AEROHIVE OVERVIEW INTL Enterprise Sales Mar 2013 © 2012 Aerohive Networks CONFIDENTIAL.
Download ReportTranscript AEROHIVE OVERVIEW INTL Enterprise Sales Mar 2013 © 2012 Aerohive Networks CONFIDENTIAL.
AEROHIVE OVERVIEW INTL Enterprise Sales Mar 2013 © 2012 Aerohive Networks CONFIDENTIAL Introduction to Aerohive: • Cloud-managed Mobile Networking Company › Cloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching › ~$100M annualized run rate › 5th fastest growing tech company 07-11 Cloud Services Platform Public Partner Private (on-premise) » (Deloitte Fast 500 – 44,569% growth) › › › › 135% YoY growth (2011-2012) ~8000 Customers ~450 Employees Most Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2012 Healthcare © 2012 Aerohive Networks CONFIDENTIAL Enterprise Education Enterprise Wi-Fi Retail Branch & Teleworker Routers Access Switches Logistics 2 New Requirements of the Network Edge Users want to work anywhere, on any device You need to enable them, without drowning in complexity $ X Yesterday Today • Corp deployed enterprise devices • Corp / BYOD enterprise / consumer devices • WLAN overlay • Ubiquitous Wi-Fi Access • Network centric • User Centric • Monolithic • Elastic Aerohive Networks - Simpli-fi Enterprise Networking Cloud-enabled, self organizing, application aware, identity-based infrastructure © 2012 Aerohive Networks CONFIDENTIAL 3 Education Focus – Customer Sample K-12 Primary © 2012 Aerohive Networks CONFIDENTIAL Secondary College / University Customer Focus - Education Capacity Security Reliability Management Scalability Key Considerations Aerohive Advantage 1:1 Programs No data bottlenecks Mixture of device types SLA and Dynamic Airtime Scheduling Restrict network access Integrated RADIUS, Firewall, WIPS Secure guest access Captive web portal with PPSK Downtime costs learning No single point of failure Mesh support Simple to use Simple GUI based management Visibility of clients Client health score and TeacherView Cost effective solution No feature licensing Ability to scale Linear scalability – start small and grow © 2012 Aerohive Networks CONFIDENTIAL 5 Education Deployments CAMPUS Virtualized Mgmt & VPN Termination Primary Guest, Student, Faculty School deployed / BYOD Middle School Data Center Guest, Student, Faculty + Carts Guest, Student, Faculty + Library High School Performance, Unified Access Layer, MDM enrollment Class Room Cloud-enabled Apple TVs Guest, Student, Faculty + Field House iPad1:1 Faculty, Guests High Density, AD integration, Bonjour, TeacherView © 2012 Aerohive Networks CONFIDENTIAL Teleworker/ Ext. Absence Work, Home, 4G, Cloud Security High School Guest, Student, Faculty + Portable 6 Distributed (Controller-less) Wi-Fi Architecture Delivering simplicity, reliability and affordability Management Management within the network only Centralized cloud-based or Local management Redundancy Requires multiple controllers No single point of failure Local data forwarding..what do you lose? Self healing mesh architecture No controller tax Scalability and future proofing No feature licensing Start small and grow Distributed intelligence Controller capacity? Feature licenses? (FW, RADIUS, CWP, BYOD, Bonjour GW) Performance Data bottlenecks No data bottlenecks QoS, Spectrum analysis..$$$ Service Level Agreements QoS & Spectrum analysis included © 2012 Aerohive Networks CONFIDENTIAL How does it work? Architectural Alternatives Central Vs. Distrib. Control 7 Enterprise Wi-Fi Features Optimization Mobility SLA, QoS & Dynamic Airtime Scheduling Layer 3 Roaming Distribution Band Steering Load Balancing 450Mbps 54Mbps 11Mbps 2.4 GHz 5 GHz High Powered Radios, Receive Sensitivity & RRM © 2012 Aerohive Networks CONFIDENTIAL Layer 2 Roaming Layer 2/3 Roaming Resilient Mesh 8 Receive Sensitivity BYO and Corp Deployed Devices Access defined by ID & Device MDM Enrollment User Profiles Corp GUEST Policy BYOD Policy CORP Policy DMZ Restricted VLAN Corp VLAN FW = Web Only, Limited Apps FW = Email & Web, Permitted Apps FW = LAN & Web Approved Apps 1Mbps per user 5Mbps per user M-F 9am-5pm 10Mbps per user Approved Apps get priority www MDM Quarantine Enroll M-F 8am-9pm 24HR Access L2-7 Firewall OS Detection Bonjour Gateway www CWP PPSK Corp RADIUS Guest, BYOD AppleTV (AirPlay) Bonjour Guest user Corp user - BYOD © 2012 Aerohive Networks CONFIDENTIAL Printer (AirPrint) Corp user L7 BYOD & MDM Bonjour GW 9 Security and Authentication Features Captive Web Portal Multiple CWPs able to serve scalably from every AP Private PSK Multiple users, same SSID - easy but unique revocable keys Wireless Intrusion Prevention WIPS Stateful L2-L7 Firewall • MAC (L2) based firewall • Stateful TCP/IP firewall (L3/L4) • L7 App Visibility & Enforcement • ALGs for DNS/FTP/SIP • Policy Based Client Isolation Directory Integration Remote Site Content Security • Authentication support for common directory servers • Eliminates standalone RADIUS server • Credential caching for remote/branch survivability © 2012 Aerohive Networks CONFIDENTIAL 10 Routing, VPN and Switching features Cloud-enabled Networking Unified Wired & Wireless Mgmt Wi-Fi Same Policy and Network Wired Routing / FW VPN Address/L3 Service PoE-PSE, 3G/4G USB PoE L2 & L3 IPSec VPN Robust Voice Support • SIP/SCCP/Spectralink support • Voice Enterprise (Q1) • Detection of IP phone OS • 802.1X/Access control © 2012 Aerohive Networks CONFIDENTIAL • Dynamic QoS for voice traffic 11 Branch on Demand Monitoring and Reporting Features Manage Simple GUI Cloud Management Monitor Topology & Location Tracking PCI Compliance Support Client Monitor & Packet Capture © 2012 Aerohive Networks CONFIDENTIAL Spectrum Analysis Management Views 12 Reduced Capex and Opex Less Infrastructure Costs Cloud Management Less Operational Costs Good connection High data rates & high successful transmission rates Marginal connection Lower data rates / lower successful transmission rates Poor connection Low data rates / low successful transmission rates Zero Touch Provisioning © 2012 Aerohive Networks CONFIDENTIAL Client Health Score Self Healing 13 Client Health Score Aerohive Platforms * BR100 AP110 AP141 AP121 Indoor 1-Radio 802.11b/g/n 1-Radio 802.11n 1x1:1 65 Mbps Radio 2x2:2 300 Mbps Radio AP170 Indoor Industrial Outdoor Dual Radio 802.11n 2x2:2 300 Mbps High Power Radios 3x3:3 450 Mbps High Power Radios 2x2:2 300 Mbps 11n High Power Radios TPM Security Chip N/A 5X Fast.E 1X Gig.E N/A 2X Gig.E PoE (802.3af + 802.3at) and AC Power Plenum Rated N/A 0 to 40°C N/A $99 AP350 AP330 $449 1X Gig.E PoE (802.3at) Plenum & Dust Proof Water Proof (IP 68) -20 to 55°C -40 to 55°C USB for future use USB for 3G Modem N/A $649 $999 $1499 *BR acting as AP does not support WIPS, DFS (no 5Ghz radio), RADIUS proxy or server, SNMP, locationing or TeacherView © 2012 Aerohive Networks CONFIDENTIAL Aerohive Routing Platforms * BR100 BR200 WP Single Radio AP330 AP350 Dual Radio 1x1 11bgn 3x3:3 450 Mbps 11abgn 5-10 Mbps FW/VPN 30-50Mbps FW/VPN Cloud VPN Gateway L2 & L3 IPSec VPN Gateway (VMware) ~500 Mbps VPN 5X 10/100 5X 10/100/1000 2X 10/100/1000 Ethernet 1000 Tunnels 0 PoE PSE 2X PoE PSE 0 PoE PSE 2 Virtual Interfaces ~1 - 10 Users ~1 - 50 Users ~1 - 50 Users (as a router) $99 $699* © 2012 Aerohive Networks CONFIDENTIAL $999 * Also available as a non-Wi-Fi, non PoE device - $499 (BR200) 15 Aerohive Switching Platforms SR2024 SR2124P 24 Gigabit Ethernet 8 Ports PoE+ (195 W) 4 Ports 1G SFP Uplink SR2148P 48 Gigabit Ethernet 24 Ports PoE+ (408 W) 48 Ports PoE+ (779 W) 4 Ports 10 Gigabit SFP/SFP+ Uplink Routing with 3G/4G USB support and Line rate switching 56Gbps switching Single Power Supply $1799 128Gbps switching 176Gbps switching Redundant Power Supply Capable $2599 $3999 Available Mid 2013 © 2012 Aerohive Networks CONFIDENTIAL 16 Aerohive software platforms SW Config, & Policy, RF Planning, Reporting, SLA Compliance, Guest Management, Trouble Shooting, Spectrum Analysis HiveManager Online HiveManager Virtual Appliance Scalable multi-tenant platform, Redundant data centers with diversity, Backup & Recovery, Zero touch device provisioning, Flexible expansion, On demand upgrades, Pay as you grow VMware ESXi, HA redundancy 15,000s APs with specified configuration HiveManager Appliance – 2U Redundant power & fans, HA redundancy, 5000 APs HiveManager Appliance – 1U HA redundancy, 500 APs StudentManager © 2012 Aerohive Networks CONFIDENTIAL VMware ESXi Up to 50,000 students 17 Aerohive Networks A single architecture for the network edge Aerohive Networks - Simpli-Fi Enterprise Networking Cloud-enabled, self organizing, service aware, identity-based infrastructure Unified policy and security mgmt, from the cloud Wi-Fi Identity & Context Aware e.g. Network firewall on the router knows identity & role of the clients on APs Same Policy and Network Wired Routing / FW VP N Service Aware e.g. AP know the Bonjour services to advertise across the L3 enterprise boundaries www Corp Guest, BYOD Aerohive Networks where increased performance and capacity does not mean increased complexity! AppleTV (AirPlay) Bonjour © 2012 Aerohive Networks CONFIDENTIAL Printer (AirPrint) 18 THANK YOU! © 2012 Aerohive Networks CONFIDENTIAL 19 Wired and wireless Infrastructure 2012 MQ Aerohive is a Visionary! A Magic Quadrant Visionary for wired and wireless Infrastructure The strongest “completeness of vision” in the quadrant (the farthest to the right) • An innovation leader with products such as its Bonjour Gateway and its cooperative control architecture, which eliminates the need for a dedicated controller and provides a cost competitive solution without sacrificing functionality. • Aerohive should be considered for any overlay WLAN enterprise opportunities in North America, Western Europe or Australia/New Zealand, especially in the education, healthcare and retail markets. • Its controller-less, mesh-based architecture provides an easy-to-use and robust solution with lower operational costs, which makes it a standard bearer for market pricing of equivalent functionality. © 2012 Aerohive Networks CONFIDENTIAL 20 How does it work? Wireless Network Wired Network Reporting Policy Configuration Heat Maps SLA Compliance HiveManager NMS With anetworking second fast Mesh and best AHiveAPs single HiveAP byHiveAP, itself acts as are best discovered, Dynamic path Cooperative Control, With roaming, Asstateful more HiveAPs are apolicy full-featured enterprise class path forwarding can be is pushed and the forwarding and stateful Cooperative RF power access point can securely clients cooperative RF, station added, coverage, used for extra resiliency WLAN is operational roaming provides levels minimize Identity-based security, including stateful and seamlessly roam load balancing and reliability and backhaul and reachability inspection FW, rogue detection & mitigation HiveManager iswithout a single mgmt resiliency a interface single co-channel interference across the WLAN seamless resiliency are bandwidth increases for configuration, OS updates & local Airtime Scheduling, SLA compliance and Dynamically reroutes around point of failure monitoringimplemented of thousandsat devices forwarding edge enabled failures ofthe © 2012 Aerohive Networks CONFIDENTIAL 21 Architectural Alternatives Fully Distributed Forwarding & Control Redundant Centralized Data Forwarding & Control HQ HQ Controller Controller Reliability NMS WAN Controller Controller More Reliable But Expensive NMS WAN $ Centralized Data Forwarding & Control HQ Controller Controller Controller Controller WAN Authentication Auto RF L2/L3 Roaming QoS WIPS / Rogue Detection Distributed Forwarding with Centralized Control HQ NMS High Performance Highly Reliable & Cost Effective NMS Controller Failure = WLAN Failure WAN Controller in the Data Center Controller Or Controller Controller in the Cloud Authentication Auto RF L2/L3 Roaming QoS WIPS / Rogue Detection Loss of control means they become expensive Fat APs Performance & Cost Effectiveness © 2012 Aerohive Networks CONFIDENTIAL 22 Centralized versus Distributed Control Shared Control Plane Processing Parallel Control Plane Processing Over Provisioning (Pay too much) Processing & Cost Scalable Processing (Pay for what you need) Under Provisioning (Impact Performance) Physical Controller (Virtual Controller) ( © 2012 Aerohive Networks CONFIDENTIAL ) Control Functions • User Authentication • Role-based Access Control • Captive Web Portal and Guest Access • Self-Tuning RF Management › Channel selection & power level › Client load balancing & band steering • RF Threat Protection and WIPS • Secure Fast Roaming (L2 & L3) • Voice over WLAN & QoS support • Dynamic Mesh Failover Cooperative Control 23 Layer 2 Roaming RADIUS Server • User associates and authenticates and keys are distributed • AP predicatively pushes keys and session state to one hop neighbors • As client roams and associates with another AP the traffic continues uninterrupted © 2012 Aerohive Networks CONFIDENTIAL Roam 24 24 Layer 3 Roaming Router Subnet B Subnet A GRE Tunnel Like Layer 2 roaming the Layer 3 roam predicatively pushes keys to one hop neighbors. © 2012 Aerohive Networks CONFIDENTIAL In order to maintain IP connectivity a tunnel is created to home subnet. Tunnel continues to follow roaming user until sessions end then tunnel is terminated and the user accesses the local network 25 Topology Floor Plan View Global View “Subnet 2” “Subnet 3” Access Point Client Rogue AP © 2012 Aerohive Networks CONFIDENTIAL 26 Dashboard - Network Summary © 2012 Aerohive Networks CONFIDENTIAL 27 Dashboard - Troubleshooting © 2012 Aerohive Networks CONFIDENTIAL 28 Dashboard – Application Visibility © 2012 Aerohive Networks CONFIDENTIAL 29 Single architecture for the enterprise • Cooperative control enables the same functions across multiple devices to work as if they are one device Context Aware Switch • Network firewall on the router knows identity of the clients on APs? Unified policy and security mgmt, from the cloud Service Aware www Wi-Fi Corp Same Policy and Network Wired Guest, BYOD AppleTV (AirPlay) Bonjour © 2012 Aerohive Networks CONFIDENTIAL Routing / FW Printer (AirPrint) VPN 30 Handling the Client Explosion: RF Guru on the Help Desk? Client Health Score at a glance…understanding a client’s health. Good connection High data rates & high successful transmission rates Marginal connection Lower data rates / lower successful transmission rates Poor connection Low data rates / low successful transmission rates Automatically Remediate Client & Network Issues • Move Clients › Band steer or load balance clients triggered by low client health score • Airtime Boost › Boosts clients’ airtime if unable to hit performance target © 2012 Aerohive Networks CONFIDENTIAL 31 Low Power Mobile Devices Demand an Even Better Wi-Fi Infrastructure Gartner: "Without Proper Planning, Enterprises Deploying iPads Will Need 300% More Wi-Fi” 15 -17 dB 5 dB 5 GHz 20 dB 2.4 GHz dBdB 85 -10 20 dB 5 GHz 2.4 GHz HiveAP Typical 330 AP dBdB 10 –515 2.4 GHz • The extra 5 dB sensitivity beyond a standard AP can even out coverage for various client types • Better 5Ghz coverage enables 2.4GHz to be preserved for single band devices © 2012 Aerohive Networks CONFIDENTIAL 32 Huge Questions on Device Ownership and Management What is the difference between these iPads? Almost Everything Consumerization of IT • Consumer devices qualified, bought and deployed by IT • Replace legacy devices • Lower HW costs • Flexible, powerful • Enable new working models Embrace MDM Agents on Devices More App Flexibility © 2012 Aerohive Networks CONFIDENTIAL BYOD • Enable employees to bring their device of choice • Not owned or controlled by IT • Wide range of devices • Driven by employee satisfaction and shifting of CapEx spend Contain Network-based MDM Secure Apps Only (e.g. VDI, Citrix) 33 Solution Scenarios: Network & Agent Based MDM Solutions Embrace (Consumerization of IT) Corp www Contain (BYOD) www Corp MDM Access Isolate Quarantine Enroll Force MDM profile install Profile-based MDM • Device Mgmt • App Mgmt • Policy Enforcement and Compliance © 2012 Aerohive Networks CONFIDENTIAL Network-based MDM • Enrollment - CWP, PPSK - AD integration • Access Control - Device/OS Type - Domain Membership • Policy Enforcement - QoS, Security - Apps (e.g., VDI only) 34 Policy based on Context Identity, Device, Location, Time of Day CORP Policy BYOD Policy GUEST Policy Corp VLAN Restricted VLAN DMZ LAN & Web FW Email & Web FW Web Only FW 10Mbps per user 5Mbps per user 1Mbps per user 24HR Access M-F 8am-9pm M-F 9am-5pm L2-4 Firewall RADIUS Corp user © 2012 Aerohive Networks CONFIDENTIAL OS Detection PPSK Corp user - BYOD CWP Guest user 35 Solution automates MDM Enrollment HiveManager 1 Policy Configuration Administrator specifies JAMF enrollment URL in HiveManager iOS device 2 Apple device attaches to network 3 4 Please enroll your device on the following page. . . © 2012 Aerohive Networks CONFIDENTIAL MDM server Aerohive AP AP queries JSS server: is this a known device? If an unknown device, the device is redirected to JSS Server for enrollment Click here to enroll your device and begin using the network. . . 36 Contain Strategies Enhanced by Service Aware Infrastructure Contain Strategy www Access to the Right Resources Corp Bonjour Gateway • Let AirPlay and AirPrint work in the Enterprise • Service aware network • Enable & control service advertisement and discovery across subnets Guest, BYOD AppleTV (AirPlay) Bonjour © 2012 Aerohive Networks CONFIDENTIAL 37 Printer (AirPrint) Bonjour Gateway – Aerohive & Non Aerohive Networks Router / L3 Switch AppleTV (AirPlay) 192.168.1.1 192.168.200.1 Optionally attach to both subnets for non Aerohive Share Services List Bonjour GW Feature ON “with filters” Server: (file sharing etc) Printer (AirPrint) SSID “Subnet #1” Multi-Vendor – Works in both Aerohive and Non-Aerohive networks Plug and Play – No requirement for VLAN and Multicast gymnastics Flexible – Supports bi-directional service advertisements Efficient – No tunneling, only sends changes in service, with option to filter Secure and Scalable – Preserves enterprise security & data forwarding methodology • Available for beta Q2; shipping mid year © 2012 Aerohive Networks CONFIDENTIAL iPad can print and project via AirPrint & AirPlay SSID “Subnet #2” iPad can AirPrint or AirPlay 38 Branch / Teleworker Options How does an IT organization scale to meet the needs of today’s evolving “Branch”? SSL VPN Consumer Pros: • Works great for a single client Pros: • Inexpensive • Wired/Wireless Support Cons: • Per-connection licensing • Client for VoIP phones? • No consistent policy Cons: • No centralized management • No consistent policy © 2012 Aerohive Networks CONFIDENTIAL Traditional Pros: • Centralized Management with consistent policy Cons: • Start around $1000 • Requires expensive head-end solution • Pre-staging required 39 Small Branch Deployment Scenarios -– Teleworker HQ Cloud VPN Gateway (VPN Concentration) Cloud Service Platform 3G/4G Primary/Backup WAN/VPN Gateway Internet HiveManager Online Home Network Internet Access Only © 2012 Aerohive Networks CONFIDENTIAL Corporate Access Corporate Access via VPN & Internet via Cloud Security Guest Access 40 Customer Focus - Education Capacity Security Reliability Management Scalability Key Considerations Aerohive Advantage 1:1 Programs No data bottlenecks Mixture of device types SLA and Dynamic Airtime Scheduling Restrict network access Integrated RADIUS, Firewall, WIPS Secure guest access Captive web portal with PPSK Downtime costs learning No single point of failure Mesh support Simple to use Simple GUI based management Visibility of clients Client health score and TeacherView Cost effective solution No feature licensing Ability to scale Linear scalability – start small and grow © 2012 Aerohive Networks CONFIDENTIAL 41 Customer Profile - Education Problem/Requirement • Accommodate an influx of Apple iPAds, iPods and other Wi-Fi devices Located in North Carolina, the sprawling RowanSalisbury School System is an educational force to be reckoned with. It’s comprised of 35 schools, about 20,000 students, and about 3,000 employees. It’s the largest employer in Rowan County “It was probably not the most known product when I first started looking at it. But the more I looked, I thought: this is just a really neat product. And then when we started doing the tests, everything that they said the product would do, it did. It’s just been a great experience for us.” Phil Hardin Executive Director for Technology RowanSalisbury School System • Enable students to use the same device in the classroom and at home • A WLAN that was resilient,, centrally administered, easy to manage, secure and cost-effective. Solution • Aerohive’s controller-less cooperative control Access Points deployed pervasively • HiveManager used to monitor entire wireless network and all client activity • Highly resilient WLAN network that both easy to manage and cost effective Results • Students and teachers making great strides in using Apple iPads and iPods for everything from data collection to video ©42 2012 Aerohive Networks CONFIDENTIAL • “Everything worked flawlessly. We knew then that product, in terms of providing us with the service and the bandwidth, was going to be there.” Customer Focus - Healthcare Mobility Security Reliability Management Scalability Key Considerations Aerohive Advantage Voice over IP Full voice support with QoS engine Bedside monitoring and telemetry Location tracking integration Restrict network access Integrated RADIUS, Firewall, VPN, WIPS Secure guest access Captive web portal with PPSK Downtime costs lives No single point of failure Self healing mesh architecture Centralized visibility Centralized GUI based management RF management Spectrum analysis as standard Cost effectiveness No feature licensing Ability to scale Linear scalability – start small and grow © 2012 Aerohive Networks CONFIDENTIAL 43 Customer Profile - Healthcare Problem/Requirement • Make electronic medical records applications portable and provide wireless access to Brookdale’s guests and families Largest Assisted Living and Retirement Community Company in the US delivers higher levels of care with Wi-Fi and EMR, and Provides Wireless Internet Access to Residents “We found that when we wanted to get into true enterprise wireless, we wanted to reduce costs by not having controllers in place,” Fadrowski said. “In a controller-based solution … to deliver the functionality we required we had to have a controller here in Milwaukee (where the data center resides) and a controller in every community, thus raising costs quite a bit, adding to single points of failure, and having to build in more redundancy and more cost with controllertype systems.”. Chris Fadrowski Senior Director of IT Infrastructure ©44 2012 Aerohive Networks CONFIDENTIAL • Meet compliance standards for secure healthcare environments • A WLAN that offered resiliency, reliability, and performance and at the right price Solution • Aerohive’s controller-less cooperative control Access Points • HiveManager NMS provides centralized configuration and monitoring and simplifies provisioning for system-wide policy management Results • Engineering team has so far purchased more than 1,000 Aerohive APs for about 55 sites. • Brookdale has plans to purchase about 6,000 Aerohive APs over the next five quarters to deploy WLAN’s to all of its 645 communities. Customer Focus - Distributed Enterprise Scalability Security Key Considerations Aerohive Advantage Cost effectiveness No feature licensing Ability to start small and grow Linear scalability – no controllers Restrict network access Integrated RADIUS, Firewall, WIPS Guest access Captive web portal with PPSK No single point of failure Reliability Downtime costs money Management Multiple sites Centralized cloud based management Remote sites and teleworkers Cost effective teleworker/branch VPN BYOD BYOD flexible/secure policy enforcement Accessibility © 2012 Aerohive Networks CONFIDENTIAL Branch survivability 45 Customer Profile – Enterprise Problem/Requirement • Foster collaboration and productivity among employees • Reliable support voice over Wi-Fi Aerohive met all of our requirements – it was hands down the best in terms of cost and value add,”. “From a cost perspective alone, Aerohive made the most sense because the cost of installing everything is modular with Aerohive. We avoided that big upfront cost you get with the controllerbased vendors.” Eric LeSatz, VP of Technical Operations, Folio Investing • Provide a wireless guest network for visitors • Reduce infrastructure costs by deploying wireless Solution • Controller-less architecture resulted in significantly lower costs • WLAN reliably handles bandwidth-sensitive applications e.g. voice over Wi-Fi • Users no longer forced to connect and reconnect when moving within buildings • Guests, or employees with personal devices, can securely access the internet Results • Were able to move headquarters and spend half the money ©46 2012 Aerohive Networks CONFIDENTIAL • Folio has also achieved seamless user mobility employees who are now free to move around the office using softphones in order to collaborate on customer issues Customer Focus - Retail Key Considerations Performance Security Reliability Management Scalability Mixture of device types Aerohive Advantage SLA and Dynamic Airtime Scheduling Load balancing and band steering Payment details secured PCI compliance, Firewall, VPN, WIPS Secure guest access Captive web portal with PPSK Downtime costs money Multiple sites Monitor system security No single point of failure Self healing architecture Centralized cloud based management Cost effectiveness PCI reporting and security auditing No feature licensing Ability to scale Linear scalability – start small and grow © 2012 Aerohive Networks CONFIDENTIAL 47 Customer Focus – Manufacturing & Distribution Mobility Security Reliability Management Scability Key Considerations Aerohive Advantage Seamless Roaming Fast secure L2/L3 roaming Voice over IP Full voice support with QoS engine Restrict network access Integrated RADIUS, Firewall, VPN Protect external threats Wireless intrusion prevention system Downtime costs money Multiple sites RF management No single point of failure Self healing architecture Centralized cloud based management Cost effective solution Spectrum analysis as standard No feature licensing Ability to scale Linear scalability – start small and grow © 2012 Aerohive Networks CONFIDENTIAL 48 Customer Profile – Retail Problem/Requirement • Required compliancy with PCI and other security capabilities, including rogue access point detection and mitigation We set up our Aerohive HiveManager network management system and built default templates based on the model of the equipment,” says Stafford. “We were up and running in less than an hour. It was pretty much plug and play.” Once that template was set up we shipped the APs directly to the restaurants. Once the devices were plugged in at the restaurants they automatically received their initial configuration including security settings. This really impressed me because it saved us a tremendous amount of time and money on pre- staging each device.” Drew Stafford VP of Information Technology, Macaroni Grill ©49 2012 Aerohive Networks CONFIDENTIAL • Needed a solution that is easy to manage without technical staff needing to be present at restaurant locations for trouble- shooting • A solution that could grow with restaurant’s needs Solution • Secure access at the restaurants by area directors, who are mobile and constantly different locations • Aerohive’s Private Pre-Shared Key (Private PSK) lets legacy and hard-to-manage wireless LAN clients use strong encryption and authentication • Automated Rogue access point scans Results • I am completely satisfied with the PCIcompliance I get from Aerohive. There is a high probability of receiving a fine if your company doesn’t comply,” says Stafford. “All credit card information is being kept completely separate from the WLAN.” Customer Profile – Logistics Problem/Requirement • Improve reliability of wireless network As a leading provider of freight transportation and supply chain management, and with 40 years in the industry, Averitt Express knows the value of dependability. Customers in the more than 100 countries it serves expect their goods to be delivered as promised, and Averitt enjoys a solid reputation for customer satisfaction. “Aruba and Cisco offer a resolution to the redundancy problem by suggesting a backup controller for each location, but why would we spend extra money when we didn’t have to? Aerohive’s controller-less wireless architecture was the way to go—hands down..” Angie Tellmann Networking Services, Averitt Express • Find solution that supports cloud-based, centralized management to improve ease-of-use • Achieve 100% wireless network uptime required of a global freight transportation and supply chain management provider Solution • Upgraded from autonomous APs to a controllerless, centrally-managed wireless architecture • Deployed HiveManager Online, which lets companies grow their network without upfront capital costs beyond Aps • Utilizing Aerohive’s PPSK to secure wireless access Results • Network uptime goal achieved, ensuring freight is delivered accurately and on time ©50 2012 Aerohive Networks CONFIDENTIAL Context-Based Visibility and Control Application Firewall Prioritization Monitoring BYOD Policy Restricted VLAN Limit non-work apps CORP 5Mbps per userPolicy Corp VLAN M-F 8am-9pm Prioritize Work Apps GUEST 10Mbps per userPolicy Guest VLAN only 24HR Access No Netflix or BitTorrent 1Mbps max per user Restricted to 9-5 M-F © 2012 Aerohive Networks CONFIDENTIAL Diff Serv or 802.1p