NetConductor Solution Components
This section introduces the various components of the solution.
Management Plane
As mentioned above, NetConductor is full stack solution that ties together various parts of the Aruba portfolio. The management plane includes a subset of Aruba Central functionality, which serves as a workflow-based single pane of glass solution for orchestration, management, and visibility of networks. Central includes AI-powered Client Insights for endpoint visibility and granular profiling as well as useful integrations such as Aruba UXI that provide end users with real-time monitoring of network usability.
In most installations, Central is consumed as a service in the Cloud, but an on-premises version known as Central On Premises (COP) is available. COP is an appliance-based model and typically receives new features later than Cloud-based Central, but it can a better choice when security or connectivity requirements preclude use of cloud-based management. Examples include networks that are restricted from connecting to the Internet for security purposes or networks that have intermittent or higher latency Internet connections, such as cruise ships.
Control Plane
The network fabric control plane for the distributed overlay fabric in NetConductor uses standards-based BGP EVPN, including options for Layer 2 and Layer 3 overlays as required. As a result, NetConductor can readily interoperate with solutions from other vendors using additional non-orchestrated configuration. Advantages include consistency in user experience for both wired and wireless users and a high degree of commonality in configurations and protocols between the campus and data center.
Data Plane
For the distributed overlay fabric, standards-based VXLAN encapsulation provides a flexible, scalable network fabric data plane. In addition to supporting distributed L2/L3 overlays, a centralized overlay using User-Based tunnels can be deployed. A variety of single-, multi-fabric, multi-site design options is available to scale the data plane to any deployment size. Both VRF-based macro segmentation and role-based micro segmentation are available to simplify security design and support multi-tenant requirements.
Policy Plane
NetConductor provides a single point of management for creating and configuring consistent policies across the campus, branch and data center. User roles and role-based policies can be propagated and enforced within sites and across sites connected via any transport (P2P, MPLS, SD-WAN, WAN, Internet etc.), including the SD-Branch and EdgeConnect solutions . The solution provides the flexibility to define role-based, application-based, IP- and port-based policies. Role-to-Role based policies usually are enforced at the destination egress port, while other policies can be enforced at the source ingress direction. The policies and roles are IP agnostic and consistent across both wired and wireless deployments and across all sites (location independent).