Overview:
Arista has pioneered the cloud networking movement with its software driven approach, built on cloud principles with consistent, reliable software offering, open standards-based designs, and native programmability. CloudVision extends the same architectural approach of simplification through software consistency as a multi-domain management plane for automating the entire network, across private, public and hybrid clouds as well as wired and wireless campus.
Harnessing the power of the cloud, big data analytics, machine learning and automation, CloudVision Cognitive Unified Edge (CV-CUE) brings the power of intelligence, speed and accuracy to wireless and wired networks. Through root cause analysis and proactive problem resolution options, CV-CUE reduces the mean-time-to resolve problems minimizing network troubleshooting effort while reducing total cost of ownership.
Centralized Management with CloudVision CUE
Wi-Fi access points are centrally managed without the need for additional hardware appliances. Access points directly connect to CloudVision CUE, Arista’s centralized cloud management solution for wireless access points, that offers seamless scalability as your network expands.
CloudVision CUE is at the core of Arista’s cloud-native approach to enterprise Wi-Fi networks. It enables centralized management of wireless access points (APs) simplifying policy management and provisioning of Wi-Fi networks. At the network edge, APs are equipped with distributed algorithms to handle control plane functions locally. This decoupling of management and control planes, along with a flexible data plane that allows wireless access points to provide customizable traffic redirection at the network's edge, results in a more robust network, without single points of failure. Coupled with zero-touch provisioning, CloudVision CUE enables seamless scaling of the network from a few to 100,000s of APs.
Virtually unlimited and elastic availability of storage and compute resources eliminates artificial boundaries inherent in controller-based WLAN architectures. Many innovative and previously unforeseen applications in big data analytics, machine learning and cognitive computing are now possible with Arista Wi-Fi.
Cognitive Management Plane
The Arista Wi-Fi cognitive management plane simplifies configuration and troubleshooting while delivering rich telemetry information to network administrators. Arista leverages the power of the cloud and the massive data sets available across the user base to continuously perform supervised and unsupervised learning to apply AI concepts. Inference models are created to arrive quickly at the root cause of any poor experience and proactively provides this information along with suggested remediation to provide the smallest mean time to resolution.
Key Wi-Fi Features
- Network Baselining: Baselines network behavior and automatically detects and highlights anomalies, using ML algorithms.
- Root Cause Analysis Engine: Automatically detects and classifies Wi-Fi clients’ connection failures and pinpoints the root cause in real-time.
- Single Client Inferencing: Identifies clients facing poor QoE, based on RF, network and application KPIs and performs root cause analysis as well as providing remediation recommendations for specific clients.
- Automatic Packet Capture: Proactively captures packet traces to help diagnose problems; traces are stored alongside related failures or symptoms to simplify troubleshooting later.
- Client Emulation and Network Profiling: Takes advantage of the multi-function radio, present in most Arista Wi-Fi APs, turning it into a client to run a wide variety of tests and proactively identify problems before users do.
The Cognitive Management Plane is driven by Arista’s NetDB, a state-based, cloud-hosted, network-wide database that collects real-time data streamed from wired and wireless devices for cognitive analytics. CloudVision CUE’s capabilities can be extended further by integration with 3rd party applications using OpenConfig via Webhooks and Arista’s ReST API framework.
Wireless Intrusion Prevention
With a multi-function radio acting as a wireless intrusion prevention (WIPS) sensor, wireless threats are detected and blocked almost instantly in your network. CloudVision CUE works with the APs, which are powered by patented techniques such as Marker PacketsTM, to enable surgical over-the-air intrusion prevention, automatically and accurately creating alerts and automatically classifying wireless threats. CloudVision CUE uses behavior based detection of threats; rather than a signature based approach; to enable zero day protection without chasing exploits, tools and their signatures.
Secure Client Access
Arista Guardian for Network Identity or AGNI connects the network, users, and devices across remote and geographically dispersed locations. Based on Arista’s flagship CloudVision, the new AGNI platform brings a revolutionary improvement to scalability, simplicity, and security across users, their associated endpoints, and IoT devices.
Additionally, CloudVision CUE supports flexible end user access management in enterprise Wi-Fi networks by enabling seamless integration with leading identity management solutions such as Aruba ClearPass, ForeScout NAC, Cisco ISE etc. Arista Guest Manager provides multiple ways for guest access in the enterprise including Guestbook, vouchers, OTP-based etc.
Features:
Cognitive Management Plane
Arista uses cognitive computing to deliver the best experience possible to Wi-Fi administrators and users.
Location Tracking
CV-CUE supports tracking location of any Wi-Fi APs and clients on a floor. It enables visualization of Wi-Fi associations and includes filtering based on client or user information, or connectivity or performance issues. It can be used for mapping of Wi-Fi client connectivity and performance issues in the context of their physical location.
Unified Monitoring
CV-CUE gives a single pane of glass to monitor WiFi access points and switches to which these APs are directly connected. CV-CUE shows switch details and also provides information about connectivity, performance and security related issues.This results in the fastest mean time to resolution, for troubleshooting and restoring networking services that impact users and endpoint devices. CV-CUE shows detailed data about access switches managed from Arista CVaaS. This enables full visibility of the edge network from a single pane. Wired hosts connected to Arista APs are also visible on the UI.
Client Journey
CV-CUE provides direct and real-time insight into the experience of Wi-Fi clients as they journey on the network. Client Journey tracks when and why clients fail to connect to the network, reporting latencies of network services such as AAA, DHCP, and DNS. Administrators can drill down and access live and historical client connection logs to aid troubleshooting.
Network Baselining
Using ML algorithms on the data it collects, CV-CUE baselines network behavior and automatically detects and highlights anomalies. Baselining is done for connection failures, RF performance KPIs and application QoE. AI algorithms detect poor performance, identifies root causes and provides recommendations to resolve network problems.
Applications Health
CV-CUE monitors the Quality of Experience (QoE) of businesscritical applications and identifies users facing poor QoE issues. A total of 25 applications can be selected for monitoring. This includes video collaboration applications such as Hangouts, Zoom, Teams as well as a wide variety of Web applications from enterprise app providers such as Adobe, Google, Microsoft, Oracle etc. Users can also add custom applications for QoE monitoring. For each application, CV-CUE tracks the percentage of time for which QoE was poor and displays the information on the Application dashboard. QoE baseline is also tracked per application as well as over all applications, for upto 30 days.
RF Explorer
Leveraging the round-the-clock scanning capabilities of Arista APs, CV-CUE provides in-depth, live and historical, information about the RF environment seen by each AP. The RF Explorer is a powerful tool for monitoring, managing and proactively troubleshooting radio spectrum related issues.
Access Point Explorer
Access Point Explorer provides a summary view of all the APs in the network and provides an easy way for the network administrators to view the AP distribution for various attributes such as software version, AP model, Ethernet link speed etc.
Client Explorer
Client Explorer provides a summary view of all the clients and provides an easy way for the network administrators to understand client distribution for different attributes such as protocol capability, vendor, OS etc.
Root Cause Analysis Engine
CV-CUE employs built-in domain expertise and protocollevel intelligence to help administrators maintain the network. In real time, it automatically detects and classifies Wi-Fi clients’ connection failures and pinpoints the root cause—if it is related to Wi-Fi or to a network service such as DHCP or DNS, a client device, or an application. Similarly, it automates root cause analysis of poor performance, such as poor coverage, high retry rate and sticky clients.
Single Client Inferencing
Wi-Fi clients may face poor experience due to various reasons. CV-CUE identifies such clients based on RF and application KPIs and then uses the Single Client Inferencing engine for automated root cause analysis of problems faced by clients.
Automatic Packet Capture
CV-CUE proactively captures packet traces to help diagnose problems. The traces are stored alongside related failures or symptoms to simplify troubleshooting later. Packet traces can be downloaded or directly visualized in Arista Packets, the cloud based, visual Wi-Fi packet analyzer.
Spectrum Analyzer
Arista APs can be configured to run on-demand spectral scans to get an in-depth view of the RF activity on Wi-Fi spectrum bands, i.e 2.4GHz, 5GHz, 6GHz. Spectrum Analyzer illustrates the output of a spectral scan using a set of charts. Spectrogram shows the RF energy level across the band, as a function of time. The Spectrum Density chart indicates the relative distribution of different signal levels across the spectrum band. The Signal Strength chart shows the instantaneous and average RF energy level in different parts of the band. The Duty Cycle chart shows the percentage of time each channel is busy, based on the presence of RF activity above a certain signal level.
Active Network Assurance
CV-CUE takes advantage of the multi-function radio, present in most Arista Wi-Fi APs, turning it into a client to run a wide variety of tests and proactively identify problems before users do. This helps validate the network’s readiness for supporting business-critical applications.
Intelligent RF Optimizations
Unparalleled visibility in 2.4 GHz, 5 GHz and 6 GHz enables automatic RF optimizations such as band steering, smart steering, auto channel selection and auto transmit power control to maximize Wi-Fi capacity. CV-CUE shows detailed information about the metrics used during channel selection to provide deep insights into the reasons why a particular channel was chosen. Real-time application performance is further enhanced with multicast-to-unicast conversion and smart blocking, pruning and optimization of broadcast and multicast traffic.
Remote Workspace AP
Remote Workspace AP (RWAP) solution empowers enterprise customers with the ability to extend Corporate SSID to a remote workplace such as a teleworkers’ home office or a small remote branch office. It uses industry-standard protocols to securely connect the AP deployed at a workplace with the Enterprise datacenter (DC) over the public Internet. With an IPSec VPN tunnel from the AP to the DC:
- Wi-Fi traffic mapped to the SSID flows via the tunnel to/from DC
- VPN setup not required individually on the Wi-Fi end clients
- Split tunnel functionality limits only corporate traffic through the tunnel
RWAP feature is available for on-premises customers also.
Wi-Fi Analytics
Analytics based on presence and behavior of Wi-Fi devices can provide significant business intelligence, and can inform business functions such as
- marketing research (A/B testing of storefront displays, measure ROI of marketing campaigns, context-based guest engagement)
- operations (staff planning, optimize facility utilization),
- IT (network planning and design based on user density).
Presence Analytics
Presence analytics provide anonymous, statistical information about the footfall (number of Wi-Fi devices detected), dwell time (duration for which Wi-Fi devices are present) and repeat versus new customers. These trends can be viewed for a site or aggregated across multiple sites, and across different time periods: intra-day, daily, weekly, monthly and year-over-year.
Zone Analytics
Zone analytics provide insight into the density and flow of Wi-Fi users by visualizing it on a floor map. This allows administrators to monitor how various parts of a facility are populated over a period of time. Zones can be demarcated as a region around Wi-Fi APs on a floor maps.
Engagement Analytics
Integration with social networks and third-party loyalty systems can be leveraged to collect demographics and other information from Wi-Fi users who opt in to share their personal details. This in turn can be used to engage with the opt-in Wi-Fi users, e.g., retail business can provide special deals to their loyal customers and convert them into brand ambassadors.
Content analytics and application visibility
Web analytics and application visibility based on deep packet inspection can provide insight into Wi-Fi usage patterns and allow you to enforce policies in terms of the type of content or applications that can or cannot be accessed based on the type of Wi-Fi network (e.g., Corp vs. Guest) and user privileges (e.g., students vs. teachers) and assign the desired quality of service.
Wired and Wireless Access Security and Control
With a suite of features to identify users, devices, OS, and applications and to control the access and privileges they get on the network, Arista provides a comprehensive solution to enforce context-based policies and protect the network from abuse. For comprehensive wired and wireless access control, CV-CUE can integrate with AGNI, the next-generation NAC solution from Arista (see the Integration with AGNI section). CV-CUE also enables integration with 3rd party NAC solutions. The latest Wi-Fi security protocols such as Opportunistic Wireless Encryption (OWE) and WPA3 are supported by CVCUE.
Integration with AGNI
CloudVision AGNI (Arista Guardian for Network Identity) is the Arista cloud-based NAC solution. CV-CUE integrates with AGNI to provide information that simplifies NAD provisioning. Examples of such information include:
- MAC addresses of the various NADs
- Defined Roles
- SSID information
- Location information
Integration with Google G Suite
Google G Suite for business or education, can be used to enforce an additional layer of security for Wi-Fi users with Arista’s Wi-Fi integration. No additional hardware, software or license is required. Regardless of whether PSK or 802.1X is being used for authentication, network access control for WiFi users and devices can be enforced based on a users’ Google account privileges and organization unit (OU) membership.
Role Based Control
Role based controls can be enforced on a per SSID basis. Role profiles can be created to match roles configured in the RADIUS server, Google G Suite or both. Rules of precedence can be used to combine settings defined in a role profile and SSID, and enforce policies in terms of role attributes such as VLAN access, firewall rules, application firewall rules, per user bandwidth control and redirection to a captive portal.
SAML Integration
CV-CUE supports SAML Single Sign-on (SSO) integration with a captive portal for Wi-Fi user authentication. SAML allows the customers to use a third party authentication service for SSO. SAML SSO gives the ability to authenticate users using an Identity provider (IDP).
Wi-Fi Reports
CV-CUE supports on-demand and pre-scheduled generation of reports for inventory management, compliance and operational status updates. This includes inventory of managed Wi-Fi devices, in-depth compliance reports for WIPS, list of Wi-Fi and WIPS alerts etc.
APIs and Third-party Integration
With Single Sign-On, powerful Web APIs, and secure tunneling, integrating the Arista Cloud with third-party systems, in-cloud, or on-premises, is easy. Both push and pull mechanisms are available. Using custom applications, Wi-Fi analytics can be pulled from the Arista Cloud or configuration and policy changes can be pushed to it. Wi-Fi analytics from the Arista Cloud or directly from the Arista APs can also be pushed to third-party Web services. RSSI data for BLE clients can also be pushed to 3rd-party servers, e.g. location-based systems.
Cloud Integration Point
Whether you are using Arista WIPS or transitioning to cloud based Wi-Fi, integrating the Arista cloud Wi-Fi server with your on-premise systems allows you to leverage key advantages of the cloud server while continuing to use your existing infrastructure. It also saves you the time, effort, and cost of installing and maintaining an on-premise Arista Wi-Fi server. A Cloud Integration Point (CIP) is an Arista AP that enables the integration of the Arista Wi-Fi cloud server with existing third-party services on-premises.
The data exchanged between Arista Cloud and an onpremise Cloud Integration Point (CIP) is secured with AES-256 encryption. The CIP contains a firewall that only forwards traffic to the specified local destinations on the defined ports. It also isolates the network with NAT so client connections cannot be established through the CIP.
Enterprise Security Management (ESM)
Integration with Enterprise Security Management servers enables Arista Cloud to send events and audit logs to Syslog and ArcSight servers, allowing customers to use their existing logging infrastructure to manage Arista events and logs.
Web Shell
CV-CUE provides a Web-based SSH login to a specific Access Point CLI. Web Shell is helpful to troubleshoot AP issues, especially if an AP is behind a NAT.
Wireless Intrusion Prevention
With the multi-function radio acting as a dedicated wireless intrusion prevention (WIPS) sensor, wireless threats are detected and blocked almost instantly in your network. CVCUE works with the APs, which are powered by patented techniques such as Marker PacketsTM, to enable surgical over-the-air intrusion prevention, automatically and accurately creating alerts and classifying wireless threats. All Arista Wi-Fi 5 and Wi-Fi 6 APs can be configured to run as dedicated WIPS sensors. Arista APs equipped with BLE radios can also scan for BLE devices. Network administrators can view these devices on CV-CUE and also change their classification from ‘Uncategorized’ to ‘Authorized’ and viceversa.
Edge Threat Management
Security being a key element of Arista’s campus solution, CV-CUE provides Wireless IPS, Next Gen Firewall and Micro Edge for threat management. This integrated approach provides network administrators with the ability to ensure protection, monitoring and control across devices, applications, and network airspace, enforcing a consistent security posture over the entire digital attack surface.
Social Wi-Fi
Inbuilt integration with Facebook, Google+, Twitter, LinkedIn, Instagram and Foursquare enables guest on-boarding using social login.
Bonjour Gateway
Arista APs can be configured as a Bonjour Gateway to allow Wi-Fi clients to discover and access Bonjour services across VLANs. This feature can be enabled on a per SSID basis and works for both static and dynamic VLANs.
GDPR Compliance
Arista Networks provides General Data Protection Regulation (GDPR) compliant Arista Cloud Wi-Fi to its partners, resellers, and customers in the European Union. The Arista Cloud acts as a GDPR Processor of personal data.
Specifications:
CV-CUE System Requirements
| Feature/Platform |
CV-CUE (Cloud Subscription) |
CV-CUE (ESXi on-prem) |
CV-CUE (KVM on-prem) |
CV-CUE (CVP Cluster on-prem) |
| Supported Browser |
Latest version of Chrome / Firefox / Microsoft Edge |
| Base OS |
Centos 7.5 |
| System Requirements |
NA |
Up to 1000 APs
CPU - [email protected]
Reserved
RAM – 8GB Reserved
Hard Disk - 250GB, Thin
Provisioning
Up to 5000 APs
CPU - [email protected] Reserved
RAM – 32GB Reserved
Hard Disk - 500GB, Thin Provisioning |
Up to 1000 APs
CPU - [email protected] Reserved
RAM – 8GB Reserved
Hard Disk - 250GB, Thin Provisioning
Up to 5000 APs
CPU - [email protected] Reserved
RAM – 32GB Reserved
Hard Disk - 500GB, Thin Provisioning |
NA |
| Client Journey |
|
|
|
|
| Application Visibility and Control |
|
|
|
|
| WIPS |
|
|
|
|
| Baselining |
|
Limited1 |
Limited1 |
Limited1 |
| RCA Engine |
|
|
|
|
| Auto Packet Capture and Troubleshooting |
|
Limited2 |
Limited2 |
Limited2 |
| Network Profiling |
|
|
|
|
| RF Optimization |
|
|
|
|
| Wi-Fi Analytics |
|
Limited3 |
Limited3 |
Limited3 |
| Guest and Captive Portal Management |
|
Limited4 |
Limited4 |
Limited4 |
| Wi-Fi ACLs |
|
|
|
|
| RBAC |
|
|
|
|
| Automatic Updates and Upgrades |
|
Customer Managed |
Customer Managed |
Customer Managed |
1Baselining: Based on only 7 days of history and drilldown not available from baseline charts.
2Auto Packet Capture & troubleshooting: Automatic display of packet capture in “Packets” not available.
3WiFi Analytics: No visualization of association and presence analytics data. No guest analytics.
4Guest and Captive Portal Management: No “Canvas” to create captive portal and landing pages or campaigns. No social media authentication.
No captive portal hosting capabilities.
