Aruba Central Online Help

MSP Deployment Models

The MSP mode supports multiple configuration constructs such as UI groups, template groups, local overrides, and so on. This section describes various MSP deployment models using examples. MSP supports the following deployment models:

MSP Owns Devices and Subscriptions (Deployment Model 1)

In this model, the MSP offers Network as a Service (NaaS). The MSP owns both the devices and subscriptions. The MSP acquires end-customers and manages the end-customer's network. The MSP temporarily assigns devices and subscriptions to end-customers for the duration of the managed service contract. Once the contract ends, the devices and the subscriptions are returned back to the MSP's common pool of resources and can be reassigned to another end-customer.

Setup and Provisioning

After the MSP purchases the devices and subscriptions, the MSP administrator has to do the following:

  • Set up the Aruba Central account.
  • Onboard devices.
  • Assign device subscriptions and network services subscriptions.

MSPs can provide Network as a Service to end-customers using Aruba Central MSP mode capabilities. Aruba Central provides simplified provisioning. The Overview > Dashboard page under Manage in the MSP view allows you to add, view, edit, and delete tenant accounts. After adding a device, the MSP administrator must map the device to the tenant account for device management and monitoring operations.

After you create a tenant account, you can map the tenant to a group. The group associated to the tenant account in the MSP mode shows up as the default group for tenant account users. In the MSP mode, all configuration changes made to the group associated to the tenant account are applied to the default group on the tenant account.

For more information, see About Provisioning Tenant Accounts.

Customizing the Portal

MSPs can customize their Aruba Central MSP portal and guest splash pages by uploading their own logo. The Portal Customization pane allows you to customize the look and feel of the user interface and the email notifications sent to customers and users. Aruba Central also allows MSPs to localize various pages to support a diverse customer market.

For more information, see Customizing the Portal in MSP Mode.

Monitoring and Reporting

Using the MSP Dashboard, MSPs can monitor and observe trends on end-customer networks.

MSPs can do the following from the MSP Dashboard:

  • View total number of tenant accounts and consolidated device inventory and subscription status.
  • View graphs representing the devices under management, tenant accounts added, and subscription renewal schedule
  • Navigate to each tenant account.

For more information, see MSP Dashboard.

Managing Firmware and Maintenance

MSPs can streamline and automate end-customer’s network management while maintaining complete control. MSPs can perform one-click firmware updates or schedule specific updates, manage user accounts across end-customers with different levels of access and tag devices with labels to simplify firmware management and configuration.

For more information, see Firmware Upgrades for MSP Mode.

Example Deployment Scenario

In this scenario, an MSP is offering the following wireless management services:

  • WiFiConnectGo—In this program, for a monthly fee per Instant AP, customers part of this program agree to broadcast MSP’s free public WiFi SSIDService Set Identifier. SSID is a name given to a WLAN and is used by the client to access a WLAN network. WiFiConnectGo. Customers can add up to 15 additional custom SSIDs, including guest, of their own. Tenant account administrators are responsible for configuring any additional SSIDs and ongoing monitoring and maintenance. MSP is responsible for installing and bringing up the Instant AP only.
  • WiFiConnectGo-Plus—In this program, for an additional monthly fee per Instant AP, customers part of this program need not broadcast the free public WiFi SSID WiFiConnectGo. Customers can add up to 15 custom SSIDs, including guest, of their own. MSP is responsible for installing Instant APs, configuring custom SSIDs, and ongoing monitoring and maintenance.

Configuring WiFiConnectGo Using Default UI Groups

Use this deployment model if your customer deployments are identical. UI groups support an inheritance model from MSP to tenant.

As shown in the following figure, MSP uses MSP UI groups to push SSID configuration to the default group in each tenant account. Tenants can choose to add additional custom SSIDs to the default group. All sites are mapped to the same default group.

Figure 1  MSP Deployment Using Default UI Groups

Configuring WiFiConnectGo-Plus Using User-Defined UI Groups

Use this deployment model if your customer deployments are unique and if you wish to use the Aruba Central user interface for configuring. UI groups support an inheritance model from MSP to tenant.

As shown in the following figure, each tenant has their own custom SSID configuration. In this scenario, the MSP administrator can create separate user-defined UI groups for each tenant. Sites with common SSID are mapped to the same UI group. MSP administrators can use the available UI group APIsApplication Programming Interface. Refers to a set of functions, procedures, protocols, and tools that enable users to build application software. add, modify, or remove allowed wireless configuration options.

Figure 2  MSP Deployment Using User-Defined UI Groups

Configuring WiFiConnectGo-Plus Using Template Groups

As shown in the following figure, one template group is defined for each tenant and all devices are associated to the same group. Using the if/else conditional statements, you can push SSIDs to Instant APs selectively. MSP administrators can use the template and variable APIs to add, modify, or remove any wireless configuration.

You can use this deployment model if you wish to automate your customer deployments using Aruba CLIs and Aruba Central APIs.

Figure 3  MSP Deployment Using Template Groups

 

End-Customer Owns Both Devices and Subscriptions But MSP Manages (Deployment Model 2)

In this deployment model, the account type must be Standard Enterprise Mode. Aruba recommends that you contact your Aruba Central sales representative or the Aruba Central Support team if you are an MSP proposing this model to your end-customer.

In this model, the end-customer owns both the devices and subscriptions, but the MSP manages the end-customer's network. The end-customer can be one of the following:

  • An existing Aruba customer who owns Aruba devices, but does not have an Aruba Central account.
  • An existing Aruba customer who owns Aruba devices and is managing the network using Aruba Central.

In this model, to manage end-customer-owned devices and subscriptions, the MSP can use the Aruba Central Standard Enterprise mode.

The MSP need not create an Aruba Central account of their own, but can instead add their (MSP) administrator to the end-customer's Aruba Central account. The MSP administrator will only have access to each end-customer account.

Setup and Provisioning

The end-customer purchases the devices and subscriptions. The end-customer contacts the MSP to manage the network. As the devices and subscriptions are owned by the end-customer, the MSP uses the Aruba Central Standard Enterprise mode to set up and provision the tenant account.

The MSP has to request the end-customer to add the MSP administrator to their Aruba Central account. The MSP administrator can use the Switch Customer option to switch between end-customer accounts. See Using the Switch Customer Option.

Monitoring and Reporting

As the MSP is not using the MSP mode, there is no single pane view of end-customer accounts managed by the MSP. The MSP has to monitor each end-customer individually. The MSP administrator has to use the Aruba Central Standard Enterprise mode to monitor the end-customer network.

Managing Firmware and Maintenance

The MSP has to use the Firmware menu under Maintain to view the latest supported firmware version of the device, details of the device, and the option to upgrade the device. The MSP administrator has to manage software upgrades for each end-customer individually.

Example Deployment Scenario

In this scenario, an MSP has to configure Instant APs and manage end-customer networks at two different sites. The following are the site details:

Site 1

Site 2

Location: University Ave, Berkeley, CA SSID Name: “WiFi_CE” Security: WPA2-PSK SSID Password: “password@123” VLAN: 40

Considering the requirements, each site needs two Instant APs. The only difference between the sites is the VLAN ID.

Deployment Using User-Defined UI Groups

The MSP can configure Instant APs at both sites using user-defined UI groups. As the Wi-FiWi-Fi is a technology that allows electronic devices to connect to a WLAN network, mainly using the 2.4 GHz and 5 GHz radio bands. Wi-Fi can apply to products that use any 802.11 standard. configuration per site is different, one UI group must be created for each site.

For each site, the tenant account administrator has to do the following:

  1. Create a new UI group for each site.
  2. Configure the UI group with Wi-Fi settings specific to each site.
  3. Map the Instant APs in each site to the respective UI group.

Points to Note:

  • One user-defined UI group is created for each site.
  • For any new site with a different VLAN ID, the tenant account administrator must create a new UI group.
  • If a configuration change is required at all sites, the tenant account administrator must manually edit each UI group as each group is independent of the other. For example, to change the Wi-Fi SSID name from WiFi_CE to WiFi_Secure_CE, the tenant account administrator must edit UI group.

Deployment Using Template Groups

The MSP can configure Instant APs at both sites using template groups. The tenant account administrator can create a single template group for both sites with a variable file that differentiates the VLAN setting per device.

Template groups are not supported at the MSP level. However, template groups can be defined and managed at each tenant account individually.

For both sites, the tenant account administrator has to do the following:

  1. Create one tenant template group.
  2. Configure the newly created template group by uploading a base configuration with the WiFi_CE setting and a variable for the SSID VLAN.
  3. Upload a variable file with unique entries for each Instant AP. For the Instant APs part of Site 1, the VLAN variable value is 20. For the Instant APs part of Site 2, the VLAN variable value is 40.
  4. Map Site 1 and Site 2Instant APs to the common template group.

Points to Note:

  • One tenant template group is created for both sites.
  • For every additional site with a different VLAN ID, the same template group can be used with a modified variable file.
  • If a configuration change is required at all sites, the common template group can be updated and pushed to all sites. For example, to change the Wi-Fi SSID name from WiFi_CE to WiFi_Secure_CE, the tenant account administrator can edit the common template group and push the configuration changes to all sites.

Hybrid MSP Deployment Model (Deployment Model 3)

In this model, Aruba Central supports a hybrid deployment model for the MSP. The MSP can use the following deployment models in conjunction to manage the end-customers' network:

In this deployment model if the end customer owns both devices and subscriptions, the account type must be Standard Enterprise Mode. Aruba recommends that you contact your Aruba Central sales representative or the Aruba Central Support team if you are an MSP proposing this model to your end-customer.