Last week I had the pleasure of attending Wireless Field Day 4 down in Silicon Valley. There were many great presentations and I will be writing my thoughts on all of them over the next few weeks or so. To get things rolling, I will begin with my thoughts on the Aruba Networks session.
AppRF and The New 7200 Series Controllers
For many of us, this was our first look at AppRF. This is Aruba's technology that allows their solution to categorize applications using application fingerprinting/heuristics instead of by just looking at IP addresses and port numbers. This is something I was looking forward to for quite some time now and I'm glad it has finally almost arrived. What? Did I just say almost? Yes. Yes I did. While AppRF is off to a really good start, it is still a bit behind something like Meraki's L7 Firewall and it is currently missing one key component.
During the demonstration, we were shown how the 7200 controller can quickly and easy breakdown application usage for each user; very cool. This is well and good but there is currently nowhere to actually configure a layer 7 firewall rule. Yes, I can still go and block YouTube by creating a 'Name' destination that resolves youtube.com to an IP but that really isn't a layer 7 firewall, is it? Upon further questioning, I was told that the enforcement capabilities will be in an upcoming code release. To me, AppRF won't really be useful until this occurs.
I promised you some funky math...
During the presentation, a key point was glossed over. It was mention by Aruba that the AppRF functionality, present in the 6.2.x code, would only work on the 3000-series controllers and up. Put another way, if I'm understanding correctly, AppRF will not be supported on the 600-series controllers. I guess this is understandable since AppRF would require a beefier box and the 600 controllers are rather light on muscle. However, this does lead to a few obvious questions:
- Does the introduction of AppRF and 6.2 code spell the demise of the 600 series?
- Is there a possible play to replace 600 deployment with Instant APs and Airwave instead?
I might be attending the AirHeads conference in March so I'll be sure to try and get some clarification then.
Increased Emphasis on Controller-less
Aruba spent a lot of time on controller-less WLAN solutions this time around. In Aruba-speak, this means Aruba Instant. You can view the controller-less session below:
There weren't too many surprises during this part of the session. For me, the main take-aways were:
- Instant is a good fit for distributed deployments.
- Instant APs can create IPSec VPN tunnels but cannot terminate them.
- By using a combination of Instant APs, Controllers, and Aruba Activate a company could build a highly available, highly-customized WLAN across a very distributed deployment.
Overall I thought that Aruba did a good job of introducing most of their solutions (Airwave, Controllers, Instant, Activate) and demonstrating how all of the components can integrate fairly well with one another. I didn't see any mention of AppRF on the Instant side so I am a little worried about feature disparity across solution sets but we'll have to wait and see how this plays out over the coming year.
Aruba really 'did it right' by giving the delegates the chance to log into the management pages of each product during the presentations. Hands-on experience is incredibly valuable and I give kudos to Aruba for making it happen.