About ArubaOS 10
ArubaOS 10 (AOS 10) is a distributed network operating system integrated with Aruba Central that manages and controls Aruba Access Points (APs) and Aruba Gateways. With its flexible architecture, network teams can deliver reliable and secure wireless connectivity with a consistent feature set for remote workers, small offices, mid-sized branches, and large campus environments. By being built on Aruba Central, AOS 10 can also leverage the integrated security features, AI operations and single pane of glass management with other Aruba solutions.
With AOS 10, onboarding, configuring, and provisioning APs and gateways is simpler and requires no manual CLI configuration or maintenance windows. Once the AP is plugged in, the device connects and receives its running configuration from the cloud using zero touch provisioning, which allows remote workers and offices to onboard and configure wireless connectivity without any onsite IT support.
AOS 10 deployments are categorized into:
- Campus Network
- Branch Network
- Microbranch Network
A campus network refers to a LAN Local Area Network. A LAN is a network of connected devices within a distinct geographic area such as an office or a commercial establishment and share a common communications line or wireless link to a server. or a set of interconnected LANs serving a corporation, government agency, university, or a similar organization. A typical campus network encompasses a set of buildings in close proximity with a large number of Wi-Fi Wi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard.-connected clients and applications deployed in public, private, and hybrid clouds.
A WLANs Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. are critical to address the challenges of widespread user mobility, client density, and security. A branch network also typically leverages a full stack networking solution combining both LAN and WAN Wide Area Network. WAN is a telecommunications network or computer network that extends over a large geographical distance. in a single box.is generally an offshoot of the campus network with a small area of operation. In campus and branch networks, the
The Aruba SD-Branch solution (now also powered by AOS 10) offers wireless and wired infrastructure, management, and orchestration in the LAN side with the corresponding SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. capabilities on the WAN side; Route and tunnel orchestration, Dynamic Path Steering, Forward Error Correction, SaaS traffic Optimization, SASE Orchestration and so on. The SD-Branch solution extends revolutionary concepts like user-centric security and orchestration to all elements in the branch to deliver a full-stack solution that addresses the business challenges of distributed enterprises.
AOS 10 also supports Microbranch networks where deploying a single AP is required in remote sites such as home offices, small branch offices, retail locations, and so on. The AOS 10 architecture enables Microbranch to combine Wi-Fi and SD-WAN in the same device to extend the WAN to remote workers using a single AP, IT can secure the remote location by applying unified policy-based routing and providing an orchestrated integration with Secure Service Edge providers.
IT gains comprehensive visibility into campus, branch, and remote work environments (SD-Branch and Microbranch) in a combined dashboard to streamline operations and accelerate problem resolution. Remote workers benefit from an office-like experience, accessing the same corporate resources, or plugging into VoIP Voice over IP. VoIP allows transmission of voice and multimedia content over an IP network. devices from home. Route and tunnel orchestration and policy-based routing are combined to deliver the highest levels of performance and availability, ensuring the productivity of remote workforces while maintaining a lean IT footprint.
The AOS 10 architecture consists of two layers:
- —The infrastructure layer consists of a WLAN setup that can be either a campus setup or a branch setup. Either can consist only of APs, or APs combined with gateway clusters.
- Aruba Central which is a cloud management SAAS platform. —The cloud management layer consists of
The following AOS 10 architectural diagram displays the components of the cloud management and infrastructure layers.
Figure 1 AOS 10 Architecture
Aruba Central offers the following services for managing WLAN devices:
- Live Upgrade
AOS 10 WLAN Services include the following capabilities:
- RF Radio Frequency. RF refers to the electromagnetic wave frequencies within a range of 3 kHz to 300 GHz, including the frequencies used for communications or Radar signals. data across the entire network, or a subset of the network, to algorithmically derive configuration changes for every Aruba AP on the network. The APs receive regular updates based on changing environmental conditions, which benefits both IT and the users. AirMatch is the enhanced version of the Adaptive Radio Management (ARM Adaptive Radio Management. ARM dynamically monitors and adjusts the network to ensure that all users are allowed ready access. It enables full utilization of the available spectrum to support maximum number of users by intelligently choosing the best RF channel and transmit power for APs in their current RF environment. ) technology. It is equipped with the new automated channel optimization, transmit power adjustment and channel width tuning system that utilizes dynamic machine learning intelligence to automatically generate the optimal view of the entire WLAN network. —AirMatch analyzes periodic
- band Band refers to a specified range of frequencies of electromagnetic radiation. steering and load balancing of channels, and enhanced reassignment for roaming mobile clients. The ClientMatch service helps to improve the experience of wireless clients. ClientMatch identifies wireless clients that do not get the required level of service from the AP to which they are currently associated and intelligently steers them to an AP radio that can provide better service and thereby improves user experience. ClientMatch periodically checks the health of current association of clients and determines if a sticky steer or band steer should be considered. —ClientMatch continually monitors the RF neighborhood of the client to support the ongoing
- 802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. fast transition and Opportunistic Key Caching (OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. ), to enable seamless roaming with minimal or no disruption to the application traffic such as voice and video. —The Cloud-Assisted Roaming Services feature supports
- AOS 10 form clusters in both homogeneous and heterogeneous modes. The GRE Generic Routing Encapsulation. GRE is an IP encapsulation protocol that is used to transport packets over a network. with optional IPSEC tunnels between the AP and the Gateway cluster is orchestrated by the WLAN Tunnel Orchestration service. Even if one Gateway joins the deployment, an automatic cluster is formed by this service. — Gateways running
The AOS 10, SD-Branch, and Microbranch solution includes the following capabilities:
WAN Tunnel Orchestration— The SD-WAN Orchestrator automates tunnel negotiation, establishment and re- key between the branch and hub sites. This service can be enabled globally or for individual groups in Aruba Central.
Route Orchestration— The SD-WAN Orchestrator automates the redistribution of routing prefixes across the entire SD-WAN network. It allows gateways and microbranches to advertise their subnets Subnet is the logical division of an IP network. as well as to learn the shortest path to any subnet in the network.
- Aruba Central can integrate with cloud security providers to handle the entire life cycle of virtual gateways deployed in public cloud environments. It handles the activities such as discovering the cloud topology, instantiating the VM Virtual Machine. A VM is an emulation of a computer system. VMs are based on computer architectures and provide functionality of a physical computer., licensing the Virtual Gateway in Central, connecting it to the relevant cloud networking elements, monitoring the device health, and providing High Availability (HA) in single VPC or VNET environments. —
- Aruba Dynamic Segmentation automatically applies consistent policies across wired, wireless, and WAN networks to keep traffic for any user or device separate and secure, regardless of the application or service. It also ensures east-west segmentation within a site, or across the entire enterprise. —
- Aruba provides fully integrated security with a stateful, application-aware firewall Firewall is a network security system used for preventing unauthorized access to or from a private network., including Deep Packet Inspection (DPI Deep Packet Inspection. DPI is an advanced method of network packet filtering that is used for inspecting data packets exchanged between the devices and systems over a network. DPI functions at the Application layer of the Open Systems Interconnection (OSI) reference model and enables users to identify, categorize, track, reroute, or stop packets passing through a network. ) combined with application classification and web content filtering (WebCC). Aruba 90xx Series Gateways also optionally supports IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network./IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. for advanced threat detection. —
Rogues and Intrusion Detection—With Rogues and Intrusion Detection, you can quickly identify and act on a rogue or interfering device that can be later considered for investigation, restrictive action, or both. After rogue devices are discovered, Aruba Central sends alerts to your network administrators about the possible threat and provides essential information required to locate and manage the threat.
- Aruba provides Client Insights, a feature that allows network and security administrators to discover, monitor, and automatically classify new and existing clients connecting to a network. Clients are categorized and grouped by categories, such as Internet of Things (IoT Internet of Things. IoT refers to the internetworking of devices that are embedded with electronics, software, sensors, and network connectivity features allowing data exchange over the Internet.) devices, medical devices, printers, smart devices, laptops, VoIP phones, computers, gaming consoles, routers, servers, and switches. Integrating Client Insights with ClearPass ClearPass is an access management system for creating and enforcing policies across a network to all devices and applications. The ClearPass integrated platform includes applications such as Policy Manager, Guest, Onboard, OnGuard, Insight, Profile, QuickConnect, and so on. allows context sharing. Based on this context, policies and roles can also be assigned. —