BR100 Router - ES Equipements Scientifiques

datasheet
BR100 Router
Branch Router with built-in 802.11n
The Aerohive Networks BR100 Router marries 802.11n performance, enterprise security and
advanced wired/wireless management with cloud computing to deliver a zero-touch branch network
deployment.
“Work anywhere” mobility meets enterprise routing and security in a compact device. With HiveOS
Routing at its core, the BR100 includes fast roaming, user-based access control, and fully stateful
firewall policies, as well as additional security and RF networking features at no extra cost; all without
the need for a centralized or dedicated controller. Combining these award-winning capabilities with
cloud-based services allows the BR100 to meet your budgetary requirements and blow past your
remote workers’ expectations.
The Aerohive Networks BR100
router marries 802.11n performance,
enterprise security, and advanced
wired/wireless management with
cloud computing to deliver a zerotouch branch network deployment.
Key Features and Benefits
Layer 3 IPSec VPN and Flow-based Stateful Firewall
By using device-based IPSec VPN, HiveOS Routing features running on every BR100 allows remote
users to access corporate resources via authenticated devices without the hassle of installing,
configuring or maintaining additional VPN software. In addition, an advanced flow-based stateful
firewall enforces policy on a per data flow basis allowing the Aerohive device to manage traffic via a
combination of user identity and very granular mobile device type. A user can now be granted secure
access to corporate resources based on both who they are and on the type of device that they are
using, providing an invaluable additional level of security regardless of the users’ location.
Wired/Wireless Access and Control
The BR100 includes 5 Ethernet switch ports, a single 802.11 b/g/n radio, a USB port for 3G/4G WAN
backup, and a power adaptor. Since HiveManager manages the device’s identity, the security and
network access policy is the same regardless of whether the clients are connecting via wireless or
wired ports.
Cloud Proxy
Cloud-based security services ensure that branch office communications are “clean” without
requiring that IT run additional security appliances at every branch office or configure web proxy
information on every end user’s device. Since most of the traffic generated at branch or remote
locations is destined for the Internet, Aerohive’s patent-pending Cloud Proxy automatically diverts that
traffic through a cloud-based web security service, vastly reducing bandwidth costs by eliminating the
need to route branch, remote office or mobile-user traffic back to a central location for filtering.
Access That Grows With Your Business
As businesses grow so do the number of branches. The BR100 runs the same HiveOS that runs
on all our products, which means that as your branches grow the BR100 can leverage Aerohive’s
Cooperative Control Architecture and mesh functionality to add wireless coverage to the branch
locations as well. Simply install an additional HiveAP access point and the BR100 will form a wireless
mesh connection with it. Within minutes your new access point will download your security polices
and your secure wireless coverage will be expanded. For more, visit www.aerohive.com/products.
Warranty and Support
Aerohive Networks, Inc.
330 Gibraltar Drive
Sunnyvale, California 94089 USA
phone 408.510.6100
toll-free 866.918.9918
fax 408.510.6199
Every Aerohive Networks device is backed by a limited lifetime hardware warranty. Extended product
and technical support may be purchased separately and can include next day advanced replacement,
24x7 or 8x5 technical support, web and email support access, and software updates. For complete
support terms go to www.aerohive.com/support.
Contact us today to learn how your organization can benefit from Aerohive networking solutions.
www.aerohive.com
(ES) Equipements Scientifiques SA - Département Réseaux sans fil - 127 rue de Buzenval BP 26 - 92380 Garches
Tél. 01 47 95 99 50 - Fax. 01 47 01 16 22 - e-mail: [email protected] - Site Web: www.es-france.com
DS1110011
Product Specifications
Features & Benefits
Mounting
Flexible Hardware Platform
• Desktop
• Keyhole Wall Mounts
Wi-Fi
• 1x1 Single Band 802.11b/g/n
• Single 802.11b/g/n radio
•A
utomatic or dedicated mesh backup
Security
Data Rates
• 802.11b: 1,2,5.5 and 11Mbps
• 802.11g: 6,9,12,18,24,36,48, and 54 Mbps
• 802.11n (HT20/HT40): MCS0 -MCS7
Frequency Band
• 2412MHz - 2472MHz Frequency Band
Modulation
• BPSK, QPSK, 16QAM, 64QAM, DQPSK and CCK
Encryption
• WEP, AES and TKIP
Antennas
• 2x embedded antenna with diversity function
• Wireless privacy & authentication Wi-Fi
CERTIFIED™ WPA™ and WPA2™, 802.11i, WEP,
802.1x, PSK
• Granular user profile-based management defines
QoS, mobility policies, and security policies for
each user that enters the network
• Encryption: AES:CCMP, TKIP, and RC4 (WEP only)
• Marking and policing–WMM™ (802.11e) for
wireless, 802.1p and/or DiffServ
• Wi-Fi CERTIFIED WMM
• WMM power save (U-APSD)
Interfaces
•1x IEEE 802.3 (10BASE-T) and IEEE 802.3u(100BASE-TX)
Compliant 10/100 Mbps RJ45 Fast Ethernet WAN Port
•4x IEEE 802.3(10Base-T) and IEEE802.3u(100BASE-TX)
Compliant 10/100Mbps RJ45 LAN Ports with auto-sensing
and auto-MDI/MDI-X. IEEE 802.3x PAUSE frame flow
controle in full duplex
• 1x Type-A USB2.0 port backward compatible with USB1.1
•1x Reset button to reset (on press) and load factory default
settings (when pressed for more than 5 seconds)
Capacities
Firewall/VPN
5-10 Mbps
Tunnels
2 IPSec Tunnels
vLAN Support
Up to 16 VLANs (1-4094)
SSIDs
8
Clients
32
Roaming Cache
64
• Verizon Pantech
• AT&T Shockwave
BSSIDs
8
User Profiles
16
LEDs
TX/RX Descriptors
128
Cloud-Managed
Yes
Controller-less
Yes
3G Backhaul
• Power/Status
• WAN Port
• LAN Ports (1-4)
Physical
• 134 x 109 x 30 mm
Security
• 1 Kensington Lock Connector
Environmental
• Operating: 0 to +40°C, Storage: -20 to +70°C
• Humidity: 5 to 95% RH (non-condensing)
MTBF
•›200,000 hours based on Telecordia SR-332,
Issue 2 at +25°C ambient temperature
Power
• DC 12V/1A Input
Rate
TX Power RX
(dBm)
Sensitvity
Legacy Mode
1 Mbps
11 Mbps
6 Mbps
54 Mbps
18
18
18
18
-95
-88
-93
-76
HT20 Mode
MCS0
MCS7
18
15
-92
-72
HT40 Mode
MCS0
MCS7
-88
-69
SKU
Description
Aerohive Branch Router
AH-BR-100-N-FCC
BR100, 4xFE, 1xWAN, 1 radio 802.11b/g/n, FCC regulatory domain, with power
supply
AH-BR-100-N-W
BR100, 4xFE, 1xWAN, 1 radio 802.11b/g/n, configurable regulatory domain, with
power supply
AH-BR-100-N-FCC-20PK
Quantity 20: BR100, 4xFE, 1xWAN, 1 radio 802.11b/g/n, FCC regulatory domain,
with power supply
AH-BR-100-N-W-20PK
Quantity 20: BR100, 4xFE, 1xWAN, 1 radio 802.11b/g/n, configurable regulatory
domain, with power supply
BR Accessories
AH-ACC-PWR-12W-US
12W power supply and US power plug for BR100
AH-ACC-PWR-12W-EU
12W power supply and EU power plug for BR100
AH-ACC-PWR-12W-UK
12W power supply and UK power plug for BR100
AH-ACC-PWR-12W-AU
12W power supply and AU power plug for BR100
(ES) Equipements Scientifiques SA - Département Réseaux sans fil - 127 rue de Buzenval BP 26 - 92380 Garches
Tél. 01 47 95 99 50 - Fax. 01 47 01 16 22 - e-mail: [email protected] - Site Web: www.es-france.com
Solution Brief
Branch on Demand
Extending and Securing Access Across the Organization
(ES) Equipements Scientifiques SA - Département Réseaux sans fil - 127 rue de Buzenval BP 26 - 92380 Garches
Tél. 01 47 95 99 50 - Fax. 01 47 01 16 22 - e-mail: [email protected] - Site Web: www.es-france.com
Branch on Demand
Extending Access to Corporate Resources Across the
Organization
Branch On Demand™
As organizations extend corporate capabilities to teleworkers and
branch offices, the added infrastructure and complexity can greatly
increase costs and the burden on network administrators. This extra
infrastructure usually requires support and maintenance in locations
that lack IT staff and is difficult to deploy, configure, and secure
consistently—even by skilled IT teams.
The Aerohive Branch on Demand™ solution makes it easy to deploy
corporate capabilities to employees anywhere, while reducing
operational costs. The key lies in a suite of features and functionality
designed specifically for remote environments that simplify
operations, enforce security policy, reduce costs, and operate
virtually maintenance-free.
Fast, Easy Configuration and Deployment
Remote employees are often not tech-savvy, and branch offices
usually lack onsite IT staff, so remote wireless solutions have to be
straightforward to install and configure. The Aerohive Branch on
Demand solution allows anyone to simply plug in an Aerohive
branch router, wait a few minutes for provisioning to be completed,
and immediately access necessary resources.
Aerohive’s Branch on Demand™
solution redefines the economics,
control, and performance of small
branch and teleworker connectivity
by leveraging our patent-pending
Cloud Services Platform to deliver a
“Headquarters-like” network to every
user regardless of location.
Router—BR100/200
Branch Router with built-in 802.11n
VPN Gateway—CVG
VMWare-Compliant VPN
Gateway
Figure 1 – Zero Touch auto-provisioning removes any need for
technicians onsite or truck rolls.
Cloud Services Platform
Integrated Cloud-based Services
Aerohive eliminates the need for console cables, technical
certification, or individual Secure Socket layer (SSL) virtual private
network (VPN) clients to be installed on every connecting device.
2
Copyright ©2011, Aerohive Networks, Inc.
Branch on Demand
Pre-configuration is unnecessary, because the highly intelligent Aerohive Cloud redirects every
Aerohive device to its world-class HiveManager management platform, regardless of whether
HiveManager resides in the Aerohive Cloud or on the local premises. Administrators simply:
•
Create a configuration
•
Provide parameters for branch routers to acquire the configuration
•
Wait for remote users to plug in devices
Once a device comes online, HiveManager automatically pushes the configuration to it—and
the teleworker is up and running without requiring any administrator intervention.
Centralized Management and Visibility
When you deploy thousands of remote devices, they have to be easy to manage, maintain,
and monitor. Typical remote solutions require multiple consoles for managing remote
connectivity, security, and troubleshooting. However, HiveManager provides a centralized
interface that enables administrators to easily configure any number of Aerohive access points
and branch office devices. An administrator can manage thousands of devices as easily as one.
HiveManager provides everything from integrated IP Address Management, to auto-provisioning
and consistent policy deployment across all Aerohive devices.
Deployment Flexibility
With Aerohive Branch on Demand solutions, administrators have ultimate control over access to
resources. They can define which users and devices can access a branch router, as well as
provide access to specific local and remote resources for each connected user. The Aerohive
BR100 router supports:
•
Up to eight Service Set Identifiers (SSIDs) for wireless deployments
•
6 distinct VLANs shared across wired and wireless interfaces
• Authentication such as 802.1X, captive web portal, and Aerohive Private PreShared Key to distinguish users
Administrators can configure customized access based on identity to apply firewall policies,
VLAN assignments, tunnel permissions, and Quality of Service (QoS) to users or devices.
Consistent Security and Compliance
Consistent, reliable security is a requirement for large-scale distributed networks. However,
dedicated branch routers and security licenses are too expensive for small offices or individual
teleworkers, and a software client does not always provide sufficient coverage, especially when
corporate voice connectivity is needed.
Aerohive Branch on Demand solutions use a patented N-Way Cloud Proxy feature to provide
enterprise-class security at a telecommuter price point. With Cloud Proxy, an administrator can
use a cloud-based security service, such as Websense or Barracuda Online, and route all remote
Copyright ©2011, Aerohive Networks, Inc.
3
Branch on Demand
web traffic through the service before sending it to its final destination. HiveManager also
delivers high visibility through extensive logs and compliance reports.
Unified Wired and Wireless Policy
Branch deployments need policy for users and all types of devices with the assurance of access
regardless of access medium. With HiveManager, an administrator can create customized
access policies, based on identity and device type, which in turn can assign firewall, tunneling,
network, and queuing permissions to any user/device regardless of the user’s location or access
medium. HiveManager also provides complete visibility for:
•
Users and devices connected to any Aerohive network device
•
Permissions assigned to each user/device
• Historical device reporting, even if it moves between wired and wireless access
environments
Teleworker Environments
Teleworking continues to grow in popularity as enterprises use it to reduce capital and
operations costs associated with offices, parking structures, and other facilities. Teleworking also
helps organizations achieve their sustainability goals and provides a cost-effective benefit that
helps recruit and retain top talent. In fact, Robert Half International found that of 1,400 CFOs
surveyed about the popularity of teleworking in their corporations, 46 percent said that
teleworking is second only to salary as the best way to attract top talent and 33 percent said it is
the top draw!
Successful teleworking deployments deliver consistent, persistent access to the same resources
that workers would use at the corporate office. This includes voice, teleconferencing, secure
Internet connectivity, and cloud-based services or applications, such as salesforce.com. The
Aerohive Branch on Demand solution provides standards-based IP Security (IPsec) VPN
functionality to access corporate resources, as well as patent-pending Aerohive Cloud Proxy (NWay Split Tunneling) to ensure the integrity of web traffic by integrating with cloud-based
security vendors, such as Websense and Barracuda.
Aerohive has seamlessly integrated remote routing functionality into its industry-leading, cloudenabled networking architecture to provide easy-to-manage, secure, and reliable connections
to teleworkers.
4
Copyright ©2011, Aerohive Networks, Inc.
Branch on Demand
Figure 2: A typical installation of the Aerohive Branch on Demand teleworker solution
In this example, HiveManager provides easy configuration, monitoring, and troubleshooting for
teleworker devices. The BR100 router discovers HiveManager using configured options or by
querying the Aerohive Cloud for its assigned HiveManager, regardless of whether that
HiveManager is in the cloud or on a customer premises. Aerohive has also introduced the Cloud
VPN Gateway, a VMware-based appliance that terminates IPsec tunnels from Aerohive branch
router devices. The Cloud VPN Gateway can scale based on the hardware dedicated to the
VMware server and does not rely on HiveManager for connectivity.
This teleworker scenario configures the BR100 branch router with multiple SSIDs. For example, one
SSID is used for employee access using 802.1X and another SSID is for guest access using a preshared key. Four 10/100 LAN ports are also configurable to share a VLAN with a wireless SSID, as
well as be protected by a Captive Web Portal.
Traffic from authenticated employees can be routed across the VPN tunnel, as well as assigned
to a priority QoS queue, separate from associated guest traffic. An administrator can configure
the BR100 branch router to separate web traffic not destined for the VPN tunnel and send it
through the Aerohive Cloud Proxy service to a remote security service. A wireless Service Level
Agreement (SLA) can be configured to ensure that wireless access performance meets a
sufficient standard for remote application access, and to automatically boost airtime for a user if
the SLA is not met.
Small Branch Offices
Traditional branch-office VPN solutions generally add cost, complexity, and confusion to each
location. Although small branch offices represent about 20 percent of IT infrastructure, they
often require 80 percent of IT’s maintenance resources. Software solutions are less expensive, but
Copyright ©2011, Aerohive Networks, Inc.
5
Branch on Demand
quickly become unmanageable or inadequate when multiple devices or devices that cannot
support VPN clients want to connect.
Through the cloud, the Branch on Demand solution simplifies provisioning, management,
monitoring, and troubleshooting for branch office deployments, even without technical
resources onsite. Enterprises can achieve significant CAPEX and OPEX savings while maintaining
visibility into remote networks, meeting security objectives and compliance standards, and
increasing productivity.
Figure 3: A typical Aerohive Branch on Demand branch office implementation
In small office deployments, reliable access to the central office, as well as secure Internet
access for online applications and resources, is paramount. The Branch on Demand solution uses
the Aerohive Cloud to quickly and securely discover the HiveManager, regardless of whether
HiveManager is online or local.
Many branch offices, especially those subject to stringent compliance requirements like retail
stores, will want to secure the BR100 branch router in a wiring closet while still providing wireless
access to the rest of the property. Aerohive makes it easy to extend wireless access by allowing
an administrator to connect Aerohive APs via mesh to the BR100 branch router. Then they can
configure the APs to support multiple VLANs and user profiles and deploy a single policy to the
entire location. This approach allows users to connect to any available access point and receive
the correct permissions, based on their identity or device type.
User traffic can be routed across the VPN tunnel or to the Internet based on classic routing and
firewall permissions. The Branch on Demand software also can separate “trusted” web traffic
that should go directly to the Internet, and the Aerohive Cloud Proxy can allow an administrator
to force all other web traffic to traverse an online security service.
6
Copyright ©2011, Aerohive Networks, Inc.
Branch on Demand
Because all Aerohive devices support the Aerohive Mobility Routing Protocol (AMRP), a user can
easily and securely roam between connected access points and the branch router as needed.
Secure access for guests can be separated from corporate traffic and subjected to different
network, QoS, time-of-day access schedules, firewall policies, and web security settings, along
with many other Aerohive features.
For More Information
Aerohive Branch on Demand solutions now make it easier and more cost-effective to implement
wireless access to corporate resources everywhere—from the home office to branch offices and
teleworkers. For more information about the Branch on Demand solution, visit
http://www.aerohive.com/solutions/applications/enterprise.html.
Copyright ©2011, Aerohive Networks, Inc.
7
About Aerohive
Aerohive Networks reduces the cost and complexity of today’s networks with cloud-enabled,
distributed Wi-Fi and routing solutions for enterprises and medium sized companies including
branch offices and teleworkers. Aerohive’s award-winning cooperative control Wi-Fi
architecture, public or private cloud-enabled network management, routing and VPN solutions
eliminate costly controllers and single points of failure. This gives its customers mission critical
reliability with granular security and policy enforcement and the ability to start small and expand
without limitations. Aerohive was founded in 2006 and is headquartered in Sunnyvale, Calif. The
company’s investors include Kleiner Perkins Caufield & Byers, Lightspeed Venture Partners,
Northern Light Venture Capital and New Enterprise Associates, Inc. (NEA).
(ES) Equipements Scientifiques SA - Département Réseaux sans fil - 127 rue de Buzenval BP 26 - 92380 Garches
Tél. 01 47 95 99 50 - Fax. 01 47 01 16 22 - e-mail: [email protected] - Site Web: www.es-france.com