SlideShare a Scribd company logo

Air heads rio 2010 aruba pef overview

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company
TechnologyTravel
1 of 25
Download to read offline
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Aruba PEF Overview Jon Green Product Manager jgreen@arubanetworks.com
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. User Mobility  Wireless LANs  Mobile Devices  Remote Access Enterprise Security  Access Control  Data Protection  Regulatory Mandates The Modern CIO Agenda Balancing Mobility and Security
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. What does PEF do? Guests, Students Phones, Printers 80Gbps Wire-Speed Policy Enforcement Firewall (PEF) Enterprise ResourcesAccess Networks Employees, Contractors Mobility Controller Identify the User Control Access per User Prioritize Applications Optimize Performance Follow the User
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Traditional Security Limits User Mobility Data Center Enterprise VPN Firewall Enterprise Perimeter Hackers Visitors Remote Employee VPN Consultants Employees
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Mobility and Wireless Dissolve Perimeters Data Center Dissolving Enterprise Perimeter HackersVisitors Consultants Employees Branch Partner Site HotelHome
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Takes Policy to the User Data Center Consultants Employees The Mobile Enterprise Branch Partner Site HotelHome HackersVisitors Only at the network edge is user identity known!
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.  Rules  Match a specific flow (source IP, dest IP, protocol, source port, dest port)  Apply an action (permit, deny, redirect, change TOS, queue, etc.)  Policies  Made up of one or more rules (in priority order)  Some policies are not rule-based (e.g. bandwidth contracts)  Roles  A classification into which users are placed when connected to an Aruba system  Assigned role may change throughout a session (e.g. moving from pre-authentication role to post-authentication role)  Incorporate one or more policies (in priority order)  Controls other parameters (IP address pools, VLAN, bandwidth contract, VIA profile, etc.) PEF Basics
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Architecture Corporate Services Guest Finance Legal HR Executive Virtual AP 1 SSID: Corp Virtual AP 2 SSID: GUEST DMZ RADIUS LDAP AD Captive Portal Role-Based Access Control Access Rights Secure Tunnel To DMZ SSID-Based Access ControlStaff Contractors Voice Video Guest
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Identifies the User
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Default Roles • Configurable by authentication method • SSID User Rules • Device-specific attributes • Encryption type • AP used (by name or BSSID) Server Derived Roles • Role assignment based on attributes from authentication server • Different access privileges based on security policy • Can use single SSID for all users/devices Role Derivation
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.  User access authenticated through enterprise directory services (AD, LDAP, RADIUS, etc.)  Group membership information from directory used to derive user role  User role controls policy Role Derivation RADIUS Domain Controller PERMIT AD Group = Marketing PERMIT FilterID = Marketing User = Jon Role = Marketing Policy = permit_facebook
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces Security Policy
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Security without PEF Firewall Employee Authentication AuthorizationIdentification Encryption Malicious Insider Disconnect
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Security with PEF + Centralized Crypto Employee Authentication AuthorizationIdentification Encryption Malicious Insider
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. CONFIDENTIAL © Copyright 2010. Aruba Networks, Inc. All rights reserved15 CONFIDENTIAL © Copyright 2010. Aruba Networks, Inc. All rights reserved Why Worry About Authorization? Where is the “network perimeter” today?  Mobility brings us:  Disappearance of physical security  New mobile users, devices appearing everyday  Increased exposure to malware  Assuming that “the bad guys are outside the firewall, the good guys are inside” is a recipe for disaster We meet again, 007!
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Integration with NAC  Works with any 3rd party AAA and PDP  Policy Enforcement Point cluster shares user state & policy information  Correlates many policy inputs for continuous threat mitigation Managed Clients (Employees) Unmanageable Devices Unmanaged Clients (Guests, students) CNAC Pre-Admission Post-Admission IDS/IPS, A/V scanning, Etc. Access Requester (AR) Policy Decision Point (PDP) Policy Enforcement Point (PEP) Cluster
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces QoS Policy
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Application Aware QoS SIP Server SIP Flow = High Priority HTTP Flow = Low Priority Device gets role regardless of traffic type. Only voice flow gets priority. VLAN 1 = High Priority Device gets high priority regardless of traffic type. Others using web browser can reduce call quality. SIP Server Without PEF With PEF
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Voice Flow Classification (VFC)  Deep packet inspection of each traffic flow through centralized mobility controller  Based on Aruba’s role-based stateful firewall  Uniquely identifies, classifies and prioritizes voice traffic  Pre-configured support for major voice protocols  SpectraLink SVP  Vocera  Cisco SCCP  Session Initiation Protocol (SIP) DATA VOICE
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces Performance Policy
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Wireless Networking's Silent Killers Multicast/ Broadcast Chatty Protocols Power Users Stealing B/W Malicious or Misconfigured Clients Lack of Policy Impacts Network Reliability & Performance • What are Multicast and Broadcast currently being used for? • What problems am I creating by using large VLANs to solve mobility issues? • What non-critical applications are consuming bandwidth? • Should users be connecting to 3rd party WLANs? • Should users be setting up their own WLANs? • Should users be connected to wireless while wired? • How are “Power” Users affecting others? • How are unauthorized users affecting network availability Bonjour!
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Solution: Policy For Performance mDNS LLMNR ? IPv6
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Follows the User
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Layer 3 Mobility  PEF policies follow mobile users as they roam in the network  User/firewall state anchored in one controller (home agent)  When client roams to another controller (foreign agent), FA establishes a tunnel back to the HA L3 Network Mobile IP Tunnel Roaming Client Home Agent Foreign Agent
Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.

Recommended

2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentalsAruba, a Hewlett Packard Enterprise company
 
5 steps to a faster, smarter wlan
5 steps to a faster, smarter wlan5 steps to a faster, smarter wlan
5 steps to a faster, smarter wlanAruba, a Hewlett Packard Enterprise company
 
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAirheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAruba, a Hewlett Packard Enterprise company
 
2012 ah apj keynote - technology update
2012 ah apj keynote - technology update2012 ah apj keynote - technology update
2012 ah apj keynote - technology updateAruba, a Hewlett Packard Enterprise company
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANsAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Airheads scottsdale 2010 maximizing 11n performance
Airheads scottsdale 2010 maximizing 11n performanceAirheads scottsdale 2010 maximizing 11n performance
Airheads scottsdale 2010 maximizing 11n performanceAruba, a Hewlett Packard Enterprise company
 
2012 ah apj wi fi design for voice & video
2012 ah apj wi fi design for voice & video2012 ah apj wi fi design for voice & video
2012 ah apj wi fi design for voice & videoAruba, a Hewlett Packard Enterprise company
 

Recommended

2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentalsAruba, a Hewlett Packard Enterprise company
 
5 steps to a faster, smarter wlan
5 steps to a faster, smarter wlan5 steps to a faster, smarter wlan
5 steps to a faster, smarter wlanAruba, a Hewlett Packard Enterprise company
 
Airheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAirheads dallas 2011 wireless security
Airheads dallas 2011 wireless securityAruba, a Hewlett Packard Enterprise company
 
2012 ah apj keynote - technology update
2012 ah apj keynote - technology update2012 ah apj keynote - technology update
2012 ah apj keynote - technology updateAruba, a Hewlett Packard Enterprise company
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANsAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Airheads scottsdale 2010 maximizing 11n performance
Airheads scottsdale 2010 maximizing 11n performanceAirheads scottsdale 2010 maximizing 11n performance
Airheads scottsdale 2010 maximizing 11n performanceAruba, a Hewlett Packard Enterprise company
 
2012 ah apj wi fi design for voice & video
2012 ah apj wi fi design for voice & video2012 ah apj wi fi design for voice & video
2012 ah apj wi fi design for voice & videoAruba, a Hewlett Packard Enterprise company
 
Mobility access switches_madani adjali
Mobility access switches_madani adjaliMobility access switches_madani adjali
Mobility access switches_madani adjaliAruba, a Hewlett Packard Enterprise company
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013Aruba, a Hewlett Packard Enterprise company
 
Airheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAirheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAruba, a Hewlett Packard Enterprise company
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAruba, a Hewlett Packard Enterprise company
 
Outdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaverOutdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaverAruba, a Hewlett Packard Enterprise company
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas mobile device fundamentals
2012 ah vegas mobile device fundamentals2012 ah vegas mobile device fundamentals
2012 ah vegas mobile device fundamentalsAruba, a Hewlett Packard Enterprise company
 
2012 ah apj wlan design fundamentals
2012 ah apj wlan design fundamentals2012 ah apj wlan design fundamentals
2012 ah apj wlan design fundamentalsAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas deploying byod
2012 ah vegas deploying byod2012 ah vegas deploying byod
2012 ah vegas deploying byodAruba, a Hewlett Packard Enterprise company
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility designAruba, a Hewlett Packard Enterprise company
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliAruba, a Hewlett Packard Enterprise company
 
4 healthcare forum deploying vocera on aruba wlan_kevin huey
4 healthcare forum deploying vocera on aruba wlan_kevin huey4 healthcare forum deploying vocera on aruba wlan_kevin huey
4 healthcare forum deploying vocera on aruba wlan_kevin hueyAruba, a Hewlett Packard Enterprise company
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba, a Hewlett Packard Enterprise company
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteAruba, a Hewlett Packard Enterprise company
 
Rf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneRf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneAruba, a Hewlett Packard Enterprise company
 
Designing for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffinDesigning for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffinAruba, a Hewlett Packard Enterprise company
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentalsAruba, a Hewlett Packard Enterprise company
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaAruba, a Hewlett Packard Enterprise company
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAruba, a Hewlett Packard Enterprise company
 
Air heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAir heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAruba, a Hewlett Packard Enterprise company
 
Outdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiOutdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 

What's hot (20)

Mobility access switches_madani adjali
Mobility access switches_madani adjaliMobility access switches_madani adjali
Mobility access switches_madani adjali
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013
 
Airheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la nsAirheads barcelona 2010 securing wireless la ns
Airheads barcelona 2010 securing wireless la ns
 
Airheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturingAirheads barcelona 2010 rf design for retail warehousing manufacturing
Airheads barcelona 2010 rf design for retail warehousing manufacturing
 
Outdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaverOutdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaver
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
2012 ah vegas mobile device fundamentals
2012 ah vegas mobile device fundamentals2012 ah vegas mobile device fundamentals
2012 ah vegas mobile device fundamentals
 
2012 ah apj wlan design fundamentals
2012 ah apj wlan design fundamentals2012 ah apj wlan design fundamentals
2012 ah apj wlan design fundamentals
 
2012 ah vegas deploying byod
2012 ah vegas deploying byod2012 ah vegas deploying byod
2012 ah vegas deploying byod
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 
4 healthcare forum deploying vocera on aruba wlan_kevin huey
4 healthcare forum deploying vocera on aruba wlan_kevin huey4 healthcare forum deploying vocera on aruba wlan_kevin huey
4 healthcare forum deploying vocera on aruba wlan_kevin huey
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 
Rf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter laneRf troubleshooting advanced kelly griffin_peter lane
Rf troubleshooting advanced kelly griffin_peter lane
 
Designing for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffinDesigning for the all wireless office ash chowdappa-kelly griffin
Designing for the all wireless office ash chowdappa-kelly griffin
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubia
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 

Viewers also liked

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 

Viewers also liked (20)

Air heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-nsAir heads rio 2010 outdoor wla-ns
Air heads rio 2010 outdoor wla-ns
 
Outdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewskiOutdoor network engineering_chuck lukaszewski
Outdoor network engineering_chuck lukaszewski
 
Open dns configuring opendns filtering
Open dns configuring opendns filteringOpen dns configuring opendns filtering
Open dns configuring opendns filtering
 
2012 ah vegas wlan design for voice video
2012 ah vegas wlan design for voice video2012 ah vegas wlan design for voice video
2012 ah vegas wlan design for voice video
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
Air heads rio 2010 controlling the air
Air heads rio 2010 controlling the airAir heads rio 2010 controlling the air
Air heads rio 2010 controlling the air
 
80211ac faq 121311
80211ac faq 12131180211ac faq 121311
80211ac faq 121311
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 

Similar to Air heads rio 2010 aruba pef overview

cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01Sergiy Pitel
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksNTS UK - Part of Capita
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiRowell Dionicio
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionCisco Mobility
 
Managing Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkManaging Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkSecurEdgeNetworks
 
Avaya Session Border Controller (SBC)
Avaya Session Border Controller (SBC)Avaya Session Border Controller (SBC)
Avaya Session Border Controller (SBC)Motty Ben Atia
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)BAKOTECH
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...BAKOTECH
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki OverviewSSISG
 
Cisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIACisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIARobb Boyd
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration EasyIntelePeer
 
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqeasdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqealmondzzzz938
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Cisco Russia
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 

Similar to Air heads rio 2010 aruba pef overview (20)

Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
Cisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by MerakiCisco's Cloud Networking Powered by Meraki
Cisco's Cloud Networking Powered by Meraki
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals
 
Mobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solutionMobilize employees with the cisco mobile workspace solution
Mobilize employees with the cisco mobile workspace solution
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
Airheads vail 2011 air wave overview
Airheads vail 2011 air wave overviewAirheads vail 2011 air wave overview
Airheads vail 2011 air wave overview
 
Managing Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless NetworkManaging Student Devices on the School Wireless Network
Managing Student Devices on the School Wireless Network
 
Avaya Session Border Controller (SBC)
Avaya Session Border Controller (SBC)Avaya Session Border Controller (SBC)
Avaya Session Border Controller (SBC)
 
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
End-to-Eend security with Palo Alto Networks (Onur Kasap, Palo Alto Networks)
 
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
End to End Security With Palo Alto Networks (Onur Kasap, engineer Palo Alto N...
 
Cisco Meraki Overview
Cisco Meraki OverviewCisco Meraki Overview
Cisco Meraki Overview
 
Cisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIACisco Network Insider Series: Securing Your Branch for DIA
Cisco Network Insider Series: Securing Your Branch for DIA
 
Making SIP Migration Easy
Making SIP Migration EasyMaking SIP Migration Easy
Making SIP Migration Easy
 
ICC Networking handles BYOD & BYOC
ICC Networking handles BYOD & BYOCICC Networking handles BYOD & BYOC
ICC Networking handles BYOD & BYOC
 
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqeasdasdsadsadasdasdaddasdasdasdasdweqweqewqe
asdasdsadsadasdasdaddasdasdasdasdweqweqewqe
 
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
Решения конвергентного доступа Cisco. Обновление продуктовой линейки коммутат...
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
 
The Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless WorkplaceThe Unstoppable Demand for the All-Wireless Workplace
The Unstoppable Demand for the All-Wireless Workplace
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 

Recently uploaded

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024The Digital Insurer
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Neo4j
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 

Recently uploaded (20)

Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024My INSURER PTE LTD - Insurtech Innovation Award 2024
My INSURER PTE LTD - Insurtech Innovation Award 2024
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024Build your next Gen AI Breakthrough - April 2024
Build your next Gen AI Breakthrough - April 2024
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 

Air heads rio 2010 aruba pef overview

  • 1. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Aruba PEF Overview Jon Green Product Manager jgreen@arubanetworks.com
  • 2. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. User Mobility  Wireless LANs  Mobile Devices  Remote Access Enterprise Security  Access Control  Data Protection  Regulatory Mandates The Modern CIO Agenda Balancing Mobility and Security
  • 3. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. What does PEF do? Guests, Students Phones, Printers 80Gbps Wire-Speed Policy Enforcement Firewall (PEF) Enterprise ResourcesAccess Networks Employees, Contractors Mobility Controller Identify the User Control Access per User Prioritize Applications Optimize Performance Follow the User
  • 4. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Traditional Security Limits User Mobility Data Center Enterprise VPN Firewall Enterprise Perimeter Hackers Visitors Remote Employee VPN Consultants Employees
  • 5. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Mobility and Wireless Dissolve Perimeters Data Center Dissolving Enterprise Perimeter HackersVisitors Consultants Employees Branch Partner Site HotelHome
  • 6. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Takes Policy to the User Data Center Consultants Employees The Mobile Enterprise Branch Partner Site HotelHome HackersVisitors Only at the network edge is user identity known!
  • 7. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.  Rules  Match a specific flow (source IP, dest IP, protocol, source port, dest port)  Apply an action (permit, deny, redirect, change TOS, queue, etc.)  Policies  Made up of one or more rules (in priority order)  Some policies are not rule-based (e.g. bandwidth contracts)  Roles  A classification into which users are placed when connected to an Aruba system  Assigned role may change throughout a session (e.g. moving from pre-authentication role to post-authentication role)  Incorporate one or more policies (in priority order)  Controls other parameters (IP address pools, VLAN, bandwidth contract, VIA profile, etc.) PEF Basics
  • 8. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Architecture Corporate Services Guest Finance Legal HR Executive Virtual AP 1 SSID: Corp Virtual AP 2 SSID: GUEST DMZ RADIUS LDAP AD Captive Portal Role-Based Access Control Access Rights Secure Tunnel To DMZ SSID-Based Access ControlStaff Contractors Voice Video Guest
  • 9. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Identifies the User
  • 10. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Default Roles • Configurable by authentication method • SSID User Rules • Device-specific attributes • Encryption type • AP used (by name or BSSID) Server Derived Roles • Role assignment based on attributes from authentication server • Different access privileges based on security policy • Can use single SSID for all users/devices Role Derivation
  • 11. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.  User access authenticated through enterprise directory services (AD, LDAP, RADIUS, etc.)  Group membership information from directory used to derive user role  User role controls policy Role Derivation RADIUS Domain Controller PERMIT AD Group = Marketing PERMIT FilterID = Marketing User = Jon Role = Marketing Policy = permit_facebook
  • 12. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces Security Policy
  • 13. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Security without PEF Firewall Employee Authentication AuthorizationIdentification Encryption Malicious Insider Disconnect
  • 14. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Security with PEF + Centralized Crypto Employee Authentication AuthorizationIdentification Encryption Malicious Insider
  • 15. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. CONFIDENTIAL © Copyright 2010. Aruba Networks, Inc. All rights reserved15 CONFIDENTIAL © Copyright 2010. Aruba Networks, Inc. All rights reserved Why Worry About Authorization? Where is the “network perimeter” today?  Mobility brings us:  Disappearance of physical security  New mobile users, devices appearing everyday  Increased exposure to malware  Assuming that “the bad guys are outside the firewall, the good guys are inside” is a recipe for disaster We meet again, 007!
  • 16. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Integration with NAC  Works with any 3rd party AAA and PDP  Policy Enforcement Point cluster shares user state & policy information  Correlates many policy inputs for continuous threat mitigation Managed Clients (Employees) Unmanageable Devices Unmanaged Clients (Guests, students) CNAC Pre-Admission Post-Admission IDS/IPS, A/V scanning, Etc. Access Requester (AR) Policy Decision Point (PDP) Policy Enforcement Point (PEP) Cluster
  • 17. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces QoS Policy
  • 18. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Application Aware QoS SIP Server SIP Flow = High Priority HTTP Flow = Low Priority Device gets role regardless of traffic type. Only voice flow gets priority. VLAN 1 = High Priority Device gets high priority regardless of traffic type. Others using web browser can reduce call quality. SIP Server Without PEF With PEF
  • 19. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Voice Flow Classification (VFC)  Deep packet inspection of each traffic flow through centralized mobility controller  Based on Aruba’s role-based stateful firewall  Uniquely identifies, classifies and prioritizes voice traffic  Pre-configured support for major voice protocols  SpectraLink SVP  Vocera  Cisco SCCP  Session Initiation Protocol (SIP) DATA VOICE
  • 20. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Enforces Performance Policy
  • 21. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Wireless Networking's Silent Killers Multicast/ Broadcast Chatty Protocols Power Users Stealing B/W Malicious or Misconfigured Clients Lack of Policy Impacts Network Reliability & Performance • What are Multicast and Broadcast currently being used for? • What problems am I creating by using large VLANs to solve mobility issues? • What non-critical applications are consuming bandwidth? • Should users be connecting to 3rd party WLANs? • Should users be setting up their own WLANs? • Should users be connected to wireless while wired? • How are “Power” Users affecting others? • How are unauthorized users affecting network availability Bonjour!
  • 22. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Solution: Policy For Performance mDNS LLMNR ? IPv6
  • 23. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. PEF Follows the User
  • 24. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved. Layer 3 Mobility  PEF policies follow mobile users as they roam in the network  User/firewall state anchored in one controller (home agent)  When client roams to another controller (foreign agent), FA establishes a tunnel back to the HA L3 Network Mobile IP Tunnel Roaming Client Home Agent Foreign Agent
  • 25. Aruba Networks CONFIDENTIAL. © 2010 All Rights Reserved.