Considerations for managing Instant over the Internet with AirWave

By jluther posted Nov 22, 2011 01:01 PM


There are two key factors that are unique to managing Aruba Instant over the Internet vs. on a private network: security and NAT. 


Instant posts data back to AirWave on the standard HTTPS port, which is the same way your administrative users access the web UI, so you need to be sure that administrative user accounts are protected with strong passwords or two-factor authentication, in addition to any other security controls you can put in place. 


The other security concern is that of devices other than your own APs attempting to connect to AirWave, either a misconfigured Instant AP or someone with malicious intent. AirWave's safeguard against rogue devices is the shared secret that you configure on the Instant AP when you first set it up to use AirWave. Before you authorize a Virtual Controller in AirWave, it's vitally important that you verify the shared secret by mousing over the "Type" column for the VC's entry on AirWave's New Devices list. 


The other concern is NAT. Instant will communicate with AirWave through a public IP address, but the AirWave server will most likely be on a private internal network, accessible only through a firewall and a NAT device. Instant and AirWave work fine through NAT, but one additional step is required if you're using AirWave to configure your virtual controllers: you must tell AirWave what its external IP address is on the Device Setup > Communication page.