Link Search Menu Expand Document
Table of contents

Campus Services Layer

The Services Layer is where the operations team interacts with the Connectivity and Policy layers. It provides significant capabilities leveraging AI, ML and location-based services for network visibility and insights into how the network is performing. By leveraging a unified data lake in the cloud, Aruba ESP correlates cross-domain events and displays multiple dimensions of information in context, unlocking powerful capabilities around automated root-cause analysis while providing robust analytics. The primary homes for Services Layer functionality are Central and ClearPass Policy Manager.

Aruba Central

Central is designed to simplify the deployment, management and optimization of WLAN, LAN, VPN and SD-WAN. This capability allows administrators to eliminate the time-consuming and manual process of moving information from management platform to management platform or trying to correlate troubleshooting information across multiple disconnected views. As the single pane of glass for Aruba ESP, the use of integrated AI-based machine learning, IoT device profiling for security and unified infrastructure management accelerates the edge-to-cloud transformation for today’s intelligent edge.

Central Key Features

  • Cloud-native enterprise campus WLAN software
  • AI Insight for WLAN, switching, and SD-WAN
  • Advanced IPS/IDS threat defense management
  • Mobile application-based network installation
  • Unified management for access and WAN edge
  • Live Chat and an AI-based search engine
  • Cloud, on-premises and as-a-Service options

Central is a cloud-native micro services-based platform that provides the scalability and resiliency needed for mission-critical environments across the distributed edge. Since Central runs in the cloud, it is adaptive, predictable and horizontally scalable with built-in redundancy, unlike an on-premises solution. Central also provides seamless access to ClearPass Device Insights, User eXperience Insights, and Meridian to furnish significant capabilities leveraging AI/ML, and location-based services for network visibility and insights.

ClearPass Policy Manager

ClearPass Policy Manager provides role and device-based secure network access control for IoT, BYOD, corporate devices, as well as employees, contractors and visitors across wired, wireless and VPN infrastructure. With a built-in context-based policy engine, RADIUS, TACACS+, non-RADIUS enforcement using OnConnect, device profiling, posture assessment, onboarding, and visitor access options, ClearPass is unrivaled as a foundation for network security for organizations of any size.

ClearPass also supports secure self-service capabilities, making it easier for end users trying to access the network. Users can securely configure their own devices for enterprise use or Internet access based on admin policy controls. Aruba wireless customers in particular can take advantage of unique integration capabilities such as AirGroup, as well as ClearPass Auto Sign-On (ASO). ASO enables a user’s network authentication to pass automatically to their enterprise mobile apps so they can get right to work.

ClearPass Policy Manager Key Features

  • Role-based, unified network access enforcement across multi-vendor wireless, wired and VPN networks
  • Intuitive policy configuration templates and visibility troubleshooting tools
  • Supports multiple authentication/authorization sources (AD, LDAP, SQL)
  • Self-service device onboarding with built-in certificate authority (CA) for BYOD
  • Visitor access with extensive customization, branding and sponsor-based approvals
  • Integration with key UEM solutions for in-depth device assessments
  • Comprehensive integration with the Aruba 360 Security Exchange Program

ClearPass is the only policy platform that centrally enforces all aspects of enterprise-grade access security for any industry. Granular policy enforcement is based on a user’s role, device type and role, authentication method, UEM attributes, device health, traffic patterns, location, and time-of-day. Deployment scalability supports tens of thousands of devices and authentications which surpasses the capabilities offered by legacy AAA solutions. Options exist for small to large organizations, from centralized to distributed environments.

ClearPass Device Insight

Today’s networks have become increasingly more complex, due in part to the rapid adoption of Internet of Things (IoT) devices which are often difficult to detect and manage. In order to leverage the operational efficiencies of mobile and IoT, many organizations are deploying a wide range of devices, without fully understanding the security and compliance implications.

Aruba ClearPass Device Insight provides a full-spectrum of visibility across the network by intelligently discovering and profiling all connected devices. This includes detailed device attributes such as device type, vendor, hardware version, and behavior including applications and resources accessed. This allows organizations to create more granular access policies, reduce security risks and meet key compliance requirements. As a part of Aruba’s ClearPass family of industry-leading access control solution, ClearPass Device Insight provides the visibility needed to make better informed network access control decisions. Integration with ClearPass Policy Manager delivers comprehensive policy control and real time enforcement. This makes the visibility provided by ClearPass Device Insight actionable and increases the overall level of security and compliance for all devices connected to the network.

User eXperience Insight

Aruba User Experience Insight (UXI) is a cloud-based service assurance solution that validates network health and troubleshoots problems that affect day-to-day user experience. Ideal for campus and branch environments alike, UXI assumes the role of an end-user, evaluating the performance, connectivity, and responsiveness of network infrastructure as well as internal and external services such as corporate ERM or Office365 applications. This outside-in perspective is presented through a simple, intuitive dashboard that provides a proactive way to solve problems before they impact the business. UXI is easy to configure, deploy and manage, and immediately begins providing insights once sites are online.


Aruba Meridian is a cloud-based, software-as-a-service (SaaS) solution that is part of Aruba’s location services portfolio. It includes both mobile engagement and asset tracking capabilities. Customers can start with wayfinding, proximity-based notifications or digital asset tracking and add functionality as needed via simple subscription-based licensing. Meridian’s cloud-based architecture allows organizations and venues like corporate and university campuses, as well as stadiums, airports, museums, hospitals, and retail stores to easily manage their location services needs from anywhere. The inclusion of proximity-based notifications and analytics makes Meridian the industry’s leading full featured location services platform.

Service Capabilities

Some of the key service capabilities of the ESP Campus include Live Upgrade, AI Insights, AI Assist, AirGroup, Air Slice, AirMatch and ClientMatch. The nature of Central as a services platform means capabilities will continue to be added over time without the need for infrastructure upgrades or significant design overhauls for a customer’s environment.

Live Upgrade is an Aruba technology that uses telemetry data obtained from the network to understand how a network can be upgraded with the least amount of impact and then, coordinates that upgrade between clients and hardware to minimize the need for maintenance windows and downtime.

AI Insights is a capability in Central specifically built to quickly identify, categorize, and resolve issues that would impact client onboarding, connectivity and network optimization. These insights provide clear descriptions of the detected issue, visualizations of the data, recommended fixes, and contextual data to determine the overall impact. AI Insights uses ML-based network analytics to deliver recommendations for optimization around mobile workers, wireless and IoT devices. Data from multiple sources including your wireless infrastructure, DHCP and authentication servers are gathered in an onsite data collector.

The data is compressed and sent via a secure tunnel to the AI Insight cloud instance where network connectivity and performance issues are analyzed by leveraging ML-based models using Aruba’s Wi-Fi expertise and the latest cloud technologies. A web-based dashboard allows you to view insights along with root causes, and more importantly, it provides recommendations to fix immediate and foreseeable network performance issues. Aruba 5xx series access points work seamlessly with AI Insights to automatically power down when connectivity demand ceases and power up when demand returns. AI Insights uses predictive analytics and ML to identify usage patterns. After a brief learning period, AI Insights can predict when demand stops and when it starts.

AI Assist is the always-on technical assistant which helps augment the network operations team. AI Assist uses event-driven automation to collect and post relevant data for both the internal help desk and the Aruba Technical Assistant Center. Having all the data available about an issue centralized in one place removes the need for network administrators to use multiple analytical tools. Everything about an event is displayed in context, in single views to help resolve problems very quickly.

AirGroup is an Aruba technology that will aide in mDNS and SSDP style discovery protocols across VLANs. AirGroup will also allow for a personal group of these devices that can be access no matter the location or VLAN the client is on. Several technologies can be used together with AirGroup to scale to a customer’s needs. AirGroup brings Enterprise controls to technologies not designed for the Enterprise.

Air Slice allows for prioritization of client traffic at the radio level on Aruba’s Wi-Fi 6 APs. This technology is transparent to the client, so it has no integration or standards requirements to work with a client unlike older technologies. Air Slice has a tight integration into the DPI firewall capabilities of the AP so Air Slice policies can be created and based off applications instead of ports and IP addresses.

AirMatch provides automated RF optimization by dynamically adapting to the ever-changing RF environment at the network facility. In the ESP solution, the AirMatch service is moved to Central, which is capable of computing and deploying RF allocation to APs across the entire enterprise network. The AirMatch service receives telemetry data from APs for radio measurements, channel range, transmit power range, operational conditions, and local RF events like radar detection or high noise.

ClientMatch is the initial feature that allowed Aruba to be the first networking vendor to offer AI/ML capabilities to their customers. ClientMatch optimizes the client association by continuously scanning the wireless environment and sharing information about the clients and the APs. Based on the dynamic data obtained, clients are steered to the most suitable AP and no software changes are required in the clients to achieve this functionality.

Back to top

© Copyright 2021 Hewlett Packard Enterprise Development LP. The information contained herein is subject to change without notice. The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. Aruba Networks and the Aruba logo are registered trademarks of Aruba Networks, Inc. Third-party trademarks mentioned are the property of their respective owners. To view the end-user software agreement, go to Aruba EULA.