06-23-2016 05:30 AM
I thought there was talk of there being a widely available controller VM. I say widely available as I believe there's a millitary customer with VM controllers.
Caveat: There are just things I've heard...
ACCX #540 | ACMX #353 | ACDX #216
-----------Mobility First Expert #11----------
If a reply adequately addresses your issue, please click on the "Accept as Solution" and "Give Kudos" button so this information can benefit other users via search.
06-23-2016 06:25 AM
There is currently a VM-based controller that is supported ONLY for VPN termination (WiFi is not yet officially supported) and is delivered to the US Government and Military only currently. There may be an option for non-US GOV/MIL coming in the next year, but it will be very small. As far as easily deployed, in MOST cases the 7005 is smaller than a server require to run the VM, or Instant takes no size whatsoever. Additionally, the VM-based controllers are NOT cloneable, as they are licensed individually, so there's no 'assembly line' capabilities with the VM. If you clone a VM controller, it will brick and will require a new serial number and passphrase be generated and licensed.
What is your use case/need for a VM-based controller, exactly? I would be interested to know and you can send me a PM if you would rather not share publicly.
Sr. Techical Marketing Engineer
06-23-2016 08:28 AM
So Aruba Instant has exactly same capabilities as "regular" Aruba with controllers? Including ClearPass and rest of the stuff?
I am new here, long time HP networking partner. We started to exploring Aruba few months ago and still learning about stuff.
06-23-2016 08:37 AM
There is no need for PM since it is not military or something like it :-). The thing is that most of the customers have some spare capacity on their virtualized enviroments. We have been using Fortinet/Ruckus/Aerohive (even only management) in virtualized enviroment with great success. It is less boxes to maintain, less power dragged and most important thing it is easer to "service" and upgrade.
When I say service, there are part of the world you don't have spare part stock, there is customs and complicated paperwork with VAT returns once you have to return box for repair. For all of these reasons we have switched to localy avaliable and services HP/DELL/Lenovo servers and software solutions on top of it.
As far as I am concern, this is big shortcoming of Aruba but maybe I am the only one outthere so it won't break a bank :-). Issue with serial number for VM is solved already with different vendors and I don't see what it would be problem with Aruba since I am 99% sure it is some kind of linux under tweeked for wireless stuff :-).
To be honest with you, we are more interested in ClearPass then Aruba wireless but we found ClearPass bit complicated with licensing. As I said in previous post, I just started exploring Aruba and those are initial toughts. We will be offering another solutions until we gain confidece in Aruba as best price/perfomance/feature solution.
06-23-2016 08:52 AM - edited 06-23-2016 09:27 AM
06-23-2016 09:00 AM
I am not native English speaker so is "similar"="exaclty same" as far as feature set is in questions? I am just loooking for precise answer since I was asked by one of my customers.
06-23-2016 09:02 AM
So what size AP deployments are you looking for? VMC will be for very small AP deployments (think less than 32 and possibly less than 16 APs). The power draw for an x86 based controller like the 7010 or 7008 are well below that of a VM in most cases (when the VM is sized appropriately), and note that for VMC, it requires hardware resource reservations (3 CPUs, 16GB RAM, 10-60GB disk). So the true useability for VMC will be pretty limited as it will have a higher 'cost' within the VM resource pool as no over-subscription is supported or allowed (which is different from web servers and other servers that are idle most of the time). Most VM admins won't be fans of standing up resources that lock out resources and don't make them available to other idle machines when they need it. The use case now (for GOV/MIL) are for tactical use cases where they require MILSPC hardware to deploy.
What is different between Aruba controllers versus others like Cisco, Ruckus, Aerohive, etc is that "Aruba Controllers" terminate the AP connections and handle ALL the encryption/decryption. No other vendor does it like this within a VM (most all other vendor's VM-controllers are more 'config management and control', but dont' actually terminate crypto and user traffic dataplane. As such, in an x86 environment, it's VERY resource intensive so controllers with hardware-programmable crypto chips just 'work' better to scale compared to VMs. In most environments, if you are looking for small deployments and you DON'T require high security crypto or government certs, you would use Aruba Instant which wouldn't need anything in your DC.
What is your need for a controller-based WLAN over an Aruba Instant WLAN? Honest question, the more feedback we get, the more we can look at applicability to the benefit of our customers.
As far as VMC and serial numbers, becuase we terminate crypo AND manage the RF for those thin APs, the serials are *required* to manage and control regulatory permissions. The serial and pasphrase generated on the platform govern whether it's US FCC, ROW, JP, or IL, and very likely will not be going away. So there will not ever be (at this point in time) any way to easily clone VMCs without re-serializing and re-licensing the platform. Controlling the serialization is also part of the revrec process in tracking assets as sold by Aruba, think of it as a form of DRM. it's not overly cumbersome, the serial is entered, a passphrase is generated, and those two elements are taken to the licensing site to generate your license keys. If you have a Mobility Manager, you can manage your licenses centrally instead (which is what MOST customers would do where they have multiple small controller deployed in a distributed fashion.
For our other products that are out or are coming that DON'T terminate wireless connections, we have the same serializing that other vendors use and cloning is more 'supportable'.
I'm curious what licensing difficulties you had with CPPM, for the most part it's volume and feature based and I've not heard much feedback that the licensing was hard to understand (unless the licensing itself is not liked, which then yea I get it heh).
Sr. Techical Marketing Engineer
06-23-2016 09:03 AM
imadam, they are NOT exactly similar, there are some features that a Virtual controller will not support that hardware-based controllers will. The goal is to get feature parity, but in some cases, some features will be excluded because of limited resources within the x86 platform.
More will come out in the coming months regarding VMC, and some of those are still fluid. So standby for more towards the end of the year.
Sr. Techical Marketing Engineer