Availability: In Stock
Aerohive AH-S-GM-VAD-3YR 3 Year VAD support for GuestManager Appliance level 3 support, warranty RTF, Support Portal Access
Gain access and support to the Aerohive GuestManager Support Portal with Level 3 Appliance Support for Aerohive's secure guest access solution.
Aerohive GuestManager is a guest account management and authentication server that completes Aerohive’s robust and secure guest access solution. In combination with HiveAPs, the GuestManager enables guest users to be simply and securely authorized for access to a guest network. Aerohive GuestManager makes it simple for authorized employees to create guest accounts while keeping the guest network secure by authenti-cating and reporting on all guest users.
Aerohive HiveManager Online Features Comparison Chart
Feature
|
Express |
Enterprise |
| Wi-Fi Alliance certified "WPA2 Enterprise" |
Yes |
Yes |
| Full User Policy Configuration |
Yes |
Yes |
| Number of Policy Configurations per SSID |
1 |
Up to 64 |
| Multiple VLANs per SSID |
Yes |
Yes |
| The ability for different SSID sets to be applied to different APs |
No |
Yes |
| Full 802.1X Authentication capability with Fast Roaming |
Yes |
Yes |
| Authentication against external user authentication database (ie, Active Directory, LDAP, etc) |
Yes |
Yes |
| HiveAP RADIUS with Active Directory, LDAP, Open Directory, eDirectory integration |
No |
Yes |
| TeacherView Cart |
No |
Yes |
Role-Based Administration of Guests
GuestManager, in conjunction with the overall Aerohive solution, enables granular management of different types of guest roles, while the HiveAPs can enforce different security, QoS, or segmentation requirements based upon roles communicated to them from GuestManager. This enables, for example, contractors to get extended access to a network and a visitor to get access for only a few hours. This functionality also enables contractors to get access to different network resources, while visitors may be allowed to access only the Internet. These two types of guests both authenticate using the same SSID and web portal interface but have different policies applied based upon their user credentials.
GuestManager and the Aerohive Guest Access Solution
In order to enable guest access to a corporate network securely with the least operational effort, an entire guest solution must be in place. The chart below shows the key requirements and how Aerohive provides a complete solution.
GuestManager is a central resource in the network that acts as a RADIUS server for guest access. Authorizedemployees access anintuitive web interface to register guest accounts. Guests use the credentialsprovided to authenticate through the captive webportal on a HiveAP. If authorized, the guest canaccess the guest VLAN ortunnel which drops them onto the Internet. If there are multiple types of guests like contractors, consultants, and visitors, they can be placed on separate networks with different policies.
Requirements & Solution
The ability to secure and segment guest traffic from corporate traffic
Aerohive enables segmentation through a rich identity-based policy engine. Based upon user identity, guests can be put on a separate VLAN or be tunneled to the DMZ to ensure that guest and employee traffic does not mix.
The ability to apply QoS and security policies to guest users as they join the network
Aerohive can apply complete access policy at the HiveAP including time-of-day and day-of-week access, firewall, DoS prevention, and QoS policies based on the identity or role of the guest.
The ability to easily create unique guest credentials
GuestManager makes it simple for authorized employees to create and distribute guest credentials and instructions for joining the network.
A user-friendly authentication and authorization process
As guest log into a guest SSID, they are presented with a Web Login page on a captive web portal hosted on the HiveAP. The users’ credentials are passed via RADIUS to GuestManager where they are authenticated and authorized for access to the guest network.
Guest Account Creation and Management
GuestManager also provides flexible guest account management, allowing guest access and accounts to be audited, canceled, or tracked. The creation of guest accounts enables an enterprise to set up a system that matches the security and operational goals of the enterprise. Here are a few examples of guest account registration avail-able in GuestManager:
- Lobby ambassador registration enables receptionists or security personnel to provide access to the network as guests enter the building
- Employee registration enables any employee to create guest accounts. GuestManager integrates with Active Directory to enable employee access to GuestManager based on group policy.
- Self-registration enables guests touse a kiosk in the lobby or secure area to create their own accounts. This presumes physical access in order to get network access.
- Bulk account registration enables conference or training organizers to create large numbers of user credentials easily.
Credentials
The simple distribution of unique guest credentials is one of the key operational benefits of GuestManager. Credentials can be randomly generated or specified during registra-tion to provide a unique login identity for the guest. Once the user credentials are created, the credentials can be emailed or printed out on letter-sized paper or a label printer along with instructions on how to access the network.
Single Centralized Instance for Guest Authentication
GuestManager runs on RADIUS so it can be used to authenticate guests on wired portals as well as wireless portals and enables an entire multi-site enterprise to use a single instance or regionalized instance of the platform to cover an entire company or just one part of it.
Delivered as an Appliance
GuestManager is delivered as an appliance to ease deployment and maintenance of guest services. The Guest-Manager appliance has been “hardened” or secured against malicious attack and vulnerabilities are fixed as the system is upgraded.
Device Specifications
- Form factor: 1U rack-mountable device
- Chassis dimensions: 16 13/16” W x 1 3/4” H x 15 13/16” D (42.7 cm W x 4.4 cm H x 40.2 cm D)
- Weight: 13.75 lb. (6.24 kg)
- Serial port: male DB-9 RS-232 port (bits per second: 9600, data bits: 8, parity: none, stop bits: 1, flow control: none)
- USB port: standard Type A USB 2.0 port
- Ethernet ports: MGT and LAN – autosensing 10/100/1000Base-T
Power Specifications
- ATX (Advanced Technology Extended) autoswitching power supply with PFC (power factor corrector):
- Input: 100 – 240 VAC
- Output: 250 watts
- Power supply cord: standard three conductor SVT 18AWG cord with an NEMA5-15P three-prong male plug and three-pin socket
Environmental Specifications
- Operating temperature: 32 to 140°F (0 to 40°C)
- Storage temperature: -4 to 176°F (-20 to 80°C)
- Relative humidity: 10% – 90% (noncondensing)
