Availability: In Stock
Aerohive GuestManager (1U) Appliance Unrestricted license
Aerohive GuestManager allows authorized employees access an intuitive web interface to register guest accounts. Guests then use the credentials provided to authenticate through the captive web portal on a HiveAP to access the Internet.
Aerohive GuestManager is a guest account management and authentication server that completes Aerohive’s robust and secure guest access solution. In combination with HiveAPs, the GuestManager enables guest users to be simply and securely authorized for access to a guest network. Aerohive GuestManager makes it simple for authorized employees to create guest accounts while keeping the guest network secure by authenticating and reporting on all guest users.
GuestManager is a central resource in the network that acts as a RADIUS server for guest access. Authorized employees access an intuitive web interface to register guest accounts. Guests then use the credentials provided to authenticate through the captive web portal on a HiveAP to access the Internet. Additionally, different types of guests such as contractors, consultants, and visitors can be placed on separate networks with different policies.
Aerohive HiveManager Online Features Comparison Chart
Feature
|
Express |
Enterprise |
| Wi-Fi Alliance certified "WPA2 Enterprise" |
Yes |
Yes |
| Full User Policy Configuration |
Yes |
Yes |
| Number of Policy Configurations per SSID |
1 |
Up to 64 |
| Multiple VLANs per SSID |
Yes |
Yes |
| The ability for different SSID sets to be applied to different APs |
No |
Yes |
| Full 802.1X Authentication capability with Fast Roaming |
Yes |
Yes |
| Authentication against external user authentication database (ie, Active Directory, LDAP, etc) |
Yes |
Yes |
| HiveAP RADIUS with Active Directory, LDAP, Open Directory, eDirectory integration |
No |
Yes |
| TeacherView Cart |
No |
Yes |
Key Features & Benefits
Role-Based Administration of Guests
GuestManager, in conjunction with the overall Aerohive solution, enables granular management of different types of guest roles, while the HiveAPs can enforce different security, QoS, or segmentation requirements based upon roles communicated to them from GuestManager. This enables, for example, contractors to get extended access to a network and a visitor to get access for only a few hours. This functionality also enables contractors to get access to different network resources, while visitors may be allowed to access only the Internet. These two types of guests both authenticate using the same SSID and web portal interface but have different policies applied based upon their user credentials.
A Complete Guest Access Solution
In order to enable guest access to a corporate network securely with the least operational effort, an entire guest solution must be in place. The chart below shows the key requirements and how Aerohive provides a complete solution.
Account Creation & Management
GuestManager also provides flexible guest account management, allowing guest access and accounts to be audited, canceled, or tracked. The creation of guest accounts enables an enterprise to set up a system that matches the security and operational goals of the enterprise.
Here are a few examples of guest account registration available in GuestManager:
- Lobby ambassador registration enables receptionists or security personnel to provide access to the network as guests enter the building.
- Employee registration enables any employee to create guest accounts. GuestManager integrates with Active Directory to enable employee access to GuestManager based on group policy.
- Self-registration enables guests touse a kiosk in the lobby or secure area to create their own accounts. This presumes physical access in order to get network access.
- Bulk account registration enables conference or training organizers to create large numbers of user credentials easily.
Distributing Credentials
The simple distribution of unique guest credentials is one of the key operational benefits of GuestManager. Credentials can be randomly generated or specified during registration to provide a unique login identity for the guest. Once the user credentials are created, the credentials can be emailed or printed out on letter-sized paper or a label printer along with instructions on how to access the network.
Centralized Authentication
GuestManager runs on RADIUS so it can be used to authenticate guests on wired portals as well as wireless portals and enables an entire multi-site enterprise to use a single instance or regionalized instance of the platform to cover an entire company or just one part of it.
Delivered as an Appliance
GuestManager is delivered as an appliance to ease deployment and maintenance of guest services. The GuestManager appliance has been "hardened" or secured against malicious attack and vulnerabilities are fixed as the system is upgraded.
| Problem |
Solution |
| Segment guest traffic from secure corporate traffic. |
Aerohive enables segmentation through a rich identity-based policy engine. Based upon user identity, guests can be put on a separate VLAN or be tunneled to the DMZ to ensure that guest and employee traffic does not mix. |
| Apply QoS and security policies to guest users as they join the network. |
Aerohive can apply complete access policy at the HiveAP including time-of-day and day-of-week access, firewall, DoS prevention, and QoS policies based on the identity or role of the guest. |
| Quickly and easily create unique guest credentials. |
GuestManager makes it simple for authorized employees to create and distribute guest credentials and instructions for joining the network. |
| User-friendly authentication and authorization process. |
As guests log into a guest SSID, they are presented with a login page on a captive web portal hosted on the HiveAP. The users' credentials are passed via RADIUS to GuestManager where they are authenticated and authorized for access to the guest network. |
Aerohive GuestManager Technical Specifications
Physical Properties
- Form factor: 1U rack-mountable device
- Chassis dimensions: 16 13/16" W x 1 3/4" H x 15 13/16" D (42.7 cm W x 4.4 cm H x 40.2 cm D)
- Weight: 13.75 lb. (6.24 kg)
- Serial port: male DB-9 RS-232 port (bits per second: 9600, data bits: 8, parity: none, stop bits: 1, flow control: none)
- USB port: standard Type A USB 2.0 port
- Ethernet ports: MGT and LAN – autosensing 10/100/1000Base-T
Power Specifications
- ATX (Advanced Technology Extended) autoswitching power supply with PFC (power factor corrector):
- Input: 100 – 240 VAC
- Output: 250 watts
- Power supply cord: standard three conductor SVT 18AWG cord with an NEMA5-15P threeprong male plug and three-pin socket
Environmental Specifications
- Operating temperature: 32 to 140°F (0 to 40°C)
- Storage temperature: -4 to 176°F (-20 to 80°C)
- Relative humidity: 10% – 90% (noncondensing)
