Rollout: Aruba's ArubaOS 3.1 and Mobility Management System 2.0

Aruba's latest software upgrades enhance the functionality, security and operational management efficiency of wireless networks.

June 6, 2007

6 Min Read
Network Computing logo

Wireless networks are an integral part of enterprise architectures. They support ever larger numbers of employees and guests, and are being asked to carry critical apps, such as voice. This means the WLAN infrastructure must be as available, secure and manageable as its wired counterpart.

Aruba Networks newest software releases, ArubaOS 3.1 and Mobility Management System (MMS) 2.0, aim to meet these requirements. They are intended to enhance performance and scalability; better integrate applications, including voice and location services; and reduce operational costs. The new versions improve mobility and add built-in wireless IDS to boost availability and security. VoFi voice support has been upgraded.

Aruba must keep striving thanks to a little competitor called Cisco Systems, which owns 50 percent of the wireless market. Key to Aruba's strategy is impartiality. While Cisco wants to lock customers to both its wired and wireless gear, Aruba's products interoperate with any third-party wired infrastructure--one reason the company has won major accounts, including those from Microsoft and Ohio State University. A recent IPO generated $1 billion market capitalization, providing the financial stability needed to compete with Cisco, and assuring customers the company will be here tomorrow.Fresh Air

Aruba shipped us its Aruba 200 and 2400 controllers, which support up to eight and 48 APs respectively. Attached to the controllers in our lab were two AP 70 dual-radio 802.11abg APs and two AP 65s, which offer similar functionality in a compact form. We also deployed an AP connected to Aruba's corporate wireless network, with the connection tunneled over the Internet. This let us see the new management system on a live network.

Many of the new features in ArubaOS 3.1 are security-related. And if Wi-Fi security isn't top of mind for IT, recall what happened at TJX, in which thieves broke into the retailer's Wi-Fi network and eventually stole as many as 45 million credit-card numbers.

First, Aruba has added new capabilities for WIDPS (wireless intrusion detection and prevention systems), including detection of pre-802.11n APs, enhanced detection of wireless routers and confidence levels for rogue device classification. Note that the WIDPS capability requires an add-on software module. However, the new features narrow the gap with third-party WIDPS products.

One interesting new feature is application-aware sensing, which suspends network scanning when delay-sensitive apps, such as voice, are being used. This ensures that security functions won't interfere with critical business apps. Aruba also now meets Department of Defense security standards (the product also is FIPS 140-2 compliant).Aruba integrates with Snort for IDS alerts and actions, and with ArcSight for security-event management. In addition, Aruba has enhanced its integration with location-services vendor AeroScout. However, this also illustrates a competitive deficiency in relation to Cisco, which offers integrated location services.

What's New

Click to enlarge in another window

Aruba has made improvements to its roaming capabilities through the implementation of peer-to-peer roaming zones. Within an Aruba Mobility Domain, client roaming information is shared among controllers on a peer-to-peer basis rather than involving a centralized management system, which means the system will scale better in geographically diverse WLAN networks.

The new software enhances its integration capabilities through an XML-based API and an open syslog processor, which lets it accept a variety of alerts from syslog-generating devices.

MMS 2.0 also boasts significant improvements. Aruba touts it as a full FCAPS (fault-management, configuration, accounting, performance and security) implementation. Configuration management has been enhanced through a new config model. In earlier releases, APs were configured based on their physical locations. The new system provides configuration based on admin-defined groupings, which allows for more flexible and granular control.Troubleshooting has always been a strength of Aruba's management system. MMS 2.0 adds a useful network-search capability that lets administrators search for virtually any system attribute.

We also were impressed by new voice-service-monitoring capabilities. Although third-party voice-monitoring tools are available, their usefulness is limited when wireless traffic is encrypted at Layer 2. By integrating these monitoring services into the WLAN infrastructure, Aruba provides a variety of monitoring capabilities. We set up a VoFi phone and monitored its performance, down to the phone numbers called and the duration of calls.

On the GUI front, MMS 2.0 adds a nicely refined dashboard interface that provides color-coded historical summaries of the health of the wireless network. However, the management app was a little sluggish, perhaps because of its Java-based client-server design. For a summary of other improvements, see the table below.

Challenges Ahead

Aruba was one of the early pioneers in WLAN switching, which evolved into today's controller-based architecture, with APs connecting back to controllers over an organization's IP network infrastructure. Although today's leading products have basic design similarities, there's no interoperability among different vendors' controllers and APs, and the nature of interaction between APs and controllers varies significantly. Aruba's architecture is among the more controller-heavy, a design that aligns well with organizations that prefer the management and security benefits of a collapsed backbone architecture. However, it also means you'll need beefy controller hardware at the core, beefier still when 802.11n arises. This makes Aruba vulnerable to competitors, such as Colubris Networks and Trapeze Networks, that offer lower-cost products.Also, relying on integration with a third-party for services like location puts Aruba at a significant disadvantage against Cisco. And with 802.11n looking on the horizon, its centralized processing architecture will require controller upgrades.

And while Aruba's Mobile Edge architecture is similar to Cisco's Unified Wireless Network, there are significant differences. Cisco is all about delivering a soup-to-nuts, integrated wired and wireless solution. As a pure-play wireless LAN provider, Aruba must convince network professionals that an overlay model makes more sense.

That said, Aruba is well-positioned in the WLAN market. Its latest OS and management upgrades earn Aruba a place on enterprise shortlists.

Dave Molta is a Network Computing senior technology editor. He is also assistant dean for technology at the School of Information Studies and director of the Center for Emerging Network Technologies at Syracuse University. Write to him at [email protected]

Stay informed! Sign up to get expert advice and insight delivered direct to your inbox

You May Also Like

More Insights