Legal Disclaimer: The resource assets in this website may include abbreviated and/or legacy terminology for HPE Aruba Networking products. See www.arubanetworks.com for current and complete HPE Aruba Networking product lines and names.
About HPE Aruba Networking Central
HPE Aruba Networking Central is a powerful cloud networking solution that offers simplicity for today’s networks. As the management and orchestration console for ESP Encapsulating Security Payload. The ESP protocol provides data confidentiality (encryption) and authentication (data integrity, data origin authentication, and replay protection). (Edge Edge is a device persona that connects endpoints to the fabric. Services Platform), HPE Aruba Networking Central provides a single point of control to oversee all aspects of wired and wireless LANs, WANs, and VPNs across campus, branch, and remote office locations.
AI Artificial intelligence (AI) is the simulation of human intelligence processes by machines, especially computer systems. AI reduces trouble tickets by identifying the network entity that is facing problems through event correlation and root cause analysis.-powered analytics, end-to-end orchestration and automation, and advanced security features are built into the solution. Live upgrades, robust reporting, and live chat support are also included, bringing more efficiency in day-to-day maintenance activities.
Built on a cloud-native, micro services architecture, HPE Aruba Networking Central delivers on enterprise requirements for scale and resiliency, but is also driven by intuitive workflows and dashboards that make it a perfect fit for SMBs with limited IT personnel. So, whether you have one business location or several, IT can spend less time on managing network infrastructure and more time on creating value for the business.
Key Features
Listed below are some of the key features of HPE Aruba Networking Central:
-
Unified management of wireless, wired, VPN Virtual Private Network. VPN enables secure access to a corporate network when located remotely. It enables a computer to send and receive data across shared or public networks as if it were directly connected to the private network, while benefiting from the functionality, security, and management policies of the private network. This is done by establishing a virtual point-to-point connection through the use of dedicated connections, encryption, or a combination of the two., and SD-WAN Software-Defined Wide Area Network. SD-WAN is an application for applying SDN technology to WAN connections that connect enterprise networks across disparate geographical locations. for simplified operations.
-
AI-based insights for faster troubleshooting and continuous network optimization.
-
Integration with UXI User Experience Insight. The Aruba UXI devices support Wi-Fi Easy Connect and can be deployed and onboarded easily and securely. to proactively monitor and improve the end-user experience.
-
Advanced IDS Intrusion Detection System. IDS monitors a network or systems for malicious activity or policy violations and reports its findings to the management system deployed in the network./IPS Intrusion Prevention System. The IPS monitors a network for malicious activities such as security threats or policy violations. The main function of an IPS is to identify suspicious activity, log the information, attempt to block the activity, and report it. threat defense management.
-
Powerful monitoring and troubleshooting for remote or home office networks.
-
APIs Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. and webhooks for ease of integration with other leading IT platforms.
-
Live Chat and an AI-based search engine for an enhanced support experience.
-
SaaS, on-premises, and managed service options for flexible consumption and financing.
Central Key Terms
Before getting started with configuring, it is important to understand some important configuration concepts and terminology. The following topics are discussed in this section:
-
Cluster Zone—Refers to an deployment area within a specific region. In other words, cluster zones are regional grouping of one or more container instances on which is deployed. Cluster zones allow your deployments to restrict customer data to a specific region and plan time zone specific maintenance windows. Each cluster zone has separate URLs Uniform Resource Locator. URL is a global address used for locating web resources on the Internet. for signing up for , accessing portal, and for allowing devices to communicate with . To view the zone in UI, click the User Settings menu at the bottom of the left navigation pane.
-
Enterprise Mode—Refers to the solution deployment mode in which the customers provision, manage, and maintain their networks end-to-end for their respective organizations or businesses.
-
Managed Services Mode—Refers to the deployment mode in which the service providers, resellers, administrators, and retailers to centrally manage and monitor multiple tenant or end-customer accounts from a single management interface.
-
Evaluation Account—Refers to the account created for evaluating solution and its services.
-
Paid Subscriber—Refers to the customers who have purchased a subscription to obtain access to and its services.
-
Customer ID—Refers to the identity number of your account.
-
Zero Touch Provisioning—Refers to one of the following:Zero Touch Provisioning (ZTP Zero Touch Provisioning. ZTP is a device provisioning mechanism that allows automatic and quick provisioning of devices with a minimal or at times no manual intervention.) of accounts— When you purchase a subscription key and add this subscription key in , queries the Activate database to retrieve the devices mapped to your purchase order and add these devices to the inventory. This process is referred to as zero touch provisioning in .Zero Touch Provisioning of Devices—Most devices support self-provisioning; that is, when you connect a device to a provisioning network, it can automatically download provisioning parameters from the Activate server and connect to their management entity.
-
Onboarding—You can view, manage, and onboard all the devices in your account using the Devices option in HPE GreenLake platform.
-
For more information, see the Devices section in the HPE GreenLake Edge to Cloud Platform User Guide.
-
Device Sync—Refers to the process of synchronizing devices from the Activate database. The device sync operation allows to retrieve devices from Activate and automatically add these devices to the device inventory in .
-
Provisioning—Refers to the process of setting up a device for deploying networks as per the configuration requirements of your organization.
-
Group—Refers to the device configuration container in . You can combine devices with common configuration requirements into a single group and apply the same configuration to all the devices in that group.
-
Site— Refers to the physical locations where devices are installed. Organizing devices per sites allows you to filter your dashboard view per site.
-
Label—Refers to the tags used for logically grouping devices based on various parameters such as ownership, specific areas within a site, departments, and so on.
-
Standard Enterprise mode—Refers to the deployment mode in which customers manage their respective accounts end-to- end. The Standard Enterprise mode is a single-tenant environment for a single end-customer.
-
MSP mode—Refers to the deployment mode in which service providers centrally manage and monitor multiple tenant accounts from a single management interface.
-
Tenant accounts—End-customer accounts created in the mode. Each tenant is an independent instance of .
-
MSP administrator—Refers to owners of the primary account. These users have administrator privileges to provision, manage, and monitor tenant accounts.
-
Tenant users—Refers to the owners of an individual tenant account provisioned in the mode. The administrator can create a tenant account.
-
SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network.). The SSIDs distinguish a wireless network from other networks configured within a WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. boundary. HPE Aruba Networking uses the SSIDs of APs to orchestrate and configure a number of management policies. For more information, see About HPE Aruba Networking Central.
—Wireless networks are identified using a service set identifier ( -
AOS-10 supports automated workflows to set up these SSID profiles. For more information, see About HPE Aruba Networking Central.
—Depending on the type of WLAN setup, the SSIDs are also used to specify the traffic forwarding modes. -
AOS-10 supports a number of authentication methods and each is recommended for a specific deployment type. For more information, see About HPE Aruba Networking Central.
—In creating the SSID profiles in the automated workflows, you must specify an authentication method. -
AOS-10 supports a number of encryption methods and each is recommended for a specific deployment type. For more information, see About HPE Aruba Networking Central.
—In creating the SSID profiles in the automated workflows, you must specify an encryption method. -
802.11r 802.11r is an IEEE standard for enabling seamless BSS transitions in a WLAN. 802.11r standard is also referred to as Fast BSS transition. and Opportunistic Key Caching (OKC Opportunistic Key Caching. OKC is a technique available for authentication between multiple APs in a network where those APs are under common administrative control. Using OKC, a station roaming to any AP in the network will not have to complete a full authentication exchange, but will instead just perform the 4-way handshake to establish transient encryption keys. ) clients, to enable seamless roaming with minimal or no disruption to the application traffic such as voice and video. For more information, see About HPE Aruba Networking Central.
—The Cloud-Assisted Roaming Services feature facilitates fast roaming of - —The Cloud-Assisted Roaming Services feature facilitates fast roaming of 802.11r and Opportunistic Key Caching (OKC) clients, to enable seamless roaming with minimal or no disruption to the application traffic such as voice and video. For more information, see
-
ACL Access Control List. ACL is a common way of restricting certain types of traffic on a physical port.) is a logic that handles stateless inspection of traffic. An ACL is used in many types of implementations including routing policies and user policies. A firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. is a device that performs stateful inspection of traffic (checks for encapsulation) passing through a part of the network and decides whether to allow or deny the traffic. You can configure both ACLs and firewall policies on APs and Gateways. For more information, see About HPE Aruba Networking Central.
—The Access Control List ( -
VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. to define the client’s network privileges, the frequency of re-authentication, and the applicable bandwidth contracts. For more information, see About HPE Aruba Networking Central.
—A client connecting to a WLAN SSID that is broadcast by an AP is assigned a user role or -
HPE Aruba Networking Central supports a number of configuration options that includes UI workflows, templates, and APIs. For more information, see Device Configuration Methods in HPE Aruba Networking Central.
—In order to configure the management layer,
Device Configuration Methods in HPE Aruba Networking Central
HPE Aruba Networking Central offers the following options for configuring devices in your account:
—You can use the Groups feature to create a logical subset of devices. If you have devices that must share common configuration settings, ensure that you assign these devices to the same group. Any new device joining a group inherits the configuration that is already applied on the devices in a group.
—If you have fewer devices that do not have the same configuration requirements, you can apply configuration changes at the device level. In some cases, although the devices are assigned to a group, you may want to have a slightly different configuration on one specific device in a group. In such cases, you can modify the device configuration and apply changes at the device level.
—You can also leverage the configuration templates feature to quickly deploy. To use a template-based configuration method for APs, ensure that you enable the template-based configuration mode when creating AP groups.
—Allow you to configure and monitor devices using NB APIs.
Operational Modes and Interfaces
HPE Aruba Networking offers the following variants of the HPE Aruba Networking Central web interface:
Standard Enterprise Mode
Users can manage their respective accounts using the Standard Enterprise interface. In the Standard Enterprise mode, the customers have complete access to their accounts. They can also provision devices and subscriptions to manage their respective accounts.
The following figure illustrates a typical Standard Enterprise mode deployment.
Figure 1 Standard Enterprise Mode
Managed Service Provider Mode
HPE Aruba Networking Central offers the MSP mode for managed service providers who must manage multiple customer networks. The MSP Managed Service Provider. The Managed Service Provider (MSP) mode is a multi-tenant operational mode that Aruba Central accounts can be converted into, provided these accounts have subscribed to the Aruba Central app. administrators can provision tenant accounts, allocate devices, assign licenses, and monitor tenant accounts and their networks. The administrators can also drill down to a specific tenant account and perform administration and configuration tasks. Tenants can access only their respective accounts, and only those features and application services to which they have subscribed.
The following figure illustrates a typical MSP mode deployment.
Figure 2 Managed Service Provider Mode