Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
Deployments
ArubaOS 10 is designed to support networks of all sizes and can easily scale to accommodate growing network requirements. It helps streamline operations, device, user, or application policy enforcement, and AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis.-powered troubleshooting and optimization. As part of Aruba’s Edge Edge is a device persona that connects endpoints to the fabric. Services Platform (ESP Encapsulating Security Payload. The ESP protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection).) architecture, Aruba Central along with ArubaOS 10 delivers cloud-native management and control services across wired and Wireless Local Area Network (WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection.), and WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. through a single console. ArubaOS 10 offers a fully cloud managed SD-WAN solution. Organizations can adopt the benefits of SD-WAN capabilities, coupled with identity-based and role-based traffic segmentation, enforced with a built-in firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., and supported by IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network. or IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. and other security functions.
The following ArubaOS 10 architectural diagram displays various components and types of deployments.
Figure 1 ArubaOS 10 Architecture
Campus Deployment
A campus network refers to a proprietary Local Area Network (LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server.) or a set of interconnected LANs serving a corporation, government agency, university, or similar organization. A typical campus network encompasses a set of buildings near many Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard.-connected clients and applications deployed in public, private, and hybrid clouds. A branch network is generally an offshoot of the campus network with a small area of operation.
In campus and branch networks, the WLANs are critical to addressing the challenges of widespread user mobility, client density, and security. The architecture of WLANs has evolved significantly to keep pace with the changing needs of wireless users. However, with digital transformation and applications moving to the cloud, WLANs must rapidly evolve to provide an ideal user experience and operational simplicity to quickly deploy, manage, and monitor networks.
To address some of these business challenges, Aruba offers APs and gateways running ArubaOS 10. You can deploy and manage your WLANs in both campuses and branches from Aruba Central.
Devices running ArubaOS 10 simplify network administration in Aruba Central with automated workflows, end-to-end visibility, AI-powered insights, and analytics to enhance and optimize the wireless experience for users.
The ArubaOS 10 campus architecture consists of the following layers:
- Aruba Central. —The infrastructure layer typically consist of APs, optional gateways, and switches managed by
- Aruba Central, which is a cloud management SaaS platform. —The cloud management layer consists of
Aruba Central offers the following services for managing WLAN devices:
- Onboarding Devices
- Configuring ArubaOS 10 APs in Aruba Central
- Monitoring Access Points in Aruba Central
- Upgrade the Firmware
- Aruba Central Licenses
- Troubleshooting Workflows
SD-Branch Deployment
The Aruba SD-Branch solution, now powered by ArubaOS 10 allows organizations to implement the most cost-effective option at each branch-site location by providing flexible alternatives to traditional private WAN offerings. Traffic can use any available bandwidth to and from each location while maintaining the service level agreements defined by the network administrator. The SD-Branch design provides the following benefits:
-
Combines SD-WAN, wireless, and wired infrastructure with cloud-based orchestration
-
Location-independent network access improves employee and guest productivity
-
Zero-touch provisioning makes the SD-Branch deployment plug-and-play
-
Hard-to-wire locations receive wireless connectivity without costly construction
-
Cloud-based control is easier to configure, manage, and operate
The Aruba SD-Branch architecture consists of the following layers:
-
Connectivity layer—The connectivity layer is the foundation for the SD-Branch architecture. It forms the underlay network between locations in an organization. In a WAN setting, the transport links can be private or public depending on the type of service available at each location. Gateways provide flexible connectivity in a variety of form factors. The gateways perform the LAN integration for the wired and wireless devices and the WAN access for the public and private networks at the branch location. The gateways allow high-speed connectivity to the campus and data center environments. Gateways use advanced routing to direct traffic to and from each location. The switches and access points form the campus network at each location and connect to the gateway for the WAN services. There are different branch sizes, and each of them has a recommended wired and wireless design based on their requirements at the headend location.
-
Policy layer—The policy layer runs over the top of the connectivity layer and allows organizations to securely transport traffic between sites. VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two. tunnels are established between branch and headend gateways to create an SD-WAN overlay network. Headend sites are corporate headquarters, private data centers, or Infrastructure as a service (IaaS) data centers hosted in the cloud, and they include one or more headend gateways. Branch sites are remote locations that include one or more branch gateways. If there is a primary site failure, larger deployments might include more headend sites, providing path diversity and application redundancy. A flexible transport design uses secure policy overlay tunnels to simplify the WAN deployment. The tunnels for public and private WAN connections reduce complexity for your routing and security, regardless of the underlying networks. The tunnels also provide flexibility by allowing an organization to choose different service provider options based on availability and cost for each location, while maintaining a common overlay network.
-
Services layer—The services layer is where the operations team interacts with the network. It provides significant capabilities leveraging AI, ML, and location-based services for network visibility and insights into how the network is performing. Aruba Central leverages common data lake in the cloud. As a result, it can correlate cross-domain events and display multiple dimensions of information in context, unlocking powerful capabilities around automated root cause analysis while providing robust analytics.
Microbranch Deployment
Most WLAN campus deployments typically have some remote branch sites. ArubaOS 10 currently supports deploying a single AP as a Microbranch AP in remote sites such as home offices, small branch offices, retail locations, and so on.
ArubaOS 10 enables Aruba Central to configure and manage APs in these remote sites. The Microbranch AP establishes tunnels with the gateway and encapsulates the client's traffic in GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. over IPsec Internet Protocol security. IPsec is a protocol suite for secure IP communications that authenticates and encrypts each IP packet in a communication session..
For more information on Microbranch Network, see Microbranch Deployment.