Government Solutions

Aruba's User-centric Network for the Federal Government

What's your vision? To provide reliable, FIPS 140-2 compliant wireless access to your users? To improve user-productivity with secure wireless access everywhere from the battlefield to the briefing room, from civilian offices to first responder?

Aruba has pioneered a new approach to help you achieve your vision. Aruba's User-centric Networks integrate adaptive WLANs, identity-based security, and application continuity services into a cohesive, high-performance system for corporate campuses, office buildings, branch offices, outdoor areas and telecommuters. The result is a centrally managed network that mobilizes business applications across the LAN, WAN and the internet making users more productive without negatively impacting security. In contrast to other solutions, Aruba's User-centric Network overlays on top of existing networks preserving existing investments and preventing disruptive network changes.

The Aruba Networks Federal Solution

The Aruba solution consists of a few key components — thin Access Points (APs), central Mobility Controllers and software modules for the Mobility Controller; and optional management analytics and threat prevention appliances. APs provide secure wireless connectivity to devices and connect over existing LAN/WAN systems to tunnel all wireless LAN traffic (over a GRE or IPsec tunnel) to a Mobility Controller installed in the data center. The Mobility Controller is the central point of configuration, management, application continuity services and security. With security modules for Mobility Controllers, Aruba offers the necessary security for regulatory compliance.

Following is an explanation of a wireless network in an enterprise environment with centralized IT services:

Data Center: One or more master Mobility Controllers are installed in the data center, which can be used as the central configuration and management point for the entire global network. These Controllers can also terminate APs used for wireless connectivity in the HQ and remote APs used by telecommuters, home workers or small ad-hoc offices. A master Controller can support up to 500 remote Controllers and can also back up a Controller in a remote location in the case of an outage. To scale for larger deployments, multiple master Controllers can share the load of managing local Controllers and APs in remote sites, and the Mobility Management System (MMS) can be used as the single interface of management and configuration.

Large and medium sized offices: Depending on the number of APs required in each location, a different model of Aruba Controllers (called local Controllers) is installed. All Aruba Controller models run the same software and have the same functionality, but differ in AP capacity — from 4 to 512 APs. Each local Controller gets its configuration from the master Controller. Application continuity and security policies are enforced at a per-user level by the local Controller. Different user roles are applied based on group policy defined in the authentication infrastructure and guests can be tunneled outside of the network to terminate in the DMZ. Local Controllers also offer Wireless Intrusion Protection security and can offer local authentication services and/or pass through requests to the data center. Each local Controller automatically calibrates the RF coverage to optimize application performance and fill any coverage holes. Further, to extend wireless coverage in areas that are hard or costly to wire, Aruba APs can back haul over Wi-Fi using its award-winning secure enterprise mesh technology.

Remote users and small offices: Remote APs are a cost-effective solution to provide secure and centrally managed wireless connectivity to locations that only need one or two APs. Remote APs can connect directly via Ethernet to a public/private Internet connection or to the LAN. Remote APs automatically discover the master Controller, establish a VPN tunnel back to the data center and extend secure wireless connectivity to the user. Application traffic can be tunneled back to the data center or bridged locally.

Complete end-to-end Security
Aruba Networks enables programmable encryption for seamless transition to AES-CCM/802.11i and AES-CBC 256 bit for both wired and wireless devices without requiring hardware upgrades. This is combined with defense-in-depth security that provides integrated multi-layered support that locks the air, the wire, the network and the user. Aruba has also taken innovation in this space one step further by providing EAP offload capability in its FIPS-validated software. With EAP-offload, sensitive authentication and key management transactions are completed within the secure cryptographic boundary of the centralized Mobility Controller and do not need to be transmitted as clear text or using weak encryption algorithms between the Mobility Controller and an external RADIUS server. Alternately Aruba also secures EAP capable RADIUS servers by providing RADIUS-over-IPsec functionality as recommended by RFC 3579. This offers the industry's first single-box FIPS solution for non-disruptive wireless overlay deployment.

The Aruba Advantage:

• Identity-based security: Security follows users as they move across the LAN, WAN and Internet
• Central management: Easy to configure, monitor and troubleshoot with centralized control
• Application-aware: Optimized for converged data, voice and video support over wireless
• Flexible and scalable network: Overlay deployment model avoids upgrades and network redesigns
• Future-proof: Software upgradeable for new technologies such as 802.11n, NAC, mesh and eFMC