• Like
  • Save
Uploaded on

Webinar developed for training purposes by Content Rules for its client Aruba

Webinar developed for training purposes by Content Rules for its client Aruba

More in: Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
    Be the first to like this
No Downloads

Views

Total Views
1,302
On Slideshare
0
From Embeds
0
Number of Embeds
2

Actions

Shares
Downloads
0
Comments
0
Likes
0

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • <<Still missing Rajeev ’s info for final sub-bullet>> This webinar addresses the Fixed Telecommuter. Road Warrior and Day Extender scenarios will be the focus of future webinars.
  • <<I have additional graphics if needed for Field-Based and Financial traders>>
  • In this application, an Aruba wired or wireless Access Point (AP) with a Remote AP (RAP) license is deployed at the remote site and plugged directly into the LAN side of a router connected to a Digital Subscriber Line (DSL) or cable modem. 3G wireless USB sticks are also supported for wide-area backhaul on certain Aruba AP models. Wireless devices are offered the same SSIDs with the same security features available at the organization ’s offices. Any wired client devices at the home can be connected directly to the secure jack of the AP or to a layer-2 hub which is uplinked to the secure jack. The AP sends all traffic back to an Aruba controller appliance in the DMZ using encrypted GRE tunnels, where roles are derived and separate security policies applied to each connected device. Unauthorized devices can be blacklisted entirely.
  • As depicted in the diagram, users will associate to the Access Point and authenticate with the RADIUS server that already exists in the network. Employee users will use the Employee SSID, while guests will use the Guest SSID and have their traffic sent directly to the Internet via split tunnel. Voice and data devices will associate to the Voice SSID, and will be given a role based on the network services they are capable of accessing. Each user and device has a specific role and associated policy enforced by the stateful firewall in the Mobility Controller. The Employee user now has full access to all resources within the network and the internet. Guest users are only permitted to access the Internet using specific protocols such as HTTP and HTTPS. Application devices are only able to access related application servers; for example, a phone running SIP can only access the SIP server to make calls. Users are only able to access those resources they have permissions for, and only after they have successfully authenticated to the network.
  • To build this Aruba Validated Reference Design as depicted on page __, the following licenses are required on each of the Local Controllers, assuming that there are a total of 512 Aruba Remote APs being managed, with an MMC-6000 Multiservice Mobility Controller acting as a backup to a second MMC-6000: LIC-512-AP Access Point License (512 Access Point License) LIC-WIP-512 Wireless Intrusion Protection Module License (512 AP Support) LIC-PEF-512 Policy Enforcement Firewall Module License (512 Users) LIC-512-RAP Remote Access Point License (512 Remote Access Points)

Transcript

  • 1. Remote Access for Fixed Telecommuters Validated Reference Design 3.3
  • 2. Agenda
    • Aruba Validated Reference Designs Overview
    • Understanding Remote Access Applications
    • Aruba Fixed Telecommuter Physical Architecture
    • Aruba Fixed Telecommuter Logical Architecture
    • Configuring the Aruba Fixed Telecommuter Solution
    • Management & Troubleshooting
  • 3. Aruba Validated Reference Designs Overview
    • What is an Aruba VRD?
      • Reference design for common customer deployment scenarios
      • Includes turnkey package of products, architecture and procedures
      • Constructed and tested in lab environment by Aruba engineers
      • Proven designs for rapid deployment
    • Remote Access for Fixed Telecommuters VRD 3.3
      • A scalable and manageable solution for the home-based employee
      • Replicates the enterprise environment in the home office
      • Includes support for data, voice and video devices
      • Wired and wireless access methods
      • Low capex / Low opex solution
      • QA testing for VRD is based on ArubaOS 3.3.1.14
  • 4. Agenda
    • Aruba Validated Reference Designs Overview
    • Understanding Remote Access Applications
    • Aruba Fixed Telecommuter Physical Architecture
    • Aruba Fixed Telecommuter Logical Architecture
    • Configuring the Aruba Fixed Telecommuter Solution
    • Management & Troubleshooting
  • 5. Understanding Remote Access Applications
    • Three Typical Remote User Scenarios:
      • 1) Fixed Telecommuters – the focus of this webinar
      • 2) Road Warriors
      • 3) Day Extenders
    • A VPN Client on a Laptop is Increasingly Insufficient
      • No support for non-PC devices such as wired or wireless IP phones
      • Expensive and complex infrastructure to maintain
  • 6. Who Are Fixed Telecommuters?
    • Employees who work primarily from their home, or who must be able to work from home if disaster strikes
    • Do not generally maintain an office presence
    • Employee location is transparent to company customers
    • Require fully functional IP voice and data services
    • IT maintains remote technology footprint
    Call Center Technician Field-Based Consultants Business Continuity Financial Traders
  • 7. What is a Remote AP?
    • Aruba Access Point (AP) with a Remote AP (RAP) license deployed at remote site
    • Plugged directly into the LAN side of a router connected to a DSL or cable modem
    • Extends secure role-based wired and wireless from corporate network into home
  • 8. What is Role-Based Access Control?
    • Controller authenticates a user/device placing it into predefined “roles”
    • In a typical fixed telecommuter home, there are three SSIDs simultaneously available via the AP
    • Each user and device has specific role and associated policy enforced by stateful firewall in Mobility Controller
  • 9. Agenda
    • Aruba Validated Reference Designs Overview
    • Understanding Remote Access Applications
    • Aruba Fixed Telecommuter Physical Architecture
    • Aruba Fixed Telecommuter Logical Architecture
    • Configuring the Aruba Fixed Telecommuter Solution
    • Management & Troubleshooting
  • 10. Aruba Fixed Telecommuter Physical Architecture
    • Key Components
      • Mobility Controllers
      • Remote Access Points
      • Authentication Servers
      • AirWave Wireless Management Suite
    • Controller Models
      • Master: MMC-3600
      • Local: MMC-6000 with M3 Blade
  • 11. Required Products – Local Controllers
    • 512 Remote AP example
    • Controllers must have both an AP and a Remote AP license to terminate access points
    SKU Description Qty 6000-400 Aruba 6000 Base System, SPOE Power 2 M3MK1-G10X-10G2X Aruba Multiservice Mobility Module, 10x 1000BaseX, 2x10GBaseX (0 AP License) 2 LIC-512-AP AP License (512 Access Point License) 2 LIC-WIP-512 Wireless Intrusion Protection Module License (512 AP Support) 2 LIC-PEF-512 Policy Enforcement Firewall Module License (512 Users) 2 LIC-512-RAP Remote Access Point License (512 Remote Access Points) 2