Aerohive BYOD Overview Redefining Enterprise Access

Introduction to Aerohive: Cloud Services Platform Public Partner Private (on-premise) Visionary Network Infrastructure Company Redefining Enterprise Access Cloud-enabled, Controller-less Wi-Fi, Routing, VPN, Switching Growing 2-3x y/y 7000+ Customers 450+ Employees Most Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2012 Enterprise Wi-Fi Branch & Teleworker Routers / Switches Healthcare Enterprise Education Retail Logistics Gartner MQ

Enterprise Wi-Fi Networking Evolution 802.11b/a 802.11g 802.11n 802.11ac 1999 2003 2007 2010 Made possible by Moore’s Law Cooperative Control Distributed Intelligence Auto RF Secure seamless roaming Ease of management Increased Reliability Improved Performance Reduced Cost Cloud or Centralized management Scalability, Resilience Autonomous APs Limited Intelligence No RF / Network Awareness Hard to manage (Managed directly) Centralized Control Centralized Intelligence Auto RF Secure seamless roaming Ease of management Single points of Failure BW Bottleneck Increased Cost Security, Manageability & Mobility

Future-Proof Infrastructure Cooperative Control Architecture Protocols are: Granularly & Infinitely Scalable, Resilient, Intelligent, Self-healing, Plug-n-play, and Free. Yes, Free. Density Band Steering Load Balancing Anchor & Release Mgmt Frame Reduction Distributed Computing Model Fully Distributed Forwarding Future Proofing Architecture just like the Internet – fully distributed, unlimited scaling No controllers to outgrow Protocols can be upgraded seamlessly Functions like the synapses of a brain, becoming more powerful and intelligent as nodes are added

New Requirements of the Network Edge Users want to work anywhere, on any device You need to enable them, without drowning in complexity $ X Yesterday Today Corp deployed enterprise devices WLAN overlay Network centric Monolithic Corp / BYOD enterprise / consumer devices Ubiquitous Wi-Fi Access User Centric Elastic Users want to WORK anywhere on any device You want to let them without drowning in complexity or compromising security, reliability and affordability. Yesterday Corp deployed enterprise devices desktop, laptop, handsets, scanners WLAN overlay coverage, convenience, HQ orientated Network centric policy based on rigid, port/VLAN & SSID Monolithic “Build it and they will come” scalability Today Corp / BYOD enterprise / consumer devices laptop, smart phone, tablet, Apple TVs, “AirPrint” Printers Ubiquitous Wi-Fi Access capacity, performance, mission-critical, extended enterprise User Centric Consistent policy based on identity, role, context Elastic Pay for what you need - leverage the cloud Aerohive gives you the ability to achieve this simpli-fi-ing enterprise networking by delivering a self organizing, service aware, identity based infrastructure. Cloud-enabled, self organizing, service aware, identity-based infrastructure Aerohive Networks - Simpli-fi Enterprise Networking

Made possible by Moore’s Law Device Evolution 802.11b/a 802.11g 802.11n 2003 1999 2007 2010 802.11ac Made possible by Moore’s Law Compute Power In 1999 there were no handhelds with Wi-Fi and very few laptops even used it as a standard. So not only was the presence low but the usage was very light. By 2003, .11g came along and some early handsets started to use it. It also started to become more standard in laptops and began to appear in some machine to machine communications. In 2007, the iPhone appeared and demonstrated that full-motion video, websites, real-time communication all translated to real, useful, business and life changing applications. Things could happen in real-time and these devices were powerful and inexpensive (by business standards). CIOs started to want them. Today, these devices are so robust they are replacing specialized, more expensive laptop technologies and even paper applications in some sectors (NFL playbooks are soon to be a thing of the past).

Huge Questions on Device Ownership and Management What is the difference between these iPads? Almost Everything Consumerization of IT Consumer devices qualified, bought and deployed by IT Replace legacy devices Lower HW costs Flexible, powerful Enable new working models BYOD Enable employees to bring their device of choice Not owned or controlled by IT Wide range of devices Driven by employee satisfaction and shifting of CapEx spend Embrace MDM Agents on Devices More App Flexibility Contain Network-based MDM Secure Apps Only (e.g. VDI, Citrix)

Limited Access Zone: The Third “Network” Corporate Network Guest Network NAC's role is to provide flexible mechanisms for protecting the corporate network while allowing a wide variety of endpoints to be used. Network protection will come in the form of a "limited access network," which will give them the flexibility to support some employee-owned devices and restrict access from others. For example, an organization may choose to allow Android v.2 and v.3 on the limited access network, but block access to Android v.1, simply because it does not have the resources to monitor vulnerabilities and maintain configuration guidelines on older operating systems. Some organizations may choose to explicitly block endpoints that have no place on corporate networks, such as gaming consoles. Most limited access networks will include WLANs as the primary access mechanism, as employee-owned smartphones and tablets will generally connect via Wi-Fi. A limited access network will function as a third network zone for most organizations, as it will be distinct from the production network and the wireless guest network. Whereas the guest network only allows Internet access, the limited access network will allow access to a subset of applications and data. NAC policies will limit access to sensitive applications and data, depending upon the device and possibly the user's role. Managed Device Credentials  Managed Device Credentials Managed Device Credentials 

BYOD and Corp Deployed Devices Access defined by ID & Device MDM Enrollment User Profiles Corp www GUEST Policy DMZ Web Only FW 1Mbps per user M-F 9am-5pm BYOD Policy Restricted VLAN Email & Web FW 5Mbps per user M-F 8am-9pm CORP Policy Corp VLAN LAN & Web FW 10Mbps per user 24HR Access MDM Quarantine Enroll L2-7 Firewall OS Detection Bonjour Gateway CWP PPSK RADIUS Guest user Corp user - BYOD Corp user BYOD & MDM Bonjour GW

Network-based - Mobile Device Management Personal Device Access (BYOD) et to work with only one device Corporate Deployed - Consumer Device Access (iPad) Self-registration with AD or Preconfigured 802.1X or Assigned unique Private-PSK Device can be determined by various means Policy applied based on role or identity limiting access and applying QoS VDI protocols can be prioritized SaaS Corp Internet HR VDI email User Agent Safari iOS4, iPhone 4 Active Directory Access (SSID) Corp (SSID) Corporate access to email only and internet Corporate access to business APPs only Captive Web Portal Private PSK Or 802.1X Private PSK Personal iPhone Corp iPad (business APPs only)

Increase AP Density/Reduce Power Increase AP Receive Sensitivity Use of Discreet Components: Better Quality Signal, Less APs, Balanced Links Using discrete radio components High-powered radios are discrete components, affording the opportunity to improve receive sensitivity by also using better receive components (e.g. Low- Noise Amp (LNA)) Superior receive sensitivity can improve upstream performance, especially of low-power consumer devices, balancing the AP/client link AP Tx AP Rx Increase AP Density/Reduce Power Marginal Performance AP Rx AP Rx AP Tx AP Tx AP Tx AP Rx Increase AP Receive Sensitivity

Band Steering Directs Clients between 2.4GHz & 5GHz Radios (bi-directional) AP Detects Dual-Band Capable Clients AP Selectively Responds (based on configured policy) AP Responds Immediately to Single-Band Clients Three Band Steering Options: Balanced Ratio (recommended) Urge 5GHz Use Force 5GHz Use 5 GHz 2.4 GHz

Load Balancing Optimizes performance by directing clients to the AP that can best handle the connection 80% 40 Clients Two Load Balancing Options: Airtime-Based (recommended) Station Count 50% 20% 10 Clients 20 Clients

Dynamic Airtime Scheduling 2 Fast Clients 1 Slow Client, 1 Fast Client With Contention, Fast Clients Wait for Airtime and Perform Like the Slowest Client Throughput Fast Client Slow Client Speed of the network is subject to the slowest client Time 2 Fast Clients 1 Slow Client, 1 Fast Client Dynamic Airtime Scheduling Allows Fast Clients to Transmit more Packets, Finish Quickly and Free Up the Air for the Slow Clients Throughput Fast Client Slow Client Faster clients dramatically improve their performance without impacting slower clients 10x faster

Enhanced Visibility and Control Client Health Score at a glance…understanding a client’s health. Click for details & Click again for spectrum Client Health Setting -> Environment High density, performance oriented network -> conference centers/rooms, classrooms, stadiums Normal density network -> Standard office space, hospitals Low density, coverage oriented network -> Warehouse, outdoor, hospitality Automatically Remediate Client & Network Issues Move Clients Band steer or load balance clients triggered by low client health score Airtime Boost Boosts clients’ airtime if unable to hit performance target Visibility and Control Detail

Enhanced Visibility and Control

Application Visibility and Control? SSID4 ? SSID7 ? VIP (Executive) All Applications SSID1 VIP (Executive) All Applications VIP (Executive) Contractor Contractor Block YouTube Contractor Block YouTube SSID2 Employee Limit YouTube SSID3 Employee Limit YouTube Employee SSID6 ? SSID8 ? SSID5 ? SSID9 ?

L7 Perspective Historical Filters Most Used Applications By Bandwidth Usage Heaviest Users Users By Device Type Top Apps by number of client devices

User Drilldown

BYOD and Client Trend reports

Aerohive Switching Platforms SR2024 SR2124P SR2148P 24 Gigabit Ethernet 48 Gigabit Ethernet 8 Ports PoE+ (195 W) 24 Ports PoE+ (408 W) 48 Ports PoE+ (779 W) 4 Ports 1G SFP Uplink 4 Ports 10 Gigabit SFP/SFP+ Uplink Routing with 3G/4G USB support and Line rate switching ADD CLOUD VPN GATEWAY (CVG) 56Gbps switching 128Gbps switching 176Gbps switching Single Power Supply Redundant Power Supply Capable

Deployment Scenarios - Teleworker Deployment Scenarios – Small Branch Deployment Scenarios - Teleworker HQ Cloud VPN Gateway (VPN Concentration) 3G/4G Primary/Backup WAN/VPN Gateway Cloud Service Platform Internet HiveManager Online Guest Access Home Network - Internet Access Only Corporate Access via VPN & Internet via Cloud Security Corporate Access

Automatic policy template and sections Network Policy Sections are added to the network policy depending on the network requirements chosen. You can add network options at a later time as you add more types of devices. You can now seamlessly update a wireless only policy to a policy with switching and branch routing. You can keep the same SIDs and user profiles for all network policy types. Automatic policy template and sections Flexible and allows changes as needs evolve Single SSID and User Profiles across network policies

Unified Wired and Wireless Policy Wi-Fi One-Time Port Provisioning Can be applied to one or thousands of devices Switching Routing VPN Firewall Bonjour

Less Infrastructure Costs Less Operational Costs Reduced Capex and Opex Less Infrastructure Costs Cloud Management Less Operational Costs   Zero Touch Provisioning Client Health Score Self Healing Client Health Score

Thank you!