Aruba Networks Version 3.3 Network Card User Manual


 
Campus Wireless Networks Validated Reference Design Version 3.3 | Design Guide Alternative Deployment Architectures | 75
Pure Remote Access Deployment
In some instances, the scale of the Remote AP solution or security requirements dictate that the internal
Mobility Controllers serving campus users should not be used for termination of wide-area APs.
Typically this means that dedicated Mobility Controllers are placed in the Demilitarized Zone (DMZ) of
the network. These Mobility Controllers are solely responsible for terminating RAP and IPSec
connections from users.
In this scenario it is important that controllers be highly available because Remote AP functionality is
delivered as an “always-on” service. The controllers in this reference architecture are often deployed in
Master/Local clusters of two controllers using Active-Active redundancy. These devices also typically
straddle the corporate firewall to provide access back into the enterprise just as a typical IPSec
concentrator would.
Figure 5 Remote access Mobility Controllers sit in the network DMZ
When using stand alone remote access Mobility Controllers it is highly advised that MMS be used in the
network to provide configuration. This ensures that all controllers receive the same user roles and
firewall policy. This is critical to ensure that the user experiences the same privilege level on the
Remote AP as they would on the corporate WLAN.
arun_093
DMZ
Internet
Corporate