Network Management

Hi community:

I am setting various usernames that only see a group of APs different of each one, It is like a multi-tenant way. The goal is to give an username to a end customer to manage their APs without seeing the other APs and information.

Is the performance of the server OK?
How many usernames roles can I configure?
Will the generation of reports be OK?
Any recommendation about this way of configuration?

I created 3 usernames for testing purposes and It works fine as a multi-tenant environment so I can only see the APs from one client, even visualRF information but I don't know if the server performance will be ok when adding new clients or generating a lot of reports.

Any recommendations? I know that Aruba Central is more oriented as multi-tenant platform but I want to test my airwave in this way.

Regards

Karlink

While not quite designed for multi-tenancy, if you do - there are a few gotchas.  Roles should be split up per customer since the reporting definition has a viewing option defined by role.  In VRF, there's a toggle to hide floor plans that don't have any devices, this keeps the floor plan isolated to the user that uploads it until a device is placed that maps it to a specific group, and finally inherits to a role view.  The use of auto authorizing of devices should be disabled so that devices don't get into a mixed bucket - as this would create awareness that the tool is shared with others.

I don't see a specific model of appliance here, so it's hard to distinguish whether performance will be great or not.  There's no max limit for users/roles, and it's probably not beneficial to configure any external auth or 2 factor auth.  All customers on the shared AMP would have to observe the same conditions for historical data retention - so that might affect reporting ability as well.

If the sizing of each customer is small, it might be better to set the system up as a VMHost, and then setup individual instances per customer.  That might allow more flexibility and eliminate any room for error in a customer's data being exposed to a different customer.  It would also allow you to take periodic snapshots that you could roll back to which would be faster than taking a backup to reinstall.

Hi Rob:

The server is Aruba AirWave DL360 Enterprise Edition Hardware Appliance and the characteristics are:

• RAM: 96 GB
• DISK: 8 300GB 12G SAS 15K 2.5in SC ENT HDD
• CPU cores: 16 cores (2 8-core 2.6 Ghz HPE DL360 Gen9 E5-2640v3)

Do you recommend this environment on this server?

Which is the process of creating VMHost?

Regards

Karlink

You haven't mentioned the number of APs and other devices you want to manage and that number is the primary sizing indicator (and licensing as well).

Please check the Airwave Server Sizing guide from the Aruba support documentation downloads. That document will tell you if that hardware is sufficient.

As for creating a VM, you install the OVA (VMWare) version of Airwave on your VMWare infrastructure. After that is it similar to installing on physical hardware. Benefits of VM are that it might be easier to add memory and cpu capacity later on, and you can use the (hardware) redundancy of your VM infrastructure to increase availability. 

The server specs you have are sized for a 4000 device single AMP.  If you decide to go the VM route, you might be hitting closer to 3000 since it'd have to account for the VM layer + the additional cost for each separate instance to run individual AMP daemons.  In the lab, we run vCenter with a shared resource pool that's expandable to allow as much or as little that's needed for a setup.

The admin path for the lab is:

vCenter -> resource pool (collection of individual VMHosts) -> VM instances per host

With vCenter there's flexibility to do roles and added operations that make it more flexible than a single standalone server.  Worth looking into if you see yourself going this direction.

Hi Herman

The server is clean and it has 672 AP licenses. Is it possible to split that amount of liceses so I can use it on a VM environment?

Regards

Karlink

For splitting license keys, you'd have to work through support for that.