The Aruba Virtual Branch Network Architecture expand the Core Network to Remote location with the deployment of Remote Access Point at each location. The Remote Access point Find the Controller over the Wan and established a VPN to the controller. The all Communication between RAP and Controller are Encrypted and Secure.
To achive this aruba uses two well Known Technology:-
1.Secure Data Tunnels :- In this architecture, A Remote Access Point (RAP) provides similar functionality to a VPN client but allows for shared access to multiple devices through wired and wireless LAN interfaces. The controller acts as an VPN concentrator. Each RAP communicates with the controller over one or more secure, encrypted IPsec VPN tunnels. This communication provides access to the devices/users connecting through the RAPs to the enterprise core network and to the applications and services that exist there
2.Role-Based Access Control (RBAC):-The Aruba controller has an integrated, ICSA-certified stateful firewall capable of up to 20 Gbps (cleartext) or 8 Gbps (encrypted) performance. Each RAP also includes the same firewall functionality.
VBN Components of Architecture:-
Remote Access Point (RAP):- When provisioned as a RAP, APs extend the enterprise LAN to any remote location by enabling seamless wired or wireless data and voice wherever a user finds an Internet enabled Ethernet port or 3G cellular connection. RAPs.
VPN client:- this feature provides VPN client capability to securely communicate with the VPN server located in the local controller on the enterprise DMZ.
PEF (Policy Enforcement Firewall):-Provides a stateful policy enforcement firewall for restricting access to enterprise core network resources. A role-based access rights policy is configured on the controller and then applied upon completion of RAP authentication and establishment of an IPsec connection.
Wireless LAN interface(s):-Provide Wi-Fi enterprise features supporting single and dual radio 802.11 b/g, 802.11 b/g/n, 802.11 a/b/g, and 802.11 a/b/g/n, depending on model selection.
Wired LAN interface(s):-Provide Network Access Control (NAC) capable 10/100 Mbps or 100/ 1000 Mbps RJ-45 Ethernet ports, depending on model selection.
WAN Interface(s):-Provide wide-area connectivity including EVDO/HSDPA 3G USB modems or Ethernet, depending on model selection.
Controller:-The controller resides in the data center or the DMZ, depending on the network design. RAPs connect to the controller using secure tunnels.the controller is the “gateway to the enterprise LAN” for the remote users and devices connecting to the RAP.
You might also like these recent post -
OpenFlow/
Software Designed Networking - What & What Not - Read This
OpenFlow/
Software Designed Networking - What & Why ? - Read This
Voice
over IP (VoIP) is for war zones - Read This
Free
& Open Source Firewall/ UTM Options - Read This
Data
center Designing & Planning - Tools & Guides - Read This
Aruba
Adaptive Radio Management - Read This
Found it useful, Consider sharing it with your friends -