During the month of June, Aranya traveled to Las Vegas to attend the Aruba Atmosphere event, this time running in conjunction with the “big” HPE Discover event at the Venetian. Below are some more personal blog posts from this trip. First from our Key Account Managers Niklas Kling and Markus Agard from a more commercial perspective, then from our Network architect Jonas Hammarbäck from a more technical perspective.


Reflections from Niklas Kling and Markus Agard

The journey began when yours truly (Kling) got in the car down to Bunkeflostrand to meet up with Markus before traveling to Kastrup Airport where Christoffer was waiting. How will this actually go? – A boy from Sexdrega who is going to travel “over there” and like the movie The Emigrants, I did not really know if we would come back home again.

36 hours (!) later we landed in our hotel in Vegas super excited about the event. One who had barely slept a wink, a bearded Scanian whose bag disappeared at JFK airport, and Christoffer who had an agenda full of other partner ambassadors on the first day.

-The beard comb is gone, was the first thing Markus said. With 43 degree heat, maybe the beard comb was not what I was thinking of but rather changes and other things to feel fresh, on the other hand I have no beard. Here we also met Jonas Hammarbäck who flew another route and our customer who sent two people.

The event started on Monday with a visit to the fair, which was full of stands, ranging from our own dedicated SASE, Switching and Wireless stands to suppliers who wanted to show us their collaborative products. We stuck a little extra for a supplier with the name Ventev who supplies, for example, discreet outdoor enclosures for access points and solutions for building access points into roof tiles and so on. It’s fun to meet suppliers you may not come across in everyday life so often, but who are definitely innovating in their field.

But of course, one wondered what Tuesday would have to offer, when The Sphere was on the agenda with Antonio Neri (CEO HPE)

After a breakfast with the gang, we lined up to witness the first ever Key note in the Sphere. What an experience, not only in terms of technology but also to see all the event’s visitors in one place and hear more about HPE’s collaborations with the incredibly current Nvidia.

During the first Aruba Atmosphere keynote (which was directly after The Sphere), we also had the opportunity to pay tribute to all the MVP’s where our very own Jonas appeared on stage and was applauded. So cool and you are of course proud of the competence we have in our company. Then out into the fair and full of different Business-oriented Sessions for us in sales and Technical for the rest of the gang.

Takeaways

Aruba Central – no longer a constraint but a huge USP for HPE/Aruba!

HPE has been preparing us for a long time for the migration of Airwave, controllers and other functions to Aruba Central to come. For just as long, I personally and many with me have felt that it sounds more like a constraint than a benefit… Until now!

It is clear that Central has been waited for and maximized for the Next Gen launch. It’s not “just” a new interface and redesigned back end – which makes the system more beautiful and faster – but it has also sneaked in a lot of features that I have not experienced before:

Power Save Mode (formerly Green AP)

Today, businesses require not only coverage but also bandwidth to handle many continuous users at certain times of the day – other times the premises may be empty. However, network equipment is usually on 24/7, waiting for something to connect. This consumes a lot of power when you have larger networks. Power save mode is nothing new – but the AI part allows Central to predict usage patterns and adapt the AP’s activity accordingly, which means that you can save a lot of power, which is good for both the wallet and the environment. There is also a function that can predict power saving based on patterns and present to the user.

This can be a draw to fund Central and also push refresh as this is supported in AOS 10.5, while 500 and 600 series or higher.

Read more on the Aruba website: https://www.arubanetworks.com/techdocs/central/2.5.8/content/allowlist/pwrsave-ap-ovr.htm

Central Insight

Central insight is the part I personally most associated with when talking about AI in Central. Here, the user gets insights from their own network based on best practices and behavior collected from HPE’s massive database of users and their behavior. All to get suggestions for improvements that can be realized within a few seconds, which normally could have taken several working days to find and improve. This part is a huge USP for Central and especially Advanced license – but also (in my own opinion) quite difficult to sell depending on who you talk to in the organization – you are welcome to share successful experiences here 🙂

Read more on the Aruba website: https://www.arubanetworks.com/techdocs/central/2.5.3/content/insights/overview.htm

Support for third parties (!!!)

Last and probably the biggest: HPE/Aruba now opens up for third party products in Central! Nothing more is presented than that you will be able to integrate several types of products (including Palo Alto) in Central. This makes them unique on the market – compared to Cisco/Meraki and Fortinet, their management tool only manages and monitors their own product fleet.

Private 5G – a complement to WiFi (or something taking over?)

I want to open with the fact that I myself (Markus) have not been so familiar with just where Private 5G is and will be. I was under the impression that it was something to do with (public) 5G – but that was certainly not the case (except for the same technology). So for me it was really interesting to see and squeeze some products and realize what it can give our customers and above all what makes (will make) HPE / Aruba unique in the Private 5G race.

Taking over or complementing WiFI?

Many of our industry colleagues in the ISP world claim that Private 5G is the best thing that has ever happened and that it will take over WiFi – That is not HPE/Aruba’s picture. Rather, Private 5G is here to complement WiFi in larger premises and open/outdoor environments. With that approach, HPE/Aruba becomes unique in the market with one and the same interface for monitoring and management – yes, now we are talking central again 😉 Note! However, this is not integrated yet so today there are two platforms.

My personal take on this, without having seen the price picture yet, is that there are many advantages to Private 5G- better range, more secure… But also a lot of disadvantages such as more advanced to set up and manage : buying/managing spectrum, managing SIM cards/eSIM and probably more expensive(?).


Reflections from Jonas Hammarbäck

In Las Vegas it was unexpectedly very hot… The temperature on the days oscillated around 36-45 degrees, very dry air and a light wind. It felt like standing in front of a large cabin heater, or perhaps rather the warm side of a well-stocked rack, when you were out and about. Inside it was cold as hell! Instead of shorts and t-shirts, it was long pants and long sleeves.

On Sunday, when everyone had arrived, we had a joint dinner with our customer who was there. The restaurant had a fun routine where you had to choose your meat knife from a box with the engraving “Choose your weapon” where they had knives of different models. However, the knives were not as sharp as they looked, but they still worked well.

Monday had no schedule for most of the day, but only in the evening a welcome reception in the large exhibition hall.

However, I had planned to write the test for the Campus Access Architect certification, unfortunately I missed it by 6 percentage points. But now I know what to read for summer literature…

During the afternoon I had also been invited to some activities together with other Airheads MVPs. We had a short session where we were interviewed and filmed, which may be used on the Airheads pages etc. Later in the day, we also had a session with, among others, Madani Adjali who is Vice President of Product Management (WiFi, Branch, Location Services & NAC) who talked about WiFi 7 and Private 5G and answered questions. The message about Private 5G can be summarized that it should be seen as a complementary technology in environments where there are long distances, more difficult environments to place access points in, where clients move a lot and at higher speed and where it is important to be able to offer an SLA on the service.

Then came some of those responsible for training and certifications. I stated, among other things, that the new “naming standard” for certifications felt very confusing and that it was much easier with the old certifications to read what it was for something. The person responsible for this could only agree and regret that HPE’s marketing had gotten the final word in the naming.

No major changes to the certification program are expected in the near future, but there may be changes in the future. One that was mentioned as an idea is to introduce what exists for the HPE certifications with continuous learning, which means that you continuously carry out training and other knowledge-enhancing activities and do not have to take tests every three years to maintain the certification.

Unfortunately, these sessions were held in a restaurant with lots of other people, so it was sometimes difficult to hear everything that was said.

Tuesday morning it was time for the keynote in Sphere, Sphere | Immersive Shows, Concerts & Events in Las Vegas, think Cosmonova but about the size of the Globe and the place takes in 18600 people. The speakers were very small down there, but were shown on the large arched screen which on the inside is about 15000 square meters.

The benches were very steep so you had good visibility without being obscured by people in front. Heard more than one person experiencing vertigo. During this keynote, an expanded partnership with NVIDIA was presented to create conditions for AI services and products.

After the keynote it was time for the Atmosphere General Session. We Airheads MVP’s who were present got good seats at a table in the middle of the room. During the session, they thanked everyone involved in Airheads and we who had been named MVP and were present were presented with names on the screen wall. Very fun!

The day then followed with break out sessions. Both Christoffer and I chose to listen to Danny Jump, a legend in Aruba and especially ClearPass, who talked about PKI, EST, TPM and MACSec. Interesting presentation where the process for factory device certificates was explained and that these are saved in TPM so that they cannot be manipulated afterwards. However, certificates installed via ESP are not stored in the TPM, but the TPM chip’s certificates are used to encrypt other certificates for increased security.

Until now, switches have used TPM 1.2, which means that all functions in the TPM chip are in the same storage. Access points and gateways have TPM 2.0 and there is also a transition on the CX switches now to TPM 2.0. TPM 2.0 has four partitions, three of which are in practical use. One of these partitions is available for the customer, in this case Aruba, to use. The other two are used by the chip manufacturer for basic management of the TPM chip.

EST is a technique for distributing certificates to, among others, access points from a proprietary CA. This allows access points to use 802.1x with self-issued certificates instead of MAC authentication. This method is clearly more secure than MAC authentication and avoids any profiling issues.

For my part, the next session was a session on the various MPSK solutions available and the upcoming technology PAN, Personal Area Network. This technology is meant to solve the problems found in places where people want to be able to connect personal equipment and access in a multi-user environment. For example, Apple TV or Chromecast to be able to stream. Typical situations for this are in hospitality implementations like hotels, hospitals etc.

The technology allows users to easily connect themselves and their devices to the network, which are then micro-segmented from other users’ devices, but can communicate seamlessly between themselves. It is a further development of the concepts we have seen before with AirGroup and segmentation with roles, but with an implementation that is much easier for the user to manage as they do not have to keep track of the MAC addresses of their devices.

In the evening there was a show in Sphere with the band Dead and company. Unfortunately, the music was not to the liking of any of us, so we were rather short-lived. However, the introduction was cool, starting on a street in San Francisco. When you got up a bit, the camera started to tilt downwards, which gave the feeling that the whole room started to tilt downwards and that you would fall out of your seat.

Wednesday started with another General Session where several news items were presented. Including Local Edge for SSE. This means that you do not need to send out local traffic to a POP but can send the traffic to your own “POP” and thus be able to get the same policy enforcement locally as in the cloud.

Another feature presented was a new feature in Central to visualize traffic patterns from a device and linked to this also be able to create policies that block unwanted traffic. The function is AI-driven and if you create a policy, it can then be applied to all devices of the same type regardless of their location.

One news regarding UXI was that there will be a UXI tab in Central that can show the status of a site directly in Central.

Another novelty in Central is that there will be a function with Digital Twin, you can create and simulate a change on the digital twin and evaluate how the change affects without applying it in the production environment. For example, if you create a new policy that blocks traffic, you can make sure that it hits in exactly the way you intended.

Then came a number of new products such as outdoor access points in the 600 series, but so far I think only these will be available in the US, as the 6 GHz network is not yet available outdoors in Europe. The AP 605H was also launched, which is a successor to the 505H with the same form factor and also 6 GHz radio. The 730 series was of course also presented, although it was already shown at Tech Jam earlier this year.

The AP is the first WiFi 7 access point from Aruba. The new 700 series access points also have more powerful hardware that includes dual IoT radios, dual USB ports and more memory and processor. This is because it is possible to run containers directly in the AP.

However, what was a bit special now was that the entire exhibition hall had about 130 AP 735s that were used for the first time publicly.

A new AI-driven feature for automated application prioritization was also announced. This function analyzes the traffic and detects traffic that needs to be prioritized and applies an automatic policy for this. The function is compatible with access points from WIFI 6 and above, i.e. 500 series and above. The policy is applied to both access points and switches.

An innovation for the location services is that the access points send out their exact position to the clients, which together with the information and the Fine Time Measurement (FTM) protocol allows the clients themselves to determine their position with a precision of about one meter.

Finally, a big news for Central is that it will be possible to monitor third-party equipment. In the list scrolled on the screen, there were both Cisco and Juniper and there was mention of monitoring also server, storage and virtualization platforms.

The next session was a presentation on how to solve that SSE and gateways should be able to send traffic right from the start if they have several possible destinations or connections to send the traffic through. By creating a database of traffic patterns that is then downloaded to a gateway that receives a cached copy of the one million most common destinations, Aruba can determine directly on the first packet which route the packet should go via. Without this cache, 5-10 packets would be needed to determine what the application is. This would mean that the traffic might suddenly change connection and the session would have to be restarted.

This was followed by a session on how to secure CX switches in various ways, from making sure to turn off Bluetooth and USB ports, disabling the reset button to using MACSec to protect traffic.

The last session of the day was a private tour of the event’s NOC and hear how they built the network for the event.

The evening ended with a joint dinner for the whole EMEA team.

To sum up, it has been an exciting and fun few days!