Aerohive is a pretty unique company, they’re a bunch of troublemaking wi-fi whisperers (I can’t remember who said wi-fi whisperers earlier today, but I’m taking it and claiming it as my own) who love to shake the competition up a bit from time to time. By now it’s pretty clear, cloud management platforms are a validated architecture. It works. How do we know? Well, Aerohive has been pulling it off for a few years now and putting out some pretty decent product. There was also that other thing… I can’t quite remember… Someone bought a company or something like that? Oh well, maybe it’ll come back to me later. Anyway, it’s never dull when you get a group of bees together, especially when you enter their hive (that’s the last bee reference I’ll be making, you’re welcome).
Aerohive started off our mid-day session on Wednesday and jumped in with an overview of the company and what they’re all about.
After that, the team introduced Kell van Daal, the real life most interesting man in the world. This guy loves purple. Not loves, LOVES. It was interesting but he put on a great show and seems to love his job, just not as much as purple.
Kell was at center stage to give us a tour of their new client management, the Aerohive onboarding system. Right now it only works for iOS and OS X but support for other OSes is coming soon. Some odd things about this feature though… First, it’s not MDM. Don’t confuse the two. Aerohive is offering onboarding seperate from the MDM partner integration. Second, it’s a simple to configure (checkbox and it’s enabled) add-on except it’s licensed and costs money. This is something that Aerohive has stayed away from for a while so it was a bit of a let down. It’s a nice setup but a licensed add-on for onboarding feels slightly like a money grab.
Next up was ID Manager. ID Manager is a cloud enabled guest management system that’ll run in both Hive Manager Online or a local Hive Manager installation. To be clear, Client Manager is for trusted devices and user, ID Manager is for guest provisioning and access. This is a context aware identity mangement system with the full gamut of features common to today’s advanced AAA systems. This is not an add-on feature, it is an entirely new product and can even be used across the internet as the AAA server for 3rd parties. It is licensed by the number of active guests in the system. I won’t run through all the features since this isn’t a ground breaking service, but I do they it was an obvious addition to the portfolio and it appears to do the job quite well.
Then we were introduced to Praveen Raghuraman to show us around their new feature, AVC (Application Visibility & Control). Now this is not a new concept, but the way they are attacking it is a bit different. Some other solutions from a couple of the largest vendors in Silicon Valley came out earlier this year and have proven to be nice add-ons, but it only really works back at their controllers. Aerohive doesn’t have a controller, so what’s a hive to do? Put that functionality right in the access point, that’s what. Personally I think that’s where it belongs. Why do I want to wait until traffic tunnels all the way across my pipes before I classify, throttle, or even drop it? If I’m trying to ease congestions that way, mission failed, it’s still crossing my network. By having your rules in place _at the access point_ you’re going to prevent it from entering your wired network at all. Makes sense to me.
The claim is that this is true DPI and is even capable of SSL interception if you want to go through the hassle of configuring it, they even showed us a bit of how to configure it and what it looks like when it’s working. It did exactly what they said (in a controlled environment). I have no doubt that it would continue to work when let loose into the wild, but I’m curious to see how it would perform under some heavy load. DPI is CPU intensive and I’m sure that during low utilization (when the AP only has 1 or 2 clients connected browsing the web) there would be no issue. Once that AP is kicked up to 25 clients streaming HD video from Netflix? Not so sure, I’d love to see some tests. I’ll even volunteer to run them. If Aerohive wants to send me 25 or so varied clients I’d be happy to test it for them. I think an AP330 and a few each of Macbook Airs, iPads, Nexus 7s, and a few S4s should suffice. I’ll send my address, thanks and you’re welcome.
From there we were greeted by Matthew Gast, and a torrent of 802.11ac MU-MIMO information… this is the kind of awesome Tech Field Day is all about. Geeking out on topics that everyone in the room can barely grasp. I will rewatch this video quite a few times.