction: Wi-Fi Earns High Marks in the Classroom Standards: Let s Hear it for n... 4

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Design and Implementation Guide. Apple iphone Compatibility

Meraki Wireless Solution Comparison

November Defining the Value of MPLS VPNs

The Next Generation Network:

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

The Benefits of Cloud Networking

Cisco Smart Business Communications System: A New Way for Small Business to Communicate

2014 Cisco and/or its affiliates. All rights reserved.

Next Generation Access Network Architecture

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Introduction to Cloud Networking. Meraki Solution Overview

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

Cloud-Managed Mobility Platform for Education

Why Migrate to the Cisco Unified Wireless Network?

Break Internet Bandwidth Limits Higher Speed. Extreme Reliability. Reduced Cost.

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

Silver Peak s Virtual Acceleration Open Architecture (VXOA)

Extending Collaboration to BYOD Devices

Best Practices for Outdoor Wireless Security

How To Use An Ipad Wireless Network (Wi Fi) With An Ipa (Wired) And An Ipat (Wired Wireless) Network (Wired Wired) At The Same Time

Aerohive Deployment Guide

Network Design Best Practices for Deploying WLAN Switches

Ethernet Wide Area Networking, Routers or Switches and Making the Right Choice

Cisco Wireless Control System (WCS)

Monitoring & Measuring: Wi-Fi as a Service

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Retail Industry and Mobile Technology

Global Headquarters: 5 Speen Street Framingham, MA USA P F

ION Networks. White Paper

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

Datasheet. Enterprise Gateway Router with Gigabit Ethernet. Models: USG, USG-PRO-4. Advanced Security, Monitoring, and Management

Best-in-Class Connectivity for Distributed Enterprises

How To Unify Your Wireless Architecture Without Limiting Performance or Flexibility

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Zscaler Internet Security Frequently Asked Questions

Protecting Your School s Network While Managing Hundreds of Mobile Devices

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. Get Started Now: to learn more.

CloudLink - The On-Ramp to the Cloud Security, Management and Performance Optimization for Multi-Tenant Private and Public Clouds

Cisco Outdoor Wireless Network Serves Up Automatic Meter Reading

Deploying a Secure Wireless VoIP Solution in Healthcare

EXTENDING THREAT PROTECTION AND CONTROL TO MOBILE WORKERS

AT&T activearc unified IP data solution

Cisco Virtual Office Unified Contact Center Architecture

Cloud Management. Overview. Cloud Managed Networks

Simple security is better security Or: How complexity became the biggest security threat

Huawei esight Brief Product Brochure

Pronto Cloud Controller The Next Generation Control

Cisco Meraki solution overview Cisco and/or its affiliates. All rights reserved.

Solutions Guide. Secure Remote Access. Allied Telesis provides comprehensive solutions for secure remote access.

Fortigate Features & Demo

Top 10 Reasons Enterprises are Moving Security to the Cloud

MOBILE FIRST ENTERPRISE 1. White Paper. BYOD and Beyond. How To Turn BYOD into Productivity

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Lessons in Wireless for K-12 Schools

Ranch Networks for Hosted Data Centers

Cisco Virtual Office: Flexibility and Productivity for Your Workforce

Move over, TMG! Replacing TMG with Sophos UTM

Meraki 2013 Solution Brochure

RAP Installation - Updated

MSP Dashboard. Solution Guide

Secure Enterprise Mobility for Government Teleworkers

Transcription:

Solution Brief Branch on Demand Extending and Securing Access Across the Organization

Extending Access to Corporate Resources Across the Organization As organizations extend corporate capabilities to teleworkers and branch offices, the added infrastructure and complexity can greatly increase costs and the burden on network administrators. This extra infrastructure usually requires support and maintenance in locations that lack IT staff and is difficult to deploy, configure, and secure consistently even by skilled IT teams. The Aerohive Branch on Demand solution makes it easy to deploy corporate capabilities to employees anywhere, while reducing operational costs. The key lies in a suite of features and functionality designed specifically for remote environments that simplify operations, enforce security policy, reduce costs, and operate virtually maintenance-free. Branch On Demand Aerohive s Branch on Demand solution redefines the economics, control, and performance of small branch and teleworker connectivity by leveraging our patentpending Cloud Services Platform to deliver a Headquarters-like network to every user regardless of location. BR100/BR200 Branch Routers with built-in 802.11n Fast, Easy Configuration and Deployment Remote employees are often not tech-savvy, and branch offices usually lack onsite IT staff, so remote wireless solutions have to be straightforward to install and configure. The Aerohive Branch on Demand solution allows anyone to simply plug in an Aerohive branch router, wait a few minutes for provisioning to be completed, and immediately access necessary resources. Cloud VPN Gateway VMWare VPN Gateway Figure 1: Zero Touch auto-provisioning removes any need for technicians onsite or truck rolls. Cloud Services Platform Integrated Cloud-based Services Aerohive eliminates the need for console cables, technical certification, or individual Secure Socket layer (SSL) virtual private network (VPN) clients to be installed on every connecting device. Pre-configuration is unnecessary, because the highly intelligent Aerohive Cloud redirects every Aerohive device to its world- 2 Copyright 2012, Aerohive Networks, Inc.

class HiveManager management platform, regardless of whether HiveManager resides in the Aerohive Cloud or on the local premises. Administrators simply: Create a configuration, which includes automatic IP address allocation (Figure 2) Provide parameters for branch routers to acquire the configuration Wait for remote users to plug in devices Figure 2: Automatic IP Address Management for the entire network of branch offices Once a device comes online, HiveManager automatically pushes the configuration to it and the remote site is up and running without requiring any administrator intervention. Centralized Management and Visibility When you deploy thousands of remote devices, they have to be easy to manage, maintain, and monitor. Typical remote solutions require multiple consoles for managing remote connectivity, security, and troubleshooting. However, HiveManager provides a centralized interface that enables administrators to easily configure any number of Aerohive access points and branch office devices. An administrator can manage thousands of devices as easily as a single one. HiveManager provides everything from integrated IP Address Management to autoprovisioning and consistent policy deployment across all Aerohive devices. With Aerohive Branch on Demand solutions, administrators have ultimate control over access to resources. They can define which users and devices can access a branch router, as well as provide access to specific local and remote resources for each connected user. The Aerohive branch routers support wired and wireless access with secure authentication, including 802.1X, captive web portal, and Aerohive Private Pre-Shared Key. Administrators can configure customized access based on identity to apply firewall policies, VLAN assignments, tunnel permissions, and Quality of Service (QoS) to users or devices. Optimized Application Performance The Aerohive architecture distributes all data forwarding and control mechanisms out to the Aerohive APs or routers at no additional cost eliminating the cost of deploying additional Copyright 2012, Aerohive Networks, Inc. 3

equipment, such as a WLAN controller, at each site, and minimizing bottlenecks that can occur when such equipment is used across a WAN link. Network security and performanceenhancement services, such as real-time packet prioritization, WLAN airtime fairness, and policybased QoS are also distributed to individual Aerohive devices to minimize latency. Consistent Security and Compliance Consistent, reliable security is a requirement for large-scale distributed networks. However, traditional enterprise branch routers and security licenses are too expensive for small offices or individual teleworkers, and a software client becomes cumbersome when multiple devices are required per user or if corporate voice connectivity and Quality of Service are needed. Aerohive s patent-pending Private Pre-Shared Key (PSK) system generates and manages separate pre-shared keys for every WLAN client. This enables multiple users, each with a unique key, to access the same WLAN, providing one-to-one authentication and strong encryption. Clients cannot eavesdrop on each other in a Private PSK system, and network access can be revoked on a per-client basis. Aerohive Branch on Demand solutions use a patented N-Way Cloud Proxy feature to provide enterprise-class security at an affordable price point. With Cloud Proxy, an administrator can use a cloud-based security service, such as Websense or Barracuda Online, and route all remote web traffic through the service before sending it to its final destination. HiveManager also delivers high visibility through extensive logs and compliance reports. Unified Wired and Wireless Policy Branch deployments need policy for users and all types of devices with the assurance of access regardless of access medium. With HiveManager, an administrator can create customized access policies, based on identity and device type, which in turn can assign firewall, tunneling, network, and queuing permissions to any user/device regardless of the user s location or access medium. HiveManager also provides complete visibility for: Users and devices connected to any Aerohive network device Permissions assigned to each user/device Historical device reporting, even if it moves between wired and wireless access environments Teleworker Environments Teleworking continues to grow in popularity as enterprises use it to reduce capital and operations costs associated with offices, parking structures, and other facilities. Teleworking also helps organizations achieve their sustainability goals and provides a cost-effective benefit that helps recruit and retain top talent. In fact, Robert Half International found that of 1,400 CFOs surveyed about the popularity of teleworking in their corporations, 46 percent said that teleworking is second only to salary as the best way to attract top talent and 33 percent said it is the top draw! 4 Copyright 2012, Aerohive Networks, Inc.

Successful teleworking deployments deliver consistent, persistent access to the same resources that workers would use at the corporate office. This includes voice, teleconferencing, secure Internet connectivity, and cloud-based services or applications, such as salesforce.com. The Aerohive Branch on Demand solution provides standards-based IP Security (IPsec) VPN functionality to access corporate resources, as well as patent-pending Aerohive Cloud Proxy (N- Way Split Tunneling) to ensure the integrity of web traffic by integrating with cloud-based security vendors, such as Websense and Barracuda. Aerohive has seamlessly integrated remote routing functionality into its industry-leading, cloudenabled networking architecture to provide easy-to-manage, secure, and reliable connections to teleworkers. Figure 3: A typical installation of the Aerohive Branch on Demand teleworker solution In this example, HiveManager provides easy configuration, monitoring, and troubleshooting for teleworker devices. The BR100 router discovers HiveManager using configured options or by querying the Aerohive Cloud for its assigned HiveManager, regardless of whether that HiveManager is in the cloud or on a customer premises. Aerohive has also introduced the Cloud VPN Gateway, a VMware-based appliance that terminates IPsec tunnels from Aerohive branch router devices. The Cloud VPN Gateway can scale based on the hardware dedicated to the VMware server and does not rely on HiveManager for connectivity. This teleworker scenario configures the BR100 branch router with multiple SSIDs. For example, one SSID is used for employee access using 802.1X and another SSID is for guest access using a preshared key. Four 10/100 Ethernet ports are also configurable to share a consistent VLAN with an SSID, or provide distinct access to the available networks, and can be protected using 802.1X, Captive Web Portal, or MAC authentication. Traffic from authenticated employees can be routed across the VPN tunnel, as well as assigned to a priority QoS queue, separate from associated guest traffic. An administrator can configure the BR100 branch router to separate web traffic not destined for the VPN tunnel and send it through the Aerohive Cloud Proxy service to a remote security service. A wireless Service Level Agreement (SLA) can be configured to ensure that wireless access performance meets a Copyright 2012, Aerohive Networks, Inc. 5

sufficient standard for remote application access, and to automatically boost airtime for a user if the SLA is not met. Branch Offices Traditional branch-office VPN solutions generally add cost, complexity, and confusion to each location. Although branch offices represent about 20 percent of IT infrastructure, they often require 80 percent of IT s maintenance resources. Software solutions are less expensive, but quickly become unmanageable or inadequate when multiple devices or devices that cannot support VPN clients want to connect. Through the cloud, the Branch on Demand solution simplifies provisioning, management, monitoring, and troubleshooting for branch office deployments, even without technical resources onsite. Enterprises can achieve significant CAPEX and OPEX savings while maintaining visibility into remote networks, meeting security objectives and compliance standards, and increasing productivity. Figure 4: A typical Aerohive Branch on Demand branch office implementation In branch deployments, reliable access to the central office, as well as secure Internet access for online applications and resources, is paramount. The Branch on Demand solution uses the Aerohive redirector to quickly and securely discover the HiveManager, regardless of whether HiveManager is online or at a customer premises. Many branch offices, especially those subject to stringent compliance requirements like retail stores, will want to secure the Aerohive branch router in a wiring closet while still providing wireless access to the rest of the property. Aerohive makes it easy to extend wireless access by 6 Copyright 2012, Aerohive Networks, Inc.

allowing an administrator to connect Aerohive APs through wireless mesh or wired Ethernet connections to branch routers. Administrators can configure APs to support multiple virtual LANS (VLANs) and user profiles, and can deploy a single policy to the entire location. This approach allows users to connect to any available AP and receive the correct permissions, based on their identity or device type. User traffic can be routed across the VPN tunnel or to the Internet based on classic routing and firewall permissions. The Branch on Demand software also can separate trusted web traffic that should go directly to the Internet, and the Aerohive Cloud Proxy can allow an administrator to force all other web traffic to traverse an online security service. Because all Aerohive devices support the same HiveOS network operating system, the BR100/BR200 integrate seamlessly with additional Aerohive access points in the network. Cooperative Control allows branch routers and access points to share user identity and device information across an entire hive of Aerohive products, and users will roam securely between devices and maintain permissions based on their identity and device type. Secure access for guests can be separated from corporate traffic and assigned to different network, quality of service (QoS), time-of-day access schedules, firewall policies, and web security settings, along with many other Aerohive features. For More Information Aerohive Branch on Demand solutions now make it easier and more cost-effective to implement wireless access to corporate resources everywhere from the home office to branch offices and teleworkers. For more information about the Branch on Demand solution, visit http://www.aerohive.com/solutions/applications/enterprise.html. Copyright 2012, Aerohive Networks, Inc. 7

About Aerohive Aerohive Networks reduces the cost and complexity of today s networks with cloud-enabled, distributed Wi-Fi and routing solutions for enterprises and medium sized companies including branch offices and teleworkers. Aerohive s award-winning cooperative control Wi-Fi architecture, public or private cloud-enabled network management, routing and VPN solutions eliminate costly controllers and single points of failure. This gives its customers mission critical reliability with granular security and policy enforcement and the ability to start small and expand without limitations. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. The company s investors include Kleiner Perkins Caufield & Byers, Lightspeed Venture Partners, Northern Light Venture Capital and New Enterprise Associates, Inc. (NEA). Corporate Headquarters EMEA Headquarters Aerohive Networks, Inc. Aerohive Networks Europe LTD 330 Gibraltar Drive Sequel House Sunnyvale, California 94089 USA The Hart Phone: 408.510.6100 Surrey, UK GU9 7HW Toll Free: 1.866.918.9918 +44 (0)1252 736590 Fax: 408.510.6199 Fax: +44 (0)1252711901 info@aerohive.com www.aerohive.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information