Mobile-first Enterprise: Easing the IT Burden



Similar documents
Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

HiveManager Client Management

Aerohive Client Management

Seven Guidelines to Support Standardized Testing

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management

Meraki Wireless Solution Comparison

How To Use An Ipad Wireless Network (Wi Fi) With An Ipa (Wired) And An Ipat (Wired Wireless) Network (Wired Wired) At The Same Time

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable

Meru MobileFLEX Architecture

BYOD Networks for Kommuner

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

Smart Mobility Platform for Retailers

Meru MobileFLEX Architecture

Monitoring & Measuring: Wi-Fi as a Service

How To Unify Your Wireless Architecture Without Limiting Performance or Flexibility

Secure Your Mobile Device Access with Cisco BYOD Solutions

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

The Benefits of Cloud Networking

Mobilize to Rightsize Your Network

Providing a work-your-way solution for diverse users with multiple devices, anytime, anywhere

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

What Is Cisco Mobile Workspace Solution?

Rethink Your Branch Network Strategy

This document describes how the Meraki Cloud Controller system enables the construction of large-scale, cost-effective wireless networks.

NX 9500 INTEGRATED SERVICES PLATFORM FOR THE PRIVATE CLOUD

Aerohive Private PSK. solution brief

BYOD: BRING YOUR OWN DEVICE.

HOLDING ON TO YOUR BANDWIDTH

Introduction to Cloud Networking. Meraki Solution Overview

Cisco Secure BYOD Solution

Meraki: Introduction to Cloud Networking

MERAKI WHITE PAPER Cloud + Wireless LAN = Easier + Affordable

Cisco s BYOD / Mobility

Design and Implementation Guide. Apple iphone Compatibility

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

Network Design Best Practices for Deploying WLAN Switches

Meraki 2015 Solution Brochure

Best practices for WiFi in K-12 schools

When is Cloud-managed WLAN a Good Fit?

When SDN meets Mobility

Relay2 Enterprise Cloud Controller Datasheet

Trends in Wireless Networking for Healthcare Organizations

The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. Get Started Now: to learn more.

Cisco Virtual Office Express

Reasons to Choose the Juniper ON Enterprise Network

Reasons Enterprises. Prefer Juniper Wireless

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

alcatel-lucent converged network solution The cost-effective, application fluent approach to network convergence

The Next Generation Network:

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business.

White Paper: Nasuni Cloud NAS. Nasuni Cloud NAS. Combining the Best of Cloud and On-premises Storage

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

WLAN solutions to manage 1:1 and BYOD in K-12

Cisco Smart Business Communications System: A New Way for Small Business to Communicate

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility

How To Build A Network From Scratch

WHITE PAPER OCTOBER Unified Monitoring. A Business Perspective

Cisco Unified Access Technology Overview: Converged Access

Deploy WiFi Quickly and Easily

Aerohive and Palo Alto Networks. Partner Solution Brief

Is Your Network Ready for the ipad?

ENTERPRISE CONVERGED NETWORK SOLUTION. Deliver a quality user experience, streamline operations and reduce costs

Addressing BYOD Challenges with ForeScout and Motorola Solutions

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

Overview to the Cisco Mobility Services Architecture

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Top 10 Reasons Enterprises are Moving Security to the Cloud

Cisco Meraki solution overview Cisco and/or its affiliates. All rights reserved.

Aerohive and JAMF Software

November Defining the Value of MPLS VPNs

QUALITY OF SERVICE FOR CLOUD-BASED MOBILE APPS: Aruba Networks AP-135 and Cisco AP3602i

Why Migrate to the Cisco Unified Wireless Network?

Cisco Wireless Control System (WCS)

Network Virtualization Network Admission Control Deployment Guide

Cisco TrustSec Solution Overview

VLANs. Application Note

Advantages of Managed Security Services

Public or Private Cloud: The Choice is Yours

Mobile Device Management

Radware ADC-VX Solution. The Agility of Virtual; The Predictability of Physical

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Transcription:

MOBILE FIRST ENTERPRISE 1 White Paper Mobile-first Enterprise: Easing the IT Burden 10 Requirements for Optimizing Your Network for Mobility

2 MOBILE FIRST ENTERPRISE Table of Contents Executive Summary 3 Introduction 3 Rightsizing for the Right Object 3 Rightsizing the Wrong Object 3 Optimize for Mobility The Right Objective for the Mobile First Enterprise 4 10 Requirements for Optimizing your Network for Mobility 5 Is My Organization Mobile First 5 1. Plan Around the User, Not the Network 6 2. Utilize Cloud-Based Management To Increase Visibility and Optimize Application Performance 7 3. Connect Users Properly To Begin Optimizing Around Them 8 4. Implement Proper Authentication and Access even for Guest and BYO devices 9 5. Ensure Security and Enforcement Is At The Edge 9 6. Create a Reliable Mobility Platform 10 7. Ensure the Network can handle the density that comes in with a Mobile- First Enterprise 11 8. Provide Zero-Configuration Services To Users to keep them productive 12 9. Simplify Wireless Problem Remediation to ease IT s burden 13 10. Provide The Same Access Everywhere Without Remote Hands 14 Summary 15 About Aerohive 15

MOBILE FIRST ENTERPRISE 3 Executive Summary What is mobility? It s the freedom and flexibility that Wi-Fi and other wireless technologies provide the modern workforce, students, retailers, healthcare providers etc. in what is rapidly becoming the mobile-first world, where our users are utilizing mobile devices to increase productivity and potential. With mobile devices becoming the gateway to better learning, working, transacting, and care-giving, IT departments have to rethink their network access methods to accommodate the mobile-first world that organizations are demanding. For Wi-Fi, this means increasing capacity, security, and scalability along with many other considerations, before opening up the floodgates. The challenges that face IT can be daunting and decisions made about access to enterprise resources today will affect how efficient and effective the IT organization is for years to come. This paper sets out what it means to be a mobile-first organization and what networks need to accommodate the modern user. It seeks to understand the potential issues IT faces in a mobile-first organization and the advantages of framing the problems properly for long-term success and effectiveness. This paper concludes by providing a roadmap on how to start implementing the ideal access network for a mobile-first enterprise. Introduction Mobile access to applications has become as expected as electricity in a power outlet. When an employee tries to access an application their expectation is that there is a wireless network that they can use and they would only conceive of using a wired connection if there was an actual issue with the wireless network, if their device even has that option of course. It s so ingrained in the human psyche now that lacking a wireless connection and needing to plug-in has moved from the norm to a nuisance. This mental shift is known as mobile-first mentality and it is already driving major corporations to consider mobile-first design principles optimizing architectures and operational efficiency for the mobile user before considering how to support other types of users because, thanks to these trends, it can be assumed that mobile optimization equals business optimization. This realization that employees are thinking mobile-first when accessing their applications leads to the inevitable question: what is the best way to approach architecting the access network so that we optimize the productivity of users without overwhelming the IT staff with too much work? Many within the IT community want to drive to achieve tangible return on investment (ROI), but when approached in the wrong way, organizations may lead to a savings of capital expenditure, but can also leave IT with an onerous operational burden by introducing complexity into basic maintenance tasks. If done correctly, designing for mobile first allows the organization to enjoy greater productivity, improved employee morale, and better customer service, while at the same time reducing IT cost and operational complexity. Rightsizing for the Right Objective The first step with any project, particularly those within IT, is to determine what the ultimate objective of the project is and optimize for that result. Without such predetermined focus, any project will take forever to finish and ultimately waste valuable resources or, worse, achieve a goal that has unintended negative consequences. Rightsizing the wrong objective For the last five years WLAN solutions have allowed enterprises to replace wired connections with wireless connections in a robust fashion. This was absolutely fantastic news to IT departments that wanted to cut costs and maintain a level of customer satisfaction. Leveraging a growing trend of Wi-Fi penetration into handsets and laptops allowed significant savings on wired Ethernet costs. As more wireless access points (APs) were deployed, the access network naturally needed fewer wired Ethernet ports. Since IT no longer needed to

4 MOBILE FIRST ENTERPRISE plan for up to four wired ports per user at a desk, they could plan for only one Ethernet jack per cubical and one for each access point, assuming each AP can cover 10-25 workstations. The cost efficiencies of Wi-Fi connections over wired connections added up to bottom-line savings. Hence the mantra of many became mobilize to reduce costs of setting up offices/classrooms. It was all for good reason, as there was a tangible benefit consolidated switches, less power, less cooling, less support contracts, etc. All of which was and is very true. However, by making the objective of a network redesign completely network-centric reduce switch ports the overall benefit becomes mitigated by designing for the wrong objective. The savings and reduction in network infrastructure has a side benefit of enabling mobility in this case, but one of the primary problems that is ignored is managing a mobile-first workforce in a scalable fashion. Managing a mobile-first workforce means implementing, securing, optimizing network performance for the device, understanding context of the user, and optimizing application performance for that user in order to keep them productive. Simply targeting rightsizing switch port count as the primary objective as opposed to a major benefit of a network redesign project can leave IT with a network design that can make simple, user-centric changes VERY complex to implement. For example, a common solution to the rightsizing objective is an overlay WLAN network architecture that provides Wi-Fi access but requires a central control entity (virtual or hardwarebased controller). However, some of the challenges of an overlay wireless LAN include: Single point of failure the controller or virtual controller represents a single point that must stay alive or risk bringing down the entire wireless infrastructure. Common practice is to deploy redundant hardware, but this is both expensive and adds complexity particularly to remote locations. Network Obscurity - Encrypting packets at the AP and tunneling back to controller effectively removes the ability of other network gear to act to enforce security policy until it is unencrypted by the controller negating any edge security or quality of service (QoS) policy enforcement deployed as part of your architecture. Two parallel access networks by deploying an overlay network, IT now has to deal with two parallel access networks one wired and one wireless. This means two management systems with little ability to correlate problems and streamline remediation as well as inconsistent policy enforcement across wired and wireless connections. Limited IT resources and reduced IT budgets drove people towards rightsizing, but IT administrators have quickly seen a larger problem emerging the additional work of running a wireless overlay network, while saving in the short term, creates too much work when problems can t be solved by standard helpdesk personnel and every problem gets escalated to the wireless expert on staff (if there is one!). Optimize For Mobility The Right Objective for the Mobile First Enterprise Gartner was one of the first to note the inevitability of the mobile-first enterprise and the importance of designing the network access layer for the right objective back in 2012. They recognized the cost savings of rightsizing as a major benefit but understood the IT department did not want an overlay network because wireless was no longer a secondary network. That forced changes in infrastructure thinking at the access layer or they would be saving capital costs but left with having to manage two essentially separate access layers. A more integrated network that would have capital expenditure benefit of rightsizing while ALSO reducing the total cost of ownership is clearly the way enterprises are moving: Limited IT resources, increased mobility and reduced IT budgets are providing catalysts for the buying behavior at the edge of the network. The number of switching ports deployed at the edge of the network is decreasing, as enterprises continue to rightsize their infrastructures, and as growing mobility requirements change the way enterprises look at the edge of the network. During a Gartner survey, 76% of enterprises noted that a single IT resource was used to manage these changes. As a result of these changes, Gartner is

MOBILE FIRST ENTERPRISE 5 seeing the emergence of a single buying decision for wired and wireless connectivity at the edge of the network. 1 IT organizations will reduce the complexity and costs of provisioning and managing network components by eliminating the need for duplicate network applications and consoles. 2 To that end, Gartner has actually stopped recognizing WLAN overlay networks that were not well integrated with a wired infrastructure as a viable long-term solution for enterprises. Instead they began reporting and recommending a unified wired and wireless access infrastructure whose benefit includes reduction of switch ports as well as integrated policy enforcement and management that eases the burden of supporting a mobile-first enterprise. The right objective is designing access for a mobile-first enterprise. By aiming at the right target enterprises can exploit the capital expenditure reduction benefits of wireless as well as vastly simplify the ongoing cost of managing, securing, and supporting the network for mobile users. Plan to deploy a single network management, guest access and authentication network service application for wired and wireless users. 3 10 Requirements for Optimizing your Network for Mobility The first step in any network-planning project, particularly a redesign of the access layer, is to understand your usage scenario. The most important reality that must be understood is the answer to this question: Is My Organization Mobile-First? Answering that question is simple. If your users have an expectation that a wireless network is available for their devices and seemingly get perturbed when asked to plug in their device in order to gain network access, then your organization has users expecting wireless as their primary access and is therefore a mobile-first enterprise. Mobile-first enterprises must optimize their network along multiple vectors: o o o o User-centric, context-based policy that incorporates user identity, time, location, application, and device type The ability to optimize application experience for the user based on context Unified, user-centric policy configuration and enforcement and network management regardless of device or connectivity type The ability to provide full enterprise access anywhere, anytime, on-demand without stressing IT resources (as IT can t be everywhere all the time) The problem with selecting a solution that is not optimized for mobility, such as an overlay WLAN over an existing wired network, is that the performing a task along any one of these vectors becomes a complex and expensive ordeal. Each policy must effectively be duplicated for the wired network and wireless overlay. Further, the two networks must manually be kept in sync and must somehow communicate security and QoS policy between them. An access layer solution that is optimized for mobility performs these tasks with single workflows that base themselves on the user identity, not on the network to which they are attached. This vastly simplifies any task configuration, security checking, performance optimization, fault isolation and remediation, etc. 1 Magic Quadrant for the Wired and Wireless LAN Access Infrastructure - Gartner 13 June 2012 2 / 3 A Unified Access Layer Forces Changes to Infrastructure Thinking at the Edge of the Network - Gartner 20 March 2012

6 MOBILE FIRST ENTERPRISE 1. Plan Around the User, Not the Network Optimizing the network for mobility is the key to servicing a mobile-first enterprise in a fashion that allows your IT resources to scale. This essentially means implementing a network infrastructure that is completely user-centric or takes into account the user context (application, identity, device, location, and time) and optimizes the user experience around that user s needs. Figure 1 - Focusing On Your Users In any enterprise there are many applications that may be in use by mobile users in order for them to properly do their jobs. The very nature of mobility means that you will have to optimize the user s experience based on their context and not simply what network they connect to anymore. How can you restrict a certain user to only use a certain network? How many networks does that actually create? Context-based networking requires thinking about the network design based on how it can optimize application performance and network access around the user and not the network they re connected to. Before doing anything else, understand who is connecting to the network, what device you will allow them to connect with, how long you want them to connect for, and in which location they can connect, answering these questions is fundamental to the success of a mobile-first environment.

MOBILE FIRST ENTERPRISE 7 2. Utilize Cloud-Based Management To Increase Visibility and Optimize Application Performance Designing the network where mobility is inherent in the design philosophy transforms the way IT administrators can visualize, monitor, and manage their access network infrastructure. The unified wired/wireless dashboard in Aerohive s HiveManager provides real-time visibility and deep insight into key dimensions of network visibility and policy enforcement, including applications, users, and clients. The detailed perspectives provide information such as data usage over time, users by SSID, device information, and many other reports that can be further filtered based on identity/role, location, network, or custom-defined business-relevant tags. This provides a single pane of glass view into wired and wireless usage to define who, what, where, and how the network is being used and enables dashboard-based workflows. The dashboard-based workflows include perspectives of an IT administrator s job such as troubleshooting data, configurations data, application performance data, etc. This allows an IT administrator to view the performance of the mobile environment with data correlated to the function being performed and the users identity rather than uncorrelated information overload based on the client device connection type (wired or wireless). Figure 2 - Aerohive provides comprehensive views into applications for optimization for mobile first Once this information can be assessed, then you should do traffic shaping based on context thereby optimizing the network experience for the user. Aerohive s Quality of Service (QoS) supports prioritizing and rate limiting applications, which enables an administrator to prioritize the delivery and user experience for mission critical applications. In addition, QoS can also be used to mark packets leaving the Aerohive devices with standards-based DSCP or 802.1p markings, which means once the application has been identified and prioritized based on the available user context, the outbound markings ensure that it will continue to be prioritized as it traverses the rest of the legacy infrastructure. In effect, this ability means Aerohive increases the overall intelligence and performance of the entire network infrastructure.

8 MOBILE FIRST ENTERPRISE 3. Connect Users Properly To Begin Optimizing Around Them This all begins with considering how users get connected securely to the network in a mobile-first enterprise. There are multiple options for registering a device onto the network, with the device ownership playing a key role in which method is selected. For corporate devices, the administrator can typically utilize Group Policies to provision a device for network connectivity, however for BYO, guest and IoT devices where the administrator may not have the resources, access, or expertise to prepare these devices, the challenge of security vs flexibility arises. For corporate issued or personally owned consumer devices, there are really two major camps when it comes to providing access. On one side, there are many companies who are very successful in deploying agent-based Mobile Device Management solutions to ensure connected devices have the right software, permissions, and security settings before allowing them to connect to the network. These agent-based solutions are very popular with larger companies and education facilities. Figure 3 Example of Self-Provisioned Network Access On the other side of the MDM spectrum is what is called Network-based MDM, where there is no agent to install on the client device, and the network devices are intelligent enough to make policy decisions based on user identity, device type, location, and time. In order to provide a truly comprehensive mobility optimized infrastructure, you must be able to support both agent-based MDM as well as network-based MDM. This allows companies to leverage and control consumer devices in the enterprise, while also supporting users who will not accept the inherent risk to their personal data that comes along with installing an agent-based solution. This means that the network infrastructure at the access layer must be even more intelligent to provide administrators the ability to enforce MDM agent installation or utilize user and device-level classification and access control to ensure secure and productive mobile device use on the network.

MOBILE FIRST ENTERPRISE 9 4. Implement Proper Authentication and Access even for Guest and BYO devices With any mobile-first enterprise, one of the major challenges to ensuring secure access is that mobile devices are expected to easily connect to any type of network even one requiring certificates. A mobility optimized access solution should provide an administrator with many options to aid getting users onto the network easily and securely. One of the most common secure network types is to configure WPA2-Enterprise (802.1X) on your corporate network, which requires at least a username/password combination and acceptance of a server certificate in order to authenticate. For some corporate devices, and especially BYO and guest devices this can be a huge administrative burden and sometimes impossible based on the device support. Figure 4 Traditional PSK vs. Aerohive s Private PSK An additional option unique to Aerohive is the Private Pre-Shared Key feature. This feature is remarkable because it allows an administrator to enforce per-user and per-device permissions and security, but doesn t require any certificate or username/password credentials for the connecting users. An administrator can specify a particular key or group of keys to have defined network permissions, such as assigned VLAN, firewall policy, application optimization, and tunneling permissions, and then he can even tie that key to the first device connected using it to ensure that no additional devices can be connected with the same key. This simple solution provides all the per-device encryption and security normally associated with the more complex 802.1X solutions, but works on all devices that support PSK and requires no certificates. 5. Ensure Security and Enforcement Is At The Edge Policy enforcement in a mobile-first environment is based on the user. The user s identity defines permissions to the network, such as what VLAN the user should be assigned to, the firewall, tunnel, application QoS policies for that user or group of users, and client enforcement features such as SLA settings that can be applied on a per-user basis. Defining how the user profiles are applied is dependent on the type of authentication defined and the client classification rules configured.

10 MOBILE FIRST ENTERPRISE With Aerohive client classification, administrators get several layers of network-based mobile device enforcement, starting with the initial user authentication. This is important because it means identity of the user remains the first variable when further defining permissions based on context such as device type, location, and domain membership. For example, it means you can differentiate between BYO devices, such as ipads owned by your executive staff versus your sales team, and enforce different policies for users not only based on device context but also by identity, rather than just making a blanket policy for all attached ipads. Figure 5 - Context-based Control and Enforcement is User-Centric Not Network Centric With these powerful user policies and built-in stateful firewalls in every Aerohive device, provide enforcement at the edge, where the traffic first enters the network, instead of having to traverse the entire infrastructure before eventually being restricted by a core security appliance. This is extremely secure, and highly flexible allowing the administrator to customize and tailor to their exact needs. 6. Create a Reliable Mobility Platform It is one thing getting your users connected; it is another keeping them connected. Traditional wireless LAN solutions were not designed with the number of devices that we see today in mind, and for many vendors that have yet to fully evolve their architectures to a fully distributed control model, there are consequences for the mobile-first organization. With a heavy reliance on wireless connectivity for the mobile user, loss of connection is almost unthinkable. Loss of connectivity can impact productivity, prevent transactions, restrict communications etc, and therefore appropriate resiliency must be applied to the underpinning infrastructure. A fully distributed control model removes legacy wireless LAN controllers that limit scale, capacity and are an inherent single point of failure, and instead utilizes a topology similar to the Internet or your LAN.

MOBILE FIRST ENTERPRISE 11 Figure 6 - Creating A Fully Resilient Mobility Platform Aerohive access points use co-operative control to communicate client information and to optimize RF configurations. Access points will continually monitor their own and their neighbors environment and make dynamic changes where required. As clients connect to the network, the access points will determine the fastest path to forward data. They will also share client information such as authentication and security policies with neighboring access point s that the client may soon roam to, in order to create a seamless, mobile user experience. If for any reason the best data path for the client becomes unavailable, the access points will determine the next best path for the client, and if the original becomes available once more, then the client will once again be redirected. This exchange of information is an ongoing and dynamic process that exists between the access point s continually updating and aging relevant information as the client moves between access point s, with the infrastructure always making intelligent decisions on behalf of the clients, all without the need for a centralized wireless LAN controller. 7. Ensure the Network can handle the density that comes in with a Mobile-First Enterprise The latest Wi-Fi standards continually unlock new bandwidth potential, however in order to optimize your mobile workforce, it takes more than just raw speed to create a great experience. Throwing more access points at the problem may not be the solution; instead more focus should be placed on how the bandwidth that is available is actively managed. Active bandwidth management ensures that your network is fully optimized, providing both a consistent user experience and an accurate picture of network performance so that your organization truly knows when it is time for an expansion or upgrade.

12 MOBILE FIRST ENTERPRISE Figure 7 Managing Your Bandwidth With Optimization Features Even if all your users connect their devices to the network and sit down in auditorium, Aerohive will easily and efficiently balance the clients across the available access points and ensure no one access point is completely overloaded with attached clients. Furthermore, with comprehensive client and application classification, access points prioritize and restrict available airtime based on the administrators preferences, ensuring that bandwidth is not consumed by inappropriate usage. 8. Provide Zero-Configuration Services To Users to keep them productive Let s assume for a minute a perfect world where all the users are perfectly connected, the network is working like a dream at full performance, and every single user is perfectly happy with his or her ability to connect any device to the network and get the proper permissions defined by the administrator. Even so, supporting mobile users, particularly those with consumer-grade smart phones and tablets, means users will want to actually use their device to connect and interact with network resources and services. Printing and projecting are two common requests that come up almost immediately, which means another necessary requirement for a mobility-optimized solution is a truly service-aware network, where the network aids clients in finding necessary resources without requiring IT intervention. Apple products, and ios in particular, rely on Bonjour Zero Configuration networking in order to find available resources on the network such as printers or Apple TVs attached to projectors. One of the issues with Bonjour is that it is limited to a single broadcast domain (virtual LAN). If an administrator has defined a network policy that separates certain device types from the corporate network using VLANs, this immediately becomes a hurdle to productive network use.

MOBILE FIRST ENTERPRISE 13 Figure 8 - Aerohive uniquely enables Bonjour Gateway both in Aerohive and Multi-vendor networks by using distributed intelligence Aerohive pioneered the Bonjour Gateway to enable users on any VLAN to see and use Bonjourenabled resources available on the network, regardless of where those resources reside on the network. Bonjour Gateway can be configured to allow all services through, or limit the advertisement and discovery of Bonjour resources based on the built-in filtering capability. Using a service-aware solution like this ensures all devices are productive once authenticated on to the network and that services are optimized for the mobile community first. 9. Simplify Wireless Problem Remediation to ease IT s burden A mobile-first enterprise introduces a different set of issues to problem remediation the RF is almost a black art to the non-wireless IT engineer. So the question becomes how to manage and monitor wireless devices with existing in-house expertise. If the devices have trouble accessing resources, the IT administrator often gets a call where the user is complaining about the network even though it could be the device s issue. How can this be quickly isolated is an important aspect of the mobility optimized access solution? Clearly the first step in identifying any problem with attached clients is knowing if there is a problem in the first place. However, while many IT professionals are networking experts, they may not all be radio experts. Translating retransmissions, CRC errors, and selected radio rates may look like Greek to a typical IT administrator. The Aerohive Client Health feature was created to take the guesswork out of monitoring mobile clients. It will determine the best possible transmission speed for an individual client, and then track the statistics and potential issues with that client before displaying a simple scorecard to represent the health of that client. Figure 9 - Without automated remediation and dashboards, RF troubleshooting is a black art

14 MOBILE FIRST ENTERPRISE Just being able to the view what s going on with the clients is certainly useful, but since the real drain on IT will be dealing with any and all issues that do arise with clients on the network, Aerohive has automated remediation and mitigation. This allows an administrator to set up a policy for attached clients, with separate policies defined for corporate-issued clients versus BYO/guest devices, and then if client health drops below marginal status, the Aerohive devices can automatically provide additional resources to the ailing client. This includes features such as band steering the client to another supported radio, load balancing the client to another AP, and even boosting the airtime for slow transmissions and avoided retransmissions for that associated client if for some reason it is unable to hit the configured SLA performance target. This allows an administrator to focus on the rest of the problems in the world instead of worrying about all the potential RF issues. 10. Provide The Same Access Everywhere Without Remote Hands The last piece of optimizating for mobility that truly prepares IT for the transformation to a mobile-first enterprise is ensuring that employees remain productive and connected to essential resources, regardless of where that employee may be at the corporate office, at a branch location, or even at home. Once the administrator has defined the network access policy, configured the available SSIDs and VLANs, and created policies to assign permissions based on identity and device type, that same policy should be extended to any device accessing the corporate network from wherever that device and user are located. The Aerohive Branch on Demand solution leverages the flexibility of the cloud to make it easy to deploy corporate capabilities to employees anywhere, while reducing operational costs. The key lies in a suite of features and functionality designed specifically for remote environments that simplify operations, enforce security policy, reduce costs, and operate virtually maintenance-free. Aerohive branch routers, the key to the Branch on Demand solution, support full Layer 3 IPsec VPN functionality, as well as mobile first networking with wired and wireless support for employee and guest access. The solution was designed from the ground up to provide headquarters-like connectivity from any size location, whether it is a large branch, small retail outlet, or a field telecommuter. Figure 10 - Cloud-based Branch on Demand allows the optimizations to extend to any location automatically

MOBILE FIRST ENTERPRISE 15 Summary Besides extending the corporate network to remotely connected users and devices, Aerohive branch routers support full enterprise-class enforcement for BYOD, including client classification and full stateful firewall. Enterprises today face a very different user than in the past. The vast majority of work and communication is conducted on mobile and wireless devices. Users never even consider using a wired network for accessing resources unless it is as a last resort. This mobile-first mentality has huge implications on the future of IT operations. With the right optimizations, your access layer can be prepared for the transformation to a mobile-first enterprise without causing extreme burden on your existing IT resources. About Aerohive Aerohive (NYSE: HIVE) enables our customers to simply and confidently connect to the information, applications, and insights they need to thrive. Our simple, scalable, and secure platform delivers mobility without limitations. For our over 20,000 end customers worldwide, every access point is a starting point. Aerohive was founded in 2006 and is headquartered in Sunnyvale, CA. For more information, please visit www.aerohive.com, call us at 408-510-6100, follow us on Twitter @Aerohive, subscribe to our blog, join our community or become a fan on our Facebook page. Aerohive is a registered trademark of Aerohive Networks, Inc. All product and company names used herein are trademarks or registered trademarks of their respective owners. All rights reserved. Aerohive Networks, Inc. 330 Gibraltar Drive Sunnyvale, California 94089 USA phone: 408.510.6100 toll-free: 866.918.9918 fax: 408.510.6199 www.aerohive.com info@aerohive.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information