[MUSIC] Hello again and welcome back to the Modern Campus Network Management Techniques video series. And now that you've learned about NMS evolution, challenges, classic and modern tools. I'd like to show you an example of some Modern Network Management Technologies based around Aruba's edge services platform or ESP. After a brief introduction, you learn about the three pillars of ESP, unified infrastructure, zero trust architecture and artificial intelligence operations or AIOps. >> Aruba is motivation for developing a modern edge services platform or ESP is driven by customer need in the failings of legacy systems. Technology silos hinder agility with wired wireless and when systems managed independently and fragmented architecture for Campus, Branch, Data centers and Remote Workers. Couple that with a lack of network automation and visibility, along with rising security threats, reduced budgets and limited human resources, it's not hard to realize networks must do more, starting with unifying those technology silos. Cloud based Aruba, central unifies users and things. Wireless wired and when to eliminate siloed operation with a single architecture across campus branch and data center with essay third party integration. Let's consider that user and thing integration, most businesses blanket their locations with a 80211 based Wi Fi coverage for end user connectivity. This information technology or IT is largely transactional Human Resources, logistics, finance, inventory, our users require high bandwidth performance, which means higher power in size requirements. But the continued rise in IoT deployments drives new RF requirements. These things are used for operational technology or OT, manufacturing and control processes that deal with events states logic and alarms. Many IoT devices must be physically small and draw minimal power. And they need small packets of telemetry data that don't require 802 11 Wi Fi is high power, high bandwidth approach. So, technologies like Bluetooth low energy or BLE, ZigBee and IEEE 802.15.4 are perfect for small form factor low power and bandwidth IOT devices. But here's the challenge while these technologies are not compatible with 802 11 Wi Fi we all know and love, they use and compete for the same RF spectrum. Now this is a challenge for most deployments. With separate systems for end user Wi Fi and Internet of Things RF. One system can stomp on another decreasing performance and reliability of both systems. Aruba EPS unify this into a single system, all coordinated and performance optimized. The unified Wi Fi means you get a single consistent AP and firmware that it can handle all of your Wi Fi needs. Whether at a large controller base campus or a small cluster of independent APS. The same for switches, you get a common consistent Aruba OS cx based platform for all connectivity needs, whether for a small wiring closet, core aggregation switches, or big data center. And again, same for Wang connectivity, all those disparate connections whether MPLS, 4G, 5G, DSL Cable, all united under a single intuitive management umbrella. And Beyond Aruba central Aruba edge services platform or ESP is based on three main pillars as the industry's first AI powered platform designed to unify, automate and protect the edge. Aruba artificial intelligence operations or AIOPS and central help to automatically and continuously optimize network performance. And not just no networking issues, it's a truly AI based solution that can also resolve yet to be known issues. AIOPS uses artificial intelligence, machine learning and network and user centric analytics capabilities to preempt issues before they happen and quickly identify root cause and resolve issues. It continuously optimizes configs based on peer benchmarks, and eliminates change guesswork, so you can see and secure everything that's on your network. Unified infrastructure breaks down operational silos to provide a consistent operational experience across wired wireless and when and across campus branch data center and remote worker, all from a single pane of glass. Zero trust allows our customers to address the increasing threats from IoT while also simplifying the process. It's an adaptive trust framework that centralizes policy administration And dynamic segmentation, delivers the micro segmentation needed for mobile devices and IoT along with granular device visibility. So, let's take a look at the Aruba ESP architecture, which consists of three layers, foundation, SD policy and services. All managing unified with Aruba Central. Now each layer also represents three core attributes of ESP. The unified infrastructure provides complete network operations across wired, wireless and SD win domains. Campus, branch, remote worker, data center and cloud locations all managed via Aruba central Single cloud native pane of glass. Zero trust security helps to increase protection levels in the face of IOT device proliferation, while simplifying and automating device discovery, continuous monitoring and working with Clear Pass Policy Manager or CPPM to centralize policy control and policy enforcement firewall. These central policies are then pushed down to be enforced on each network device. AIOPS enables you to react to and resolve issues much quicker and in some cases predict and preempt issues before they impact the business. All these devices, services and products improve your ability to leverage the intelligent edge, which most organizations will deploy in phases. So, to best understand the challenges and benefits organizations phase, Aruba has developed a three step framework of Connect, Protect and Analyze and Act. Central has no hardware or software requirements. It's in the cloud with all resources needed for performance and invisibility. If you have internet access, you can access central from your smartphone, tablet, or computer all with guaranteed uptime. And if you lose an Internet connection, devices revert to local management. It's a cloud-centric design with a modern switch portfolio for cloud-connected, IoT-enabled, mobile networks. You get a modular micro-services database-driven OS for feature velocity, quality, and extensibility. And it's 100% programmable with REST APIs, you can use Python, Ansible and more. It's elastic scalable from 24 x 1G to 120 x100G; fully distributed Chassis policy driven segmentation and it's resilient, live upgrades with V ESX. Process resiliency with the OS and hardware redundancy. And you get a consistent operational experience from access to core aggregation to data center with the same OS. It's simple. You can collapse and expand aggregation or aggregation in core into a single platform. It's efficient, simplified management, more automation, fewer errors, better productivity, and it's future ready with automation with instrumentation for policy, self-healing and AIOps. It's investment protected. So you're ready for growth with hardware that's skills from 1G hi-POE to 100 G. Then there's the Intelligent Automation to simplify and automate operator experience with advanced analytics. So boosted productivity to streamline and validate operations with auto config and conformance. It's agile with automated provisioning, analytics driven visibility, self-healing and integrations. You get faster resolution with enhanced troubleshooting at any level of granularity. And tighter security to automate policy driven segmentation with user based and switch-to-switch tunneling. Now I really like the network analytics capabilities with a dense web of potential issues. The AI resources are huge Intelligent monitoring an automated data collection analysis, lets you quickly drill down to the root cause of any issue. As soon I'll talk more about how this works but first, take a look at this ability to analyze configurations. You can quickly search all switch configurations, including device names, hardware and software versions, and more to find the group of switches that require configuration changes or investigation, you create custom tags for devices and automated configuration and firmware plans. So do things like say, fix the OSPF MTU on all edge routers, do a firmware upgrade on all building one edge switches and more. You can also identify inconsistencies and errors, such as security policy violations. So say show me configurations of any access switches and building 5 that changed within the last week or are there any configurations that violate our security hardening policy? Okay, so powerful configuration analyzation, but you also need configuration consistency. And it better be easy, right? Conformance validation detects configurations that violate your corporate policies or network design by comparing switch configurations against conformance tests. You can define policies by creating an enabling conformance test, which run continuously against both candidate and running configurations. Now, what about a test to configure VLANs on certain switches, or maybe you need specific wording on a login banner or must conform to certain regulatory compliance mandates. The audit feature records all hardware and software versions and configuration changes. You can then search and view all changes or groups of changes. You can easily track all changes to hardware, software and configurations with automated versioning. It's easy to roll back to any previous configuration as needed. That can be a lifesaver. You can use change validation to determine whether a deployed configuration change produced desired results. The system automatically collects network state information before and after change deployment and gives you a side by side difference report. These types of features all let you verify device connectivity, and that all third party devices, didn't lose connectivity due to say, making a routing change or adding ports to the switches Link Aggregation group or LAG. Central also lets you configure multiple devices in bulk using templates. But often some configuration parameters vary per device of course. So central lets you use variables, and modify them as needed. Now suppose both switches are in the central 2920Group 1. This group requires VLAN 120 to be configured, and a common set of untagged VLANs on certain trunk links, but each switch requires a unique hostname so you define variable sis underscore hostname. Then you configure each switches hostname in a variables file. When central pushes down the configuration, each switch gets the full configuration with the variable values. So you can save huge amount of times during switch deployment and updates with bulk configurations. And yes, you still have the granularity to add unique configurations to individual switches. And cloud based Aruba central improve your management and security stance for wireless systems. Both for small remote offices with Aruba instant controller less WLANs and enterprise class controller base WLANs along with your wired LAN and when environments look what this gives you Worldwide control over all systems, with several data points intelligently analyzed into simple user experience metrics. And this can help you to identify trends, and head off problems proactively, sometimes even before users start complaining. Let's take a look at those WAN links. Branch local area networks or lands can be surprisingly complex and each customer's unique. Some customers will deploy redundant VPN concentrators or VPNC's in their data centre or spread them among distributed data centres to aggregate data traffic from branches. You can configure primary and redundant VPN concentrators in an active active mode to allow some branch gateways or BGW's to terminate on one VPN concentrator and the remaining on the second VPN concentrator, along with any required connectivity to the public cloud services via Virtual Gateway. Routing protocols like BGP and OSPF provide resiliency, along with a virtual router Redundancy Protocol, or vrrp. These SD branch gateways use a virtual IP address to provide redundancy. When the primary device becomes unavailable, a backup gateway assumes the virtual IP address, with uninterrupted connectivity. When you add in dynamic Path Selection, policy based routing and role based security and routing, traffic can be routed based on availability, application, user role and link health. And you keep it all secure with things like dynamic segmentation, but I'll talk about that in part two of this section on Aruba, ESP. Meanwhile, how about a short break? We covered Aruba ESP general concepts and the unified infrastructure. Come on back for the final video in this series, where you'll explore Aruba ESP zero trust security in AIOps.
