deploying opendns enterprise with aruba …deploying opendns enterprise with aruba networks’...
TRANSCRIPT
Technology Solution Guide Deploying OpenDNS Enterprise with Aruba
Networks’ Secure Mobility Solution
S/W Version: OpenDNS Enterprise 2011
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 1
WARRANTY DISCLAIMER
THE FOLLOWING DOCUMENT, AND THE INFORMATION CONTAINED HEREIN IS PROVIDED ON
AN "AS IS" BASIS. ARUBA MAKES NO REPRESENTATIONS, WARRANTIES, CONDITIONS OR
GUARANTEES AS TO THE USEFULNESS, QUALITY, SUITABILITY, TRUTH, ACCURACY OR
COMPLETENESS OF THIS DOCUMENT AND THE INFORMATION CONTAINED IN THIS DOCUMENT.
DISCLAIMER OF LIABILITY
Aruba Networks, Inc. disclaims liability for any personal injury, property or other damages of
any nature whatsoever, whether special, indirect, consequential or compensatory, directly or
indirectly resulting from the certification program or the acts or omissions of any company or
technology that has been certified by Aruba Networks.
Certification does not mean that the company is a subcontractor or under the technical control
or direction of Aruba Networks. In conducting the certification program Aruba Networks is not
undertaking to render professional or other services for or on behalf of any person or entity.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 2
Table of Contents Introduction .................................................................................................................................................. 3
Solution Components ................................................................................................................................... 3
Aruba Campus Wireless LAN Solution ...................................................................................................... 3
OpenDNS Enterprise Solution .................................................................................................................. 4
ArubaEdge Solution Qualification ................................................................................................................. 5
Qualification Objective ............................................................................................................................. 5
Network Topology .................................................................................................................................... 5
Test Methodology .................................................................................................................................. 10
Summary Test Results ............................................................................................................................ 10
Known Limitations .................................................................................................................................. 10
Conclusion ................................................................................................................................................... 11
Appendix A .................................................................................................................................................. 12
Aruba Wireless LAN configuration for OpenDNS Enterprise .................................................................. 12
About Aruba ........................................................................................................................................... 14
About OpenDNS...................................................................................................................................... 14
Product Support Information ................................................................................................................. 14
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 3
Introduction This document describes the steps and guidelines necessary to configure Aruba’s wireless LAN
infrastructure to work interoperably with OpenDNS Enterprise.
The guide is intended to be used in conjunction with Aruba and OpenDNS configuration guides. Please
contact the respective company’s sales engineering or support groups should additional information be
required.
Solution Verified: OpenDNS
Aruba Product: Aruba Campus WLAN Solution OS version 6.1.2.2, Aruba Instant version
5.0.3.0
Partner Solution Tested: OpenDNS Enterprise 2011
Solution Components
Aruba Campus Wireless LAN Solution Secure and reliable mobility is the responsibility of the enterprise network, which must support a wide
range of converged clients over wireless, wired, and remote access networks. Laptops and smartphones
are capable of simultaneously running voice, data, and now video applications, an operating model that
breaks traditional dedicated VLAN and SSID architectures. Delivering the quality of service (QoS),
bandwidth, and management tools necessary to accommodate these devices on a grand scale – within a
campus environment, to users on the road, and in branch offices – requires a specially tailored system
design.
Aruba’s unique application and device fingerprinting enable the system to detect the types of traffic
flows, and the devices from which they originate. The network can then be dynamically conditioned to
deliver QoS as needed - on an application-by-application, device-by-device basis - to ensure highly
reliable application delivery. Aruba’s integrated policy enforcement firewall isolates applications from
one another to essentially create multiple dedicated virtual networks, and then allocates the necessary
bandwidth for each user and application.
To ensure reliable application delivery in changing RF environments, Aruba’s Adaptive Radio
Management (ARM) technology forces client devices to shift away from the noisy 2.4GHz band to the
quieter 5GHz band, adjusts radio power levels to blanket coverage areas, load balance by shifting clients
between access points, and even allocates airtime based on the capabilities of each client device. The
result is a superb user experience without any user involvement.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 4
These services are complemented by security systems that ensure the integrity of the network. Rogue
detection, wireless intrusion and prevention, access control, remote site VPN, content security scanning,
end-to-end data encryption, and other services protect the network and users at all times.
Aruba’s extensive portfolio of campus, branch/teleworker, and mobile solutions simplify operations and
secure access to unified communications applications and services - regardless of the user's device,
location, or network. This dramatically improves productivity, lowering capital and operational costs
while providing a superior uninterrupted user experience.
OpenDNS Enterprise Solution As enterprises adapt their networks to enable more employee mobility across the organization and
distributed locations, they must provide protection against evolving Web threats and apply policies to
manage how employees and guests navigate the Internet. Enterprises need a flexible solution that
provides protection and control without tying up significant IT resources to deploy and manage it.
OpenDNS Enterprise is a cloud-based service that offers businesses of all sizes protection against
malicious Web threats, as well as control over how users navigate the Internet. The cloud-based
approach offers a simple deployment model, and eases day-to-day management, lowering the total cost
of ownership.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 5
ArubaEdge Solution Qualification
Qualification Objective
Validate the interoperability of OpenDNS Enterprise on Aruba’s wireless LAN infrastructure.
Network Topology
Network Configuration
To enable OpenDNS Enterprise, you must direct DNS queries to the OpenDNS resolvers and provide
OpenDNS with the public IP addresses that are originating the queries. OpenDNS Enterprise supports
networks with static public IPs and dynamic public IP networks (using the IP Updater client). Tunneled
and backhauled network configurations are also supported.
Aruba Controller Settings
Configure your VLANs DHCP settings to point to the OpenDNS IPs.
DNS servers: 208.67.222.222
208.67.220.220
See Appendix A for step-by-step configuration information.
Aruba Instant Settings
Log into the Aruba Networks Virtual Controller by opening a Web browser and navigating to
http://instant.arubanetworks.com.
1. Click on Settings in the top right menu bar.
2. Change the Content Filtering drop down to Enabled.
3. Click OK.
This configuration change enables transparent forwarding of DNS requests to OpenDNS regardless of
the DNS configuration in DHCP or in OS settings. Users connecting to the network will still see your
DHCP assigned DNS IPs, or their manually entered DNS servers, on their computers, however, DNS traffic
will be rerouted to OpenDNS.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 6
OpenDNS Settings
OpenDNS Enterprise requires an active subscription license. For more information, please visit
www.opendns.com.
1. Open a Web browser and navigate to www.OpenDNS.com. Click “Sign in”.
2. Sign in with your OpenDNS registered e-mail address and password.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 7
3. Click on the “Settings” tab to create or manage your network(s).
You may create your network(s) in the OpenDNS Dashboard or send a CSV file containing each network’s
label, public IP address and CIDR prefix size to your OpenDNS Customer Success Representative.
4. You will be prompted to add a label to the network and if it is a /32 single IP address, whether it is
static or dynamic.
Note: Dynamic IP networks require running a lightweight IP updater client on a computer on the
network. Please contact your OpenDNS Customer Success Representative for further details
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 8
5. Click on the network’s IP address to modify settings.
6. Configure content filtering settings by choosing from pre-defined filtering levels or choose “Custom”
to build a custom bundle from 57 categories. You can also manage individual domains using the “Never
block” or “Always block” interface.
If you have multiple networks registered with OpenDNS you will have the option to apply this change to
all of your networks.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 9
7. Configure malware, botnet, and phishing protection by clicking on “Security” in the left navigation
panel.
8. Further settings such as custom logos, custom block messaging, block page bypass codes, and
statistics preferences can be configured using the left navigation panel.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 10
Test Methodology Content filtering and recursive DNS were tested on an Aruba Mobility Controller with AP-105 and AP-
125 Access Points as well as with RAP-5 Remote Access Points. Users experienced correct content
filtering, branding, messaging and security settings on laptops, Android devices, and iPad tablets
connected to the Wi-Fi network.
Summary Test Results
Known Limitations
OpenDNS requires knowledge of your network’s public IP address to apply settings. If a network
has a dynamic public IP, you must run the OpenDNS Dynamic IP updater client on a computer
connected to that network.
Settings and reporting granularity are limited to a public IP. Tunneled and backhauled networks
that NAT many logical networks’ requests to a single IP appear as a single network.
Network Configuration Test Description Test Result
Static IP Connectivity to OpenDNS resolvers PASS
Static IP Domains in a blocked category resolve to custom branded
block page
PASS
Static IP Domains selected as “Always block” resolve to custom
branded block page
PASS
Static IP Domains not in a blocked category or in “Always block”
list resolve normally
PASS
Dynamic IP Connectivity to OpenDNS resolvers PASS
Dynamic IP Domains in a blocked category resolve to custom branded
block page
PASS
Dynamic IP Domains selected as “Always block” resolve to custom
branded block page
PASS
Dynamic IP Domains not in a blocked category or in “Always block”
list resolve normally
PASS
Dynamic IP Change in public IP address is detected by OpenDNS IP
Updater Client and network IP is updated without any
changes to user experience.
PASS
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 11
Conclusion This application note summarizes the results of interoperability tests that were successfully run at Aruba
Networks, and which validate the interoperability of OpenDNS Enterprise Solution operating on Aruba’s
wireless LAN infrastructure.
© 2011 Aruba Networks, Inc. Aruba Networks’ trademarks include ®, Aruba Networks®, Aruba Wireless
Networks®, the registered Aruba the Mobile Edge Company logo, Aruba Mobility Management System®,
Mobile Edge Architecture®, People Move. Networks Must Follow®, RFProtect®, and Green Island®. All
rights reserved. All other trademarks are the property of their respective owners.
Specifications are subject to change without notice.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 12
Appendix A
Aruba Wireless LAN configuration for OpenDNS Enterprise Below is the main Mobility Controller summary screen:
1. Log in to your controller’s Web UI.
2. Click on the “Configuration” tab.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 13
3. Select the “Controller Wizard” from the left-navigation “Wizards” options.
4. Continue through the configuration wizard until you reach the “Configure VLANs and IP Interfaces”
page. Select the appropriate VLAN and click on “DHCP Settings.”
Set DNS Servers to 208.67.222.222 and 208.67.220.220.
Deploying OpenDNS Enterprise with Aruba Networks’ Secure Mobility Solution 14
About Aruba
Aruba is a global leader in distributed enterprise networks. Its award-winning portfolio of campus,
branch/teleworker, and mobile solutions simplify operations and secure access to all corporate
applications and services – regardless of the user’s device, location, or network. This dramatically
improves productivity and lowers capital and operational costs.
Listed on the NASDAQ and Russell 2000® Index, Aruba is based in Sunnyvale, California, and has
operations throughout the Americas, Europe, Middle East, and Asia Pacific regions. To learn more, visit
Aruba at http://www.arubanetworks.com. For real-time news updates follow Aruba on Twitter and
Facebook.
About OpenDNS
OpenDNS is the world’s leading provider of Internet security and DNS services that enables the world to
connect to the Internet with confidence on any devices, any where, any time. OpenDNS provides
millions of businesses, schools and households with a safer, faster and more intelligent Internet
experience by protecting them from malicious Web threats, providing them control over how users
navigate the Internet while dramatically increasing the network’s overall performance and reliability.
Product Support Information Aruba Support: http://www.arubanetworks.com/support.php
OpenDNS Support: http://www.opendns.com/support/