What's New
Important Notes
- For new Aruba Central On-Premises deployments, it is a requisite to use 10 Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. (GbE) interface for optimum performance.
- The nodes of an Aruba Central On-Premises cluster must be deployed in the same data center and same VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. setup. It is a prerequisite to get 10 Gbps Gigabits per second. throughput for intra-cluster communication.
- It is recommended to upgrade all the Aruba Central On-Premises nodes to 512 GB for optimum performance. Starting from this release, 256 GB RAM Random Access Memory. is not supported.
New Features
The following sections provide an overview of the new features that are added to Aruba Central On-Premises in this release.
HPE GreenLake Account Home
The following section lists the features of HPE GreenLake account home:
Accessing Aruba Central On-Premises Account
The Aruba Central On-Premises app Short form for application. It generally refers to the application that is downloaded and used on mobile devices. must now be accessed from HPE GreenLake account home using the Dashboard. For more information, see the Accessing Aruba Central On-Premises.
Features Moved Within Aruba Central On-Premises
The following features are now moved to a different path within Aruba Central On-Premises:
- Assigning newly added devices to groups
Old path: Account Home > Global Settings > Device Inventory
New path: Organization > Network Structure > Device Preprovisioning
For more information, see Device Preprovisioning
- API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. Gateway Gateway is a network node that allows traffic to flow in and out of the network.
Old path: Account Home > Global Settings > API Gateway
New path: Organization > Platform Integration > API Gateway > Rest API
For more information, see API Gateway.
- Streaming API
Old path: Account Home > Global Settings > Webhooks > Streaming
New path: Organization > Platform Integration > API Gateway > Streaming
For more information, see Streaming APIs.
- System Management
Old path: Account Home > Global Settings > System Management
New path: Maintain > System Management
For more information, see System Management
- Webhooks
Old path: Account Home > Global Settings > Webhooks
New path: Organization > Platform Integration > Webhooks
For more information, see Webhook
Device Pre-provisioning
The Device Pre-provisioning feature was earlier available on the Account Home page of Aruba Central On-Premises and it is now moved to the Organization page (Organization > Network Structure > Device Preprovisioning) within Aruba Central On-Premises
For more information, see Device Preprovisioning.
Integration with UXI Sensors
Aruba Central On-Premises supports integration with User Experience Insight (UXI) sensors that enables you to monitor the network health of a specific site from the end user perspective as seen by UXI sensors.
In Aruba Central On-Premises, the UXI sensor monitoring data is available in the Network Health dashboard. To access the dashboard in the app, set the filter to Global. Under Manage, click Overview > Network Health to access the dashboard.
The UXI field in the Network Health card displays the network health of a wireless environment in a site. This information is displayed when there is at least one UXI sensor deployed in the site. Clicking on the UXI field redirects to the UXI Dashboard for further troubleshooting.
For more information about Aruba Central On-Premises integration with UXI sensors, see User Experience Insight Sensors Integration.
Aruba Central On-Premises APIs
This release introduces the following changes to Aruba Central On-Premises APIs:
Following are the APIs introduced:
AOS-S APIs
Following APIs are introduced in the
category:- /configuration/v1/aos_switch/ports/groups/{group_name}
/configuration/v1/aos_switch/ports/devices/{device_serial}
- /configuration/v1/aos_switch/vlans/groups/{group_name}
/configuration/v1/aos_switch/vlans/devices/{device_serial}
:/configuration/v1/aos_switch/ports/groups/{group_name}
/configuration/v1/aos_switch/ports/devices/{device_serial}
- /configuration/v1/aos_switch/vlans/groups/{group_name}
/configuration/v1/aos_switch/vlans/devices/{device_serial}
:
Pre Provisioned Group APIs
The following API is introduced in the
category:/configuration/v1/preassign
:
For more information, see New APIs.
Radius Server User Roles
New user role mappings are now available for radius server users. These new roles cannot be assigned with custom roles, if the role names match with predefined roles. For more information about radius server user roles, see Configuring a RADIUS Authentication and Authorization .
Support for 9240 Mobility Controller
Aruba Central On-Premises supports the Aruba 9240 Mobility Controller in discovery and monitoring. After Aruba Central On-Premises discovers these controllers, you can receive diagnostics, reports, and triggers for these controllers.
For a complete list of supported products, see Aruba Central (on-premises) Supported Devices Guide.
Enhancements
The following sections provide an overview of the enhancements introduced in Aruba Central On-Premises in this release.
Alerts and Events
The following alert and event enhancement is introduced in this release.
Blocking Alert and Events visibility
The Alerts & Events pane is not visible to users who do not have edit or view permission to the Alerts and Events module.
For more information, see Alerts & Events Dashboard.
Central System Alerts
The following five new Central System alerts are added in Aruba Central On-Premises:
- ILO Fans Status
- ILO Network Status
- ILO Power Supply Status
- ILO Storage Status
- ILO Temperature Status
- COP Certificate Expiry Status
- COP Certificate Revocation Status
For more information, see Central System Alerts.
Aruba Central On-Premises UI Access and Permissions
User and role management is now available on HPE GreenLake account home. The administrator must assign appropriate permissions to users and roles, to access the UI User Interface. pages on Aruba Central. For example, the users can view labels and sites if they have the View or Edit permission assigned for label and site management.
Users can configure the features on Aruba Central On-Premises only if they have the Edit permission assigned for the feature. For example, the users can configure labels and sites on Aruba Central only if they have the Edit permission assigned for label and site management configured in HPE GreenLake account home.
The administrator must assign groups to users after assigning the Aruba Central On-Premises role. The users can see the list of allowed groups from HPE GreenLake account home.
If a new group is created on Aruba Central On-Premises and if the all groups option is not selected for the user on the account home, then the administrator must assign that group to the user, and only after that, the group name appears on Aruba Central On-Premises.
For more information about the user roles, see Managing Users and Roles.
Enabling Application Visibility at Client and Site Level for Campus APs
Aruba Central On-Premises supports Application Visibility feature at client or site level for Campus APs. To enable the Application Visibility feature, the firewall Firewall is a network security system used for preventing unauthorized access to or from a private network. visibility sessions telemetry must be grouped based on the same BSSID Basic Service Set Identifier. The BSSID identifies a particular BSS within an area. In infrastructure BSS networks, the BSSID is the MAC address of the AP. In independent BSS or ad hoc networks, the BSSID is generated randomly. and sent to Aruba Central On-Premises server.
For more information, see Enabling Application Visibility at Client and Site Level.
ESSID configuration in WLAN SSID profile
In Aruba Central On-Premises, ESSID Extended Service Set Identifier. ESSID refers to the ID used for identifying an extended service set. field on the WLAN Wireless Local Area Network. WLAN is a 802.11 standards-based LAN that the users access through a wireless connection. SSID Service Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. configuration page allows you to specify the identifier that serves as an identification and address for the device to connect to a wireless router, which can then access the Internet.
For more information, see Configuring Wireless Network Profiles on IAPs.
Integrated Management of Template Variables for AOS-S Stacks
Aruba Central On-Premises introduces integrated management of template variables for an AOS-S stack to keep the variables of all members in sync. All the stack members are automatically synced with the same set of variables when you upload or edit variables using the UI or Aruba Central On-Premises API.
For more information, see Integrated Management of Template Variables for AOS-S Stacks.
Setup NTP
The following enhancements are made to the Setup NTP CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions.:
- All the nodes in a multi-cluster must synchronize to the same NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. server. Run the command NTP/Timezone info to verify if all the nodes are synchronized with the same NTP server. To run the NTP/Timezone info, enter command option 2 from the show configuration menu.
- If Setup NTP is executed after the cluster is configured, then the modified details of NTP server is updated to the cluster. Otherwise, it is updated only to the node.
For more information, see Setup NTP.
Multiple FQDNs
As a part of Aruba Central On-Premises 2.5.5 upgrade, Aruba Central On-Premises now requires multiple FQDNs to be configured for Aruba Central On-Premises cluster.
The FQDNs created must resolve to the same cluster IP address (VIP). The new FQDNs should be in the format mentioned below:
- cluster_fqdn
- central-<cluster_fqdn>
- apigw-<cluster_fqdn>
- ccs-user-api-<cluster_fqdn>
- sso-<cluster_fqdn>
For more information, see Aruba Central On-Premises Installation and Setup Guide.
Certificate Management
The following changes are introduced in this release.
Certificate Revocation Check
Aruba Central On-Premises now validates the revocation status of the client certificates. A certificate revocation check validates a TLS Transport Layer Security. TLS is a cryptographic protocol that provides communication security over the Internet. TLS encrypts the segments of network connections above the Transport Layer by using asymmetric cryptography for key exchange, symmetric encryption for privacy, and message authentication codes for message integrity. or SSL Secure Sockets Layer. SSL is a computer networking protocol for securing connections between network application clients and servers over the Internet. protocol before its scheduled expiration date. A certificate should be revoked immediately when its private key The part of a public-private key pair that is always kept private. The private key encrypts the signature of a message to authenticate the sender. The private key also decrypts a message that was encrypted with the public key of the sender. is compromised or when the domain for which it was issued is no longer operational.
Under
, click > Network Structure tab, and click the tile. In the Certificates page, click the Enable revocation check toggle switch to enable certificate revocation check.For more information, see Certificate Revocation.
Captive Portal Certificates
The Device Certificates accordion is renamed to Captive Portal A captive portal is a web page that allows the users to authenticate and sign in before connecting to a public-access network. Captive portals are typically used by business centers, airports, hotel lobbies, coffee shops, and other venues that offer free Wi-Fi hotspots for the guest users. Certificates in the WebUI.
Under
, click > Network Structure tab, and click the tile. In the Certificates page, expand the Captive Portal Certificates accordion to view and configure captive portal certificates.For more information, see Captive Portal Certificates.
Supported Services for Server Certificates
The Services Supported drop-down list allows you to select the following services that are supported by the server certificate:
- Web UI And API Gateway
- Device
Under
, click > Network Structure tab, and click the tile. In the Certificates page, expand the Appliance Certificates accordion and click + to access the Services Supported parameter under Add Certificate dialog box.For more information, see Appliance Certificates.
Syslog Server
Aruba Central On-Premises now supports TCP Transmission Control Protocol. TCP is a communication protocol that defines the standards for establishing and maintaining network connection for applications to exchange data. and Secure TCP connection types to the Syslog server. When you select Secure TCP as the type of connection to the Syslog server, ensure to upload a CA Certificate Authority or Certification Authority. Entity in a public key infrastructure system that issues certificates to clients. A certificate signing request received by the CA is converted into a certificate when the CA adds a signature generated with a private key. See digital certificate. certificate for the Syslog server in the page.
In addition to alerts, Aruba Central On-Premises now sends audit trail messages as syslog messages to the Syslog server. Aruba Central On-Premises sends the syslog messages to the Syslog server in the Common Event Format (CEF Common Event Format. The CEF is a standard for the interoperability of event or log-generating devices and applications. The standard syntax for CEF includes a prefix and a variable extension formatted as key-value pairs.) format. The CEF format is a log management standard that uses a standardized logging format so that data can easily be collected and aggregated for analysis by an enterprise management system.
For more information, see SysLog Server Details.
Trunk Group Configuration
If your AOS-S switches are running 16.10.0013 or later firmware versions:
- You can remove the untagged VLAN from the trunk group at the group and device levels. At the group level, if you remove untagged VLAN from the devices running the firmware prior to the 16.10.0013 version, an event will be logged in the page stating that the untagged VLAN deletion is not supported.
- You must either configure tagged VLAN or untagged VLAN as a mandatory parameter for the trunk group.
For more information, see Configuring Trunk Groups on AOS-S Switches in UI Groups.
Aruba Central On-Premises APIs
Following are the API changes and enhancements.
Group APIs
The following API is enhanced in the
category:/configuration/v2/groups
:
Pre Provisioned Group APIs
The following API is deprecated in the
category:The location for this API now moved within
. In previous release, It was placed under ./device_management/v1/group/assign
:
User Management APIs
The following APIs are enhanced in the
category:This API endpoint was previously used to modify user roles for 'Customer Management' and 'Portal Customization', along with many other roles. Starting from this release, please use the following API URI Uniform Resource Identifier. URI identifies the name and the location of a resource in a uniform format. (app name is account setting) for 'Customer Management' and 'Portal Customization' role modification:
- /platform/rbac/v1/apps/account_setting/roles
Below is the sample JSON JavaScript Object Notation. JSON is an open-standard, language-independent, lightweight data-interchange format used to transmit data objects consisting of attribute–value pairs. JSON uses a "self-describing" text format that is easy for humans to read and write, and that can be used as a data format by any programming language. to create these two roles:
{ "rolename": "custom_role_1", "permission": "modify", "applications": [ { "permission": "view", "appname": "customer-management" }, { "permission": "view", "appname": "portal-customization" } ] }
and —
For more information, see Modified API and Deprecated API.
RAPIDS
Aruba Central On-Premises now enables manual classification of rogue devices through Security > RAPIDS Rogue Access Point identification and Detection System. An AMP module that is designed to identify and locate wireless threats by making use of all of the information available from your existing infrastructure. > Rogues > Manually Contained. Manual classification enables rogue containment against the selected AP. You can reclassify rogue devices as rogues, neighbors, or manually contained.
For more information, see RAPIDS.
External Services - SNMP Trap Destinations
On the Maintain > System Management > External Services page, you can configure the SMTP Simple Mail Transfer Protocol. SMTP is an Internet standard protocol for electronic mail transmission. server settings, syslog servers, and SNMP Simple Network Management Protocol. SNMP is a TCP/IP standard protocol for managing devices on IP networks. Devices that typically support SNMP include routers, switches, servers, workstations, printers, modem racks, and more. It is used mostly in network management systems to monitor network-attached devices for conditions that warrant administrative attention. traps destination. Along with configuring SNMP traps destination version 2 (v2), Aruba Central On-Premises now supports configuration of SNMP version 3 (v3).
For more information, see Viewing Audit Trail.
Audit Trail
Audit Trail page now shows the total number logs generated for all unsuccessful user login attempts.
For more information, see Viewing Audit Trail.