New Wi-Fi routers, cloud services simplify branch networks

Aerohive's branch solution holds down costs, extends security

Aerohive unveils simple but powerful branch Wi-Fi routers that integrate closely with a range of virtual and cloud-based services, including third-party Web security offerings.

Aerohive Networks has unveiled a set of products and services for small, remote, or branch office wireless networking. The new "Branch on Demand" product line includes low-cost Wi-Fi routers, coupled with expanded cloud-based VPN termination and security services.

Review of cloud-based WLAN management services: "Clear Choice Test - WLAN management takes to the cloud"

The new product line includes a pair of Wi-Fi routers, with optional 3G/4G WAN connectivity, a cloud VPN termination service running on VMware, and the ability to tie into cloud security offerings from Websense and Baracuda Networks. The result, according to company executives, is a full Layer 3 network with local DHCP and DNS services, along with Areohive's "Cloud Proxy" to support Layer 4-7 security.

And the starting price for all of it, via the initial low-end router, is $99 yearly per office.

Rival Aruba Networks was among the first to offer a low-cost branch WLAN model, and Meraki the first to introduce a cloud-based WLAN management product, says Lisa Phifer, principal at networking consultancy Core Competence. "But in Branch-on-Demand [BoD], Aerohive seems to have harnessed its cloud management experience and infrastructure to add value, such as cloud-based security and VPN [termination], without adding cost," Phifer says. "Further, from what I can see, they've wrapped BoD in a GUI that makes branch office network addressing and routing surprisingly easy."

Aerohive was founded to eliminate the use of conventional, standalone hardware controllers, folding those functions into its network of cooperating access points. Branch on Demand is part of this continuing shift. More functions are being packed into intelligent access points and increasingly the cloud, simplifying WLAN deployment and lowering capital and operational costs.

The new product line has been percolating since at least the start of this year when Aerohive bought a cloud vendor, Pareto Networks, and began integrating Pareto's code with Aerohive's wireless network operating system, HiveOS.

The components of the Branch on Demand include hardware, software, and new cloud services.

Aerohive now offers two branch office routers. First to ship will be the BR100, a low-cost routers one 2.4GHz 801.11n radio, five Fast Ethernet ports, and a USB port for a 3G/4G cellular radio for a WAN backhaul option. Pricing starts at $99 yearly per office site, and will ship in mid-December.

The BR200 is the high-end router: It, too, has a USB port for a 3G/4G WAN option, but it offers a 3x3 MIMO radio that can run on either 2.4GHz or 5GHz, five Gigabit Ethernet ports, two of them offering power-over-Ethernet at up to 15.4 watts, and cryptographic acceleration for attached clients. The BR200 will be available in "early 2012," and pricing is not yet announced.

Both boxes run the latest release of the HiveOS, version 5.0. The new code works with cloud features such as the new VPN termination, the revamped HiveManager 5.0 for cloud-based WLAN management. For the first-time, wired clients plugging into the new routers also now can be tracked by user identity and device type and automatically assigned permissions, network settings, and be managed by HiveManager regardless of how they connect to the branch network.

The new HiveOS version will also update Aerohive's existing HiveAP 3003 and 350 access points to support the routing functionality of the branch devices.

HiveManager has been redesigned: administrators logging in via a Web browser can see the full configuration pushed down to the new routers and remote access points, modify any part of it, and centrally manage all clients, including creating user profiles that can be applied to wireless and wired clients.

Aerohive's new Cloud VPN Gateway (CVG) is a software application for terminating VPN tunnels. It's designed to run on VMware virtual servers, so it can be quickly scaled to handle numerous clients. Routers are plugged in, powered up, and automatically tunnel back to the CVG.

"A constant pain-point for VPNs with many sites, especially little remote/branch offices, is the need to allocate and map IP addresses and subnets and configure routes to keep local traffic local, while tunneling other traffic over the VPN," Phifer says. "From what I saw in Aerohive's demo, they auto-generated Branch on Demand subnets and routes based on simple sliders, for example, 'I have 10 users at office X.' That could be a big time-saver if you have hundreds or thousands of branches to deal with."

The Aerohive cloud components can tie into Web security offerings from Websense, which offers a gateway that supports anti-malware filtering, SSL traffic inspection, and other services, and from Barracuda Networks. The integration lets the new routers use VPN tunnels to route branch traffic through these cloud security services, explains Core Competence's Phifer.

Altogether, Branch on Demand is a "strong combo for large organizations, including enterprises, that need to paint numerous small distributed sites with Wi-Fi plus Ethernet [connectivity] with low incremental OpEx," she says.

John Cox covers wireless networking and mobile computing for Network World.

Twitter: http://twitter.com/johnwcoxnww

Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed

Editors' Picks
Join the discussion
Be the first to comment on this article. Our Commenting Policies