Optimizing Distributed Enterprise Configuration at Scale

Share Post

Aruba Central is a simple and scalable way to configure and manage a distributed enterprise network. Key to this is the allocation of devices to “groups” for the ease of configuration, monitoring and maintenance. A group in Central is a primary configuration element that acts like a container. In other words, groups are a superset of one or several devices that share common configuration parameters.

Device groups provide the following functions and benefits:

  • Combine different types of devices under a common group. For example, you can create a single group for all branches that includes your Aruba gateways, Instant access points and switches. Central allows you to manage the configuration of these devices in separate applications (i.e. gateway, wireless and wired) within the group.
  • Assign multiple devices to a single group.For example, a group can consist of multiple branch gateways of the same model sharing the same port, VLAN, WAN and VPN configuration settings. A group can consist of multiple Instant access points with the WLAN and security configuration.
  • Manage common configuration settings of devices at the group level. This allows you to quickly modify or push new configuration changes across multiple devices. For example, you can modify a WAN policy to support a new application across all your branch gateways or create a new VLAN across all your branch switches.

Tasks that are not performed at a group level, including device-specific configurations such as assigning static IP addresses and hostname, can be done per device or using a bulk provisioning mechanism by uploading a CSV with a list of device-specific parameters. Configuration parameters performed at the device level will generally override the configuration performed at the group level. If the same configuration is performed at both device and group levels, the configuration performed at the device level will be applied.

The number of groups that you define in Aruba Central is specific to your organization and deployment. At a minimum, Aruba Central requires one group to be defined for Aruba Gateways operating as VPN concentrators (VPNCs) and one group to be defined for Aruba Gateways in your branches. The role of each group (Branch or VPNC) is determined when you initially assign devices to your groups.

Determining the number of groups you should implement for your branch sites can be challenging. There is no right or wrong answer and the approach you take will be specific to your organization’s requirements and business needs.

Here are some important considerations for creating separate groups for your network:

  1. Your deployment supports branch sites with unique configuration needs.For example, you’re a retailer and your stores consists of multiple brands, with each brand requiring different SSIDs, roles and VLAN assignments.
  2. Your deployment includes small and medium branches, each implementing different models of Aruba gateways and switches.For example, your small branches include Aruba 7005 Gateways with 24-port switches, while your medium branches include Aruba 7008 gateways and 48-port switches.
  3. Your deployment includes branch sites across multiple regions and time zones.Separation is required to accommodate different maintenance windows in each region.
  4. Your organization wishes to reduce the risk when new configuration changes are applied.For example, your deployment includes test sites where new configurations are tested and vetted prior to being rolled out across all the branch sites.
  5. Your organization plans to use template based configuration for your switches. A template is created for each switch model and the configuration is performed by uploading variables to the group in Aruba Central.

Aruba is simplifying the burden of large distributed enterprise networks with Aruba Central and its flexible, powerful capabilities like Groups.