Blog Cloud

Cloud-Speed Innovation – June 2020

David Coleman Director, Wireless Networking at the Office of the CTO Published 30 Jun 2020

In earlier blogs, I have discussed the fast pace of cloud-speed innovation. In the cloud, continuous integration defines a release cadence measured in months; continuous delivery means a release cadence measured in weeks, and continuous deployment involves a release cadence measured in days. ExtremeCloud™ IQ offers continuous deployment– where innovation is often a daily process. This cadence provides customers with unprecedented feature velocity and bug fix availability, operating in a continuous delivery model. I promised to highlight new ExtremeCloud™ IQ capabilities at least once a month. I highlighted May 2020 enhancements in last month’s blog.

Let’s now highlight some new features and enhancements that have gone live in June 2020. As shown in Figure 1, the AP150W wall-plate access point can now function as a Layer 3 branch router. The AP150W is an enterprise-class wall-plate access point and switch with embedded IoT technology designed for wall or desktop mount. The AP150W is often deployed in hotel rooms, residential halls, or other multi-dwelling unit deployments. You can now enable a new device function mode that gives the AP150W much of the same L3 router functionality as the XR600P branch router.


Figure 1

Like all of the Extreme Cloud APs, the AP150W has always had the capability to function as a Layer 2 VPN endpoint. As shown in Figure 2, the AP150W can now also terminate traditional Layer 3 IPsec VPNs while supporting unique subnets at each branch location.


Figure 2

In February, I wrote about how Extreme access points, branch routers, and switches can be assigned to different logical groupings known as Cloud Configuration Groups, a robust configuration, and network device management feature. By pairing Client Configuration Groups with classification rules, a single network policy can be custom-built for specific groups of devices. For example, different groupings of APs can be assigned different device templates, radio profiles, user VLANs, and even SSIDs. Cloud Configuration Groups allows IT managers to create a single network policy that can span the entire enterprise network while keeping management simplified.

As shown in Figure 3, An administrator can now use classification rules within IP objects. Instead of defining a single IP address or a single IP network within an object, multiple IP addresses or networks can be assigned based on a classification rule aligned with a specific Cloud Config Group. These IP objects can then be used within a firewall rule.

 
Figure 3

A long-time feature that our customers have always appreciated is the Layer 2-7 firewall capability, which is built into the IQ Engine operating system of each access point. By leveraging multiple user profiles on a single SSID, different firewall policies for different groups of users can be enforced at the wireless edge of the network. As seen in Figure 4, the IP objects (with classification rules) can be assigned as either the source or destination addresses within a firewall policy of a user profile. Effectively this allows an administrator to also apply different firewall rules for a group of users by location and Cloud Config Groups. For example, a hospital group with multiple health clinic locations might want similar firewall rules for their employees at each site; however, the network addressing is different at each location.

 
Figure 4

The term cloudification refers to the conversion and/or migration of data and application programs in order to make use of cloud computing. Extreme Networks has been very busy with the cloudification of the networking product portfolio of hardware and applications. For example, earlier in the year, we introduced the monitoring of WiNG controllers and APs in ExtremeCloud IQ. As shown in Figure 5, WiNG controllers can now also be configured via an SSH Proxy via ExtremeCloud IQ. An admin has two management options from the cloud, using command line connectively or UI connectivity via the SSH Proxy.

 
Figure 5

As seen in Figure 6, most of the extensive ExtremeSwitching portfolio can already be monitored from ExtremeCloud IQ. Additionally, IT managers can now configure both the X (EXOS) series and Virtual Services Platform (VSP) series switches using either the SSH Proxy or Supplemental CLI capabilities of ExtremeCloud IQ.  But we are just getting started! Please be informed that an aggressive path for enhanced switch configuration and monitoring within ExtremeCloud IQ is near the horizon. Please check back over the next couple of months as we introduce revolutionary wired networking visibility and management from the cloud.

Figure 6

Do you want to learn more about all the new bells and whistles in this June 2020 update of ExtremeCloud™ IQ?  Take a moment to watch this video as Erika Bagby takes you through a short tour of the recent enhancements:

While my blogging cadence is nowhere near as fast as cloud-speed innovation, I promise to continue to highlight new ExtremeCloud™ IQ capabilities at least once a month in future blogs.

Get the latest stories sent straight to your inbox!

Related Enterprise Stories