Wednesday, January 17, 2018

Cloud Management Platform Comparisons and Opinions

One of the largest movements in WiFi over the past decade has been the movement to Cloud Based Management. It seems every single vendor has their own cloud-based management platform. To help differentiate them, I put together a comparison table (at the bottom of the post) that goes over the major features and functionality that many organizations might be looking for. This is by no means an exhaustive list of vendors or of features. Merely the top platforms and feature sets that I encounter out there.

Also, as a disclaimer, these are my personal thoughts and opinions driven by the information that I have seen, and through my experiences on these platforms. I have been hands on with every one of these platforms except for Ubiquiti. But that does not mean that my experience will match everyone’s. As with everything in IT – Trust, but verify.


Meraki
Meraki was one of the first to market with a Cloud Managed platform. Spawning form the MIT Roofnet project, and then becoming an actual company in 2006. Meraki grew quite quickly, and in late 2012 was acquired by Cisco. Since that acquisition they have continued to grow at an incredibly rapid pace.

Pros: In my opinion Meraki has always had one of the cleanest/most intuitive of all of the interfaces. Despite adding new product categories (Security appliances, switches, cameras, phones, MDM) to their dashboard, they have been able to keep it clean and consistent. With seemingly everything hyperlinked together. So an administrator can easily drill from one thing to another on the fly.

Meraki has also had a strong set of “live-tools” built into their interface. Allowing easy remote troubleshooting through a number of basic tools that can be executed from the dashboard to a device, or from the device itself. Also in most of their devices is a tertiary radio that can be used for spectrum analysis. This can be an incredible tool for troubleshooting random connectivity issues.

Meraki’s single subscription per Access Point contains all functionality that they have built into their dashboard. They have yet to release a wireless feature that requires extra licensing.

As you grow your network and add new AP’s and their subsequent subscriptions, all of your subscriptions will automatically co-terminate together. This is done through a “weighting” process that’s fairly hard to explain. But as a simple example. If I purchase 10 AP’s with a 1-year subscription in January, and in June after six months have gone by (and I have another six months left on the original 10) I purchase 10 more AP’s with 1-year subscriptions. My final expiration date would actually be in March. Because the Original 10’s expiration date will be dragged *forward* while the second group of AP’s will be dragged *back.* Averaging all of the 20 subscriptions out to a March expiration. Meraki does a much better job of explaining this in their documentation.

Cons: The largest drawback to Meraki has always been their subscription-expiration policy. Meraki is the only provider on the list whose product will stop working if your subscription expires. They do provide you a 30-day grace period, and will alert you in a number of different ways that your subscription is close to expiring.

Another drawback that has always irked me, is that their only external antenna Access Point options are their outdoor AP’s. Which are obviously not very cost effective when compared to their indoor brethren. This makes it expensive to deploy them in high-density indoor environments such as lecture halls.

I’m also going to include here their automatic subscription co-termination, despite also having it as a Pro. I know many finance departments wouldn’t be happy with paying for something for say 36 months, but due to it being added to an existing deployment, end up getting much less than that due to this policy.


Aruba Central

Aruba’s cloud platform was announced shortly after Cisco acquired Meraki. The platform has continued to grow, and since the acquisition of Aruba by HPE, has even grown to start to include the ability to manage many of the HP Networking switches as well.

Pros: Aruba has consistently been one of the most well regarded Wireless companies, with consistent praise for their RF design and their enterprise grade feature sets. With Central, Aruba has provided another way of controlling their outstanding hardware, and is compatible with most of their Access Points that use the "Instant" architecture. However moving forward, Aruba has made the process even more simple with the release of their "Universal" image. This image is only shipping on a few of their newer Access Points, but will take much of the confusion out of the ordering process. Here's a great blog that goes into detail about the new image:
http://community.arubanetworks.com/t5/Technology-Blog/Aruba-Unified-AP-platform/ba-p/295661

Aruba made a very wise choice when it came to the "flow" of their cloud interface. Borrowing much of the same nomenclature and mimicking the same feel as their widely used controller platforms. This makes it easier for organizations who are already comfortable with Aruba’s management to easily transition and understand their Cloud interface.


Another plus is their ability to manage other devices in the Aruba Networks lineup, such as many of the switches that the lineup inherited from the ProCurve lineup. Many of which retained their famed lifetime warranty as well.

Since this follows on the heels of the Meraki write-up, I’ll point out that if your Aruba Central subscription lapses then their AP’s will retain the last known configuration provided by Central and remain running as “Instant” Access Points. However you will need to remove them from the Cloud inventory before being able to manage them directly again.  

Cons: Although their base platform has a very “enterprise-ready” feature set, there are certain things that Aruba charges additional licenses for such as Guest Management and Presence Analytics.

Their interface uses an “app-switcher” (my term) in the upper left hand corner. With each “app” being a different management section. Also, when you add in the extra functionality this is where those get added into. This layout took a bit of time to get used to. And once I understood it, the only time I knew to navigate to a different “app” was when I didn’t see the necessary feature that I was looking for.


Ruckus:

Ruckus is best known for their BeamFlex technology. And maybe second-best known for their odyssey of acquisition over the past few years. If I have their Journey correct, they were first purchased by Brocade in 2016. Then Brocade was purchased in a major acquisition by Broadcom. But then Broadcom spun off Ruckus and the Brocade ICX lineup to Arris. All of this started in 2016 and has just recently started to settle down. Ruckus as a company has done a great job of weathering this storm and done their best to continue to operate as if none of this was going on around them.

When it comes to their Cloud platform, they were certainly a bit late to the party, releasing theirs publicly in the middle of 2016. Unfortunately it still feels as though it is lagging behind the others in terms of features and polish as well. Which is unfortunate because their Access Points and Controllers are rock solid. However they do have a strong roadmap of features coming which should help bring them to parity with the rest of the market out there.

Pros: As I stated above, one of the largest strengths of Ruckus is their Beamflex technology. Their cloud platform works with most of their Access Points (but not all) and as such your deployment gets to take advantage of this as well.

All of these platforms offer some form of Guest WiFi. However it’s always in how it’s deployed that sets them apart. As much as I’m a fan of simple and open Guest networks, many organizations like to be able to lock down access to those that they deem necessary. This is often done through some sort of on-boarding process. Whether it’s a self-supported process, or if access has to be sponsored from someone within the organization.  Ruckus allows you to have a guest administrator who can hand out personalized credentials to guests. As part of this process, the administrator needs to put in the guests information such as name, email address, phone number, etc. Ruckus has made this even easier by implementing a feature on their mobile app that can actually scan a business card, and auto-fill the corresponding information fields. This is a really slick method and make the process much more efficient. Also as part of the process, the administrator can choose how long the users credentials are good for, and how many client devices can use those same credentials.

Cons: Take a look at the table, their feature parity just isn’t there yet. I’ve also run into some strange bugs in their analytics portion.

One of the largest bugs/issues that I’ve run into has just been getting to the dashboard itself. For a long time now I’ve been unable to get to it using Chrome, and Firefox usually times out as well. When on my Windows device I’m able to get to it through Internet Explorer, although it’s still unfortunately slow. On my Mac it timed out on Chrome and Safari, however I was able to access it using Opera. From what I understand this is a known bug and something they are working on.  

Another drawback is that if your subscription lapses, the Access Points will “halt” until reconfigured as autonomous AP’s, or pointed to a controller. I wish they went with the same method as Aruba, and have them fail to their “Unleashed” platform (which is their equivalent of Aruba Instant.) However I understand that these things might be platform specific and potentially are not possible. At least your investment in Access Points isn’t lost completely. Those AP’s can be reconfigured and continue to be used. I just hate the “halting,” and would much rather they proceed on with the last known good configuration. Obviously any features that are reliant on the cloud would understandably cease, but normal traffic would continue to be passed.


Aerohive
Where do I begin with Aerohive? They have historically been a company filled with some of the top-engineers in the industry. The last headline that I saw was that they employ 14 CWNE’s, to put that into context, world-wide there are only around 265 CWNE’s total. They have consistently been a company driven by engineers. They have heavy adoption in the EDU space, and seemed to have focused on that vertical. Aerohive has also been a large OEM player, partnering with the likes of Dell and others.

Aerohives original platform, which they are now calling Classic, had a huge feature set. However to many, that was actually its drawback. It was an interface that wasn’t entirely intuitive and had a number of nerd-knobs that were in areas that were hard to remember. Much of the flow felt disjointed, with menu selections starting vertically, then expanding horizontally, with drop downs thrown in for good-measure. As with any interface, people who knew it could fly through it. However for those who only touched it sporadically it could be a struggle. That said, it was incredibly granular and provided features that weren’t really available that that time. Aerohive heard the criticism and knew they were being constantly compared against Meraki’s dashboard. So they decided to revamp theirs to make it cleaner and more intuitive and thus released HiveManager NG. Because everything released around that time period had to be Next Generation. Star Trek was apparently way ahead of its time. Unfortunately when NG was originally released it didn’t have anywhere near feature parity to “Classic.” So adoption of it was fairly slow. Further decreasing adoption was that Aerohive never created an easy migration path from Classic to NG. I understand that they were two completely separate platforms more than likely based on two different back-end architectures. However a migration tool, even if an at-cost tool, would have really helped drive adoption. That all said, HiveManager NG, now called Select, does have feature parity to Classic.

Recently, Aerohive released a free version of their HiveManager called “Connect.” Which is essentially a hamstrung version of their platform with some feature limitations. To also provide it for free, you also do not get any support for the product. You can purchase support however. When using Connect, it’s actually running on the Select platform. So by default you can see all the features you are missing out on by not paying for your subscription. However they have graciously allowed you to shut this off.

Pros: Aerohive is a mature product, and although its management interface has gone through a number of iterations, I think it’s come out the other side a better product for it.
One of the features that Aerohive has always touted is their Private Pre-Shared Key (PPSK) feature. This is available in both their Classic and Select platforms. Other products offer this same feature, but Hive has done a good job in their implementation and promotion of the product. They also have made an iOS app so organizations can set up a Kiosk with an iPad for users to self-register and receive their guest credentials.

Another thing that I like about the Aerohive solution is their expiration policy. Obviously this is only applicable to their Select platform, since the Connect platform is free and therefore subscription-less. If your Select platform expires, your equipment will continue to run. However you do lose the ability to actually manage the product until you do one of two things. Either you renew your subscription, or, if you decide that you do not need the entire feature set of Select, you can spin up a new Connect platform and move your AP’s over to it. Unfortunately this migration will not be seamless. So it’s not a completely pain-free policy. But certainly better than others.

Cons: In my opinion HiveManager NG is vastly improved upon Classic. That said, the interface can still feel cluttered and almost rambling. The dashboard portion is fairly solid, but the configuration of SSID’s feels disjointed. That said, for many the setup of networks will be fairly set and forget. With monitoring and troubleshooting being the primary uses of the dashboard.

With their Connect platform you can purchase one of their AP’s for a relatively very cheap price. With MSRPs on their AP122 for $229 and AP130 at $299. Personally I’m not a fan of fighting down. I understand that they are trying to get their product out at a cheap price to introduce it to the world and to compete against the UBNT’s of the world. However to reach that price point normally something normally has to give.


Ubiquiti

Ubiquiti is an interesting company. On one hand, a lot of people swear by their equipment. However to others, it’s the butt of jokes and criticism. One thing that most do agree on however is that their bridging equipment is rock solid, especially for the price point. However this is a blog about their cloud platform. It’s the only one on this list that I have yet to get any real hands on experience with however. So this will be easily the shortest write-up in this post. Also, this was the only vendor that I wasn’t able to confirm any of the information with. Which I’ll get into in the “Cons” section. This is a platform I’m going to try and learn more about as the year goes on because they seem to be growing and their platform and features seem to be very promising. With that said, I’m going to do my best to reserve judgement on the product until that time. Except for the lack of support or contacts. That irks me as I might mention a time or two below.

Pros: Cheap. Most of their AP’s run right about $100, with their cloud dashboard costing $199 for 1yr, but that covers 100 devices. To put this into perspective, Meraki’s 1yr subscription for one device has an MSRP of $150, and that’s pretty standard across the rest of the platforms as well.  From what I understand, you will need their cloud key. Which is actually a cool bit of kit. It looks like a USB key that hangs off of a port on your switch and acts as a gateway from your on-prem equipment to their cloud dashboard. At least that’s how I understand it. Again, I wasn’t able to talk to anyone about it.

Their dashboard seems fairly clean from the demo that I was able to find online. They also do seem to be putting some interesting features and functionality into their devices. But again, I have zero hands on experience outside of seeing the demo online.

Cons: No support. Well, that’s not 100% true, you can get support in a forum. Which does have Ubiquiti employees who respond. But with no dedicated SLA, or even guarantee that you will receive an answer. However there are many rabid UBNT fans on the forum who do what they can to provide answers and help. But I don’t know that I would want to hang my organizations infrastructure on potentially receiving an answer on an issue from a forum.

For transparency I should note that I have seen discussions of UniFi Elite, which apparently provides phone support, but that’s all I have seen, discussions. Nothing solid. But maybe I’m missing something obvious.

A great example of the lack of support is just this post itself. I sent the table to all of the vendors to verify my entries and gain further insight. While I’m sure I could have posted this to the forum and received a response. I didn’t want a response from someone who runs a WISP off of Ubiquiti equipment, I wanted it from the horse’s mouth. Despite working for a company who sells a lot of Ubiquiti equipment, I have absolutely no direct contacts. The only method of directly contacting them that seemed to work was through a Facebook Message from my personal Facebook account. Ubiquiti’s Social Media team did answer saying they forwarded my request off to the appropriate party. However I never received any response, despite following up again. Their Social Media team did respond both times I reached out within 24 hours. But only that they were sending my request off, or following up with the appropriate resources. So that’s why you don’t see them on the table. If I do receive a response I will be more than happy to update the table and this post with the findings.


Conclusion:

As you can see, all of these platforms have both strengths and weaknesses. As with anything, it’s taking a look at the different offerings and determining what feature-set coincides best with your organization’s needs. With that, thanks for reading! If you have any questions or comments just let me know!


Function/Feature Meraki Aruba Central Ruckus Aerohive Connect HiveManger NG
Application Visibility Yes Yes Yes No   Yes
Application Throttling Yes Yes No No  Yes
SSID Throttling Yes Yes No, but can limit per AP  No  Yes
Client Throttling Yes Yes Yes  Yes  Yes
Firewall Yes Yes Not yet  Limited  Yes
Guest Network Yes Yes Yes  Yes  Yes
PPSK Support No No Yes - Through Guest Pass  No  Yes
Location Analytics Yes Only through ALE - Add-On $$$ No  No  Yes
RF Visibility Yes AP's are capable, but not Central No  Limited  Yes
802.1X support Yes Yes Yes  Yes  Yes
802.11k support Yes Yes Not yet  Yes  Yes
802.11r support Yes Yes Not yet  Yes  Yes
802.11v support Yes Yes No  Yes  Yes
Available Support Part of Subscription Part of Subscription Yes  Optional  Yes
On-Prem Controller Option No Yes Yes  No  Yes
SSID Scheduling Yes Yes Yes  No  Yes
Subscription Expires Policy 30 day grace period before devices shut down Fails back to "Instant" AP's halt until reconfigured as Autonomous pointed to a controller Lifetime Subscription Equipment still runs, but you lose cloud managability.

1 comment: