Aruba Extends Feature Velocity to Partners

One of the most promising announcements at Mobility Field Day Live with Aruba, a Hewlett Packard Enterprise company for me had to be the introduction of ClearPass Extensions. The concept behind this feature is to leverage a repository within ClearPass, such that new features may be created and ran without compromising the integrity of the system and the underlying code with some sort of “engineering special". This functionality adds substantial value to an already feature rich ClearPass product.


ClearPass Extensions enabled Aruba partners such as Microsoft, Intel Security, Kasada, and Envoy to develop innovative features that may be released ahead of a major release of code which improves feature velocity and more importantly client satisfaction.
Currently this is a relatively closed system with Aruba handling the development as a professional services engagement, but as a service oriented partner we see the light at the end of the tunnel and are looking to truly create some differentiating features for our customers that provide tight integration of ClearPass with the business.
Aruba’s vision for where ClearPass Extensions will go includes a developer community and an “app store" enabling customers to download or purchase apps that have been developed specifically for ClearPass. Customers can also develop their own features, or engage any third party to do the integration for them in the future.
Creating an opportunity for partners to differentiate themselves from each other and rewarding those that truly understand their customer’s business is an appealing idea. Waiting on features that may take six months to be released during a standard release punishes those companies who are creative and forward looking.
This model rewards these organizations instead by giving them a competitive advantage and an option to potentially generate additional revenues depending on how the app stores comes to light. The potential opportunities of these extensions are seemingly infinite and the upside for organizations investing in this are tremendous.

A Foundation for a Mobile First World


Aruba, a Hewlett-Packard Enterprise company, unveiled their new Mobile First Platform last week and I had a front row seat as one of the Mobility Field Day Live delegates. Aruba’s announcement was made a day prior to our session, so it was pretty exciting to discuss such a fresh topic. The foundation that Aruba is creating here is impressive and the implications are tremendous, especially if we look at extrapolating this in the near future.
Aruba announced the release of AOS version 8.0, which marks the first major overhaul of the code in quite some time. This release is at the center of Aruba’s Mobile First Platform and is designed to handle the next ten years of wireless, which is quite an ambitious goal as the near future has 802.11ax (aka Ten Gigabit Wi-Fi). Aruba highlighted that the intelligent layer of services required to run networks today is reaching its limits on controllers, so they have created a new alternative in the form of a Mobility Master that can run these intelligent services on behalf of the controller hardware. The Aruba Mobility Master has been virtualized so that it can run on an x86 virtual machine in VMWare (KVM coming soon with version 8.0.1). This new role replaces the now legacy Master Controller so most environments will benefit from a reduced amount of hardware on-site and can leverage investments already made for the new architecture where desired. Also of interest for most is that there is zero cost for these virtual machines, the only thing that matters is the number of access points are being managed. The primary tradeoff between a controller-based and virtualized infrastructure today is throughput as the VM-based controllers do not have hardware encryption modules and as a result they cap out around 4-5 Gbps.


Aruba has also introduced a new UI with AOS 8.0, which is a welcome feature as it had been fairly complicated for a new user. The new UI brings some much needed features such as simplified profiles, tab completion for profile names in the CLI, multithreading in the CLI, etc.
In-Service Upgrades are also new with the advent of AOS 8.0 and the Mobility Master. The increased compute and storage allow for services that now reside on the Mobility Master to be upgraded and impact the environment immediately without requiring an upgrade to access points or controller infrastructure.
Watch more on AOS8 via the Tech Field Day YouTube Channel.
Zero Touch Provisioning
Included in the move to a Mobility Master, is Aruba Zero Touch Provisioning which allows the Mobility Master to handle all configuration for controllers throughout the environment. Additionally, the previous requirement for the Mobility Controller and Access Controllers to be running the same version of code has been removed. The Mobility Master must run the latest code supported in the environment, but will be backwards compatible with older versions of code running on the controllers. This feature will greatly benefit risk adverse customers to quickly take advantage of the new features in administrative buildings, but maybe roll out slowly to a hospital or manufacturing site.
Multizone
The Multizone architecture allows for SSIDs to terminate to multiple controllers, creating an end-to-end encrypted session from client to controller when in tunneled mode. Terminating SSIDs on different controllers extends beyond the data flow and into how the AP is managed. Controller 1, as the primary, gets to set all of the AP settings (IP address, dhcp, etc..). Controller 2 gets to set only the settings for SSID 2. An admin of controller 2 cannot see any of the info for controller 1 including SSIDs, security types, auth servers, users, etc.

Clustering
Aruba AOS8 brings controller clustering to the table. All elements in the cluster must be running the same code and be part of the same family (e.g. All 72XXs running 8.0 code). State information is maintained for clients and access points with a designated backup controller within the cluster. The clusters also participate in user load balancing. Primary and Backup controller per user is maintained in the cluster and will be shared with AirWave later in the year. This is useful across all customer types, but especially those with very large campuses (e.g. higher education or Fortune 500 headquarters, etc.). Clusters scale to 12 controllers with 72XX series and 4 with 70XX controllers.


Clarity
Aruba Clarity allows the access points to associate to another access point and run synthetic tests from the “client AP" to the Clarity server, effectively building a baseline and providing tremendous visibility especially for remote sites. Clarity Live tracks DHCP and DNS requests and responses in real-time to profile the typical health of the network. Clarity Synthetic allows for RF performance testing, iPerf, web page loads to a URL (Salesforce, etc.) Upcoming features that were hinted at but not confirmed include scheduling and wired line monitoring and testing.



Another feature of AOS8 is Aruba’s new AirMatch feature that enables better channel reuse. This feature is important as legacy radio management was designed for a previous era of wireless networks. In today’s high capacity world that needs to support users and things the old way of doing things is not good enough. AirMatch looks at the system as a whole to maximize channel reuse and capacity on a daily basis and determines based on a day of usage what the best wireless combination of radios include. Advanced users will be able to tune AirMatch functionality to meet their needs from the command line, but this will be obscured from the GUI to protect users from causing harm.
APIs
The Mobility Master will have the context aware APIs that exist with Aruba’s Location Engine (ALE) to enable integrations with other systems via REST or published to other resources using a ZeroMQ to move that data to a database. Configuration APIs have also been enabled to allow APIs configure the network, SSIDs, etc.
AppRF
Enhancements have been added that enable categorization of applications and grouping of applications. For instance, a group called “Students" or “Nurses" could be created simplifying management. Custom applications are now supported and AppRF definitions are now treated like antivirus updates and can be updated without impact to the network.
In all I was impressed with what was announced for this release. Our delegate panel kept asking for more, but when you look at what has been accomplished, our requests were in line with what you’d expect this roadmap to look like as it unfolds. The shift to an API driven infrastructure is exactly where the world needs to be heading and abstracting software from hardware is inline with every other major shift in the industry. I am looking forward to the APs themselves running microservices in the future that can be upgraded, restarted, etc. with no impact to end users—it seems to be an inevitability at this point. This Mobile First Platform is well thought out and perfectly aligned with the automated and intelligent future that we are all looking for as it allows us to focus on the core business and offers much needed agility.

Assessing Network Management Challenges

Network Management doesn’t have to be overly complex, but a clear understanding of what needs to be accomplished is important. In a previous blog series I had talked about the need for a tools team to help in this process, a cross functional team may be critical in defining these criteria.

  1. Determine What is Important—What is most important to your organization is likely different than that of your peers at other organizations, albeit somewhat similar in certain regards. Monitoring everything isn’t realistic and may not even be valuable if nothing is done with the data that is being collected. Zero in on the key metrics that define success and determine how to best monitor those.
  2. Break it Down into Manageable Pieces—Once you’ve determined what is important to the business, break that down into more manageable portions. For example if blazing fast website performance is needed for an eCommerce site, consider dividing this into network, server, services, and application monitoring components.
  3. Maintain an Open System—There is nothing worse than being locked into a solution that is inflexible. Leveraging APIs that can tie disparate systems together is critical in today’s IT environments. Strive for a single source of truth for each of your components and exchange that information via vendor integrations or APIs to make the system better as a whole.
  4. Invest in Understanding the Reporting—Make the tools work for you, a dashboard is simply not enough. Most of the enterprise tools out there today offer robust reporting capabilities, however these often go unimplemented.
  5. Review, Revise, Repeat—Monitoring is rarely a “set and forget" item, it should be in a constant state of improvement, integration, and evaluation to enable better visibility into the environment and the ability to deliver on key business values.

The Art of Simplicity is a Puzzle of Complexity

As network engineers, administrators, architects, and enthusiasts we are seeing a trend of relatively complicated devices that all strive to provide unparalleled visibility into the inner workings of applications or security. Inherent in these solutions is a level of complexity that challenges network monitoring tools, it seems that in many cases vendors are pitching proprietary tools that are capable of extracting the maximum amount of data out of a specific box. Just this afternoon I sat on a vendor call in which we were doing a technical deep dive of a next-generation firewall with a very robust feature set with a customer. Inevitably the pitch was made to consider a manager of managers that could consolidate all of this data into one location. While valuable in its own right for visibility, this perpetuates the problem of many “single panes of glass".
I couldn’t help but think, what we really need is the ability to follow certain threads of information across many boxes, regardless of manufacturer—these threads could be things like application performance or flows, security policies, etc. Standards-based protocols and vendors that are open to working with others are ideal as it fosters the creation of ecosystems. Automation and orchestration tools offer this promise, but add on additional layers of intricacy in the requirements of knowing scripting languages, a willingness to work with open source platforms, etc.
Additionally, any time we seem to abstract a layer or simplify it, we lose something in the process—this is known as generation loss. Generation loss is the result of compounding this across many devices or layers of management tends to result in data that is incomplete or worse inaccurate, yet this is the data that we are intending to use to make our decisions.
Is it really too much to ask for simple and accurate? I believe this is where the art of simplicity comes into play. The challenge of creating an environment in which the simple is useful and obtainable requires creativity, attention to detail, and an understanding that no two environments are identical. In creating this environment, it is important to address what exactly will be made simple and by what means. With a clear understanding of the goals in mind, I believe it is possible to achieve these goals, but the decisions on equipment, management systems, vendors, partners, etc. need to be well thought through and the right amount of time and effort must be dedicated to it.

Experiencing the Connected Mobile Experiences


I had an opportunity to attend a Mobility BU hosted training at Cisco HQ in Santa Clara. This training covered Hyperlocation, Connected Mobile Experience (CMX) and the Enterprise Mobility Services Platform (EMSP). I had been looking forward to this ever since I received the invite, having invested time into the solution as early as 2013. These technologies are unified in purpose in that each of them have a role to play in transforming the end-user experience and enabling businesses to engage with their customers in new and interesting ways.

Hyperlocation
As one of the Wireless Field Day 8 delegates, I had an opportunity to see the Hyperlocation Module (HALO) up close and personal, however we never got a chance to actually play with it. For those interested, I wrote a detailed blog post about the technology after the WFD8 event. This time around however, we not only got to spend time talking through the technology and its use cases, we actually spent time playing with it in the CMX Lab at Cisco HQ. Seeing hyperlocation in action is impressive and the accuracy was within one meter as advertised. While the location accuracy is great, what is really intriguing is the network is aware of where the user is rather than relying on the user to interact with a beacon or something similar. I had the opportunity to walk around the floor space with an iPhone6+ and watch its movement on the screen. The response was impressively crisp for being 100% Wi-Fi based, but not quite as smooth as beacon-based movement tracking. This distinction is important though as beacons do require a user to be using their app to adequately engage, where as hyperlocation is simply the network being aware of the device and its movement inherently.

Detect. Connect. Engage.
Cisco’s CMX software works by detecting the presence of a device on the wireless network. Presence is simply the device being local to a given access point, it does not necessitate location, however location is an option and can be accomplished through standard triangulation or by the addition of the HALO module. Connection is the process of getting the user to opt-in through captive portal, SMS, social media, or mobile app. Some organizations are challenged with mobile app adoption so alternatives are a welcome addition. Lastly once the user is connected, engaging with them in new and innovative ways is the goal of the platform.

My Connected Mobile Experience (CMX)
Playing with CMX at the Cisco lab was fantastic—we walked around with various devices ranging from phones to Ava the telepresence robot who drove herself around the lab. Our movements generated a ton of data for CMX which we could then use to send notifications, trigger an action, etc. The reports and analytics offered around these actions are simple to navigate and provide powerful insights for organizations.

Enterprise Mobility Services Platform (EMSP)
EMSP is an open, cloud-hosted mobile application platform which provides an intelligent way to deliver customer engagement and is used with CMX to leverage location based services. Upon location acquisition of customer, EMSP wifi-enabled, browser-based captive portal provides a mobile experience specific to the location of the mobile device user, who they are and what they’re doing. EMSP then provides event-based, actionable insights which enable improved monetization and conversion of customer from looking to buying, from general presence to engaged interaction. In addition, the EMSP solution includes a tool suite for rapidly and dynamically updating content for the context-aware mobile experience. With this in mind, EMSP simplifies and accelerates time to deployment. It has the intelligent hooks to act upon the insights provided by CMX location services to improve the client experience, influence behavior, solicit feedback and automate workflow.

Bluetooth World - Day One Recap


My Bluetooth World day one started with a great conversation over breakfast as I presented on the need and opportunity for innovation in healthcare using Bluetooth enabled solutions. Our group opened up and had some fantastic discussion around some of the barriers that are currently challenging this industry such as limited numbers of Bluetooth radios being integrated into medical device solutions for connectivity. We progressed to discussion on all of the possible use cases as well as the opportunity for the data from an IoT-enabled world of healthcare to create new use cases as we better understand interactions between machines and humans.

The keynote speeches and individual presentations had great information, I was most interested in the direction of Bluetooth and the features that are coming shortly, especially the improvements to the meshing capabilities and range as these will open the door for great new use cases.

Also of personal interest was Kiyo Kubo’s talk about Bluetooth LE at Levi’s Stadium and the pain of getting to where it is today. Kiyo had gone through all of the challenges around Apple reducing their probing rates to almost nil and randomization of MAC addresses in the probing frames, forcing a change over to Bluetooth. They then had to develop a number of tools to make it a success both from an initial deployment and long term manageability.

The Expo floor had a wide variety of use cases from BLE managed LED lighting that synced with car audio to IoT-enabled hearing aids that would use location and ambient sound to automatically adjust their sound levels and noise filtration via a cloud interface.

It’s WLPC Time Again

The WLAN Pros Conference is truly a unique experience that I look forward to all year long. Throughout the year we are inundated with vendor marketing material and embroiled in competition. WLPC is a few days where we can come together as individuals, educate each other, build the community and challenge each other to be better at our craft. This year’s conference will be in sunny Phoenix, AZ. Read more about it here. If you’ve never been before and you have an interest in Wi-Fi I urge you to make plans to attend. It is a great opportunity to network and learn from others in the field.


This environment provides a great opportunity to get up and speak about something you are passionate about. The mix of longer presentations and ten talks allow for a lot of variety and depth of topics. This year I’ve selected a topic on Healthcare wireless as my main presentation topic and then will use a Ten Talk slot to provide a sneak peak into my Bluetooth World presentation that I will be giving in March at Levi’s Stadium.

Designing Wireless Networks for Clinical Communications

Healthcare presents one of the most challenging wireless environments in today's networking world. The unique blend of critical network applications and expectation of high speed ubiquitous wireless access for everyone is challenge enough and then numerous devices are layered on top. Clinical communications are critical to providing a high quality of care and has become an especially challenging environment to plan for. This post is intended to offer some guidance in designing these networks.

The Emergence of the Smartphone as a Clinical Communications Tool

Smartphones are joining the healthcare scene at increasing rates, companies such as Voalte, Mobile Heartbeat, PatientSafe and Vocera are bringing new features and functionality to market and are transforming communications at the point of care. These devices are typically either Apple iPhones or the Motorola MC40, however plenty of other variations exist. Each of these phones have numerous differences in how they behave. This differences vary from when they roam to how they handle packet loss, etc.

Access Point Transmit Power

In preparing to design for a clinical communications network a desired endpoint should be known. In almost all cases, Smartphones tend to have lower transmit power than what most admins are used to. As a result, we are designing wireless networks with transmit power of 10-12dBm rather than 14-17dBm as many legacy networks were built. This reduction in access point transmit power drives up the number of access points required to cover a facility by 25-50% depending on construction.

Data Rates

Disable lower data rates to reduce network overhead and functional cell size.

Access Point Placement

Fast roaming is critical to the performance of Voice over WiFi and for Smartphones this typically means leveraging 802.11r and 802.11k. Understanding how these protocols work and their impact on roaming is essential for success of any network being designed to support clinical communications. As a wireless engineer tasked with this design, the goal is to create small, clearly delineated cells with enough overlap to facilitate the roaming behavior of these mobile devices. If designed poorly, 802.11k can be a detriment to device roaming. Some general guidelines to follow:

  • Access points should be mounted in patient rooms and out of hallways whenever possible
  • Leverage interior service rooms to cover longer hallways--clean storage, food prep, case management offices, etc.
  • If you must place an AP in a hallway
    • consider planning to use short cross unit hallways rather than the long hallways wherever possible
    • consider using alcoves to your advantage to reduce the spread of the RF signal
  • Leverage known RF obstructions to help create clean roaming conditions that favor 802.11k
  • Overlap may need to be as much as 20% due to roaming algorithms in the smartphones
  • Pay attention to the location of patient bathrooms, facilities where these rooms are in the front of the patient room (near hallway) offer far more challenges than those where it is in the back of the room
  • Stagger APs between floors such that they are not vertically stacked on each other

Voice SSID

Configure for a single band whenever possible - you'll find that some vendors are still only comfortable with 2.4GHz. From experience this can work, but is not without issues either. As a general rule, I recommend using AppRF to view the applications using the SSID and prioritize them properly. Smartphones are always talking via multiple apps on multiple ports and this should be accounted for.

All Apps Are Not Created Equal

Certain mobile communications apps are simply not ready for the demands of a healthcare environment. Take the time to understand exactly how these apps are being used, on multiple occasions I've seen perceived "dropped" calls as an app issue rather than anything to do with the wireless network itself.

Test, Test, Test

This is still a relatively new application for Voice over WiFi and it will require effort to get it right. Extensive testing is typically needed to get these deployments 100% dialed in. Tuning from AP placements to transmit power tweaks should be expected to some degree.

One Company's Journey Out of Darkness, Part VI: Looking Forward

I've had the opportunity over the past couple of years to work with a large customer of mine on a refresh of their entire infrastructure. Network management tools were one of the last pieces to be addressed as emphasis had been on legacy hardware first and the direction for management tools had not been established. This mini-series will highlight this company's journey and the problems solved, insights gained, as well as unresolved issues that still need addressing in the future. Hopefully this help other companies or individuals going through the process. Topics will include discovery around types of tools, how they are being used, who uses them and for what purpose, their fit within the organization, and lastly what more they leave to be desired.


If you'e followed the series this far, you've seen a progression through a series of tools being rolled out. My hope is that this last post in the series spawns some discussion around tools that are needed in the market and features or functionality that is needed. these are the top three things that we are looking at next.

Event Correlation
The organization acquired Splunk to correlate events happening at machine level throughout the organization, but this is far from fully implemented and will likely be the next big focus. The goal is to integrate everything from clients to manufacturing equipment to networking to find information that will help the business run better and experience fewer outages and/or issues as well as increase security. Machine data is being collected to learn about errors in the manufacturing process as early as possible. This error detection allows for on the fly identification of faulty machinery and enables quicker response time. This decreases the amount of bad product and waste as a result, improving overall profitability. I still believe there is much more to be gained here in terms of user experience, proactive notifications, etc.

Software Defined X
Looking to continue move into the software defined world for networking, compute, storage, etc. These offerings vary greatly and the decision to go down a specific path shouldn't be taken lightly by an organization. In our case here we are looking to simplify network management across a very large organization and do so in such a way that we are enabling not only IT work flows, but for other business units as well. This will likely be OpenFlow based and start with the R&D use cases. Organizationally IT has now set standards in place that all future equipment must support OpenFlow as part of the SDN readiness initiative.

Software defined storage is another area of interest as it reduces the dependency on any one particular hardware type and allows for ease of provisioning anywhere. The ideal use case again is for R&D teams as they develop new product. Products that will likely lead here are those that are pure software and open, evaluation has not really begun in this area yet.

DevOps on Demand
IT getting a handle on the infrastructure needed to support R&D teams was only the beginning of the desired end state. One of the loftiest goals is to create an on-demand lab environment that provides compute, store and network on demand in a secure fashion as well as provide intelligent request monitoring and departmental bill back. We've been looking into Puppet Labs, Chef, and others but do not have a firm answer here yet. This is a relatively new space for me personally and I would be very interested in further discussion around how people have been successful in this space.


Lastly, I'd just like to thank the Thwack Community for participation throughout this blog series. Your input is what makes this valuable to me and increases learning opportunities for anyone reading.





Aruba Networks Sensors Everything

In case you missed it, Aruba Networks, an HP Enterprise Company announced the availability of their new Aruba Sensor product this week. This was spoken about at Atmosphere back in March, but then had seemingly disappeared. This new sensor enables Aruba Network's Meridian cloud analytics and wayfinding solution and best in class beacon management capabilities to be used on any wireless network. These sensors have a Low-Energy Bluetooth (BLE) radio to act as a beacon and manage other beacons in within a 25 meter radius and a wireless radio to provide network connectivity. Power is delivered through either AC power or USB and both power options offer security locks to ensure the safety of the Sensor. Making the same solution available for any wireless network is a huge deal as it allows for standardization of an engagement solution. ClearPass, Meridian and the Aruba Sensor/Beacon offer tremendous capabilities for any organization's network. Kudos to the team for embracing the market as a whole!