ARUBA先進(jìn)無線解決方案

ARUBA先進(jìn)無線解決方案第一頁，共97頁。背景資料第一代：胖AP第二代：胖AP+認(rèn)證網(wǎng)關(guān)第三代：瘦AP+無線交換機(jī)第四代：無線網(wǎng)格第五代：移動邊緣第二頁，共97頁。市場情況第三頁，共97頁。移動性企業(yè)的變革

（發(fā)展軌跡）2003WLAN交換-安全-可管理性

變革

-集中式控制無線網(wǎng)格-性能-成本

變革Innovation

-密集式部署內(nèi)部安全-線速的傳輸

身份認(rèn)證

變革

-集中式的安全控制

2004200520062007+CorporateCampusRegionalOfficesBranchOfficesHomeOfficesWANLANLANInternetRetailOutletsEnterpriseMobileEdgeEnterpriseMobileEdgeEnterpriseMobileEdgeEnterpriseMobileEdgeMobile

OfficeHotelsCustomersPartnersCorporateNetwork移動邊緣：階段1

統(tǒng)一的有線、無線、遠(yuǎn)程接入

策略：

單一的移動性、安全性、整合性解決方案無線邊緣：階段2無線邊緣居于主導(dǎo)地位

策略：

語音與數(shù)據(jù)的端口比例為10:1第四頁，共97頁。公司簡介成立于：2002年2月市場定位：無線安全與移動創(chuàng)新點：無線交換技術(shù)客戶群：全球2500+員工數(shù)：全球300+，中國7產(chǎn)品：移動控制器ARUBA解決方案特點：部署快捷管理方便容易擴(kuò)展安全可靠支持多業(yè)務(wù)第五頁，共97頁。高科技企業(yè)教育醫(yī)療政府金融其他400+80+150+50+40+20+Novell廣泛的市場認(rèn)可度第六頁，共97頁。傳統(tǒng)固定邊緣(FixEdge)傳統(tǒng)有線網(wǎng)絡(luò)的安全是基于物理的，而單純是物理安全是不足夠的沒有考慮到用戶的移動性基于端口的安全而非用戶的安全部署復(fù)雜第七頁，共97頁。相關(guān)的應(yīng)用終端用戶可接受成本用戶使用經(jīng)驗生產(chǎn)效率用戶需求拉動技術(shù)推動力內(nèi)置終端芯片具有標(biāo)準(zhǔn)遵循對于移動性的追求移動設(shè)備的普及移動邊緣(MobileEdge)固定邊緣(Fix)移動邊緣－網(wǎng)絡(luò)發(fā)展的大趨勢第八頁，共97頁。我們?yōu)槭裁葱枰苿舆吘?、地域廣闊，人員流動性大，各種應(yīng)用較多，部署移動邊緣可大大擴(kuò)展網(wǎng)絡(luò)彈性。2、大部份商務(wù)人士對帶寬需求不明顯，真正需要的是連接移動性3、通過移動邊緣，可開展更多的應(yīng)用平臺，例如VoWLAN語音和流媒體應(yīng)用4、新一代的“移動邊緣”系統(tǒng)比傳統(tǒng)“固定邊緣”更安全，更靈活，更便捷第九頁，共97頁。目前部署無線網(wǎng)主要的問題可管理性需求隱藏成本安全性部署施工WirelessisnolongeraPaininthePlenumLocktheAirwithWi-FiSwichingIt’sMoreExpensiveNOTtoDeployWirelessUseWirelesstoKillWireless第十頁，共97頁。WLAN傳統(tǒng)無線網(wǎng)的安全問題EmployeeWiredLANEncryptedtrafficIdentificationAuthenticationAuthorizationInternalcorporateLANDisconnectDecryptedtrafficFirewall黑客入侵者KeyIssuesMaliciousinsiderscanspoofvalidclientsExternalfirewallcannottelldifferenceNoidentityismaintainedend-to-endABCD數(shù)據(jù)加密第十一頁，共97頁。首創(chuàng)集中式無線交換架構(gòu)（2003）“胖”AccessPoints“瘦”

AccessPoints集中式的

WLAN控制器802.11a/b/gAntennasPolicyMobilityForwardingEncryptionAuthenticationManagementEncryptionAuthentication安全的透明的隧道集中式的管理豐富的功能容易部署的“AP”集中式無線網(wǎng)絡(luò)架構(gòu)－解決無線局域網(wǎng)安全和成本過高的問題第十二頁，共97頁。WLAN端到端的數(shù)據(jù)安全性EmployeeWiredLAN(DataCenter)EncryptedtrafficAdvantagesAuthentication&firewalltogetherFirewallpoliciesbasedonidentity,notMACorIPEnd-to-endencryptionSpoofingattacksdefeatedAuthorizationIdentificationAuthenticationArubaMobilityControllerEncryptedtrafficDecryptedtrafficInternalcorporateLANMaliciousInsider數(shù)據(jù)加密第十三頁，共97頁。數(shù)據(jù)中心核心層匯聚層111213Floor1Floor2Floor344((Guest((Employee((Guest((Employee((Guest((EmployeeARUBA無線交換機(jī)（standby）413101201103203102202Employee103Guest203Guest202Employee102Employee101Guest20113115ARUBA無線交換機(jī)12不需要修改接入層網(wǎng)絡(luò)設(shè)備的配置無線數(shù)據(jù)封裝在GRE隧道中傳送到無線交換機(jī)在數(shù)據(jù)中心加上無線VLAN的trunk不需要對匯聚層網(wǎng)絡(luò)設(shè)備的配置信息進(jìn)行修改核心層的網(wǎng)絡(luò)設(shè)備不需要做任何的修改1211實施和管理簡單（無需改變原有網(wǎng)絡(luò)的設(shè)置）第十四頁，共97頁。CorporateNetwork“NOTOUCHZONE”ARUBA先進(jìn)的理念WirelessGrid?Low-cost,Multi-serviceIPAntennae(GridPoints)TunneledTransportSecurity/ControlSwitchesCentralizedSecurity,Monitoring,Management,NetworkAccessControl&ServiceProvisioning

RFControl&Services

NetworkAccessControlSecureDifferentiatedQoS-basedTrafficA“Cellular”Approach…

OverlayModelSelfContainedTotalSolution

Non-DisruptiveEasierToDeployEasierToManage

MoreSecureMoreFunctionalMoreResilient

LowerTCOScalestoFuture第十五頁，共97頁。WAN123123WiredVLANsINTERNET接入層交換機(jī)匯聚交換機(jī)核心路由器防火墻分校區(qū)網(wǎng)絡(luò)遠(yuǎn)程接入校園有線網(wǎng)絡(luò)VPN服務(wù)器分校路由器VPN客戶端傳統(tǒng)的有線網(wǎng)絡(luò)架構(gòu)第十六頁，共97頁。WAN123123WiredVLANsINTERNET123瘦AP瘦AP瘦AP移動控制器無線入侵檢測安全無線連接集中式加密認(rèn)證內(nèi)置定位服務(wù)采用ARUBA構(gòu)建無線移動網(wǎng)絡(luò)第十七頁，共97頁。WAN123123WiredVLANsINTERNET123分校區(qū)AP移動控制器移動性很容易擴(kuò)展第十八頁，共97頁。WAN123123WiredVLANsINTERNET123安全的遠(yuǎn)程“瘦”AP移動控制器跨越互聯(lián)網(wǎng)也能夠得到移動性支持第十九頁，共97頁。接入層主干WANInternet無線AP數(shù)據(jù)中心校園網(wǎng)內(nèi)的移動控制器加密傳輸來進(jìn)行

集中式管理已有的認(rèn)證服務(wù)分校區(qū)的無線網(wǎng)絡(luò)分校區(qū)部署的移動控制器對分校區(qū)進(jìn)行集中式的管理遠(yuǎn)程接入遠(yuǎn)程AP即插即用整合無線有線支持語音數(shù)據(jù)高性能，低部署成本集中式的無線數(shù)據(jù)/語音解決方案和已有AAA服務(wù)以及有線網(wǎng)絡(luò)能夠無縫的整合在一起家庭無線網(wǎng)絡(luò)遠(yuǎn)程AP移動辦公室遠(yuǎn)程AP無線網(wǎng)絡(luò)始終跟隨著用戶集中式的無線安全解決方案ARUBA移動網(wǎng)絡(luò)完整解決方案第二十頁，共97頁。DefiningMobility

TheNetworkFollowstheUserHeadquartersRegionalOfficesRemoteOfficesHomeOfficesRetailOutletsInstantInternet

OfficesHotelsCustomersPartnersRegionalOfficesLANInternetWANEnterpriseMobileEdgeEnterpriseMobileEdgeEnterpriseMobileEdgeEnterpriseMobileEdgeTheMobileEdgeisnotanExtensionoftheFixedEdge第二十一頁，共97頁。重視用戶移動性保持現(xiàn)有有線網(wǎng)絡(luò)架構(gòu)不改動部署的“移動邊緣”能夠橫跨局域網(wǎng)、廣域網(wǎng)和因特網(wǎng)部署快捷，管理方便，可擴(kuò)展，加強(qiáng)安全性，支持承載多業(yè)務(wù)ControlledAccessPointsLANInternetWANMobilityControllerMOBILEEDGEARUBA的解決方案思想第二十二頁，共97頁。為什么選擇ARUBA移動性訪客資源內(nèi)部無線熱點分布式無線覆蓋遠(yuǎn)程/分支辦公訪問小辦公室、家庭辦公，出差移動辦公訪問保護(hù)傳統(tǒng)的無線安全無線定位系統(tǒng)安全性基于身份認(rèn)證的安全無線入侵檢測終端完整性檢測擴(kuò)展安全服務(wù)二層安全融合性IP電話消息語音應(yīng)用移動設(shè)備間的融合融合固定和移動設(shè)備NETWORKSECURITYCONVERGED

NETWORKSSEAMLESSMOBILITY第二十三頁，共97頁。大廳自習(xí)室會議室辦公室/公位射頻管理在以往是一種藝術(shù)Aruba把這些工作都變成為事實：負(fù)載均衡抗干擾處理無線環(huán)境偵測自動調(diào)節(jié)持續(xù)網(wǎng)絡(luò)優(yōu)化有線/數(shù)據(jù)包攝取遠(yuǎn)程控制管理位置跟蹤服務(wù)自動化RF勘測現(xiàn)在已變?yōu)楹唵蔚娜粘９ぷ髦悄芑纳漕l管理功能第二十四頁，共97頁。自動恢復(fù)Wi-Fi(無線局域網(wǎng))WLAN交換機(jī)發(fā)現(xiàn)AP有故障x第二十五頁，共97頁。交換機(jī)自動調(diào)節(jié)

其它靠近的

AP，加強(qiáng)它們的功率來覆蓋發(fā)生故障AP的范圍當(dāng)新的APs連接到網(wǎng)上時，它的設(shè)置會從WLAN交換機(jī)

自動下載自動恢復(fù)Wi-Fi(無線局域網(wǎng))第二十六頁，共97頁。豐富的負(fù)載均衡特性231可根據(jù)用戶數(shù)量進(jìn)行負(fù)載均衡，提高帶寬利用率基于VLANPOOL的負(fù)載均衡，隔離廣播包第二十七頁，共97頁。VRRPandPAPIdetectactiverouterfailureVRRPstandbyrouterchangesroletoactiverouterAPrebuildsGREtonewactiverouterLocal:0/24VIP:2/24ActiveStandbyLocal:1/24VRRPkeepalivesPAPIkeepalivesXXActiveXGREPAPIkeepalives控制器冗余備份第二十八頁，共97頁。用“N:1”的比例去設(shè)計冗余MasterLocalLocalLocalGRETunnelBuilding1VRRPPrimaryBackupBuilding2VRRPBackupPrimaryAPLocation1.0.0LocalVRRPIPAPLocation2.0.0LocalVRRPIPX第二十九頁，共97頁。動態(tài)顯示把AP設(shè)置在圖紙上可實時查看無線電波狀態(tài)節(jié)省大量人力資源來量度和記錄無線電波實時查看射頻信噪比干擾情況鏈路傳輸覆蓋面多層無線電波覆蓋面物理顯示顯示樓層間無線電波泄漏出色的射頻規(guī)劃工具第三十頁，共97頁。登錄為

會員用戶名和密碼，認(rèn)證通過Radius服務(wù)器登錄網(wǎng)頁包括“vpndialer”Internet的連接不受限制未來視頻電話可用VPN認(rèn)證“Member”權(quán)限登錄為

客戶提供電子郵件連接到Internet只局限于HTTPandHTTPS“Guest”權(quán)限MAC+

WEP終端沒有瀏覽器(e.g.VoWLAN打印機(jī),電話,orPDA)接入局限于端口(e.g.SIP,lPR)“Device”權(quán)限Associate

withAP“Logon”權(quán)限有限制的接入(DNS,DHCP,ICMP,HTTPandHTTPS轉(zhuǎn)發(fā)到Aruba交換機(jī))通過DHCP來分配IP地址基于用戶身份的控制策略第三十一頁，共97頁。限制客戶的使用帶寬ICSA認(rèn)可的個人狀態(tài)防火墻策略

權(quán)限和帶寬控制第三十二頁，共97頁。設(shè)定的用戶策略，“用戶”服務(wù)只容許連接到外面的地址,防止蠕蟲,容許透過VPN連接到家和沒有優(yōu)先級…等個人防火墻策略第三十三頁，共97頁。單一物理網(wǎng)絡(luò)設(shè)施不同級別的接入控制區(qū)分用戶、終端、應(yīng)用網(wǎng)絡(luò)策略推動強(qiáng)制策略INTERNET接入服務(wù)訪客VOIP

服務(wù)語音學(xué)生學(xué)生子網(wǎng)教師教師子網(wǎng)領(lǐng)導(dǎo)領(lǐng)導(dǎo)

子網(wǎng)能區(qū)分用戶及應(yīng)用第三十四頁，共97頁。核心交換部署ArubaWIP無線入侵檢測系統(tǒng)附近的無線熱點停車場合法AP干擾AP非法AP移動控制器業(yè)界最強(qiáng)大的無線入侵檢測系統(tǒng)第三十五頁，共97頁。入侵檢測，放入黑名單第三十六頁，共97頁。透過RFLocate實現(xiàn)位置追蹤透過短波信號來尋找用戶不管任何的Wi-Fi設(shè)備

實時顯示能同時看到多個無線局域網(wǎng)終端第三十七頁，共97頁。三角定位第三十八頁，共97頁。尋找終端的位置RSSI=XRSSI=YRSSI=Z

監(jiān)聽RSSI根據(jù)與AP的距離來計算交叉點

終端被定位第三十九頁，共97頁。尋找終端的位置第四十頁，共97頁。遠(yuǎn)程監(jiān)察和網(wǎng)絡(luò)故障偵測WAN用戶投訴無線網(wǎng)不能連接,管理人員

開始攝取數(shù)據(jù)包作分析第四十一頁，共97頁。

BranchOfficeControllerCentralizedManagementINTERNETMobilitycontrollerprovideswiredswitching,wirelessLAN,NAT,VPN,firewallSite-to-SiteVPNconnectionbetweenArubacontrollersWiredDevicesCorporateHQWirelessBranchOffice第四十二頁，共97頁。ExternalSecurityServicesSECURITYCorporateNetworkMobilityControllerClusterExternalSecurityServicesDataCenter沒有病毒第四十三頁，共97頁。

跨子網(wǎng)不間斷漫游保證語音質(zhì)量子網(wǎng)1(10.1.1.xx)子網(wǎng)2(50.5.5.xx)DHCP根據(jù)VLAN的連接用戶從DHCP服務(wù)器接收到一個IP地址122. 當(dāng)用戶轉(zhuǎn)移到新的IP子網(wǎng)時會發(fā)出另一DHCP請求5. 當(dāng)用戶漫游跨越Aruba交換機(jī)時線路連接不會中斷33. 透過proxyDHCP,Aruba’s

交換機(jī)更改請求使終端維持原來的IPaddress44. 在新的IP子網(wǎng)內(nèi)，用戶接收到原有的IP地址IP-IPTunnelArubaAP第四十四頁，共97頁。識別語音應(yīng)用，預(yù)定義支持幾種主要的語音協(xié)議，包括：SpectraLinkSVPVoceraCiscoSCCPSessionInitiationProtocol其它：帶寬管理和優(yōu)先級隊列，DiffServ（802.1p/IPToS）Voice-awareRFscanningDATAVOICE其它優(yōu)化語音應(yīng)用的特性第四十五頁，共97頁。VoIP第三方評測的結(jié)果Thebreakdown

ArubaColubrisChantryQoSenforcementforVoIPtraffic25%

5555QoSenforcementforVoIPanddatatraffic25%4.51.511Roaming20%4421Features20%54.532Price10%4253TOTALSCORE4.583.533.02.4ConsistentgoodvoicequalityConsistentlowroamingtimesConsistentlowdelayandjitter第四十六頁，共97頁。在最近NetworkWorld的VoWLAN測試結(jié)果，Aruba被評為最佳產(chǎn)品最高語音容量（每個無線交換機(jī)）支持大于5000在線用戶語音呼叫支持跨子網(wǎng)無逢切換支持SVP等質(zhì)量服務(wù)協(xié)議，保證語音包優(yōu)先傳送低時延APlatency=2msAP-AP切換<10ms交換機(jī)-和-交換機(jī)

切換<20ms業(yè)界領(lǐng)先的VoWLAN技術(shù)第四十七頁，共97頁。產(chǎn)品介紹第四十八頁，共97頁。EmbeddingMobilityintotheNetwork

Disparate,DisjointedandExpensiveHeadquartersHomeOfficeMobileOfficeLAN/WAN/INTERNETDataCenterBranchOffice第四十九頁，共97頁。DeliveringMobilitywithanOverlay

Integrated,Non-disruptive,Cost-effectiveBranchOfficeHeadquartersHomeOfficeMobileOfficeLAN/WAN/INTERNETDataCenterNOUPGRADES第五十頁，共97頁。具有最完整的移動邊緣解決方案路由/QoS設(shè)備VPN網(wǎng)關(guān)局域網(wǎng)防火墻CaptivePortalWiFi環(huán)境WiFi入侵偵測系統(tǒng)WiFi接入控管網(wǎng)絡(luò)訪問控制多功能服務(wù)開展局域網(wǎng)結(jié)合現(xiàn)場考察POE交換機(jī)無線局域網(wǎng)偵測數(shù)據(jù)包抓取無線電波監(jiān)控AP接入點無線交換機(jī)/模塊多層管理系統(tǒng)網(wǎng)管第五十一頁，共97頁。ARUBA產(chǎn)品概況硬件設(shè)備AP無線接收器

室內(nèi)覆蓋：AP41/AP60/AP61/AP65/AP70

室外覆蓋/橋接：AP80M/AP80MB/AP80SB移動控制器

A200：6個AP/100用戶

A800：16個AP/250用戶

A2400：48個AP/700用戶

A6000：512個AP/8000用戶合適的POE交換機(jī)/天線/饋線/接地/網(wǎng)線軟件配置用戶狀態(tài)防火墻PEF/QoS控制入侵檢測WIP/安全VPN/接入有線網(wǎng)絡(luò)兼容高級AAA/ADVAAA：認(rèn)證/授權(quán)/計費外接安全服務(wù)接口/ESI：病毒掃描/漏洞檢查/負(fù)載均衡維修和服務(wù)ArubaCare：全球統(tǒng)一技術(shù)支援第五十二頁，共97頁。移動控制器第五十三頁，共97頁。ArubaMobilityControllerFamily

SameValuePropositionAcrossAllPlatformsPerformance&Capacity(800MB–8GBfullfeature)60002400800200ScalableandFlexible:-200:6APs-800:4and16APOptions-2400:Supportfor48APs-6000:Scalesfrom48to512APsFullRedundancyOptionsSingleMobilityNetwork-Upto32,000AccessPoints第五十四頁，共97頁。Size 3U 1U 1U 1UAccessPoints 256/512 48 4or16 6Users 4096/8192 768 256 100Cleartext 8Gbps 2Gbps 1Gbps 1GbpsEncrypted(3DES) 7.8Gbps 760Mbps 380Mbps 200MbpsScalabilityandPerformanceAruba5000/6000Aruba2400Aruba800Deployment:CampusBuilding BranchAruba200第五十五頁，共97頁。Capacity6AccessPoints100UsersPerformance1GbpsClear/200MbpsCryptoInterfaces1xWAN10/100Ethernet(RJ-45)Auto-SensingMDI/MDX1xLAN10/100/1000Ethernet(RJ-45)Auto-SensingMDI/MDX1xRJ-45SerialConsolePortProgrammableArchitectureControl&DataPlanesNetworkProcessorCoreHardware-AcceleratedEngineAruba200MobilityControllerSub19”DesktopFormFactorStatusLEDs1x10/100/1000RJ-45EthernetWANPortSerialConsolePortDedicatedHardware-AcceleratedCryptoFPGADedicatedNetworkProcessorDedicatedControlProcessor1x10/100RJ-45EthernetLANPortSmallOffice–BranchOffice–Retail第五十六頁，共97頁。InternetTheAruba200MobilityController

ExtendingtheMobileEdgeThroughFormandFeaturesSmallFormFactorBenefitsIntegratedsystemforthinbranchofficesConsistentcontrollerarchitectureCompleteenterprisefeaturesetPlug&playsimplicityforsmallersitesValuepricingforthousandsofsitesKeyMobilityFeaturesSinglemobilitysystemacross

campus,branchandhomeofficeWiredandwirelessguestaccessLocationandassettrackingKeySecurityFeaturesIdentity-basedsecurityforwired/wirelessSite-to-siteVPN&StatefulFirewallWLANIntrusionPreventionEAPOffloadKeyConvergenceFeaturesIndustry-leadingvoiceprioritization

attheedgeforwired/wirelessVoIPSecureWiredAccessSecureWirelessAccessHQorDatacenterBranchOfficeAruba200

MobilityControllerGenericLANSwitchEmployeesPartnersContractorsGuestsPCsLaptopsPDAsVoIPScannersRFID第五十七頁，共97頁。Capacity4or16AccessPoints128UsersPerformance800MbpsClear/200MbpsCryptoInterfaces8x10/100Ethernet(RJ-45)Auto-SensingMDI/MDX802.3afPoESupport1xGigabitEthernet(TXorSXoptions)1xRJ-45SerialConsolePortProgrammableArchitectureControl&DataPlanesNetworkProcessorCoreHardware-AcceleratedEngine1RU19”Enclosure8x10/100RJ-45EthernetPortsPortStatusLEDs1xGigEEthernetPort(TXorSX)OptionsSerialConsolePortDedicatedHardware-AcceleratedCryptoFPGA802.3afPoEDedicatedNetworkProcessorDedicatedControlProcessorAruba800SeriesMobilityControllerBranchOffice–Small/MediumEnterprise第五十八頁，共97頁。Capacity48AccessPoints512UsersPerformance2GbpsClear/400MbpsCryptoInterfaces24x10/100Ethernet(RJ-45)Auto-SensingMDI/MDX802.3afPoESupport2xGigabitEthernet(GBIC)1xRJ-45SerialConsolePortProgrammableArchitectureControl&DataPlanesNetworkProcessorCoreHardware-AcceleratedEngine1RU19”Enclosure24x10/100RJ-45EthernetPortsPortStatusLEDs2xGigE(GBIC)PortsSerialConsolePortDedicatedHardware-AcceleratedCryptoFPGA802.3afPoEDedicatedNetworkProcessorDedicatedControlProcessorAruba2400MobilityControllerCampus–RegionalOffice–Medium/LargeEnterprise第五十九頁，共97頁。CapacityUpto512AccessPoints/4,096UsersSupervisorCardI–48APsor128APsSupervisorCardII–256APsPerformance8GbpsClear/7GbpsCryptoModularSupervisorCardsSupervisorCardI–4Gbps/2Gbps3DESSupervisorCardII–4Gbps/3.5Gbps3DES1xRJ-45SerialConsolePortModularLineCards24x10/100Ethernet(RJ-45)LineCard24x10/100Ethernet(RJ-45)LineCardwith

802.3afPoESupport2xGigE(GBIC)LineCardProgrammableArchitectureControlandDataPlanesNetworkProcessorCoreHardware-AcceleratedEngineAllComponentsModularandHot-SFanTraySupervisorCardsIorIISingleorDualSupportedDedicatedControlProcessorsDedicatedNetworkProcessorsHardwareAcceleratedCryptoFPGAsRedundantPSUs4RU19”EnclosureLineCardsSingleorDualSupported24FE/2GE24FE/2GESPOE(802.3afPoE)2GE(GBIC)Aruba6000ModularMobilityControllerLargeCampus–HQ–LargeEnterprise第六十頁，共97頁。AccessPoints第六十一頁，共97頁。AP41AP65AP80MAP60/61AP70SingleBand(802.11aorb/g)Dual-Band(802.11a/b/g)Auto-Discovery(Plug’n’Play)Multi-Service-Multi-BandWirelessAP-RemoteAP-BranchOfficeAP-AirMonitorCentrallyManaged-RFParameters-SecurityParameters-ServiceDefinition-VersionManagement-RegulatoryDomainLowEnd/LowCostHighEnd/HighFeatureIntegral/DetachableAntennaVersionsWirelessAccessPointFamily

SameValuePropositionAcrossAllApplicationsAP65AP61第六十二頁，共97頁。ArubaAccessPointFamilySingleRadioDualRadioOutdoorAPsSoftwareConfigurable802.11aorb/gAP/AirMonitor/RemoteAPIdealforDenseOffice,HomeOfficeand/orAirMonitorDeploymentsInternalorExternalAntennaOptionsLowCostDual-Radio802.11a/b/gIdealforCampus/Remote/BranchOfficeAPHighAvailabilityFeatures(AP70)WiredandWirelessSecurity(AP70)ExtensibleUSBInterfacePort(AP70)Dual-Radio802.11a/b/gAPorWDSBridge(Point-Point&Multi-Point)FullyEnvironmentally-HardenedDesign:Desert,Snow,Rain,HarshEnvironment第六十三頁，共97頁。Aruba41

SingleRadio,Multi-BandWirelessAPIntegralAdjustableTri-bandAntenna10/100RJ-45EthernetPortSingle,Multi-mode802.11aorb/gradio802.3afPoE(NOserialsupport)ResetButton(DeleteAPConfig)SupportedApplications802.11aorb/gAccessPoint802.11a/b/gAirMonitorDenseAPDeploymentsRemote/HomeOfficeDeploymentAnyCostSensitive,High-DensityApplicationFeaturesSoftwareConfigurableRadioMulti-band802.11aorb/gOperation10/100Base-TRJ-45Interface802.3afPoEPowerSourcingIntegratedMid-Gain,Tri-BandOmni-directionalAntennaEN60601MedicalDirectiveCertifiedNoFrillsFormFactor(Wall,UnderDeskDeployable)LowCost第六十四頁，共97頁。Aruba61Aruba60AC

PowerIntegralHigh-Gain,Omni-DirectionalAntennaDetachableAntennaInterfaces10/100

EthernetPortwith802.3afPoESingle,Multi-Mode802.11aorb/gRadioAC

PowerAruba60&61

SingleRadio,Multi-BandWirelessAPSupportedApplications802.11aorb/gAccessPoint802.11a/b/gAirMonitorDenseAPDeploymentsRemote/HomeOffice,AirMonitoringFeaturesSoftwareConfigurableRadioMulti-band802.11aorb/gOperationSupportsRadioSignalDiversity10/100Base-TRJ-45Interface802.3afPoEPowerSourcingSerialConsoleoverEthernet5VDCPowerInput(multi-regionACkits)DetachableAntennaInterfaces(AP-60)IntegratedOmni-directionalAntenna(AP-61)UL2043Plenum&EN60601MedicalCert.SmallFormFactor(Wall,UnderDesk,Pole,PlenumDeployable)第六十五頁，共97頁。SupportedApplications802.11a/b/gAccessPoint802.11a/b/gAirMonitorRemote/BranchOfficeDeploymentHighDensity,TypicalEnterpriseHigh-PerformanceDeploymentsFeaturesSoftwareConfigurableRadioMulti-band802.11a/b/gOperationSupportsRadioSignalDiversity10/100Base-TRJ-45Interface802.3afPoEPowerSourcing5VDCPowerInput(multi-regionACkits)IntegratedDual,High-Gain,Tri-BandOmni-directionalAntennaUL2043Plenum&EN60601MedicalCert.UltraCompactFormFactor(Wall,CeilingTileRail,Cube,PlenumDeployable)IntegralAdjustable,DualTri-bandAntenna10/100RJ-45EthernetPortSupports802.3afPoE&SoE(Rear)DualRadio,Simultaneous802.11a/b/g5VDCPowerInputIntegrated15/16”CeilingTileRailClips(Rear)Aruba65

DualRadio,Multi-BandWirelessAP第六十六頁，共97頁。AC

PowerIntegralOmni-DirectionalAntennaUSBPortDetachableAntennas

(2sets)Dual

EthernetPortsTwo

Dual-Mode802.11a/b/gRadiosSupportedApplications802.11a/b/gAccessPoint802.11a/b/gAirMonitorRemote/BranchOfficeDeploymentHighDensity,AdvancedEnterpriseHigh-PerformanceDeploymentsFeaturesSoftwareConfigurableRadioMulti-band802.11a/b/gOperationSupportsRadioSignalDiversityDual(2x)10/100Base-TRJ-45InterfaceUSB2.0Interface802.3afPoEPowerSourcingRedundantEthernet&PoEInterface5VDCPowerInput(multi-regionACkits)IntegratedHigh-GainAntennaDetachableAntennaInterfaces(2.4/5GHz)UL2043Plenum&EN60601MedicalCert.SmallFormFactor(Wall,UnderDesk,Pole,PlenumDeployable)Aruba70

DualRadio,Multi-Band,AdvancedFeaturedWirelessAP第六十七頁，共97頁。SupportedApplications802.11a/b/gAccessPoint802.11a/b/gAirMonitorHarshEnvironmentOutdoorDeploymentsFeaturesSoftwareConfigurableRadioMulti-band802.11a/b/gOperationPPPoEClient(withADPFall-back)10/100Base-T(8pin-DintoRJ-45Interface)Non-802.3afHighPower(30W)PoE1x2.4GHzN-typeAntennaI/F1x5GHzN-typeAntennaI/FIntegralLighteningArrester(Ethernet)ElectricalGroundPointIP68RatedDesign,CastAlloy,WeatherHardenedDesign-22°Fto131°F(-30°Cto55°C)Pole/MastMountHardwareIncluded2.4GHzDetachableN-typeFemaleAntennaInterfaceAruba80M5GHzDetachableN-typeFemaleAntennaInterface10/100(8Pin-Din)EthernetPort(non-standard802.3af)DualRadio,Simultaneous802.11a/b/gRSSILevelDCOutput(Notused)ElectricalGroundAruba80M

DualRadio,Multi-BandOutdoorRatedWirelessAP第六十八頁，共97頁。AP-80SBOutdoorFatAP/BridgeDualRadio802.11b/gFatAP+802.11aWirelessBackhaulPoint-PointSuitableforOutdoorDeploymentsPPPoEClientTurboModeforWDSAESEncryptionwithPSKSTP&802.1qtaggingAP-80MBOutdoorFatAP/BridgeDualRadio802.11a/b/gFatAP802.11a/b/gPoint-Point/Point-MultiPointBridge(Aggregatesupto16remotelinks)SuitableforOutdoorDeploymentsPPPoEClientTurboModeforWDSAESEncryptionwithPSKSTP&802.1qtaggingAruba80MB

Outdoora/b/gAccessPointorWDSBridgeAruba80SB

Outdoorb/gAccessPointorWDSBridgeAruba80MBand80SB

DualRadio,Multi-BandOutdoorRatedWirelessWDSBridges第六十九頁，共97頁。MobilityManagementSystemElementManagementSoftware第七十頁，共97頁。MobilityManagementSystemSoftwareDashboardviewofentirenetworkMonitoringwith“draganddrop”FlexiblereportingRFplanningandvisualizationLocationtrackingSupportedonIntelserverrunningRedHatLinuxMobilityManagementSystemApplianceMM-100HighPerformanceDualIntelXeonProcessorsDualnetworkinterfacesHigh-availabilityRAIDstorageMobilityManagementsystemSoftwarepre-installedArubaMobilityManagementSystem

SoftwareDistributedorEmbeddedonMMSApplianceMM-100ApplianceMMSSoftwarecentralized,scalablemonitoring,datacollectionandreporting

第七十一頁，共97頁。ArubaMobilityManagementSystem

CentralizedVisibilityoftheMobileEdgeDataCenterRegionalOfficeHeadquartersBranchOfficeHomeOfficeLAN/WANINTERNETKeyBenefitsCentralized,real-timeviewofmobileedgenetworksTroubleshootingfromanetworkoperationscenterStoreshistoricaldataforcustomreportingFacilitatesnetworkplanningProvidesbest-of-breedintegrationwithAPILocatesanyWi-Fidevice,anywhereonthemobileedge第七十二頁，共97頁。成功案例第七十三頁，共97頁。根據(jù)CNGI特性實施校園無線網(wǎng)絡(luò)更大：支持IPv6協(xié)議，支持多種移動終端和應(yīng)用更快：高速寬帶的接入能力更安全可信：無線認(rèn)證授權(quán)機(jī)制、加密機(jī)制更及時：具有QoS機(jī)制，支持各種多媒體應(yīng)用更方便：支持無線漫游，簡便的使用方式更可管理：統(tǒng)一的無線網(wǎng)絡(luò)管理和監(jiān)控更有效：計費機(jī)制，支持多種增值業(yè)務(wù)第七十四頁，共97頁。校園部署移動邊緣的典型設(shè)計VPN校園認(rèn)證服務(wù)器學(xué)生認(rèn)證數(shù)據(jù)庫訪客帳號服務(wù)器802.1xCaptivePortal教職員工學(xué)生交流人員有線或無線的二層/三層網(wǎng)絡(luò)安全檢查服務(wù)器IntranetInternet802.1xCaptivePortal教職員工學(xué)生有線或無線的二層/三層網(wǎng)絡(luò)教職員工語音網(wǎng)關(guān)MAC/OUIVoWLANVoWLANMAC/OUIVoWLAN第七十五頁，共97頁。ARUBA方案特點集中化的網(wǎng)絡(luò)管理方式網(wǎng)絡(luò)部署無需改變校園網(wǎng)絡(luò)復(fù)雜的現(xiàn)有底層網(wǎng)絡(luò)結(jié)構(gòu)，真正做到即插即用；無線頻譜規(guī)劃工程可以線下進(jìn)行，無需人工干預(yù)，自動配置完成專用硬件架構(gòu)的交換機(jī)設(shè)計，能夠在高強(qiáng)度的使用環(huán)境中保持高性能；模塊化的軟件體系架構(gòu)，在節(jié)省投資的同時給網(wǎng)絡(luò)升級帶來了很大方便多樣化的用戶認(rèn)證方式，支持校園用戶、外來訪客、移動終端設(shè)備統(tǒng)一進(jìn)行認(rèn)證，能夠和多種校園AAA服務(wù)進(jìn)行無縫對接基于時間、地點、用戶的網(wǎng)絡(luò)設(shè)置，可以靈活的設(shè)計和改變無線網(wǎng)絡(luò)設(shè)計規(guī)劃從物理層到應(yīng)用層的多種加密和入侵防護(hù)手段保障了用戶和無線網(wǎng)絡(luò)的安全第七十六頁，共97頁。校園內(nèi)可以無縫漫游以及QoS策略使得網(wǎng)絡(luò)可以同時承載語音/視頻等各種新興的多媒體應(yīng)用，適合高校作為新事物檢驗平臺的切實場景客戶端安全策略檢查和防病毒檢測功能強(qiáng)有力的保護(hù)了網(wǎng)絡(luò)基礎(chǔ)設(shè)施的安全，同時減輕了現(xiàn)有網(wǎng)絡(luò)的負(fù)擔(dān)內(nèi)置的站點到站點的VPN服務(wù)使得跨校區(qū)的無線網(wǎng)絡(luò)部署可以很好的融合在一起，并且網(wǎng)絡(luò)可以統(tǒng)一的進(jìn)行配置與管理室內(nèi)和室外整體解決方案免除了不同方案之間兼容性/互通性的問題IPv6的支持性：可以通過隧道方式接入IPv4/6雙模終端，也可以通過二層方式支持IPv6終端的接入ARUBA方案特點第七十七頁，共97頁。ARUBA在中國高校的成功案例清華大學(xué)FIT大樓樓外覆蓋WiFi語音（SIP手機(jī)）北京大學(xué)一期110個AP，Aruba5000WiFi語音（UTStarcomSIP手機(jī)）為主要應(yīng)用北京首都師范大學(xué)(2xA2400,83個APs)第七十八頁，共97頁。ARUBA在中國高校的成功案例華中理工大學(xué)（全國重點大學(xué)，211工程）第一期無線項目，1xA6000(299個AP61＋20個AP80M)覆蓋校園內(nèi)主要的20幢辦公大樓，采用StaticWEP和Portal的認(rèn)證方式要求支持IPv6浙江大學(xué)（全國重點大學(xué)，211工程）1xA6000(300多個AP61＋20多個AP80M)第一期無線項目首先覆蓋主要的辦公大樓要求支持IPv6成都電子科技大學(xué)（全國重點大學(xué)，211工程）1xA6000(第一期400個APs)第七十九頁，共97頁。香港高校成功案例香港城市大學(xué)（把舊有的Orinoco全更換）一期，2xA6000(400個AP70)二期，1xA6000(300個AP70)全校園覆蓋，包括學(xué)生宿舍采用StaticWEP和Portal的認(rèn)證方式未來會增加SSID及用PEAP(動態(tài)802.1x方式接入香港中文大學(xué)建筑設(shè)計學(xué)院(A2400+40xAP61/60)工程學(xué)院(A2400+CiscoAironetAP)醫(yī)學(xué)院(A800+10xAP61)第八十頁，共97頁。香港理工大學(xué)一期，2xA6000＋300個AP70二期，1xA6000＋380個APs三期，200個APs全校園覆蓋在教室提供無線接入(WPA/WPA2or802.11i)為加強(qiáng)網(wǎng)絡(luò)安全把原有教室的有線的接入也改成通過AP70的另一以太網(wǎng)口接入，老師和學(xué)生都必須透過用戶認(rèn)證(802.1x)才可聯(lián)網(wǎng)香港高校成功案例第八十一頁，共97頁。美國高校成功案例OhioStatUniversity學(xué)校概況：共有57748學(xué)生，461幢建筑物，有4個分校區(qū)，是全美最大的大學(xué)之一。網(wǎng)絡(luò)規(guī)模：1個月內(nèi)部署超過2500個ARUBAAPs，最終逐步達(dá)到10000個AP的設(shè)計規(guī)模。無線應(yīng)用：語音通訊，視頻監(jiān)控，數(shù)據(jù)傳輸，定位管理等第八十二頁，共97頁。全球第一的電信運營商N(yùn)TT采用ARUBA無線產(chǎn)品

25臺交換機(jī),500APsAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPAPLab-LANBackboneEPSW702EPSE7026FWESTLANRoom6FEASTLANRoom5FWESTLANRoom5FEASTLANRoom4FWESTLANRoom4FEASTLANRoom3FWESTLANRoom3FEASTLANRoom2FWESTLANRoom2FEASTLANRoom1FWESTLANRoomInformationNetworkSystemRoom６FLANRoom5FLANRoom4FLANRoom3FLANRoom2FLANRoom1FLANRoomEPS109Bldg#2Bldg.#1DHCPServerHigh-AvailabilityInfobloxDNSOneAPAPAPDev.NetworkDev.NetworkDev.NetworkDBofRadius(existing)MgmtNetworkHARadiusServers(802.1x)(addition)MasterAruba5000101010101010101010101010101015151515151515EachfloorusesdifferentVLAN.Use802.1xauthenticationUserolebasedVLANUseMobilityLocalAruba5000s主要應(yīng)用是：語音通訊、數(shù)據(jù)傳輸、安全權(quán)限控制NTTデータ，IP電話1萬5000臺の內(nèi)線システムを構(gòu)築，，無線IP電話1500臺，ソフトフォン7000臺，固定IP電話6500臺第八十三頁，共97頁。微軟選用Aruba建設(shè)

世界最大WLAN網(wǎng)絡(luò)Problem:MassiveCisconetworklacksRFsecurityOver4500Cisco350APsprovidenorogueAPprotectionCiscoAPsdifficulttomanage,upgrade,secureDistributedenvironmenthugelyOPEXintensiveEmployeesmisconfiguringWi-FiNICsinadhocmodeadvertisingthemselvesasvalidMSFTAPsRequirements:ImplementwirelessIDSoverlaytosecureCisconetworkAddvaluetoexistingCisconetworkwithreportingRemotepacketcaptureandcentralizedRFmanagementWorldwidedeploymentinover90countriesLeverageMSFTSQLMACdatabaseforrog