Securing Branch/ Remote connectivity through VPN – The Aruba Networks VBN way


There have always been different ways of doing things and Aruba Networks take it one step further with their Virtual Branch Networking concept for providing a Secure VPN to branches and remote workers. Read on to find out how they extend the secure wireless network in the head office to remote locations…

What is a VPN?

A Virtual Private Network refers to a secure connectivity between two locations over the Internet, with all the data traversing between them securely encrypted at one side and decrypted at the other side. So, encryption creates a sort of safe (virtually private) tunnel between the two sides to transport the data communications in a secure way. This is necessitated because of the fact that when data travels over the Internet, it travels in the clear text mode and hence is not secure enough for corporate communications.

What are the components of Aruba Networks Virtual Branch Networking?

1. Aruba Networks Mobility Controller at the Head Office with VPN and other appropriate Licenses (Since Aruba Networks is the leading manufacturer of centralized wireless networking components, the VPN solution is essentially an extension of the wireless controller at the head office. The controller is required for centralized management of all the access points in the head office, and now, also for the centralized management of remote access points at branches/ remote clients.  (Eg. Aruba Networks 3000 Series Wireless Controller).

2. Aruba Networks Remote Access Points / Branch Controllers: At the branches, Aruba Networks Remote Access Points need to be provisioned and connected to the Internet (through the RJ-45 ports). Once the head office controller and the remote access points are in place (along with the required licenses), the remote access points should automatically form a secure VPN tunnel between the branch office and the Wireless Controller over the Internet. A branch Controller can also be used as an aggregation point, if the branch is slightly bigger. All the policies of the head office controller will be automatically copied and updated on the branch controller as well.

3. Virtual Internet Agent (VIA Agent) – This is the software based VPN Client that Aruba Networks offers for frequently traveling employees and home workers. Once this client is installed in host widows laptops, the users can connect back to the corporate networks via the Internet through secure VPN connection to the Wireless Controller back at the head office.

4. Content Security Services – This is a cloud based offering from Aruba Networks. If this option is selected by the customers, all the data from a remote access point and the VIA agent (bound to the Internet) is first directed to a CSS (Content Security Services) Cloud Services at multiple locations around the world to provide anti-virus/ anti-malware/URL filtering/ Data Leakage Protection and other security related protection. This scan is performed for both outbound and inbound traffic.

What are the advantages of Aruba Networks Virtual Branch Networking?

  • The remote access points (based on the model) can connect to wireless users (primarily) and wired users (using the built-in ports or by connecting a small switch to one of the Ethernet ports).
  • If you already have a Aruba Networks Controller or planning to go with one, the VPN functions can be provided by the same device and remote access points at the branches instead of going for multiple Routers / UTM appliances.
  • Aruba’s split tunnel technology ensures local bridging of local and Internet bound traffic (at the RAP) instead of traversing them all the way back to the Controller at the head office always.
  • Since Aruba Networks Controllers can do secure authentication for all the wireless users, the same is now extended to the remote access points as well, where the users can be made to authenticate with centralized corporate directory infrastructures like Active Directory/ LDAP/ Radius servers etc.
  • Other wireless controller functionalities like ARM – Adaptive Radio Management (automatic adjustment of the radio transmitting power according to the neighboring access point’s power levels and other radio optimization functions), Wireless Intrusion Protection (scanning and securing the wireless clients against wireless intruders and threats), Quality of Service settings (for latency sensitive applications like VOIP etc) are extended to the branch as well through the remote access points.
  • All types of devices with all types of operating systems can connect through the remote access points at the branches (this is because the tunnel is formed between the RAP and the Wireless Controller and no software needs to be downloaded for the clients connecting over the wireless medium to the remote access points).
  • For a small temporary set up (like small project offices) which require secure connectivity with the corporate office, this  solution could be very useful as  just one device is required (remote access point) for the secure networking of the whole branch (over the wireless).

excitingip.net

This is just an introduction – further details can be found in the official Aruba Networks page for Virtual Branch Networking.

You can follow the latest Computer Networking/IT Products released for homes/small businesses & reviews by subscribing to this blog with your email address in the top right-hand sidebar box: ‘Follow by E-mail’. You can expect one mail per week (max).