Aerohive really stood out to me at Wireless Tech Field Day back in March.  They’re a great company with a lot of interesting ideas behind wireless technology today that run counter to what you are hearing from the mainstream vendors.  The most perpendicular of these is that having a controller-based wireless network is no longer the way to go now that the processing power of access points (APs) has caught up to the modern era.  You can still have a software program directing their configuration and provisioning, but needed to run all that traffic through a centralized box is just asking for trouble.  Accordingly, Aerohive is coming out with some updates to their software offerings.

Aerohive announced the newest release of their HiveOS, version 4.0.  To go along with it, they are also releasing a new version of their HiveManager software, 4.0 as well.  The folks at Aerohive let me take a sneak peak at the bells and whistles on their new products.  The idea behind HiveOS 4 and HiveManager 4 is the ability to simplify the configuration of the network for guest users and mobile devices.  The current trend in wireless technology today is moving away from providing your employees with corporate mobile devices, such as tablets and smartphones, and instead configuring your network to allow more of a Bring Your Own Mobile Device approach.  From the CxO’s new iPad to a Galaxy Tab 10.1, the landscape of wireless client devices is proliferating quickly.  One of the areas where Aerohive told me they are seeing this explosion of BYOMD is in the healthcare industry.  With so many doctors and specialists floating in and out of hospitals, the number of different devices hopping on the wireless network at any given time is staggering.  Add in the patients and their families and loved ones and you can see how crazy things can get at times.  As a network admin, you can’t just tell all those people that they are only allowed to get on your network if they use the right device.  Doctors, in particular, become very attached to their mobile device and would prefer taking it around to each site they visit rather than be issued an “approved” mobile device upon arrival.  It becomes more important then to configure your wireless in such as way to provide the best experience for your users while at the same time protecting them and protecting the network from harm.

One way that Aerohive is helping this guest device explosion is by offering the ability to have your users self enroll on a portal page for a Private Pre-Shared Key (PPSK).  I like the idea of a PPSK, since it essentially provides a throw-away password for each user and allows you to grant access without giving away the whole network.  This also does away with any kind of need to have an open guest network, which has been shown in recent months to be vulnerable to all kinds of snooping and sniffing software, such as the infamous Firesheep.  In HiveOS 4, you can also tag those PPSKs with an expiration time and date, so for instance the network admins at a concert performance or sporting event can mark all the self-generated PPSKs to expire two hours after the end of the show to help prevent people from leeching the network forever.  This can help you setup easy access for your clients to generate their own PPSKs via a web portal so the admins need not get involved in the process while at the same time making sure that you can restrict access should the need arise.  If you have a user that is misbehaving or needs to be disconnected, you merely disable their PPSK without needing to rekey the network.  This feature is also a great idea in places where employee turnover is rather high.

Another new feature in HiveOS 4 is the ability to snoop on mobile Internet devices, or MIDs as Aerohive refers to them.  Every mobile device you can buy today identifies itself in one form or another.  Most of the time this is done via browser user agents.  As a quick example, the user agent on your iPhone announces to the website that it is indeed a Fruit Company Mobile Phone, and the website displays a mobile-friendly site with larger text and fewer graphics.  In much the same way, HiveOS 4 allows the network to determine which devices are being used  and restrict them with policies.  For instance, you may want to give your CxO unfettered access to all corporate resources on his laptop.  If he uses his iPad, you may want to restrict him from accessing servers which don’t support his tablet.  If he jumps on with his iPhone, you may wish to further restrict him to Internet access only.  By snooping on the user agents, you can configure these policies quickly and easily without restricting access on his other devices.  Think of a restaurant, for example.  The host/hostess up front would love to use an iPad to take reservations quickly and easily, but the management is worried they might instead use it to surf the web or spend more time on Facebook than face-to-face with customers.  In HiveOS 4, you can restrict the host station iPads from the Internet and only allow them access to the reservation system.  A win for everyone that is interested in things other than status updates.  Note that this is all done without the need to enable 802.1x authentication on the network, a very time consuming and hairy process for even the most seasoned security and network people.

One unexpected addition in HiveOS 4 is spectrum analysis.  Cisco has really been pushing the advantages of the Cognio chip embedded in all of it’s 3500 series APs.  When we asked Aerohive about doing spectrum analysis in their APs at WFD, the answer was “wait and see”.  I’m pleased to announce that with HiveOS 4, you can now enable a spectrum analyzer in your Aerohive 802.11n APs.  The interface in HiveManager 4 is all based on HTML5, so it has no display issues on your favorite Fruit Company Mobile Device.  There is a large signature database included, so you can plot the air waves and then compare them to a list of known interference sources in case you aren’t sure whether it’s a Bluetooth headset or a cordless phone causing interference.  This is great if you want to enable the spectrum analyzer on a remote AP and then have someone back at the office check the interference source while you walk around trying to find out who’s hiding a microwave under their desk (Here’s a tip:  Look for the guy glowing in the dark…).  This feature is included in HiveOS 4 at no additional cost.  One caveat I noticed – HiveManager can only receive data from 10 spectrum analysis sources at once, so you can’t configure any more than that.  When I asked about this limitation, I was informed that in order to receive and process the data quickly and efficiently, they had to put a limit on it, so 10 is it.  For now, at least.

HiveOS 4 Spectrum Analysis running on your favorite Fruit Company Tablet

For those of you out there that may be Aerohive partners, there is also a new Partner Admin page that allows you to demo the product and set up customer evaluations.  You can also remote in and add devices to your customer’s network or even delegate certain tasks to administrators at the customer site.  This is a great addition for those providers looking to add Aerohive as a kind of managed services wireless solution.  For one low monthly fee, you can lease Aerohive gear to your customers and manage it from one location.  You can involve the customer admins as little or as much as you want.

There are a lot of other great features that are in HiveOS 4 and HiveManager 4, so you should head over to Aerohive’s site and check it out.  The upgrade is free for all existing Aerohive customers and will be available on June 20.

Tom’s Take

I like what Aerohive is doing with their approach to wireless.  By moving the intelligence of the network out into the access points, they alleviate some of the bottleneck issues with controllers.  They also have some great ideas that they bring to the table to increase the visibility of their software with certain verticals, such as education and health care.  However, if software is your game, you’re only as good as the features in your latest release.  I think Aerohive nailed it with HiveOS 4.  They’ve added a lot of new features to help admins address their pain points in the Bring Your Own Mobile Device era, as well as adding a much-needed feature that will allow them to compete with offerings from Cisco in the spectrum analysis arena.  By making this upgrade available for all existing customers, you can refresh your wireless network with the click of a button.  No forklifts needed.  So join me in raising a glass to the latest release of HiveOS:

I look forward to seeing more good stuff from Aerohive in the future.

Disclaimer

I received a sneak peak at the offering from Aerohive before the launch date.  No consideration was asked for in my attendance, and none was offered.  The opinions and analysis offered in this post are mine and mine alone.