aerohive proposal overview

Aerohive Proposal Overview

08 Fall

Copyright ©2015, Aerohive Networks, Inc 2

Aerohive Networks Proposal

Table of Contents Table of Contents ............................................................................................................................2 Wireless LAN in the Education Sector ...........................................................................................3 Aerohive in the Education Sector .................................................................................................4 About Aerohive ................................................................................................................................5 Aerohive References .................................................................................................................... 10 Technology Behind the Solution ................................................................................................. 12

Cooperative Control® Architecture ............................................................................................. 13 Aerohive Cloud-enabled Networking ....................................................................................... 14 Aerohive Access Points ................................................................................................................ 16 HiveManager ................................................................................................................................. 17 Features and Functionality .......................................................................................................... 18

Simplicity ........................................................................................................................................... 18 Green by design .............................................................................................................................. 19 Performance .................................................................................................................................... 20 Client Health Score.......................................................................................................................... 20 High Availability and Mesh Resiliency ........................................................................................... 22 Troubleshooting................................................................................................................................ 25 Security .............................................................................................................................................. 27



Wireless LAN in the Education Sector

On-line multimedia and interactive educational applications are invading the classroom and prompting schools to take a fresh look at what’s possible with the latest in wireless LAN (WLAN) technology. Schools can now deploy innovative 802.11n and 802.11ac enterprise-class Wi-Fi technology while overcoming traditional challenges such as shrinking budgets, high network management costs, and nagging performance and reliability troubles. The introduction of 802.11ac, combined with schools’ need to accommodate the mobile nature of computers and high-speed multimedia network streams, are the key drivers behind a resurgence of interest in deploying Wi-Fi of a higher caliber in primary and secondary education institutions. Drivers for wireless in Education

x 1:1 computing programs x Fixing or replacing cart solutions x Guest and dormitory connectivity x Online testing x Temporary networks & portable classrooms x Textbook costs – anything that can be done to reduce this x Eliminating the “Digital Divide”

Historic issues for wireless in education

Performance & reliability x Many schools still use low speed 802.11 g wireless devices x Wi-Fi issues disrupt classes or online testing

Coverage x Usually deployed with insufficient coverage or capacity x Difficulty with hard-to-wire locations and portable classrooms

Capacity

x Difficult to cope with 30 users logging on to a single AP at one time x Challenging to provide better performance to staff over students

Ease of Management x Solutions typically lack central, policy-based or identity based management x School IT departments are small & can’t afford the luxury of being Wi-Fi specialists

Cost x High operational cost – due to performance, reliability and management issues x Existing deployment are ill suited to scale to coverage across the school or district



Aerohive in the Education Sector Mobile devices and applications have become more and more prominent in the classroom, as BYOD and 1-1 initiatives have enabled students to bring their smartphones, tablets, and laptops to school for educational use. Aerohive Networks securely harnesses these trends and technologies, and redefines how users connect to the enterprise by reducing the cost and complexity of distributed campus and school deployments with cloud-enabled Wi-Fi, routing, and switching solutions designed to go anywhere your users may be – district offices, schools, or at home. Aerohive’s award-winning cooperative control architecture, public or private cloud platform, and easy-to-deploy routing and VPN solutions eliminate costly hardware appliances and deliver “business-grade” wireless networks that are centrally managed and offer sophisticated security – and more – so that schools can take educational technology to the next level. Aerohive’s distributed, scalable architecture is optimized to boost parent-teacher communication, campus-wide safety, deliver unique classroom monitoring capabilities, ease the use of mobile devices in schools, all the while easily addressing temporary classroom connectivity requirements

Feature Benefit(s)

x Teacher View and Student Manager Classroom Monitoring Applications

x Improves classroom efficiency by giving teachers simple tools to control classroom Wi-Fi access

x Centralized Management (throughout a building or across campuses from a single console or online service)

x Offers easy-to-use management for streamlining operations and reducing operating expenses

x Fully Distributed Processing, Data Forwarding, and Control Architecture

x Results in higher network performance – no controller bottlenecks and no dependence on a vulnerable WAN connection to a remote controller

x Secure Guest Access with Integrated Captive Web Portal

x Provides secure connectivity for parents and other temporary users

x Fast, Secure Roaming and Identity-based Security (enforced in every access point as a user connects)

x Offers mobility while maintaining compliance with the network security aspects of privacy mandates

x Provides enhanced security beyond 802.11's inherent authentication and over-the-air encryption- including integrated firewall, WIPS, VPN, RADIUS, and Active Directory support

x Mesh Technology for AP-to-AP Direct Communications

x Ensures highest levels of network availability and resiliency, as network "self- heals" around any failure points

x Enables ability to wirelessly connect to



portable classrooms and field houses

x Simple Pricing Model and No Feature Licensing

x Grows with your needs - linear costs x Improves budget control with the ability

to "pay as you grow" x Eliminates budget "surprises" as you

need additional features (i.e. QoS, VPN, mesh)

About Aerohive Introduction Aerohive is an innovative enterprise mobility company. Our solutions enable education institutions to leverage the power of mobility to increase productivity, engage students and increase productivity. Our mobility platform utilizes the cloud and a distributed architecture to deliver scalable, simple, secure and smarter networks that can be cost-effectively deployed. The scalability and flexibility of our platform makes enterprise mobility available to organizations regardless of their level of IT resources and enables a consistent network architecture to be deployed across organizations of all sizes.

The Aerohive Story OUR WHY Our goal is to help people and organizations realize their full potential. An increase in mobility is an increase in collaboration, creativity and productivity. OUR HOW By making it easier and safer for organizations to connect people to the information and applications that make them successful. OUR WHAT Every access point is a starting point. Our platform enables organizations to do more and to see more. It is the platform scalable enough to fit any design and any dream.

Mobility has become too complicated for many organizations and to address this Aerohive has focused on simplifying enterprise mobility with our cloud-managed, unified mobility platform and built out a broad, integrated platform that includes:

http://vimeo.com/aerohive/the-aerohive-story



x A complete, mobility-centric network access infrastructure including Controller-less Wi-Fi, access switches, branch routers, and client management agents

x Cloud-based management that dramatically simplifies IT operations x Mobility applications that capture important contextual end-user data from our mobility platform and

provide new business insights and analytic capabilities Aerohive’s enterprise mobility platform has delivered a compelling, proven solution as confirmed by over 22,000 end-customers around the world. In 2014 and 2015, Aerohive was positioned as a “Visionary” in the Wired and Wireless LAN Access Infrastructure Magic Quadrant and Gartner lists Aerohive as the leading independent wireless vendor. Aerohive scored the third in Gartner’s Critical Capabilities for Wired and Wireless LAN Access infrastructure Category and was recognized by Deloitte as the fastest growing Communications/Networking Company and the forty-seventh fastest growing technology company in North America.

Aerohive is able to achieve this vision by delivering:

Productive Mobility x Distributed intelligence for enhanced visibility and control of wireless clients x Mission-critical reliability without bottlenecks or single points of failure x Survivable, self organizing / self healing network OS x Granular policy enforcement to secure and control consumer devices that

connect to the enterprise network x Education Sector specific features and applications such as Teacher View and Hive

School

Cloud-enabled Networking x Leveraging the scale, availability and economies of the cloud to minimize network

provisioning complexity and operational cost x Reduce capital expense with “Software as a Service” management options x Providing enhanced support to local IT resources with anytime, anywhere remote

access capabilities x Creates a linear cost exercise as your wireless network grows

CUSTOMER Testimonials

http://www.aerohive.com/company/press-releases/aerohive-networks-positioned-visionaries-quadrant-wired-and-wireless-lan

http://www.aerohive.com/company/press-releases/aerohive-networks-positioned-visionaries-quadrant-wired-and-wireless-lan

http://www.aerohive.com/company/press-releases/aerohive-networks-recognized-by-deloitte

http://www.aerohive.com/company/press-releases/aerohive-networks-recognized-by-deloitte



Aerohive Networks has more than 22,000 customers as of 1H 2015.

Our customers come from all the industry segments, including education, retail, finance,

manufacturing, healthcare and others.



Customer testimonials:

Jeff Davis County Schools “We took our time to thoroughly research our wireless network solution, to think one step beyond what was needed and required. While many companies have Wi-Fi that works, Aerohive comes through strong in performance and density, but it’s what comes after the sale that matters most. Aerohive’s support and understanding of our educational endeavors have been invaluable to our District.” Dr. Keith Osburn Director of Technology and Special Programs Baltimore County Public Schools “With Aerohive, we established a mobile foundation for our teachers, and we have already seen such a positive impact at our schools. Students are more engaged in learning with fewer discipline problems, and teachers feel empowered to engage in blended learning, with greater mobility, flexibility and creativity.” Gregory Vukov Director of Network Support Services at BCPS Avondale Elementary School District No. “While our district has been using technology for 15-20 years in computer labs, the real revolution has been to put technology in the hands of students, inviting teachers and students to engage in new ways and to integrate digital curriculum. In order to get buy-in from our teachers for this new classroom model, we absolutely must provide a stable wireless infrastructure, and we’re pleased that Aerohive has helped us reach this goal.” - Mark Gresko Director of Technology, Avondale Elementary School District No. 44



Additional Aerohive References

Baltimore County Public Schools Selects Aerohive to Enable Award-Winning Education Technology Innovation

Baltimore County Public Schools (BCPS) is the third largest school district in the state of Maryland, and ranks 25th largest in the nation, providing education to approximately 110,000 students. The District manages a budget of $1.6 billion across its 174 schools and employs more than 18,000 teachers and staff.

At the helm of BCPS is Superintendent Dr. S. Dallas Dance, who has provided assertive leadership for blended learning environments, creating the program S.T.A.T – Students and Teachers Accessing Tomorrow – that will equip all students and teachers with digital devices for personalized learning and a digitally enhanced curriculum by 2016. In addition, Dr. Dance was recently appointed to the Board of Directors for the International Society for Technology in Education, recognized as one of eight eSchool News Tech-Savvy Superintendents, and named by President Obama as one of 10 national ‘Connected Educator Champions of Change’.

Challenges

x Provide enterprise Wi-Fi access to 110,000 students across more than 170 schools x Upgrade existing infrastructure to pave the way for Wi-Fi, often in buildings with complex physical

constraints x Enable a seamless experience for teachers, staff and students during network upgrade and rollout x Acquire a wireless solution capable of scaling for future aggressive technology plans

Results

x Secure and robust Wi-Fi deployed across entire district without disruption to teachers and staff x Comprehensive wireless access unleashes creativity in classroom, reduces behavior problems, and

empowers students and teachers x Support from Aerohive surpasses expectations and helps meet mobile learning objectives x Centralized network management allows BCPS to easily make changes, manage and control the

network across all schools and facilities

Aside from instruction, the District also uses wireless technology for building automation systems, controlling HVAC and lighting systems in key building spaces such as auditoriums.

For all of our education sector case studies, including comprehensive information on the case studies discussed in this proposal, please use the following link

http://www.aerohive.com/solutions/solutions-industry/education

http://www.aerohive.com/solutions/solutions-industry/education



Aerohive Awards and Recognitions



Technology behind the Solution

Schools shouldn’t have to ‘make-do-and-mend’ with their wireless infrastructures; neither should they have to invest over the ‘odds on’ systems just to make them deliver what they need. Seamless mobility, straightforward management, cost-effective deployment, and low-cost upgrades and operational excellence, are critical attributes for wireless networks that organizations can depend upon.

Figure 1 – Aerohive Architecture Overview



To address the challenges of the wireless industry today and provide the education sector with exactly what they need, Aerohive developed a controller-less wireless LAN architecture called Cooperative Control. Our WLAN solution provides all the performance, availability, management, mobility, and security needed in a large campus deployment, and, with the elimination of controllers in the architecture, is cost effective even in small school deployment. Leveraging its controller-less approach, Aerohive has further simplified enterprise Wi-Fi with a cloud-based SaaS management solution called HiveManager. HiveManager dramatically lowers the cost and deployment complexity of managing enterprise Wi-Fi.

Cooperative Control® Architecture

Aerohive Networks has developed an innovative new generation of wireless infrastructure. This cooperative control functionality enables multiple APs to be organized into groups, called “Hives,” that share control information between APs and enable functions like fast/secure layer 2/3 roaming, coordinated radio channel and power management, security, quality-of-service (QoS), and native mesh networking. This information sharing capability enables a next generation WLAN architecture – the cooperative control architecture – that provides all of the benefits of a controller-based architecture, but is easier to deploy and expand, lower cost, more reliable, more scalable, more ubiquitously deployable, higher performing, and more suitable for demanding applications such as voice and video than controller-based architectures. Controller-based WLANs were designed for an era when there was insufficient processing power in APs to distribute the intelligence as happens in other networking infrastructure. Aerohive’s controller-less approach distributes all control functions and data forwarding to APs while maintaining a centralized management system for monitoring and configuration—similar to how routers function.

Figure 2 - Aerohive Controller-less Architecture VS Controller-based Architecture

The advantage of the Aerohive architecture is no U-turns, bottlenecks, or single points of failure, with increased reliability and reduced cost VS traditional controller-based WLAN solutions. The architecture is supported by three distinct, but tightly-interrelated technology building blocks:



Cooperative control A set of control-plane protocols that provides dynamic layer 2 (MAC-based) routing, automatic radio channel and power selection, and fast/secure roaming without requiring controllers. Policy enforcement at the edge The ability to enforce granular, user-based QoS, security, and access policies at the edge of the network where the user connects. Best-path forwarding Scalable wired/wireless mesh routing protocols allow traffic to be securely forwarded via the highest performance and most available path in the network. This includes both the ability to fail back when failed links are reestablished and to dynamically transition access radios into mesh backhaul mode as policy dictates.

Aerohive Cloud-Enabled Networking

The cloud offers a lot of advantages. It enables schools to increase capacity without having to make capital investments in additional servers, storage, and networking infrastructure. It provides flexibility and scale, helping schools increase the utility of their resources, expand their reach, and reliably support users from around the world.

Benefits of a cloud-enabled approach:

x Lower point of entry – moves capex to opex x Automatic upgrades, backup, and simple provisioning x Green - requires no rack space or power consumption x Inherent high-reliability (resilient data centers) x Easier and faster support – can manage from anywhere x Start small and expand granularly

Figure 3 - Aerohive's Cloud-enabled Infrastructure



Aerohive Cloud Services, including HiveManager, is a cloud-enabled enterprise management solution that provides all the features and functionality of a behind-the-firewall network management system (NMS) without the installation, operation, and maintenance associated with a dedicated management server and at dramatically lower cost.

Unlike alternative solutions, failures in the WAN link or cloud-deployed controller (for Wi-Fi), do not impact the ongoing operation of the LAN or WLAN. This is because data does not go to the cloud, and control or policy enforcement functions (authentication, roaming, and QoS) are not carried out in the cloud.

Together with an intelligent distributed network architecture and state-of-the-art 802.11 access points and VPN routers, Aerohive provides a cloud-enabled networking solution that is the simplest, most reliable, most flexible, most scalable, and most cost effective in the industry.

Our Cloud or Yours? Unique to the industry, Aerohive’s HiveManager NMS can also be deployed on-premises, in your own virtualized datacenter infrastructure. This approach allows you to get many of the benefits of HiveManager in your own infrastructure. You can even use Aerohive’s public infrastructure to simplify access point provisioning, while still hosting HiveManager on-premises, and you can migrate between online and on-premises at any stage of your deployment.



Aerohive Access Points Aerohive’s broad range of enterprise Access Points caters to both high performance and cost-effective deployments. The table below shows the full range of Aerohive 802.11ac Access Points, highlighting the functionality and capability of each device.

Figure 4 – 802.11ac Access Point Summary



HiveManager - Network Management System HiveManager Network Management System (NMS) can scale from a small, basic network to cover a larger, complex network with seamless upgradeability and simplicity. The Aerohive HiveManager NMS architecture allows administrators to deploy networks and maintain constant visibility and control, all enabled by a powerful cloud or on-premises platform and ecosystem that tie connectivity, insight, and applications together. In today’s world, being able to access, control, and troubleshoot your mobility infrastructure from anywhere is not only possible, but required.

HiveManager is available in two main offerings:

x Software-as-a-Service offering in the cloud ( Public Cloud) x On-Premises Private Cloud (VMware virtual appliance)



Features and Functionality Simplicity

Figure 5 - Simple Deployment

Aerohive have made the process of provisioning and deploying your wireless solution as straightforward as possible. Once the APs are connected to your network, they automatically search for the HiveManager using various pre-set methods including DNS and DHCP options. HiveManager offers the following ease of use solutions: Easy Administration

x Appliance or VMware virtual appliance-based management platform can be installed into the network in minutes

x Operational Excellence, one admin can manage thousands of devices Simple Central Management

x Single central management instance for thousands of APs x User group policies can be applied network wide or granularly to individual APs x Simple centralized firmware upgrades with distributed download functionality to

decrease WAN utilization and download time Once the AP’s are connected to the HiveManager, the configuration is completed using three simple steps including the radio settings, SSID definition and uploading the final configuration to your AP’s.



Figure 6 - Configuration using HiveManager

Green by design The Co-operative control architecture delivers exceptional green credentials whilst retaining the performance expected from an enterprise WLAN solution:

x By eliminating the Wireless LAN controller, we have eliminated the rack space, cooling and power requirements associated with the hardware.

x Our inherently redundant architecture removes the requirement to install multiple devices at each location to ensure your wireless LAN remains operational.

x Aerohive’s cloud based services remove local device needs as the HiveManager and other applications such as ID Manager are hosted at our redundant data centers.

x Aerohive Access Points support the latest 802.11 standard and provide full wireless performance over standard Power over Ethernet (PoE) 802.3af.

x Aerohive’s Auto-RF reduces the transmission power of each AP unless a coverage hole is detected.

x Aerohive APs support power saving mechanisms for sleeping client devices in order to save the battery life of mobile devices.

x SSID availability schedules allow the broadcasting of your WLAN’s at specified times of the day, thus disabling the radio’s when not required.



Performance Recognizing the importance of wireless connectivity in the classroom, Aerohive has developed specific features and applications to ensure that the wireless LAN reaches and exceeds expectations of school’s utilizing wireless technology as their primary network access method.

Client Health Score

Figure 7 - Client Health Score Example Client health score is a feature of HiveManager which can be used for quick identification and remediation of wireless connectivity issues. Within HiveManager, client health score creates an easy to understand graphical representation of the performance of each client device. Each client can then be deeply inspected by the administrator by viewing detailed analysis of the device and a host of troubleshooting tools to resolve any connectivity problems.



Dynamic Airtime Scheduling Dynamically the APs will recognize any underperforming devices and take counter measures to raise the health score including:

x Band Steering – Move clients from a congested radio of the AP to the second radio.

x Load Balancing – Move clients from a congested AP to a nearby AP with higher capacity.

x Airtime Boost – Temporarily boost the bandwidth available to the client.

Aerohive has developed Dynamic Airtime Scheduling to overcome mixed environment performance related issues. By recognizing what standard and speed the client device is operating at, Aerohive can prioritize the traffic queue according to the capabilities of individual devices, ensuring that faster devices get a higher percentage of the airtime than slower devices.

Figure 8 - Dynamic Airtime Scheduling in Action



High Availability and Mesh Resiliency The Cooperative Control architecture from Aerohive Networks achieves new levels of availability and resiliency in mission-critical wireless LAN networks. Unlike controller-based solutions where there is a single point of failure, Aerohive access points work together to recover from component failures without the need to deploy redundant systems, all while keeping the network wireless.

Figure 9 - Aerohive's Fully Redundant Architecture

Aerohive Networks' Cooperative Control access points support predictive stateful roaming, cooperative RF management, station load balancing, wireless mesh network redundancy, and stateful failover/rerouting. Wireless mesh network connections can be used to create redundant paths between access points, enabling the WLAN to route around wired network failures ensuring there is no single point of failure within the wireless or the wired infrastructure.



Dashboard Views Dashboard with contextual filters and time range slider enables monitoring of network from assets, health status, data usage and security standpoints. Key features:

x KPI status cards & widgets with drill down capabilities x Time range slider on dashboard for historical view x 360 views of any Aerohive network policy, AP, client device, user and applications x Global search function by network policy, MAC address, serial number, user or application

name x 7 days of historic monitoring and reporting data x Interactive Network Summary Report with easy sharing x Savable contextual filters by location, SSID, policy, user profile, and client OS type



Monitoring Comprehensive monitoring offers detailed insights into the state of the network with real-time and historical view of devices, clients, alarms and events, which gives administrator ability to take informed action on devices immediately from the monitor interface. Important features:

x Drill down capability from client list to client 360 view x Device list with rich utilities for advanced configuration and investigation x Real time Client List with SNR, RSSI, data usage and connection status x Savable and reusable filters shared across dashboard and monitor x Alarm and event lists with historical and real-time data x Maps API x Rogue AP and rogue client monitoring



Troubleshooting Aerohive understands that administrators may have to spend a substantial amount of time troubleshooting client connectivity so we developed a help-desk optimized interface to triage historical and real-time client problems with actionable data for resolution to reduce escalation and provide better end-user experience. Some of the troubleshooting features:

x Help-desk optimized interface with problem summary and suggested remedy x Dedicated Helpdesk user role for simple access management x Real-time troubleshooting with probe messages and stage filters x Historical troubleshooting with automatically detected issues x Mark issue resolved or escalate issue with email notification x Built-in command line interface x RADIUS test x AP technical data download



RF Visualization

x State-of-the-art Planning Tool with multi-floor auto-placement and coverage maps x Network maps enable easy visualization of topology and status x Real-time heat-maps show RF propagation within a network x Built-in client and rogue location detection and placement on a floorplan x Spectrum analysis to detect and identify typical non Wi-Fi sources of interference at

either 2.4GHz or 5GHz

Figure 10 - HiveManager Planning and RF Visualization



Reporting and Event Monitoring

x Real-time monitoring of alarms and events from the APs x Configuration audit capabilities ensure all configurations are up to date x Central collection and alerts of rogue and external APs and Clients

Figure 11 - HiveManager Topology Reporting

Security Aerohive’s unique approach to wireless LAN architectures eliminates controllers and enables customers to forward traffic at the edge to optimize traffic performance as well as network resiliency and load. Aerohive’s solution provides these advantages while maintaining a strong security posture because comprehensive security enforcement is performed right at the edge of the network – where the wireless users first get access to LAN.

Figure 12 - Aerohive Secured Wireless LAN



Aerohive’s implementation provides full policy enforcement at the edge of the network, enabling secure local forwarding. Aerohive APs are built to be secure. Every feature within the product goes through a thorough internal examination to help eliminate vulnerabilit ies during design, and then during QA is scanned for vulnerabilities. Aerohive also contracts 3rd party security firms to perform penetration tests to ensure device security. When vulnerabilities are found they are fixed with the highest priority. Aerohive has a policy of public disclosure of security vulnerabilities that includes a security alert system to notify customers as quickly as possible of vulnerabilities and steps to eliminate the vulnerability. In addition to building secure products, Aerohive offers a rich set of security features including:

x Wireless Privacy – Full support for 802.11i, WPA and WPA2

x Authentication – Strong authentication using 802.1X with RADIUS, Active Directory or OpenLDAP. Captive Web Portal authentication and MAC authentication. In addition Aerohive offers the unique Private PSK feature to add enterprise class security and management to pre-shared keys.

x Identity Based Access Control – In-line policy enforcement with strong role-based

stateful inspection firewall and access control.

x Network Firewall and Intrusion Detection and Protection – Segmentation of traffic based upon user role and stance without breaking the existing wired IPS and firewall systems in place. In fact Aerohive recommends leveraging those resources to improve the security of the wireless traffic.

x Rogue Detection and WIPS – Wireless DoS detection and prevention and wireless IDS

for rogue detection and compliance monitoring.

x Device Physical Security and Data Storage – Strong device security including a TPM chip for secure key and configuration storage and physical locking mechanisms to deter theft.

x Compliance – Solutions for being deployed in HIPAA, SOX and PCI compliant

networks, among others. Aerohive's ability to offer secure wireless access is based on an end-to-end approach that has been built from the beginning rather than as an afterthought.

Not only has Aerohive implemented a comprehensive set of security features, but Aerohive’s architecture also has been designed to take advantage of other security systems in place within an organization to ensure consistent security policy for users whether they are wired or connected wirelessly. Through an end-to-end approach Aerohive has delivered comprehensive and market leading security solution to deliver a wireless network that is not only capable of securing wireless access but, itself, is secure.



BYOD Control In addition to school provided laptops, students and staff are bringing their own devices to school these days – iPhones, Androids, iPads -- you name it; they are bringing it in. And they are expecting the school to help them access the school Wi-Fi network with their own devices. Aerohive’s OS detection capabilities allow administrators to modify user access rights based on the type of device in use. School-owned devices that are registered as computers in an Active Directory domain may be given full access to the network and all available resources. Personal devices access the network with the same user credentials as school owned devices, but may be directed to a restricted network offering only Internet access. From the user’s perspective, only a single set of credentials may be needed, but the backend system provides secured and segmented network access. Fully Stateful Firewall Every Aerohive Access Points features a fully stateful Layer 2-7 firewall. The firewall allows the administrator to granularly control which network resources each device connecting to the WLAN can access.

x MAC (L2) based firewall - Enables source and destination MAC address rules for Ethernet networks. MAC enforcement can deny peer-to-peer traffic and limit access to gateway device only if desired.

x Stateful TCP/IP firewall (L3/L4) - Standard 5-tuple rules block or allow traffic. DoS

attack prevention.

x Application support( QoS, bandwidth management or blocking) for 1500+ applications

Private Pre-Shared Key Until recent years, many schools have rolled out WPA2-PSK (pre-shared keys) networks which involves all devices on a single SSID sharing the same key or password for both authentication and encryption. This is highly simple to deploy but is an unsecure and un-scalable approach today for security conscious IT managers. The recommended method for today’s WLAN’s is 802.1X, which allows authentication to be done on a per-user basis, using backend databases such as Active Directory to confirm users identity. The manageability of this setup can be more difficult though for the initial deployment and certificate administration. To draw on the strengths of both pre-shared key and IEEE 802.1X mechanisms without incurring the significant shortcomings of either, Aerohive has introduced a new approach to WLAN authentication: Private PSKs. Private PSKs are unique pre-shared keys created for individual users on the same SSID. They offer the key uniqueness and policy flexibility that 802.1X provides with the simplicity of pre-shared keys.



Figure 13 - Private PSK Example Every Private PSK can also be used to identify the user’s access policy including their VLAN, firewall policy, QoS policy, tunnel policy, access schedule and key validity period. Because the keys are unique, no key from one user can be used to derive keys for other users. Furthermore, if a device is lost, stolen, or compromised, the individual user’s key can be revoked from the network, preventing unauthorized access from any wireless device using that key. As for the client users, the configuration is the same as using a standard preshared key.



Identity Based Policy Enforcement With the cooperative control architecture, Aerohive's access points can enforce powerful and flexible identity-based security, access control, and quality-of-service (QoS) policies at the edge of the network. Applying those policies to the traffic at the local access point allows the QoS engines to instantaneously respond to the real-time variations in wireless throughput inherent in a dynamic RF environment.

Figure 14 – Per User Policy Enforcement Example

Enforcing QoS, access control, and security policies at the AP also allows traffic to be controlled right when it enters the network, rather than after the traffic has traversed multiple hops to reach a central controller.



Corporate Headquarters Aerohive Networks, Inc. 330 Gibraltar Drive Sunnyvale, California 94089 USA Phone: 408.510.6100 Toll Free: 1.866.918.9918 Fax: 408.510.6199 [email protected] www.aerohive.com

International Headquarters Aerohive Networks Europe LTD The Courtyard 16-18 West Street Surrey, UK GU9 7DR +44 (0)1252 736590 Fax: +44 (0) 1252711901

aerohive proposal overview

Documents