Cisco vs Aruba vs Ruckus vs MIST

heath · August 13, 2019, 11:15:05 PM

Our Cisco WiSM2s are reaching EOL and we are evaluating the path forward. We've been happy with Cisco as a product, but not happy about new licensing schemes, forced obsolescence, the increasing cost of annual maintenance, etc. So we're looking at other solutions. With our use case, we want to stick to controller based. I've got some Aruba gear in for evaluation right now, and got a controller and AirWave set up last week and ClearPass set up today. Ruckus has agreed to send us some demo gear as well.

While I like the SDA stuff from Cisco, we don't like the price. (We don't have ISE, just ACS which is also reaching its end. And we have Prime which is also being phased out. So this seems like a good time for a complete refresh.) I've mostly liked the Aruba stuff so far, but a few small things give me pause.

Has anyone gone through this process? Which route did you go? Any thoughts or things you've encountered that you mind sharing?

deanwebb · August 14, 2019, 09:21:31 AM

I deal with lots of large customer environments. I've seen Aruba in them, have not seen any Ruckus. I do also see Meraki making inroads and one customer testing out the Arista small office solution for some branches.

heath · August 14, 2019, 12:24:08 PM

I guess Cisco is getting the message and they have come back with some very aggressive "promo deal" pricing. And the relationship we have with our Cisco SE is something I don't think any vendor can match. We've looked at the Meraki stuff and have decided it's just not a fit for us. Maybe in some isolated locations, but not as our main wireless solution. All but one of our dorms (we're a university) are completely outsourced, including internet connectivity (which I hate, because it's terrible service and there's nothing we can do about it, yet we take a lot of the heat from students). They use Ruckus wireless, but I don't think it's really Ruckus's fault it's so bad. We talked with another university that went with Ruckus and they are pretty happy but they have a very different environment than we do and are not even trying to do some of the things I want to accomplish.

Right now, I'm leaning toward Aruba with ClearPass. But I'm early in the evaluation and it's hard to break away from Cisco.

deanwebb · August 14, 2019, 01:41:00 PM

Outsourcing... have I ever heard of a customer that was satisfied enough with an outsourcer to happily renew the contract? No, I have not.

heath · August 14, 2019, 02:28:05 PM

Well, administration is happy. Those of us "in the field" not so much. Our previous President didn't like it and was on the path of doing away with it, but wasn't able to get it done before he moved on. Current administration is unlikely to change anything.

deanwebb · August 15, 2019, 09:19:39 AM

Back to the technical question... what is it about Cisco that makes you want to look at other products? And what is it about Aruba and Ruckus that make you hesitate to commit to them?

heath · August 15, 2019, 10:54:24 AM

The only problem I have with Cisco is the licensing schemes they're trying to move to. We typically have annual support only on core equipment, not every switch and AP in our environment. It seems like they're trying to force customers into buying support on every piece of equipment and that's something we just can't afford. And they're really pushing SDA, and while I like it, that's an insurmountable cost at this point. If we want SDA compatible switches, the hundreds of 2960X switches at the access layer would have to be replaced with more expensive switches. We would have to buy ISE which is expensive, replacing the controllers (which is expensive) means also replacing the ~250 APs we still have that are not compatible with the new controller and that's expensive (and how long will the other ~400 APs remain compatible?), and then the maintenance and support... Yes, much of this (particularly switches) can be phased, but it's still a lot. And I'm a 1.5-man team. (I'm the only dedicated network person, but the phone/L1 guy has been working with me and learning a bit and I trust him with some basic switch config stuff.) And so it's just a good time to look at other options.

The more I play with Aruba, the more I like it. Airwave feels too simplified sometimes and nowhere near the capabilities of Prime, but I don't really use Prime for all it can do anyway. Almost everything I'm used to doing with Prime, I've found I can do with Airwave. There are some exceptions, but they're not deal-breakers. For instance, the guy that manages the IP camera system can go into Prime and cycle a switch port to reboot a camera without having to involve me. And maybe that can be done with Airwave. I have been focusing on wireless and haven't really gotten that far with it yet.

I've also only scratched the surface of ClearPass. I've never used ISE to compare it with, but it is a step above ACS. We have multiple SSIDs for different use cases and condensing that down to a single SSID with access granted and controlled based on credentials is a direction I definitely want to go. That was amazingly easy to set up with ClearPass. Today I'm going to look at better ways we can handle guests and devices onboarding with ClearPass then start looking at how well it integrates with our existing Cisco environment.

Cisco and Aruba can both get us where we want to be, but it looks like Aruba can do it at a better price point and licensing that's easier to stomach. Honestly, my main reservation about Aruba is that they are not Cisco. I *know* Cisco. I know their sales people, their engineers, I've experienced TAC. Our Cisco SE is available at a moment's notice. He is on site frequently, put in 14-hour days right beside me replacing firewalls and core switches, etc. There's a very good relationship there and that means something.

As far as Ruckus, I can't really say anything about them right now. I've only had one meeting with them and they talked a good talk, and I'll give them a fair evaluation, but I don't know enough about them or their product to have a fair opinion yet.

icecream-guy · August 15, 2019, 11:42:50 AM

compare ACS Vs ISE, is like compare redwood seed to tall redwood tree,
Been working with ISE about a month now. mostly on posture compliance.
building policy elements, combining elements in policies, building policies into
rules. it's all hierarchy driven. pretty easy, but knowing what knobs to turn
and things to tweak, that's a whole other ball games and comes with experience.

deanwebb · August 15, 2019, 12:58:11 PM

If you're doing wireless only with ISE/ClearPass/Forescout/Microsoft, it's all going to be 802.1X and pretty easy to set up, as that's baked into WLCs.

I would say the call to be made is on managing your environment. If Aruba is already easy to use for you at this time, imagine how it will be when you get more skilled with it.

heath · August 16, 2019, 10:33:47 PM

A new item in the "con" column for Aruba: the lack of information such as guides and how-to articles for accomplishing certain tasks. In the Cisco world, there is a plethora of documentation from users. Anything you want to know how to do, someone has written a how-to guide or made a video showing how to do it regardless how unusual it is.

But I've been trying to get guest access set up using ClearPass for captive portal and just can't get it working. Guest WiFi using just the controller is no problem. Guest user accounts would have to be created manually by someone authorized to do that. That's what we do now. But I'd really like to setup ClearPass to let guests register themselves and their devices, have their sponsor authorize their access, etc.

The guides I've found to do this are all either very outdated, incomplete, using equipment I don't have, not in English, or it's just not working. I'll do some more reading over the weekend, give it another shot Monday, and then maybe see how their support is.

SimonV · August 18, 2019, 05:40:05 AM

I'm on CPPM training next week, I'll have a look in the official training course, sure it's covered there.

deanwebb · August 20, 2019, 09:45:20 AM

DISCLAIMER: I work for Forescout, which does compete with ClearPass in setting up guest wireless.

I know that guest wireless self-provisioning and employee sponsorship are two features with Forescout's guest wireless offering.

heath · August 26, 2019, 05:56:49 PM

I've made a lot of progress with the Aruba stuff, management of it has "clicked" for me now, and I really like it. If price and features were the same, I'd likely stick with Cisco because of the wealth of information and the relationship with our SE. Even if we stick with Cisco controllers and APs, I'm going to lobby for ClearPass to replace ACS/ISE and maybe even AirWave to replace Prime. Both will work with Cisco equipment and give me all of the functionality I've been wanting and at a fraction of the cost of ISE and DNA Center.

deanwebb · August 27, 2019, 09:29:11 AM

Cool deal. Hopefully, you were able to work this into one of the vendor demos:

heath · October 24, 2019, 11:37:26 AM

My Ruckus eval got off the a rough start. They sent a team on site to get the eval up and going and left without it up and going. I just today received a hardware controller appliance from them to use instead of the VM we were trying to set up previously. I expect that will fit in our environment for demo purposes a lot better.

But we also have another contender. MIST. https://www.mist.com/ We ran into them at a conference recently and, even though I don't have warm and fuzzies about cloud based management, they looked interesting enough to at least sit through one of their Wednesday Webinar sessions. That was a train wreck. Technical problems at the start, and the presenter didn't really seem to be familiar with the product at all. I bailed about half way through. But, we reached out and set up a meeting with them and they completely redeemed themselves. What I saw in their presentation was pretty impressive. So we're starting the process of getting some demo gear from them as well.