Installing and Setting Up Aruba Central On-Premises
Aruba Central On-Premises combines industry-leading functionality with
an intuitive user interface for easy monitoring and management of your wired and wireless networks. Aruba Central On-Premises supports single node cluster with up to 2000 devices.
This document helps you plan for and complete the installation of Aruba Central On-Premises on a physical appliance, or your
Before You Begin
The following information will help you configure the Aruba Central On-Premises servers and prepare your deployment.
IMPORTANT CONSIDERATIONS
Ensure the below details are ready before setting up Aruba Central On-Premises. Ensure that the following are correct and are reachable.
Any mistype or incorrect details in the Network Settings cannot be reverted. The only option is to reinstall Aruba Central On-Premises.
- FQDN Fully Qualified Domain Name. FQDN is a complete domain name that identifies a computer or host on the Internet., IP Address, Subnet Subnet is the logical division of an IP network. Mask, Gateway Gateway is a network node that allows traffic to flow in and out of the network., DNS Domain Name System. A DNS server functions as a phone book for the intranet and Internet users. It converts human-readable computer host names into IP addresses and IP addresses into host names. It stores several records for a domain name such as an address 'A' record, name server (NS), and mail exchanger (MX) records. The Address 'A' record is the most important record that is stored in a DNS server, because it provides the required IP address for a network peripheral or element. IP for each node in cluster
- VIP (Virtual IP for cluster), Subnet Mask, Gateway, and multiple FQDNs (FQDNs for VIP) for cluster.
- The Aruba Central On-Premises appliance opens multiple ports for communication, so it is recommended that you host the Aruba Central On-Premises appliance behind a firewall Firewall is a network security system used for preventing unauthorized access to or from a private network..
- In Aruba Central On-Premises deployment, the port 8888 is a dedicated inbound port which is used for HTTP Hypertext Transfer Protocol. The HTTP is an application protocol to transfer data over the web. The HTTP protocol defines how messages are formatted and transmitted, and the actions that the w servers and browsers should take in response to various commands. based firmware image download on CX and PVOS devices.
Multiple FQDNs
As a part of the HPE GreenLake updates, Aruba Central On-Premises now requires multiple FQDNs to be configured for Aruba Central On-Premises cluster.
The FQDNs created must resolve to the same cluster IP address (VIP). The new FQDNs should be in the format mentioned below:
- cluster_fqdn
- central-<cluster_fqdn>
- apigw-<cluster_fqdn>
- ccs-user-api-<cluster_fqdn>
- sso-<cluster_fqdn>
The following table provides details of the multiple FQDNs and their consumer names that are configured for Aruba Central On-Premises cluster.
FQDN | Consumer |
---|---|
cop-deployment.companyx.com |
Central-UI User Interface. home page access from the browser |
central-cop-deployment.companyx.com |
Central-UI NMS Network Management System. NMS is a set of hardware and/or software tools that allow an IT professional to supervise the individual components of a network within a larger network management framework. page access from the browser |
apigw-cop-deployment.companyx.com |
Central NBAPI access from the customer application |
ccs-user-api-cop-deployment.companyx.com |
Central-UI API Application Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. access |
sso-cop-deployment.companyx.com |
Central-UI authentication page access |
Ensure the DNS servers, both primary and secondary configured on Aruba Central On-Premises resolves the following FQDNs:
-
central-<FQDN>
-
sso-<FQDN>
-
apigw-<FQDN>
-
ccs-user-api-<FQDN>
Additionally, the DNS servers must also resolve the public and private DNS namespaces required by the organization.
Points to Remember
To complete the Aruba Central On-Premises setup, ensure that the following prerequisites are met:
- For new Aruba Central On-Premises deployments, it is a requisite to use 10 Gigabit Ethernet Ethernet is a network protocol for data transmission over LAN. (GbE) interface for optimum performance.
- The nodes of an Aruba Central On-Premises cluster must be deployed in the same data center and same VLAN Virtual Local Area Network. In computer networking, a single Layer 2 network may be partitioned to create multiple distinct broadcast domains, which are mutually isolated so that packets can only pass between them through one or more routers; such a domain is referred to as a Virtual Local Area Network, Virtual LAN, or VLAN. setup. It is a prerequisite to get 10 Gbps Gigabits per second. throughput for intra-cluster communication.
- Console access to the Aruba Central On-Premises appliances, either hardware or virtual via HPE Integrated Lights Out connection.
- Server’s iLO port is connected to a switch that has DHCP Dynamic Host Configuration Protocol. A network protocol that enables a server to automatically assign an IP address to an IP-enabled device from a defined range of numbers configured for a given network. and Gateway IP, which are reachable to setup the server. The iLO credentials are placed on the top of the server. Ensure to make a note of the iLO credentials. These credentials are needed to access the server using iLO. Configure the server to RAID 0.
- A valid FQDN for each Aruba Central On-Premises server node, which resolves with the IP address you configure in the network settings during Aruba Central On-Premises setup. These FQDN should be resolvable by any client that you will log into Aruba Central On-Premises with. That is, by devices that are monitored or managed by Aruba Central On-Premises, and by all Aruba Central On-Premises nodes.
- If you are using APIs, ensure that the API Gateway FQDN resolves with the same cluster IP address as the Aruba Central On-Premises server if you use OAuth Open Standard for Authorization. OAuth is a token-based authorization standard that allows websites or third-party applications to access user information, without exposing the user credentials. 2.0 to access the Aruba Central On-Premises APIs.
Server Hardware Details
Aruba Central On-Premises can be installed on a Aruba Central ready AirWave appliance and Aruba Central-ready Central appliance. The server is an HP DL360 Gen 10 server with 40 physical cores, 512 GB RAM Random Access Memory., 3.4 TB disk space, and 10 Gbps minimum network interface speed.
Supported Ports
Configure the appropriate ports. Following table lists the supported ports:
Protocol and port | Domain Names and Purpose |
---|---|
Inbound Ports Traffic |
|
To access and manage Aruba Central On-Premises. |
|
For HTTPS Hypertext Transfer Protocol Secure. HTTPS is a variant of the HTTP that adds a layer of security on the data in transit through a secure socket layer or transport layer security protocol connection. and web-socket between Aruba Central On-Premises and devices. |
|
To receive AMON Advanced Monitoring. AMON is used in Aruba WLAN deployments for improved network management, monitoring and diagnostic capabilities. messages and view data for controllers in the Aruba Central On-Premises monitoring dashboard. |
|
TCP 22
|
For management access through SSH Secure Shell. SSH is a network protocol that provides secure access to a remote device. and cluster setup. |
For CLI Command-Line Interface. A console interface with a command line shell that allows users to execute text input as commands and convert these commands to appropriate functions. between Aruba Central On-Premises and devices. |
|
To access and manage Aruba Central On-Premises. |
|
TCP 80 |
For browser redirect from HTTP to HTTPS. |
TCP 2379, 2380, 4433, 6433, and 10250 |
For communication between Aruba Central On-Premises nodes in a cluster. |
TCP 4343 |
To access the setup-wizard installation. The Aruba Central On-Premises setup-wizard is shut down and the port 4343 is closed after 2 hours when the COP setup is completed successfully. The time span of 2 hours is provided to the user to inspect the status of the Aruba Central On-Premises setup-cluster. |
TCP 30633 |
To allow the devices to set up a connection with the OpenFlow OpenFlow is an open communications interface between control plane and the forwarding layers of a network. controller. |
TCP 8888 |
For HTTP-based firmware image download for CX and PVOS switches. |
Outbound Ports Traffic |
|
TCP 25, 465, or 587 |
Dependent on the SMTP Simple Mail Transfer Protocol. SMTP is an Internet standard protocol for electronic mail transmission. configuration for alerts, reports, and Aruba Central On-Premises account registration. |
UDP 123 |
To access ntp.ubuntu.com. This is default destination. Users can reconfigure this port. |
UDP 161, 162 |
|
UDP 514 |
For Syslog. |
TCP 4343 |
For device bootstrap to controllers. |
TCP 22 |
To access nexus2.airwave.com to support connection. |
TCP 443 |
To access coreupdate.central.arubanetworks.com and allow Aruba Central On-Premises to check firmware versions for automatic upgrades. |
To access images from the following registries:
Quay.io traffic can originate from multiple IP ranges, refer to the article to allow traffic from Quay nodes. Aruba Central On-Premises downloads packages from private allow listed repositories and uses signed packages for images. |
|
To access maps.googleapis.com to translate address. |
|
To access api.mapbox.com to view maps from user's browser. |
|
To access d1c50u1zbkqmph.cloudfront.net for CDN from user's browser. |
|
To access https://enterpriselicense.hpe.com for licensing. |
|
To access help.arubanetworks.com for documentation from user's browser. |
The outbound traffic can be initiated from any node of Aruba Central On-Premises cluster. Hence, the outbound traffic from all nodes of Aruba Central On-Premises cluster should be allow-listed in the firewall.
The default protocol for sending Syslog messages is UDP with a default port of 514. However, the user can choose any port for communication.
Connections to the Server
Connect the following cables to the correct ports based on the figure below:
- Connect an Ethernet cable to the iLO port and assign the IP address to the iLO via DHCP or static IP.
- Connect a monitor to the VGA port on the server to see the iLO IP Address.
- Connect a key board to the server to setup the server.
- Connect a 10G cable to the SFP+ Small Form-factor Pluggable+. SFP+ supports up to data rates up to 16 Gbps. port via supported SFP The Small Form-factor Pluggable. SFP is a compact, hot-pluggable transceiver that is used for both telecommunication and data communications applications. module.
To view all the supported SFP modules, see Supported SFP Modules.
Once the server is powered on and the cables are connected to iLO and SFP+, reboot the server. The monitor displays the iLO IP address that is assigned by the user via DHCP or static IP.
It is recommended to upgrade all the Aruba Central On-Premises nodes to 512 GB for optimum performance. Starting from this release, the 256 GB RAM is not supported.
Installing and Setting Up Central Appliance
In case of Aruba Central-ready AirWave appliance, perform all the steps mentioned in this section.
In case of Central-ready Central appliance, perform steps mentioned from Step 3.
During the installation and setup process, the administrator account on the iLO logs out and a new Aruba Central On-Premises iLO user account is created. The BIOS password is secured as an internal hash.
Step 1: Perform the ISO Installation
To perform ISO installation, see COP Installation.
Ensure that the server is configured to RAID 0.
Step 2: Perform the Aruba Central On-Premises Installation
To perform Aruba Central On-Premises installation, see COP Installation.
Step 3: Configure ILO IP Address
Before proceeding with the procedure for running the network the setup cluster, perform the following steps to configure the ILO IP address:
- Log in to Aruba Central On-Premises with copadmin and the serial number.
- In the main menu of the CLI, perform the following:
- Enter to select the Advanced option and go to the next menu item.
- Enter to select the option.
- When prompted, enter the following network settings:
- IP address
- Subnet mask
- Gateway IP address
- DNS server IP address
- Secondary DNS server address (optional)
- To log into ILO web interface, enter copilo + <server serial number>.
-
To log into ILO console, enter copadmin + <server serial number>.
Step 4: Setting up the Permanent Network
The procedure to set up of permanent network performed for both Central-ready Airwave appliance and Central-ready Central appliance models is mandatory on all the nodes that are a part of Aruba Central On-Premises cluster. For more information, see Aruba Central On-Premises Installation Guide-Technotes.
The Central-ready Central appliance is pre-installed with Aruba Central On-Premises. Hence, you are required to set up the server, or the cluster only. For more information, see Aruba Central On-Premises Installation Guide-Technotes.
Step 5: Run the Network Setup from the CLI
- Log in to Aruba Central On-Premises CLI through a serial console.
- At the prompt, log in to the server using the following credentials:
- user name =
- password =
Any mistype or incorrect details in the Network Settings cannot be reverted. The only option is to reinstall.
Step 6: Configure the Aruba Central On-Premises server
- At the prompt, perform the following actions:
- Enter to select the option and go to the next menu item.
- Enter to select the option and go to the next menu item.
- Enter to select the settings option and go to the next menu item.
- When prompted, enter the following network settings:
- Network Interface
- Server IP address
- Subnet mask
- Gateway IP address
- DNS server IP address
- Secondary DNS server address (optional)
Following SFP+ network interfaces are supported:
- Select only one network interface to configure the server.
- Perform the above mentioned steps for all the nodes, if you are setting up a multiple node cluster.
- Enter the host name or FQDN of the Aruba Central On-Premises server (for example, *company.com).
Step 7: Configure the Cluster
During Aruba Central On-Premises software installation, you can setup the cluster, configure user credentials, and SMTP server.
Following steps explain the process to configure a cluster:
- Configuring NTP Servers—Set up NTP Network Time Protocol. NTP is a protocol for synchronizing the clocks of computers over a network. servers for the cluster.
- Central Configuration—Specify the cluster VIP, CLI user setup, user credentials for GUI, cluster private network, and proxy server setup.
- Additional Setup for SMTP—Set up SMTP servers.