Aerohive Is Switching Things Up

Screen Shot 2013-03-03 at 12.01.20 PM

I’ve had the good fortune to be involved with Aerohive Networks ever since Wireless Field Day 1.  Since then, I’ve been present for their launch of branch routing.  I’ve also convinced the VAR that I work for to become a partner with them, as I believe that their solutions in the wireless space are of great benefit to my customer base.  It wasn’t long ago that some interesting rumors started popping up.  I noticed that Aerohive started putting out feelers to hire a routing and switching engineer.  There was also a routing and switching class that appeared in the partner training list.  All of these signs pointed to something abuzz on the horizon.

Today, Aerohive is launching a couple of new products.  The first of these is the aforementioned switching line.  Aerohive is taking their expertise in HiveOS and HiveManager and placing it into a rack with 24 cables coming out of it.  The idea behind this came when they analyzed their branch office BR100 and BR200 models and found that a large majority of their remote/branch office customers needed more than the 4 switch ports offered in those models.  Aerohive had a “ah ha” moment and decided that it was time to start making enterprise-grade switches.  The beauty of having a switch offering from a company like Aerohive is that the great management software that is already available for their existing products is now available for wired ports as well.  All of the existing polices that you can create through HiveManager can now be attached to an Aerohive switch port.  The GUI for port role configuration is equally nice:

Screen Shot 2013-03-03 at 4.14.11 PM

In addition, the management dashboard has been extended and expanded to allow for all kinds of information to be pulled out of the network thanks to the visibility that HiveManager has.  You can also customize these views to your heart’s content.  If you frequently find yourself needing to figure out who is monopolizing your precious bandwidth, you’ll be happy with the options available to you.

The first of three switch models, the SR2024, is available today.  It has 24 GigE ports, 8 PoE+ ports, 4 GigE uplinks, and a single power supply.  In the coming months, there will be two additional switches that have full PoE+ capability across 24 and 48 ports, redundant power supplies, and 10 GigE SFP+ uplinks.  For those that might be curious, I asked Abby Strong about the SFPs, and Aerohive will allow you to use just about anyone’s SFPs.  I think that’s a pretty awesome idea.

The other announcement from Aerohive is software based.  One of the common things that is seen in today’s wireless networks is containment of application traffic via multiple SSIDs. If you’ve got management users as well as end users and guests accessing your network all at once, you’ve undoubtedly created policies that allow them to access information differently.  Perhaps management has unfettered access to sites like Facebook while end users can only access it during break hours.  Guests are able to go where they want but are subject to bandwidth restrictions to prevent them from monopolizing resources.  In the past you would need three different SSIDs to accomplish something like this.  Having a lot of broadcasted SSIDs causes a lot of wireless congestion as well as user confusion and increased attack surface.  If only there was a way to have visibility into the applications that the users are accessing and create policies and actions based on that visibility.

Aerohive is also announcing application visibility in the newest HiveOS and HiveManager updates.  This allows administrators to peer deeply into the applications being used by users on the network and create policies on a per-user basis to allow or restrict them based on various criteria.  These policies follow the user through the network up to and including the branch office.  Later in the year, Aerohive will port these policies to their switching line.  However, when you consider that the majority of the users today are using mobile devices first and foremost, this is where the majority of the visibility needs to be.  Administrators can provide user-based controls and reporting to identify bandwidth hogs and take appropriate action to increase bandwidth for critical applications on the fly.  This allows for the most flexibility for both users and administrators.  In truth, it’s all the nice things about creating site-wide QoS policies without all the ugly wrench turning involved with QoS.  How could you not want that?

Tom’s Take

Aerohive’s dip into the enterprise switching market isn’t all that shocking.  They seem to be taking a page from Meraki and offering their software platform on a variety of hardware.  This is great for most administrators because once you’ve learned the software interface and policy creation, porting it between wired switch ports and wireless APs is seemless.  That creates an environment focused on solving problems with business decisions, not on problems with configuration guides.  The Aerohive switches are never going to outperform a Nexus 7000 or a Catalyst 4500.  For what they’ve been designed to accomplish in the branch office, however, I think they’ll fit the bill just fine.  And that’s something to be buzzing about.


Aerohive provided a briefing about the release of these products.  I spoke with Jenni Adair and Abby Strong.  At no time did Aerohive or their representatives ask for any consideration in the writing of this post, nor were they assured of any of the same.  All of the analysis and opinions represented herein are mine and mine alone.

Aerohive HiveOS 4

Aerohive really stood out to me at Wireless Tech Field Day back in March.  They’re a great company with a lot of interesting ideas behind wireless technology today that run counter to what you are hearing from the mainstream vendors.  The most perpendicular of these is that having a controller-based wireless network is no longer the way to go now that the processing power of access points (APs) has caught up to the modern era.  You can still have a software program directing their configuration and provisioning, but needed to run all that traffic through a centralized box is just asking for trouble.  Accordingly, Aerohive is coming out with some updates to their software offerings.

Aerohive announced the newest release of their HiveOS, version 4.0.  To go along with it, they are also releasing a new version of their HiveManager software, 4.0 as well.  The folks at Aerohive let me take a sneak peak at the bells and whistles on their new products.  The idea behind HiveOS 4 and HiveManager 4 is the ability to simplify the configuration of the network for guest users and mobile devices.  The current trend in wireless technology today is moving away from providing your employees with corporate mobile devices, such as tablets and smartphones, and instead configuring your network to allow more of a Bring Your Own Mobile Device approach.  From the CxO’s new iPad to a Galaxy Tab 10.1, the landscape of wireless client devices is proliferating quickly.  One of the areas where Aerohive told me they are seeing this explosion of BYOMD is in the healthcare industry.  With so many doctors and specialists floating in and out of hospitals, the number of different devices hopping on the wireless network at any given time is staggering.  Add in the patients and their families and loved ones and you can see how crazy things can get at times.  As a network admin, you can’t just tell all those people that they are only allowed to get on your network if they use the right device.  Doctors, in particular, become very attached to their mobile device and would prefer taking it around to each site they visit rather than be issued an “approved” mobile device upon arrival.  It becomes more important then to configure your wireless in such as way to provide the best experience for your users while at the same time protecting them and protecting the network from harm.

One way that Aerohive is helping this guest device explosion is by offering the ability to have your users self enroll on a portal page for a Private Pre-Shared Key (PPSK).  I like the idea of a PPSK, since it essentially provides a throw-away password for each user and allows you to grant access without giving away the whole network.  This also does away with any kind of need to have an open guest network, which has been shown in recent months to be vulnerable to all kinds of snooping and sniffing software, such as the infamous Firesheep.  In HiveOS 4, you can also tag those PPSKs with an expiration time and date, so for instance the network admins at a concert performance or sporting event can mark all the self-generated PPSKs to expire two hours after the end of the show to help prevent people from leeching the network forever.  This can help you setup easy access for your clients to generate their own PPSKs via a web portal so the admins need not get involved in the process while at the same time making sure that you can restrict access should the need arise.  If you have a user that is misbehaving or needs to be disconnected, you merely disable their PPSK without needing to rekey the network.  This feature is also a great idea in places where employee turnover is rather high.

Another new feature in HiveOS 4 is the ability to snoop on mobile Internet devices, or MIDs as Aerohive refers to them.  Every mobile device you can buy today identifies itself in one form or another.  Most of the time this is done via browser user agents.  As a quick example, the user agent on your iPhone announces to the website that it is indeed a Fruit Company Mobile Phone, and the website displays a mobile-friendly site with larger text and fewer graphics.  In much the same way, HiveOS 4 allows the network to determine which devices are being used  and restrict them with policies.  For instance, you may want to give your CxO unfettered access to all corporate resources on his laptop.  If he uses his iPad, you may want to restrict him from accessing servers which don’t support his tablet.  If he jumps on with his iPhone, you may wish to further restrict him to Internet access only.  By snooping on the user agents, you can configure these policies quickly and easily without restricting access on his other devices.  Think of a restaurant, for example.  The host/hostess up front would love to use an iPad to take reservations quickly and easily, but the management is worried they might instead use it to surf the web or spend more time on Facebook than face-to-face with customers.  In HiveOS 4, you can restrict the host station iPads from the Internet and only allow them access to the reservation system.  A win for everyone that is interested in things other than status updates.  Note that this is all done without the need to enable 802.1x authentication on the network, a very time consuming and hairy process for even the most seasoned security and network people.

One unexpected addition in HiveOS 4 is spectrum analysis.  Cisco has really been pushing the advantages of the Cognio chip embedded in all of it’s 3500 series APs.  When we asked Aerohive about doing spectrum analysis in their APs at WFD, the answer was “wait and see”.  I’m pleased to announce that with HiveOS 4, you can now enable a spectrum analyzer in your Aerohive 802.11n APs.  The interface in HiveManager 4 is all based on HTML5, so it has no display issues on your favorite Fruit Company Mobile Device.  There is a large signature database included, so you can plot the air waves and then compare them to a list of known interference sources in case you aren’t sure whether it’s a Bluetooth headset or a cordless phone causing interference.  This is great if you want to enable the spectrum analyzer on a remote AP and then have someone back at the office check the interference source while you walk around trying to find out who’s hiding a microwave under their desk (Here’s a tip:  Look for the guy glowing in the dark…).  This feature is included in HiveOS 4 at no additional cost.  One caveat I noticed – HiveManager can only receive data from 10 spectrum analysis sources at once, so you can’t configure any more than that.  When I asked about this limitation, I was informed that in order to receive and process the data quickly and efficiently, they had to put a limit on it, so 10 is it.  For now, at least.

HiveOS 4 Spectrum Analysis running on your favorite Fruit Company Tablet

For those of you out there that may be Aerohive partners, there is also a new Partner Admin page that allows you to demo the product and set up customer evaluations.  You can also remote in and add devices to your customer’s network or even delegate certain tasks to administrators at the customer site.  This is a great addition for those providers looking to add Aerohive as a kind of managed services wireless solution.  For one low monthly fee, you can lease Aerohive gear to your customers and manage it from one location.  You can involve the customer admins as little or as much as you want.

There are a lot of other great features that are in HiveOS 4 and HiveManager 4, so you should head over to Aerohive’s site and check it out.  The upgrade is free for all existing Aerohive customers and will be available on June 20.

Tom’s Take

I like what Aerohive is doing with their approach to wireless.  By moving the intelligence of the network out into the access points, they alleviate some of the bottleneck issues with controllers.  They also have some great ideas that they bring to the table to increase the visibility of their software with certain verticals, such as education and health care.  However, if software is your game, you’re only as good as the features in your latest release.  I think Aerohive nailed it with HiveOS 4.  They’ve added a lot of new features to help admins address their pain points in the Bring Your Own Mobile Device era, as well as adding a much-needed feature that will allow them to compete with offerings from Cisco in the spectrum analysis arena.  By making this upgrade available for all existing customers, you can refresh your wireless network with the click of a button.  No forklifts needed.  So join me in raising a glass to the latest release of HiveOS:

I look forward to seeing more good stuff from Aerohive in the future.


I received a sneak peak at the offering from Aerohive before the launch date.  No consideration was asked for in my attendance, and none was offered.  The opinions and analysis offered in this post are mine and mine alone.