Aruba Networks' CEO Hosts 2013 Analyst Day Conference (Transcript)

Mar.27.13 | About: Aruba Networks, (ARUN)

Aruba Networks, Inc. (NASDAQ:ARUN)

2013 Analyst Day Conference

March 27, 2013 8:30 am ET


Dominic P. Orr - Chairman, Chief Executive Officer and President

Keerti Melkote - Co-Founder, Chief Technology Officer and Director

Cameron Esdaile

Ben Gibson - Chief Marketing Officer

Michael Kirby - Vice President of Worldwide Sales

Michael M. Galvin - Chief Financial Officer and Principal Accounting Officer


Ehud A. Gelblum - Morgan Stanley, Research Division

Ryan Hutchinson - Lazard Capital Markets LLC, Research Division

William H. Choi - Janney Montgomery Scott LLC, Research Division

Erik Suppiger - JMP Securities LLC, Research Division

Sanjiv R. Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division

Unknown Executive

Good morning, everyone. Good morning. Welcome to Aruba's 2013 Analyst Conference. It's great to see you all here this morning. I can't believe how fast the year's gone. We're back here in New York for our conference. We thought we'd share with you that video. Two weeks ago, the Aruba team was in Las Vegas where we had our Annual AirHeads User Conference and our partner Summit. So we had doubled the size that we had the year before, and we showed that video to kick things off. We got a great reaction from the crowd there and I thought it'd be a nice dose for you folks here as we wake up in the morning.

So without further ado, let's jump in to our proceedings today. First our Safe Harbor statements. We may make forward-looking statements. If you have any questions about anything that we cover today, we have filings with the SEC online. I want to make sure I get those caveats out of the way.

In the traditional Aruba fashion, we have a lot to cover this morning. So let me talk about the agenda. So in just a moment, I'm going to invite up Dominic Orr, our Chief Executive Officer, to talk about the mobile virtual enterprise. We're then going to have Keerti come up. Keerti and his team are great at bringing the vision that Dom's going to talk about to life. And we want to give you a window into a lot of the innovation that's happening within Aruba. We're going to have a break, and then we're going to talk about ClearPass. ClearPass is a very exciting business for us. And what we want to do is bring in a mix of both customers as well as a key partner of ours and talk in more detail about the ClearPass market, the BYOD phenomenon, and how it's addressing those issues.

And speaking of ClearPass, if you haven't been able -- if you haven't logged in yet, part of the experience today is the ClearPass experience. So when you log in to Internet access, not only are we going to onboard your device today for this conference, but you can hopefully get a sense too for the experience that our customers and our customers' customers get with the ClearPass experience on onboarding these devices securely. There's a custom experience with it. We recognize what the type of device it is, and then we try to tune your experience based on that device. And you're going to be hearing a lot more about the context of who you are as a user and the device you're using and the applications you're running. And part of that is the experience that we're enabling at this event today.

Mike Kirby and I are going to talk about how the market opportunity we see out there, for our core markets, as well as for the extended market of ClearPass. And then of course, last but certainly not least, we'll hearing from Mike Galvin, our CFO, to give a financial update. And then we'll end it with Q&A.

So it's a good pack morning. We're looking forward to it. And without further ado, I'm going to invite Dominic up. Dom?

Dominic P. Orr

I think the last 2 time we met, we talked about how that architecture is evolving and this year, I'm very pleased to tell you some very exciting thing that's happening within that architecture. But before we do that, since the last time we met, the IT mission has under even more severe attack. And it's attacked by the proliferation of wireless devices, mobile apps, cloud computing and the enhanced security and compliance requirement of the IT staff. And the IT staff are facing very legacy infrastructure outdated practice in the organization in the way help desks are setup and everybody in the IT organization know the skill sets are very, very limited compared to what problem they need to solve.

The problem they need to solve is despite all this environment, they have continued to give user the same level of work experience, giving them the productivity tools wherever they are, inside and outside of the enterprise, and providing them with data and information everywhere. This situation is exacerbated by the BYOD phenomenon. What the BYOD phenomenon actually have brought to the IT organization is much more fundamental than everything else because for a couple of decades, IT organizations and procurement budget are organized by segmentation of the 3 arms in IT, which is engineering that specify in this -- in our reverend space, the desktop of environment, the voice network standards and the data network standard. They pass this standard, instead of technology and architecture, to the operations team, the operations team issue RFPs, select vendor, built it out and deployed it. And then they hand it off to the helpdesk for move, edit [ph] and changes and user support. That is the flow of things in IT organization.

BYOD totally reversed the trend. First of all, there is a new constituent here, which is called a user, that used to be just passively take what is passed to them as corporate standard, equipment and software. The users now bring their own device, bring their own application on those devices and demand access to corporate information. The helpdesk now is preoccupied with onboarding this exponentially increasing number of not only company-owned, non-Wintel devices, but all the BYOD devices plus all the applications that they need to integrate with.

So they take this back to the operations team. The operations team is warning everybody that this is going to be difficult because you cannot enable this because it will violate existing, and I emphasize, existing corporate security policy. Because the current security architecture do not support this, and they take it back to engineering and engineering say, we cannot do it. But the caveat is these users, most of the early adopter users in corporations, unfortunately, are the super users. They are the CEO, the CFO, the CIO, they are the one who first brought their Christmas gifts to work and demand IT organization to support it.

IT organization normally support it saying, "Okay, this is the executive floor and they turn on what we call the white glove service. They say, "Okay, these 15 people, just let them have what they have. We have firewalls, we have -- we just wrap everything, surround them and just give them the experience." The problem is these super users are not cooperative. Once they get, "Hey, I can do this and that," and they go around the company and tell everybody, "You should do that." Okay. Now it's one thing to give a white glove service for 15 executives or 30 on 1 or 2 floors. It's another thing to roll it out to the 10,000, 15,000 employees across the world, because you fundamentally now need to change your, not only networking and access infrastructure, but your security infrastructure, and that is where everybody is tangled.

Now this shift of organization and budget operations is creating lots and lots of value creation opportunity and is actually turning a lot of the target accessible market, or the TAMs, of the tradition network infrastructure and security infrastructure industry upside down because why, let's just take network access control. The TAM for knack is right now restricted to wired port access and desktop endpoint compliance management. That is not a very relevant TAM, isn't it? Because the TAM is evolving, money is changing hand to actually shift the paradigm to apply access control to all the users that are not sitting at the desk and endpoints that are not the traditional desktop. And this is just an example of how fast things are moving, how the TAMs of traditional defined IT items, budget items, are shifting because the desktop is not a very relevant subject anymore, okay?

Now so the IT department is going out and they're trying to get tools to handle all these big problems. What they found is tools are also defined by the traditional TAM, right? The WAN tools, the LAN tools, the voice tools, the mobile apps tools, identity descriptor, they are all inside those. They invented with a slice of the problem in mind and so all of this means that is not only an extra expenditure, extra training, but all this expanded training do not bring together a unified solution.

In Aruba, we believe this mobile virtual enterprise architecture we have articulate is rapidly become an environment, an architecture within which these silos of yesterday can be unified to support the future looking mobile access network in a unified manner.

So let us examine what we have discussed with you before. In our 2011 conference, we extend the concept of mobility and personal-centric wireless LAN to the concept of adding remote access and wired access under a unified control and we introduced for the first time the MOVE architecture. In 2012, we introduced the policy -- the access policy control element called ClearPass, and we accentuate and reviewed for the first time to you our accelerated R&D in Layer 4-7 WiFi. Those are the 2 key elements we examined with you.

So what is next? This year, we would like to bring this together to the next level. We're going to talk to you about 3 things. Always start with A. Aruba we have a pretty obsession about things that start with A. We think everything that starts with A is better than anything starting with C, okay -- by 2 alphabets at least, okay? So that is air, access and applications. And more importantly, the architecture is going to address the interaction between these 3 element, air, access, applications, and how they interact together on top of the new access network.

Let me first talk about air. So we all know what the planet, the Earth, is differentiated the fact that we have an atmosphere as compared to Pluto, Mercury and so Pluto is no longer a planet. So -- but in order to preserve human culture as we know it today, good or bad, we know there's 3 most important elements in our atmosphere: oxygen, water vapor and WiFi. Okay?

We believe if you look into the trajectory of Apple and Google and Samsung and so on, and the display technology and the processing technology, implying how much multimedia social-oriented networking traffic and so on you're going to generate, you will triangulate to roughly towards the end of 2014, we will run out of air. And I don't mean oxygen and I don't mean H2O, okay? So what do you do when you really physically think that you cannot squeeze all the traffic coming out from all the devices in a venue like that into the air by the law of physics?

The first thing you do is can we speed it up, okay? So we're going to talk about speed up the boost with 80211 AC, a factor of 3, right? The second thing is use Layer 1 and Layer 2 networking protocol level, can we optimize it? And then we talk about from Layer 4, Layer 7 perspective, how can Aruba differentiate ourselves through this set of techniques. So speed it up, optimize at the physics level and work on the application access and air intersection.

So let's talk first about speeding it up, okay? And everybody knows that AC will give us roughly 3x more air, okay. And so that is good, 3x is good. Not as good as n to a/b/g, which lift it up to 9x, okay? And the important thing about ac is with 11ac, finally, you have a wireless protocol that is faster than the wired protocol, okay? Ethernet is standardized now at the access, at most, at 1 gigabit. With 11ac, we're reaching 1.3 gigabit, okay. So wireless is faster than wired. That is one major kind of milestone.

We believe that, that will be active pilots going on starting the second half of this calendar year, particularly in verticals where density of devices is a key issue, okay. We believe widespread deployment of 11ac probably will not happen until the middle of calendar -- middle and the second half of calendar 2014. All our customers are looking forward to this but they are not slowing down to deploy 11n, and there will be many active pilots in the 12-month period starting roughly summer of this year to summer of next year. That is kind of our perspective.

So let us talk about the Layer 1 to Layer 2 optimization. How do you optimize WiFi? Typically, there are 2 levels. First is the physical level, okay? Now you look at any wireless protocol basically going through air, the physics say that it is a share media. You can have only one device take over the air transmitting at certain frequency at a time. So there are only so many ways you can divide up a chunk of air if you have a dense environment like this. One, is you do so-called secularization. Basically, you're saying that either through some kind of directional antenna technology or beamforming, I'm only going to concentrate the energy in this sector and that is technology that is produced by the cellular industry for a long time. So that at a given point in time, I could point a different direction and use different radio and address different users. So that's one way.

Another way is doing small cells. Getting the small cell -- I only have this chunk of air, I divide it into certain smaller size, so that I could have more radio working. But there is a limit on the physics on how much you can divide the cells, because once the cell gets too small, you actually get less throughput because now the access point is interacting and interfering with other access point. You don't want to do that, right? And then there's a link level, RF link level optimization, fundamentally, you try to make it more resilient. You try to make signals go farther, distance in certain application and then you try to work on the signal-to-noise ratio and generally falling under the interference mitigation area.

So those are kind of the techniques that all the vendors in one form or the other are specializing in and doing work. And obviously, Aruba is doing a lot of work on that one. Now once you optimize the physics, then you say, "Can I do more?" Yes, you can do more. For example, this is what I call orchestration. Now you have optimized the physics then can you play trick in the networking and the device level protocol. For example, dynamic, we have the capability to dynamically change a channel. If you're really sitting next one to another physics said, that if you are talking in different RF frequency, then you are virtually not seeing one another to a large extent. So can I steer your devices to different bands, taking advantage of more and more bands to work with the WiFi, then the FCC is working towards giving us more of a leeway.

Later on in the demonstration, you will see Keerti will demonstrate to you that we have a technology client called Client Match [ph], which basically, at any the given point in time, move the clients to talk to different access points at a time. And again, to spread the load into the network. And then if you become more and more device aware, you know what is not just a device-pumping WiFi traffic in the air, but the characteristic of that device that is made by a certain manufacturer, they have this kind of radio capability, their drivers have this kind of shortcoming, you can actually steer those devices and take advantage of some faster devices and take care of controlling some slow devices and that is in generally, basically, doing time division multiplexing in the air to make sure that the slow devices don't block the fast device, because the whole air is a single share media, okay? And so you have there basically a gigantic lane until 802.11ac released to come out in probably 2015, you can only have the access point communicate with one device. So if you are not smart, you might have a Ferrari, but your Ferrari is going behind a truck, you're only going at the speed of the truck, right? And so those are the kind of things that you need to worry about.

So those are all about Layer 1 to Layer 2 optimization. But there's only so much you can do about the air in Layer 1, Layer 2 level because -- and let me give you an example, okay? We -- I'm going to show you a next slide, the actual picture taken at a venue that is sponsored and implemented by one of our, let's say, colleagues in the industry that specialize, so to speak, in high density environment, okay? So this is taken of that conference call. It asks you, please use the lowest power settings possible, okay? Do you know how to set your power setting of your devices? I'm sure everybody knows, right? Please turn off any unused wireless devices, such as Bluetooth headset. Your consideration will help facilitate a better experience for the user, and this is wireless sponsored by XYZ vendor. Wouldn't you like to remove this little cloud? So they also say it may get a little crazy. So let's cooperate for a better WiFi experience. Please refrain from accessing large files or streaming media. Let everyone have a good connection experience. If your WiFi technology is depending on the cooperation of your users, you probably do not have a very robust technology, right? And that is the why -- that is the limitation of Layer 1 to Layer 2 WiFi network.

I've been telling a lot of people about this whole we run out of air problem by saying that the best network design is not to satisfy every user and every application. The best network design is a design that will allow you to differentially disappoint. You choose which user is not as important, which application is not as important, shift them through a different lane, a different method. So that the people that you care most about and the application that you care most about comes through with experience that users rave about. And that is really what we talk about when we talk about Layer 4-7 differentiation. Layer 4-7, as a reminder, means the application layer, the device and presentation layer and the session layer, okay?

Let me give you an example. This is the network management console of, let's just say, our -- one of our large competitor that has a very, very port-centric view of the world. This is the controller, okay? And the first thing you see is the ports, right? And then it goes on, the network management console say, this is the IP address, this is port address, this is software version release and that is what is the characteristic on that AP with this temperature and so on and so on. Very physical, okay? But that's good information if you want to troubleshoot.

Let us take a look at the Aruba view. We think that this is already very important, but this should be like 3 levels, 4 levels deep. If you get into our network management console for our 7200 Mobility Controller, this is what you see. We tell you what kind of users you have in your organization, what is the mix of the devices and what destination in the Internet they're going to. And the most important thing is in the air, what type of application is occupying the air. Is it peer-to-peer, is it web-based traffic and so on in each one, okay? So you know what's the most important thing that the users and the applications that are on the air right now are the ones that count. So that is the port-centric view. That is the application centric view, right?

And so you can say, okay, so it's a peer-to-peer traffic, it's getting too much, I need to control it and there's the torrent of the web traffic, you have Google, you have Facebook and so on, and how do you reallocate, what is your corporate policy, what can get through, what is the maximum bandwidth that you allow for certain application. That, we believe, is one of the key element of success for user experience.

So how can we do that? How does Aruba do that? Why is not everybody doing that, okay? Well, there are 4 elements in our operating system. When we -- when on our IPO roadshow some 5-plus years ago, we educate everybody that the uniqueness of the Aruba operating system is we have a user-centric view of the world. We maintain flow, state of data traffic flow that are based not on packet at a time, but on who you are as a user, and we remember all the user traffic related to that user. Later on, we add, on top of the user-centric parameters in the flow to device-centric, a view so that you can add on to the non-Wintel desktop and laptop devices to appropriately adjust to the BYOD and mobile world.

Last year, we talked to you about the increasing application-centric characteristic we're adding to the operating system. And this year, we're adding the location-centric characteristic of the data flow to the operating system. Now so for Aruba, there is this concept called mobility state associated with each data flow. And the mobility state consists of who you are, what devices, not everybody has more than one devices, so we put in something called a persona. Dominic Orr, CEO of Aruba, logging on the network with a company-issued laptop is one persona. Dominic Orr logging on to the network through the company-sponsored iPhone is another persona. Dominic Orr logging on as his own Android tablet is another persona, right? And the access right and the priority should be different according to the different persona that I have. So the combination of user and device consist give you the persona. What application you're running on your device and what application you want to access give more context for that flow, and finally, where you are. Are you inside the building, outside of the building, are you in the trading floor of your organization, or are you on the cafeteria floor of the organization, that all matter. Whether the doctor is inside the hospital or outside in the parking lot, in his home, that matters.

So for every single packet of Aruba WiFi traffic in the air, when it hits our controller, it gets tacked into one of this flow with the characteristic of the mobility state as I defined. In our, currently, just recently introduced 7200 controller, we can store up to 2 million of this mobility flow per controller, one new height, okay? And that is what we call the monster scale controller, and that is something nobody in the industry has. The richness of this Layer 4-7 information, in a stateful manner, in the density we're talking about, is absolutely untouchable in very far future in the industry, not just the near future, okay?

So now we have all these flows. 2 million of them every inch on your hertz, right? What do you want to do with it? Well, ultimately you say, I want to do it as this flow. I allow this kind of bandwidth, this flow. I want to truncate this flow. I want to stop this for the time being. This flow, extra rate, and so on and so on and so on. So we have the muscle, the engine. But somebody has to feed it about instructions of what to do with this whole staple of information, right? And that is really taking us to the second of our problem, after air is access.

Access management and how to set access policy so that you can feed the policy into the engine and say what is and is not allowable. Now access control has been, up to now, a very port and desk-centric algorithm. So you view at this desk, you can access certain things. And your identity is associated with your desk. And your desk is associated with one device and with one port that is behind the desk. And that is how access control is done. Plus, in many cases, access control is binary. Either you are allowed on the network or off. But obviously, in a situation of the mobile edge, none of these 2 assumptions are true. First of all, those users are normally not at the desk. The traffic is not coming through the port, so your access control has to be tied to the user and the device, not the desk and the port, right? And second, because the air is basically a share media and the Internet pipe is a share access and those are very valuable assets, so you don't just let people on and off. You have to put in a qualifier and say, on, but a certain level, right? And we come to this concept a little bit later.

So now let's talk about access. So this next slide, I apologize ahead of time, I have been spending an 1 hour to 2 hour lecture on just this slide. So -- and I'm now going to put it in, in 5 minutes so I apologize for -- but if there's one slide I'd like you to pay good attention on, and you probably get the most value out of is the following slide. So everybody refill your coffee.

Okay. The next generation network access management paradigm. We suggest that you look at this in a 2-dimensional matrix along users and devices, okay? For the users, traditionally, we look at them as either employees or visitors. We call guests, generally, guests. The devices: enterprise-owned and bring your own. So you really have 4 different problems. You have employees accessing information with company-owned devices. Your employees access -- are trying to access with BYOD devices and so on, right?

Now for the IT organization, for the last 15 years, we're working on 1 of the 4 problems, and we're using primarily the Microsoft active directories being the cornerstone of 90% of our customers to define who can access what in basically a Microsoft server domain. That's a very fundamental tool set. The IT industry is well-trained, populated with technicians that -- who really understand how to do access control on this area, okay?

Now there are several problems with this picture. So ITs are well trained all in here, but this is not where the growth is. This is exploding. This is exploding. This is exploding, right? So companies are coming out with different strategy with extranet, guest portal and mobile device management, trying to solve this one silo at a time. And suddenly you feel like your IT staff is stretched on many new technology, but the most important thing is a lot of this technology require IT bandwidth. And nobody has enough IT per headcount in the helpdesk to onboard all these new devices, this new user. If you have an IT strategy that's tied to the number of your helpdesk headcount to the number of user and devices that will come onto your network, you have a non-standard to begin with. You have to come up with something to decouple it. Or else you cannot -- whatever strategy it is, you cannot afford -- you simply cannot afford to implement it.

Another -- so you need a platform to unify all of these 4 quadrant into 1, and this is what ClearPass Policy Manager is about. Fundamentally, you said you don't want the industry to have to retrain on what they are already doing well in this quadrant. By the way, why is this quadrant not fully filled? Well, that is because when Microsoft created this very, very useful tool called Active Directory well over 1 decade ago, not only the assumption was all the roles of the access users are defined by who you are as an employee, okay. So let me see where it is. Okay. Let me take it back. And 100% of the devices that you want to control for access are enterprise-owned but there's an additional assumption that 100% of those devices are Microsoft devices. That is what the Active Directory is good for.

So rapidly, there is a gap between enterprise-owned non-Microsoft devices and those are actually the one that is growing very fast, right? Another issue is the directory, the network directory, is normally static, a relatively static practice, the directory and so on. You go around all the large corporations, most of the time they update the directory once a month, some people will do it once a quarter. Very few people do it weekly. Nobody do it daily, that will be absolutely crazy, people will think. But this environment is changing by the minute, by the hour. So while you have a very well-established static directory, you need to have a much more dynamic repository of who are coming in and out of the corporation and what new devices show up.

So as part of the ClearPass Policy Manager, we have something called the ClearPass Profiler. The profiler goes out to your extended enterprise footprint, be it defined in your headquarter, your branch office and some of the remote sites, including home offices and so on, it scan on a minute by minute basis what actually is in your network. How many iPhone, how many Android, what make, surfaces, desktop, laptop, Mac and so on. So you know, to begin with, what devices you have in your network and where. Then you solve this problem. Okay. So fundamentally, as you're getting this, the approach now, are we saying, you cannot afford to solve 4 problem in isolation. We give you one platform to solve the whole problem. So our objective is to remove this line and remove this line. And you end up with just one problem, like you had before when the world was just in this corner, right?

So the first thing we say, okay, so if I'm an employee, I'm defined in the Active Directory, but the issues I have a lot of guests coming in and out of the system now with the BYOD and the virtual workplace and so on. So what do I do with this line? So we have a concept, if you're a guest you must have a sponsor. But today, all of you are sponsored by our CFO, Mike Galvin, right. You're coming into this event, you're sponsored by somebody. If you come to visit me in our executive briefing, certainly you're sponsored by me. So the fact that you're sponsored by somebody, is in Active Directory, we can say in Active Directory what right do you have to sponsor, what classes of users can you sponsor, and that is we type in. And when you come in, everything should be self employed, you never have to talk to a helpdesk person to know anything, to ask any questions, okay?

Now, the -- in our old scheme, when we have the Active Directory, we have class of user called executive, IT managers and users, sales, engineering and so on, and then everything about everybody is outside, right? And the traditional wire networking view, port-centric view of the universe, is when you are inside the building, when you are in one of the offices that we already have kind of protected with our network access control, you are inside guy and we give you the good stuff, right? You can access this. You can access that and you can have all the LAN you want to use. If you're a visitor, you're on the outside, you're on the rep side of the network, right, outside of firewall and so on, I'll give you some leftover, right, a very limited access and so on.

That well has changed. Why has it changed? Because with BYOD, there are very important people who can come in and with their own devices. I can give you an example. Every quarter, for 6 hours, I have 8 very important people visitors. They are my Board of Directors members, okay. They come into the building. I want them to have a good experience. And they should be able to access our finance server and so on, right? So they are a very important guest. Now I have very good employee in my warehouse doing shipping. She will be hopefully with us for the next 20 years, but all she need is to access the shipping module of the enterprise -- of the ERP system at a very low bandwidth.

So you see that in this world of mobile access and BYOD and a lot of guests coming in, the concept of the insider is having priority than the people outside the firewall does not work. The concept, therefore, is really in this world, how many classes of service the IT organization is willing to provide. Fundamentally every -- turn everybody into an internally oriented service provider. And you're saying if you're a service provider, you basically have a platinum, gold, silver, bronze, paper and so on and so on, right? You have a series of service level. And the service levels primarily are defined by 2 characteristics: how much bandwidth you get in the air, in outbound or through the Internet, and what applications you're allowed to use. Those really define the service level of any subscriber management system a lot, other than the charging, billing and so on.

So in this case, we are saying the way for you to eliminate the vertical line is to have guest-sponsored relationships and turn everything into not an outsider or insider like the traditional network security organization demand, but redefine your service level that you give every user. You could have a temporary 2-day platinum user. You can have a 20-year long bronze user, right? Once you stratified and defined all that and let everybody self register, once you insert that kind of policy.

I was talking to a customer in charge of the infrastructure of a large company recently, and he got the aha moment when I told him, do you understand now in this new world sometimes you have to give priority for the people outside of the firewall for certain moment higher than people inside your firewall. What do you do with your current existing port-based architecture? The guy was stunned. He sat there for 2 minutes speechless. And he said, "We have a problem. Let me call my security team in to continue the dialogue." Okay. So this is what the user access unification is.

Let us talk about the device access unification, okay. So what is the difference between, if you are an IT guy running the under covers [ph], what is the difference between an enterprise-owned device and the BY Own Device? Well, the enterprise-owned device I control because I pre-install whatever I want installed to secure your device, right. And for the other one I can't and the mechanism through which it's secured is to push a certain security certificate to it. So we're saying okay, so if that's the case, can we just temporarily make all the BYOD device look like enterprise device. Just like I just demonstrate to you, we can make a guest disappear and look like a so-called employee temporarily, and assign a service level.

Can I make your device look like an enterprise device for the time being? Now because we have the profiler keeps scanning the air, scanning not only the wire network, the remotes, we know any time when there is a non-recognized, not seen before device showing up in the network. And we say, okay, if you want to get access to network we've never seen you before, on-board yourself. Just like the guest onboard himself, the device has to on-board itself through a user and we look at who you are and therefore, allow you and not allow you to on-board the device. Through that process, we issue a certificate, secure a certificate into your device and then once you accept the certificate to get on board, I can do everything I need to.

So we have this on-boarding module in ClearPass to kind of establish that relationship, and then we have another module called OnGuard. What OnGuard does is once you're kind of it's on I can do a posture check to see whether you're exposed. I can download and make sure you're remediated with the right security software on your system and I can quarantine you if I'm not happy with your compliance. I can reject you and so on and so on. There is a whole security policy that's enforced.

The beauty of this is this is the stoppable [ph] agents. So if you are only going to be here for 6 hours, I don't care after the 6 hours, you're out, right. I only care when the duration you are hosted by my network I want you to absolutely behave like a device that is owned by the enterprise. And that is one way for us to remove this horizontal line. And so now you have one system that is leveraged off the Microsoft Active Directory, which the whole industry is trained for to take care of a unified access problem for the whole 4 quarter. Now then suddenly you say, moment by moment, all devices, BYOD, enterprise, don't look like the same, right.

So what do I care about these devices? Well, we suggested the most important thing that you care about this device is the data, the enterprise data resident on these devices. And later on, we're going to talk about how we treat mobile apps and mobile data in this presentation, but I just kind of put a placeholder here, in saying that is another capability that we allowed you to do.

Now everything I talk to you about is all Layer 4-7: user, device application, location. So it has nothing to do with specifically WiFi per se, other than some of the location aspect, okay. So this whole system works on wireless, works on wire, works on remote access. On top of that, these systems work on multiple vendors wire, remote access and wireless. You don't even need to buy any Aruba infrastructure. It's a multi-vendor, multi-access method, unified access policy management system. Nobody, nobody in the industry anywhere in the world has something even remotely resembling this system. And this is why in the last 12 months, since its introduction, with all the enhancement, that this is singularly the best ramping product that our company has seen.

I want to read you an email, which I received over dinner last night. I took advantage of the fact that I'm in New York City I went to see a company that is in the Metropolitan New York area. This is a pretty big company, with probably 20,000 users around the world. I met with the global network operations vice president, and he wrote me last evening, he say, "Dominic, thank you very much for taking the time out of your busy schedule to make your way out to... I hope the ride back to the city was uneventful. I was very impressed with the direction Aruba Network is headed with regards to ClearPass and profiler. We will work with our partner to put together a pilot to see how this will fit into our security strategy. I will also work with our account team to set up a meeting with our Chief Security Officer. I have no doubt he will be as excited about your technology as I am. Thank you, again, and I look forward to our continued business relationship." And this gentleman, 36 hours ago, do not know what ClearPass is about, okay. We're supposed to meet an hour, we end up meeting for 1 hour and 40 minutes. We spent primarily about more details about this chart. And I would say this is not an exceptional encounter. We see this kind of encounter every day, every week, everywhere in the world, okay.

Okay. Now you can go back to your ground steak. So that's ClearPass. This is very, very important, and you can see that we are excited. So in this scheme, where does mobile device management fit? All right. And I want to relay an experience. When I first started in my career some 30 years ago, I work for a very big reputable computer company, and one of the perks of the company that everybody has, you are somebody in the field, you are either a sales guy or IT, you have a company car. That's a big deal, okay. So before long, you walk into the facility of my company, you see actually company gas stations and mechanic shops. We have fleet managers and so on. The company was managing 11,000 Tauruses, Ford Tauruses. And suddenly they dawned on this, "We're not in the logistic transportation business, why we spending some of our best talent that we can put in the manufacturing plant to manage a car?" So they switched over and say, car policy, okay. Everybody get in those position, get a car allowance. The company doesn't want to own any car. Used to have to sign a usage policy. You cannot drive under influence. You cannot speed. You cannot do all these things while you're driving, but this is your check every month, right. Bring your own car to work. Understand that concept, right. Bring your own car. So what is the difference between bring your own device? If it is not the company's device, do you really need a mobile device manager? In most cases, not. Because the mobile device manager is very useful to -- it's a fleet manager for your devices, right. So we contend that mobile device manager has a role, actually there's a little mistake here on this slide. Actually, anything below this line and going into about half the Microsoft world, because this is Microsoft mobile, there's very, very good device management tools for Microsoft desktop and Microsoft laptop and it is a Microsoft mobile, the Android and iOS that are owned by the company. We have a large customer, global customer, they bought thousands of iPads for this. They need MDM because they need to insert policy of what those can and cannot be used. For the rest, for everywhere, the most important thing in all the, I think, our colleagues in the MDM industry would agree, the real deal is about mobile data management. Independent of whether it is a company-owned device or a BYOD device, you need to control the data. So that's the access policy manager.

So now I like to present to you MOVE version 2013. We have the monster stay engine with 2 million floats per controller, on the right. We have the boss to tell the engine what to do with the float. And together, we're going to develop this into the next-generation mobility access platform to be the traffic manager for all traffic going in and out of the corporation of enterprise. So obviously we need to be able to instruct through programmable interface through the network element. In here, you know this, we add the Earth to the air because now there is a lot of legacy wire devices and a lot of users locking on to the wireless, right. So that's going to be a continued and mixed mode of devices out there that are connected by wired and wireless. In general, if you ask me to give you a rule of thumb of how the wired and wireless now again evolve, I think machines will continue, most likely the old machines will be connected by wire, all the people will be connected by wireless. But since the people and the machines together make the system, you need to have a system that work on a unified method or else the people, where we have to go around to get access to the machines, right. And that is the power of the system is to unify the people and the machines, the wireless and the wired. That's kind of the general flow.

So this is what we call the southbound programmable interface. Basically, all of these devices come up as simple dumb devices. They all look for northbound and say, monster controller, give me instructions. And give me instructions not just to boot strap by minute-by-minute, moment-by-moment and I can change my QoS policy. I can change my access restriction policy on every single packet going through wired and wireless. So later on, you will go through an example, a demo with Keerti, about how this mixture of fundamentally machines that are attached by wire and people that are attached by wireless in this. So next thing, we talk about once you have this mobility access platform, then you open up the northbound interfaces.

What we have been internally opening up to ourselves through and that's how the airway management application talk to the system. That is how the guess control, guess portal system talk to the system and the AirGroup, which is basically a Bonjour Gateway application that you'll see later on, talk to the system. But what we're announcing here with 2013 is we are not just opening up these interfaces to ourselves but to all independent software vendor, such as analytics partners, content service partner, mobile device management partners, security and compliance partners, location or in the partner and unified communication partners, okay.

So together with this northbound and southbound interfaces, basically this will be the software defined network control playing for all access elements in the future. While so far SDN has been a technology being used for virtualized servers in the data center to be talking to the Layer 2, Layer 3 fabric with applying the same concept at the edge of the network, and this will become the strategic control point for our business going forward.

So what about -- and those are -- all those partners have server applications that we have opened up the API, too. What about the applications on your mobile devices? The idea here is, again you'll see a reference implementation demonstration, is that not only is it important that you put a boundary between the mobile devices utilization for work-related versus personal-related activities, but you need to this -- the so-called wrapping activity, you need to make it network aware and that is the demonstration we're going to show you when Keerti comes up.

So how does that translate to our business growth? I want to remind you that our core business in this Layer 4-7 accentuated differentiated enterprise WiFi. Uncompromised. This is our vision. This is our strategic investment. This is how we're going to win, take long term. There's no question in our mind. We have enhanced our market by extending this outside of the local area network in the building to remote access and extend it from wireless to wired through our passed Proline extension. With ClearPass as a comprehensive platform, as I explained to you, we are going to capture a significant portion of the newly defined network access control market, which is different from the whole fixed network NIC [ph] business.

And as a lot of you have been aware, we have announced Aruba Instant. So far the report card for Aruba Instant is we're very pleased with the ramp of the product, but Aruba Instant has really 3 target markets. One is large distributed enterprises with lots and lots of branch offices. That, Aruba Instant has been doing very, very well. Second is we're seeing a strong pipeline for Aruba Instant in managed services business, and I'll talk to you about that, more about that. We have the third potential of applying Aruba Instant in the mid-market, and this is an area that I think my colleagues, Mike Kirby and Ben Gibson will talk to you a little bit more about. But we really have not run out of the gate yet, for a focused go-to-market engine using Aruba Instant to capture the rapidly growing mid-tier market. This is a focus that we intend to do in our next fiscal year, and we are ramping up in this fiscal year to attack that, okay. So this is some dry powder in the gun here.

So lastly, we have recently announced that we are going to focus with a subset of our product line with special software and an architecture that can address the service provider WiFi market. And this is an area I'd like to spent the last 5, 10 minutes of my talk to clarify, because there's a lot of confusion about what that means.

First of all, I'd like to clarify 2 terms. There's carrier WiFi and there's service provider WiFi, and I want everybody to please understand they are not the same. Carriers are, by definition, the communication provider, either wired or wireless, and obviously the relevant part is the mobile carrier WiFi, right. This is an area that we tried a little bit with the China Mobile experience, and then we decided that this is not what we play. And this is the idea there is to create an extension of the cell tower, either by creating outdoor WiFi access point at a long range high-power or you can extend that power through hotspots and small cells in strictly a Layer 2 manner. This is offloading spectrum from licensed spectrum to unlicensed spectrum.

I categorically say, as far as I can see the Aruba business model, we are not in this business. And we shall not be in this business as far as I can see, because this is going to be a crowded market. There's a lot of physics and Layer 2 capability, which we believe we can do well but it will be a distraction for us to go after the really high value Layer 4-7 business. Service provider WiFi are managed service provider for enterprises. They could be a business unit within a carrier, but a lot of them are not. They are specialized service provider managing hospitality site, managing sports venues, managing medical facility.

In fact, a lot of our partners in the managed service space do not have a consumer-facing cellular business. So for them, off-load is meaningless. They're trying to create value to provide a managed service for enterprises, okay. If you do not -- just want to make sure that there are 3 things, carrier WiFi, service provider WiFi and 3G, 4G offload. These terms I've seen being used, mixed in everybody's mind. A lot of people kind of mix them together. We are not in the carrier WiFi business. And if you work with a managed service provider that do not have a business unit on consumer-facing mobile phone business, you have no offload problem because you don't have to -- you don't do anything with the license band. Off-load is strictly related, so if you have a license band offering and you run out of license band, that's where you need to offload the WiFi.

I think this is very, very important because a lot of the confusion, the questions we get really is a mixing of these 3 terms, which is very, very clear to us how it is segmented. So I want to stop this. Does it make sense? I want to take a question, actually, if you have a question about offload, carrier WiFi and managed service provider WiFi. Okay.

Now if you allow me to review with you what we announced in Mobile World Congress at the end of February. We announced 3 things. We announced that we have optimized a version of our MOVE architecture with special partners and so on to address service provider, managed service provider, who might or might not have an offload partner. We give them that flexibility. But the fundamental value proposition is you go in and you can do a single network for your customers to address all the mobility, BYOD security, POS and all the needs. And on top of that architecture, you can, if you choose to, either by business partnerships or assisted division arrangement to do some offload work. That is an architectural announcement. Secondly, we announced that the broadband platform, which basically the WiFi division of NTT has adopted, has joined with us, using our technology to offer what they call cloud WiFi for the Japan domestic market, primarily leveraging of this hybrid capability so that they can offer in any single venue primarily a managed secure WiFi service to the corporate partners and be able to offload entity docomo, which is assisted division cellular traffic.

The third thing we announced is through the NTT partnership, we have rolled out 15,000 hotspots owned by a Seven & I Holdings, which is the holding company for the 7-Eleven Japan, Denny's Restaurant Japan and so on and so on. So they have rolled out, in the 15,000 location, a hybrid model in which NTT-BP is providing a managed service recurring revenue monthly. And at the same time, they actually create an offload market, offload capability for not just DOCOMO but KDDI and Softbank. So that is what we announced, okay.

So let us tie this back to our core business. We feel so strong, so convicted that we have the differentiation long term to absolutely win in this crowded air space in all the enterprises, large, medium enterprises. But particularly, our technology is suited for -- okay, this slide shows you the hybrid control architecture fundamentally starting off with the same muscular policy enforcer and the very comprehensive policy center of ClearPass and the controller. For the northbound traffic, we open it up for analytics vendors, location vendors and mobile co-applications, our partners for billing and policy management and so on. And for the southbound, we fundamentally is leveraging Aruba Instant and Aruba Mobility Switches and not shown here is Aruba activate cloud-based provisioning capability.

That is the Aruba hybrid control architecture. Because of Aruba Instant's capability of splitting traffic at the edge of the Internet, not only we can allow in the offload the situation of license spectrum to WiFi but we allow shunting of the edge traffic into the Internet so that it doesn't hit the mobile core, okay. So that's the nature of the announcement. But our fundamental target of the market is to accelerate our success in what we are increasingly calling public-facing enterprise WiFi. It's still enterprise WiFi, okay, but this is public-facing. This is what I -- this is really the big stadiums, the convention center, the airports, the very large train stations, terminals and so on, where you have very, very high density of devices and you need to differentiate services.

We also are addressing another form of public facing enterprises, shopping malls, coffee shops, large distributed retail chains, convenience stores and so on, and this is driven by customer interaction application where all these stores and public places like to have a better interaction with their customer rather than just giving them WiFi, using that vehicle as a monetization, customer loyalty and enhanced kind of shopper interaction-type of activity. And this is what we call monster scale WiFi and because if you're talking about enterprise WiFi, you're normally talking about a few hundred sites, a thousand sites. When you're talking about this kind of public-facing enterprises with service control they have to manage sometimes up to hundreds of thousands of sites, and that is where the scale that we've been working on makes sense.

So to conclude, the industry is facing a unique opportunity to merge the different silos at the access network into a unified view. There are 2 choices fundamentally you can make: a port-centric choice where you try to focus on defining common policy management network configuration at the wiring closet where the switches are and to upgrade it for the next generations, which is in the wiring closet; or you can take a view that is mobility centric, you say this is not where you need to unify in the wiring closets. You need to unify it between the air, the access and the application for a personalized network experience. And the integration is going to be over software and using northbound, southbound application interfaces to support your next decade's requirement. We all offer -- the whole industry is faced with these 2 choices. I wish all of them luck to choose wisely. Thank you. I'd like to bring on Keerti Melkote to put into action some of the things I talked about.

Keerti Melkote

Thank you, Dom. Good morning, everyone. Let me first introduce my colleague, Cameron Esdaile. He is sitting right here. He is going to be helping me through this presentation with demos, bringing some of this technology to life. And what I'm going to focus on for the next 60 minutes is a little bit more in-depth description of the technology differentiators, why we feel so strongly of our capabilities and why we are so differentiated in the market.

So going back to what Dom described, the triangle of apps, access and air and the interactions between these. I'm going to focus on each one of these interactions. And for the first section, let me first focus on the interaction between the application and the air. And if you look at that first, why is this so important?

Fundamentally, the air is, as Dom described, the constraining factor in delivering a proper user experience and appropriate quality of service for the users. And the various factors that influence the performance when you're connected over WiFi, first, it really depends on where you are relative to the access point to which you're connected to. So the location is pretty critical and I'll describe this in a little bit more detail, too. The second factor is that you're not going to be sitting in one place when you're connected with a mobile device. You're likely to pick it up and walk around and stay connected to the network. So user mobility introduces variability and performance because your location, as I said, one fundamental factor of your performance is location. When you're mobile, you're location is changing constantly. So performance varies as you move.

The other thing is you are not alone on this on the WiFi network. You are sharing the spectrum with all the other users that are on the network at the same time as you. And the fourth factor is that the application that you're using, every application behave differently. If you take a photograph and it's synching to iCloud, you don't care, it's doing it in the background. There is no QoS requirement for that as long as the transaction completes. However, if you are on a phone call, you want that to be flawless. You don't want it to drop as you roam. You don't want a cell phone experience.

So all these factors are pretty important in creating an environment over the air where the important thing gets through, the important stuff gets through and the unimportant stuff kind of gets backed up a little bit. So how do you put this all together? And I think I'll let you in on an industry secret on the next slide. This is a WiFi performance curve. When we talk about performance as marketeers often like to do, we hype the best numbers. And so when you connect to .11g, about 10 years ago when we introduced the product, we said 54 megabits per second WiFi. Then when we introduced 11N, we said 6x, 9x the speeds can go all the way up to 450 megabits per second. And with AC, we are promising excess of 1 gigabit per second.

As these speeds increase, the ability for the network to deliver that speed varies quite a bit. If you're sitting right next to that access point and you have a great signal and nobody else is in the environment and there's no interference, you will get that speed. But as you start to walk away from that access point, as you're further way, you're going to be on the performance curve. And the further way you go, the lower your performance gets, eventually to a point where you might be connected to 11AC access point with 11AC card on your device and yet get maybe 2 megabits per second, not 1 gigabit per second. It's still 11AC but you're not getting the performance. We call this rate versus range in the industry. And this is probably a good secret that all of us keep.

Now what the industry is trying to do is focus on where the performance is bad, which is to the left of the curve here. And what we have done is try to invent either proprietary techniques or standards-based techniques like beamforming, to increase that performance by improving the signal when you're far away from the access point. So we'll form a beam, we'll sectorize the signal to ensure that the signal gets through better to you. The idea being that we can pull up your data rate up from the 2 megabit per second maybe to 25 megabits per second. Still not taking you back to the promised land of 1 gig, but better than what you would otherwise actually experience.

Now the ideal thing that you want to be able to do is operate your clients at the top end of the curve. You want clients to be connected at 1 gigabit, a few hundred megabits per second, not at the low rates. How do you do that? That is the hard problem. And the other thing to realize here is clients make their own decisions as to which access points they connect to today. So that's one of the big impact challenges we face.

So that's the view from a single access point. The rate versus performance curve. Now when you bring your device into your floor on an office, the first thing that most IT technicians did was to light up the conference rooms. So I'm going to place a few access points around and provide coverage for the conference rooms for my guests. And whatever bleed through I get across when I'm away from my conference rooms, that's my zone of WiFi coverage, which means there's a lot of coverage holes inside the floor. So what they said was, "Okay, mobile devices are coming in, BYODs happening I'm going to increase my density and add a few more access points into the mix. Does this help? Let's see." So when you bring in your iPad, the first thing it does when it connects, it connect usually to the best access point that it sees at that point in time. It might be seeing all the access points but it picks usually a pretty good access point to connect to and gets a good strong signal.

Now you pick up your iPad and roam. As you start to roam around, the iPad will try to keep its signal going with that original access point that it's connected to. And if you invoke things like beamforming, the access point will even try to keep that signal going as well, the farther away you go. What's happening is your link, which was green when you first connected, starts to degrade because of rate versus range and your signal starts to get weaker and weaker and weaker until the point that the client says this not a great signal let me go look for other access point and roam, make a roaming decision. But if you just leave it to the clients, they won't do it. They'll try to stick to that 1 access point. So even if you add more access point it doesn't really help. What you need is technology that allows you to move this client. And by the way, this problem actually gets worse. This is just one device on the floor, right. As I said, you're going to share this with a bunch of people. And when all these people around the floor, everybody had the poor signal because of rate versus range people start to move around. You may have 11AC network but your users aren't getting that experience because the clients don't cooperate.

So what we have invented in the last couple of years is a new technology that we're introducing to the market, that we call ClientMatch. You heard us talk about things like Adaptive Radio Management, which talks about automating channel client settings, et cetera. What ClientMatch technology does is it proactively moves the device from the access point that it's currently associated to, to another access point in the system where it can get a better signal, a better connection so you can actually deliver the promise of .11AC when it arrives.

This is by the way, applicable to 11n as well, this is not specific to 11AC technology. It will work even in 11n capability. And I'm happy to say that just literally last week, almost on time for the Analyst Day, it seems like we received a patent for this technology as well. It's a fully patented capability. And the idea here is without invoking or adding any client software, using standards-based client devices, be able to shift and move the clients to the best access point that you are on.

So the next question that comes up is, okay how do you decide what's the best access point? That's an interesting question, right? One way to do it is going back to that view of these poor signals that all these devices are receiving because of mobility and roaming, I'll invoke ClientMatch simply to optimize the link, so that everybody gets a green signal, 5 bars. And what happens is the technology will proactively move these devices to the closest best access points from a physical standpoint. And at this point, everybody gets 5 bars. This is what we call linked optimization, which is basically Layer 1. The access point that you connected to, you get a great signal and that's all.

Now that's good. Everybody has a green signal. But as you can see there, there's gaps in the network. There are some access points that don't necessarily have any devices on them. Some of their access points have 1 or 2 devices connected in this. Now as people start to send traffic through the network, right, and more devices start to connect, as the density of the network start to increase, the link optimization algorithms that we invoked to provide you a better signal may not be the best decision to have made because there's more traffic now. And now I want to be able to figure out how to move a client that has that maybe a green 5-bar signal but not putting a lot of traffic through that access point and shift them to other access points that may not have any load on them. Now I need a view of the traffic, not just of devices, relative to their distance from the access point but what are they sending on the network. And then load balance.

Now let's talk about differentiation here. So far I've shown just access points, no controllers, right? I can do link optimization without controllers because I can get a relative view of the system, of who is associated to which access point, simply by monitoring and creating a management system that understands what's happening in the network. To truly get a sense of traffic, if I want to move, let's say, this device to that access point in the middle, I need to know at this access point, what is the traffic on that particular access point. Is it less loaded than me? Controller-less systems can do that. You need some system behind that actually aggregates the traffic. We call it a controller. This could be a switch, too, that allows you to aggregate the traffic across different access points, get a view of the relative loading and then make that change. And say, hey, there's a few access points here that are not loaded. I'm going to shift you from that access point, which is heavily loaded, to an access point that is lightly loaded. This is Layer 2, Layer 3 optimization. We do it with a controller. Cisco does it, too. Cisco can do it. They don't do ClientMatch, at this point, but theoretically, if you say, can they do it? Yes, they can.

So now, the next level comes in. This is traffic optimization, without view of applications. What you really want to do is, do this kind of optimization but with a view towards applications, and identify what is the application and which application should I move and which application should I not move because, back to my earlier point, if you're uploading a photograph or doing an iCloud backup, you don't need to make the move. The transaction can take a little longer. It will complete, there's no QoS requirement. But if you're on that video session right now, you want to make that move.

How do you do that, right? You want to identify the payload and figure out what application a particular packet, or particular stream, or a flow belongs to. Let's give an example, right? One very popular example that we've used is Microsoft Lync. It's easy to say Lync, but the hard part with Lync is, Microsoft actually encrypts all the communications. So in the network, especially the call control, the signaling that happens when you set up that Microsoft call, the Lync call is completely encrypted. So how do I tell, within that Lync call, what the flows belong to. Because you could be doing, within Microsoft Lync, you could be doing a voice session, you could be doing a video chat, you could be doing instant messaging, you could be doing file transfers, you could be doing desktop sharing. There's 5 different applications inside Microsoft Lync.

So how do you figure out, when all of this is encrypted, what stream this packet belongs to? We've developed some heuristics to figure this out intelligently. And we think we do a pretty decent job of that, but it would be better if Microsoft actually told us what that particular flow belongs to, which stream this belongs to, and that's sort of what we have done.

We are the first system in the industry to have been certified with Lync. Not only that, we've integrated with some APIs, with the Lync protocol, where they tell us, proactively, during call setup, because the call setup is happening from the client to the server, which flows belong to which application.

So now I have different visibility into that stream belong to the video session, and another stream belong to a desktop share, and a third stream belong to file share, okay? So now that I am armed with this view, not only do they tell me which streams these belong to, they also give me an indication of the QoS, the QoS experience of that particular stream. Is the voice call experience satisfactory? There's something called MOS scores in our values that Cam will talk about, which give you an indication, a numerical metric of what's the Quality of Service that the user is experiencing?

That is feedback that we get from the server. And this is the part that we -- that Dom painted about software-defined networking where the applications are interacting with the network to tune the network.

So now that we have this integration, let's go back to that client, my slide. Let's start out with Lync sessions now. As you can see, in this slide, there's a desktop share, there's a voice call and 2 video sessions on a single access point. The mobility controller is talking to the Lync server and knows that these 4 calls are in progress. And it's monitoring the QoS for these calls. The Lync server now says hey, something is wrong with these 2 sessions. The video is not behaving great and the voice is suffering. So what I can do now is for those 2 streams surgically moved using ClientMatch technology and say, hey, I'm going to take them to other access points that are adjoining so I can improve the quality of service for the Lync up. So now this is application-based networking. So I'm not doing it just simply based on signal strength, I'm not simply doing this based on calls estimation of traffic. I'm doing this surgically based on specifically what the application needs, based on programmable interfaces with the back end, so administrators don't have to touch and play with the infrastructure when you're setting up your calls, it's all automated.

This Layer 4-7 optimization is something nobody else is doing in the industry. And you can't do this on a switch. If you try to integrate all this in a wired switch, good luck.

So let's give you another example. Let's -- how many of you are Knicks fans here? Okay, more hands please, as we're in New York City. So let's say you're watching a Knicks game, and I'm a Carmelo Anthony fan, and -- but I don't have a great view here. And I just hear that he dunked a basketball on the far side of the court, and I want to see that play again. So I peek over, I take my mobile device with me. My neighbor is watching a replay of that dunk and I want to see that, too. So I'd tune to my TV channel over the Wi-Fi network, and go, hey, I want to tune. So what happens, when this is going on over the air?

If I just invoke ClientMatch, without a view of this video replay that is going on, I'll just try to load balance my traffic across all the access points in the stadium. But now that I have seen my neighbor watch that replay on his screen, I want to watch it on my screen. I'm consuming the same stream as him. Why am I replicating it twice and wasting airtime? If I can move this client now to the same access point that my neighbor is on. Because certainly, the signal strength is available, my neighbor is on it. I'm load balance away because of some other requirement, now that this application can -- I can consume less airtime by being on the same access point, I'll do the physical move, saving airtime, so that the rest of the fans that are with me in the stadium, can use that airtime for the bandwidth.

This is another example of, when you're in a high-density situation, where the air is very crowded, how we can free up the air for others to use and optimize what people are seeing and yet deliver great user experience.

This is why we believe Layer 4-7 application intelligence makes a big difference in enhancing and optimizing the over-the-air experience. Let me call Cameron Esdaile, he needs to set up, we're going to do a couple of demos, I want to show you what the screens look like. Unfortunately, we can't do the video demo, although I would love to do that. What we can -- we are going to log back to our Sunnyvale controllers live and show you some of the screenshots of how these application-aware capabilities come together on our controller. Net of it is, we're optimizing Wi-Fi at all layers. We're optimizing it at Layer 1 for the signal. We're optimizing it with Layer 2 for traffic and mobility state, as users roam. And we're optimizing it for the applications, whether it's Microsoft Lync, other unified communications applications, video broadcast, et cetera, et cetera. The idea is to really take into account the whole picture, the whole context of what is going on and then optimizing it over the Air. You ready, Cam?

Cameron Esdaile

Getting ready, yes.

Keerti Melkote

So next, we'll switch over to the demos and give you a sense of the user interface on the controller and what that looks like. Let's switch over to the Mac, please.

Cameron Esdaile

Okay, so what we want to show you now is, basically, how we're realizing some of these optimizations we've been working on with Microsoft. So as Keerti mentioned, we've logged in to one of our controllers back in our office on the West Coast, and what I'm showing you here is a view of a handful of clients that are connected to that controller. As you can see, in our lab, we've obviously got some Star Wars fans, the username, Thera, not looking too realistic, but what I'm going to do is dive into one of these individual users here. And what this is representing is your typical network administrator's view of the client that's connected to the network. So we've got a bunch of statistics here around how the client's performing on the network, how much traffic, it's how I would actually get through that wireless connection. But the new edition, what we've added to this capability, through our integration with Microsoft, is this Lync tab here. So if I click on this, I'm just going to zoom in, so it's a little easy for you guys to see at the back.

What we can see here is leveraging those APIs, which by now, they with distinguish between the voice channel and the desktop sharing channel that, that one client is actually operating at the moment. And that's a key capability, because all of this traffic is wrapped up in an encrypted channel, so only through that API integration are we be able to make that differentiation.

And then looking over to the right here, we've got a couple of really interesting metrics that we're saving back. So that R value is what Keerti was mentioning. And that's literally a representation of the quality of the voice call. So we're getting that back, weaving that feedback directly from the actual Microsoft linked server. And what that allows us to do is react to any changes of that environment. And what you can see next to it, is a couple of Quality of Service metrics that we've got. So I've got the ability to enforce for the voice call, differentiating away from say, instant messaging or desktop sharing or Quality of Service. So that's something that we're dynamically applying to the fact that, that is a real-time voice call. So we're applying, like the quality of service metrics over the air, which is the WNM tag, and also the Quality of Service metric over the wire, over the back end of the network using the DACP markings. So that just gives you a bit of a feel of how we're actually leveraging the APIs with Microsoft to achieve that level of differentiation between the different traffic types.

What I want to show you now is how we're approaching that same application awareness for different protocols, the different applications that were not necessarily tapped into an API. So as you guys would be aware, there's a whole range of other protocols that are going to be flying around your network. And what we've done is we've added to our dashboard here, 2 new capabilities on the left-hand side there. So we've got the ability to group all of your applications, now, into categories. So as network administrators, we don't necessarily need to have an intimate understanding of what every peer-to-peer protocol is. We just want to know that that's a particular type of traffic profile that I might want to manage. So I've got that represented up here in the top. Down the bottom, we've got the individual applications and how those applications are actually impacting my overall application mix in the environment.

So what I'm going to do is drill into one of them. BitTorrent is an application that quite often people want to manage on their networks. So if I drill into that, I can actually see immediately who the user is that's actually participating in a BitTorrent session at the moment. So I can see that this guy is, at the moment, downloading. I can see the amount of traffic he's impacting, I can see the destination he's going to. If I scroll over, I can see that, that user is in a role of sales. So if I actually wanted to go beyond just having application visibility and actually do something about that, I can go straight from this dashboard now and start editing a policy. So I drop in here, I actually go down and find the sales role. This is essentially what the sales employees have access to at the moment. As an employee, they've got some access to Netflix. They can do their Lync calls, but I want to actually make a change to his capabilities in the network at the moment. So I'm going to add a policy for BitTorrent, and I come in here and. And I now have access to select that application. So I'm going to grab BitTorrent, and at this point, I've got the ability to flat out drop it, or I could permit it soon, but apply at the individual user or role level, a bandwidth contract. So I can right limit that. This is a clear differentiation from what some of the other guys in this space are doing is, they're not able to apply this application richness at a user or a role level that's literally at a -- network level, a V-line or an SSID. So we're taking this to a completely another level with the ability to detect and manage those protocols. So that's pretty much what I want to do, show you there, I'll hand it back over to you.

Keerti Melkote

Thanks, Cam.

Cameron Esdaile

Have you done that for the entire role of sales and can you do that for the individual that you identify?

Keerti Melkote

Absolutely. The question is, can we do that for the entire role, can you do that for a user? We can do it for a user. We re-showed the role because it's convenient way to group users, but absolutely, you can do it individual applications, individual users. I think, most importantly, you should ask yourself, who else in the industry can do this? Because a lot of people claim there's application visibility and control, AVC is the new buzz word. Cisco is claiming it, Meraki had it. I believe, Aerohive is claiming it now, Ruckus may claim it tomorrow. But here is the reality, right? For all of these guys, they do this inside the access point. And when you do it inside the access point, 2 things happen. You lose performance, because the access point is doing a lot more and it has 1 CPU, so you start to do -- as you start to do things like deep packet inspection inside the access point, you lose performance. But I think, more importantly, a single access point does not have a view of what's happening in the adjacent access point, as far as traffic goes, okay? So it cannot optimize the system, it can only optimize itself.

To optimize the system, you need that traffic view at a centralized place, and that's what the controller brings. This is why we feel very strongly that the controller-less architectures will not be able to deliver this class of optimization and policy-setting that we are bringing to the table. Aruba Instant, by the way, we'll do this inside the access points as well. But again, remember, it's going to be an access point-centric view for distributor enterprise, one access point.

So let's switch back to the presentation. Let me now switch gears and talk about the link connecting the access and the air. We have so far talked about the top one, connecting the air and the app. Connecting access and the air is the next, next question that comes up. And access to us is a much broader problem than network access. It's not just about authenticating a user and putting them on the network. It's about network controls, the policies that Cam just showed you. It's about device controls, so that you can invoke device-centric policies. For example, is your device jail broken? And what should I do about it? That's a device control. And application controls on the device. If there's confidential data associated with a specific application, what you do with that? All of this is part of the access policy problem. And examples of the interactions here, if you have a jail-broken device, you might want to wipe all your confidential applications from the device. That's an interaction that happens from the device to the application. If your network is congested, restrict your iCloud backups. This is an example of network control impacting with an application control. If you move, let's say on the government, and you move to some classified location, or you're in finance and you move to the trading floor, then you invoke device controls perhaps to turn off the camera, because you want anybody to take the photographs on that particular floor or location and you also want to lock all your sensitive applications, as an example of all 3 coming together.

So this is what ClearPass aspires to be. We've so far talked about ClearPass in the context of network controls, that we are invoking network-centric policies, but pretty soon you will see us enter the realm of integrated network device and application controls in the same platform. We have added already, as we showed you last year, the capability to on board devices. We're extending that to include now MDM functionality to manage the device as well, if you so choose to. But I think, more importantly, going up one level securing the applications and providing a framework for mobile application management inside ClearPass. And at the same time, while we're innovating on those fronts, we're going to also partner aggressively with leading vendors in the MDM market so that they can take advantage of the intelligence that we have. The play here that we're trying to build towards the platform play where we deliver a unified platform for network device application controls, with application partners that can take advantage of that for their own businesses.

So let me first talk about the MDM integration that we are doing with third parties. We have integrated ClearPass with vendors that you see on the left here, AirWatch, Maas360, which is Fiberlink, MobileIron, JAMF and a couple of other vendors as well. And the idea behind MDM integration is to be able to bidirectionally share policy information between the network control and the device control. And I think this is best shown within an application, with a demo. So let me bring Cam back on stage and let's flip the screen over to the iPad this time, please? Not just here, to the Mac.

Cameron Esdaile

Just give me a sec to get set up here. So what I wanted to start off showing you is the first phase of our MDM integration, which was essentially taking the APIs that the major MDM providers are publishing, and we leverage those within ClearPass to basically grab a bunch of really valuable information around the context of the devices that are under management. So the sort of information that we're interested in, when you look at ClearPass' role as a policy definition point or a policy decision point for your network, is what's the device inventory of that data. I want to know what device it is explicitly and what's the policy state of it? Has that device triggered any business roles, that have been defined within the MDM, that we would like to be aware of when we decide and should this iPad connect to the network? So that API integration is...

Keerti Melkote

Could we switch to the Mac, please?

Cameron Esdaile

Yes. So what that's resulted in is essentially, all of these managed devices are basically downloaded and stored within ClearPass, and we've replicate that context throughout our entire global customers, our global sites. So we have the ability to deploy nodes all over a global deployment. And the actual information we pull from the MDM is replicated across those nodes. So an example of a particular device here, we you can see explicitly an Apple iPad. We can see that down here that it's compromised status is false, we can see what software version it's running, we can get a lot of details about its inventory.

Keerti Melkote

This information is flowing back from the mobile device manager?

Cameron Esdaile

Yes. So we can actually leverage all of that to decide how the a device should be admitted onto the network. So if it was flagged as a corporate-owned device, we might give it a higher level of Quality of Service, based on its jailbreak status, we might put it in quarantine status. So we've got all of those capabilities by having that direct integration with the mobile device management platforms.

But what I wanted to show you is where we've taken this technology moving forward, and if we can switch to the iPad, one of the really interesting capabilities we're working on is kind of the flip side of that argument. So what I've showed you, then, was how we can leverage the context from an MDM to affect a network admission decision, should I change Quality of Service, should I quarantine? What I want to show you now is how I can leverage the context of a network event to affect device enforcement. An example, I'm going to try and show you is essentially -- if you could imagine we're on a government facility or a healthcare campus, and I've roamed from a public area to a secure area, what I want to do is essentially disable the camera. It should no longer be actually permissible to take a photo or screen capture something. So I'm going to actually simulate that in this environment, sort of running out of the room and coming back. I'm actually going to disconnect from -- I'm connected to our campus SSID at the moment, which we should see here in a second. So you can see I'm connected to the campus SSID. What I'm going to do is quickly disconnect from that and connect to a vault SSID, which is sort of simulating the fact that I'm now on a secure network. So I've connected, I've got an IP address. And you can see the camera on the screen there. If the demo gods are kind to me this morning, what we should see as a notification that I have roamed into that environment, which you've seen at the top, and the cameras are being disabled.

So this is something that nobody else is doing. This is a definitely, we're pushing the envelope of integrating these 2 capabilities or these 2 technologies together. But what you can see is that we're able to take the context, the valuable information we have as ClearPass, our understanding of multivendor networks, our understanding of wireless networks, specifically as well. And actually able to affect a device enforcement, which is what MDM's do. And they obviously have great power in terms of setting device use restrictions. So this is just a quick example. I'll flick it back the other way, just so you can see that when I roam back out. But essentially that's what I wanted to show you in terms of the 2 phases of our MDM integration.

Keerti Melkote

Thank you, Cam. So as you can see, this is the integration with mobile device management and network -- and integrating access and air together. The fact that location changes are happening in the air, we are picking that up on the Wi-Fi side. What we just did was simulate that by changing the rate of connection, but in the real world, the network would detect your location indoors, that you've gone from one zone to another zone. And trigger -- that same trigger goes from ClearPass to the MDM platform. In this case, it's Fiberlink Maas360 platform in the cloud, that then sends a signal to the device that says, turn off your cameras, okay? So this is critical, right? And what we're doing here is taking the intelligent networking, tying that to MDM intelligence. And nobody, as Cam said, is doing this in the industry right now. And it increases the stickiness of the ClearPass product as Dom talked about network controls.

Let's flip back to the presentation. So now, let me look at the third leg, which is tying apps and access. We talked about apps and air, we talked about access in air, now talk about how access and apps come together. And to talk about that, I think it's best to talk about the challenge that, currently, we face with BYOD. So if you bring your own personal device, the traditional, the way that BYOD devices are managed, from a security perspective, is to bring it under management using MDM. And as Dom described earlier, MDM is a platform meant for corporate assets. Because you can -- you own the asset, you can do a remote wipe on the asset, not worry about the liability of it. But if it's a personal asset, and we have personal information on your device, there's a liability exposure, if you invoke the remote wipe. So what do people do? The forward thinking organizations, they basically say, we'll take the risk, we'll have the users sign an acceptable use policy, and then remote wipe their device, if you find that it's compromised in some way.

What is really underneath the covers? The real requirement actually is not remote wipe, the real requirement is, can I separate corporate data and corporate applications from the personal side? And if something were to happen, and the device got compromised for whatever reason, then I will take action on what belongs to me, which is my corporate data and applications, and not worry about the personal side. So your music collection, your photographs, et cetera, remain completely untouched on the device, only the corporate stuff gets affected.

How do you do that? The MDM APIs on the device don't allow you to do this. And what you really need is a capability that allows you to create a workspace that wraps your corporate applications and corporate data inside of this workspace. Think of it as a little briefcase that you carry with you inside, a virtual briefcase case. And all your corporate environment is exposed in this workspace. This inside this workspace is encrypted, using military grade encryption. If you're interacting with data that are sitting inside servers inside your datacenter, then VPN capability is built into the workspace. So you don't have to suffer the user experience pain of going out of your application, firing up device level VPN, going back into the application, trying to get to that server and so on. It's just completely

[Audio Gap]

your username password each time.

Making the user experience a lot better, as well as solving that security problem that was so vexing in the MDM world. We were calling this workspace, this is a capability that we're going to introduce in ClearPass in beta. Ryan wrote about it as Project Text. We've introduced this to our Airheads community a couple of weeks ago. And we're going to enter betas in the next 2 weeks and introduce this capability in summer. But I wanted to do a quick preview and show you what corporate workspace would look like.

Cameron Esdaile

We're going to do this demo from one of the new iPad Minis. Okay. So if we can switch to the iPad. So what you can see here is an employee-owned, or an example of an employee-owned iPad. And essentially, what I'm showing you is what the iPad, or the state the iPad would be in -- at the end of a provisioning process. So within ClearPass, we've had an on-boarding capability for quite some time, where we would go through and the user would step through a self-managed workflow to get all of the networks settings, certificates required to get onto the network. And at the end of that provisioning process, what we've done is we've pushed down an application, which is essentially an entry point to all of your corporate data.

So what I'm going to do is launch that now. And what you can see is that I've been prompted for a passcode. Because I've left the personal side of my device and I'm trying to enter into a corporate environment, I'm being prompted for a passcode. At this point, the reason why we've got a passcode there is just because it's a mobile device. And we have a configurable setting that either once a day or every couple of hours, you may be the prompted for your full active directory credentials, just based on the company's security policy.

Once I'm actually in this corporate workspace, you can see a set of applications that have been provisioned to me, based on that linkage that Dom was talking about back to active directory. So we're able to, obviously, provision different sets of apps to different classes of users within the business. And as a mixture of apps there, the ones that you would expect to see an enterprise, email, contacts and calendaring app, a secure browser, we've got a partnership with Box that actually allows us to do content distribution and management of content and, obviously, we can encrypt any files or data that is actually cached locally on the device. But what I'm going to show you quickly is an example of the secure browser. So I've just launched the browser. We have a policy on this particular application, because it's deemed to be more secure, because you're actually accessing potentially Intranet web applications, that it's asking me for subsequent authentication. Totally configurable, but I just wanted to show you that we can actually have differentiated policies per application.

What you can see here is, we've got a little floating toolbar down at the bottom, that allows me to access my recents. I can get -- jump around between different applications within the work environment. I can see that a VPN is being established as well. So if I actually tap on an internal Intranet site, I'm able to get directly to that without having to launch a device level VPN, which is a really powerful feature. So if I jump out and maybe go back to my secure email client, what we can see is a classic example where one of my colleagues has sent me an Intranet link from within my email client. So to Keerti's point before, I can just tap on that link now. It will automatically launch the enterprise version of my secure browser and I don't have to go back out, launch a device level VPN, cut and paste URL. So from a usability point of view, that helps out quite a bit.

The other thing we can do here is provide some basic level of content filtering. So we might want to have a set of websites that are deemed inappropriate for work. So something like the Pirate Bay for downloading torrents might not be appropriate. Each business may have different website that might be deemed inappropriate for their environment. So if I went to this website, for arguments sake, it might be blocked. But if I drop back out to my personal workspace, I should not be prevented from going to an inappropriate website.

So as you can see, I'm not interfering at all with the use of the personal device, it's literally controlled within that corporate environment. So just coming back quickly to the workspace here, I wanted to show you a couple other quick things. We have added in the ability to display an enterprise app store. And what this is essentially is a way for the IT administrators to provide a filtered view to the public app stores. So these are apps that they've looked at. They may have done some form of diligence testing on it and deemed that they're appropriate for their employees to use. So it's just a way of providing a recommended list of apps or filtered list of apps on the public app store.

The other thing I wanted to show you is some of the actual policy states that we can apply around the applications. So you've seen that we can obviously provide authentication per app, we can provide a per app of VPN for Internet access. The other thing I wanted to show you here is the document editing on the left has a policy state on it. And if I tap on that, we can see that it's got a time fencing policy applied to it. So this is very popular in retail environments where you might have a point-of-sale application that shouldn't be used outside of business hours. We've got another one here that has geolocation policy applied. So this might be say, a healthcare environment where you shouldn't be using a patient record's application outside the medical campus. So that gives you a bit of a feel for some of the policies. But what I wanted to show you is that we are actually able to implement these policies in real time. You don't have to re-download an app to change a policy. So if we can flip back to the laptop for a moment.

Keerti Melkote

Can I add one more question here? You showed Box on the iPad. Can I have a corporate version of Box and a personal version of Box on the same iPad?

Cameron Esdaile

Yes, absolutely. Because it's within that corporate workspace, we could have one Box instance that's tapped into your corporate environment and then a personal one, so there's...

Keerti Melkote

A we're predicting, by the way, the Box as well, when you store data offline for use on your mobile device from a cloud storage provider, that data gets encrypted using military grade encryption, as we talked about, and totally secure as well.

Cameron Esdaile

So just in the interest of time, I'm going to quickly show you a couple of things here. If we look at that the browser that I was actually just using, I can just quickly scan through some the policies. Let's zoom in a little bit so you can see what's going on. So we can see here that we can -- we had that required user authentication policy. We can encrypt any data that may be cached locally. We can define any inter-app policy, should I be at a cut and paste out of that particular application, should I be able to open any content that I've downloaded through that particular application in another application. What should I do if the device is determined to be jailbroken? Should I allow this sensitive app to be launched, should I wipe its data? So there's immediate actions we can take on that. Some of the network policies about our inappropriate websites. We can see that we're terminating the VPN back on one of the Aruba OS controllers back at our headquarters. And then there's a couple of other ones that won't apply to that particular app around time fencing. Motion fencing is one that we've seen logistics environments, so they don't want people using apps whilst driving cars and stuff like that, and then the geo-fencing.

But just to show you the policy happening in real time, I'm going to quickly dial into the iPad I've got here in front of us and let's pick on the browser again. If I try and lock that up, so this could be a business policy event in the back end, or I've changed roles, I've left the business, maybe it's a joint venture employee that shouldn't have access to an app anymore. So I've now locked that up from the administrator's point of view. If I jump back to the iPad, what we should see -- if we can flip to the iPad, okay, it's not connected, hang on a sec. What's happened here? It dropped off the network altogether. Give me 1 second. So what we should see here in a moment is that once it's actually checked back in with the server, that the actual browser itself will be locked. So we can see up there in the top right-hand corner, that the browser is now actually being locked through that administrative policy. So that's pretty much all I had to show you on that for now.

Keerti Melkote

Thanks very much, Cam. If you can hang here, I know we have more demos, so we'll go through this quickly. Can you switch back to the slides, please? So that's the first aspect of tying ACS and apps together, right? So we can take corporate apps and manage corporate apps in a secure way using this networkable container. As Dom said, this is a reference implementation. We are going to make our differentiation available to our partners, third party MDM partners, to be able to take advantage of the network awareness that we have in this workspace. And they can leverage that with their MDM platforms as well. So it's going to be a platform play. And we'll certainly meet the needs of some of the markets but it's a big market, lots of different vertical needs and we're going to partner in a lot of different verticals with our key MDM partners there.

So the other aspect of the ACS and apps is nexus, is the changing IT service model. What's happening is BYOD, the end users are taking more control of their environment and they want -- if IT is able to do it right, then you can push more of the support burden to the devices themselves, with tools and software applications that can enable self service. And here again, apps can be of help. What we are doing is building a new application for self-service that integrates with the network and gives you a view, not only of your applications, but of your environment beyond the applications. We talked about the notion of a sponsor. If you're an employee, you're going to be sponsoring your visitors, you're going to be sponsoring guests on your network. How do you provision guest access for your visitors without calling IT or calling the receptionist? Similarly, you might bring in your own devices on your network, your own Apple TV, maybe your own printer, maybe your own iPod that you want to connect to the network. How do you do that, right? The environment is going to be bigger than just your applications. And the next demo, what I want to focus on, is to give you a sense of what this employees self-service portal is going to look like.

Cameron Esdaile

Okay, so what I want to show you here is the app that Keerti was just mentioning. And essentially, what we've done is we've extended some capabilities with having ClearPass for quite some time through a captive portal interface. So we've had the ability for people to sponsor guests through a captive portal login. We've had the ability for students or employees to go on and register their Xbox or add their Apple TV to the network and share it with a colleague in a dorm room. But what we thought would be an interesting innovation is to take that and actually deploy it in a mobile app because that's the devices that these people are using in the environments. So I'm going to launch that app now. Actually, let me log out. So I've launched the app and what we've done here is really focused on usability. So we're being prompted for a user name and password but the actual app is able to automatically detect the presence of ClearPass on the network. We didn't think that the users of this app, again, have the knowledge of the network topology, where the servers are, what the IP address of the server is. So we've spent some time actually, making sure that the app can automatically detect the presence of the ClearPass in the network. We've got a little video tutorial down there at the bottom if people aren't aware of the technology that we're supporting.

So I'm just going to login with my active directory credentials. And what you're going to see is a list of my devices that I have access to in the environment. So at the top, you can see the iPad that I'm actually on. It's got some details about how I'm connected to the network. And for the network administrator, these apps are actually checking the posture of the device. So simple stuff around, jailbreak detection can be recorded back up to ClearPass for further network admission decisions.

Below it, you can see that I've already registered say, an Xbox onto the network. So that's a very common use case in education environments that you have to register these devices before they're allowed on. So what I'm going to do now is show an example of adding an Apple TV, like we've got down here behind us. So one of the capabilities we've built into this app is for it to automatically detect or listen to the service announcements from these consumer devices on the network. So if I can tap -- if I tap here, we can see a couple of printers that are in the environment and my Apple TV. So if I tap on that, what it's done is it's picked up the details of the device. It's automatically populated the unique identifier for the device, the Mac address. And then I can go ahead and actually share access to that device with some of my colleagues. So let's add Keerti and Dominic in for argument's sake. What that basically means is that with the integration of ClearPass to the Aruba infrastructure, that device is available immediately in a personalized view to both myself, Keerti and Dominic. It's not going to be available to the rest of the environment and what that means, from a usability point of view, is when I go to AirPlay a device or try and find a printer, I'm not going to have a laundry list of devices. I'll just have that personalized view that is inclusive of the devices that either I've registered or the ones that are shared with me.

Keerti Melkote

And without this app, it would have been a call to IT helpdesk.

Cameron Esdaile

Yes. So that shows how we're actually tackling that sort of personal interaction with the network for registering devices. But the other common use case is obviously, in an enterprise environment, I'm halfway through a meeting and the person I'm meeting with needs to show me something on the Internet. Normally, you're going to have to break down the meeting, someone will have to leave and go to reception and get a token or call the helpdesk to create an account. We've added that same self-service capability directly into the app here. So you can see a couple of accounts that are already registered. From my perspective, I was the sponsor of these guests under the network but I can add another one. So let's quickly add Keerti, and excuse my typing. I'm getting faster on these things. We can set an expiry time, one day. I can order or generate a password, hit done and what will happen is essentially, an email receipt will be sent, an SMS receipt could be sent if we actually wanted to collect mobile details, that's obviously configurable. Once the account is created, I can just swipe on the account to potentially reset a password, change an expiry time, edit any of the details associated with that user. So that gives you a bit of a feel for how we're actually taking what has been traditionally more of a captive portal-led user experience for employees or students, and we're bringing it into the native app environment.

Keerti Melkote

And what you're seeing here is a software-defined network coming in action, okay? You're defining who you're interacting with, who your guests are, the network is auto-provisioning access for them, you're defining your devices, the network is creating the topologies for them, you're in interacting with your applications, all driven by the user, right? IT administrators are not touching any network equipment to enable these kinds of capabilities. Let's flip back to the slides, please.

The next point I want to talk about is public facing enterprises, as Dom touched upon. This is a huge, new opportunity for us. And we define public facing enterprises as any enterprise that engages their customers using the network. And using the network usually means using Wi-Fi on their mobile devices. Typical characteristics of these types of enterprises, thousands of locations, maybe tens of thousands of locations. So the deployment itself and the pain of deployment is an important problem to be solved. So Wi-Fi is enabled seamlessly at a very low cost across all these locations. And the customer, the guest that we just provisioned, is actually -- is your customer. So customer interaction and customer experience is going to be paramount and critical in these kinds of environments.

What we have done is introduce the hybrid control architecture. Basically, the components of this architecture are Aruba Instant, add the site, add the distributed sites, the coffee shop locations and so on. Aruba 7200 Mobility Controllers have the head end, aggregating all these different sites. Unprecedented scale, as we described, 32,000 sites can be aggregated on a single controller. Nobody else is doing that in the industry. And the most important capability here is what's in the cloud. Enabling this ActiveX service, which enables zero-touch installation of multiple thousands of branch office locations by non-skilled IT personnel. So you can literally drop ship an access point from our factory to the store. The store manager or somebody in the store can pick up the access point, plug it into their broadband network and the entire Wi-Fi environment will be automatically set up for them. That's a huge, huge return on investment for these kinds of operations. That's why managed service providers are very excited about rolling out hybrid control architecture type solutions to their customers.

Multi-tenancy, which is another key capability, is also built in to the cloud platform that we are building. The other piece of the story -- so that's the infrastructure view, how do you enable very simple, very large scale deployments to happen seamlessly. The other piece is the interaction with the customer. And what we are experiencing here, historically, if you walk in to a Starbucks and you wanted to connect to Wi-Fi, you had to flip open your laptop, interact with the portal, the web portal, type in your username/password, gain access to the network. And when you wanted to buy something in the store, you take your Starbucks loyalty card and use that for your purchases. These 2 things are coming together on the smartphone. The smartphone is the new loyalty card and that becomes your platform for interaction with your customers. And there's 2 aspects to this. There's the actual interaction with the customer itself. What is their view, how do they interact with the store, with the organization? And there's the back end view, which is a more anonymized view of how often this user comes back to your store. How long do they spend in the store, which aisles, if you're a grocery store, they spend time on. If you're in Gristedes, where are you, which aisles are you actually shopping at. This is very valuable information for the retailers. And this clearly, capabilities like this, differentiate from standard Layer 2 connectivity business. When a network can deliver not only a very, very high ROI on the actual physical deployment of it, but a platform for interaction with your customers, we think the value that app will go up dramatically. And to piggyback on the guest access demo, what I want Cam to do is give you a quick view of what this customer interaction with the guest is going to look like on an Aruba Network.

Cameron Esdaile

Okay, last time, I promise. This time, we're going to use an iPhone 5. We can switch to that. So what I wanted to show you here is essentially how we're trying to customize the experience for the guest. I showed you this before, how we customize the experience for the sponsor of the guest. This is sort of showing you how we can do a bit more to actually interact with the guests themselves. So you may have seen here at the event, the self registration portal that we've got up. So there's essentially a couple of fields that can be filled out for your username and password. What that results in is essentially a receipt page that looks something like this. And on that receipt page, you can see the password details. I've got the ability to login or there's an option down the bottom there now, to integrate with the Apple Passbook Technology. So what you can see there is, when I tapped on that passbook logo, what it's done is it's downloaded a passbook that's been created specifically for me and for my actual guest account that was created. So it's got my details there, it's got the details of the event today, what network I should be logging onto. On the back of the device, it's got some handy links that could be customized for a retail sort of customer, details about Twitter feeds, locations. All of these pieces of information can be actually crafted to provide more information to the guest user when they're actually interacting with a particular network. So I can add that to my Passbook and it will be dropped straight into the native app that we have here. And I can obviously access that information at any point in time. The other interesting thing that we've done is on the lock screen, we've got the ability to actually have location awareness. So for a retailer, you can actually have various different retail locations actually tagged within the app and that allows you to essentially provide some relevance, as people are actually moving around different retail environments and you can send update messages potentially about promotions or different events that are happening.

Keerti Melkote

Coupons. So if you're shopping around in Gristedes and you go from the cereal aisle to the vegetable aisle, you could get a special, daily special?

Cameron Esdaile

Yes, potentially. There's all sorts of capabilities that we could actually customize into this sort of workflow of just getting generic guest access, but then having this is a more interactive way to actually still communicate with the guest. And just to show to you, because it's cool, I'll delete the past. That's [indiscernible]

Keerti Melkote

All right, let's flip back to the presentation. So that's an example of how -- what a guest experience in the future is going to look like with Wi-Fi. Where we are tracking the location, it's all happening by permission. You're interacting because you are a loyal customer and you want to get those coupons, and it's an opt-in kind of a model. But the network now is becoming an asset for customer interaction rather than simply Internet access-type situations. So this is why we think public facing enterprises are ripe for innovation, beyond simply Layer 2 Wi-Fi, to Layer 4-7 Wi-Fi.

Now, let me wrap it up. We spoke about the nexus between the apps is -- apps air and access. Where we are headed in the future with this architecture is there's new apps that are emerging that will require us to not only integrate the wireless side, but the wired side as well. So the link example we just talked about, about prioritizing link video over the air. What if the other side of the link is a desktop or a TV in a conference room? You're doing a video conferencing bridge with a bunch of people sitting in a conference room connected to a TV. How do you prioritize video over the network, bridging wired and wireless? Another example of a similar situation, potentially more interesting here, is I have a meeting room Apple TV set up, a guest user walks in and he wants to show me a presentation. The meeting room Apple TV is on the internal network inside the firewall. The guest user is on the Internet outside the firewall. How are they going to get access, right? In the traditional model, what somebody would have to do is to say hey, I have this use case, call IT, some network administrator will have to go provision all these devices and say, let me create a special use case for that particular policy. So if you're asked for a special access and you're frustrated because it takes weeks for IT to respond, I have seen that, especially in financial services, it is because they have to go do all this manual programming in the infrastructure to create new policies, new access control lists, new SSIDs, all this manual programming that needs to happen. And it worked fine as long as people were fixed and sitting in static locations. But in this new world, everything is dynamic, everything is mobile, that fixed orientation is not going to work. You need to move towards a programmable infrastructure, which is driven by software, where you can set up these flows dynamically upon interaction with the application or with the user or with the device or with the location, based on the context.

So how do that, right? How do you take these mobile flows and program them? What needs to happen is, the trigger is usually the interaction. You want to start a presentation, you want to start a linked call, you want to start that YouTube movie, you want to subscribe to the multi-cache video in the stadium or you want to see a video from Box. These are all the trigger points that the controller actually sees in terms of flows. You set the policy in ClearPass and you say hey, I want to enable visibility to Apple TVs to my guests in this conference room. Pull into there the user, the device, the flow and the location in one policy. For link, I want to able to cut through from my wireless to wired network, to able to set up that meeting bridge and so on and on. So the policy and the flow are the key components that need to come together, the context, and that's what we think is going to be the next-generation control plane for the access network. And this is purely software-defined, as you all know. The controller, which houses the context, is programmable Layer 4-7. ClearPass is clearly a software platform. Interacting together, it is a very different view of the world than integrating wired and wireless at a switch, which is a very hardware-centric backwards-looking view, in our opinion. This layer is going to now interface with the infrastructure and the need, both wired and wireless, using open protocols. Today, we use protocols like Radius and tunneling techniques like GRE and VPN. In the future, we're going to use techniques like OpenFlow to interact with these devices as the devices themselves have become more software programmable.

And above this control plane is the interaction with the app layer. If you're Microsoft Lync, you use our context API to signal back quality of service. If you're bringing in your own personal device and you want to continue corporate apps, you'll use our application wrapping technique to secure that environment. And if you're using a third-party MDM, then we'll interact using MDM connector with these third-party MDM platforms. The point is, this control plane is the place where the strategic future of this company and where we think the access network is going to be headed. And the choice in the market is very clear. You can integrate wired and wireless and access network the old way, which is fixed VLAN-centric or port-centric, very hardware oriented ASICs are the name of the game in that world, Layer 2, Layer 3 based and highly proprietary. Or you could choose the future, which is mobility-centric, much more personalized, very software-centric, Layer 4-7 and policy and very open so that you can interact both with infrastructure and the applications. This is where we are going to be differentiated as we look to the future. Thank you very much. I think we are off to a break now.

Ben Gibson

We're running just a little bit behind. Actually, not by much. I was thinking we embody our theme around a lot of rich content information in a highly intense environment. And I know we packed a lot in this morning. I hope you took a lot out of that. So we're going to break for 10 minutes. We ask you to come back 10 minutes from now, then you're going to hear from 2 of our ClearPass customers and one of our top partners about this whole space we've been talking about. You're going to hear from Mike and I about the opportunity, how big is this opportunity that we're going after. And then we're going to hear from Mr. Galvin. So 10 minutes, back in this room. Thanks.


Ben Gibson

All right, we're going to get going again. So as I mentioned before we took a break, what we want to do next is bring together 2 of our customers and one of our great partners. And the topic is ClearPass and BYOD. This is a rapidly developing market. It's really been an area that as you saw from Keerti, we're really focused on in terms of innovation. And what I thought would be good to do is to hold together an esteemed group of panelists here, and why don't you come on up, the 3 of you? And want to talk a bit about ClearPass, how it's solving some problems and as well from a partner perspective, how this market is developing. So I'm starting in alphabetical order here, based on last name. So first, I have Paul Black here, President of Comm Solutions. Paul, thanks for joining us.

Unknown Attendee

Glad to the here. Comm Solutions is a value-added reseller that specializes basically in infrastructure. We do network security virtualization storage. Telephony and mobility is probably our largest practice area.

Ben Gibson

And Comm Solutions has been a great partner for us over the years. Gregg Chottiner, Gregg, welcome.

Unknown Attendee

I am the CIO of the Fashion Institute of Technology. It's about 20 blocks down 7th Avenue, and we are about a 10,000-student art and science school, kind of internationally known and we are very excited about the implementation of our Aruba environment and the ClearPass technology. And I guess as we get a chance to share some of our thoughts, we'll talk more about how ClearPass is helping us in the higher ed world, in some of our challenges.

Ben Gibson

And Sam Petreski. Sam, welcome.

Unknown Attendee

So I come from Corporate Executive Board, and we are a global company. We had about 26 global offices 'til July of last year and then we acquired another company, and our world has changed totally. Now, we have over 40 global offices. So managing all the wireless access, the network assets at all the different offices to make sure that we have a seamless access, it's been a challenge for us until we met Aruba.

Ben Gibson

That's good to hear. Well, gentlemen, have a seat, please. Maybe, Sam, I'll start with you. You had just mentioned, right, that you're acquiring companies, you have all these different branch locations. We talked earlier about there's employees inside the company, but there's a lot of outside coming in too. Maybe start with the environment that you are contending with in the past, particularly around secure access and what you've seen develop, what you've seen change and what headaches have been developing over the past few years as a result?

Unknown Attendee

So we had 2 major challenges that we were trying to address. Initially, we have a lot of our members or our customers that come into our offices for a day or few days of training and they need high-speed wireless access while on our premise. And so providing them with that access has been a challenge for how we manage those users. It used to be a generic user name and password that we shared with everybody and if somebody had a problem, then everybody got shut down and all the pain points that we usually experience with shared accounts. The significant issue for us was having all our employees be able to get high-speed Internet access with their personal devices while in the office. The corporate environment was mentioned. Well, we were okay on that area, but empowering our employees to have high-speed Internet was a challenge for us. And we started looking at what different solutions we could deploy to manage that. And my goal was to have 1 solution that could manage all the different environments that we had. And initially, we had a totally different vendor in mind that we were going to use when we started the project. And then accidentally, we got recommended to evaluate Aruba by one of our network engineers and we said, let's take a quick look. And we were impressed by the capabilities that were available.

Ben Gibson

It's a fortunate accident, I suppose. Hey, Greg, from your perspective, right? So your user base, right? Really leaning forward, right? Lots of students and the like. So the whole consumerization of IT is hitting your organization first before many others, right? So what were you contending with it in the past and what kind of changes were you seeing?

Unknown Attendee

Well, we had an existing wireless infrastructure by another company and it no longer would scale or it did not have any of the NAC services that we needed, so we had to use yet a third-party in that company to do a lot of our registration and reservations. And as I'd like to say, we used to torture our students and faculty trying to get onto the wireless network. We had captive portals, we had timeouts. When your device would go to sleep, you'd lose connectivity. And so it became just an unusable solution, so we did about a 3-month bake-off between several wireless vendors. And after doing all that with our network engineers and having some of our faculty and students involved, it became clearer and clearer that the Aruba solution was almost purpose-built for the higher ed space. One of the things, just listening this morning to all the capabilities of the ClearPass technology, makes it an almost perfect fit in the higher ed space. We need to register students, register faculty. We have lots of consultants on campus, lots of visitors. We have our board, have IT also rent space to people completely outside of the school. So we had to manage all of that type of guest access. So -- and we're just in the beginnings stages of our rollout. So one of the things I saw today are there's some great features of the technology that have just triggered some thoughts that we can now use and do things differently than we had anticipated probably a week ago. So we're just thinking unbelievable opportunities that ClearPass offers us. From the application layers and the role-based onboarding gives us all kinds of capabilities that we never would have had before.

Ben Gibson

Yes. So you just described that environment when Dom showed the 4 quadrants, right? All that growth, you already living in those other 3 quadrants, like a lot of other industries.

Unknown Attendee

We are. We have students bring every device known to man and woman onto the campus and expect to be able to use those things. And they come to us with the experience that they like is they walk into a Starbucks, open up their device and they usually get onto the wireless network. And they never quite understood why we can't give them that exact same environment. And now, we're getting very close to being able to do that.

Ben Gibson

So Paul, from your perspective, you've been a great partner of ours for years. What we're hearing here is there is a merging or fusion between wireless network and then how do you manage access in the control. And certainly, that was a key theme of what we talked about this morning. So if you think about the market that you're serving, how have you seen that develop over the past few years and why was this such a natural fit for you to work with us and extend into this Access Management business with ClearPass?

Unknown Attendee

Well, it is a natural fit and it's a natural control point. So being an Aruba partner and having engineers that are very well versed in the depths of what your solution can offer, it was a natural thing for us to move into. We did a lot of training to be able to deploy it because it's a complex solution. And we have seen tremendous growth in the last 3 quarters, each quarter the ClearPass revenue becomes a larger and larger slice of our overall Aruba business.

Ben Gibson

We're keeping you busy with it?

Unknown Attendee

Absolutely. And interestingly, hearing Gregg talk about how it's a perfect fit for higher ed, I would agree, but we also feel it's a perfect fit for hospital environments and retail environments and we have several major financials where it's a pretty good fit for it, too. So it's a very versatile solution.

Ben Gibson

So now the competitive side of me is going to come out and of course, as you're comfortable sharing, we talked about what you're contending with. So each one of you had to make a decision, Sam and Greg, in terms of some point, okay, I need a different answer for this space. And what I'd love for you to do is share more color in terms of what triggered that decision, maybe some more color around the evaluation process you went through, and ultimately, why you arrived at what I would, by its fashion statement, would be the right choice? Maybe Sam, start with you.

Unknown Attendee

Sure. What made us look into the different vendors was our existing NAC solution was end of life and so it was time for us to get one that was supported by the vendor, to get one that we could deploy throughout our offices and manage it centrally. We had an existing vendor, so the right choice for us was to consider just upgrading to the same vendor. We started doing an analysis to see what it would take for us to get upgraded to that current version that they offer and the biggest problem for us was when we did a full analysis, we had to change about half of our existing network infrastructure to support their solution. And that was a great shocker to all of us because all of our network equipment and the NAC was owned by the same vendor. And it seemed that when they upgraded to the next version of their software and their system, they require that you do a half overhaul of your network environment. So the cost was huge for us. When we looked at Aruba that was the first point that I asked, what else do we have to change in our network environment to get Aruba in place to just replace the NAC, the guest wireless and the BYOD network problem that we're trying to solve. We looked at that and we didn't have to replace a single network device in our environment. We had to do some software upgrades to get them up to the current version to support either to the 1x on some of the devices, but not a single device got replaced on our network. And we were able to deploy Aruba and work with all of that without any problems.

Ben Gibson

What Sam just raised is a really a key driver that we're seeing in the ClearPass business for us. It's being able to support heterogeneous environments. When you to think about -- and it creates a really interesting business opportunity for our partners as well because heterogeneous environments tend to have more sophistication and complexity that comes with that. So maybe Paul, from your perspective, right? So how was the value proposition of ClearPass and particularly based on what Sam just described, how are you seeing that kind of value proposition in the market and what's that creating for you in terms of incremental business opportunities?

Unknown Attendee

We definitely are. What Sam talked about is faced by many of our clients. Unless you've got a network that you've just recently installed, you're going to have to upgrade large components of it to go with the competitive solution, where the Aruba one is vendor agnostic and can slide into many different environments. And in fact, our sales have been varied like that. So we will sell Aruba into non-Aruba clients to do network access control for both wired and wireless.

Ben Gibson

That's going to be a key. Aruba, we're working very closely with partners like Comm Solutions, around training, around -- we see it as a great professional services opportunity and that's something that Mr. Kirby and I are going to be talking about in a bit. Greg, war stories, your decision.

Unknown Attendee

Lots of war stories.

Ben Gibson


Unknown Attendee

Our decision. Well, it was clear that our existing NAC and our existing wireless solution that at the time used a single channel architecture which, I guess, 5 or 6 years ago made sense, but it certainly didn't make sense in today's technology. So the opportunity to look at Aruba and the ClearPass solution and you get an integrated solution made it much easier, so my guys did not have to learn different iOSes and different protocols of all these different packages. So that was very powerful. The ability to keep our existing core infrastructure and where Cisco shopped routers and switches made it very good that the Aruba solutions just kind of slid right into the Cisco environment that we have in spite of all the comments that the Cisco folks made trying to sell their wireless solution to us. But everything has gone very well so far, and we're very happy with it. And I'm not sure if we're supposed to name names or anything but...

Ben Gibson

Whatever you're comfortable with.

Unknown Attendee

But we found that the ClearPass solution is much more advanced than the iSolution that Cisco has, that it is similar in ability, but it certainly hasn't gone to the level of detail that the ClearPass technology has. So that was very, very good for us also. But the worst of it was basically just been people just gave up using the wireless network in our environment because it was so poor. And we're finding with students and more faculty now nobody wants to plug a device in anymore, and most devices don't even have an Ethernet port anymore. So even in the dorm rooms, we're finding out that kids move their furniture in front of wire jacks and everything is streamed now. So wireless is the prevailing technology on the campus. It is the most important thing we can do because students hardly carry laptops anymore. And the only desktops they use are for very specialized or proprietary software that we have on our campus. But other than that, all they want to do is use their mobile devices. And one of the strengths of ClearPass is being able to manage that bandwidth because we'll have faculty who will come to me now and say, "I'd like you to shut Facebook off between 10 and 11 in my class. Can you do that?" Now we can actually do those sorts of things. But we don't like kids browsing or shopping on the Internet during a class. We can now actually lock those things down. So while the students aren't going to be thrilled with it, it's a great architecture and great technology.

Ben Gibson

There's a creative tension between faculty and students on that front. It's a great bringing of life to the context story that both Don and Keerti were talking about, being able to plot who you are as a user, what device you have, where are you in a classroom, what have you and then tying that back to what kind of applications. And I think that also ties it into what Cam was showing in that demo around being able to both identify and then enforce policies based off of that.

Sam, taking a look forward now, right? So maybe if you had your crystal ball out, what's keeping you up at night now? What kind of things are you thinking about that are still challenges for you, both how can Aruba, how can ClearPass sell -- maybe some things you'd like to see more from us?

Unknown Attendee

Certainly. So I'm going to take a step a little bit further back actually, for the assurance of how Aruba well was working -- kind of how well it was working in our environment was when my CIO took a trip to a few of our global offices a couple of weeks ago. He went from Roslyn to London to India to Sydney and back to Roslyn within a week's period. And when he came back, he stopped by my office and said, "I did not know that I went to a different office every other day. My personal phone, my laptop, everything worked as if I was in my office." That was the assurance that I needed to hear, that everything worked for him no matter where he went. All our offices are setup exactly the same. Our workforce is very mobile, and so empowering our users to be able to connect to the network without knowing which location they are at. I think it's a great tool that we can provide our employees. Now moving forward, one of the biggest things that I'm very excited for is the MDM solution, which was presented earlier today.

Ben Gibson

Now what's your reaction to what you saw?

Unknown Attendee

I wanted it yesterday. I think we definitely need that very, very soon. So going forward, I think we have currently a different MDM solution in place. We're going to be probably replacing that in the future. It makes no brain -- I mean, no reason for us to debate why we shouldn't be using the Aruba solution for the MDM as well. So kind of going forward, I think expanding into all of -- the rest of our offices and as we acquire companies, I think the ease of us deploying these new networks to all of those is going to be great.

Ben Gibson

Good. Well said, Sam. Greg, how about you? We talked about some things coming up, right? Was there anything that particularly piqued your interest or inspired you or made you think differently?

Unknown Attendee

I think the application, the awareness of the application of the ClearPass will be very powerful for us. Certainly, we are going to have to get our network engineers much more skilled in the abilities of ClearPass. Because I'm looking for the day very soon probably that our wired infrastructure will just expire over time, that it won't even be used any longer, that we'll be delivering all of our services and content via wireless APs up to and including our video surveillance system, that I'm not sure now once we tune our new Aruba environment that we won't be even needing those wires any longer. We can start doing some things in a much more quick and adaptable fashion than we do right now because we still invest a lot of time wiring lots of devices. And I'm looking forward to the day when we're not going to have to do that.

Ben Gibson

Yes. You raised an important point. It's something that we see. We see a vacuum in the market for technical training that bridges the gap between wireless and RF expertise. How do you secure in this -- not just the network, but the mobile device and more importantly, the applications and the data. How do you bring that all together, right, and from a skill set standpoint, right? So you, as CIO, when you look at it, there's been a lot of -- the vendors in our industry have driven a lot of product- and technology-specific training out there. What this is all about is connecting those dots between those silos, right? So 2 weeks ago, we're in Las Vegas at our AirHeads conference, and that's what we're trying to create here, both in our events, in our technical forums, in our training curriculum, to help accelerate that along, because it's one of the key challenges is how do you get that technical aptitude that connects the dots because they didn't have to be connected before. So I think it's an important point and something I know that we at Aruba are very focused on.

So Paul, take a look in the future. I'll warn you if you do it with any kind of numbers or financials, you're going to -- it's going to erupt in a bunch of other more specific questions. But maybe in general terms, right, where do you see this business going with connecting wireless as a business with ClearPass Access Management, some of the new stuff you saw today?

Unknown Attendee

Well, we couldn't be more excited about the opportunity. I think the presentations that we watched underplayed something, which is the connection between big data, smart cards, cellphones being the new customer loyalty cards and Aruba being a highway roll if that stuff works and ClearPass being a big part of that. That is going to be a huge market. It's a revolutionary way for people to connect with their clients while they're on-site. And even when they're on route to being on-site, being from Philadelphia, if you get within 3 miles of the stadium and you have one of the sports teams application, you get messages. Very powerful. And so what used to be a cost is now a tool for businesses to make money, certain businesses, and that's exciting. And not all of our historic Aruba customers have adopted ClearPass yet. So that's another huge opportunity for us.

Ben Gibson

One we enjoy hearing about.

Unknown Attendee


Ben Gibson

Good. Any closing thoughts, anything each of you would like to share with this audience here? It is a lot of folks that follow our company closely. Any thoughts from a perspective of being a customer of Aruba or as a key partner of ours that you'd like to share, any one of you?

Unknown Attendee

One of the -- and I mentioned it briefly before is, the ClearPass technology gives you opportunities to come up with new solutions that weren't even thought of before. And as the folks before were talking about the opportunities in the retail space to be able to personalize the delivery of information, that if you're in a different aisle, you get a different coupon. And I merely look at that from a student perspective. If we can now, during registration times, put a message out to students and let them know it's time to register, or there's some events going on in campus tonight, or you need to do something, what a great way for us to now get that information in a personalized way to these people that we never had that choice before or chance before. So it's opened up some thought processes that we didn't think about before.

Ben Gibson

Very good.

Unknown Attendee

The only remarks I have is I've just been so pleased with how easy it was to deploy the Aruba solution. I had it planned for a 3-month deployment across all of our organization, and we were able to accomplish that within a 2-month period. It just -- it was a huge impact, and it was very well received within our organization. I mean, within the first hour after we announced our BYOD network, I had 250 users get onboard. And I think that just speaks up about the quality of the product.

Ben Gibson

Very good. Paul?

Unknown Attendee

Yes. Well, as a reseller, this sort of ecosystem of products now allows us to be more of a strategic business partner to our clients as opposed to a vendor. And we'll collaborate with marketing departments now for certain uses for the ClearPass, and that's never really happened before in all sorts of other business units as well. So it integrates us more with the flow of our clients as opposed to just being a button they might push to buy a particular technology.

Ben Gibson

Excellent. Well put. So because we're running a little behind schedule, I know you folks probably have questions. Each of my panels have agreed they're going to be staying after during our lunchtime session. So I encourage you to ask questions at that point. I would open it up now, but we have to move along with our agenda. So again, you can seek them out after we're done with our formal agenda today.

So Paul, Greg, Sam, thank you very much for joining. Great information. Appreciate it. Thank you.

Unknown Attendee


Unknown Attendee

Thanks, Ben.

Ben Gibson

So what we want to talk about next is you heard from the customers' perspective how they've been able to realize the value of ClearPass. You heard from a partner of ours in terms of how they're tackling this opportunity. What I want to do now is provide some more color, some more details behind what this opportunity looks like for us. What it looks like for us, how we're scaling and building capacity within our field and channel organizations and our -- by extension, our channel partners, and then we want to bring it to life to you too. I can talk a lot about the opportunity. We want to talk more about fundamentally how do we, in the field, win business and how does everything you heard this morning in terms of vision, our new innovation, how does that manifest itself in terms of traction, customer wins in the field that's not just about deploying WiFi or not just about deploying ClearPass, but how you start to see this glue start to come together.

When I talked -- anyone can come up here and talk about these mega-trends that we're seeing in the market, right? Yes, there's lots of mobile devices, cloud-based computing and networking and applications are really driving to the forefront. BYOD is a huge trend, right? And mobile apps are exploding. What's interesting to me is how radically these dynamics are changing. If I were to stand up here 6 months ago or 1 year ago, I'd have a different story that was maybe about a 20% haircut off of what I'd stand up here and talk to you about. Eye-opening stats, like by this time -- by the time this year is through, there will be more mobile devices than people on earth. The one that I really like, that Aruba really likes, right, that there's an expectation over the next 5 years that smartphone data is going to increase eight-fold. So for every smartphone device you have -- today, it's averaging, per month, roughly 300 megabytes of data per month. That's going to increase 8x to 10x to close to 3 gigabytes per month of data. So not only are you seeing the explosion in terms of number of devices, but then we get exponential. And then we talk about -- and this is largely driven by video growth. And this data here, there's not too much that I enjoy that Cisco talks about. But actually, Cisco puts data out in the market. They call it their visual networking index where they measure these trends, and this is one I'll gladly embrace. And I think we're quite focused, more focused on grabbing this opportunity. We have that kind of exponential smartphone growth. When you see the data that's expected to go from -- to and from that device and the video traffic that's going to drive a lot of that, what that adds up to the expectation in the market by 2017, 21x of bytes of data, of all that data that's coming in, there's an expectation that, that amount of data is going to be offloaded to a WiFi network.

Now that could be offloaded via carry-your-own network, that could be offloaded via business-own network. But what I -- my message here is it's well-known that mobile devices are exploding. But the exponential opportunity that we're seeing, not only in quantity, but in the richness of the data that's going over these devices. I'd stand up here 6 months ago, I'd be giving you numbers that are a fair amount lower than that. So the market continues to surprise in terms of these mega-trends every time we peek under the covers and take a look.

Well understood that there's a cloud evolution going on. Maybe not as well understood that we closed last year that the total number of amount of IT spend for public cloud projects surpassed $100 billion. It's expected in 2013 that just with the U.S. government, it's expected to be approximately $9 billion in investment in cloud-based projects. And the part we like about that is that as we go through 2013, there'll be a 70% increase in cloud-based applications that are going to be accessed and exercised over these smartphones and other mobile devices.

So again, this is another, we believe, step in our direction. Again, it's another -- these numbers are a surprise compared to if I were to report a year ago what would the projections be for 2013, I wouldn't be putting up these kinds of numbers. So the rapid change we're seeing is happening faster than the analysts have predicted. It's happening faster than, candidly, we predicted. But for us, it puts a smile on our face.

Bring your own device, we've talked a lot about that this morning. As we enter 2014, depending on the report you look at, the average business user has over 3 devices per person, right? These devices coming in, right? You have your iPhone, you have your tablet. Many of the power users have their Android tablets and other devices. The diversity, as well as the sheer number of average devices coming in to the workplace because of this consumerization of IT that's really been led by these device trends, has really been compelling. And a year ago, that number is closer to 2 than the 3, depending on the projection you're looking at.

A year ago, probably about 20% or so in aggregate of the analysts' estimates of these devices were accessing business apps when they were employee-owned versus provisioned or owned by the business. That shot up to 40% now. We see no end in sight to that, continuing to go up. But part of that too that creates the headache that requires an aspirin is that there are studies out there that over half of the network breaches that happened within enterprise environments were due to personal devices that weren't secured properly. And then the tension, and we've talked about this with Sam and Greg, is how do you flip the model because these organizations in IT, they don't have the staff to keep up with that massive amount of new devices that are coming in, the massive increase in traffic, how do they provision that all? The old PC helpdesk model doesn't work. So you have this headache that's been created, potentially a migraine that needs some aspirin. And so BYOD is a well-understood phenomenon, I think. What maybe isn't and what continues to surprise is how rapid these trends keep on going.

And in this one, I think, is most interesting to me. I saw a stat out recently that there's an estimate within the next 5 years, there's an expectation in 2017, there will be 70 billion mobile app downloads, 10x the population of the earth. Right? That says to me we're just scratching the surface on this front. And if you -- many of you -- financial institutions, many of the large financial institutions employ thousands and thousands of application developers. Insurance companies, you're going through many different verticals, they're custom developing apps. So it's not just the ISP community that are racing towards how do you mobilize these apps, but it's also custom-based apps that are being developed within organizations to arm, say, an insurance agent to go out and transact in the field. So you have corporate and business apps served by the ISP community, you have custom-based apps. And then you have personal apps, and Greg talked about this, so you have social media apps and the like, the need too is all these apps flooding into the environment for all these new devices, how do you maintain visibility and control and even in that policy. So students aren't Facebooking when they should be learning, et cetera. So the volume that's coming in and then the pressure and the requirement of IT to have visibility, policy control and security for these applications. When you take these 4 things together, we, for a while, have been talking about the perfect storm. It continues to build for us from a mega-trend level.

So then the question is, how does that impact us in our market? And if we start with our core enterprise wireless LAN market, I'm going to go back to the beginning of January 2011, the forecast that came out from Dell'Oro Group. And Chris, if we had Dell'Oro Group, he used to be a financial analyst, a very sharp guy, puts a lot of science and analysis into this. At the time, he was projecting that this enterprise wireless LAN market was going to grow roughly 20%. So then 2011 happened, now granted off of a softer 2010. But in 2011, what did the market actually do? It grew in the mid-30s. So the market surprised and outperformed the projections. Okay. So then Dell'Oro, they take a look at it again. And they're, "Okay, we've got a bigger base now to work off of." Then they forecasted this market again. They said back at the beginning of 2012 that the expectation was roughly 18% or so for forward-looking growth for the enterprise wireless LAN market. Then 2012 happened. Then again, I attribute a lot of this -- there's a lot of rising tide, rises all boats here. Certainly. But again, the market outperformed by roughly $300 million. It grew roughly 23% over our forecast in roughly the 18% range.

So now we come to 2013. So Dell'Oro Group has taken a look at it again, and they're projecting roughly 17% to 18% growth again. Now I'm not going to put us all on yet because we're on that journey right now. But my message is that this market, and particularly with some of the dynamics that I just talked about, and more specifically, we talked about trials in 2013 and then moving into 2014 with 802.11ac, there's an upgrade demand that's going to be out there over the next couple of years. And that upgrade demand is being fueled by these mega-trends I just talked about, mobile devices, BYOD trends, shift towards more cloud computing-based applications, and then there's huge wave of new mobile apps that are being deployed out that have to be deployed out in a secure fashion. So my message to you here is, we believe that this market, we know it's outperformed forecast in the past. And I wouldn't say these Dell'Oro Group forecasts are overly conservative. I mean, this is becoming a big market, and it's a bigger number to grow off of. But the market has outperformed in the past. And our expectation is that it will continue to perform that way based on the mega-trends I talked about and based on, more specifically, some of the upgrade triggers that we'll see in this market.

But let's say, let's take the current Dell'Oro Group forecast for enterprise wireless LAN and service provider WiFi. Because one thing I know, there's a lot of questions out there in terms of, "Okay, how do we gauge this market?" And we talked a lot this morning about the service provider market, Layer 1 and 2 WiFi, Layer 4-7 WiFi that we really focused on. Dom talked this morning about this public-facing enterprise market that we see rapidly developing, of which, service providers we expect to be a key part of.

So this chart here shows the current standing Dell'Oro Group forecast for the enterprise wireless LAN and SP offload market. So the orange here -- have to choose the corporate color for this one, based on our ambitions, right? So this is the core enterprise wireless LAN market, right? By Dell'Oro's current projections, projected to grow roughly 18% in that range. And that gray bar there is a combination of the indoor- and outdoor-based SP WiFi business. So Dell'Oro takes a look at this based on their segmenting by product area, and then they're breaking out. And roughly today, in that gray bar, roughly half of that is considered indoor access points owned by a service provider deployed out, say, for hotspot, for access for emerging now managed services and the like, and the other half of that is outdoor WiFi gear.

Now that SP WiFi offload market, as Dell'Oro terms it here, is expected to grow faster than the overall enterprise wireless LAN market. So if you remember what we talked about this morning, when you look at this market and then you say, "Okay, so how do I size or how is Aruba playing this space?" So clearly, we're playing in this core space, and our focus is on differentiating with L4-7 WiFi, how do we provide a greater whole-offer value that brings together WiFi and ClearPass, this air access and apps. And we feel like we're in a strong position to be able to compete and gain share in that space.

But then the question is, if we're talking about this public-facing enterprise market and how we are pursuing the service provider market, the question is, okay, so how do you quantify that? How do you look at that? So what I want to share with you is how we look at that. And this is based on Dell'Oro's data and guidance in terms of how they expect not only this market to grow from a product standpoint but also based on some particular verticals.

So the anecdote I want to share here is this gray bar here. This gray bar represents, I think to date, a lot of what Dom termed a Layer 1 and 2 WiFi market. And the anecdote I want to share is I recall roughly 1 year ago, there was a very large carrier that was putting out to bid a rather large project for service provider WiFi for offload and hotspots, right? And it was kind of like an auction. And it was kind of -- it would have reminded you of a home auction with foreclosed properties and the like. But here's what happened, after that first deployment happened, I think what happened was the market demanded, and the demands on that infrastructure happened. And that same carrier came back to us and they're already a strong channel partner of ours, they came back to us and they say, "Hey, we have to rethink what we're doing here." And in different words, they've said, "We need some more of that Layer 4-7 value behind this." Because for us to monetize this infrastructure and deliver more profitable services, they need differentiated capabilities for that network. So that's my anecdote to describe what we are increasingly seeing is what we're calling this public-facing enterprise market.

So what have I done with this overlay? If you recall that gray bar there, what we're doing is we're capturing here and quantifying that the indoor segment of this service provider market that Dell'Oro has forecasted, we see that certainly as part of what we would call public-facing enterprise. Increasingly, we would expect that maybe it's not just service provider-owned, more owned by the business. But then there are some key verticals out there. And there are some key verticals like the retail market, like the hospitality market. Any customer or environment where the greatest volume of users that they're dealing with is not their employees but their customers, and you combine that with businesses that have a large number of branch locations, even thousands of those.

So to date, if you look at that -- and the dynamic within those organizations is the IT staff. Again, they're not getting bigger to be able to support a lot of these new demands. In some cases, unfortunately, they're getting really squeezed, right? The service providers in this space see an opportunity to come in and deliver that type of value, right? So WiFi as a service, right? And you've seen some movement in this direction. We believe, and this is the core message that Dom talked about earlier today around public-facing enterprise, that our value proposition behind whether it be a large number of locations where a retailer wants to provide that customer personal experience, we do a lot within our WiFi infrastructure as described this morning to make that happen. A service provider likes that, and it's essentially a new channel to market where an IT department may not be able to reach. It's also a great opportunity for our channel partners as well in this space to operate as MSPs in this space.

So that's the market today, and this is based both off of Dell'Oro guidance, as well as our projection over the next 5 years, how this public-facing enterprise market can grow from currently as we estimate over $0.5 billion to over $1.5 billion over the next 5 years. That would be a growth rate that would outpace the Dell'Oro projection for the market right now. And as a reminder, it's one that we expect, with all the trends that we're seeing in the market, we expect to continue -- the market will continue to surprise on that front.

We talked a lot about ClearPass this morning. We talked a lot about where we're taking that platform, the value behind fusing together network value, the device and how you manage and secure the device and the data and the applications and how do you set policies and control based off of that. I think what's well understood is we have a well-measured enterprise wireless LAN market. In 2012, that closed roughly at $3.5 billion. There's a measurement for the NAC market. But as Dom talked about this morning, this $0.25 billion market was by and large based off of yesterday's wired based NAC implementation where you have policy -- we have enforcement and security on the client device and then you have yesterday's NAC solutions.

This third blue category here, that stands for mobile enterprise management. So firm IDC has projected in this space, it's close to $1 billion this year. And let me explain what that is. So if you take our core business and obviously, we're focused on delivering a lot of differentiated value there. And the question always is, "Okay, what's the opportunity for ClearPass?" My message here on this chart is we believe ClearPass is $1 billion plus opportunity for us. I say that not specifically because there is a solidified third-party analyst measure that says, "Okay, this is the ClearPass market." Because this market is changing so rapidly, everything I talked about over the last 10 minutes is changing so rapidly, these silos are breaking down. IT investment is catching up to that. What I can tell you is, based on both analysts' projection as well as our judgment on this, is this wired fixed-based NAC market of $0.25 billion, we believe can approach $1 billion in of itself within the next 4 years.

What I can tell you based off of IDC is mobile enterprise management, what does that measure? That's taking a look at, okay, all these mobile devices out there starts at base tactical level with MDM solutions in that market where there's definitely expected growth in that space. But the strategic part of that play is not managing the device, but managing the applications and data. The strategic play for us is to be able to manage that with policy controlled with the context that we provide, and as Cam shows you in the demos, connecting that network context to how you can then secure and apply policies to all of these applications that are flooding into these business environments. That market, as currently understood today, is expected to go from -- closing on $1 billion to $1.75-plus billion plus in 2016. So my message, based on this slide, is we expect strong differentiation and market share. We're going after that market share in this enterprise wireless LAN space, both with our core value proposition, as well as what I talked about with the public-facing enterprise space where we think we have the unique position based on what we do well already, and we think that's where the hockey puck is -- we're skating to where the hockey puck is going towards there. The NAC market, as it transforms into a mobility-centric NAC market, and then the expected IT spend. And where is this IT spend today? It could be in PC helpdesk, talked to major enterprise customers, so they're spending millions and millions on the PC helpdesk model. CIOs and IT professionals are looking for how do you shift that spend over to a different area.

So that's the message I want to leave you here with. I can't give you the very specific ClearPass market TAM. But what I can give you is how is that money being spent today in logical areas within IT, the expectation both on outside firms, as well as our own judgment on where it's going and then back together, we believe will be $1 billion plus opportunity for ClearPass. And then when you glue those together, I think where it gets really interesting is when you glue together how ClearPass pulls through WiFi from Aruba, given our value prop and vice versa.

The last thing I want to leave you with before I invite Mike Kirby up is based on all these innovations, how we've expanded this portfolio, the concept of their access apps. I'm going to quote Gartner Group here. I've been in this network industry for a long time. Networking vendors always long to have relevance with CIOs like Greg, that we had up here earlier, right? It's something we're always pushing for, right? Recently Gartner put out a report and something we'll make available to you. The report was recommendations to the CIO and the enterprise architect, and these aren't titles that networking vendors traditionally talk to, whether you be a company that starts with C or not. It's simply put, not an audience you get time with every day. But the record -- first of all, Gartner recommended, trends. First trend that they recommended all their client base be very cognizant of is don't treat -- you must treat mobility as an ecosystem and stop attacking all these dynamics and these headaches in silo fashion. If you continue to be over-reliant on legacy technologies that you have to invest to maintain, you're never going to break away and look at next generation solutions that break down these silos like between mobile device applications, how do you secure and then how do you deliver the infrastructure with network over the air to make it all happen.

The other trend that they pointed out is as an organization, you have to have a mobile decision framework. It requires -- there's a new -- I have a title Chief Marketing Officer, CMO. The more interesting title out there for me is Chief Mobility Officer. There are -- increasingly out there you've seen in the market IT organizations organizing around the mobility services function to bring this all together and to start thinking that the people that they're bringing in our system-level thinkers, that are thinking about, "Okay, what's this data? Where is it going? Should it be out in the cloud? How do you connect this in? How do I arm our field agents with this? How do I set policy and control based off of that?" These are all questions that can't be solved in yesterday's silos.

And then focus on the data. I was recently having lunch with a recently retired CIO of Network Appliance. And she said, "Yes, the air is really important. Access is critical. Applications, tell me about the data, right?" And Gartner's telling their folks this. And so focus on mobile data, how do you take that from fixed architectures to mobile and how do you deliver, keeping in mind, all the considerations around privacy concerns and the like, as well as security concerns to bring that to market.

So then what excites me is Gartner recommended 5 high-priority projects for enterprises in 2013. One, have a project around mobile management, not just the device but the applications, how do you get those provisioned out to your workers. Two, have a project that looks at what applications do you need to mobilize, whether it be in-house or whether it be procured through the ISP community and define how those will be used. Three, make darn sure you have a mobility-centric identity and security strategy in place. Four, establish BYOD policies. There are many, many, many more organizations, many more compared to those that do that haven't defined this yet for their organizations because it differs a lot. There's no template that you can necessarily put here. And then the fifth one that, of course, warms our heart, deploy pervasive wireless LANs. Let me tell you, being in the networking industry for close to 20 years, we have these kind of architectural recommendations right around mobile application development, mobile management and deploy pervasive wireless LANs, that's not company that a networking vendor is used to be in league with. But we are now, according to the stellar report.

And I think the message here is whether it be around mobile management, in each of these cases, we may not have the comprehensive answer, but we do have an interesting conversation. And particularly, based off of what Keerti was talking about of how we're establishing ClearPass as a platform, how we can take our crown jewels of our context, who you are, what applications you use and et cetera, how can we empower those new mobile apps that need to be developed? Open up all sorts of new policies and capabilities, applications that shouldn't be used while moving if you're a UPS truck driver, right? Restrict access to this user if you're in a classroom. Lots of different capabilities that while we may not have the whole answer, we have an awfully interesting aspect to bring to the table.

Mobile identity and security. We clearly see ClearPass as a key part of this conversation for that. Our challenge is having more of that kind of dialogue out there in the market. We think there's a lot of interesting ways we can help further along an organization's journey to establish BYOD policies. And, of course, we think we have a pretty quick and good answer to help customers that may not have the pervasive wireless LAN coverage with the right application-centric approach that brings us all altogether.

So that's what I want to talk about in terms of this opportunity. We think it's very interesting. We think the market dynamics are headed in our direction, and it's not just me saying this in my role at Aruba. We're seeing these trends starting to happen, and what's rewarding for us is we're starting to see that being echoed back and we're starting to see our relevance in this space plugged in to some broader conversations that we, as a company, in the past, weren't used to having.

So with that, I wanted to invite up my esteemed colleague, Mike Kirby, and the topic is capacity. So given all this opportunity I've talked about, how are we attacking it? So, Mike, take it away.

Michael Kirby

Thank you, Ben. Good afternoon. We're going to talk about some customer wins that I think are important because they will show trends in the market and how the market is evolving. But before we get there, I thought I'd leave you with a couple of thoughts about how we're aligning our global field organization to be able to support our strategic initiatives.

As in the past, we will continue to hire sales teams, teams are salesmen, SEs, channel people, inside sales reps. We're going to continue to expand that as we've traditionally done. But we've begun to focus these teams on the larger enterprise -- or I'm sorry, the larger opportunities. And the big deals that are out there are -- there's a lot of them. And I want to make sure that my sales teams are looking and are working those big opportunities, and I would address the rest of the market in other ways.

We have now put a service provider sales organization into every theater. Theater is, of course, being North America, South America, EMEA and abg. And the product portfolio that we have today is so broad that we can't have our SEs be generous anymore. So we're driving some specialization into our SE core to make sure that they continue to be the experts in whichever piece of our product portfolio they're involved with.

We're going to continue to invest and expand our channel coverage. And for our client partners, we have really invested in the field resources supporting them. We have actually medallions or silver, gold, platinum partners. We've increased that capacity 25% in the last 3 quarters, and that's a very good trend. We will continue to do that. That's a big source of extending our sales organization and sourcing new opportunities for us. And we've now -- we've also put in place some tools and capability to be able to make sure that our partners are closer to our business and have the ability to leverage our business and their business to bring the right solutions to customers.

We have also embarked on a complete 0-touch sales model for the mid-market. We have an Instant product line that I'm sure you are aware of. It is perfect for this market. And now if we open up the right DMRs and we put in programs to be able to get now the authorized and unauthorized, then let me just quick explanation of that. An authorized partner is not a medallion partner. They don't do enough business with us to certify for a medallion. However, they do need, at some point in time, wireless solutions. They may come to us on a regular basis, but not for huge volumes. Unauthorized is that partner who doesn't know where to go for a WiFi solution. So when they reach for one, I want them reaching for Aruba. And these are the kinds of programs we've put in place to be able to drive that level of awareness.

We've talked a lot about ClearPass today. And ClearPass presents a very -- presents me with a very interesting challenge in the sense that our ClearPass pipeline is growing faster than any product we've ever introduced. The problem is this software, when you bring it to a customer to make this solutions work, takes professional services. And there is no way that we, internally, can build a professional service capacity to be able to convert that rising pipeline in the revenue. So we've decided that we're going to use partners and partners only, pretty much, you have to be in a unique circumstance first not to use a partner to provide the professional services to make that installation successful. To do that, we've done several innovative things, I think. We've taken multiple levels of training, not like anything we've ever done before. We hold boot camps, if you come out of a boot camp, you are prepared to be able to go into a -- and implement a ClearPass implementation and be successful.

We have workshops. If you make it through the workshop, not everybody does the first time, you could probably be considered an expert here. We have even taken it to the point where we're exceeding our partner base by contracting some of their employees, bringing them on as our contractor, so they're working side-by-side with our field teams to be able to get the experience of implementing ClearPass solutions.

And then ultimately, we put those back out into that partner base, so they can build their practices around this. We've had a lot of partner success here, and our partners are now finding the -- a new revenue of opportunity for these professional services. They train their people. We have incentives inside of our sales organization to make sure that they get deployments.

And finally, we back this up with a global team that is -- that are considered experts that are our employees to be able to help our partners be successful with those implementations.

Okay. So now, Ben?

Ben Gibson

Thanks, Mike. So what Mike just went through is how we're adding capacity. To remind you and then we've already put this up here, here what we see is 5 key growth initiatives for us as we pursue over the next year, differentiating going for market share, taking share with our different adjacent layered ports [ph] with Layer 4-7 WiFi, right, move in 2011 with our value proposition on wired access.

With ClearPass, I talked about this opportunity with ClearPass. If you recall that chart, I showed there's this emerging mobility-centric NAC market that we expect to grow to be roughly $1 million. That blue that I showed, there are a lot of MDM vendors that play in that space. Our goal is to enable them with our context we can provide, right? An there's a lot of spend happening in that space that we believe we can get stickiness with that.

So that may not necessarily be a market we attack frontally, but it's an area that we can enable and then together with connecting the value of what we do with the network, the value -- what we do with ClearPass as platform with that, we think opens up a lot of interesting growth opportunity for us. There's how we accelerate into the mid-market with Instant and then there's a service provider WiFi market and how we choose to attack it based on how we see the market develop.

So what Mike and I thought we'd do now is share some examples that capture -- it may not be particularly lining just one of these because the more these kind of connect, I think, the more interesting the business becomes. So we want to share some recent customer wins that we've seen in the market around this front.

So let's start. Mike, talk about this one.

Michael Kirby

Yes. So this is actually -- I consider them a technology company and they had a wireless network. The problem that happened was they started to bring in new applications, primarily, video applications. And these new applications were not working well over their existing network. So it pushed them into a evaluation. We showed them our -- what we do, the whole 4-7 thing. Really progressive customers get this. They tested, we work way better, and then they replaced the old network. Just as simple as that.

Ben Gibson

Yes. Next one here financial services.

Michael Kirby

Oh sorry. The reason we're going -- I'm going to talk about this one is because here's the situation where, again, this BYOD problem forces IT to search for a solution. And as they search for the solution, there's not a lot of companies that can do this. We rise to the top with our ClearPass solution, and then it forces a different conversation. And now, a company -- this particular company who had a long-standing relationship with their incumbent vendor, not only do they want to make the ClearPass decision, they dragged along a complete refresh of the WLAN decision. And the point being is that our ClearPass solution dragged all the infrastructure decision with it. And we see this as a major trend for us.

Ben Gibson

One comment threaded these last 2, the need to have reliable high-performance Microsoft Lync performance over mobile devices. So this is something that Keerti talked a lot about earlier. And I'll tell you in the history of mobile unified communications in WiFi, if I were talking to you 5 years ago, one was considered to be slowing down the other, both in terms of potentially performance as well as slowing down in terms of deal progress for this.

My message on Lync, we're seeing this more and more across different verticals, including these last 2 examples. The demand was there from the top down. Hey, I want mobile, you see the work where Microsoft Lync shop. We're in a rather unique position being the only WiFi vendor certified for Microsoft Lync because of what we do around L4-7 differentiation to be able to deliver that kind of performance. And that proves itself out when we do bake-offs, improve some concepts.

Michael Kirby

So the applications are breaking the existing wireless networks.

Ben Gibson


Michael Kirby

They have to look for an alternative. This one is another interesting company in the sense that they are a long-standing customer of ours. By the way, they don't use our wired products, but they absolutely had some security issues with their existing net products. They took a look at our, again, ClearPass solution and the NAC piece of that, and we differentiated ourselves in an evaluation. The key for us though is it took us 2 or 3 years to bring this large customer to several million -- of total spend of $7 million. The ClearPass implementation was just shy of a 7-figure implementation. So it offers us huge opportunity inside our existing installed base as well.

Ben Gibson

Now, it's a story like Sam's, right, being able to play ClearPass. In this case, it's all for wired NAC issue with a different vendor. It's a good story.

Michael Kirby

The punchline of this one is the university go to install a network. They're -- what they have in their mind is they want connectivity. And so they go out and they buy -- if you're just looking for connectivity, that's commodity WiFi thinking. And you will go out and get the commodity WiFi vendor. And then you will install that vendor and realize that your WiFi network just doesn't work. It doesn't handle density. It has no concept of identity. It is just trying to build a big hotspot. These networks are too complex. And so they had to go back and they did another evaluation, and we replaced the commodity company.

Ben Gibson

Good. So this next example, I talked a little bit earlier about K-12. So this whole concept of the next generation classroom, right, where I shared with you earlier, there's been a lot of in-classroom investments taking textbooks online, tablet proliferation and the like. Now the demand is the infrastructure has to catch up with that. There's a lot of new legislative requirements in many different states, right, where classrooms for instance, all students need to be able to take tests online. There's a lot of drivers that are now powering the need for the deploying pervasive wireless LAN. While this is a very large school district in the Midwest that we recently won, in this case the controller base solution because of the size and the ambitions of the school district to do a lot of interesting application-centric capabilities in the future. But what I love about it too is it's not only wireless LAN, but we're seeing more and more in markets like K-12 pull through for a switching portfolio. Where we see a lot of opportunity, right, to ship a port for POE and other advanced capabilities along with that access point that's going out. So we see a deal multiplier here, right, that starts with wireless LAN with switching, but also some interesting. And it's not been booked or purchased yet, but with ClearPass, they got some interesting ideas based on what they can do with our infrastructure.

Michael Kirby

This particular venue, we've been talking about public-facing WiFi, and that's changing as well. I mean when -- a couple of years ago when some of these decisions were going -- were happening for stadiums and arenas and these kinds of things. Again, people are thinking, "I just need -- all I need to do is provide WiFi, just connect." And it's a commodity thinking. And they actually made the decision for us. The key and the change here is that once they got it in and they realized, "Hey, if you just offer everybody connectivity in a situation like this one, where 1 in every 3 attendees is looking for some information on their device." You can't just offer blanket coverage like that. So what they've done is, and what we're allowing them to do, is provide a level of service or class of service to different people inside of the venue, we're very good at higher density, and now they use WiFi as a tool. The special services for season ticket holders, ordering beverage and food at your seat, even to the point where they pointed it outside into the parking lot, so they can get people through the turnstiles faster. And overall, look at how they leverage their WiFi infrastructure to enable a better fan experience, as well as make their business or venue more efficiently.

Ben Gibson

Yes. To me, this is the ultimate aggregation of all the key themes we talked about. High-density, application-centric, proliferation of video, all of these things, I think, come together in this one. So who's hungry?

Michael Kirby

Then change some things. So this is a fast food restaurant chain. And same themes, right? They had a PCI compliance problem, and that forced them -- it was for rogue AP detection and it forced them to go out and do an evaluation for a very secure infrastructure. During that, we did an evaluation, we won, and they installed it. But now, they're looking at it completely different. They solved the PCI compliance thing, but they've got some pretty forward thinking people in their IT organization and now they're going to use it to change the way they do business. They're going to save money and do training over the WiFi infrastructure, they're going to run the business over the WiFi infrastructure. They're going to have to deliver all new kinds of customer services over the WiFi infrastructure including advertising at the table, ordering at the table without a server, and of course, paying at the table without having to go to a cash register. So they're now taking this, and again, rather than look for a commodity type of thing, use this as a tool to make the restaurant chain run better and have a better customer experience.

Ben Gibson

Mike, well put. Thanks.

So hopefully, what you saw here was -- I showed these growth initiatives, differentiate with L4-7 WiFi, what we're doing with switching, what we're doing with ClearPass. If you think about each one of those examples to the degree, Mike and I's job is to help customers recognize the value of the combination of several of these key areas, right? And it's Mike's job to go out there and sell that combined value. And we're starting to see more and more like this, where it's not just about WiFi, it's WiFi plus ClearPass. It's WiFi plus switching in the K-12 example and the like.

So that's what we wanted to cover today. We just want to close with a brief video. Again, we're in Las Vegas 2 weeks ago. We want to capture not just us talking about customer examples, but a few of our key customers and why Aruba. That's the question we asked them. So with that, roll the video.


Michael M. Galvin

Good afternoon, everyone. Afternoon now. You've heard a very content-rich morning on Aruba's attacking mobility, and we're attacking the access layer of the network. So what I want to do is give a finance update as the almost final session of the day.

So let's look at some of the figures. I'm going to give you a little bit of a history, just our recent operating history, and then I'll talk a little bit about the near-term model and how we're looking at things.

So the first chart here is something, I think, everybody in the room is very familiar with, which is our revenue performance. And you see the last few fiscal years, they're on the left. And the main point there, we just want to say, obviously, we've been very proud of the growth. And really, if you look at the year-to-date 2013 bar, we're just very happy with the way the year has started, right? We've done about $300 million in the first half of this fiscal year and got it off to a good start.

On the right side is the quarterly revenue. And really, the main point there is just the linear growth we've been showing for really about 3 years now and the strength in that. You heard a lot today about what we think about growth in our opportunity, and it had to do with our traditional WLAN space, the fact that we added switches. You've heard a lot about ClearPass, you've heard a lot about Instant, including in this last video, and you've also heard about service provider WiFi and the channel that, that can deliver for us. So a lot of good thoughts on revenue and the way that we're attacking the market and the breadth that we're attacking the market with.

So gross margin. Again, a chart that we're very happy with. We've shown sustained improvement there. You can see in the first half of this year, we've continued to build on that. And it really talks about differentiation, innovation that we're putting into the product and our ability to compete on a price basis in the marketplace. And we've talked a lot over the last year or 2 about the positives going on in gross margin. We've got -- we've had a continued strong evolution of our access points and controllers. There's been talk over the years about commoditization and things like that. And really, as we went from abg to 11n, and we look forward to 11ac, the gross margin profile of that traditional WLAN space has been strong with the differentiation we've been putting into it.

We've talked a lot about ClearPass and software. That's obviously a good element for our gross margin.

And then we've got other things. We've got our switches, which are more of a negative pull on the gross margin. Great product for the company, but again, part of what balances that out. We've got international revenue, which is growing, and that carries a lower gross margin. So we map all these things together, but really, the recent historical picture we feel very good about it and the way we're attacking the market.

So to move into the OpEx lines and how we're investing in the business. This first one here you can see is R&D, and what we've done over the last few years. And you can see in the first half of this year, we've actually upped the percentage, and we're really kind of operating in that 15% to 16% range. And R&D is the one line that we've consistently said we're going to get the least leverage from, if you will, from a percentage revenue standpoint in the near term. And the reason for that is we absolutely believe the return on that investment is real, and it's right there in front of us. And it first shows up in the gross margin performance in the differentiation that we drive. And with the percentage going up in the first half of this year, I think you can get a flavor of that with the breadth of our platform that we just went through for several hours. There's nobody else out there that's presenting the breadth of the platform in the way that we're attacking the market, and that's a direct reflection there on that investment line.

And again, we think it's all about ROI, and we think the ROI on the gross margin, and then ultimately, obviously, on the bottom line is what we're going after.

So sales and marketing. So kind of the inverse of R&D. Sales and marketing is the main OpEx line where we've said we would continue to get leverage and pursue leverage. You heard Mike Kirby earlier talk about our investment profile and what we're doing in the sales organization. And the key theme that you heard there was we are investing, we're still investing in feet on the street, we'll keep doing that, but we are really investing in channel leverage. The key parts of the channel leverage whether it's the mid-market, whether it's significant investment you saw on some of these numbers in the service provider channel and what that can do for us.

So we keep the investment. We keep it focused towards the highly leveraged areas, and again, this is an area of sales and marketing, where we -- you can see the continued improvement, including the first half of this year, where we plan to continue to invest in the right spots but try to deliver leverage.

So G&A. A good progression down into the kind of 5% to 6% range. That is an area that we've kind of we've talked about we're, in our near-term model, we're roughly in the spot that we expect to be. In any given quarter, these are yearly pictures. I talked about -- you can get some variance in any given quarter. Professional service fees make up a big part of that G&A line whether it's legal, compliance, accounting, tax, all that sexy stuff. In -- it's in that line. And so you can get some variability quarter-to-quarter, but clearly, we've shown the leverage there. We continue to invest in the infrastructure, and it's really about all investing in that infrastructure to scale. And we're going to continue to do that, but again, pretty good results on the G&A line.

So those are the individual investment lines. So look at total OpEx as a percentage of revenue, okay? In any given quarter, even any given few quarter trend, we're making trade-offs all the time on what's important. And I think you guys -- the amount of content you saw this morning gives you a picture of that. So -- but I think part of my job, part of Dom's job, is as we weigh those investments and as we attack areas we need to attack, in any given quarter, any of those OpEx lines can move up and down quarter-to-quarter. But really, on a trended basis, what we've said is we want to add leverage to the model. We've also said that leverage would slow down in the near term because of the investments we're making, but we've stuck behind continuing to add that leverage on a gradual basis. And again, if you look at the first half of fiscal '13, I think we're delivered on that.

So it all rolls up to operating margin. And it really -- it's simple picture everybody knows, but you deliver on the gross margin, you manage your investments appropriately and you try to deliver good results in the operating margin line. Again, like total OpEx as a percentage of revenue, what we've talked about here is continued improvement, but we've also talked about the near-term investment and what we can get out of that investment. And so we've moderated that growth, if you will, and we've -- we very specifically gone after the things that we think set us up for 1, 2, 3 years down the road, and we'll continue to have that picture as we go forward.

So that -- those are some basic metrics, a lot of numbers everybody's familiar with in our recent history.

So let's talk about the near-term model and the way we're thinking about it. If you recall a year ago, for the first time, I kind of introduced this near-term operating model, right, to really get into the near horizon of the way we're trying to operate and what we're trying to do. On the gross margin line, and I'm defining this as basically the balance of this fiscal year and next fiscal year. So the gross margin, like we talked about, has been doing well, obviously of late. The near-term model of last year has been 70% to 72%. This is a tick-up from that, showing our confidence in the way that the gross margin's been performing.

With that, you guys -- you can see, if you just track our product gross margin quarter-to-quarter, there's variability there. It's not a perfect -- up into the right line. There's a variability quarter-to-quarter there, and we always have to manage through that, whether it's product mix or geographic mix. But nonetheless, a very good performance on gross margin. And we're going to take that near-term model up 71% to 73%.

R&D I talked about, and I talked about the sustained investment there. Now a year ago, we talked a lot about 14% to 15% and kind of the higher end of that range where you guys can see both through acquisition and through organic investment. We've been really delivering in the 15% to 16% range. We're going to stay in that range for the near-term. So that is up in that investment level from really what we talked about a year ago.

Sales and marketing, you've seen the leverage there. This near-term range reflects a gradual improvement in that leverage. We've been largely -- the last year plus, we've been kind of in the 30% to 31% range. So what we're saying here is to continue to drive that leverage with the right investments in that line and go to 29% to 31%.

And then G&A, like we said, is kind of in the range that we're looking at for the near term.

So the operating margin. The last year, we've been dealing with the -- we've been guiding you guys, if you will, to about a -- about a 20% to 22% margin, okay? Because of the combination of effects that I just talked about, we're up in the bottom into that range a little bit, okay? We're getting a little more confident in the 21%. The 22% is staying where it's at for the near term, and that's really because of those investments that I talked about. And that's a near-term model, but I can tell you that those investments, if we continue to do it correctly, we feel very good about the gross margin and what we can continue to deliver there. And then ultimately, that does show up in leverage in the bottom line, okay? You've got to make these near-term and long-term trade-offs, and we think it absolutely does show up starting ultimately with the gross margin and then down through the bottom line.

So that's the near-term model update, the way the company is looking at the P&L.

A few other planning assumptions that was all above the line stuff. One item below the line. So you know in this last year we started out the year guiding to 28% on the tax line. We are now at 26%, and that's largely in our last quarterly earnings release we had -- Congress passed the R&D credit extension, which had gone dormant all through FY '12. So we had a onetime catch-up there for the past really, 5 quarters. So it was a benefit, which takes this year's rate to 26%. But without the FY '12 catch-up, our rate really for this year is 27% to 28%. So I'm holding that range for this near-term model. As we've talked about, the key drivers there are international mix of revenue, meaning that's a good thing. The more that grows relative to -- and ultimately, it's really profitability. But if your international revenue is growing faster, that ultimately can be a good thing for the rate. And then the use for the R&D tax credits. There's both federal credits and state of California credits. And kind of the amount and the pace at which you can use those credits does vary year-to-year. And so those can be big drivers on the rate.

So I mentioned briefly the R&D line. You guys have seen we continue to do investments and acquisitions. There's no reason to think we won't keep doing that. There -- we continue to look for kind of best-of-breed products and engineers that fit well within the stack. You can see the complexity and the breadth of our platform and what it's doing, okay? So there's a lot going on out there. There's a lot of opportunity. We're going to continue to do that. So the R&D line grows both organically and through acquisition. I'll talk a little bit about cash, but we've got a very strong currency and cash now. We've got a strong currency in stock. So we'll use both.

Consistent headcount growth. And what I mean by consistent is really, if you just look at -- let's look at the last couple of years quarter-by-quarter, kind of rolling quarter averages, et cetera. We're going to continue to invest. I mean, that's -- headcount is a large percentage of our OpEx line. And as we invest there, the headcount is going to -- we're going to continue to invest there in the right spots, in the right quarters, for the right reasons.

And then effective use of cash. Okay? So the -- our cash position, I'll show a graph here in a second, has been very strong. It's, we think, testament to the operating model, et cetera. And it is becoming a more robust currency for us in terms of what we have. So absolutely, it becomes a better currency for us on acquisitions. We've got all of our organic investments. And as you guys know, we've been doing a buyback for about 3 quarters. So we've spent about $50 million on our stock buyback. Balancing those out every quarter and what the right, appropriate use is for, we'll do on an every-90-day basis. But we'll do it effectively and where the cash is best used.

So just on cash, a couple of simple charts here, again recent history and then what we've done year-to-date. You can see the cash flow from ops. The first half of the year is just very robust. Very, very strong number that we're very happy with. And then we're over $400 million on the balance sheet now. We have no debt. And the $400 million obviously includes $50 million that we spent on the buyback. So still a very good position.

So that's an update, a recent picture of our history and a little bit of flavor about the near-term model. And with that, I think I'm going to hand it over to Dom for some final comments before the Q&A, I guess.

Dominic P. Orr

Thank you. So appreciate your patience that we've put up a lot of information to accentuate the differentiated position of our company in our core space of enterprise secured large-scale wireless LAN. We highlighted a couple of killer apps, I think, coming. I think, well, the business in the near term is going to be driven significantly by supporting with the Layer 4-7 feature on unified communication rollout and the new BYOD and the new Mobile Edge access policy evolution, capturing this new, emerging TAM for the mobile NAC. So those probably would be the key growth driver. We highlight -- we highlighted that in MOVE 2013, the key thing is combining the millions of mobility state flow space on our Layer 4-7 engine, couple with the policy management platform of ClearPass and create a combined structure that going forward in the next several years, will become a basis of our control point for the mobile etch policy management and enforcement system. With that, we're going to open up southbound communication protocol through OpenFlow and other mobile, proprietary, value-added Layer 4-7 communication structures to enable a software-defined network infrastructure for the edge, just like SDN has been happening in a data center. And northbound, we're opening up this platform to let all server-based and cloud-based applications that are relevant in this -- in the various area of location, customer analytics, mobile device management and so on, to really have the use cases to drive the software-defined network engine. And that is going to be a significant architectural development in the industry, and this vis-à-vis our largest incumbent, which we believe are going the wrong path of integrating at the box level in the wiring closet. And that is going to be the strategic wall we're going to set up for the next several years, and MOVE 2013 is a year 1 of that battle. We will hopefully look for to a year after we have given you the update of that -- on that front.

In the meantime, we identified additional growth area. We mentioned the fact that Aruba Instant has been very successful in supporting our distributed enterprise branch office deployment. We're now seeing as part of the HybridControl architecture is starting to build up a pipeline for managed service for this monstrous scale distributed hybrid hotspot environment. We emphasize the fact that we are not in the carrier infrastructure business. We are not even in the public-facing enterprise business. We are not going after the Layer 2 part of the business. We are significantly focusing on expanding our reach and grab and -- of market share in those environment where the managed service provider and the property owner value what is not just the WiFi signal but what is actually carry on top of those signals in terms of creating new customer loyalty program, user interaction and user statistics for the e-commerce over those environments.

And with that, I want to conclude with one thing. Last year, when we ran this venue, for those of you who might remember, we had some either horses or Formula 1 car or whatever you remember that going through a bend, and we're saying that we're going through a bend. We -- a lot of you might have questions, "Are you on the straight now?" And I can tell you that obviously, we are not going to do our guidance beyond the next quarter for you here. But however, in a -- for indication of our revenue momentum that we judge is our project pipeline. Project pipeline, both in the area of large-scale MOVE architecture-oriented campus LAN and ClearPass-oriented access management project, have never been better before in the history of the company. So I'm very bullish on the fact that all of the elements that we've put in place last year executed correctly and in very full speed motion.

Having said that, I want to moderate that perspective with 2 considerations that I have. One is we still do not have clear visibility about the European macro environment. And so I am gauging the European pipeline with cautions that I would not be using for the Americas and Asia-Pacific pipeline, number one. Number two is we are still watching the development of the federal sequestration environment. So far, our project -- our programs have not been impacted. But if this thing goes on for a longer period of time, anything can happen. So those are the 2 moderations I want put on top of my very, very bullish and -- perspective on our execution and the project pipelines that we're building.

With that, I like to invite my colleagues back up on the stage and give you a choice of questions or lunch. Yes, Mark. How are we going to do this? Do we have a mic to pass on? Okay. Okay. Thank you.

Question-and-Answer Session

Unknown Attendee

Okay. Thank you, gentlemen. I would like to focus on the additive value of ClearPass and Aruba Instant in terms of how you see the top line growth rate for Aruba, considering most people are thinking mid-teens. It sounds like it's going to be generally be better than that. But more importantly, maybe the multiplier effect of ClearPass. You've started to see the higher attach rates with ClearPass driving access points and controllers. What is that multiplier effect now? And what do you think it will be in the future? And then as it relates to that, if ClearPass and all the other things work really well for you, it should be additive to your gross margins, modules and all those things. Would you see a natural gross margin lift over the longer term as well?

Dominic P. Orr

Let me take this first and you guys can comment. Obviously, I'd -- will not comment on the top line beyond the next quarter. But we definitely see the ClearPass contributions to be additive. As we mentioned in previous interactions, a portion of our ClearPass opportunity is into non-Aruba environment. Basically, we're using it to penetrate kind of hostile territories. But for the installed base or complete solution of ClearPass plus Aruba infrastructure, the multiplier is about every $1 of ClearPass, roughly somewhere between 2x and 3x Aruba gear, depending on deals, okay? And regarding gross margin contribution, it is definitely our strategic intent to increase -- if you look at our control point platform, it is really server-based, virtual machine-based software or cloud-based software, and our high-performance controller carrying those millions of mobility state throughout. So those tend to be higher margin, obviously. And so if the business model evolve along that line, then the long-term perspective is definitely, we will aspire to a high gross margin.

Unknown Executive

Yes, in a -- the mic. In a simplistic sense, the more successful ClearPass is, the better it is for gross margin. I mean, it's that simple. And it's just a matter of the other dynamics we have. We never want to say we don't want to switch to be successful, we want to switch to be successful, things like that. But there's no question. The more successful ClearPass is, it's a good thing for gross margin.

Dominic P. Orr

That's actually a balancing effect. We're actually seeing for accounts where customer really take the software-defined network view and use the new platform to control access, they actually -- we actually have a better pull in our other components other than wireless and the remote access and the mobility switches as well. I'm actually seeing -- starting to see that happening now. So internally, I've been telling everybody the more successful we are in wireless, the more wired solution actually Aruba is going to provide because we now -- we now, as the hamburger provider, we can supply the fries.

Unknown Attendee

Yes, a question for Ben and Mike. During the channel commentary, channel leverage commentary, I didn't hear any mention of OEMs, whereas a few years ago, that was a key part of the leverage -- channel leverage strategy. Could you give us an update on both Dell and Alcatel and what the trend line is looking like? Is it becoming less important as the overall -- as a percentage of the overall business? And where do you see it going over time?

Ben Gibson

I would just comment that it's not as important as it used to be.

Michael Kirby

In terms of relative size, obviously they have some significant projects that we still engage with them.

Unknown Attendee


Michael Kirby

Yes. So I would say if you look at both our OEM partners, their core business is not mobility driven. I mean, we are mobility driven. They are part of our portfolio. And if you look at the center of gravity of their business and center of gravity of our business, we just grew relatively faster than our OEM partners.

Ehud A. Gelblum - Morgan Stanley, Research Division

[indiscernible] Ehud from Morgan Stanley. Dom, I would like to go through some of the stuff that Keerti was showing and the demos that you were giving and talk a little bit MDM and MAM. One question. When somebody is using these containerized applications, email, browser, et cetera, is there a state that's saved when they go off the network and then use that device later? Or once they are on the network and they -- they're using corporate information, what happens to that information once they walk out of the building or leave WiFi? And the reason I'm curious about that is where do the MDM solutions that you seem to be partnering with the AirWatches and MobileIrons, et cetera, where do they end and where do you begin? And is there a blurring of that line to the point where you might actually acquire one, one day, they might actually -- I mean, does it become a single solution as opposed to now it seems those are 2 solutions inside the building and out the building? Can you just help understand how that matures, advances 2, 3 years in this MDM, MAM world?

Keerti Melkote

Sure. In terms of the container it sells, the policy -- it's basically controlled by policy. So in terms of making it work indoors, location is important to the policy and you can make applications and a subset of applications work, based on where you are, not just from an indoor-outdoor perspective but even within -- when you're indoors, micro location. A specific cardinal zone, for example, or if you're in an aisle in a specific grocery store, you can make applications that sensitive. And to do that, you need the network to cooperate because the network is the place that you get the location information indoors. Outdoors, you can rely on GPS, but -- and the device will just get GPS signals and figure out where you are. But once you go into the door, GPS doesn't work anymore. And so indoor location becomes a pretty important trigger. The other important trigger, there's 2 more, that are network centric. Another one is QoS. Apps that are in the container are, by definition, business apps. And they can be given higher priority than the personal apps that are outside of the container. So there's a direct relation to as traffic comes from the container out into the network, it can talk to the Aruba WiFi network and improve the priority of that. The third tie-in is application VPNs. We showed you the use case of being able to tie you back to the corporate data center in a very seamless way. If you look at the current crop of MDM players, they're focus on the device and not the network side of the device. It's focused on managing the device, the cameras and all these other components of the device. But that's the opening that we saw as a hole that we needed to go fill. And we are going to enable that through our container in our product with ClearPass. And those network-aware components, which are uniquely differentiated in the market, we're going to make available through APIs through our MDM partners as well. So -- and where the market is going, in my opinion, is they'll be a sliver of the market that will rely on a class of features that I would call horizontally applicable across the markets, and we'll participate in that. But there are certain verticals which have unique needs, health care, retail. There's a bunch of verticals that have very unique needs around applications. And the specialist vendors will tend to focus there. They're big markets in and of themselves. So where it goes, I think, in the future is some amount of horizontal MDM, MAM functionality will be built into our platforms. Specialization will be through the MDM vendors. As to whether we'll acquire one of these guys in the feature, I can't speculate for now. We'll see what happens.

Dominic P. Orr

So I just want to make it clear that we do not have an MDM product, and we do not intend to -- some of the reference implementation might be good enough to a lot of customer, but they are available as a feature on ClearPass. And so we don't have a business model around that. We -- my philosophy is there are so many people doing very good work in the MDM area out there, we will benefit to enable all of them to get our platform information and let them have more enhanced features and let them through ClearPass as a platform going forward. That will be, I think, overall much more beneficial for Aruba. At least that's our current thinking.

Ryan Hutchinson - Lazard Capital Markets LLC, Research Division

So just -- this is Ryan Hutchison, Lazard. So just as a follow-up to that question then, and it's pretty clear that you're not charging for additional module or anything like that. Is that correct? Okay.

Keerti Melkote

That is correct, we are not. It's going to be part of the fees, yes.

Ryan Hutchinson - Lazard Capital Markets LLC, Research Division

Okay, great. Okay. And then just on the 7200 platform, can you just provide any additional color on if that's -- if you're seeing an upgrade opportunity across the mobility controllers in the field as a result?

Ben Gibson

Absolutely. And it's -- the initial installations that we have been very successful. It's a very successful rollout. And I think that customers, when budget's available, will begin an upgrade. The 6000, its predecessor, is 7 years old, so.

Dominic P. Orr


William H. Choi - Janney Montgomery Scott LLC, Research Division

Okay. Bill Choi at Janney. I'm trying to bridge what seems to me to be a little bit of a gap between all these positive commentary about ClearPass, $1 billion opportunity, singularly the best ramping product in our history, period. Fine, no revenue guidance. But at least gross margin, you upped it a little bit to 71% to 73%. But there's a lot of gray area between it being really meaningful and driving gross margins much higher and kind of what seems to be again, deemphasized in terms of financial models. So can we get a little bit closer to how relevant is this near term? And I guess one concern is that if the pipeline is growing like a weed, but the conversion rate is really the problem, yes, how do we bridge that gap? I mean, can you give us some sense of where exactly we are in that capacity to implement this so that we don't lose any of this opportunity? And then I have one follow-up question.

Dominic P. Orr

So first of all, we have to leave some room for you to do your job. So you have to understand that for -- I was talking to some of your colleagues. ClearPass is a very comprehensive system. The Policy Manager and the profiler, we have sales cycle as short as 3 weeks. Three weeks, okay? And then you have the onboarding and all that. And the sales cycle is longer not because the technology is complex, because we are talking about, if you recall, in the beginning off the top that organized -- IT organization are siloed. And our observation is the rate at which ClearPass will be absorbed is as fast as the CIO is willing to rapidly reorganize. Because now, we're touching network infrastructure department, server administration, desktop department and security, the 4 departments. And sometimes, there are more visionary company that say that "I really need to do reshuffle and create a mobility department and a cloud service department." And once they do that, then the line of authority, the spending authorization goes quickly. If not, it will remain a pilot. So why we are getting into all this traction in this project? We -- or for the larger project, we have to help, actually be a consultative force for -- and that is actually one of the big value for transformation of the organization. In fact, to that purpose, we actually set up a CIO advisory forum, and that's going to kick off a lot of people. Large company CIOs are very interested because it involves realigning not only the departmental boundary, training, skill set and also how do you budget. Some line item is actually obsolete. Some new line item need to be developed to address the issue and who -- and then who owns the new line item. And the -- and so there's a lot of reorganization, so -- going on. And finally, even though we successfully implemented ClearPass in a certain environment, we charge -- remember, a lot of the ClearPass revenue is charged by per device and per user capability and so on. So you go in and you let it grow with the organization. So the fact that you have a good win in pilot that is significant, very sticky, would just mean that you have secure a multi-quarter, multiyear revenue stream as the deployment grow. And so that is really the -- some of the dynamics that is happening.

William H. Choi - Janney Montgomery Scott LLC, Research Division

I mean, can you even update us on the number of pilots that are going on? I think the last update was at least 6 months ago, and that was 1,000 plus. And I guess the 2-month deployment cycle seems -- I mean, depending on the size of the project could arguably be kind of long. Can you -- is there any way to shorten that? Can you make it into an appliance of easier module setups? I don't know. Can you -- is there anything specifically you can do?

Dominic P. Orr

What you're getting -- okay, are we getting to the kind that we talked about, "I will take 60 days for any projects?" Because sometimes, it takes that long to let the PO travel from one end of the department to the other. So I'd -- I have no answer for you to make it less than 60 days. But you have a second question.

William H. Choi - Janney Montgomery Scott LLC, Research Division

Yes, I -- the last thing I want to understand was in terms of ClearPass as an enforcement engine, since it is an overlay, what are you missing by applying ClearPass in a non-Aruba environment versus your own environment with your controller? What would ultimately pull your infrastructure in? What will be the...

Keerti Melkote

Yes, that's a good question actually. So the -- when we enforce policies on, let's say, a Cisco box, we can only articulate policies to the Cisco box in language that it understands, which is VLANs. Cisco doesn't understand users, devices, applications. And the VLANs need to be manually structured. So we can derive a policy. We can do all the crunching of the policy in ClearPass and say at the end of the day, we need to tell the Cisco switch, here is the VLAN you're going to put this particular device or user on. And that manual configuration that is needed on the VLAN side is where things get painful, right? And therefore, people -- what people end up doing is either not implementing the sophisticated policies because it's too painful to set up or making a change. And when the pain becomes big enough that they need to make a change, that's where they'd start to look at the Aruba infrastructure. I gave you the example of the guest user on their guest iPad trying to use the Apple TV. You can't do that on a Cisco infrastructure. So the more such use cases come along, the more compelling it becomes to just swap the infrastructure out.

Erik Suppiger - JMP Securities LLC, Research Division

This is Erik Suppiger with JMP. Two things. One, ClearPass is clearly the topic du jour. Can you help us in terms of just gauging the success? When are you going to start breaking it out? Or what kind of metrics can you give us to gauge your success over the course of the next year? Then secondly, Cisco is making an aggressive push with the cloud-based services. What are you doing with Instant to compete more from a cloud management perspective?

Keerti Melkote

So do you want to...

Unknown Executive

Yes, so we don't have any near-term plans to break out ClearPass. We've been pretty consistent with that in our history with regards to AirWave and other products that we've introduced. We do tend to sell the platform, and the products tend to morph into that over time. It's something that if it ever took on a life of its own and really became just a distinct entity, we'd be more prone to do that. But right now, we see -- we talk about it a lot as it's compelling in terms of a leading sale item and what that revenue can do and what that gross margin can do, but it's just as compelling terms of what it pulls in terms of WLAN, et cetera. So we view it still as a part of the platform, and so we don't have any near-term plans to break it out. And I guess it was about cloud.

Dominic P. Orr

So as -- regarding the Meraki acquisition, if you just read Cisco's script, they make it very clear that they made the acquisition to target SMB. And that is SMB 2.0 because SMB 1.0 is something called Linksys, yes. And so this is their second attempt. So I'd -- I await to see their 2.0 attempt. And obviously, we have our R&D plan to address that market. As I mentioned, our plan to attack the mid-size market is actually launching next year, next fiscal year. We obviously have all kinds of preparation work under -- on the way. We look forward to updating you in future quarters.

Unknown Executive

Yes, it's a combination of the R&D effort. And it's also -- Mike touched on this -- Cisco go-to-market strategy. Yes we go with that. Mike touched on what we're doing with direct marketers in terms of partner base and how we expand that out. How you go to market is more marketing led because you're going more one too many. So part of that strategy is obviously the whole offered piece of it in terms of what we're developing. An equal partner to that is obviously how we go to market in a very channel-leveraged way. So that's a key part of our thinking for that.

Dominic P. Orr

So this is a very unique acquisition for Cisco compared to the last 15 years, is typically Cisco buy a technology company, pluck it into their either enterprise service, private go-to-market engine and just crank it. Now they buy a platform that they do not have a go-to-market engine for. And they have proven, in fact, they have a broken go-to-market engine for -- in the release 1.0. So this is -- so that's why I say I want to see how Meraki under Cisco has a better go-to-market engine because that doesn't exist in Cisco at this moment.

Unknown Executive

And we only have time for one more question. But remember, management will be available afterwards as long as you need.

Sanjiv R. Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division

Sanjiv Wadhwani with Stifel. So Ben, a question for you. I know you've put up a lot of charts out there, but can you talk about the core enterprise wireless LAN market? What's the expected growth rate over the next 5 years? I think it was 16% or 18%. I don't know whether I caught that number accurately. And within that context, if let's say it's 16% to 18%, Dom I know you had spoken about re-acceleration and growth rate over the last 12 months. How do you sort of bridge the gap between that 16% to 18% to north of 20%? I understand ClearPass is part of that. But can you just talk about how do you sort of bridge that gap? And then broadly on ClearPass, I know you've talked about $1 billion-plus opportunity. But can you just boil it down? Let's say if you come into my enterprise, greenfield opportunity, there's no wireless LAN. If you're putting in Aruba infrastructure, how much of ClearPass can you layer on top of that just to give us an idea of what the opportunities on a per customer or a per deployment basis?

Dominic P. Orr

So first of all, how big is your organization? How many users? And how big is your IT budget for mobility?

Sanjiv R. Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division

Yes, I don't know. But...

Dominic P. Orr

Forget about the [indiscernible].

Sanjiv R. Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division

But we have, I think, like 60 or 70 branches and 5,000-plus employees. Well...

Dominic P. Orr

Okay, we'll see you later afterwards. But I'll...

Unknown Executive

He's very focused. I mean, just to start, so I've studied Dell'Oro's figures. And basically, whether it be Dell'Oro, who I think does a very good job in measuring this market, they consensus third-party analyst view is somewhere in that 16% to 18% range right now. My message was given all these macro trends that are happening, the history over the last 2 years -- not by the fault of the analysts that are looking at this space but I just think things are moving faster than they're traditionally used to measure and can lead, in some cases, the way we're traditionally using that -- I used to measure them. So the third-party consensus is roughly that 16% to 18% range to the core enterprise wireless LAN market. My point was last 2 years when I was -- expectation 2 years ago of 20%, it ended up growing up -- growing in the 30s. Last year's expectation was in the high teens. It ended up growing in 23%-plus range. And now, we're in 2013, right? Their forecast has been revised, right? Now it's in that roughly 17%, 18% range, depending on who you look at. But we don't see these mega trends slowing down. And then there's the question of how we perform within that. And so that's my message, that it surprised in the past and potentially can surprise again in terms of what the on-the-record rate is versus with these trends, what it can become.

Dominic P. Orr

So as far as growth is concerned -- you still remember that pancake slide, right -- that basically, the differentiated Layer 4-7 campus wireless LAN is our main kind of flagship and we intend to gain share in that area. But with that, the MOVE architecture actually draw in the remote access and the wire access components. So that builds on top of the growth rate. And then ClearPass track us in the piece of the future NAC, not the backward-looking NAC business, right? And then we're saying that starting next fiscal year, we are going to have the mid-tier Aruba Instant accessible market with cloud-based management. And then the -- a very exciting development that we believe we will gain significant market share is the public-facing enterprise where you have the hybrid architecture. So those are the key growth driver. So it's going to be -- it's -- if I walk into a greenfield environment like in your shop, there are 4, 5 questions I ask any IT director, and I would very much if you could introduce me to him or her. So that would be do your people move around? Do they just work at their desk? Or do they really work in multiple places? Is security a very strong -- and compliance a strong requirement in your area? Do you have a distributed environment? Do you have people in -- IT staff in all your environment? Is -- do you buy -- willing to unleash your branch offices, deployments and so on independent of headcount? Would you appreciate it? And do you have BYOD issues? Do you have a BYOD policy? And finally, what is your inclination to do unified communication and not just desktop and conference unified communication? Do you want to move it to mobile clients? And if he or she answer 2 or 3 of the 5 question in positive, win.

Unknown Attendee

[indiscernible] $100 in infrastructure or $10 in [indiscernible]?

Dominic P. Orr

We're not doing product line breakdown, sorry.

Unknown Attendee

Yes, but I'm just trying -- I think it's more of a general question in terms of okay, if you're spending $100 and -- on infrastructure and if you answer yes to all those 5 questions, what is the ClearPass opportunity within that environment?

Unknown Executive

And did you say at the beginning, the environment did not have wireless?

Unknown Attendee


Unknown Executive

See, it didn't even have wireless, yes. So it's completely...

Keerti Melkote

Yes, I mean, so ClearPass, typically we measure it in terms of number of devices that are managed. And anywhere from $1 to $3 per device per year is an average subscription price for that. There's -- if you do perpetual, it comes down a little bit more than that depending on what modules, the BYOD modules, and so on that you purchase. That's independent of any infrastructure that you put in. And then infrastructure would be correlated in the same way that Dom mentioned, which is 2x to 3x depending on what's the...

Dominic P. Orr

Yes, it's -- the reason that it's very hard is because see, it really vary. What we can say is that we look into our pipeline and tell -- and quote each deal that has both ClearPass and Aruba kind of a network element together. I just quoted the range is for every dollar ClearPass, $2 to $3 of Aruba gear. That is the initial quotation at least. Well, that's what happens into our -- the Once you get in, either people will grow in it because they need more density coverage, so they had more AP, or they -- the APs' accounts are okay and they grow in number of devices and guest access and so on. So it goes both way once he gets in.

Unknown Executive

All right. Who's hungry? All right, thank you very much.

Dominic P. Orr

Thank you again for...

Copyright policy: All transcripts on this site are the copyright of Seeking Alpha. However, we view them as an important resource for bloggers and journalists, and are excited to contribute to the democratization of financial information on the Internet. (Until now investors have had to pay thousands of dollars in subscription fees for transcripts.) So our reproduction policy is as follows: You may quote up to 400 words of any transcript on the condition that you attribute the transcript to Seeking Alpha and either link to the original transcript or to All other use is prohibited.


If you have any additional questions about our online transcripts, please contact us at: Thank you!