WHITE PAPER www.brocade.com ENTERPRISE NETWORKS and Aruba Deliver Optimized and Effortless Mobility Two companies combine two innovative architectures to deliver optimized, secure, and effortless mobility.
According to IDC, there will be 1.3 billion mobile workers by 2015 1 which is approximately 37 percent of the world s workforce. These mobile workers are changing expectations about how all workers, managers, and even businesses should operate with mobile workers expecting anywhere, anytime, any device access, organizations expecting new applications deployed in merely days, and executives expecting more services with fewer employees. Yet, according to IDC, 80 percent of IT organizations say that workloads increase with Bring Your Own Device (BYOD) initiatives and that only 33 percent of their networks can meet the performance demand. To help organizations overcome these challenges, is partnering with Aruba Networks to provide a secure, optimized mobile user solution that is effortless to maintain and reduces Total Cost of Ownership (TCO) by 46 percent compared to a comparable Cisco solution. 1 IDC, Worldwide Mobile Worker Population 2011 2015 Forecast, 2012. 2
NEW APPLICATIONS, DEVICES, AND EXPECTATIONS ADD NEW STRESSES Applications and devices continue to increase in sophistication. They provide greater services, a rich multimedia user experience, and increased mobility. But they also place immense pressure on the network a network that was not originally designed to handle these technologies. Applications: Video, Unified Communications (UC), and other sophisticated applications are all having significant impact on user productivity, as well as the campus network. Video: Today, users expect real-time access to streaming video for corporate trainings, remote meetings, and even video calls using FaceTime, Lync, and Skype. This video-ondemand expectation requires the campus network to deliver high bandwidth with low latency and jitter. It also requires constant monitoring to ensure that applications for personal use do not interfere with the bandwidth needed for corporate applications. UC: UC brings all forms of employee communication to a single device a desktop or laptop computer, tablet, ipad, or smartphone delivering real-time collaboration. Human collaboration is dynamic. For example, a low-bandwidth text message can instantly transform into a shared desktop with joint editing of documents, and with a mouse click can expand to a video chat before disappearing again at the end of the collaboration. The campus network has to monitor and prioritize the application that is used and adjust traffic flow dynamically. This includes providing better support for peer-to-peer (that is, East-West) traffic patterns which are now increasingly common with applications such as Microsoft Lync while ensuring consistent security policies to deliver an optimized user experience. New Devices and Expectations: Gartner predicts that by 2016, 78 percent of all enterprises will be embracing BYOD, 38 percent of enterprises will stop providing corporate devices to their employees altogether, while 40 percent will allow a mix of BYOD and corporate-supplied devices. The explosion of smart phones, tablet computers, and ipads sets an expectation that access to the data, applications, and social networks users rely on in their personal lives will be available when they are at work. Bring Your Own Device (BYOD) has a positive impact on IT budgets when users purchase and maintain their own devices, yet it creates concerns about securing access to sensitive corporate data and easily maintaining an optimized and productive mobile user experience. User expectations of high-quality anywhere, anytime access require consistently applied security and application usage policies across both wired and wireless segments and corporate or consumer-owned devices. The impact of these applications and devices on the campus network creates a need for higher bandwidth and lower latency, as well as secure, pervasive, and reliable wireless access. Incremental improvements to networking protocols such as Quality of Service (QoS), rate limiting, and traffic prioritization helps to maintain the quality experience but also adds management complexity that impedes an organization s ability to quickly deploy new applications and rapidly respond to business, organization, or user requests. Friction Points: Business and User Expectations Confront Campus Realities Every network in the enterprise or public sector, whether it is the data center or the campus, must be designed to meet organizational expectations that are balanced with technology choices. This has not been easy, with IT budgets and personnel remaining flat or shrinking, while application sophistication, data, and user devices continue to grow rapidly. And with the increased pace of today s business, executives, organizations, managers, and users are demanding access to new applications and technology in days rather than weeks. 3
To keep pace with these changes, administrators need an intelligent and secure infrastructure that can detect who is connecting, when they are connecting, and the type of applications and device they are using. It then must work seamlessly with the wired and wireless infrastructure to effortlessly and cost-efficiently ensure an optimized user experience (see Figure 1 below). HyperEdge Architecture and MOVE Combine to Make Mobility Optimized and Effortless For organizations to remain competitive, they must be agile able to adapt to changing conditions quickly. Mobility meets that challenge by allowing enterprise users to use sophisticated applications and collaborate with anyone, anywhere, at any time. But user freedom presents two significant burdens on IT. First, the legacy campus network and its rigid Spanning Tree Protocol-based 3-tier design was not designed for mobility. Second, securing mobile devices and ensuring an optimized user experience (especially with usersupplied devices that require disparate platforms and operating systems) becomes a labor-intensive operation. and Aruba have combined two innovative architectures to eliminate these burdens and deliver an effortless, secure, and optimized mobile user experience. HyperEdge Architecture Aruba MOVE Architecture Network Advisor ClearPass AirWave Figure 1. HyperEdge and Aruba MOVE Architectures make optimized and secure mobility effortless. Access/Aggregation Core ICX 6450 MLX ICX 6610 ICX 6450 MLX ICX 6450 ICX 6610 ICX 6450 Controller / Firmware Access Points Workspace 4
HyperEdge Architecture HyperEdge Architecture integrates innovative new wired features, such as Distributed Services with application-aware access management technology from Aruba s MOVE architecture, to secure and optimize mobility with a wired TCO that is 50 percent lower than comparable Cisco solutions. Here s how these unique innovations combine to deliver an unparalleled solution. Mixed Stacking with HyperEdge Distributed Services A significant innovation underpinning the HyperEdge Architecture is Distributed Services. When combined with mixed stacking, administrators have the ability to combine premium and entry-level switches in the same stack, manage all switches as a single virtual switch and, most importantly, extend premium services to all ports in the stack including ports on entry-level switches. This capability provides two distinct advantages: significant per-port cost reduction and long-term investment protection. (See Figure 2.) Layer 2 Advanced L3 GRE VRF IPv6 etc. GRE = Generic Routing Encapsulation VRF = Virtual Routing and Forwarding IPv6 = Internet Protocol version 6 fig02_aruba Mobility Federal Figure 2. Mixed stacking with HyperEdge distributed services. Per-Port Cost Reduction: With premium services available to all switches and ports within a mixed stack, organizations no longer need to buy an entire stack of premium switches to provide these services. Adding just one ICX 6610 Switch to a stack of ICX 6450 Switches reduces the aggregate per-port acquisition costs by nearly 50 percent, as compared to an equivalent stack of Cisco premium switches. For a more detailed cost comparison, go to www.brocade.com/campustco. Long-Term Investment Protection: With mixed stacking enabling HyperEdge Distributed Services, organizations no longer need to rip-and-replace entire stacks of switches to meet new service demands. Using mixed stacking and Distributed Services, organizations can initially deploy a stack of ICX 6450s to inexpensively provide Layer 2 and some Layer 3 services. As the need for more comprehensive advanced Layer 3 services increases, organizations can simply add one ICX 6610 (or two for high availability) to the stack of ICX 6450s, and HyperEdge Distributed Services will extend the premium services to all switches in the stack eliminating the need to replace the entire stack of switches, as is required with competitive switches. 5
Aruba MOVE Architecture Aruba MOVE architecture completes the BYOD and mobility infrastructure solution. MOVE leverages contextual data user roles, device types, application flows, location, and timeof-day and extends this intelligence across the network to devices and applications. Using open-standards methods to work seamlessly with HyperEdge Architecture, the three primary components of the Aruba MOVE architecture (as shown in Figure 3) are as follows: Access Management: This encompasses the ClearPass Access Management System for application, device, and network usage controls, Airwave management for wired, wireless, and remote networks, and Mobility Controllers for flow-based traffic management. Wireless Network Infrastructure: This comprises 802.11ac and 802.11n WLAN Access Points (APs), Remote Access Points (RAPs), and Virtual Intranet Access VPN client software. Mobility Applications Infrastructure: These end-user tools include Aruba Workspace mobile app for BYOD, Aruba APIs for location and analytics applications, and Meridian apps for visitor engagement. Access Devices or Software Aruba Mobility Controller Policy (Firewall, IDS, NAC, etc.) fig03_aruba Mobility Federal Figure 3. Aruba MOVE Architecture. IDS = Intrusion Detection System NAC = Network Access Control Access Management with MOVE Using the ClearPass Access Management System, MOVE combines access policies for wired or wireless networks, devices, and applications into a single policy-definition point. Administrators can centrally define policies, which then work seamlessly with wired and Aruba wireless networks and with multiple vendors Mobile Device Management (MDM) agents, as well as the Aruba WorkSpace mobile app for BYOD. The result is a significant time savings for IT and a dramatic reduction in errors associated with correlating security policies across multiple systems. Enterprises benefit from policies that are consistently applied, no matter where users connect or the devices they use. MOVE also centralizes wired, wireless, and remote network management with the AirWave management system. Regardless of how users connect, AirWave consolidates usage information on all users, devices, and applications into intuitive dashboards and workflows. Additionally, AirWave provides end-to-end and Aruba network infrastructure visibility, monitoring, and management. Whether it is a real-time RF troubleshooting task or historical forensics for regulatory compliance, AirWave addresses critical needs of managing a modern multifaceted, multivendor mobility network. 6
Finally, MOVE makes access management more dynamic with both controller-based and controller-less options. Mobility Controllers and controller-less APs employ a contextaware firewall that can distinguish one traffic flow from another and automatically adjust how traffic is handled based on the mix of users, devices, and applications and their location. Wireless Network Infrastructure The second component of the Aruba MOVE architecture is Aruba s industry-leading WLAN APs, RAPs, and Virtual Intranet Access VPN client software. Aruba s purposebuilt 802.11ac and 802.11n APs work with Aruba s Mobility Controllers and controllerless operating modes, while featuring integrated Adaptive Radio Management (ARM), ClientMatch, AppRF, and airtime fairness technologies. Aruba APs leverage unique application awareness in conjunction with patented algorithms for airtime fairness, which ensures that all devices have equal access to the WLAN. To further maximize client performance, patented ClientMatch technology continually monitors each device s capabilities and WLAN connection and matches it to the best radio on the best AP. In addition, to keep deployment and management costs to a minimum, Aruba APs support zero-touch provisioning with Aruba Activate, which enables APs to get their configurations automatically from a cloud-based provisioning system. No manual intervention is required. Mobility Applications Infrastructure The third cornerstone of the MOVE architecture encompasses an extensive range of enterprise mobility application infrastructures for IT, employees, and guests, including the Workspace mobile app for BYOD and Meridian mobile app for visitor engagement. The Aruba Workspace mobile app empowers employees to personalize their BYOD experience while reducing demands on IT resources. Meridian-powered custom and consumer mobile apps leverage location over Wi-Fi information to deliver indoor GPS services to casinos, hospitals, and large public venues. SDN Promises Even Greater Optimization and Security Leveraging s existing use of OpenFlow v1.3 in our core MLXe platform, the -Aruba mobility solution will soon see even greater levels of control and data flow optimization. With OpenFlow v1.3 integrated into the two architectures, data flow can be further optimized and latency reduced. At the same time, tighter control and automation over QoS settings ensure that the right applications and data get the right priorities. The end result of this integration means organizations and their users will have even higher-quality experiences with little to no increase in the impact on IT. HYPEREDGE AND MOVE ARCHITECTURES DELIVER SECURE AND OPTIMIZED MOBILITY EFFORTLESSLY By combining HyperEdge Architecture and SDN experience with Aruba MOVE architecture and ClearPass security, today s organizations can have an unparalleled mobility solution. With HyperEdge Architecture and its mixed stacking with Distributed Services technology, organizations get premium features without paying a premium price. With Aruba MOVE architecture and the patented ClientMatch technology, which works seamlessly with the wired and Aruba innovative wireless technology, organizations get a secure and optimized mobile user experience. Today, these combined architectures make mobility move effortlessly. In the near future, SDN integration will deliver new levels of effortless optimization, security, and control. For more information about solutions, visit www.brocade.com. 7
WHITE PAPER www.brocade.com Corporate Headquarters San Jose, CA USA T: +1-408-333-8000 info@brocade.com European Headquarters Geneva, Switzerland T: +41-22-799-56-40 emea-info@brocade.com Asia Pacific Headquarters Singapore T: +65-6538-4700 apac-info@brocade.com 2013 Communications Systems, Inc. All Rights Reserved. 11/13 GA-WP-1816-00 ADX, AnyIO,, Assurance, the B-wing symbol, DCX, Fabric OS, ICX, MLX, My, OpenScript, VCS, VDX, and Vyatta are registered trademarks, and HyperEdge, The Effortless Network, and The On-Demand Data Center are trademarks of Communications Systems, Inc., in the United States and/or in other countries. Other brands, products, or service names mentioned may be trademarks of their respective owners. Notice: This document is for informational purposes only and does not set forth any warranty, expressed or implied, concerning any equipment, equipment feature, or service offered or to be offered by. reserves the right to make changes to this document at any time, without notice, and assumes no responsibility for its use. This informational document describes features that may not be currently available. Contact a sales office for information on feature and product availability. Export of technical data contained in this document may require an export license from the United States government.