If it a larger site andyou want to keep the features of the controller you will then deploy a local wireless controller
But then you will run in this situations
1-If im gong to the central site through a rap double ipsec encriptation(for the controller communication)
2-IF i dont use the rap and i provision it to the local controller then ill go to the central site through L3 routing( but then many clients are going through IPSEC tunnels with firewalls... then what would be recommended in this situation? still you will double encrypt(for at least the controllers information or it doestn matter as its just that?)
I ask you all this because i really like aruba solution and i think you are making it simple when deploying stuff to remote sites... and you even can get your vlans of your central site to the remote sites which is great....with Firealls its more complicated and more administrative effort, more configuration and more stuff to do... Now i was thinking in how you guys manage bigger remote sites of lot of users in which i would like to have contrller features and also have my wired clients going through a rap maybe? but im not sure how many clients wired and wireless clients is recmmended to go through the rap...
I know im out of the topic here but if you want i can open another thread for this...
Thanks