03-14-2017 06:05 AM
I would like to start a topic to think about one of my idea.
Actually, I'm looking for some feedbacks and good advice to build a multi-client topology into two datacenter.
The idea will be to install two big controllers on two different datacenter ( my applications provided to the customers are on these two datacenters) and just install AP for each clients.
the AP will reach the controllers over a MPLS / VPN to get access to the applications and the controller.
What kind of controller, topology, AP and switch do you recommend?
i hope to be cleared =)
thanks in advance.
03-16-2017 03:12 AM
Thanks for your answer.
Regarding your question, sure it's important to know that information but my question is more on what are the smart ways to do it ?
Regarding how to manage the AP group, the configuration....
Are they any more "smart" ? or just manage all the customer over a AP group and that's all.
Many thanks in advance.
03-16-2017 04:25 AM
Well I would think you would want to provide the customers security from each other and some redundancy. Probably seperate VLANs, SSIDs and roles which would mean seperate AP Groups per customer. Assuming a customer will not have resources in both data centers you might want a primary and backup controller in each datacenter with redundant circuits, power, etc... You can run the controllers as both masters with VRRP between the two so you have an active standby or you can just set up as a primary with LMS backup. AP fast failover on the APs.
Here is a link to the Aruba Validated Reference Designs.
03-16-2017 09:43 AM
If you have APs only I believe you have to terminate to just one controller at a time per SSID. If you have clients who need resources in both locations you would have to route from one DC to the other. You can build a VPN/GRE tunnel between the two controllers if you dont have dedicated circuits. Or if you put a small controller at each client location terminate the APs to those and then setup VPN tunnels to each DC. You can policy route traffic so it takes the best route based on DC subnets. The controllers in the DC would be for failover and VPN termnation. You could probably use smaller model controllers there since you would be distributing APs to local controllers. If you use Branch Controllers you need a 72xx controller in the DC. If you just do VPN connections you can get away with the 7xxx series depending on your requirements.