The VGW is strictly for VPNC functionality, supporting connectivity for SD-Branch and Microbranch setups.
Connectivity between an AOS 10 AP and gateway is expected to be a LAN, no WAN connectivity should be used except under very specific guidelines which specifically exclude the usage of Internet VPN transport between AP and gateway.
Microbranch, which is a single AP solution, is the only AP based solution that supports tunneling to a remote gateway (VPNC).
Note, this is not a change from AOS 6/AOS 8 to AOS 10, this is the same design expectation that has always been there. Remote AP was the mode of operation for previous versions, Microbranch replaces this functionality with AOS 10.
Original Message:
Sent: Sep 03, 2024 08:07 AM
From: Stephan van Helden
Subject: Mobility Controller Virtual Appliance in cloud?
Or could these 'virtual gateways' be the GRE endpoints? But apparently these are not supported in Oracle Cloud too.
https://www.arubanetworks.com/techdocs/central/latest/content/sd-branch/vgw/vgw.htm
Original Message:
Sent: Sep 03, 2024 05:46 AM
From: Stephan van Helden
Subject: Mobility Controller Virtual Appliance in cloud?
And the "gateway cluster" (that serves as a tunnel endpoint) could be a virtual appliance in Oracle Cloud? Or a non-Aruba firewall? (The compatibility matrix seems to mention only physical devices.)
Original Message:
Sent: Sep 03, 2024 05:37 AM
From: ariyap
Subject: Mobility Controller Virtual Appliance in cloud?
with AOS10 you can also manage controllers with Aruba Central and the AOS10 APs can support Bridge, tunnel and mixed mode for forwarding.
Here is the AOS10 arch overview
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Sep 03, 2024 04:37 AM
From: Stephan van Helden
Subject: Mobility Controller Virtual Appliance in cloud?
Thx! Actually we need much more than Bridge mode. We have several wireless networks, many of the tunneled to the controller and forwarded to a firewall, also we need guest networks with and without client isolation, etc. We'd have the required firewalls in the clouds.
I guess cloud management (Aruba Central) can't serve as a tunnel endpoint. But would it be possible to centrally configure SSIDs and assign them to VLANs? Would be a complex change, but at least in theory we could probably move the tunneling stuff to the SD-WAN, and the APs would just need to send traffic for certain SSIDs to different VLANs.
Original Message:
Sent: Sep 03, 2024 04:20 AM
From: ariyap
Subject: Mobility Controller Virtual Appliance in cloud?
that is correct. the virtual gateway that you'll find in Azure and AWS are for SD-WAN functionality.
But in your case why don't you just use Aruba Instant or AOS10 APs in Bridge mode ans none of them require Aruba controller and you can manage them centrally with Aruba Central.
------------------------------
If my post was useful accept solution and/or give kudos.
Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
Original Message:
Sent: Sep 03, 2024 02:38 AM
From: Stephan van Helden
Subject: Mobility Controller Virtual Appliance in cloud?
Hi, we're currently using physical mobility controllers (7210) at a location that is going to be decommissioned. We were thinking of replacing them with the mobility controller virtual appliance (such as MA-VA-250) in Azure or Oracle Cloud. However, per datasheet, only Hyper-V, ESXi and KVM is supported.
Is that true? Or does it work on Azure but is not officially supported?
What is the suggested scenario if you have a lot of Aruba Access Points distributed across Europe but no central site where it would make sense to place a physical controller?