Wireless Access

Reply
Highlighted

Virtual Mobility Controller VMC vs. Hardware Mobility Controller

Many times we receives the question VMC vs. Hardware. Find below our finding regarding this discussion:

 

We generally recommend the use of hardware as a Mobility Controller.
This has the following advantages:
- No additional effort for importing and configuring the VM on hypervisor
- No configuration of the virt. switch in the hypervisor and thus possibly unwanted configurations such as promiscuous mode (for details see Aruba Mobility Master and VMC Install Guide)
- No hardware costs in the Hyper-Visor environment
- Predictable performance due to dedicated hardware and no cross-influence of performance and resources in the hypervisor
- Easier troubleshooting because the hypervisor can be excluded as a source of error
- Depending on the design and expansion stage, a hardware controller can also be more cost-effective

Disadvantages Hardware Mobility Controller:
- VMC has a very flexible license model where one license can be used for multiple VMCs
- No own hardware necessary (the disadvantages are mentioned above)

 

Any comments about your experience are welcome.

 

Many thanks

 

Jochen

Highlighted
MVP Guru

Re: Virtual Mobility Controller VMC vs. Hardware Mobility Controller

The main consideration for me when using a VMC is the lack of a TPM module/certificate and the implications this can have when staging and deploying RAPs. As the User Guide says...

 

A certificate-based remote AP does not come up on a virtual mobility controller (VMC) because TPM certificate for the AP is present in the Mobility Master. However, you can bring up the remote AP by using a self-signed certificate.

 

To do this, first you need to bring up the AP as campus AP. Then, reprovision the AP to come up as remote AP.

 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted

Re: Virtual Mobility Controller VMC vs. Hardware Mobility Controller

What comes additional into my mind:

 

Advantages of a Hardware Controller:

  • No Shared Responsibilities between Network and Hyper Visor Admins
  • Throughput Performance is better on Hardware Controllers

 

Regarding Disadvantages:

  • Virtual Controllers have more flexibility with System Backup / - Restore or in Moving Controllers to another DC / Location
  • Virtual Controller Installation could be smaller in the amount of Controllers, because you have to install them twice (Active – Active) rather than with Hardware Controllers where you have to install multiple on Active Site 1 and Active Site 2 – depending on the overall AP number
Highlighted

Re: Virtual Mobility Controller VMC vs. Hardware Mobility Controller

I was hoping VMC would be supported with Central but it seems it's not, you can only use virtual controllers with AWS/Azure.

 

Then I tried to configure 9004 as a VPNC in our DC to terminate VPN tunnels from another 9004 and this seems to be working fine. Even though Central manuals only say that 72xx is supported.

 

I tried it only with 9004, next I'm trying to add IAP to that 9004 and see if it works.

 

This is for labbing, as 9004 license is a lot cheaper to get than 72xx Central license. Other than labbing, I really don't see why anyone would want to get VMC in their own DC. Having something in the AWS/Azure with Central is a different thing.

Highlighted
MVP Guru

Re: Virtual Mobility Controller VMC vs. Hardware Mobility Controller

Just to add, v1.3.0 of the AOS 8 Fundamentals was released on 31/03/2020 and further mentions design choices and considerations when deploying VMCs.

 

ArubaOS 8 Fundamentals 


ACMP, ACSA, ACDX #985
If my post addresses your query, give kudos:)
Highlighted
Occasional Contributor I

Re: Virtual Mobility Controller VMC vs. Hardware Mobility Controller

When we look at the data sheet on the 72xx or 7xxx series controllers, there are very specific numbers on the firewall throughput.


However, looking at the VMC, there is no such details. Is there any documents that can at least provide some high level numbers?


For eg. If we create a VMC running MC-VA-1K with the recommended specs, what is the realistic firewall throughput we are looking at?

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: