Enabling the Virtual Enterprise

67 %
33 %
Information about Enabling the Virtual Enterprise

Published on March 17, 2014

Author: AirheadsSocial

Source: slideshare.net

Description

Airheads Conference 2014

Enabling the Virtual Enterprise Dave Blank Network Engineer Facebook Michael Wong Product Manager

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Wireless @ Facebook • 6,337 employees* • Approximately 10,000 wireless clients every day • 35 offices globally (11 US offices, 24 international) • EVERYONE is mobile (open floorplan… employees work from anywhere) • 1.23 billion monthly active users* *as of Dec 2013

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 3 #AirheadsConf Agenda Facebook Lighthouse @ Home RAP Zero Touch Provisioning Configuring Zero Touch Provisioning With Activate and CPPM Demo

4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Remote AP Provisioning • AP Provisioning .. Need I say more?

5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller: Provisioning Whitelist • Controller Provisioning Steps – Add AP to Whitelist on each controller – Defines a list of APs allowed to connect to controller – RAP Whitelist Definition • AP mac address • AP Group • AP Name – CLI: whitelist-db rap add mac-address [mac-addr] ap-group [ap-grp] ap-name [ap- name]

6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook Requirements • Zero Touch Deployment – Easy for a non-techie to deploy • Performance • Form Factor • Standardize Global Deployment • Deploy in Challenging RF Environments • Support Latest Technology including IPv6 • Extend Corporate Service – Wired IP Phone – Wired Video Conference Endpoint

7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook: HelpDesk Provisioning Tool • Custom Portal to Adapt to Business Workflow

8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Facebook LightHouse@Home

9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf To Datacenters Client VPN WAN Plug-Play Client Enterprise Secure Wi-Fi LAN Local Connectivity Enterprise Secure Wired Remote Access Points LAN/WAN/Internet Access Forwarding Priority Per User/Device/Session Dynamic Policies via Controller PEF Distributed Policy Enforcement Firewall Engine

10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf RAP Bootstrapping Process • RAP obtains wired IP address using DHCP • RAP contacts master controller using FQDN or static IP • RAP attempts to form IPsec connection – Certificate (name = mac address) • IPsec SA is established between RAP and controller

11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info

12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Activate to Provision AP Info

13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Activate Service What: Activate is a free Cloud Service that enables customers to deploy Aruba infrastructure more efficiently • http://activate.arubanetworks.com How: Enhances a device’s ability to find its configuration master Model: Device centric DB correlating various attributes Activate’s Inputs

14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: Define Rules •Activate (https://activate.arubanetworks.com) 1. Identify Configuration  IAP-to-RAP 2. Define Rules  Controller IP  AP-Group

15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Activate: AP Attributes 1. Select Device  Devices are initially assigned the default folder 2. Assign Devices to Folder  Define AP-Name

16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Define ClearPass Policy for Central Whitelist

17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Manager • Authentication, Authorization, Accounting (AAA) with Policy Management • Guest Management • Device Onboarding

18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Activate Configuration • Provide Activate credentials in CPPM

19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Add Controller

20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint List • Validate that CPPM is receiving info

21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Endpoint Info • EndPoint Info – Orange • Attribute for Authorization – Yellow • Attributes sent to Controller

22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Service • Allows ClearPass Policy Manager to test Requests • Provide differentiation by access method, location or other network vendor-specific attributes

23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Authentication • Controller will perform mac authentication to CPPM – Note: RAP will still use certificate to establish IPSec tunnel

24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement • Define Authorization Conditions

25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM: Enforcement Profile • Define Radius Attributes (Aruba VSA)

26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration

27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Controller Configuration • Define Authentication Server • Define Server Group • Assign Server Group for RAP / IAP authentication aaa authentication-server radius CPPM_01 host [CPPM_IP_ADDRESS] key PASSPHRASE ! aaa server-group CPPM_WHITELIST auth-server CPPM_01 ! aaa authentication vpn default-iap server-group CPPM_WHITELIST ! aaa authentication vpn default-rap server-group CPPM_WHITELIST ! • Controller perform whitelist lookup on CPPM instead of local-db

28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Goal: Zero Touch Provisioning • Activate • Device info is recorded on shipment • Device type, serial number, mac address • AP-Name, AP-Group and Controller-IP are defined • JSON API available • ClearPass Policy Manager • Synchronize inventory list • Maintains central whitelist for all controllers • Authorizes RAP • Controller • Authentication RAPs ClearPass Policy Manager Cluster Activate http://activate.arubanetworks.com Controller sends auth’n requests and CPPM provides auth’z info Controller Instant AP Instant AP Controller Mr. IT JSON api Instant AP will check Activate at boot for provisioning info

29 Thank You #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

30

#airheadsconf presentations

Add a comment

Related pages

Enabling the Virtual Enterprise (SaaS) - Basic IT Management

In an age of intensifying competition due to lowering of trade barriers and the growth of multinational enterprises, there is a constant search for new ...
Read more

Aglets: Enabling the virtual enterprise (1997) - CiteSeerX

CiteSeerX - Scientific documents that cite the following paper: Aglets: Enabling the virtual enterprise
Read more

Breakout – Enabling the Virtual Enterprise - Airheads ...

Enabling the Virtual Enterprise from Airheads Community Enabling the Virtual Enterprise: Join us at this session to hear from Facebook on how they
Read more

ENABLING THE SHIPBUILDING VIRTUAL ENTERPRISE - Transport ...

Publisher: Society of Naval Architects and Marine Engineers ISSN: 8756-1417 OCLC: 11481958
Read more

Enabling Virtual Secure Mode (VSM ... - Deployment Research

Enabling Virtual Secure ... with the Virtual Secure Mode feature that is available in Windows 10 Enterprise ... require a bit of research.
Read more

OSMOS: Enabling the Construction Virtual Enterprise

ITcon Vol.6 (2001), Wilson et al., pg. 83 Enabling The Construction Virtual Enterprise: The Osmos Approach SUBMITTED: July 2001 REVISED: October 2001
Read more

WEB SERVICES ENABLING VIRTUAL ENTERPRISE TRANSACTIONS

WEB SERVICES ENABLING VIRTUAL ENTERPRISE TRANSACTIONS Christos K. Georgiadis University of Macedonia, Thessaloniki, Greece. Elias Pimenidis University of ...
Read more

SupplyWEB: Enabling the Virtual Enterprise - Find White Papers

SupplyWEB® is an advanced, web-enabled Supply Chain Management and Execution solution from Infor. It is designed to reduce supply chain costs, reduce ...
Read more

Using Virtual Machine Connection and the Enhanced Session ...

Using Virtual Machine Connection and the Enhanced ... and Windows 8.1 Enterprise editions as guest operating ... Enabling Virtual Machine Connection ...
Read more