Last month I was invited to attend Mobility Field Day Live (#MFDLive) featuring one of my favorites in the wireless space – Aruba, a Hewlett Packard Enterprise company. During the event made some pretty big announcements and showed off a plethora of new features that will likely cause more than just a ripple through the industry. The new ArubaOS 8, dubbed a “Mobile First” platform, has added a massive list of features; nearing the top of the list for me are an expansion of the new, refreshingly simple, unified UI (demoed first at Atmosphere 2016 earlier this year) to more platforms and a whole new Mobility Master architecture that turns your ho-hum wireless network into a programmable platform delivering new services to the end-user from an impressive array of partners. The biggest hit for me wasn’t one single feature though, it was a slew of little ones that go almost unnoticed among the impressive upgrades.
The tech junkie in me loves a good bit of show about “paradigm shifts” and “solving the issues of tomorrow” and even “disrupting the tech industry” but that’s usually nothing more than the IT version of jazz hands. The admin in me detests when it’s complicated and unintuitive to manage the new bells and whistles or even worse, the bells and whistles take 2 years to materialize and the gold finish turns out to be pyrite… It can’t always be all about what’s hot now or what’s coming next year. There’s absolutely nothing wrong with maintenance releases that fix the complications or annoyances of what we’ve been using for a decade. Somehow the engineering and development teams at Aruba managed to pull off both – a major overhaul with some really impressive features that still feels familiar but far less irritating to use day-to-day. Oh, and it was released into the wild in July – a full 2 months before the big “announcement” – so you don’t have to worry about vaporware here.
Taking a look at the release notes there are quite a few gems that weren’t discussed that heavily on camera during the event, there just wasn’t enough time to cover it all. I’m going to go through them one by one but first you have to understand the biggest changes a bit.
Warning: I’m a big fan of logical layouts, hierarchical design methods, and things that just make sense in general…
A Whole New World
Managing large groups of systems can get cumbersome; managing them from a top-down approach simplifies the whole process and simply makes sense. For example, a large enterprise organization with a headquarters, a few dozen remote offices around the globe, shipping facilities, and remote workers may have a fleet of staff to design, deploy, and manage all the moving parts that go into keeping everything connected. Simple changes like adding new syslog servers, adjusting time zone information across multiple continents, or configuring the contact and location strings for SNMP can be troublesome even with the best of network management systems out there. By viewing the network in a logical, interconnected, tiered fashion it’s easy to apply a change at a single level and have the information propagate to all its “children.” It needs to be said though, this isn’t just a fancy new view or an NMS that does a lot of heavy lifting for you to make up for the same old flat networks the industry has used since the beginning – no lipstick on a pig here.
This is a multi-tiered architecture that breaks out the various functions of the network (management, control, and data planes) and puts them where they’re most effective. Management is in a central device (Mobility Master) or cluster (Mobility Master domain) that has a holistic view of the network and can feed any of the relevant data down to the control planes – the managed devices (a.k.a. controllers) – for decisions that need to be made regarding cross-controller traffic flows (MultiZone!), security policies, RF optimization, and more. And then follow it down another tier to the data plane where the APs and controllers are carrying out those decisions and forwarding traffic, adjusting radios, applying QoS profiles, etc. With a logically layered network and centralized management there are a ton of new ways to approach old problems or constraints, and that’s where it gets really good.
Centralized Image Upgrade
Have you ever been in charge of upgrading a few hundred, maybe even a few thousand devices, and wish you had the tools to not only easily push the new software but also determine where, when, and how it gets deployed in a manner that makes sense for each device? I’ve spent many sleepless nights pouring over scripts to do just that and once it was ready to go I had to watch the logs closely for any issues hoping to avoid a cascade of failures. The new centralized image upgrade method now gives the ability to push new software to your network using the hierarchy to adjust the installation options as needed based on where the devices sit in your org. Once an upgrade job is kicked off you also get a nice view of the progress from both the web interface and the command line making it easy to monitor progress. And what happens if something does go wrong? Keep reading…
Centralized Control and Visibility
The Mobility Master architecture of ArubaOS 8 introduces a new way to view what’s in your network and how it’s working by separating out the management, control, and data planes within the UI. With everything managed from a single point – no matter what design choices are made – administrators can easily monitor performance across the entire network or change configurations at local or global levels (and everything in between).
Custom Applications, Custom Categories and Protocol Definition Data in AppRF 2.0
How many companies develop in-house or implement customized applications these days? Maybe a university wants to group some non-related applications that are commonly used into the same policy. A logical way to manage the network and the applications running through it by ensuring the traffic receives the correct prioritization with minimal configuration or giving visibility and control over a whole new class of traffic without relying on feature requests from the network vendor.
Along the same lines as custom definitions and categories, Aruba’s also added a new way of releasing and deploying protocol definitions. The signatures are now in standalone files that can be installed and upgraded on controllers without the need to reboot allowing for hit-less upgrades across the network.
Loadable Service Modules
Protocol signatures aren’t the only thing doing hit-less upgrades now. The new OS introduces Loadable Service Modules which are basically the same features of the controllers that do all the fun stuff we’ve had except now they’re applications running on the controller. Now that the major features (list below) are decoupled from the core operating system new features and functionality can be added and quickly released into production without a major upgrade event.
The features that have been “app-ified” in ArubaOS 8 are:
- AirGroup for Bonjour services
- AppRF for application classification and prioritization
- ARM for radio channel and power management
- AirMatch for advanced network-wide RF optimization
- Northbound API services
- UCM for voice/video/collaboration specific integration and control
- WebCC for dynamic web threat assessment
Configuration Auto-Rollback and Disaster Recovery
Every administrator’s nightmare is doing a remote OS upgrade or a network configuration change involving uplinks, routing, etc. These are the things that keep us up at night – literally. How many war stories have you heard of a change failure causing a site to go down partially or completely because of fat-fingering a subnet or forgetting the proper order of operations when adjusting a router or any multitude of other reasons. It doesn’t necessarily happen often but the thought of having to hop in the car at 3:00am to head to a remote site before the users start showing up and complaining is not something I like to think about much. In ArubaOS 8 the system keeps tabs on the connectivity to the Mobility Master and when a configuration change occurs that impedes its ability to communicate with the MM it will automagically roll back to the last know good configuration – restoring connectivity and allowing for an engineering mulligan.
What if that auto-rollback fails for some reason? What if something else is causing a connectivity problem and there’s simply no way to get the managed device in a branch office talking to the Mobility Master but there are changes that need to be made for some reason or another? Disaster recovery mode is a feature that enables a local version of the Mobility Master directly on the managed device meaning full control is still available. While disaster recovery mode is configured, the controller will block all synchronization attempts by the Mobility Master should it come back online to prevent any unplanned configuration changes until the administrator is ready to bring the managed device back into the main network.
You can now make configuration changes in a “configure then commit” fashion with the bulk edit feature. Gone are the days of turning the AP radios off, making changes as fast as you can for 15 minutes, and then turning the radios back on. Think of bulk edit as you own configuration scripting engine.
Seamless Logon and Remote Telnet/SSH
Seamless Logon was introduced as a way to manage the network almost like a single device. Administrators can log in to the Mobility Master at a central location and then log in to other managed devices within the network without being prompted for credentials. Aruba built their own jump host into 8.0… But even more, you can use the Mobility Master as an SSH or Telnet jump host for any device on the network – not just Aruba’s. I’m not really sure what the implications would be if you used this as a security feature by proxying remote SSH/Telnet (but please not telnet) though the Mobility Master but I kind of like the idea and would be willing to give it a shot.
There are so many more features I could go on writing about for days; some of them I truly think are going to rattle the competition a bit and hopefully stir up a nice Wi-Fi Cold War-style arms race. But the industry-rocking features don’t often make an administrator’s job all that much easier (pretty much never) so I think a lot of these are important to ease some of the management load and just reduce some stress from the day-to-day mundane tasks that go along with being in IT. Plus, they show that Aruba is actually thinking about how their software is going to be used… Something that’s unfortunately rare lately.