One of the largest movements in WiFi over the past decade has
been the movement to Cloud Based Management. It seems every single vendor has
their own cloud-based management platform. To help differentiate them, I put
together a comparison table (at the bottom of the post) that goes over the major features and functionality
that many organizations might be looking for. This is by no means an exhaustive
list of vendors or of features. Merely the top platforms and feature sets that
I encounter out there.
Also, as a disclaimer, these are my personal thoughts and
opinions driven by the information that I have seen, and through my experiences
on these platforms. I have been hands on with every one of these platforms except
for Ubiquiti. But that does not mean that my experience will match everyone’s.
As with everything in IT – Trust, but verify.
Meraki
Meraki was one of the first to market with a Cloud Managed
platform. Spawning form the MIT Roofnet project, and then becoming an actual
company in 2006. Meraki grew quite quickly, and in late 2012 was acquired by
Cisco. Since that acquisition they have continued to grow at an incredibly
rapid pace.
Pros: In my
opinion Meraki has always had one of the cleanest/most intuitive of all of the
interfaces. Despite adding new product categories (Security appliances,
switches, cameras, phones, MDM) to their dashboard, they have been able to keep
it clean and consistent. With seemingly everything hyperlinked together. So an
administrator can easily drill from one thing to another on the fly.
Meraki has also had a strong set of “live-tools” built into
their interface. Allowing easy remote troubleshooting through a number of basic
tools that can be executed from the dashboard to a device, or from the device
itself. Also in most of their devices is a tertiary radio that can be used for
spectrum analysis. This can be an incredible tool for troubleshooting random
connectivity issues.
Meraki’s single subscription per Access Point contains all
functionality that they have built into their dashboard. They have yet to
release a wireless feature that requires extra licensing.
As you grow your network and add new AP’s and their
subsequent subscriptions, all of your subscriptions will automatically
co-terminate together. This is done through a “weighting” process that’s fairly
hard to explain. But as a simple example. If I purchase 10 AP’s with a 1-year
subscription in January, and in June after six months have gone by (and I have another
six months left on the original 10) I purchase 10 more AP’s with 1-year
subscriptions. My final expiration date would actually be in March. Because the
Original 10’s expiration date will be dragged *forward* while the second group
of AP’s will be dragged *back.* Averaging all of the 20 subscriptions out to a March expiration. Meraki does a much better job of explaining this in
their documentation.
Cons: The
largest drawback to Meraki has always been their subscription-expiration
policy. Meraki is the only provider on the list whose product will stop working
if your subscription expires. They do provide you a 30-day grace period, and will
alert you in a number of different ways that your subscription is close to
expiring.
Another drawback that has always irked me, is that their
only external antenna Access Point options are their outdoor AP’s. Which are
obviously not very cost effective when compared to their indoor brethren. This
makes it expensive to deploy them in high-density indoor environments such as
lecture halls.
I’m also going to include here their automatic subscription
co-termination, despite also having it as a Pro. I know many finance
departments wouldn’t be happy with paying for something for say 36 months, but
due to it being added to an existing deployment, end up getting much less than
that due to this policy.
Aruba Central
Aruba’s cloud platform was announced shortly after Cisco
acquired Meraki. The platform has continued to grow, and since the acquisition
of Aruba by HPE, has even grown to start to include the ability to manage many
of the HP Networking switches as well.
Pros: Aruba
has consistently been one of the most well regarded Wireless companies, with
consistent praise for their RF design and their enterprise grade feature sets. With Central, Aruba has provided another way of controlling their outstanding hardware, and is compatible with most of their Access Points that use the "Instant" architecture. However moving forward, Aruba has made the process even more simple with the release of their "Universal" image. This image is only shipping on a few of their newer Access Points, but will take much of the confusion out of the ordering process. Here's a great blog that goes into detail about the new image:
http://community.arubanetworks.com/t5/Technology-Blog/Aruba-Unified-AP-platform/ba-p/295661
Aruba made a very wise choice when it came to the "flow" of their cloud interface. Borrowing much of the same nomenclature and mimicking the same feel as their widely used controller platforms. This makes it easier for organizations who are already comfortable with Aruba’s management to easily transition and understand their Cloud interface.
http://community.arubanetworks.com/t5/Technology-Blog/Aruba-Unified-AP-platform/ba-p/295661
Aruba made a very wise choice when it came to the "flow" of their cloud interface. Borrowing much of the same nomenclature and mimicking the same feel as their widely used controller platforms. This makes it easier for organizations who are already comfortable with Aruba’s management to easily transition and understand their Cloud interface.
Another plus is their ability to manage other devices in the
Aruba Networks lineup, such as many of the switches that the lineup inherited
from the ProCurve lineup. Many of which retained their famed lifetime warranty
as well.
Since this follows on the heels of the Meraki write-up, I’ll
point out that if your Aruba Central subscription lapses then their AP’s will retain
the last known configuration provided by Central and remain running as “Instant”
Access Points. However you will need to remove them from the Cloud inventory
before being able to manage them directly again.
Cons: Although
their base platform has a very “enterprise-ready” feature set, there are
certain things that Aruba charges additional licenses for such as Guest
Management and Presence Analytics.
Their interface uses an “app-switcher” (my term) in the
upper left hand corner. With each “app” being a different management section.
Also, when you add in the extra functionality this is where those get added
into. This layout took a bit of time to get used to. And once I understood it,
the only time I knew to navigate to a different “app” was when I didn’t see the
necessary feature that I was looking for.
Ruckus:
Ruckus is best known for their BeamFlex technology. And maybe
second-best known for their odyssey of acquisition over the past few years. If
I have their Journey correct, they were first purchased by Brocade in 2016.
Then Brocade was purchased in a major acquisition by Broadcom. But then
Broadcom spun off Ruckus and the Brocade ICX lineup to Arris. All of this
started in 2016 and has just recently started to settle down. Ruckus as a
company has done a great job of weathering this storm and done their best to
continue to operate as if none of this was going on around them.
When it comes to their Cloud platform, they were certainly a bit late to the party, releasing theirs publicly in the middle of 2016. Unfortunately it still feels as though it is lagging behind the others in terms of features and polish as well. Which is unfortunate because their Access Points and Controllers are rock solid. However they do have a strong roadmap of features coming which should help bring them to parity with the rest of the market out there.
Pros: As I
stated above, one of the largest strengths of Ruckus is their Beamflex technology.
Their cloud platform works with most of their Access Points (but not all) and
as such your deployment gets to take advantage of this as well.
All of these platforms offer some form of Guest WiFi. However
it’s always in how it’s deployed that sets them apart. As much as I’m a fan of simple
and open Guest networks, many organizations like to be able to lock down access
to those that they deem necessary. This is often done through some sort of
on-boarding process. Whether it’s a self-supported process, or if access has to
be sponsored from someone within the organization. Ruckus allows you to have a guest administrator
who can hand out personalized credentials to guests. As part of this process,
the administrator needs to put in the guests information such as name, email
address, phone number, etc. Ruckus has made this even easier by implementing a
feature on their mobile app that can actually scan a business card, and
auto-fill the corresponding information fields. This is a really slick method
and make the process much more efficient. Also as part of the process, the
administrator can choose how long the users credentials are good for, and how
many client devices can use those same credentials.
Cons: Take
a look at the table, their feature parity just isn’t there yet. I’ve also run
into some strange bugs in their analytics portion.
One of the largest bugs/issues that I’ve run into has just
been getting to the dashboard itself. For a long time now I’ve been unable to
get to it using Chrome, and Firefox usually times out as well. When on my
Windows device I’m able to get to it through Internet Explorer, although it’s
still unfortunately slow. On my Mac it timed out on Chrome and Safari, however
I was able to access it using Opera. From what I understand this is a known bug
and something they are working on.
Another drawback is that if your subscription lapses, the
Access Points will “halt” until reconfigured as autonomous AP’s, or pointed to
a controller. I wish they went with the same method as Aruba, and have them
fail to their “Unleashed” platform (which is their equivalent of Aruba
Instant.) However I understand that these things might be platform specific and
potentially are not possible. At least your investment in Access Points isn’t
lost completely. Those AP’s can be reconfigured and continue to be used. I just
hate the “halting,” and would much rather they proceed on with the last known
good configuration. Obviously any features that are reliant on the cloud would
understandably cease, but normal traffic would continue to be passed.
Aerohive
Where do I begin with Aerohive? They have historically been
a company filled with some of the top-engineers in the industry. The last
headline that I saw was that they employ 14 CWNE’s, to put that into context,
world-wide there are only around 265 CWNE’s total. They have consistently been
a company driven by engineers. They have heavy adoption in the EDU space, and
seemed to have focused on that vertical. Aerohive has also been a large OEM
player, partnering with the likes of Dell and others.
Aerohives original platform, which they are now calling
Classic, had a huge feature set. However to many, that was actually its
drawback. It was an interface that wasn’t entirely intuitive and had a number
of nerd-knobs that were in areas that were hard to remember. Much of the flow
felt disjointed, with menu selections starting vertically, then expanding horizontally,
with drop downs thrown in for good-measure. As with any interface, people who
knew it could fly through it. However for those who only touched it
sporadically it could be a struggle. That said, it was incredibly granular and
provided features that weren’t really available that that time. Aerohive heard
the criticism and knew they were being constantly compared against Meraki’s
dashboard. So they decided to revamp theirs to make it cleaner and more
intuitive and thus released HiveManager NG. Because everything released around
that time period had to be Next Generation. Star Trek was apparently way ahead
of its time. Unfortunately when NG was originally released it didn’t have
anywhere near feature parity to “Classic.” So adoption of it was fairly slow.
Further decreasing adoption was that Aerohive never created an easy migration
path from Classic to NG. I understand that they were two completely separate platforms
more than likely based on two different back-end architectures. However a
migration tool, even if an at-cost tool, would have really helped drive
adoption. That all said, HiveManager NG, now called Select, does have feature
parity to Classic.
Recently, Aerohive released a free version of their
HiveManager called “Connect.” Which is essentially a hamstrung version of their
platform with some feature limitations. To also provide it for free, you also
do not get any support for the product. You can purchase support however. When
using Connect, it’s actually running on the Select platform. So by default you
can see all the features you are missing out on by not paying for your
subscription. However they have graciously allowed you to shut this off.
Pros:
Aerohive is a mature product, and although its management interface has gone
through a number of iterations, I think it’s come out the other side a better
product for it.
One of the features that Aerohive has always touted is their
Private Pre-Shared Key (PPSK) feature. This is available in both their Classic
and Select platforms. Other products offer this same feature, but Hive has done
a good job in their implementation and promotion of the product. They also have
made an iOS app so organizations can set up a Kiosk with an iPad for users to
self-register and receive their guest credentials.
Another thing that I like about the Aerohive solution is
their expiration policy. Obviously this is only applicable to their Select
platform, since the Connect platform is free and therefore subscription-less. If
your Select platform expires, your equipment will continue to run. However you
do lose the ability to actually manage the product until you do one of two
things. Either you renew your subscription, or, if you decide that you do not
need the entire feature set of Select, you can spin up a new Connect platform
and move your AP’s over to it. Unfortunately this migration will not be
seamless. So it’s not a completely pain-free policy. But certainly better than
others.
Cons: In my
opinion HiveManager NG is vastly improved upon Classic. That said, the
interface can still feel cluttered and almost rambling. The dashboard portion
is fairly solid, but the configuration of SSID’s feels disjointed. That said,
for many the setup of networks will be fairly set and forget. With monitoring
and troubleshooting being the primary uses of the dashboard.
With their Connect platform you can purchase one of their AP’s
for a relatively very cheap price. With MSRPs on their AP122 for $229 and AP130
at $299. Personally I’m not a fan of fighting down. I understand that they are
trying to get their product out at a cheap price to introduce it to the world
and to compete against the UBNT’s of the world. However to reach that price
point normally something normally has to give.
Ubiquiti
Ubiquiti is an interesting company. On one hand, a lot of
people swear by their equipment. However to others, it’s the butt of jokes and criticism.
One thing that most do agree on however is that their bridging equipment is
rock solid, especially for the price point. However this is a blog about their cloud
platform. It’s the only one on this list that I have yet to get any real hands
on experience with however. So this will be easily the shortest write-up in
this post. Also, this was the only vendor that I wasn’t able to confirm any of
the information with. Which I’ll get into in the “Cons” section. This is a
platform I’m going to try and learn more about as the year goes on because they
seem to be growing and their platform and features seem to be very promising.
With that said, I’m going to do my best to reserve judgement on the product
until that time. Except for the lack of support or contacts. That irks me as I
might mention a time or two below.
Pros:
Cheap. Most of their AP’s run right about $100, with their cloud dashboard costing
$199 for 1yr, but that covers 100 devices. To put this into perspective, Meraki’s
1yr subscription for one device has an MSRP of $150, and that’s pretty standard
across the rest of the platforms as well. From what I understand, you will need their
cloud key. Which is actually a cool bit of kit. It looks like a USB key that
hangs off of a port on your switch and acts as a gateway from your on-prem
equipment to their cloud dashboard. At least that’s how I understand it. Again,
I wasn’t able to talk to anyone about it.
Their dashboard seems fairly clean from the demo that I was able to find online. They also do seem to be putting some interesting features and functionality into their devices. But again, I have zero hands on experience outside of seeing the demo online.
Cons: No
support. Well, that’s not 100% true, you can get support in a forum. Which does
have Ubiquiti employees who respond. But with no dedicated SLA, or even
guarantee that you will receive an answer. However there are many rabid UBNT
fans on the forum who do what they can to provide answers and help. But I don’t
know that I would want to hang my organizations infrastructure on potentially
receiving an answer on an issue from a forum.
For transparency I should note that I have seen discussions
of UniFi Elite, which apparently provides phone support, but that’s all I have
seen, discussions. Nothing solid. But maybe I’m missing something obvious.
A great example of the lack of support is just this post
itself. I sent the table to all of the vendors to verify my entries and gain
further insight. While I’m sure I could have posted this to the forum and
received a response. I didn’t want a response from someone who runs a WISP off
of Ubiquiti equipment, I wanted it from the horse’s mouth. Despite working for
a company who sells a lot of Ubiquiti equipment, I have absolutely no direct
contacts. The only method of directly contacting them that seemed to work was through
a Facebook Message from my personal Facebook account. Ubiquiti’s Social Media
team did answer saying they forwarded my request off to the appropriate party.
However I never received any response, despite following up again. Their Social
Media team did respond both times I reached out within 24 hours. But only that
they were sending my request off, or following up with the appropriate
resources. So that’s why you don’t see them on the table. If I do receive a
response I will be more than happy to update the table and this post with the
findings.
Conclusion:
As you can see, all of these platforms have both strengths
and weaknesses. As with anything, it’s taking a look at the different offerings
and determining what feature-set coincides best with your organization’s needs.
With that, thanks for reading! If you have any questions or comments just let
me know!
| Function/Feature | Meraki | Aruba Central | Ruckus | Aerohive Connect | HiveManger NG |
| Application Visibility | Yes | Yes | Yes | No | Yes |
| Application Throttling | Yes | Yes | No | No | Yes |
| SSID Throttling | Yes | Yes | No, but can limit per AP | No | Yes |
| Client Throttling | Yes | Yes | Yes | Yes | Yes |
| Firewall | Yes | Yes | Not yet | Limited | Yes |
| Guest Network | Yes | Yes | Yes | Yes | Yes |
| PPSK Support | No | No | Yes - Through Guest Pass | No | Yes |
| Location Analytics | Yes | Only through ALE - Add-On $$$ | No | No | Yes |
| RF Visibility | Yes | AP's are capable, but not Central | No | Limited | Yes |
| 802.1X support | Yes | Yes | Yes | Yes | Yes |
| 802.11k support | Yes | Yes | Not yet | Yes | Yes |
| 802.11r support | Yes | Yes | Not yet | Yes | Yes |
| 802.11v support | Yes | Yes | No | Yes | Yes |
| Available Support | Part of Subscription | Part of Subscription | Yes | Optional | Yes |
| On-Prem Controller Option | No | Yes | Yes | No | Yes |
| SSID Scheduling | Yes | Yes | Yes | No | Yes |
| Subscription Expires Policy | 30 day grace period before devices shut down | Fails back to "Instant" | AP's halt until reconfigured as Autonomous pointed to a controller | Lifetime Subscription | Equipment still runs, but you lose cloud managability. |
This is a great breakdown, Thanks Dan.
ReplyDelete