HPE Aruba Cloud Managed WiFi, Networking, Pensando and Clearpass Security and Services
HPE Aruba's Cloud Managed Networking Services offers a simple, secure and cost-effective way to deliver, manage and monitor wireless access points, mobility controllers, LAN switches, top of rack networking and security appliances, ClearPass Policy Manager and SD-WAN. This service can be delivered in a number of flexible ways.
Features
- Cloud delivered service for HPE Aruba's entire product portfolio
- Complete visibility and management of LAN, WiFi and ClearPass
- Zero-Touch Provisioning - LAN Switches, WiFi Access Points automatically configured
- Proactive Cyber Security - Identify policy violations and react accordingly
- Edge Services Platform, AI Operations, ZeroTrust Security, Unified Infrastructure
- NOC capabilities: Managed services, monitoring of health and security posture
- Top-of-rack high speed networking with east and west traffic security
- LAN Switches - CX series, Intelligent Edge and OfficeConnect
- Clearpass Policy Manager Solution - Network Visibility, Access and Control
- WiFi Access Points (CAPs, RAPs, InstantOn), Mobility Controllers and SD-WAN
Benefits
- Cost effective solution for delivering cloud, in-the-office and remote working
- Flexible payment options including deferred payments and interest free finance
- Single solution for WiFi, Networking, SD-WAN and Cyber Security
- Location Services for wayfinding and asset tracking
- Single management for LAN switches, WiFi Access Points and ClearPass
- High performance, scalable, secure and resilient Wired and WiFi Networking
- Complete cyber security solution for network visibility, access and control
- Provides analytics including health of the Wired and WiFi network
- Enables flexible working such as remote working cost effectively
- Flexible delivery options including fully managed services (as a service)
Pricing
£446.85 a unit
- Education pricing available
- Free trial available
Service documents
Request an accessible format
Framework
G-Cloud 13
Service ID
5 5 3 2 6 2 4 5 8 9 1 9 0 9 6
Contact
Khipu Networks Limited
Sales Team
Telephone: 0345 272 0900
Email: Sales-UK@khipu-networks.com
Service scope
- Service constraints
- The only constraint is the customer requiring an internet service.
- System requirements
-
- Supports: Aruba Instant Access Points
- Supports: Aruba Network Switches
- Cloud Service: Will require internet access to the managed devices
- Supports: ClearPass Policy Manager
User support
- Email or online ticketing support
- Yes, at extra cost
- Support response times
- KHIPU delivers support packages to end users that offer an SLA for initial response times. The response time SLA is linked to the priority of the incident. Response times can vary from 30 minutes (Priority 1) to 4 hours (Priority 4), depending upon the severity of the support call logged. We can also offer bespoke support packages that allow the initial response time to be tailored to the environment if required. The initial response time, doesn’t differ based upon the time of day nor day of the week.
- User can manage status and priority of support tickets
- Yes
- Online ticketing support accessibility
- None or don’t know
- Phone support
- Yes
- Phone support availability
- 24 hours, 7 days a week
- Web chat support
- No
- Onsite support
- Yes, at extra cost
- Support levels
- KHIPU’s ethos is to provide outstanding technical and after sales support, both during and after a project implementation. To prove this, we have a number of exceptional customer references should end-users wish to speak to any of them. For all supplied solutions we provide maintenance and support services, with all of the proposed equipment being supported and maintained by KHIPU to the required level based upon the customers’ cover. The following is included within our available support/maintenance services: • 9am to 5pm Monday to Friday, or 24x7x365(366) Telephone, Email and Remote Access Support • “Pro-Active” Monitoring, Alerting and Support “KARMA” • Advanced hardware replacement (with or without an engineer) • Upgrades / Software Releases (major and minor) • Quarterly Health Checks • Co-Managed Services; “adds/moves/changes/deletes” via end-user Helpdesk tickets are also available. KHIPU would also assign a technical account manager to every end-user, who would be responsible for ensuring that SLA's are met in the event that end-users call upon the agreed support service. Costings are available upon request.
- Support available to third parties
- Yes
Onboarding and offboarding
- Getting started
-
For the delivery of the service, KHIPU follows our ‘Project Process’ which has the following primary stages:
• Stage 1 – Service scope
• Stage 2 – Assessment
• Stage 3 – Report correlation.
This process is KHIPU’s way of providing an effective service to implement your solution efficiently and to a high standard, in accordance with our ISO accreditations. Initially, we will set up a call to discuss the implementation of your service, what will take place, and any pre-requisites that need to be met. This will also provide end-users with the opportunity to speak to one of our fully qualified engineers who will discuss all aspects of the of the service and answer any questions that they may have. A set of project and technical documentation is then created, based upon the discussion. It is then circulated with the customer for their feedback and signature. From this point there is an agreed change control process for anything necessary which is under the control of both KHIPU and the customer. - Service documentation
- Yes
- Documentation formats
-
- HTML
- End-of-contract data extraction
- The customer can download and save all configuration templates and reports prior to the service ending.
- End-of-contract process
- The end user will be notified 90 days in advance of their contracts expiring and will be given a quotation with regards to extending the service (pre-paid). At the end of the contract any access to Cloud Managed Network will cease, however the customer infrastructure will continue to operate. The customer would also lose central management, monitoring and reporting.
Using the service
- Web browser interface
- Yes
- Using the web interface
- Through the web interface, users have full access to manage all remote access points and switches. The web interface has clear dashboards for information and reporting, whilst using templates to manage configurations of devices. This allows devices to call into central databases to automatically update and provision themselves. With Aruba Central, you can get your network up and running within minutes when utilising the intelligent ‘Zero Touch Provisioning’. The intuitive dashboard, along with reporting, maintenance, and rmware management, make monitoring and troubleshooting easy; with no technical expertise required.
- Web interface accessibility standard
- WCAG 2.1 AAA
- Web interface accessibility testing
- KHIPU is a reseller, the product is created and tested by HP Enterprise and is tested by them for accessibility.
- API
- Yes
- What users can and can't do using the API
- The API is used to view the data and pull statistics from the service, not for the configuration.
- API automation tools
-
- Ansible
- Chef
- OpenStack
- SaltStack
- Terraform
- Puppet
- API documentation
- Yes
- API documentation formats
- Open API (also known as Swagger)
- Command line interface
- No
Scaling
- Scaling available
- Yes
- Scaling type
- Automatic
- Independence of resources
- Each service that KHIPU provide to its customers are separate dedicated services which have guaranteed performance levels unaffected by other users/customers.
- Usage notifications
- Yes
- Usage reporting
Analytics
- Infrastructure or application metrics
- Yes
- Metrics types
- Other
- Other metrics
-
- Application metrics - Client Count
- Application metrics - Client Usage
- Application metrics - Application Usage
- Application metrics - Availability
- Application metrics - Web Browsing
- Application metrics - Wireless/Wired Health
- Application metrics - Wireless/Wired Utilisation
- Reporting types
-
- Real-time dashboards
- Reports on request
Resellers
- Supplier type
- Reseller providing extra features and support
- Organisation whose services are being resold
- HPE Aruba
Staff security
- Staff security clearance
- Conforms to BS7858:2019
- Government security clearance
- Up to Baseline Personnel Security Standard (BPSS)
Asset protection
- Knowledge of data storage and processing locations
- Yes
- Data storage and processing locations
- United Kingdom
- User control over data storage and processing locations
- No
- Datacentre security standards
- Complies with a recognised standard (for example CSA CCM version 3.0)
- Penetration testing frequency
- At least every 6 months
- Penetration testing approach
- Another external penetration testing organisation
- Protecting data at rest
-
- Physical access control, complying with SSAE-16 / ISAE 3402
- Physical access control, complying with another standard
- Data sanitisation process
- Yes
- Data sanitisation type
- Explicit overwriting of storage before reallocation
- Equipment disposal approach
- Complying with a recognised standard, for example CSA CCM v.30, CAS (Sanitisation) or ISO/IEC 27001
Backup and recovery
- Backup and recovery
- Yes
- What’s backed up
-
- Backs up all access point and switch configurations
- Backs up all central reporting and configuration data
- Backup controls
- This is centrally clustered and resilient. Customers can configure how often the Central management system backs up the configurations from their access points and switches.
- Datacentre setup
- Multiple datacentres with disaster recovery
- Scheduling backups
- Users schedule backups through a web interface
- Backup recovery
- Users can recover backups themselves, for example through a web interface
Data-in-transit protection
- Data protection between buyer and supplier networks
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
- Data protection within supplier network
-
- TLS (version 1.2 or above)
- IPsec or TLS VPN gateway
Availability and resilience
- Guaranteed availability
- The service is run at an agreed time with the customer on a 24*7*365(6) schedule. This service has a targeted 99.9% availability on a quarterly basis, excluding scheduled maintenance windows. In the event that KHIPU does not meet the guaranteed levels of availability, service credits are issued in the form of “service tokens”. A service token entitles the user to call upon the professional services of KHIPU Networks for work outside of their standard maintenance contract. Service credits are issued and discussed during quarterly service review meetings, based upon the number of failures in the prior quarter. Up to 5 service credits are capped per quarter for each end-user.
- Approach to resilience
- This information is available upon request.
- Outage reporting
- The service reports any outages via email alerts and telephone calls.
Identity and authentication
- User authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Access restrictions in management interfaces and support channels
- Access to the management platform is controlled by dual factor authentication and is only available to a small set of personal.
- Access restriction testing frequency
- At least every 6 months
- Management access authentication
-
- Public key authentication (including by TLS client certificate)
- Username or password
- Devices users manage the service through
-
- Dedicated device over multiple services or networks
- Directly from any device which may also be used for normal business (for example web browsing or viewing external email)
Audit information for users
- Access to user activity audit information
- Users contact the support team to get audit information
- How long user audit data is stored for
- At least 12 months
- Access to supplier activity audit information
- Users contact the support team to get audit information
- How long supplier audit data is stored for
- At least 12 months
- How long system logs are stored for
- User-defined
Standards and certifications
- ISO/IEC 27001 certification
- Yes
- Who accredited the ISO/IEC 27001
- Lloyd's Register Quality Assurance
- ISO/IEC 27001 accreditation date
- Original Approval: 6th May 2010, Current Expiry: 5th May 2022
- What the ISO/IEC 27001 doesn’t cover
- We do not cover HPe / Aruba Networks staff or processes.
- ISO 28000:2007 certification
- No
- CSA STAR certification
- No
- PCI certification
- No
- Cyber essentials
- Yes
- Cyber essentials plus
- No
- Other security certifications
- No
Security governance
- Named board-level person responsible for service security
- Yes
- Security governance certified
- Yes
- Security governance standards
- ISO/IEC 27001
- Information security policies and processes
- KHIPU adhere to best practice information security standards related to the products and services we provide. These are then linked to our ISO processes and regularly internally and externally audited. We are certified to ISO9001 (Quality Management) and ISO27001 (Information Security Management). The Board of Directors (“the Board”) is ultimately accountable for corporate governance as a whole. The management and control of information security risks is an integral part of corporate governance. In practice, however, the Board explicitly delegates executive responsibilities for most governance matters to the Executive Directors, led by the Chief Executive Officer (CEO). The Executive Directors give overall strategic direction by approving and mandating the information security principles and axioms but delegate operational responsibilities for physical and information security to the Security Committee (SC) chaired by the Chief Information Officer (CIO). The Executive Directors depend heavily on the SC to coordinate activities throughout KHIPU, ensuring that suitable policies are in place to support KHIPU’s security principles and axioms. The Executive Directors also rely on feedback from the SC, CIO, ISM, auditors, Risk Management, Compliance, Legal and other functions to ensure that the principles, axioms and policies are being complied-with in practice.
Operational security
- Configuration and change management standard
- Supplier-defined controls
- Configuration and change management approach
- All changes to the configuration of the service are managed through a change control process. This looks at technical suitability, security risks and impact to service; the output from which is clearly communicated to the customer where the ultimate decision will be made to proceed or not. This takes into account any commercial considerations necessary and provides an audit trail, ensuring that all aspects of the change are considered.
- Vulnerability management type
- Supplier-defined controls
- Vulnerability management approach
- We work closely with the manufacturers of the deployed services to ensure that any reported/disclosed vulnerabilities are patched during the next maintenance window. Should a major flaw occur, an emergency change process would be invoked to patch the service within 48 hours. In the event that multiple vulnerabilities become apparent, they will be addressed in severity order (highest first), until all are mitigated.
- Protective monitoring type
- Supplier-defined controls
- Protective monitoring approach
- Potential compromises are detected via various means including monitoring tools, manual check, service degradation, reported issues and regular vulnerability assessments. In the event of a suspected compromise, they are acted upon with high priority until they are proven to be benign or corrective action is needed to be taken to mitigate the problem. Immediate responses are provided if an issue appears to be critical within the end users’ environment. These procedures are in line with our ISO27001 processes.
- Incident management type
- Supplier-defined controls
- Incident management approach
- As part of our support/managed service procedure, the customer is provided with full details of how to log a support call, including all logging methods and the required information for the servicedesk. Once the call has been logged, it is then managed by the team under the servicedesk based on severity (major issue = service affecting, minor issue = query). All service affecting calls are escalated accordingly to the 2nd/3rd line teams including the assigned account and technical manager. Escalations procedures are provided.
Secure development
- Approach to secure software development best practice
- Independent review of processes (for example CESG CPA Build Standard, ISO/IEC 27034, ISO/IEC 27001 or CSA CCM v3.0)
Separation between users
- Virtualisation technology used to keep applications and users sharing the same infrastructure apart
- No
Energy efficiency
- Energy-efficient datacentres
- Yes
- Description of energy efficient datacentres
-
KHIPU utilises the ARK Cody Park Data Centre.
Power: Ark facilities are powered by 100% renewable energy. For the last 6 years, all Ark facilities have been powered by 100% renewable energy and renewable energy has been purchased for up to 3 years ahead.
Standby Power: By the end of 2023 Ark will have replaced the diesel in their standby generators with Hydrotreated Vegetable Oil (HVO).
Cooling: The facility utilises innovative direct air evaporative cooling capability that dramatically lowers energy consumption and is capable of providing compressor free cooling for 99% of the year. This sophisticated technology ensures that data centre cooling adapts to IT load in real time to reduce wasted energy and deliver the appropriate amount of cooling to each rack.
Reduced Water Consumption: Ark has developed a ‘water buffering and saving mode’ for the cooling equipment which has reduced original peak water usage by 85%. Employing this approach with established rainwater harvesting designs it is possible for the Ark data centre evaporative cooling systems to operate solely on harvested rainwater.
IT Infrastructure: Servers are virtualised wherever possible to reduce the amount of hardware required. End-of-life equipment is decommissioned, removed and recycled.
Social Value
- Fighting climate change
-
Fighting climate change
KHIPU is committed to monitoring and reducing our environmental footprint. We are an ISO14001 Environmental Management certified company and complete an internal audit twice a year which provide updated targets for our company and supply chain to aim for.
We update our initiatives on our website: https://www.khipu-networks.com/khipu-is-green/
Employees and our supply chain are made aware / reminded of their environmental impact.
We regularly review our products, services and suppliers to ensure we are using the most suitable environmentally friendly options.
KHIPU and our supply chains are committed to minimising impact to the environment from our solutions by reusing, recycling and adopting processes that conserve raw material, energy and water.
The company is part of a movement called “techies go green” (https://www.techiesgogreen.com), aimed at increasing awareness and we are committed to decarbonising our businesses and making them green and verifiably sustainable.
Where possible we work with customers remotely to reduce travel costs and for each day an engineer installs / supports a customer remotely we plant 10 trees and have planted over 4800 trees to date: https://moretrees.eco/forest/khipu/ - Covid-19 recovery
-
Covid-19 recovery
Our plans and processes provide mitigation against a wide range of potential incidents including the unforeseen events mentioned.
The procedures have been regularly tested both theoretically and in real events. In 2017 we activated the plans as part of an office relocation, we had no loss of services or unexpected downtime.
More recently we activated our Pandemic Policy which was created during the original SARS threat. This policy was activated on the 9th March 2020 across our UK and South Africa offices in advance of the UK and SA Government lockdown. We successfully had 98% of staff working from home, 2% of staff worked in our UK office.
The business managed to offer and operate the majority of our services remotely. We continued to provide on-site resources to customers running critical life supporting systems (i.e. Healthcare / Social Services).
Since the removal of lockdown restrictions, we have moved to a hybrid operation where staff aim for a minimum of 3 days in the office, 2 working remotely. KHIPU invested in a new HQ building during 2021-2022 and modelled our offices to support the most flexible ways of working. - Tackling economic inequality
-
Tackling economic inequality
As a business we understand we can make a difference to tackle economic inequality, KHIPU is fortunate to operate in the Technical Business Sector which is a robust market. This allows the company to invest into our workforce, both in terms of relatively high salaries and also support services (pension contributions, healthcare, dental care, welfare support, regular health checks, training, team building, career options).
We offer flexi-time to the workforce, offer hybrid working, provide a very good maternity / paternity scheme, invest in apprentices and also graduates and have workforce age from ~19 – 70 years of age. Over 40% of our senior staff identify as female and we support all of our staff in any way we can. We allow parents to bring children to the office, we’ve previously invested in a trained nanny / creche to provide options to new families.
Outside of our business KHIPU invests into charitable causes, we have invested in building a computer laboratory in a township school in South Africa. We invest in youth sports and various health related charities. - Equal opportunity
-
Equal opportunity
KHIPU has a strong ethos on diversity and inclusion with our main objective being that our company and staff understands and promotes equality, diversity and inclusivity internally and externally with suppliers and customers.
We have not set any specific target, however we have found that our organisation has organically grown in a manner fully supportive of our main objective for equality, diversity and inclusivity.
This organically grown culture exists across our UK and South Africa based offices, we also ask our supply chain to confirm their commitment to supporting our own objective in this manner. - Wellbeing
-
Wellbeing
KHIPU has a very active “People Operations” department with representatives across our main offices in the UK and South Africa. They provide a wide range of help and support to all staff, including their families as appropriate. Our team are trained first aiders and also have received mental health awareness training. All staff have access to our internal support team and can also be referred to 3rd party experts (via our company-wide healthcare scheme). The company invests in an annual health check (optional but recommended for all staff) by a 3rd party company, this also offers advice on mental health, fitness, diet etc.
The company has invested in excellent office facilities, both in terms of general office location and facilities within our offices. This allows staff multiple options for stress reduction, teamwork or relaxation as required. We suggest that all staff walk around and do not sit too long at their desks, offer stand-up desk workstations and we try to cater for any staff members working preferences.
Pricing
- Price
- £446.85 a unit
- Discount for educational organisations
- Yes
- Free trial available
- Yes
- Description of free trial
- KHIPU provide a 30 day free trial of the service that is tailored to the end-users requirements in order for them to test the service accordingly against their success criteria.