Critical Capabilities for Wired and Wireless LAN Access Infrastructure
Published 21 August 2018 - ID G00346712 - 37 min read
Trends such as network automation, use of richer analytics and the need to secure IoT endpoints are emerging as critical components in access networking solutions. I&O leaders can use this research to assess vendor hardware and software capabilities across six enterprise access networking use cases.
Overview
Key Findings
-
All vendors serving this market can provide the needed functionality to serve basic connectivity needs, yet capabilities can vary significantly for network application services such as policy enforcement, network management and assurance, and locationing.
-
The Internet of Things (IoT) has begun to play a bigger role in wireless LAN (WLAN) deployment decisions, including related security implications. The diversity of IoT devices has made authentication and device identity management methods more challenging.
-
The use of artificial intelligence (AI) and machine learning (ML) technology can further complement the use of analytics for root cause analysis and problem remediation, especially for wireless.
Recommendations
Infrastructure and operations (I&O) leaders responsible for planning, sourcing and managing wired and wireless access networks and related services should:
-
Shortlist vendor proposals by identifying how each vendor’s network service applications match with the level of services required for both new and legacy access network infrastructure.
-
Assess security capabilities for IoT use cases, such as secure tunneling and automatic detection and segmentation functionality. This will help separate IoT solutions from the rest of the corporate network, since IoT endpoints are prone to weak or nonexistent authentication.
-
Implement best practices for strong implementation of WLANs. While the use of analytics leveraging AI/ML can simplify troubleshooting and deliver better network assurance, poorly designed and implemented WLANs will continue to result in a poor user experience.
Strategic Planning Assumption
By 2021, more than 60% of all IoT devices on enterprise infrastructure will be “virtually segmented” from traditional business applications, up from less than 5% today.
What You Need to Know
This Critical Capabilities research is the companion to Gartner’s “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.” It scores 17 vendors across six use cases designed to reflect the primary evaluation criteria Gartner recommends for use by I&O leaders responsible for planning, procuring and managing enterprise wired and wireless access networks.
The rated vendors provide some or all of the core hardware and software for:
-
Wired access network switches
-
WLAN, including wireless access points (APs) and physical or virtual WLAN controllers
-
Network service applications that are cloud-, appliance- or virtual appliance-based, including but not limited to:
-
Network management, monitoring and performance
-
Access control and security
-
Policy enforcement
-
Location services
-
Analytics for security, network performance or vertical market applications (such as mobile marketing)
-
As the market has evolved, standards-based access networking hardware has become less differentiated. Many enterprises now focus more on the features and functionality of network service applications when evaluating which vendor will best meet the organization’s access network requirements. Additionally, enterprises are scrutinizing network service applications for WLAN-only and remote branch office connectivity, either on-premises or in a public or private cloud. This Critical Capabilities note revises the use-case definitions to reflect this changing landscape.
Analysis
This research is intended to help organizations shortlist vendors that match their access networking requirements. It evaluates vendor effectiveness in addressing an organization’s needs in six use cases:
-
Unified wired and WLAN access managed through a “single pane of glass” for tasks such as device configuration and troubleshooting, with the aid of reporting tools
-
Wired-only access network refresh or new build, with requirements either for a wired-only network or for expanding- or refreshing-only wired switching
-
WLAN-only refresh or new build, reflecting requirements not only for the wireless elements of a unified access network, but also for a “wireless-first” environment, where the WLAN is the primary or predominant first connection to the enterprise network
-
Performance stringent applications, for deployments that require high availability or must support latency-sensitive applications, using either a cloud-based or on-premises management solution
-
Multivendor networking environment to address enterprises that must manage a mix of vendor infrastructure
-
Remote branch office with corporate headquarters (HQ) to address organizations with widely distributed offices in addition to a central corporate office
The Critical Capabilities research differs from that performed for “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure” by focusing on product and service capabilities, rather than the vendor’s position, vision and execution in the market for enterprise networks.
Critical Capabilities Use-Case Graphics
Figure 1. Vendors’ Product Scores for Unified Wired and WLAN Access Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Figure 2. Vendors’ Product Scores for Performance Stringent Applications Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Figure 3. Vendors’ Product Scores for Multivendor Networking Environment Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Figure 4. Vendors’ Product Scores for Remote Branch Office With Corporate HQ Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Figure 5. Vendors’ Product Scores for Wired-Only Refresh/New Build Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Figure 6. Vendors’ Product Scores for WLAN-Only Refresh/New Build Use Case
HPE = Hewlett Packard Enterprise
Source: Gartner (August 2018)
Vendors
Aerohive
Aerohive provides a cloud-managed access networking portfolio of access points, switches and branch routers, with an emphasis on serving WLAN-focused deployments through its controllerless architecture and HiveManager management platform, available as either on-premises or through the cloud. HiveManager offers network access, policy management and security behavioral analytics. Aerohive also includes basic management functionality in the price of its wireless APs and switches, with customers able to buy additional functionality for network access, policy management and security behavioral analytics in full versions of HiveManager. The company’s basic (seven models) lineup of stand-alone and stackable wired switches limits its capabilities for enterprises requiring wired-only campus networks. The switch portfolio is nonetheless sufficient for branch office deployments and for most unified wired and wireless access networking use cases where the enterprise prefers a single vendor. Aerohive customers with more complex switching requirements, such as 802.3bz multigig ports, can use HiveManager’s full capabilities to manage the broader N-Series switches from strategic partner Dell EMC. Organizations using Juniper Networks campus switches can use that vendor’s Sky Enterprise management solution to also monitor Aerohive wireless access points, via HiveManager APIs integrated with Sky. Large or midsize enterprises should evaluate Aerohive for primarily WLAN-focused solutions in its targeted markets of retail, education and distributed enterprises for the company’s primary regions of North America and EMEA.
ALE
ALE, marketed under the brand Alcatel-Lucent Enterprise, provides a unified wired and wireless access network using its OmniSwitch wired campus switches paired with the cost-competitive OmniAccess Stellar line of wireless access points. Organizations can manage the same switch and AP hardware with either the OmniVista 2500 Network Management System (NMS) on-premises solution, or ALE’s newer Cirrus cloud-managed SaaS option. Cirrus provides some price flexibility by offering a “freemium” tier of basic services. These provide entry-level functionality, such as a dashboard for viewing basic network and device inventory and available software and firmware updates for registered network devices. Organizations requiring more advanced services (such as network provisioning, unified management of ALE switches and Stellar APs, network heat mapping, and network performance monitoring) must buy the premium Cirrus tier. Enterprises with multivendor deployments of ALE and HPE Aruba hardware also can do basic network management of HPE Aruba APs with OmniVista 2500, utilizing either that solution or Aruba’s ClearPass Policy Manager for access control and guest access management. Organizations with branch or campus networks in ALE’s primary enterprise markets of hospitality, healthcare, education and government in its primary business regions of EMEA, North America and Asia/Pacific outside of China should include ALE in their access layer vendor evaluations.
Allied Telesis
Allied Telesis offers an end-to-end portfolio comprising LAN switching, WLAN and network management. All products, including industrial-grade switches, use the same operating system (AlliedWare Plus), offering uniform functionality and upgradability. Enterprises can manage the switching and WLAN product portfolio on-premises with Vista Manager EX or in the private or public cloud using Autonomous Management Framework (AMF) Cloud. Customers requiring a controller-based architecture must use the Autonomous Wave Control (AWC) plug-in with the vendor’s Vista Manager EX unified management solution or integrated with Allied Telesis’ AR-Series firewall products. Allied Telesis’ switching product line is broad, but as with the rest of its portfolio predominantly targets small and midsize businesses (SMBs). The wireless offering remains limited, despite the launch of the MWS “small business” series access points in 2017. Vista Manager EX supports multivendor monitoring, requiring SNMP configuration. Allied Telesis offers limited choices for guest access functionality, and onboarding capabilities for wired/wireless policy enforcement are restricted. These limitations — plus limited capabilities for expanded requirements, such as indoor location or analytic reporting — place Allied Telesis in the bottom quartile of vendor scores for wireless-related use cases. Predominantly SMBs in the Asia/Pacific region, North America and EMEA should assess Allied Telesis for its wired and wireless LAN infrastructure needs.
ARRIS (Ruckus)
ARRIS International completed its acquisition of the former Ruckus Wireless and the Brocade ICX wired switch business of Broadcom in December 2017. Those operations now provide enterprise access networking solutions as “Ruckus Networks, an ARRIS Company.” Ruckus’ key enterprise vertical markets include hospitality, retailing, education and government, in addition to a strong focus on the service provider market. Ruckus offers enterprises unified wired and wireless access networking for on-premises managed and cloud-managed deployments. Ruckus’ primary solution is its line of SmartZone WLAN controllers, and alternative controllerless options include Unleashed and the subscription-based Cloud Wi-Fi offering. Both the on-premises and cloud architectures make use of the same wireless APs, but integration between Cloud Wi-Fi and the ICX campus switches remains limited. Organizations utilize the Cloudpath Enrollment System, as either a cloud or on-premises solution, for wired and wireless access management, policy management, onboarding and guest access control. Organizations utilize the SmartCell Insight (SCI) network analytics tool for WLAN reporting and analytics.
Organizations in Ruckus’ primary global markets of hospitality, retailing, education and government should evaluate Ruckus for enterprise access networking requirements.
Cisco
Cisco continues to provide the broadest portfolio of access wired switching and WLAN products. The company introduced its Software-Defined Access architecture in 2H17, which provides automation and programmable policy enforcement and segmentation from the edge of the network to the application. The launch of the Catalyst 9000 switching product line, and more recently the Aironet 4800 access points, is part of the solution. Customers must choose between two separate access layer solutions — Aironet/Catalyst and Meraki — which are loosely tied together through the Digital Network Architecture Center (DNA-C) network monitoring dashboard. The DNA-C offering provides management and automation capabilities for the Cisco Aironet and Catalyst product lines that are not available in the Meraki cloud platform. DNA Center version 1.1 enables a single dashboard for visibility and control for both Meraki and Aironet/Catalyst product families, even though Cisco continues to maintain the Meraki Dashboard for full management of Cisco Meraki switches and APs. Cisco SD-Access along with Assurance provides network analytics across the access layer that works in conjunction with the automated network fabric. This provides initial provisioning of network components and ongoing automation of policies, as well as the capability to simplify IoT deployments through virtual segmentation. Clients should assess Cisco globally for all enterprise on-premises and cloud-based access layer opportunities.
Dell EMC
Enterprise customers using Dell EMC infrastructure for a unified wired and wireless access network essentially get Aerohive APs and Dell EMC’s N-Series campus switches. These are managed (both on-premises or from the cloud) by a fully integrated, Dell-branded version of Aerohive’s HiveManager NG. However, this solution does not support management of access infrastructure for vendors other than Dell EMC and Aerohive. Users must deploy Dell EMC OpenManage Network Manager for wired switches from third-party vendors. Organizations that require features or capability beyond HiveManager NG can use the vendor’s own ecosystem of integrated solutions for unified endpoint management (VMware AirWatch), multifactor network access control (Impulse SafeConnect) and security behavioral analytics (RSA NetWitness). In 1Q18, Dell EMC announced an OEM relationship with Ruckus. Midsize enterprises in Dell EMC’s primary target markets of public education, healthcare, hospitality and government can consider this vendor for their access networking requirements, especially in global regions where its sales and support infrastructure is more developed than Aerohive’s.
D-Link
D-Link can provide low-cost wired and wireless access network infrastructure suitable for campus networks or branch location deployments with basic connectivity and management requirements. Organizations can manage D-Link enterprise switches and APs using its on-premises, browser-based D-View 7 software. This software provides basic network monitoring and management functionality, including device identification, traffic management and management of third-party devices using command line interface (CLI) scripts. In 1Q18, D-Link announced its Nuclias cloud-based (and controllerless) wired/wireless network management platform, which can be deployed in a multitenant environment. Nuclias complements D-Link’s management capabilities, but was not included in the scores of this research note. D-Link includes basic guest access network capabilities at no extra cost with its Wireless Controller (DWC), Business AP (DAP and DWL) and campus switch (DES/DGS/DXS) product lines. The vendor does not provide more complex network services applications, such as location-based services. This makes it suitable primarily for cost-conscious organizations with basic access networking requirements in regions such as EMEA and North America, where D-Link has its largest business presence.
Extreme Networks
Extreme Networks is a wired/wireless LAN access layer vendor that continues to expand globally. In the past year, we have seen Extreme demonstrate its ability to deploy and support clients globally with a portfolio that allows Extreme to address all enterprise access layer opportunities. Extreme has edge-to-core infrastructure solutions that can be optimized from on-premises, cloud or hybrid network service applications. The company’s customers have licensing flexibility instead of a “one size fits all” model for applications needed for their business requirements, such as ExtremeManagement, ExtremeControl and ExtremeAnalytics. Extreme Fabric Connect also addresses the growing need for IoT segmentation, and ExtremeAI uses network data and machine learning to automatically tune the wired and wireless access network. Extreme is one of only three vendors covered by this research that supports time-sensitive networking services across a number of its switching platforms. Extreme continues to provide strong customer service through a **** insourced service and support team. While Extreme is still a relatively small campus network provider, in 2017, the company revenue grew by 36% for switches and doubled for WLAN. Most growth was due to acquisitions, although the company reported organic revenue growth as well. Clients should assess Extreme Networks globally for all wired/WLAN access layer opportunities.
Fortinet
Based on version 6.0 of its Fortinet network security OS (FortiOS), Fortinet has expanded the automation and AI capabilities of its core network and security management platform. Unifying its products into its Security Fabric umbrella enables single-pane-of-glass access to security, application identification, policy application and enforcement integration. Additionally, enterprises manage Fortinet’s wireless and wired switching as a unified fabric, which allows simplicity of end-to-end network configuration by treating both wired and wireless networks as a single entity. FortiCloud provides network management from the cloud, both as a free offering or subscription-based for additional features such as customized reporting and sandboxing. The FortiWLM provides management of wireless infrastructure, with the option of deploying it as a virtual machine in the cloud. Fortinet has placed additional emphasis on building its wired and wireless network products with IoT and multicloud access requirements at top of mind. However, Fortinet does not offer the same capabilities when applied to a multivendor environment, which is the status quo for most environments in which Fortinet will be deployed. This requires that enterprises operate multiple distinct network infrastructures, each with its own tools, which increases complexity and has a negative effect on cost of ownership. Evaluate Fortinet when considering vendors for a unified-access network deployment.
HPE (Aruba)
Aruba, a Hewlett Packard Enterprise company, is one of the leading global providers of wired and wireless access networking products. Aruba ranked top in five use cases. The 8400 and 8320 aggregation/core switches have made its end-to-end solution more complete, on capabilities including automation, network analytics and security. Aruba offers WLAN controllerless options with its Instant access points, as well as a cloud-managed subscription offering with Aruba Central, which can also manage switches. Aruba Central nonetheless continues to lag behind in full-feature parity compared with its on-premises AirWave and ClearPass solutions. AirWave (network management) and ClearPass (network access control) remain some of the most complete solutions in the market. AirWave provides basic configuration for a list of supported third-party devices, predominantly legacy products from Cisco and Juniper. Recent integration of user and entity behavior analytics (UEBA) provides ClearPass the ability to act on anomalous and inconsistent activities that may indicate a security threat, leveraging ML technology. Aruba continues to develop its capabilities for network service assurance through NetInsight, which provides analytics on user connectivity for recommended network configuration changes. Aruba continues to lag on IT/operational technology (OT) convergence. Aruba’s wired and wireless LAN solutions are suitable for consideration globally for all access layer opportunities.
Huawei
Huawei’s Enterprise Business Group (EBG) has a large wired/wireless access layer portfolio. The Agile Controller-Campus (AC-Campus) campus networking flagship product leverages software-defined network (SDN) technology, scaling up to 6,000 APs and more than 1,000 access switches. AC-Campus subscriptions deliver functionality encompassing AAA security, authentication, onboarding, guest access management and security orchestration. The on-premises implementation of AC-Campus leverages eSight for integrated wired and wireless network management, additionally supporting basic multivendor network device monitoring and management using SNMP. Huawei’s CloudCampus architecture allows management of wired and wireless LAN infrastructure in a private or public cloud, including firewalls and access routers. Organizations have the flexibility of being able to shift from an on-premises to a cloud-managed deployment via a software and license upgrade. Huawei has added 2.5/5 Gbps support to its S6720-SI fixed-form switching series. Huawei remains one of the most cost-effective vendors profiled in this research. Huawei relies on partnerships for its location-based services. Its CampusInsight solution filled a gap in analytical reporting and automation for network service assurance. However, this product was introduced in 1Q18 and for this reason was not included in the scores of this research note. Assess this vendor for enterprise campus deployments primarily in its core markets of China and EMEA.
Juniper Networks
Juniper introduced its subscription-based Juniper Sky Enterprise platform in January 2018 for cloud management of its networking and security products. Additional capabilities enable automation, zero-touch provisioning and less reliance on direct interface with the Junos OS, while still providing the CLI as an option. Juniper continues to align its products with a security focus under the Software-Defined Secure Networks (SDSN) banner, which provides automated and centralized security policy definitions through the Juniper Policy Enforcer engine. SDSN utilizes all Juniper switches, routers and firewalls for security profiling and threat detection, while integrating directly into the Juniper Sky Enterprise cloud platform.
Juniper NFX products offer compelling WAN edge capabilities with support for virtual customer premises equipment (vCPE) and network function virtualization (NFV), managed by the Contrail Controller. Junos Fusion provides switch aggregation to support integrated management of multiple campus switches as a single logical device. Campus and data center EX switches are now fully integrated into the Jupiter Sky Enterprise cloud platform. However, despite continuing to build on its wired networking infrastructure capabilities, Juniper still relies on partnerships for wireless products and management systems. This limits the control that it can have over its wireless technology roadmap and how well it can provide an integrated end-to-end networking offering. Assess Juniper for wired switching opportunities or for unified access networking if your organization has WLAN requirements that can be met by Juniper’s WLAN partners.
LANCOM Systems
LANCOM Systems can provide wired and wireless access networking infrastructure suitable for basic enterprise connectivity, using either stand-alone, controller-based or controllerless architecture managed by the LANCOM Management Cloud (LMC) solution. The portfolio of wired campus switches and wireless APs is competitively priced with comparable hardware and network service applications available from larger competitors. However, LANCOM’s ability to support management of multivendor hardware deployments was still under development at the time of this research. The company provides a REST API enabling third-party developers to access monitoring data gathered by LMC, to use for advanced network analytics and other functionality. Customers requiring IoT traffic segmentation are limited to LANCOM’s solution focused on its ePaper digital labeling and signage product, which uses the AP as a gateway for aggregating and segregating IoT endpoint traffic. The vendor currently has its business concentrated in Western Europe, primarily Germany, making it suitable for enterprise access networking requirements in that region.
Mist Systems
Mist Systems offers its own WLAN portfolio, plus wired switches from strategic technology partners like Juniper. The core competency and innovation of Mist is provided in its wireless portfolio that is typically delivered as a service from the cloud. Both wired and wireless products can be purchased from Mist for a complete access layer solution, but the recommended route is to purchase through channel partners. Mist’s dual radio access points have 16 integrated antenna elements for Bluetooth low energy (BLE) and collect over 100 different user states, which are processed through an unsupervised ML engine. Mist provides indoor location capabilities and virtual BLE beacon functionality for wayfaring applications and asset management. Mist’s AI-driven Wi-Fi provides guest access, network management and policy applications, as well as analytics, IoT segmentation and behavioral analysis at scale. The Mist architecture also allows it to leverage AI technology for proactive operations, predictive recommendations and rapid troubleshooting required to provide network assurance and automation. Enterprises should evaluate Mist for access layer opportunities globally.
Mojo Networks
Mojo Networks offers a wireless-focused, cloud-managed access layer infrastructure with its portfolio of access points, access layer applications and a limited lineup of wired switches. While focused in North America, Mojo has a global customer base. The cloud-managed Cognitive WiFi solution has been optimized for large-enterprise networks, as well as higher education and K-12 markets, but it can be deployed on-premises if needed. While this provides flexibility, on-premises network management lacks some advanced capabilities, such as indoor location services and IoT containment. Having a software-defined solution, Mojo has the industry-leading ability to create a digital twin of an existing client network in the cloud and test configuration changes or new code revisions in a digital “sandbox.” Network analytics is provided within Mojo Cognitive WiFi, with the ML and big data platform tracking more than 300 key performance indicators (KPIs). Mojo’s wired portfolio is basic, consisting of three fixed-format Ethernet switches, and the company’s capabilities to support IoT segmentation/containment are limited. Evaluate Mojo Networks in North America for all wireless cloud-based access layer connectivity projects and globally through distribution partners that provide the required ability to support installations. In August 2018, Arista Networks announced the intention to acquire Mojo Networks, with the acquisition expected to be completed in 3Q18.
New H3C
New H3C Group, a joint venture of Tsinghua Holdings (51%) and HPE (49%), has a large wired/wireless access layer portfolio. Enterprises can use New H3C’s intelligent Management Center (iMC) for unified wired/wireless management, as well as for applications such as device profiling, policy enforcement, network traffic analysis, and management of quality of service (QoS) configurations. In a cloud-managed and multitenant environment, the H3C Oasis platform provides data analytics and basic device/user behavior analysis. Introduced in 2017, the Wireless Beneath Cloud (WBC) controller enables a private cloud implementation of the Oasis platform. Integrating with edge computing capabilities, the WBC supports location-based services, analytics and network assurance services. The company has also made progress with its CUPID 2.0 indoor location service platform, with advancements to its algorithms and broader support of location technologies. Despite CUPID’s updates to integrate data from both Bluetooth beacons and Wi-Fi, New H3C has few partners outside China, limiting the development of location applications outside the region.
Although New H3C’s target customer base includes service providers and smart city deployments, other key vertical markets include education, healthcare and government. Basic multivendor network management support is available for selected Cisco and Aruba devices. New H3C has the vast majority of its business concentrated in Asia/Pacific, primarily China, making it suitable for enterprise access networking requirements in that region.
Riverbed
Riverbed continues to align its products around SteelConnect as the central management and configuration platform for its products. The integration of the WLAN and switching assets acquired from Xirrus with SteelConnect’s software-defined WAN (SD-WAN) functionality has expanded Riverbed’s capabilities from the edge of the network to the WAN. Riverbed has retained the Xirrus brand. The Xirrus product line has a proven track record in providing high-performance Wi-Fi supporting low to high densities and challenging RF environments, with the ability to scale. Xirrus Management System (XMS) manages WLAN infrastructure, and SteelConnect Manager further integrates wired and WAN network management. Both solutions can be deployed on-premises or in the cloud. EasyPass, an add-on for XMS, offers ease of access for guests, bring your own device (BYOD) and IoT devices, as well as single sign-on (SSO) integration with Office 365 and Google G Suite. SteelCentral Aternity, also integrated into Xirrus WLAN, provides end-user experience monitoring of business applications. While Riverbed has increased its capabilities at the edge, it does not have a product line for aggregation and core switches, which hampers its ability to offer a single-pane-of-glass platform for SD-WAN and software-defined LAN (SD-LAN). The former Xirrus switches, rebranded SteelConnect, predominantly meet the needs of the midmarket, which is not aligned with the SteelHead, SD-WAN and Xirrus products, which have large-enterprise capabilities. Riverbed can be considered globally as an enterprise branch office wired and wireless access networking option.
Context
Access layer hardware has become increasingly commoditized, especially from mainstream vendors, with all major vendors offering 802.11ac Wave 2 access points. A growing number of switch models support 2.5/5 Gbps (multigigabit), even though availability of the technology has made slow progress since the ratification of the 802.3bz standard in September 2016. This means that vendor differentiation continues to predominantly rely on software capabilities used to configure, secure, manage and operate the network. Network service applications supporting mobile work styles have become a more significant consideration for enterprises planning central office or campus network support for voice over wireless LAN (VoWLAN), onboarding and monitoring of BYOD devices and location-based services. Equally important are network service application capabilities supporting outsourced managed LAN services. For these, the customer may focus on network assurance capabilities and on the SLAs for supporting a specific user experience more than on the listed throughput, capacity or antenna specs for the deployed infrastructure.
IoT has begun to play a bigger role in WLAN deployment decisions, especially in vertical markets such as manufacturing, transportation, retail, healthcare and utilities. Gartner has forecast the installed base of IoT endpoints in businesses to surpass 9 billion units by 2021. IoT devices and new applications will increasingly impact WLAN investments, with the need to meet latency and high-coverage density requirements. A growing number of organizations are also looking at the convergence of IT and OT, with emerging technologies such as Time-Sensitive Networking (TSN). For industrial automation use cases and critical control loops, wired and wireless TSN capabilities allow mission-critical real-time traffic with extremely low packet loss, low jitter and zero congestion loss (for more information, see “Emerging Technology Analysis: Time-Sensitive Networking”).
IoT has also brought new requirements and challenges from a security standpoint. As highlighted in “IoT Solutions Can’t Be Trusted and Must Be Separated From the Enterprise Network to Reduce Risk,” a CEB (now Gartner) survey found that nearly 20% of organizations observed at least one IoT-based attack in the past three years. Unlike laptops and servers that can be authenticated through 802.1X and managed through enterprise mobility management (EMM) and network management applications, the diversity of IoT devices leaves enterprises vulnerable. Wired and wireless access layer capabilities addressing IoT security needs include tunneling functionality based on identity, policy enforcement using context-based variables, segmentation with traffic filtering, and IoT traffic isolation into IPsec encrypted zones.
In the past 18 months, we have seen growing activity in the realm of ML and AI technology in campus networking for wireless, wired and device problem identification. As highlighted in “Automation and AI Will Slash Access Layer Downtime and the Reliance on Network Administrators,” we anticipate that, in the next three to five years, most access layer vendor offerings will leverage analytics for root cause analysis and problem remediation. By leveraging AI/ML, the resolution of network issues will be able to advance from generating alerts to making real-time changes at the edge of the network. This can impact tasks encompassing policy enforcement, troubleshooting and network automation, ultimately delivering better network assurance.
Worldwide port shipments for campus Ethernet switches grew by 20% from 2016 to 2017 and revenue by 7%. Enterprise WLAN market revenue grew by 12%, which represented an improvement compared with the 9.5% increase seen from 2015 to 2016. For more information, see “Market Share: Enterprise Network Equipment by Market Segment, Worldwide, 4Q17 and 2017.”
Product/Service Class Definition
Wired/WLAN access networking consists of a wide range of features and functions. In this research, we examine six critical networking capabilities that enterprises should consider when looking to develop broad, unified and access layer migration roadmaps, and when choosing strategic suppliers. We evaluate vendors on the following capabilities.
Critical Capabilities Definition
This accounts for the vendor’s wired switching solution hardware (fixed-form-factor and modular) and integrated software, which may include port-extension capabilities. Key components include performance, availability, scalability, interoperability, cost, support and the portfolio architecture.
Capabilities also include:
-
Form factors and port densities that meet specific wired switching requirements. These include fixed-form-factor, port-extension and chassis-based switches.
-
802.3bz capabilities that enable 2.5/5Gb links to wireless access points for supporting high-density 802.11ac Wave 2 deployments without the need to replace existing Cat 5e or Cat 6 cables.
-
Single-application management of hardware from differing vendors, including end-user security and policies.
This accounts for the vendor’s wireless-access solution in a traditional, carpeted enterprise, which includes hardware (such as access points in a variety of configuration and antennas) and integrated software.
Key capabilities include:
-
A range of wireless AP form factors to support different indoor and outdoor enterprise and campus environments.
-
The ability to measure latency for voice and data applications and to provide sufficient data for mean opinion score (MOS) calculations to support toll-quality VoWLAN.
-
Single-application management of hardware from differing vendors, including end-user security and policies.
-
Ability to scale from hundreds to several thousand APs. The network retains active ability of connectivity to the controller, whether on-premises or cloud-based.
This provides the ability to define granular access policy enforcement.
It includes the ability to provide captive portals for guests and to onboard IoT and other “headless” devices (without a human interface, such as printers and digital signage). It also includes the ability to define roles of varying access to the network, with attention to BYOD situations.
Access roles will use device, device profile, user, location, time/date, duration and application access as primitives to consistently determine access to the wired or wireless network, regardless of device or location.
This refers to the deployment, configuration and ongoing management/administration capability of the vendor’s products and other access layer networking products.
This can also include functionality embedded into individual network elements, vendor-provided network management system software/hardware and integration with existing management tools (such as network performance monitoring [NPM] and network configuration and change management [NCCM]) via standardized protocols or APIs. Other capabilities include:
-
Zero-touch or automated provisioning
-
Policy-based management and configuration
-
Network monitoring
-
On-premises and cloud-based management options
-
Physical and virtual controller or controllerless options
This capability includes a broad and growing set of network service applications, including analytics, forensics, video services that enhance the application, network assurance solutions and location-based services, which may be vertical-market-specific.
Network analytics applications look at the network, as well as the end-user data. Network forensics tools determine what’s happening across the entire access layer, in addition to security functionality and fixed mobile convergence capabilities. Location services include the ability to provide Wi-Fi-based or active RFID/beacon location, as well as an application toolkit for zonal or real-time location services (RTLS). Other capabilities include:
-
Flexibility to deploy access network applications on-premises or in a private or public cloud to address implementation scenarios, such as remote or branch offices
-
Network application innovation to support security, policy enforcement and other access layer functionality
This is the ability of a network management solution to identify, configure and manage wired and WLAN elements from multiple vendors through a “single pane of glass.”
This capability may be enabled by:
-
Native multivendor capabilities for specified third-party vendor devices and software configurations
-
The ability to discover and manage third-party devices that support a standard SNMP Management Information Base (MIB) and Link Layer Discovery Protocol (LLDP)
-
The ability to manage configurations and hardware/software aspects of third-party components
-
The ability to gain visibility and analytics into the operation and the performance of third-party components
-
The use of a management agent installed on network devices or on a monitoring appliance to enable the provisioning, configuration or monitoring of the devices
-
Open APIs enabling third-party vendors to integrate with the vendor’s network management solution
Use Cases
This is an enterprise facility or campus environment with 500+ users that requires wired and WLAN access networking components to deploy across carpeted office spaces.
Unified wired and WLAN access will provide the ability to monitor and manage the network from one integrated network management solution.
Most users are typically badged employees, although contractors and guests also require connectivity. Employees are usually issued corporate-owned devices. However, the network may also support BYOD for mobile devices, such as smartphones, tablets and possibly laptops. This buyer is typically technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components. This is the most common use case for newly constructed office space, although it’s often initiated by a campus refresh.
This is a physical facility or campus environment requiring high network reliability or supporting a latency-sensitive application, with greater emphasis on wireless access.
Network application services that enhance voice and video applications are an important requirement.
This organization’s access network needs not only to be governed by uptime, but also to be measured by the availability of data center or cloud applications to end users. This includes the ability to use the network if multiple path redundancy is configured or if applications must be accessed locally. Most users are typically badged employees, but contractors and guests also require connectivity. This buyer is typically highly technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components.
This is a mixed vendor environment (for example, when an incumbent vendor’s equipment must be used with new equipment as part of the wired and WLAN access layer solution).
This encompasses a single, small location or a large, campus-based enterprise. Differing vendor hardware may be deployed at multiple locations, but the hardware and end-user security and policies must be managed by a single application that may be located in the cloud or on-premises. Most users are typically badged employees, but contractors and guests also require connectivity. This buyer is typically highly technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components.
This requires wired/WLAN access networking components and knowledge of WLAN connectivity.
This use case involves a single physical facility of 10 to 50 users, potentially with a headquarters site with up to 499. It is typically observed for small enterprises or small, remote offices of larger enterprises, deployed in carpeted office spaces where there is also a central corporate headquarters. Users are typically badged employees, but contractors and guests also require connectivity. Remote (cloud-based) network management is important functionality. This is because there is typically little or no on-site technical support in the remote locations, but there is an IT organization that supports these locations at the central headquarters.
This is a physical facility or campus environment with more than 500 users that requires only wired access networking components.
This use case is most often applied to “brownfield” and refresh opportunities, often when an incumbent wireless solution is in place and:
-
There is either no desire to replace it; or
-
It serves a highly risk-averse environment in which no wireless has been deployed
Most users are typically badged employees. However, contractors and guests also require connectivity. This buyer is typically technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components.
This applies to refresh opportunities or to new builds in which wireless was the primary or predominant connection to the enterprise network.
This use case can encompass single, small locations or large, campus-based enterprises. It may include limited wired components to provide connectivity for WLAN or as incremental updates for expanding an existing infrastructure. In addition to data connectivity, the implementation supports the use of the WLAN for toll-quality voice calls, either from cellular smartphones or from softphones on desktop, laptop or tablet computing devices. The voice requirement is to implement, manage and measure the network to provide toll-quality calls. This use case is typically observed for brownfield and refresh opportunities. Most users are typically badged employees, but contractors and guests also require connectivity. This buyer is typically highly technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components.
Vendors Added and Dropped
Added
-
LANCOM Systems was added for the first time this year.
Dropped
-
No vendors were dropped from the 2017 Magic Quadrant. The entry for Brocade (Ruckus) has changed to ARRIS (Ruckus), given that ARRIS completed its acquisition of Ruckus in 2017.
Inclusion Criteria
To qualify for inclusion, vendors need to:
-
Demonstrate relevance to Gartner clients in the enterprise access layer market by offering switching and WLAN hardware to address enterprise access layer networking requirements outlined in the Market Definition/Description section of “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.”
-
Demonstrate relevance to Gartner clients in the enterprise access layer market by providing one or more network service applications as outlined in the Market Definition/Description section of the Magic Quadrant, with annual network service application revenue exceeding $10 million.
-
Produce and release enterprise access layer networking products for general availability as of 15 February 2018. All components must be publicly available, shipping and included on the vendor’s published price list.
-
Have at least 50 enterprise customers that use its access layer networking products in production environments as of 15 February 2018.
-
Demonstrate production enterprise customers with at least five reference customers supporting access layer networks of more than 100 access points.
Table 1: Weighting for Critical Capabilities in Use Cases
|
Critical Capabilities
|
Unified Wired and WLAN Access
|
Performance Stringent Applications
|
Multivendor Networking Environment
|
Remote Branch Office With Corporate HQ
|
Wired-Only Refresh/New Build
|
WLAN-Only Refresh/New Build
|
|---|---|---|---|---|---|---|
|
Wired Access
|
20%
|
10%
|
10%
|
10%
|
50%
|
0%
|
|
WLAN Access
|
30%
|
20%
|
10%
|
20%
|
0%
|
50%
|
|
Network Access/Guest Access/BYOD
|
15%
|
10%
|
10%
|
20%
|
10%
|
10%
|
|
Management and Administration
|
15%
|
30%
|
10%
|
25%
|
15%
|
15%
|
|
Additional Network Service Apps
|
15%
|
30%
|
10%
|
25%
|
15%
|
15%
|
|
Multivendor Management Support
|
5%
|
0%
|
50%
|
0%
|
10%
|
10%
|
|
Total
|
****
|
****
|
****
|
****
|
****
|
****
|
|
As of August 2018
|
||||||
Source: Gartner (August 2018)
This methodology requires analysts to identify the critical capabilities for a class of products/services. Each capability is then weighed in terms of its relative importance for specific product/service use cases.
Critical Capabilities Rating
Each of the products/services has been evaluated on the critical capabilities on a scale of 1 to 5. A score of 1 = poor (most or all defined requirements are not achieved), while 5 = outstanding (significantly exceeds requirements).
Table 2: Product/Service Rating on Critical Capabilities
|
Critical Capabilities
|
Aerohive
|
ALE
|
Allied Telesis
|
ARRIS (Ruckus)
|
Cisco
|
Dell EMC
|
D-Link
|
Extreme Networks
|
Fortinet
|
HPE (Aruba)
|
Huawei
|
Juniper Networks
|
LANCOM Systems
|
Mist Systems
|
Mojo Networks
|
New H3C
|
Riverbed
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Wired Access
|
3.0
|
3.8
|
3.3
|
3.8
|
4.4
|
3.7
|
3.2
|
4.3
|
3.6
|
4.1
|
4.0
|
4.2
|
3.1
|
1.2
|
2.0
|
4.0
|
3.1
|
|
WLAN Access
|
4.0
|
3.9
|
2.6
|
3.8
|
4.1
|
3.2
|
3.0
|
4.1
|
3.7
|
4.3
|
3.8
|
2.5
|
3.2
|
4.2
|
3.8
|
3.7
|
4.0
|
|
Network Access/Guest Access/BYOD
|
3.8
|
3.5
|
2.4
|
3.8
|
4.3
|
3.8
|
2.5
|
4.2
|
3.7
|
4.3
|
3.7
|
3.4
|
3.0
|
4.0
|
3.5
|
3.6
|
3.5
|
|
Management and Administration
|
3.8
|
3.5
|
2.8
|
3.2
|
4.0
|
3.5
|
2.3
|
3.9
|
3.6
|
4.1
|
3.8
|
3.6
|
3.3
|
4.0
|
3.4
|
3.7
|
3.5
|
|
Additional Network Service Apps
|
3.8
|
3.5
|
2.3
|
3.2
|
4.0
|
3.3
|
1.0
|
3.6
|
3.7
|
3.9
|
3.8
|
2.6
|
2.3
|
4.0
|
3.2
|
3.7
|
3.7
|
|
Multivendor Management Support
|
3.2
|
3.2
|
2.6
|
2.8
|
2.8
|
3.2
|
2.0
|
3.5
|
2.7
|
3.5
|
3.2
|
3.3
|
2.0
|
3.3
|
3.2
|
3.4
|
3.2
|
|
As of August 2018
|
|||||||||||||||||
Source: Gartner (August 2018)
Table 3 shows the product/service scores for each use case. The scores, which are generated by multiplying the use-case weightings by the product/service ratings, summarize how well the critical capabilities are met for each use case.
Table 3: Product Score in Use Cases
|
Use Cases
|
Aerohive
|
ALE
|
Allied Telesis
|
ARRIS (Ruckus)
|
Cisco
|
Dell EMC
|
D-Link
|
Extreme Networks
|
Fortinet
|
HPE (Aruba)
|
Huawei
|
Juniper Networks
|
LANCOM Systems
|
Mist Systems
|
Mojo Networks
|
New H3C
|
Riverbed
|
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Unified Wired and WLAN Access
|
3.67
|
3.67
|
2.70
|
3.57
|
4.10
|
3.45
|
2.51
|
4.02
|
3.62
|
4.13
|
3.80
|
3.20
|
2.97
|
3.47
|
3.22
|
3.73
|
3.59
|
|
Performance Stringent Applications
|
3.76
|
3.61
|
2.62
|
3.44
|
4.09
|
3.43
|
2.16
|
3.92
|
3.66
|
4.10
|
3.81
|
3.12
|
2.93
|
3.76
|
3.29
|
3.72
|
3.62
|
|
Multivendor Networking Environment
|
3.44
|
3.42
|
2.64
|
3.18
|
3.48
|
3.35
|
2.20
|
3.76
|
3.18
|
3.82
|
3.51
|
3.28
|
2.49
|
3.39
|
3.19
|
3.57
|
3.38
|
|
Remote Branch Office With Corporate HQ
|
3.76
|
3.61
|
2.61
|
3.50
|
4.12
|
3.47
|
2.25
|
3.97
|
3.67
|
4.13
|
3.80
|
3.15
|
2.95
|
3.76
|
3.31
|
3.71
|
3.61
|
|
Wired-Only Refresh/New Build
|
3.34
|
3.62
|
2.92
|
3.52
|
4.11
|
3.57
|
2.55
|
4.05
|
3.54
|
4.03
|
3.83
|
3.70
|
2.89
|
2.53
|
2.66
|
3.81
|
3.30
|
|
WLAN-Only Refresh/New Build
|
3.84
|
3.67
|
2.57
|
3.52
|
3.96
|
3.32
|
2.45
|
3.95
|
3.59
|
4.13
|
3.73
|
2.85
|
2.94
|
4.03
|
3.56
|
3.66
|
3.75
|
|
As of August 2018
|
|||||||||||||||||
Source: Gartner (August 2018)
To determine an overall score for each product/service in the use cases, multiply the ratings in Table 2 by the weightings shown in Table 1.
Evidence
For this research, we considered:
-
More than 500 access network-related Gartner client inquiries conducted during the evaluation period.
-
Vendor questionnaire responses and vendor briefings conducted during the product evaluation period and conducted specifically for this document.
-
A survey of 126 vendor-provided client references.
-
Other publicly available vendor product and service information, and interaction with other Gartner analysts who have conducted inquiries or research relevant to this area.
Critical Capabilities Methodology
This methodology requires analysts to identify the critical capabilities for a class of products or services. Each capability is then weighted in terms of its relative importance for specific product or service use cases. Next, products/services are rated in terms of how well they achieve each of the critical capabilities. A score that summarizes how well they meet the critical capabilities for each use case is then calculated for each product/service.
"Critical capabilities" are attributes that differentiate products/services in a class in terms of their quality and performance. Gartner recommends that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions.
In defining the product/service category for evaluation, the analyst first identifies the leading uses for the products/services in this market. What needs are end-users looking to fulfill, when considering products/services in this market? Use cases should match common client deployment scenarios. These distinct client scenarios define the Use Cases.
The analyst then identifies the critical capabilities. These capabilities are generalized groups of features commonly required by this class of products/services. Each capability is assigned a level of importance in fulfilling that particular need; some sets of features are more important than others, depending on the use case being evaluated.
Each vendor’s product or service is evaluated in terms of how well it delivers each capability, on a five-point scale. These ratings are displayed side-by-side for all vendors, allowing easy comparisons between the different sets of features.
Ratings and summary scores range from 1.0 to 5.0:
1 = Poor or Absent: most or all defined requirements for a capability are not achieved
2 = Fair: some requirements are not achieved
3 = Good: meets requirements
4 = Excellent: meets or exceeds some requirements
5 = Outstanding: significantly exceeds requirements
To determine an overall score for each product in the use cases, the product ratings are multiplied by the weightings to come up with the product score in use cases.
The critical capabilities Gartner has selected do not represent all capabilities for any product; therefore, may not represent those most important for a specific use situation or business objective. Clients should use a critical capabilities analysis as one of several sources of input about a product before making a product/service decision.