Aruba Networks has introduced new access points and a software update to its ArubaOS Mobility Software to enable the deployment of the company's newly announced Mobile Edge architecture. The Mobile Edge architecture securely connects mobile workers to enterprise VoIP and data networks from any location around the globe and solves today's IT challenges around mobility, security, and convergence. The newly announced APs extend the enterprise WLAN to remote locations, creating secure corporate hotspots that follow the user. New capabilities in ArubaOS 2.5 simplify the deployment of remote and branch office networks with unified security solutions for wired and wireless LANs.
"Laptops and other mobile devices moved computing beyond the confines of the corporate office, yet the corporate network has been left behind," said Keerti Melkote, co-founder and vice president of marketing for Aruba Networks. "With Aruba's new Mobile Edge products, the corporate network is able to follow mobile workers wherever they go. The Mobile Edge delivers secure voice and data access and an easy to use, consistent user experience-in the office, at home, and on the road."
Aruba's new products and capabilities include:
- The AP-65, a portable enterprise access point allowing road warriors to create temporary corporate hotspots at any location with an available Internet-connected Ethernet port. The AP-65 provides all the benefits of a secure, centrally-controlled corporate WLAN in a small, easy-to-carry package.
- The AP-41, a low-cost enterprise access point designed for telecommuters and executives to extend the corporate WLAN to their home offices. As with the AP-65, no additional corporate networking devices need to be installed in the home office to deploy the AP-41. A secure corporate hotspot is instantly created in the home simply by plugging the AP into any Ethernet connection on the home network.
- Site-to-site VPN capabilities that enable the use of Aruba mobility controllers in branch offices as the exclusive secure wired/wireless networking system. Branch office mobility controllers, such as the Aruba 800 and Aruba 2400, can connect to Aruba mobility controllers or 3rd Party VPN concentrators at the central site.
- xSec , a new layer 2 (L2) security protocol for securing wired LAN communications. xSec delivers centralised 802.1x authentication and 256-bit AES encryption between wired desktop computers and the mobility controllers without requiring any LAN switch upgrades to 802.1x. This allows enterprises to non-disruptively introduce 802.1x-based security in their wired networks, leaving their existing network infrastructure and design untouched. xSec can also be used to secure wireless LAN communications over legacy access points that do not support WPA2.
- Distributed WLAN capabilities that allow guest traffic to be directly forwarded to the Internet while corporate voice and data traffic can continue to be secured on the central mobility controller. With this development, Aruba APs become the industry's first controlled APs that simultaneously support centralised and distributed WLANs.
- Local bridging capabilities on the 2nd Ethernet port of the AP-70 hybrid wired/wireless access point, allowing small, Internet connected remote office locations to deploy the AP-70 as the unified device for secure wired and wireless connectivity. Printers and other local resources can be accessed without sending the traffic back to the central mobility controller.
"The concept of the mobile edge crystallises how enterprises need to think about network design to enable mobility and realise all of its associated benefits," said Craig Mathias, a Principal with the wireless and mobile advisory firm Farpoint Group. "Aruba has always focused on delivering the convergence of wireless and security. Now, with their new architecture, access points, and software capabilities, they are extending enterprise-class voice and data security to mobile users, no matter where they are located."
New Access Points Easily and Securely Extend the Mobile Edge to the Home and on the Road
The AP-41 is designed to easily and seamlessly establish a secure connection from an employee's home to corporate resources and VoIP services. The AP-41 incorporates a single multi-band radio supporting 802.11a or 802.11b/g bands.
The AP-65 is specifically designed to provide road warriors with a secure mobile hotspot from anywhere they can plug into an Internet connection. The AP-65 features a smaller form factor than any other enterprise-class access point for easy portability. The dual-radio AP-65 provides concurrent operation for both 802.11a and 802.11b/g bands.
Both the AP-41 and the AP-65 deliver all the benefits of a centrally controlled WLAN including capabilities such as rogue AP detection and containment, wireless intrusion protection, and adaptive radio management capabilities. Both APs can simultaneously serve as a wireless access point and an air monitor using Aruba's advanced spectrum scanning algorithms.
New Mobility Capabilities Deliver Enhanced Remote Access
With Aruba's new site-to-site VPN capabilities, remote and branch offices can continuously be connected to headquarters via secure VPN tunnels. By using industry-standard IPSec to establish VPN tunnels, Aruba mobility controllers can connect to other Aruba mobility controllers, or to popular third-party VPN concentrators. This allows Aruba's remote and branch office mobility controllers - the Aruba 800 and the Aruba 2400 - to function wherever an Internet connection is available, and additionally to serve as a single-box platform for branch office networking needs. A single Aruba mobility controller can provide Ethernet switching, IP routing, wireless LAN, VPN, and firewall services, all centrally managed and centrally controlled by IT staff.
With ArubaOS 2.5, all Aruba APs can support distributed WLANs with distributed encryption and forwarding. Aruba can simultaneously support centralised and distributed WLANs on the same AP, allowing enterprises to retain the security of centralised WLANs for corporate voice and data traffic while delivering the flexibility of a distributed WLAN for remote office deployment scenarios. This capability allows enterprises to provision guest access safely at remote locations by directly forwarding guest traffic to the Internet without bringing it back to the corporate location.
For small branch offices without a mobility controller, Aruba extends its pioneering remote AP capability with the addition of local bridging on the 2nd Ethernet port of the AP-70. When plugged into any Internet connection, the remote AP automatically establishes a secure IPSec tunnel back to a central mobility controller at a corporate facility and operates as any other thin AP on the network. Now, with support for local bridging, a printer or other local resources can be accessed without sending the traffic back-and-forth over the Internet connection.
New Layer 2 Security Protocol Enables Non-disruptive Migration to 802.1x in Wired LANs
xSec is a highly-secure link layer (Layer 2) protocol that leverages the advances of the 802.11i WLAN security standard and provides a unified framework for securing wireless and wired access to the network. xSec incorporates authentication based on standard 802.1x along with link-layer encryption using AES. xSec was jointly developed by Aruba Networks and Funk Software. It provides greater security than other Layer 2 encryption technologies through the use of longer keys, FIPS (Federal Information Processing Standard)-validated encryption algorithms (AEC-CBC-256 with HMAC-SHA1), and the encryption of Layer 2 header information. In addition, it provides media independence by operating over any Layer 2 path, wired or wireless. To use xSec in an existing wired network, an administrator need only extend an existing VLAN to an Aruba mobility controller.
xSec provides additional benefits for legacy third-party wireless access points. Many enterprises have older APs deployed that cannot support the latest security standards such as 802.1x, WPA, and WPA2. By placing an Aruba mobility controller behind these legacy access points and deploying xSec on client devices, enterprises can provide modern capabilities to these APs including strong authentication, strong encryption, fast roaming, and identity-based security. xSec clients are available from Funk Software for a variety of operating systems.