Aruba Networks showed off a new family of low-priced wireless LAN access points and controllers designed for fast setup and easy management at branch offices, teleworkers' home offices and small businesses.
Customers plug in the new remote access points, connect them to a gateway or other WAN link, and the devices automatically connect to a central Aruba controller and download the necessary WLAN security, usage and management configurations for the local site and its user, the company says. The access points and local controllers can be administered remotely. No VPN software needs to be loaded on to local clients.
To do this, Aruba used consumer products available from a contract manufacturer, but with new software, including an integrated firewall, to download and enforce enterprise-grade security and management policies. This strategy means Aruba could price the new gear aggressively: one access point model for one to five users is $99, another model that supports as many as 50 users and includes 802.11n, is $395. The new controller, for as many as 256 users, is $1,495.
“No one has an enterprise-class access point at $99 list,” says Paul DeBeasi, senior analyst, wireless and mobility, for Burton Group. “If you're looking at deploying three or four thousand branch offices, $400 per access versus $99 is a huge difference. They never hit that kind of pricing point before.”
Aruba previously offered a small remote access point. The device had to be preconfigured by the IT department, then shipped to the local office. The access point created a secure tunnel over the available WAN link to a central Aruba controller, becoming in effect an access point on the central campus.
But the access point could only support about four locally connected devices, and if the WAN is cut off, the access point shuts down, according to Michael Tennefoss, Aruba's head of strategic marketing. If several of these were deployed, the branches had to add a router for local traffic or rely on the WAN link to funnel all traffic first to the remote central controller, which sent it back to the other local access points.
Customers wanted simpler setup and management, and a lower price to make big deployments cost-effective, all without sacrificing enterprise-level security and management features, Tennefoss says.
Nearly all WLAN vendors have products aimed at the small-midsize business, home office and branch office markets. Most have required the use of a local WLAN controller, a costly addition especially for large-scale deployments. But some vendors also have offered access point-only solutions. Cisco offers the widely used Integrated Services Router for this market, with WLAN controller modules, and the Hybrid Remote Edge Access Point Motorola's Adaptive Access Point is designed to attack some of the same issues as Aruba's offering.
For the new products, Aruba added more intelligence to the onsite access points, and crafted a controller that, like the access points, can pull down from a master Aruba controller the needed configuration settings, and security and management policies.
“They have really tried to think through the provisioning and troubleshooting,” DeBeasi says. “You take it out of the box, plug it in, enter an IP address and the device just phones home and gets provisioned by the remote controller.”
Branch locations never have IT staff, and often have employees who know little about computers or networking. “I haven't played with it yet,” DeBeasi says, “but from talking with Aruba, if you have a teenager at 7-11, he can just press a reset button, or fire up a screen and read off what he sees to a help desk guy back at corporate.”
The RAPs are available now. The 600 series controller ships in June.
All the new products can be shipped to a branch or home office, and easily installed by employees there, according to Tennefoss.
The user plugs in the access point to a power outlet, connect it the office DSL router. Connect a laptop, bring up an entry screen and enter the IP address (supplied by the IT department) of a remote Aruba controller. Hit “return” and the RAP connects to that controller, authenticates via preloaded security certificates, sets up a secure IPSec tunnel, and then downloads a small firewall agent. The agent enforces the centrally configured, enterprise policies via the RAP's (or the 600 controller's) integrated firewall.
The new products support Network Address Translation traversal, and the control and data channels are encrypted.
The RAPs can be deployed on their own. Adding the 600 controller brings an array of additional features, such as NAS server and print server, and supports larger networks.