Aruba Networks Inc. announced its Mobility-Defined Networks architecture, an assortment of product and software updates aimed at streamlining and automating the management and performance of mobile devices on wireless LANs.
The Sunnyvale, Calif.-based company's new architecture includes updates to Aruba Operating System (ArubaOS) version 6.4, with improvements to the ClearPass access management system for increased security automation and auto-sign-on capabilities. The architecture also includes an updated next-generation mobility firewall with advanced deep packet inspection (DPI). The company enhanced Aruba AirGroup, extending Apple Airplay-style functionality to non-Apple devices, with support for Digital Living Network Alliance (DLNA) and Universal Plug and Play (UPnP) specifications for screen sharing across all mobile devices. Finally, Aruba introduced an interactive dashboard for monitoring unified communications (UC) applications across the wireless LAN with version 8.0 of its AirWave wireless network management software.
These refinements to Aruba's product portfolio are not about controllers or access points. "It's about making sure the wireless LAN has the capacity necessary to support this explosion of mobile users, devices and applications," said Craig Mathias, principal at the Ashland, Mass.-based advisory firm Farpoint Group.
Aruba BYOD management: Automating and extending security features to mobile users
Aruba's Mobility-Defined Networks architecture is a middle layer of software that can automate what used to be manual mobility management tasks and processes for IT, said Robert Fenstermacher, director of product and solutions marketing for Aruba.
The new feature added to Aruba ClearPass -- the ClearPass Exchange application programming interface (API) -- helps automate additional security features by working with third-party systems. ClearPass Exchange includes APIs and data feeds that allow third-party IT systems from Aruba partners -- including IBM, AirWatch and ServiceNow -- to integrate with ClearPass to give IT the ability to quarantine a device missing its mobile device management profile on the Wi-Fi network, or integrate with helpdesk systems to automatically generate tickets for the security team. "Automation shouldn't operate in a vacuum. It needs to be able to cooperate with third-party applications, and we've opened this up to our partners and customers to build this interoperability on their own," Fenstermacher said.
All-wireless environments are becoming more prevalent, but mobile devices aren't really optimized for a lot of enterprise use cases, he said. "Tasks like printing and screen sharing are a joke today -- it's easy to go into a laptop and enter a password and username, but trying to get into a work app from a smartphone is a pain," he said. Aruba's new auto sign-on capability, enabled by ClearPass and ArubaOS 6.4, uses enterprise Wi-Fi logins to automatically authenticate an employee to a business application, like Salesforce.com.
"Not every organization will allow this single sign-on capability because it is a potential security hole, but for a lot of businesses, it will be very convenient, Farpoint's Mathias said.
Aruba's AirGroup, which now supports DLNA and UPnP devices in addition to Apple's AirPlay and AirPrint protocols, is an upgraded self-provisioning feature that will now allow users to wirelessly share screens and project media regardless of their device. The feature will also allow IT to limit the view of available devices based on the employee's role, location and time of day, the company said.
"When you protect data and devices, it can't be intrusive to the user -- they shouldn't have to jump through hoops to comply with the security controls," Aruba's Fenstermacher said. "It needs to be easier to access work applications on mobile devices."
Aruba is also introducing its next-generation mobility firewall, which will now offer advanced DPI for setting more granular role-based policies for more than 1,500 mobile applications, including applications nested in other applications or applications obscured as Web traffic or by encryption. Enterprises can not only block traffic with the firewall, but restrict or prioritize bandwidth for certain applications.
More on Aruba BYOD management
Network innovation award: Aruba ClearPass access management system
IT wants consolidated mobile device management tools
Four approaches to BYOD security
Brandeis University, an Aruba customer based in Waltham, Mass., is testing the new mobility firewall. Tim Cappalli, wireless engineer for the university, appreciates the granular view it offers for mobile apps. "About 70% of our traffic is now wireless [traffic], so to have DPI on that traffic is huge. … [We can] prioritize faculty traffic during classroom times in academic buildings and flip that [prioritization] over to students at night in their dorms," he said.
The university is also beta-testing AirGroup's DLNA and UPnP support capabilities in some of its conference rooms, and plans to extend the functionality into residence halls and lecture halls this summer. "This capability will allow the student's devices to work like they do at home -- like Chromecast from their phone to their TVs, or [screen sharing] between their iPhones and their desktops," Cappalli said. Faculty will benefit as well, he said. "This will add another great interactive element to the classroom and public spaces for easier student-teacher collaboration."
The AirGroup function will allow the IT team to set policies based on user roles, building or time of day to restrict or allow access to certain devices for the first time, Cappalli said. "A student will be able to see their printer or Xbox from all over campus because they are the owner, but they might not be able to screen-share with the TV in the middle of class."
Increased UC visibility for mobile employees on the wireless LAN
Aruba has updated its AirWave network management platform, now offering a user dashboard specifically for visualizing and controlling UC applications and network performance metrics together over the wireless LAN. The new interface will allow the IT team to deliver UC apps more effectively to mobile employees, said Rohit Mehra, vice president of network infrastructure research at Framingham, Mass.-based IDC.
The dashboard will be able to display office floor plans, with a live view of users color-coded for Wi-Fi performance health and UC application health.
Having better visibility into UC systems -- which are starting to also include the heavily relied-upon private branch exchange -- is a plus from a management perspective, because UC is going to start taking up room on many enterprise wireless LANs. "Managing how Lync performs [on a wired network] is different [from] managing how Lync performs over a distributed, mobile network," Mehra said.