Discussion on:

Aruba secures remote wireless access with new software

I would like to hear opinions from network admins as well as remote workers, especially business travelers as to if this is a good idea or not?

I don't know if I'm too jr in doing business this way and missing something, but haven't we (admins,vars,remote workers) been doing this for some time now? An example; One of my main office locations using a mid level Watchguard Firewall, the remote office and the person who travels uses a wireless firebox edge. The edge is set up with Dynamic DNS so where that box travels so does the VPN Tunnel. The VPN Tunnel is done through the Firewall appliances as is any other VPN Branch office connecting to the main office for a single source of admin. The issues with this are also the same, the remote traveler has to lug around one more box of hardware, you have to plug it in via a wired connection. A difference that I see; I can use "most" any other brand of Firewall or appliance to do this and have a central and secure control point of my choosing and flavor. I didn't think this was a bad choice in using a Firewall company that has a focus on security.

So is this Aruba equipment really a better way of doing business and extending the edge? Is it more secure? Or is it just another brand trying to do what some of us are already doing but with new branded equipment? What I'm using works and with the next upgrade in the planning stages, I don't see any reason to change to Aruba.

I think the main difference as I see it is that the Aruba RAP is self sufficient and does not need to be initially configured or re-configured if changes are made. It only requires that the Remote AP Module software be installed. The device then receives all of the required information upon linking with the central office controller. That way the remote user is not involved in setup or configuration.

Michael,

The Remote AP is just a software key that is entered in the controller to unlock the functionality. True that the AP does not have to be reconfigured and policies can be changed on the fly without rebooting the SOHO device. Devices like scanners and VOIP phones can be profiled so that they can only pass VOIP or scanner traffic to the hosts that they are supposed to. At my company, they connect a Cisco wired VOIP phone with a computer connected to the back of that to an Aruba remote AP, and that is their SOHO solution. The phone is connected to the AP, which is a trunk. Phone traffic ends up on one VLAN back at home base and the PC at the back of the phone ends up on another VLAN at home base, with the Cisco phone doing the trunking. We use this solution for business continuity, where certain employees cannot get to work.