Blogs

of course its helpful Sean :)

Sean, I want to thank you for taking the time to reply to each and every question asked and I want to express how pleased I am that immediate action is being taken on this. Kudos to the entire Aruba team for taking this seriously. I know that security and privacy can be a sensitive topic for many people and this certainly demonstrates a strong commitment to making this work.

Job well done.

  -Sam

Sam, thank you for your questions, comments, and patience. 

Customer satisfaction is paramount to Aruba. We have been very transparent about enabling phone home “on” by default in 6.4 and provided the option for customers to “opt out” there have been concerns expressed in some quarters that is distracting from the great features in AOS 6.4. We have decided to revert back to the “off by default” mode for the phone home feature and will be posting the AOS 6.4.0.1 build with updated release notes shortly. We will continue to seek feedback from our larger end customer base in the coming weeks and figure out the best path for customers to benefit from this feature.

Why are you changing an option I have already set?
Aruba Networks >>> We have had this feature available for several releases. The SMTP settings process to enable this was cumbersome. We have changed this to a HTTPS based model simplifies the process while keeping the data being transmitted secure. We need more customer adoption to increase the sample size so we can better understand how which Aruba features, deployment modes are popular. So we decided to turn it on by default but alert customers with the blog post, annotation on the SW download site, & mention in the release notes.. The customers always have the option to turn it OFF any time they chose.

How do I prevent a controller from phoning home at first boot?

Aruba Networks >>> It takes 1 week for the first “phone home” to occur after AOS 6.4 upgrade. The phone home process kicks in on a weekly basis after that.

Customers can disable phone by

a) Through WebUI, select PhoneHome Disable under Maintenance > Aruba TAC Server.
b) To disable via the CLI, type “phonehome disable”

What specifically is stored on Aruba servers?

Aruba Networks >>> Primarily the Config information – the feature on/off, Config values, SW version running on the controller, critical controller performance parameters etc. The primary use for this data is to understand what versions of the code are most popular and are in production, which features are most popular. This will enable us to proactively assess the impact of features, product enhancements, product life cycle decisions.

Does that data include my PSK, shared secrets, or local admin accounts in any form (encrypted or otherwise)?

Aruba Networks >>> All of the sensitive fields are encrypted/hashed and we do not process any of the PSKs, shared secrets or any other information that is sensitive from a customer perspective.

How is the data transfered? (wrapped in SSL I presume)

Aruba Networks >>> It used to be in the form of files attached to public key based encrypted e-mail. We have changed to HTTPS mode of communication in AOS 6.4.

How is that data secured on Aruba servers?

Aruba Networks >>> The data is secured just like that of any cloud service provider, secure data centers with adequate physical security and appropriate password and access control protections.

Who has access to that data?

Aruba Networks >>> A small subset of Aruba engg, product management, TAC team members have access to processed “reports” based on raw phone home data. Our TAC team if need be can access the raw data on a per customer basis as part of their customer support, TAC ticket resolution process.

If I did not intend to send you my data, how do I get Aruba to remove it from their database?

Aruba Networks >>> Prior to AOS 6.4 data belonging to customers that have voluntarily enabled the phone home feature and/or voluntarily sent us logs for TAC ticket resolution are stored on our servers. Any customer can contact TAC and ask that their data be deleted.

support@arubaneworks.com – http://www.arubanetworks.com/support-services/support-program/contact-support/

How do I ensure that the removal from the database is complaint with my internal data security policies (vetted by a trusted 3rd party)?

Aruba Networks >>> We can work with customers that are concerned on a case by case basis to review their company specific policies if any and ensure compliance & satisfaction.

If the data becomes compromised, how are you going to alert me that my PSKs, SNMP strings, shared secrets, or local admin accounts have been compromised?

Aruba Networks >>> To this date there has been no compromise of this data. We will take any/all reasonable steps to inform customers that have opened TAC tickets and have voluntarily uploaded Config, log files for troubleshooting purposes. Prior to AOS 6.4 the only way for Aruba to gain access to customer phone home data is either the customer sharing the data for TAC ticket resolution or enabling phone home voluntarily. Considering we have pulled the AOS 6.4 build from our support site after hearing some concerns and are posting AOS 6.4.0.1 we will only be collecting information if customers voluntarily “opt in” per the model that existed prior to 6.4.

NightShade1, Yes, is that helpful to you? 

I am gathering the answers to your questions. Should have them all by the end of the day. Thanks for your patience.

Hello! I've never posted to the AirHeads community before and I've had what I would consider some less than upfront expierence with the PhoneHome feature change in 6.4.0.0. Chris Lyttle (not sure how to give credit other than mention him by name) recommended I post since this article seems to be the only mention of data transparency. In partiucular, I updated a controller that was previously configured to 'opt-out' to 6.4.0.0. The release notes sepcifically state that this feature is 'enabled by default' in the new code release. The code update actually enabled this feature despite me having already opted out of it. In my book 'enabled by default' means that if I'm building a controller from scratch or if I've defaulted the config of my controller. 'Enabled by default' does not mean 'we're going to change your already running config to this value'. Admittedly, I'm not a dyed in the wool Aruba engnieer and I'm struggling with the phrasing here. While it may seem like semantics to most people, there is a line that is crossed when a configuration change is made to my *existing* configuration, not to the *default* or "un configured" state of a new, out of the box controller.

When you modify my existing config, it feels like you're taking control of my data, sucking it into your own aruba database and doing who knows what with. I don't want to send the message that I don't trust Aruba or feel confident that you won't misuse my data, but there is no out right declaration of what is actually copied to the Aruba servers, how it is stored, what will or will not be done with it, nor what happens in the event of a security breach (Target credit card breach comes to mind readily).

I have the following questions I would like transparently answered:

Why are you changing an option I have already set?

How do I prevent a controller from phoning home at first boot?

What specifically is stored on Aruba servers?

Does that data include my PSK, shared secrets, or local admin accounts in any form (encrypted or otherwise)?

How is the data transfered? (wrapped in SSL I presume)

How is that data secured on Aruba servers?

Who has access to that data?

If I did not intend to send you my data, how do I get Aruba to remove it from their database?

How do I ensure that the removal from the database is complaint with my internal data security policies (vetted by a trusted 3rd party)?

If the data becomes compromised, how are you going to alert me that my PSKs, SNMP strings, shared secrets, or local admin accounts have been compromised?

Thanks in advance for your consideration, transpancy, and upfront addressing of these issues.

  -Sam

So basically if we open a ticket you would already got most of the information you need? like tech support files, errors etc?

Cheers

Carlos