Aruba Networks, Inc. (ARUN)
March 28, 2012 8:00 am ET
Ben Gibson - Chief Marketing Officer
Dominic P. Orr - Chairman, Chief Executive Officer, President and Chairman of Corporate Development Committee
Unknown Executive -
Hitesh Sheth - Chief Operating Officer
Keerti Melkote - Co-Founder, Chief Technology Officer and Director
John Turner -
Michael Wiley -
Michael Kirby - Vice President of Worldwide Sales
Michael M. Galvin - Chief Financial Officer and Principal Accounting Officer
Mark Sue - RBC Capital Markets, LLC, Research Division
Jeffrey T. Kvaal - Barclays Capital, Research Division
Sanjiv Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division
Welcome to 2012 Analyst Conference. My name is Ben Gibson. I'm the Chief Marketing Officer at Aruba. Again, welcome and happy to have you join us here today. The theme for today [indiscernible] the BYOD enterprise. You're going to be [indiscernible] this morning about the bring-your-own-device phenomenon and the impact on the market, impact [indiscernible] in those 2 stops [indiscernible] of customers [indiscernible] market dynamic around bring-your-own-device, it's impact and requirements for the wireless LAN market. And the broadening of our portfolio and how we help solve our customer problems is something that we're really getting validated just realtime recently. So with all of our recent meetings with our customers and partners with our conference [indiscernible] So without further ado, first, safe harbor statement. You'll see it there. For the full list, you can [indiscernible] SEC. Briefly, on the agenda for today. So we have a full type of agenda for this morning. First, [indiscernible] Dominic Orr, who's going to be talking for building the BYOD enterprise. You'll be hearing from Hitesh too, talking about how we have broadened [indiscernible] how we work with customers, the architect for the BYOD phenomenon. We have 2 gentlemen that are very [indiscernible]. All right.
So webcasting here too. [indiscernible] Download [ph] customers with us today [indiscernible] and Mike Bradley with Google. Then we're doing a little [indiscernible] are going to freshen things up a bit about how [indiscernible] this morning [indiscernible] how we win in the market and how [indiscernible] guidance with the finance update. And of course, we'll save at the end for questions and answers.
So without further ado, I'd like to welcome Dominic Orr on the stage. Dom?
Dominic P. Orr
Hello. Thank you so much for spending time with us this morning. This is a particularly meaningful conference for us. Last month, we just had our [indiscernible] as a company. As I've told you, this is a long time for a company that's in our industry and we [indiscernible] through the past 10 years, a company that's formed on the [indiscernible] announcing its internal platform, and also announcing significant [indiscernible] promoting a [indiscernible] first, well, I'm not moving and I'm seeing an antenna, so...
[indiscernible] Switch it off.
First, the so-called fast access point has become thin, and I'll spend some energy to explain to you on that. The second is widespread adaptation of 802.11n technology and it's much more than speed that we're talking about here. And then thirdly, way beyond our expectation, 7.5 years of the company was formed in the years [ph] of this consumer platform. The explosion of mobile devices to this -- initially by the introduction of our top platforms [indiscernible] cloud to the network than the original Centrino platform. Those are the 3 big record-making events that happened. So [indiscernible] access point staying in the consumption of the consumer, really, wasn't an important event. Two years ago when laptop was getting wireless connection, a lot of wireless corporation refused to adopt the wireless LAN because of security, because of manageability, because of scanning, because of mobility and so on so because of its capability [ph]. A product system that's basically a router, and you are having hundreds on routers that are staying [indiscernible] and connected to one another, trying to troubleshoot it [ph], okay? And this have [ph] incredibly unmanageable configuration. So one of our surprise in America to introduce [indiscernible] on design, and the fact the security aspect, the manageability aspect, the troubleshooting aspect and the mobility aspect into a centralized device called mobility controller. And more of that controller to a network design plan, where it is logical [indiscernible] on top of the physical infrastructure world of so-called VLAN and IP-domain intersect shared, but you do need to touch the LAN network to [indiscernible] That was the fundamental new concept and [indiscernible] access point category.
Now 12 years or more [indiscernible] have explained to you, whereas now, given we have more power to the access point. So now, we have enough persons that will move [indiscernible] from the controller back to the access point just to keep up with the traffic. And let me explain that inside the access point and in the path of the wireless traffic until it hits the [indiscernible], what's happening there, really, data capture, transformation and processing function. That is the control function. That's the [indiscernible] that will control the air, controlling the access, controlling the device at the interactive device with the access point.
And then the start, the management function associated with the upgrading of the cold troubleshooting, diagnostic and so on. So with that -- what we in the industry call the data plane, the control plane and the management plane, okay?
Now as the processing time inside the access point increase by Moore's Law, there's a corresponding dramatic increase of the speed of communication, the number of radio that is embedded in the access point, and the amount of devices and each access point has to handle, and that in and of itself pretty much consumed a lot -- all of those processing power. In addition, there are increasingly communicative [ph] functions, the access point needed to do to monitor the air for intrusion, et cetera, et cetera, that is more of a control function. So you will see over time, there is pushing now of some of this function into the access point. And in theory, to make the access point stick again. So into this world, we're seeing, in effect, going back and forth, so [indiscernible] however, it is generally agreed by everybody who design the network the manageability aspect of the system has to be centralized.
A good portion of the multi-axis point coordinating function has to be centralized. But as much as we can have the processing power in the access point handle it or the data processing function, you want to stay close to the air. In a single access point control function, you want to stay in the air. I'll give you more simple example. If you're going to run -- if a few of your friends start a taxi service, okay, and you have 3 cars, and you say, how do I -- I'm driving, and suddenly, I saw a customer and I can call up the other guy and say, "Can you go pick this guy up?" And you cannot do it when you have 2 or 3 taxis. Well, we know that ultimately, you will need a dispatcher, right? When I said that you have a -- you run a 50-taxi company, 100-taxi company, you know you need a dispatcher, 3-taxi company, you probably say, "I can do it peer to peer." Where do you stop and having to say that, "Hey, I'm not going to have my driver be the dispatcher. Let my driver be a driver. So let the dispatcher dispatch," right? And there is nothing fundamentally different when you design a network, right?
So the fundamental question about the controller system is not whether there will or will not be a controller. It's whether that controls function, depending on the scale and configuration and be embedded somewhat in the access point, embedded in a dedicated controller, embedded in the cloud, embedded in the wire infrastructure, but it's also all legitimate configuration and questions. So let us make it clear. There has to be control and management in the function. The day of the front [ph] access point is over.
Remember, 11n. I think it was 3 times that happened -- that made in the Western [ph] industry. And by the way, we have a recent Users Conference of our top users in Las Vegas, and there are 400, 500 customers gathered there. And I asked the [indiscernible] how many of them have migrated to 11n, a little less than 50% raised their hand. So the larger your network, the slower the migration time, right? So there's a lot of people still starting to migrate 11n. And why is this such an important thing? 11n, gives us 3 things. Well, first of all, it give us 9x the speed of the abg access. Well, the second is because of its multipath function. It gives us incredible more resiliency. Okay, for example, the issue we have with that transmit of the microphone because there's column here. If it's an 11n technology, the multi-path nature can pick up the signal, bounce off within the path, whereas the traditional abg single-path technology could not, right? So that resiliency is what enables us to support a all-wireless application as compared to wireless just as an option to wire network.
Thirdly is there's a lot more frequency to choose from and really, was the first, to pioneer the technology called band-stealing. For example, there's a lot of noisy device on a certain band, in 2.4, we can steal all your voice communication to a 5-gigahertz band and without your device knowing it. So rather than give us the spectrum of bandwidth to choose from -- and that is why fundamentally, we believe 11n technology is going to be the bedrock for wireless data and voice and multimedia network for many years to come.
Now the third component that makes a significant mark for the last decade was the explosion of mobile devices, and then there's 3 consequences. A laptop and a desktop is fundamentally a data transaction device. You use it to check e-mail, to check your SAP applications, your ERP and so on. A mobile device is fundamentally multimedia first and data's second, and that dramatically increase the load on that wireless network.
The second is the demand of reliability on a wireless network imposed on by Android and Apple iOS device is dramatically low than a laptop because a laptop fundamentally assumes that you have a basic Internet connection with a Wi-Fi as an option. After iOS and Android devices, there's a -- give you 2 options, wireline or wireless, it is -- what I mean is -- if you have a tablet, the primary connection is Wi-Fi, and you have a backup connection on cellular. If you have a smartphone, your connection is cellular and your back-up off-load connection is Wi-Fi.
That means you can no longer rely on 15 years of resilient network design on the wire infrastructure, other than the fact that it helped you to backhaul your wireless traffic. Your first hop into the network has to be now dramatically improved in resiliency, and that caused totally different structure for enterprise-class wireless vendor. The fact that the -- a shift in mobile devices really separate out the classes of vendor that can provide Wi-Fi for the enterprise.
And then lastly is density. In the laptop era, in a room like that, probably the connect ratio is 0.8 device per user. Nowadays, it's very likely -- it's 2.5, right? And I jokingly say that one thing that you can count on is anything Apple introduce will make you buy another device and not replace it, another thing, anything that you have. So you ended up just carry an extra device. And when those device is in your pocket even when they are not transmitting is creating a lot of chatter, and that drastically change the way you design your network. So those really are the fundamental forces that have shaped our industry the last 12 years.
So let's look forward, what are the next 3 big things? What we need, the 3 big things going forward is bring-your-own client devices, BYOD, which is a big theme for the conference today. Second is because of cloud computing and explosion of mobile devices and the BYOD nature of those devices are, at least, good portion of them, the fundamental network security architecture is irrevocably changed. There's no turning back. Third is that it continues to be ours [ph] as well as magic technique to accommodate all those new resilient to the multimedia requirements of wireless. And those were the 3 area of innovation and architectural changes that you will see. And the combination of those 3, and how a firm exploit it, is going to determine who emerge to be the leaders and winner for the next-generation access network.
So let’s talk about client devices. This is a quick slide to show you that last 30 years and until 2005, the make-up of computing platform that generate traffic that is into the enterprise. Up to 2005, approximately 96%, 98% of the devices, the traffic is generated independent of brand under the hood by Samsung or Windows Intel platform, and that's a well-known fact. Also well-known is the fact that you extrapolate -- not extrapolate, look at the mix 4 years of this chart, where within 2 years and 2.5 years, that 98% dropped to 50%. As of the end of last year, only 50% of the devices support a Microsoft Intel environment, and we expect that trend will somewhat continue. But the more interesting thing to note is even within the Microsoft category -- but first of all, Intel will continue to drop. But within the Microsoft category, you will sub-divide it. It's no longer just Windows, right? So it's Windows Mobile 15, 7, 8 [ph] , and so on. So the point is it becomes highly heterogeneous after 13, 20 years of homogeneity. And that is a very, very important point to bear in mind as we progress in the talk.
So lastly, impact of the workflow in an IT organization. The upper part of this chart shows you the traditional workflow and where money are spent in the IT organization within the engineering operations and help desk department. So you have rigorous vendor technology selection in 3 major category. You want -- you select the desktop technology configuration, you select your voice technology and your soft network, and you select your network architecture and technology, and that is a very rigid technical engineering architectural effort. And then once you selected the vendor and the architecture approach, you operationalize it, where you lockdown some of the network configuration, you lockdown, you decide which is the operating environment, what service pack and so on. And then you roll it out, you freeze it. And you roll it out throughout that move out and changes and provisioning of new devices for new employees. And generally, this cycle is a very expensive cycle and companies lock until at least 3, 4 years, if not, longer. Some companies lock on this to 5, 7 years, no change. When you drop to a BYOD environment, the arrow is changed. [indiscernible] These have no pay. You get what the company decided that is the configurers [ph] give you. And before you receive that laptop or desktop, you have designed some policy of how to use it for a lot of environment. Now in the newer model, [indiscernible] because they want particularly most of -- the pioneer user tend to be the [indiscernible]. They bring their Christmas gifts to work, and they expect it to work in the office as they used to be at home, and that's a part of the pressure to help desk.
Now back at entering operations not catching up because that tend to have very fixed and slow pace, and what is really squeezed in the middle is the guy who runs the help desk. On the average, cost of America is right about 60 to 90 minutes to provision 1 company-approved device to make sure you have the right anti-virus environment [indiscernible] and so on, right? And then we each have that employee can only handle 6 to 8 user with new devices bringing on guests. But clearly, it's in a situation that is not sustainable. And half of the next-generation technology have to change the arrow of flow to make sure that users can start provisions that the explosion of visitors on every -- and explosion of devices carried by different people, and the explosion of devices that do not belong to the company that are brought into work by even their employees, those devices, the increase in the number of those devices cannot be driving proportionately the large number of help desk fast. That is the fundamental -- one of the fundamental problems that IT managers are facing.
When you look into architecturally what really is the issue, the issue is for corporate America, the whole help desk structure until now is split into a -- by mobile organization. One is called network management. The other is called desktop management. And the way you delineate the responsibility within those 2 department is first, the network manager has to prove that he or she is innocent by looping back packets to show that it's interpreting the network, and then you say, "Talk to the server guys. Talk to the desktop guys."
That paradigm is no longer existent, no longer helpful. Because with the increased use of mobility devices and wireless network, there's nothing to look back until you look back at the user. So those -- all those 2, the CIO that I talk to, they said -- I have a reorganization on the working because I don't know what the desktop department's charter is when I'm not allocating more money to buy and provision more desktop, and allocating a stipend for people to go out and get their own devices. So there has to be a merging and retraining and retooling of the IT organization to address this phenomenon. And the new phenomenon basically is saying, not only are we having routers, mobile devices that cannot have a clear delineation to the network, but the environment cannot be controlled anymore. It cannot be controlled for 2 reasons. This whole environment overlap [ph], as I to mentioned, normally company freeze it 3 years, 4 years in a cycle. The cycle on the right, first is heterogeneous multi-vendor, and that cycles every 90 days. And in fact, you can argue every week is a new variant of entry in there. And the fact that this is no longer procured by the corporation, that means you cannot control it. And the only way you can support this environment is to raise the network access boundary to say that you have now to get into somewhat the mobile devices, and include that as your part of troubleshooting. So you're redefining the boundary of network management. And that is huge, believe me.
So let's -- secondly, I want to talk about other than Huddle adjusted, mobile device POD environment is network security. So take a moment and reflect how in the last 15 years, the network security industry has evolved. So eventually all the firewalls are invented to protect the LAN with client server. And why do they need to protect the LAN? And that is because with client server computing, the mission-critical date, a significant portion of that is -- has left the data center and be resident on unique server of various kinds and now, existing in the building. As that client server network grows bigger, the LAN grows bigger. You say, fundamentally, I have so much coupled resources, information, inside the building. I need to protect the building. So you need to define all the ports that are connected to shuttle, the ports that are connected to the employee desk, create a safe environment surrounded by firewall. You surround the environment for something called the DMZ, to protect them from those unsafe ports pointing to the outside. So you -- in typical wiring network infrastructure, you see some ports that are red, some ports that are green, and you protect the green ports from the red ports because bad guys -- bad things can happen in the red port, you don’t want the 2 to dilute.
Now in this new configuration, when we imagine, cloud computing, mobile user, virtual office. First, there's one-to-one at the station of person to port, server to port, is broken because the person is no longer 100% sitting at the same desk. The desk is no longer 100% supporting a single-user. So that one-to-one user to desk to port association was broken. Second is the user limiting his ability because [indiscernible] using mobile devices, the traffic can come in through any part of the building. So there, [indiscernible] uses of certain ports.
Finally, the [indiscernible] is the -- with the vision of centralized data center and cloud computing, [indiscernible] that one slot of data center and cloud into the building are leaving the building and coming back to the data center. It's just that in different names. Now they are the virtualized data centers and the cloud and so on. So the fundamental question is why are you protecting the office after the user is not sitting at the desk, the devices are getting wireless and the servers are no longer there? So the fact here is that you don't need firewalls. I mean, no, no, you absolutely still need a firewall to protect the server, just put them in front of the server. The servers are not [indiscernible] in the building, so put it -- let it go with the data center, all right, go with the server to the data center. But then you say, "Wait, so does that mean after my servers are blocked, the building can get into the cloud, there's nothing more to protect in the building?" No, I would contend there are other valuable resources you need to protect in your building. After your data is gone, what is -- do you know what are the most valuable resources you need to protect, at least from a user experience point of view? So we contend it is the air, because everybody share the air. And if they cannot to the air, they say the network is down. Or if somebody want to really play around with your networks, they can come in and they can take over your air from the next building for even a moment to bring down the networks. So you have security that needs to be scanning always in the air for illegal traffic, illegal devices and so on. And by the way, how many of you sometimes complain, the network is slow and the wireless is not good, when you -- in fact, you get 3 or 4, 5 bars in the wireless signal? What really was happening was you actually have a pretty good wireless but your Internet pipe in that building, out; was either occupied by other users or actually slow.
So in the end-to-end communications scheme in cloud computing before your mobile devices, on Wi-Fi, your 2 most valuable resources after the server left the building is your air and your Internet pipe. And you better have a way to protect this. So the next-generation firewall is there to protect the air and the pipe, the network infrastructure. And these kind of firewall are not standalone devices. They -- to do this kind of protection, you have to be inside the network infrastructure. So I would show you a cartoon on the 2 kinds of firewall, the one on the left are what we're used to for the last 15 years. You put a line of defense in front of something you want to protect because people try to attack it. There – those firewalls are still needed, so as billions of dollars of firewall industry [indiscernible] the resources are needed that they were moved with the server to the Internet data center to the cloud.
What is reemerging inside your building is a different kind of policeman. Instead of a riot police, you need a traffic police. But this -- why [indiscernible] if he does his job right, is also to protect everybody, just protect everybody from colliding from other people -- is to provide -- to protect the maximum throughput that is available, that can be executed on a fixed number of lanes and so on. And this is in the past, arbitration, traffic direction, policy enforcement. We venture to say that the mixturation of network access, you will see a proliferation of requirement of the second of kind police. The riot police have left the building, the traffic police have arrived and you better be prepared to re-architect.
Lastly, a pre-wireless [ph] magic. There will be 3 category of problems that everybody is trying to rush in to solve. First is the high-density problem. Anybody who has the experience of going to a ball game or waiting at an airport or in a theater and sadly, some people, in churches, you have problem communicating, even sometimes sending a message out, right? And that is because the charter is so huge. The basic traffic arbitration signal itself is blocking the transmission or traffic, the payload. How do you solve this high, super, super, high-density problem? And there is a lot of technology in terms of -- especially antenna design, the cell size and the spectrum showing and so on, which is currently coupled to a second class -- category of technology in general that we call interference mitigation. You can count on one more wireless device of different spectrum, license, the license kind of collide is just because the Wi-Fi cell is going to get bigger and go outdoor and the cellular signal is going to come in through small cells and you will see the small cells, the Wi-Fi point interference and so on and so on. The industry will be quite busy to make sure all the signals are sort out without the involvement of the users. And particularly, when you shift between technology, that should be relatively transparent to you.
Thirdly, of course, as Keerti will later talk to you about the technology 11n AC that is looming in the horizon, what's the relationship of that with the existing 11n. What -- where do we see the application cycle? What are the key applications? That is clearly a subject that everybody is very interested in. And that will be a focus agenda for the next 2 to 3 years, apart from some of our network migration discussion.
So those 3 are the key elements, our focus in the industry. So let us relate back to Aruba's live architecture and recently we have been fine-tuning it into a layer of management we call, mobility service management. Fundamentally, we introduced a year ago in this forum about the -- about our offering in the single-policy shutting environment and single-policy enforcement environment to allow you a load time [ph], no access control from wireless to remote to wireless then to cellular.
What we accentuate currently is the BYOD aspect. Basically, the future, a lot of the customers saying that they have a lot of problems with these mobile devices fundamentally because of the BYOD nature. So you are here for the next couple of sessions we have today, how are we addressing using the MOVE architecture, this whole BYOD management environment? But the unique thing about the MOVE architecture is customers saying, "Look, I have a red-hot problem, which is BYOD mobile devices. But I have also a problem with an existing laptop. I also have a problem with my -- even though I'm not buying new wireless desktop, I see a lot of them and I still have the wire-port network access problem. And that has all the remote user and teleworker. I have a flat to slightly down infrastructure budget. I cannot squeeze money out of solving this new problem if I'm not ignoring other problem, but I cannot ignore the problem so how can I my cake and eat it?" The Aruba MOVE architecture’s a major argument after the BYOD solution is that no, you can have kick your cake and eat it because by installing the Aruba ClearPass sample, not only are you solving your problem in the future using exactly the same control in management and policy enforcement infrastructure, you can swap all your wireless LAN problems with your laptop, you can actually apply it to all your wire port for your -- other access and your remote user. It is single-use system, one implementation that solves your future problem and yet address your present and your past. And that is the unique offering that Aruba have, the one-two punch of, we have the best BYOD solution and when you solve that problem, install system one and you solve all your backward problem. So you can free up your budgets to do your cloud computing projects, your virtualization project. That, at the moment, is our unique differentiation.
So let me take a step back at the -- as a start of the next decade to look back at someone will allow me, being old, to reflect on the last 3 decades. When I first started as an engineer in HP, in the department of [indiscernible] launched a product what's now called HP poker [ph]. That was when the -- is this Open System Interconnect 7 million models that just got published, to get clarity for those who are working data communications. And that language has permeated that industry. So a lot of -- as you talk about layer 2 switches, layer 3 routers and layer 7 or layer 4, the layer 4 switches, layer 7 application delivery platform and so on. So that technology, that terminology permeates, so.
Allow me 5 minutes to summarize the talk by taking you through a journey, to remind you, layer one means physical layout that is the physical transmission of receiving, these are all physics. The way how signals are transmitted and received. The layer 2 is the data ring layer. What it means is the cost of transmission is lumpy, you can lose signals. You can have signal degradation. How do we ensure that end to end, at the 2 sides of a wire then, that you have interpreted? So you have framing of data, check them and so on to make sure that they're right. The network layer is saying that you're node A, node B are not directly connected, but it is actually multiple hubs. How do you ensure end-to-end delivery beyond the wire, and that really created the whole routing technology, right? So basically it's from hub to hub. How do you handle traffic?
Layer 4, stanza [ph]. Basically, when you send all the stuff through multiple hubs like your luggage through some airline, how do you -- when it arrives, you might – out of sequence, how do you put it back to the sequence that it originally generated before you get chopped up? So that is network layer. Network layer is fundamentally when things are right, most of the time they've seen the top form of a conversation, a dialogue, right, of users or after the users. So how can you put it back in a conversational manner, the discussion later. Presentation, fundamentally at that point in time, people make different kinds of terminals. And so, you have to adjust the display mechanism, and if you are problematically affecting it, how do you problematically look like a device of somebody else. And so you can establish kind of the United Nations of devices, sitting on top of those sessions.
And finally, with that environment, you can do your application. So why am I telling you about all that? Well, let us roll back 30 years before this -- when this model was developed, the model was actually very simple. You had very, very simpleminded devices that are actually very valuable and expensive that sits on a desk somewhere out in the data center or [indiscernible] somewhere. You have a monolithic -- your network provided primarily by IBM, so that's in the architecture. And in a data center you have a monolithic server or mainframe. And there is 2 kinds of multiplexing going on in this, okay? On the data center, you have a single hunk of big iron, and you have an environment that is actually virtualized. It's called multiuser virtual system, MVS, with the time-sharing option for many users, right? And that is to say I have a very big single piece of box there but I have multiple applications that share that physical box. On the other hand, I have a physical, heavy, 50-pound terminal that is green screened, very valuable, and I let people multiplex share it, right? I have the terminal from 10 to 2. You have the terminal from 2 to 4 and he has it after hours and so on. So you have a multiplexing of users in here and you have a multiplexing of application results, correct? The [indiscernible] my motto and the client server computing changed it.
So what it changed to -- there are 3 changes that went on, okay. In client server computing on the desktop side, the intelligence come in and from a heterogeneous kind of number of devices and PC environment, we show that it was cleanup, and it is monotonously Windows over Intel. On the network [indiscernible] level side, you have Ethernet, you have FTDI, you have Token Ring, and those of us who are familiar, that's called the 802.3, .4, .5, .6, and it kept going on and finally, [indiscernible] 802.3 which is Ethernet 1, okay. And so all of this layer 2, layer 1 suddenly becomes outlets about a 6, 7 years of excitement becomes really monotonous, okay. And it is IP over Ethernet, and it is Cisco, right?
Two things now happen to create excitement, in my opinion, for access over the next 2 years -- I'd say next 2 -- next decade. The first thing is this, layer 1, layer 2 is getting exciting again because the Ethernet on copper or [indiscernible] fiber is not going to cut it. It's all about wireless, right? There is energy now in layer 1, layer 2 and that's why you're seeing all those so called wireless LAN companies emerging, because now, standards are evolving, speeds are increasing. So just like the golden year where you see all those Ethernet switching gigabits switching company are growing, there is absolute innovation over this area to -- for a lot of small companies are challenging the incumbent because the layer 1, layer 2 seems are changing, and all this wireless magic that I mentioned, it's going to sustain innovation and growth in the industry in the access layer 1, layer 2 for the next 5 years at least, in my opinion. But if history can be something we learn from, pure access layer, once you settle down -- once the center settle down and so on, it's not going to be enough to scale a multibillion-dollar company. Already, I am obviously not the one to project. You're already projecting well within the next calendar year. Aruba Networks will be bigger on a quarterly run-rate basis than any other independent access layer company in the history of the industry, if you think about it. Just go back and look at your projections and look at all the other company that do access that are independent booking.
So why do we feel we have a way to break through to become a multibillion-dollar company? Despite the fact that this explosion for layer 1, layer 2, this time around is going to make the last explosion of Ethernet, fast Internet, looked very lame, just because of the number of devices, number of user and so on. And so, so, so much bigger than the last round. But on top of that, the excitement we feel is, if you look through this client back [ph] , there's a transformation that happened that is reflective of the data center that has yet to happen. And Aruba is at the forefront of this. And it is just like the inversion of the data center relationship of single device, multiple application to single device, single application, to now application over multiple devices.
So standing over here is happening that's starting out when you have a multiple device sharing desktop to each person mapped to a single desktop or laptop, to now the networking entity has changed. It's not to the device anymore, it is to the user. Because each user now has multiple personas through different devices. And that context, that session awareness, that session continuity, that context continuity, has to transcend the devices.
And where were this information and all that, and why was it important? Now first of all, it's not important until now because it is one-to-one mapping rather than one to many mapping. And second is because there used to be a 98% market share holder saying that you do it my way, and everything will be fine. And now it is a no man's land. So the networking guy has to step up and say you do it anything your way, but I have to preserve that user-centric view of who you are. And that is after 30 years of being ignored, for about recent, layer 5, layer 6 functionality at the edge has to be implemented.
That is why user-centric context aware access policy enforcement, something we have been doing since inception, is now becoming a crucial element for controlling the device and the user. So while Aruba has made our mark in the first 10 years by providing exceptional and leadership product in regenerating layer 1, layer 2 to take Ethernet access to wireless access, our unique differentiation of software offering is presenting for the edge of the network, a virtualized view of the user, independent or path, independence of devices, independence of media over access. And giving that context and coupled it back to layer 1 to 2.
This coupling is absolutely differentiating us from the generic wireless LAN industry. And over time, is going to give us the gross margin differential and the unique market positioning and the architectural hold in the next generation of access network. So you need to remember one lasting architectural advantage of Aruba, it is that. Thank you very much.
Good morning. Hi. I just wanted to see if everybody's paying attention. Okay. What I'm going to do next is talk to you about the BYOD architecture that we are bringing to the marketplace. And it's going to be down between Keerti and myself.
I'm going to take you back to a slide we showed you last year. So what you're seeing up there on the screen is the lower January 2011 forecast for wireless LAN. And you'll notice that there is a need in this line, and the first need that you see there is 11n adoption. And the specific event that drove this uptick in wireless LAN infrastructure was the ratification of 11n as a standard in September of 2009.
Okay. The second event that took place was in 2010 when the first iPad got rolled out. And that created an exhilarating event for the adoption of wireless LAN inside the enterprise. And then we showed you our projection. We said there is going to be really what [indiscernible] is doing is underestimating the true impact of 11n and the new devices, and what that’s going to do to adoption of wireless LAN. What you're seeing here with the orange line is, first, the solid line is the true CY '11 actual. It is roughly a $500 million delta between the January forecast in 2011 to actually what happened in the marketplace. And the dotted line, and the second need there that you see there is the new iPad, is delivered [ph] new January 2012 forecast.
The point here is very simple. The point here is that I think just about everybody is underestimating what is the impact that's going to occur in the marketplace with BYOD, and what that's going to do to drive adoption of wireless LAN inside the enterprise. We would contend that over a period of time, there is likely going to be further acceleration of adoption, and that the green line that we're showing you up there is very, very possible because we're just at the early stages of the revolution we're seeing with mobile devices, the revolution we're seeing with BYOD.
Now what does this mean for the buying cycle that you see inside the enterprise? So Dom walked you through the '05 model and the impact that has occurred in our position in that stack, with respect to the layer 5 and layer 6. If you really think about it, at any given time, right, there's a cycle of buying that occurs inside the enterprise. For the last 15, 20 years, that buying pattern has evolved around a few key tenets. The principal tenet was the explosion of IP. It is really all on IP and then providing connectivity, standard connectivity to the desktop. That was the driving force behind enterprise network spend.
It spawned a couple of different side businesses, most notable for which being the firewall. Because at the end of the day if you're going to connect to a high-speed connectivity, you've got to protect that port. So there was a pretty large industry created around Ethernet access switching and firewall, potentially a department on firewall. That cycle has lasted a good 15, 20 years. It's been a very profitable cycle for some very large vendors. I contend to you that, that cycle is coming to an end.
The new virtuous cycle that you're going to see in the marketplace has got 4 key elements to it. The great collaboration that occurs inside the network, and that, by the way, is completely driven by the device adoption mobility, but that it is driving how collaboration occurs in the network which is very, very different. One of the casualties of the new methodology on collaboration is going to be the desktop front. I don't know about you, but inside my office, my phone that sits on my desk has been sitting there as a nice ornamental thing for holding my papers in place for many, many months. Quite a long time. I use my cell phone. That is my predominant device for communication for voice. And increasingly, I use Skype, I use other free Voice over IP software that's available readily, I use FaceTime. This we see proliferating very rapidly in the marketplace.
And then everybody knows about cloud. Cloud is fundamentally re-architecting the entire infrastructure inside the enterprise. But these 4 things are creating a new virtuous cycle that is driving buying patterns inside the enterprise. At the heart of this, especially when you look at enterprise access, the thing that's really driving the way networks are going to get architected, how buying decisions is going to be made is BYOD.
The whole of bring you in device phenomenon, and I would tell you, at least from my point of view, that if we were having this conversation, say, 3 years ago, I would not been able to predict to you the impact BYOD has had on the enterprise. It really is incredible. And I think we, as I said earlier, I don't think we have fully grasped what this is going to do to the way network is going to get architected or the coming few years. Very, very different than anything that's occurred in the last 15, 20 years.
So with BYOD, what are the key enterprise benefits, why does this matter? Well, if you are the user, it's pretty obvious. Freedom of choice. Finally, freedom of choice. You can buy any device you want. I know a lot of you guys here don't have that same freedom yet. I think one day you will too. But freedom of choice is really, really key. The ability to then be truly mobile, okay. If I've got my iPad, it's really my office, my iPad and my iPhone. Or if it's your Galaxy tablet, your Android phone, eventually it will be a Windows 8 tablet, Windows 8 phone, essentially those are the devices you'll be walking around with. That's it. You can be anywhere -- your expectation as a user, is you can be anywhere, you should have access to your information and your applications anytime. That's the benefits for the user.
If you're the CIO, you’ve got the visions of redirecting spend. So in the traditional -- the company procures the device and hands it out to the employees, it costs on average about $5,000, if not a little bit more per user. So every time you onboard a new user, the company spends close to $5,000. And that includes device as the laptop -- I'm sorry, the cost of the laptop, it includes the cost of software you have to put on it, various other nice things you have to do to essentially make sure it's a secure, corporate-certified device for the user. $5,000. Now if you're a CIO and you can do a quick math, you can go, let me see. Is the worst case scenario, if I don't really want to do BYOD, I can essentially -- well, I can give a $2,000 stipend and say you can only buy [indiscernible] great savings potentials with BYOD. You've got the C suite that is breathing down your neck to essentially enable these devices as I bring them into the workplace.
But, if you are the IT guy, the IT person who essentially make all this work, what does this mean for you? You've got your CIO putting pressure on you, you got your Chief Executive coming down and saying I've got my iPad, better make it work. I needed work, I need wireless in my environment. What does this mean for you? You've had 15, 20 years of infrastructure you invested in, you build networks a certain way and you've got this, what essentially looks like a really alien concept that's suddenly dependent upon you and say you've got to find a way to make it work.
What are the headaches that you're thinking about? How do I keep my user secure? How do I keep my network protected? How do I do this in a way where the end user experience is going to be a seamless, easy experience? Because as a lot of folks know, when somebody brings a device inside the enterprise, it's of their own, that experience of actually getting that accepted inside the enterprise is actually a pretty difficult one. How do I keep my IT staff from getting completely bombarded with request because everything is really manual and physical to administer and set up?
If you follow the networking principles of the last 15, 20 years, you cannot address these 3 points. Or you can, it's going to be very costly, it's going to be very, very painful and more than likely, you're going to walk away from trying to do it. It won't change the pressure on you, but for the IT manager, it's a bit of a nightmare.
Last year, we introduced the MOVE architecture to you. And the reason we started introducing MOVE architecture is we believe that networks have to be fundamentally architected in a very, very different way if you're going to address the age of mobility. There are some core principles here. First and foremost, the access layer. The access layer essentially has to become very, very simple. Very simple. The second thing is you cannot treat each access layer, each element in the access layer, as an individual silo, which is roughly the way networks have been built over the last 20 years. You got silos inside infrastructure. And each silo has got its own management framework, its own provisioning framework, its own separate delivery mechanism. Each of these are different. But if you simplify the access layer and essentially pull a lot of the management glue, a lot of the security glue out of it and centralize it, you have a shot at addressing the needs of mobility. So the second core principle in our story for MOVE is what we've got here is a range of mobility network services from management, security, RF and then finally, introducing new software services like guest management.
Last year, we talked to you about an acquisition we did in December of 2010 called Amigopod. And that was our first software module to facilitate BYOD. It gets access. So a lot of you here, in fact, probably everyone here, should have received an e-mail that says here are your credentials for getting on to the Aruba Network as a guest for today's event. Those credentials were essentially delivered to you using the Amigopod acquisition that we did back in December 2010.
That acquisition and that piece of software is now part and parcel of a suite called ClearPass. So before I get there, one of the key elements to actually making this architecture work is you have to get away from your traditional networking principles of port, VLANs and ACLs, and really embrace context. And by context, I'm referring to user awareness, device awareness, location awareness, application awareness inside the network. These are the 4 elements in which you have to design networks and not the principles that have been adopted in the last 15, 20 years.
But to make context possible, you need a comprehensive set of software suite and a policy engine that makes this possible. And that is ClearPass. And ClearPass is something we introduced a couple of months ago that really is the combination of 2 key acquisitions we've done over the last 18 months. One is Amigopod, that was December 2010 and the most recent one being Avenda, late last year.
What is ClearPass? Well, ClearPass -- at the heart of ClearPass is essentially a policy engine. It is an identity and device-based policy engine that can work across wireless, wired or VPN. It can use multiple security authentication protocols or mechanisms. And you can create fine-grain policies, utilizing multiple identity storage. It can be Active directory base, it can be LDAP directory, it can be ODBC based secure -- SQL databases. But essentially, you can take attributes from multiple data storage into a single policy and create fine-grain control for your network.
ClearPass has got 4 core software modules. First is guest, this is what you have experienced, and this is really to enable self-provisioning of guest access inside an environment. It can be an environment like this or more typically, for enterprises, for guest workers, temporary workers, visitors and so forth. The second thing it does is it's got a double net-based onboarding capability. And with this onboarding capability, we can get very specific in terms of the kind of access a user has based on the user and the device type. We can get very, very granular with this. And the key here is, this is completely a self-service mechanism. So once the user comes in with their device, there is no interface required with an IT person. The user can completely self-administer their device and themselves onto the network. That's ClearPass Onboard.
The third software module is ClearPass Profile, where for the IT manager, we can give them very fine-grain visibility on the user and the devices that exist inside the network. So not only have we made a very easy for IT, the IT manager -- the troubled IT manager we talked to you about earlier, to create a self-administered environment for users to bring their own devices into the network, but at the same time, we give the IT manager unparalleled visibility into what is actually happening inside the network for the users and the devices.
The fourth module is ClearPass OnGuard, where essentially what we do is we enable, again, IT to determine the health of that endpoint that is being committed inside the network. So let me be very clear about this. This does not mean we deliver antivirus software or anti-spam software into the device. That is not what we do. But however what we can do is ensure that the user is appearing to rule that the IT person is putting in place around the kind of software they need on the device, to give the software they need, and OnGuard will essentially ensure compliance. And if the device is not compliant, it can also ensure remediation.
This engine, this policy engine, that software suite that we had that I showed you up here on the top, the mobility services, this is the glue for how you're going to build next-generation access networks. This is the software glue that is absolutely essential if you're going to deliver the needs of mobility inside the enterprise. And we've been very methodical about building this out. And as you can see we first started out with the level management, security services, mobility services, now we're adding a policy engine inside the network.
How is this different than what other vendors out there are talking about? Because in principle, a lot of the technologies are available in [ph] from different people. So the example I have here for Cisco, as you can see there's a suite of products, they have a device in Cisco to essentially deliver some of the capabilities that I'm talking about. And by the way, you cannot, with all that said, use real device for reaching [ph] your control. But here is sort of the kicker as far as the CIO is concerned. To deliver on these capabilities, you have to do a pretty significant forklift inside the network.
If you have made investments in any of these products in the past and couldn't deliver on any aspect of BYOD that Cisco is talking about, you have to go and buy new products. In contrast, we have a single policy engine that cuts across wireless, wired, VPN, any user, any network. And the third point is really important, any network. We work -- we do not compel the customer to only have Aruba infrastructure. We can make it better with Aruba infrastructure, but we can work with any vendor's network infrastructure.
When you put this into dollar terms, what does this mean? Well, if we just want to talk about profiling and posture appliances, we are 20% cheaper than Cisco. But now, factor in the forklift, add the controller. The new controllers you must have. Add the new axis points you must have. And by the way we, you need new switches too. The cost savings is different to what we put out there for -- this is just CapEx now, I'm not talking about -- I'm not even touching OpEx yet, this is just CapEx. Dramatically cheaper than what Cisco has out there in the marketplace.
This glue that is really the essence of building the next-generation access network, the proposition we've got in both in terms of simplicity from an OpEx standpoint and then from a CapEx standpoint, the state we can deliver our competition, I think, gives us a clear advantage in the marketplace. There's a direct translation into what this means for the TAM for company as well. So I'm sorry there's a bit of washout here from the screen but essentially, these 3 bubbles we have shared with you in the past in terms of our total available market opportunity. On the top using VPN, which is roughly $1 billion. Wireless LAN the new forecast, anywhere from $3 billion to $5 billion or years [ph]. And then the Edge switching space, which is a very large market. The reason we believe we have a claim to this marketplace, the access marketplace, is we have the glue. We have the glue. And this allows us to have access to a $14 billion market.
Now the reason we believe that this is a good time to be in this space is, I'll bring you back to the virtuous cycle that I talked about earlier, there's a new spend cycle underway inside the enterprise. Every spend cycle goes through a 15-, 20-year period. We are just at the very, very early stages of this new spend cycle. We are at the very early stages of BYOD. Therefore, we are in the very early innings of this company's trajectory in this business.
So with that, let me stop here. I'm going to invite Keerti to come up here, and go into the next level of detail. Keerti? And thank you.
Thanks, Hitesh. So what I'm going to do is talk a little bit about technology and do some demos as well, if we have the time. So I'll just quickly skip through the BYOD challenge for enterprises and what they need to do to essentially tame this BYOD beast. Starting with -- if you look at what you need to do before anything, you need to go to find policies around BYOD, which is -- if you want to allow this BYOD devices to connect to the network? And if so, who is allowed to bring these devices onto the network and what policy are they allowed to use when they're connecting to the network? And it could be full access to certain groups, it could be limited access to certain other groups. So defining that policy is really what happens inside this ClearPass product that Hitesh talked about.
And then of course once you have the policies defined, you want to onboard the devices and I'll hopefully do a demo of that and show you how easy it is. The challenge, if you will here is, today, when you go join your work or as users go through or as IT organizations go to a refresh cycle, IT actually provisions the device and hands it to you as a user, and you just use the device. They lockdown their standards on software, operating systems, images, et cetera, et cetera. But they have no such control on BYOD. And more importantly, they don't have the staff to onboard and provision these devices. And so there needs to be a model which is completely self-provisioned by the users. And the simplicity of that architecture needs to actually come through to be able to make it affordable to enable BYOD inside the enterprise.
The third aspect, and we'll spend some time about it, is policy enforcement, which is actually happening inside the network. When you use those devices to connect in, what sorts of policies do you want to enable for this particular user and how are they actually enforced inside the network. And finally, of course, ongoing monitoring of the network itself so you have a sense of how the network is behaving, how much capacity is being used, and then do the appropriate upgrade in the network to keep up with the demand. This is the cycle and the process that organizations are getting into to enable BYOD inside the enterprise.
Some example policies here, just to give you a sense, the most obvious one that we encounter of course is enable BYOD but with limited access. Instead of allowing full access, which you would on a corporate issued laptop, if you're bringing your own iPad or Galaxy tab if you're Mark Sue, you can limit the access on that particular device.
Similarly, there's a notion of executive class policies which is, if you have a certain user group which is doing critical work, it doesn't have to be executives, it could be any other group in the organization that's doing critical work, make sure they get reference on the bandwidth. This is a user-driven policy, not a device-oriented policy. Other examples, when you're doing video, you want to make sure the video traffic is getting priority over data traffic so that the quality of the experience is appropriate. That's a multimedia-traffic policy -- I mean that's a multimedia-oriented policy based off of application. So the first example is device-based; second example is user-based; third example, application-based. And then of course, there's further security policies around rouge AP. So when people are connecting rouge APs into the network, you want to make sure nobody can connect through those rouge devices. And if they do, to blacklist those users so they don't get connectivity into the network.
Another set of access policies that are becoming quite popular are around devices themselves which is, if you lose a device, and mobile devices sometimes you tend to forget them on airplanes and coffee shops or what have you, and if they’re configured to connect to the enterprise, you want to figure out that you've lost your device and essentially, they will access to that device but not to the user. Because the user still may have access to their other devices, so it allow the user to continue to connect on the other devices, but the device that they reported lost, revoke access to that particular device. And finally, of course, if the device is unhealthy, infected with a virus or a worm, you want to quarantine that, clean it up before you let it on to the network.
These are all examples of real policies that are being implemented in the network and there will be some mechanism to translate this and back to what Hitesh said, they're all around user application and location and device. And that's the context of use that you need to then figure out how to enforce inside the network.
Now the first example here that a lot of you may have already seen, is what we have done in this room, we have set up a guest network, and we've divided the group into 2 groups, buy side and sell side. We try to keep it simple. And for everyone that's connected, and you sent us your information, you must have received e-mails with your username and password. In fact, last we checked there was roughly about 75, 80 devices on the network connected. And what we did was, clearly, user-based policy, identifying based on who you were. What sort of flash page to put up for you. So the buy side folks has got one flash page, sell side got this image here.
That's just a very simple example. And in fact, what we're doing behind the scenes, of course, is if you have a buy rating [ph] on Aruba, or you're on the buy side, you get more bandwidth. Otherwise, you don't. Just kidding. Everybody has the same bandwidth. And in fact, later I'm going to call on Mark and Ryan to do a quick speed test for me during the demo phase.
But anyway, the point there simply is what we have done here is set up a user-centric network, where we understand who's connecting, what role they have and then basically give them different experience. This is what we just did was a flash page. Imagine this could be, if you're in the hospitality setting, this could be an advertisement. If you're in a retail store this flash page could be a coupon-based advertising system. So there's access to a lot of different mechanisms of rich content that we can deliver, based simply on who you are. And of course, the pages themselves can be customized by the device type going back to the point about Dom’s presentation layer. It's about the user and the device. So if you're actually accessing this on an iPhone, you'll get a different type of page.
So that's sort of the first step of getting users onto the network. And what we did was we used the ClearPass guest module to set up this experience for you. Now when you connect into the network, so that's just the definition piece. Once you actually connect and identify yourself into the network, how does the network know who you are and how do you enforce the policy?
Now if you take an example of what's happening on the wired network, there's no notion of users on the wired network for the most part, basically because the devices that connected were either PCs given by enterprises, so they already knew what devices we're getting on to the network, or phones and on your desk. And these basically were -- these 2 networks, the data network and the voice network were overlaid on top of the physical network. And the attribute that was used to delineate the policies between data and voice for the VLAN, VLAN stands for virtual LANs. And the concept there simply is that if you're on the voice VLAN, you get higher priority. If you're on the data VLAN, you don't get higher priority. And you take that and you map throughout your enterprise. No matter how big your enterprise is, every floor has its data VLAN and voice VLAN in different setup.
Now you take that and you say, "Let me add wireless to this mix." Out of an access point, the first thing you create is, of course, wireless, the assumption is that it is less secured in the wired, so people will create a new VLAN for wireless. And then of course, for guest users, because they're not allowed to connect into the network, it's only Internet access, you create a guest VLAN because you have 2 new policies now, wireless users and guest users. Then you say I want to enable BYOD, which will be yet another VLAN because it's a different policy than your corporate users on the corporate device.
And then, of course, everybody wants to use video. You want to do a FaceTime call, you want to do other types of calls. If you follow the same pattern of a VLAN-based policy enforcement architecture, like what we did for data and voice, there needs to be a video VLAN to prioritize the traffic. And the user experience, imagine this, right, you're connecting to a BYOD society, you basically download your e-mail or whatever else on the data side, and then you go, "Well, I need to do a video call. So let me disconnect, go to the video network, make my call and come back and join back my BYOD network." That's an experience that just doesn't work. People don't do that. People just stay connected to their society that they're in.
So you need to have a mechanism by which you identify the video traffic and then prioritize automatically. And then, of course, another example of this, these days, of course, what we're finding is all these air devices, the AirPrint, Apple TV for AirPlay, they're also showing up on the network. So if you're using this right now, we are tethered, but very soon in classroom settings and this kinds of lectural settings, you'll be just using AirPlay to project your presentation from the device to the screen, or using AirPrint to print.
So the other devices that were traditionally wired, projectors and so on, are also going to be wireless enabled. And that will require its own VLAN. And you can see, this is just one floor [ph], one access point. I need to do all this. Imagine a network with thousands of access points. It's going to be very painful to do this. So our standard of mechanism, and this is really where the policy enforcement, context-based policy enforcement comes in, is to get rid of these VLAN handcuffs that we have because of the fixed network architecture, and design something from the ground up for mobility. And what that entails is basically, first and foremost, identify who is coming onto the network, right, that's layer 5 and layer 6.
This is the point at which we know who you are, your login process that all of you did today, tells me who you are. And through that process, I also learn what device you're actually connecting. In fact, we just did a quick poll. We looked into the UI and what we found was we had about 75 devices on, 31 of them were iOS devices, 12 Macintoshes, 24 Windows, 3 Androids, sorry, Mark, and 0 BlackBerries. So anyway, so we now get a sense, we get a sense of who the user is what the device is. Other attributes we could use are time of day, we could use the location as inputs to a policy, right. And this information, we collect live at the time of the connection.
Then we look into the traffic and we go, what's happening? What types of applications are running on the network? Is it multimedia traffic, is it virtual desktop traffic using Citrix, et cetera? And we also get a sense of how much traffic is actually on the network. And this was all layer 4 and layer 7. Notice I said layer 4 and 7, not layer 5, layer 6, because people use layer 4 to 7, I think, very easily in the industry. But the reality is, it's layer 4 and layer 7. Layer 5 and 6 have been ignored largely because they were not necessary until now. And we believe that now on the access network side, the layer 5 and 6 information is going to be fundamental to policy enforcement.
So you take all this information and then you go what are the sets of actions that I can take? One set of actions are security actions. This is the traditional firewall actions of permitting traffic, denying traffic, redirecting traffic, blacklisting users, et cetera. Now when we talk about a firewall, a common question that comes up is why do you have a firewall? Customers already have a firewall on their network. The reality is we believe there's going to be 3 areas where security will be implemented inside the network. One, which is most common one that everybody knows about is the Internet perimeter. There's going to be a firewall there to protect you, as Dom said, the enterprise from the outside. There's another intelligent box with firewall functionality that will be sitting in front of the server. This will be your load balance server and F5 type device. But there's no firewall that is facing the user and the device. And it is necessary, it's fundamentally required for the mobile world. And that's where we believe the Aruba controller, facing the user and the device, enforcing these kinds of actions will become important.
And then the next set of actions that we can take beyond the security actions, and these are actions that firewall historically never have done, is the optimization piece. Because spectrum is fundamentally limited, whether you're in the license world or in the unlicensed world, you have to figure out how to prioritize the air and optimize the use of the air time so you can give better access to those multimedia traffic, you can balance client densities. In fact, in this particular room, as I said, about 75 users. We have set up 4 access points. The idea is to balance the load across the 4 access points, so we can provide an appropriate quality of service. It's not about coverage it's actually going to be about capacity and load balancing that's going to be an important attribute of policy enforcement.
And finally of course, as you follow the users, there's a new set of actions that are mobility centric that were never a requirement in the fixed world. This is imagine -- now you have your iPad, you're roaming around in your campus, going between different floors, going between different buildings, you want to print a document. You don't want to walk back to your home office and print it. You want print it in the nearest printer or you want to use the projector that's in the room that you're currently using. This requires location-enabled context. And location is something that is unique and changes dynamically with your connection in a mobile setting. And enabling location-based services will be the next situation of what we're going to enable.
So as you can see here, the [indiscernible] it needs to be necessarily far richer than the traditional VLAN-based architecture that we're used to. And what we have done is that call indicator that...
And then roam throughout the enterprise. That capability is built into our software [indiscernible] the software that runs inside our access infrastructure...
The access point themselves. One example of this capability that we just introduced, literally last week at our user conference, this was on the motivation of John Turner who's in the room here. We were talking about, about 6 or 9 months ago, the emergence of devices like the Apple TV and AirPrint capable devices that are showing up inside this educational institutions and soon to show up inside the enterprise. First and foremost, they're all wireless, obviously. And second, they rely on a broadcast protocol that works fine inside the home, because these devices were built for the home networks, very small networks. So when you plug it into your home network, you can discover these devices over-the-air and easily print them or play your video into the Apple TV. The moment you bring it into enterprise, it breaks. And it breaks because the network is much larger, requiring you to create multiple IP subnets. And because broadcasts don't proliferate across different IP subnets inside the enterprise, that discovery process breaks down. You can't anymore find that Apple TV that might be sitting right next to you because it's on a different subnet.
So what we do is, using ClearPass, we create a device social network, that's the one I'm using, where you can go in there and register your device and say, "Hey, this is my Apple TV, this is my printer. I want to use it, of course, and I want to enable the use of this device with my friends." Or if you have an IT administrator you might what to say, "Allow access for all the classroom Apple TVs to only the teachers, but not to the students," right. So there's differentiated use there in terms of how you want to enable access, and that all happens inside ClearPass. And then the controllers and the access points and switches query ClearPass when a device connect, or a user wants to use such a service, to figure out is the user allowed to use the service and then enable that service.
So examples of this, and we call this capability AirGroup. Examples of this service, you have a CFO and his iPad, which happens in our network now. And I'm sure it happens in a lot of networks, with their AirPrint sitting at their desks. You want to enable a pairing between their iPad and their printer, and you want nobody else to be able to use that printer. So you can create that and enable that through the access network. A laptop in close proximity. So you're walking around with your laptop, you want to print to the nearest printer, as I said, using this local group called AirGroup printers. You figure out dynamically where you are, where is the nearest printer and make that connection in real-time.
Then another example, as I already said, the teacher’s MacBook projecting to the Apple TV without the student actually doing any interference on that. Or a visitor walks in with their iPhone and wants to project some information to share with me. And in that situation in the conference room, you can quickly enable live access to the Apple TV inside the room. These are all examples of mobility-based services that are unique and emerging. And I would say we are in the very early stages of these kinds of services inside the enterprise.
So let me take a pause here and do a quick demo. Can we switch the screen over to the iPad please? All right. So here, I have my new iPad 3, and what I'm going to show is a couple of things. One, let me quickly show you what it takes to connect to the Aruba guest network. I think all of you went through this, and show you how we can enforce bandwidth-based policies on this network. I'm going to click on Aruba guest and it should connect in a second there and try to go to some website. I think all of you have probably seen this portal and logged in, so I'm going to login myself. Let me pick up my passcode. So as you can see, it's logging me in, and I think they have me in the sell side right now. So I got the sell side screen. And not only that, I think they have me locked down on bandwidth at a pretty low level.
So let's give it a shot and see what I get. So you can see, less than 2 meg. I'm limited there. So Mark and Ryan, maybe if you guys can try it out. You’re probably on the buy side, I want to see how much bandwidth you guys get. Go for it. Download at 36 meg, and Ryan, 12.5 meg. Thank you. So as you can see there, there's -- what's happening here is basically based on the ratings we are doing bandwidth shaping. No, just kidding, just kidding. Often [ph] , if you can just change me back to a buy-side rating, please. Am I on? So let's try this test again. All right. Looking better. Okay. So I got about 11 meg, same as Ryan. I think it's an iPad thing. It doesn't go beyond that.
So as you can see, what we just did there was, based on the user often just pushed a role and said change my role. I was on the wrong role, which was limiting me to 2 meg. Everybody else is in the same role by the way, just different pages. And he just scripts me back to the role that all of you are in, giving me a much higher bandwidth. And what we did there was basically bandwidth control of -- over the year. So he's figured out Layer 5, so he figured out who I am or what device I am on. And they're making a Layer 1 decision on how much bandwidth do I get over the air, right? Firewalls just can't do that because they're not controlling the air. This is something the controller and the access point do together.
So that's the first demo of when you connect to a guest network. And what I did there was connect to a guest network. So what I'm going to do next is -- let's forget this network. I want to now connect to the Aruba corporate network, which is this PoC network that you see here, PoC-employee. So as soon as I plug in there, it asks me for my user name password. And what happens now, if I'm a user that comes in, wanting to connect, it's very easy to take any device and plug into a wireless network. And if you don't have any intelligence, basically, you're now using the corporate network on your personal device and IT did not have a clue that, that happened. What we do instead is, yes, you can connect but can you go anywhere? That's I think the important point. And let's try to see if I can go to the Yahoo! site. What it did now is it determined that I've connected onto the network, but I'm connected on a device that is not authorized to connect here yet. So it takes me to this provisioning portal. This is what we're demonstrating now is the Aruba Controller working ClearPass onboarding function. The controller connected me, but put me in a role that said unauthorized to connect yet. Redirect to the onboard server where it's saying configure my Apple iOS device. So I click on that. And I type in my user name, password. Assuming I'm authorized so you could go to things like active directory and allow users to -- or user groups to actually connect and provision their own devices. And what happens next, you'll see. It kicks off a provisioning process. This is using the MDM API that's inside of iOS. And what I need to do now, is it’s saying do want to enroll? You're authorized to enroll. I click install and it installs the profile onto my device. And what it's doing is it's installing a certificate that is unique to me and this device. And once this is done, I am now going to be able to connect. And if I just go click on connect, it quickly toggles my Wi-Fi connection, connects me back with the new device credential that was downloaded through the onboarding process. So now I'm connected and if I go back and try to get to, say, the Aruba quote, let's see how the stock is doing. Not too good. Need more violating. So that's the onboarding demo. What we just did there -- I'm a user. I just brought my iPad. Anybody can do this. And I didn't have to go to IT. I just took my iPad, got it provisioned and got it back onto the network with different policies. So now with this device, the policy is being enforced knowing that it is clearly on his iPad and a certain policy gets applied inside the controller.
Can we flip back to the presentation please? So that's a couple of demos I wanted to show you around users and devices and the software functionality that allows enterprisers to go do stuff like this. So it's not just the Wi-Fi network connection, and that's important, and we'll get into how important that piece is. But effecting it with Layer 5, Layer 6 and Layer 7 information is the key differentiator that we have here. So now let's get to the Wi-Fi piece.
As you know, 11n is a transition that we're all in. And last week, we were at a user conference where Dom asked the question. There were about 400 of our top users inside the room in Las Vegas. And he asked a question how many are still are on abg? And roughly 50% of the users hands went up. I think it gives you a sense of the migration, where we are in the process. There's a lot of 11n that has happened. In fact, today, what we sell is primarily 11n only. There's hardly any abg. But what we are beginning to see customers do is when they build out networks with abg technology, they really build it out for conference rooms, not for enterprise access. And as devices are proliferating, what we're beginning to see is they're filling in the coverage hole first with 11n technology and then go back in retrofit the abg environment. So we think there's still quite a bit of upgrade opportunity left inside the installed base to go from abg to 11n.
And the fundamental drivers that we're seeing for 11n, which are here and now, are obviously, the mobile device aspect, which is resulting in much greater simultaneous concurrent connections. Laptops stay connected for -- they're more nomadic devices. They connect when you are at a desk using it, when you're -- when the lid is closed, the laptop is actually not connected. Mobile devices are very different. They actually are connected all the time, whether the screen is on or not, right? And so that requires fundamentally a little bit higher capacity on the network. A lot of these devices at 11n allows these devices to connect at 5 gigahertz as well. And in fact in this room, we just quickly did a study of how many devices are connecting on 2.4 and how many are connecting on 5. And it's a 75%, 25% mix. 75% of the devices in this room are connecting on 5 gigahertz and 25% in 2.4. That's very different. With abg, most of the devices were still on 2.4 gigahertz even though the .11a function was available, the NIC cards were not there yet. And what this 5-gigahertz spectrum gives you is a lot more capacity. It's a much wider channel set and it's a much cleaner channel set. There's far less interference in 5 gigahertz than 2.4. So one of the trends that we're seeing is adding more capacity simply by adding more spectrum using 11n.
And then of course, devices -- device counts. We've gone from a single device per user to 3 devices. And if you add the guest users walking in, the device density, itself, has quadrupled inside the enterprises. And then not to speak of the application themselves, which is increasingly becoming video-centric with use of video conferencing apps as well as video downstream apps, as well as new services like AirPrint and AirPlay.
So taken together, as you can see here, customers have to migrate to a higher capacity Wi-Fi infrastructure and we are seeing that transition in play right now. But what comes next because we fundamentally believe the amount of demand for data is so high that we can continue to throw more advanced technology at the problem and still we'll not be able to fully satiate the demand. This is both true for licensed spectrum and unlicensed spectrum. As you can see LTE came up. It's being deployed now and pretty soon you'll start to care about LTE offload, not just 3G offload, mainly because there is so much data up there.
So for Wi-Fi, the next bump up after 11n is .11ac. I think a lot of you are aware of this. Basically, .11ac allows the Wi-Fi connection to exceed 1 gigabit per second. In fact, it goes up to 1.3 gigabits per second. And today, the highest data rate that you can get on 11n is 450 megabits per second, okay? We expect the first generation of .11ac technology to hit the market, the enterprise market, in about a year's time, so first half of next year. We'll probably see consumer-class products this year and enterprise-class products next year.
Now one of the functions -- and we expect obviously the migration to follow very similar pattern that we did with 11n where initially there is going to be a premium price to the 11ac's technology mainly because it'll be early days, but 11n has become more volume based and it's become much more competitive from a price point perspective. So we expect the initial uptake in some key market high-density areas and so on with 11ac and then continue the migration just like we did with 11n.
But I think the most exciting functionality of .11ac is actually not higher speeds although higher speeds are always welcome. It is this new capability called multiuser MIMO, which is not in first generation chipset. So you will not see this in the first generation of .11ac products. You'll see this in the second or maybe even third generation of ac products, likely more in the calendar year 2014. What multiuser MIMO does is, for the first time, it allows you to transmit to multiple devices simultaneously. Wireless, until now, has been a shared medium. It always will be a shared medium, but only one transmitter can transmit at any given point in time, all right? So there's -- and that's basically going back to the early days of Ethernet where Ethernet was shared, where there's only one device that could transmit. Everybody else would receive. With multi -- and when switches came, when Ethernet switches came, you created the ability to have multiple transactions simultaneously. Multiuser MIMO is analogous to switching. Although it's not quite the same thing, it is quite analogous in the sense that the access point can now send packets to multiple devices simultaneously, boosting capacity dramatically higher. And in fact, it's very important because the devices themselves will not be capable, especially the mobile devices will not be capable of going all the way up to 1.3 gig-type speed. They'll probably be more in the single stream speed level, maybe 200, 300 megs. So there's going to be ample capacity with 11ac. And what we're going to do is reuse that capacity and start to paralyze the transmission to take the wireless capacity even higher. And we think the need for wireless capacity for the foreseeable future is so great that when we introduce AC, the migration will begin and multiuser MIMO will cause another migration to happen.
Now as we go through these technology transitions, one core technology differentiation for Aruba from the beginning has been this capability called Adaptive Radio Management, which allows us to tune the spectrum. And this is a fundamentally important activity if you're operating your network entirely on wireless. And it's not hard to imagine a few years from now where networks will be all wireless. So the transaction -- the transitions that we are seeing are basically -- the first phase of Adaptive Radio Management was all about tuning and making sure the networks were easy to set up. This was when we introduced the first generation of controller-based wireless networks. Now when 11n happened, we introduced capabilities to influence the clients, to utilize the additional capacity of 11n. So I mentioned 2.4 and 5 gigahertz. If you don't do anything in the air, the default connection for these devices is still 2.4. So what we have created in Adaptive Radio Management is this capability called band steering where we detect devices now capable of connecting to 5 and we proactively steer to the cleaner band. So we're influencing clients in making the right choices to improve the capacity on the network. And the next generation of Adaptive Radio Management capability will allow us to take exclusive control of the client device, itself. The cellular networks have gone through this through transition in the licensed spectrum, and the Wi-Fi network will go through the exact same transition as well. As client devices start to come over, we can now get a client's perspective of what's happening and do things like that. It could hand over and say that user connected, that access point, this user connect to this access point even if they're trying to connect to another access point. So getting exclusive control of the client is going to be the next big jump. And load balancing, instead of just balancing at the connection level, we balance at the traffic level. So these are all capabilities that are happening at Layer 1. And this is fundamentally important. And I think in the early part of the presentation, as you saw some of these challenges with the audio, what was -- it's basically what Dom said, which is wireless, and interference is a given, managing around interference and making sure things are reliable Adaptive Radio Management-type functions is really what it takes to make sure those kinds of choppiness and so on in the air is cut out.
So now let's transition to architectural revolution. So what we did when we introduced the first set of products, enterprise-ready products in the market, were basically a controller-based wireless networks, which were, as you can see here, thin access points controlled by Mobility Controllers. Now the state-of-the-art for access point technology back in 2002 was the specs there: 4 meg of flash, 16 meg of RAM and a 200-megahertz CPU handling 2 radios that are 54 megabits each. Today's technology, 10 years later, we have 16 meg of flash, 256 meg of RAM and a 1.6 gigahertz CPU, handling 2 radios that are 450 meg. So you can see there's a 10x improvement in the semiconductor technology that's available to us inside these access point form factors. And what this allowed us to do is to take some of our software that we built for the controllers and virtualize it and run it inside the access point, itself. We call this the virtual Controller, and the idea here is to take the software richness that we built in the control -- and the control functionality that we built inside Aruba operating system and now make it available in different form factors, not just on the controller, run it inside the access points, run it on switches and that gives you the ability to now scale the wireless network in a much broader basis.
In terms of the evolution of the controller product line, the way we it, we'll continue to have, obviously, the big iron [ph] for campus deployments, for data center deployments and for things like unification of wired, wireless and remote access. We'll take the controller functionality. We’ll put it inside the access points for -- the virtual controllers on the bottom left here for small branches, home offices where you can set up a very intelligent, smart, wireless network very easily without requiring any additional hardware. And of course, the point in the middle, which is taking the switches, the Mobility Access Switch portfolio, running controller software on that for larger branch offices, for wiring closets and unification of wired and wireless. So depending on what -- where you are in the evolution and your needs from a customer standpoint, you will be picking one of these 3 models.
And to give you a sense -- I think this is the obvious question. When do you go with a -- today at least, when do you go with a virtual controller, when do you go with a mobility controller. The answer is actually pretty simple. What I show here, if you indulge me, a network diagram and a classic picture of when folks set up networks and an enterprises set up networks, I have 4 access points here, 2 of them connected to one subnet, 2 of them connected to another IP subnet, all connected through some core network to the data center.
Now if you are a school and those access points represent classrooms and users and devices are connecting in those classrooms, they're not mobile. So the traffic enters and exits from the access point to the wired connection behind it onto the subnet and standard IP networking protocols work just fine. It's almost like a wireless -- a cordless extension of your wired network, okay? So with the virtual controller, you can easily do that. You can have access points plugged into the existing wired network edge for small deployments where mobility is constrained to within the classroom and so on.
Now as you grow the net -- but as you grow the network and you say I want users to roam. I want them to hop between different subnets, and now you're in a campus-type setting, you need something called Layer 3 mobility, which means that the traffic now needs to find you, the user, as you roam across the subnet. And the way that works is the first time you associate with an access point becomes your home access point. And it remains your home access point for the duration of your session. So as you roam throughout the campus and you roam through a different building, your traffic first comes to your home AP, comes back through the network, U-turn and hits your current access point to get to you, right? The obvious problem here as you can see, with greater and greater load and greater and greater mobility on the network, the Edge, which is the access point, itself, starts to get overloaded and the network also starts to get overloaded because it's processing the same traffic multiple times, right, instead of just doing it once. So what we can do here -- and this is where the physical controllers come into the picture. Instead of having that U-turn and overload at the Edge, insert the Mobility Controller in the middle and as users roam from that home AP to another access point on the campus, the Mobility Controller serves as an anchor where traffic does not have to do any U-turn. Mobility Controller has your context, the user and the device context, and it knows where you are now, which access point you are now so it sends the traffic directly to that access point as opposed to the home access point, all right? So that's the -- from a design perspective, when customers look to scale the networks out, the larger the network, the more likely there's the Mobility Controller, physical Mobility Controller. The smaller the network, the more likely there's a virtual controller in the network. That's how we see networks evolving.
And as you continue to build this out and look at the broader portfolio of Aruba products, one of the key assets that we hope to leverage is what's in the middle there: the Controllers, ClearPass and AirWave management capability, which are common, right? These are the Layer 4, Layer 5, Layer 6, Layer 7 functionalities in the network. So you can take that, centralize it and extend it to the edges. You can extend it to the wired edge and the wireless edge using our access points and access switches and you can extend that -- those services over the Internet using remote APs. And if you are not next to a remote AP, you can use a small client on the device itself. We have a small agent called the Virtual Intranet agent, which replaces a VPN client but makes -- it's really optimized for the mobile experience where it's always on, runs in the background, users don't have to type in their user name and password every time they want to connect. So when you're switching between Wi-Fi and 3G, you still always stay connected. So with this, you have now the ability to take any access method, wired, wireless or remote and unify that in a single context-aware architecture, which is not based on how you connect but who you are, what device you're using, what applications do you want access to and where you're connecting from. Using that information to then determine what policies should I enforce on a per-packet basis as your traffic flows through. So that, in a summary, is really what the MOVE architecture is about. It does not rely on the VLAN concept access, which we think is completely dated and takes networks -- access networks into the modern age with really delivering much more richer context-based policies. That's the Aruba story. I hope I gave you a sense of what the technology is. I think we are rolling to a break next and we'll come back in a few minutes. How long is break, Ben?
We're going to take a 10-minute break. And it's about 10:35 right now. So we will resume at 10:45 and hear from John and Mike from Brandeis and Google. So back in 10 minutes. Thank you.
John Turner is with Brandeis University. We thought it'd be really appropriate to have John talk about -- you heard a lot this morning about the next-generation network architecture. And John -- and he spoke at our user conference last week, got rave reviews for really being a visionary in how he's making a bet, in this case with Aruba, to architect his next-generation access network in a rather dynamic and BYOD kind of environment in a higher education institution. So without further ado, let me bring John up to the stage. John Turner.
So I have here one of the things that -- I don't have a platform, I’ll just be a [indiscernible]. Brandeis has been a customer of Aruba since 2005. [indiscernible]
refresh cycle [indiscernible] coming up to a project
and I know a lot of my fellow network directors are finding the same exact thing: That they're in a position right now where they're needing to look at refresher and certainly if they haven't got 802.11n, they're doing it now. So my presentation is called Transforming the Edge. And really, this started -- we really started looking at our network and trying to figure out how do we build the network around people, not devices. Traditionally, as you heard from Dom and everybody else, that -- Keerti, if you look at -- everybody who is going to segment it to these ideas of VLANs and things like that. And that's really not exactly how people connect, and that's kind of a BYOD piece, right? You bring your iPAD in and it's not really so much as, oh, what VLAN am I connected to or how I'm connecting in terms of my application? You just wanted to get onto the network, right? So what we've seen at Brandeis is a huge shift, right? This is no longer device-centric, but it's really owner-centric. And I called it owner, not necessarily user in this particular case, because I can do [indiscernible] yes, 3 things, right?
How about now? Anything? Can you hear me now? Can you hear me now? There's a [indiscernible] no.
All right. Don't worry about it. I can shout and I know there's a webcast, but we've got to move on time so -- we really see it as an owner-centric world, and that's really this iPad revolution, right? And you've got the smart device. They all want to connect back to each other and that's where Keerti started talking about, things like AirGroup, which is this highly specialized traffic, right? It's no longer about I've got 2 laptops or I've got a desktop and I've got a laptop. I've now got devices that really need to talk to each other, right? And that's the -- I've got to sync, stream, upload, print. And they're all consumer-led devices, right? That's this big thing. We talked about consumerization of the enterprise. But the reality is, is that it's a consumer-led world. When your CEO brings in an iPad because that's what they got for Christmas and they want to connect your network, you're not going to say no. And in our case, when our students come and they want to connect their Xboxes, they want to connect their iPads, their Apple TVs, their Android devices, their smart TVs. We don't say no. We have to figure out how to make it work. And it's becoming increasingly difficult in an enterprise world to make that happen seamlessly, right? Because my job is to make this essentially just seamless. You don't want to know how the network works. You just want things to just work. In fact, Keerti asked me at one point, he said, "What can Aruba do for Brandeis?" And I said you can make it just easier because my job is getting harder and harder. More and more people are saying can't you make it work just like it does at home because at home things just work, right? In an enterprise, it's a lot more complex. But they don't care about that, they just want it to work.
When you get into the refresh, one of the things we really liked to look at is what our user traffic was. And there's a lot of this north-south Internet traffic, right? And that's the bulk of what people do. They connect to the network and they really just want to have things go fast. Like they don't care about anything else. They don't -- and at Brandeis, we don't actually do a lot of firewalling at the Edge because we're in open, higher ed institution and for the most part we like to think that our students are connecting to learning-related materials off campus, right? Right? Yes. That's what I tell everybody. That's what they do. They connect to learning-related materials. But the reality is that we're an ISP for those folks and the majority of the folks, that's how they connect. And in fact, as we transition to cloud-related, cloud application services, that's where that traffic is transitioning, right? It's actually transiting out that Internet pipe, and cloud services are pretty easy for us to deploy because I don't actually have to think about them anymore. But there's a significant number of very highly specialized east-west traffic applications, right? This is the stuff that, in reality, we spend more of our time on. Such things like voice over IP, IPTV, enterprise apps, research -- researchers who are accessing sensitive research data and that's where we spend all of our time trying to make sure that we classify all of that traffic, classify the users, classify their devices and how do we do that in a seamless way.
Well, we really wanted to come up with this idea, this identity-based networking. And this is something that actually we talked about. I talked to Keerti probably back in 2005 and I said, wow, couldn't we just classify everybody's traffic, put everybody into a role and then maybe somehow magically on that packet of data as it traversed through the network, it would have these checkpoints and gateways and everything would kind of magically flow so that rather than grant that port on that wall access, I was granting that device or that user or that family of devices. So we had this idea, could we do this? Could we make this happen? But really back then, it wasn't possible. We didn't have the single community of wireless access and switches that exists today.
So as we look at this, again we go down -- smart devices need a smart network. It's not that easy as easy as really just connecting them and making them talk to each other. Part of that idea of bringing all those devices together for us means that we need to have a single unified policy. How do I have a unified policy that flows across both the wired and the wireless side? Because if I don't do that, I've got to bring my security someplace else. And that's really kind of hard. That means that I've got a lot of different things I have to manage. I've got to manage into the core, I've got to manage into distribution. I've got to manage separate firewalls and I don't have a lot of people -- Brandeis isn't about being a networking industry, right? We're higher education. My job isn't to make networking a big line on the P&L sheet at Brandeis because there are no P&L. We're nonprofit. But they don't want to have large buckets of money being spent on this. We don't have a lot of human capital we can fund on this. So we've got to do things more and more efficiently. And if we can streamline that process by using a unified architecture, that's really, really attractive. And that's one of the things that I talked to my fellow folks and in fact like it was said, Ben said I was at the AirHeads Conference last week. And after my presentation about Brandeis using the S3500, I had a ton of people come up to me and say, "That's what I need. How do I do that? How do I get into this market because I need to unify my access. I need to simplify things. I've got too much stuff going on that I can't deal with the traditional models that have been in place over the years." And everybody's kind of getting this idea of really changing their mindset into how they're doing networking. So you've got to have a partnership that does that. You've got to have something that can do that, right?
So when we looked at -- hey, look, all right, this is great. This is a really neat idea. We're going to do identity and role-based access and I'm going to move this onto my access, my wired access layer because we do this today on the wired side -- or the wireless side, so I need to do it on the wired access layer. We had to make sure that whatever we were going to choose could route switch, stack, allow us to build that unified dream. Oh, by the way, it has to support our legacy Cisco voice over IP infrastructure. Right? So it's telephones on the desk that I know Hitesh, and I agree with Hitesh, that thing sits on my desk and unwanted phone calls go to it all the time. Right? But that's me. There are call centers on campus. There are payroll offices. There is a help desk. All these people rely on that voice over IP infrastructure and it's got to work, right? It's got to be a reliable underpinning. It can't have packet loss. It can't -- we can't sacrifice performance because we can classify users. So what we chose in our Edge switch had to be a rock-solid, reliable device.
So we actually evaluated our options. Yes, I've been a customer since 2005 and some people might think I'm an easy customer. But I'm not, right? I need to answer up to the higher power. I have a Board of Trustees that wants to make sure that we're getting the best value for what we pay. Again, we're not in the business -- we're in the business of providing education, not spending lots of money on things that don't make any -- don't make a difference at Brandeis, right? So I looked at Cisco, I looked at Juniper, I looked at HP, I looked at Aruba. I actually -- I'm so disenfranchised with Cisco at this point because their focus is not on switching and routing. Their focus is on other things that, pretty much I wrote them off. They didn't know how to handle that, but I wrote them off.
Juniper had a really interesting story. We brought them in. In fact, we bought 88 of their Juniper switches, put them in our dorms, ran them for now almost a year. But they didn't have a focus. They had a very interesting model, which was to follow on Cisco's heels and eat up that Cisco's simple replacement strategy, right? They were looking at anybody who just wanted to -- I hate Cisco, I want to get rid of the switches. I'll buy Juniper, they'll be easy to do deal with, right? Well, we found that wasn't true. We found that they weren't actually easy to deal with. We didn't find that their support was any better and they really didn't fit into that particular model of extending our user community into the entire ecosystem, to unify that edge and that user community that needed to be able to transition and support smart devices. Really, Juniper was just there to kind of -- as I said, replace Cisco.
HP wasn't even in on our radar. I mean, I looked at them for about a brief second and I think somebody had said, how do you sell against an HP? Somebody wants to buy an HP and I heard somebody say, oh, why don't you just buy a NETGEAR switch? What's the difference? They're cheap, too. If you're going cheap, why not buy cheap, cheap, cheap, right? So we really -- we looked at Aruba and we decided that they looked pretty good. So our choice is AP-135 for a very high dense end deployment. Again, we've been a customer since 2005. We still have over probably 500 or 600 AP-70s, which is this fantastic radio that came out back in 2005. We're refreshing those today, very high deployment. So I think our original deployment was about 700 access points. Today, when we're done, we'll be close to 2,200 access points. And we're going to use the Aruba S3500 and S2500 to refresh the entire Edge at Brandeis.
But we still had to test this thing. And that's one of the things that I keep getting asked is, all right, Aruba has produced a switch, but they're kind of young. Are they -- and they built this thing. They didn't buy it, right? They built it. So does it work? Well, we weren't going to let our partnership kind of clatter-ize and have sorry [indiscernible] because of course, it's going to work. We really, really, really -- and Aruba wanted us. We tested absolutely the hell out of this switch. All those things were core pieces that we absolutely had to have on our Edge switches. These are lifted right off of our Cisco requirements, can the switch do these core components because at the end of the day, if it doesn't switch and it doesn't route, it's not a switch, right? It's a worthless piece of junk. So if it can't do these things, it wasn't going to be at Brandeis. And as nice as a customer I am, I told them, if it didn't do these things, I really like you guys, but it can't -- it wouldn't be here. So we actually built a lab. And we really put this thing through its paces, which is something that I -- we had a lot of fun doing, but I didn't realize how much credit we would get in our user community for doing. I hear all the time, wow, Brandeis really pounded this thing. And I mean we're pounding this thing today. It's still being pounded right now as I speak. And we're finding this actually is performing really, really, really well.
So a couple of things that we just -- we love about this switch. Again, rock-solid. It's done what it set out to do. It's a core component. Remote stacking, which has been a huge feature for us. This is the idea that we can actually split a stack of switches through long distance. I think Aruba tested it up to 70 kilometers. I know we tested it across the farthest distances of fiber that we have at Brandeis. For us, it's very helpful because in buildings that are split closets where you've got a lot of little switches, maybe somewhere here or there, we've been able to combine together into a single switch, which is more efficient for us from a routing, from a management, from an upgrade perspective. Cisco can do this very -- or sorry, Cisco. Aruba can do this very cool thing with Cisco phones, which is they can actually take these legacy Cisco phones that really today are locked onto a Cisco network, and there's something like 10 million of these Cisco 7940s and 7960s deployed worldwide. And right now, the only vendor that can support them is Cisco until Aruba releases the final code on here. And now, Aruba and Cisco are the only people that can natively support 10 million phones in the industry today, which is, to me, that's huge. Literally, just plug the phone in and it works. If you do it to a Juniper switch, it's not going to happen. If you do it to a NETGEAR switch, it's not going to happen. And that's big. That was like a $600,000 liability if we couldn't do that. If we had to replace all our phones, it would be a significant, significant cost that we just -- we couldn't do.
Profile-based configuration, which is just a fantastic thing they'd had on their product for a long time now. User roles, which is this dynamic kind of the idea that any port could become any port that it needs to be, ability to copy and paste configurations such as from the wireless controllers. To me that's great because that means that my wireless configuration is really the basis for my wired side configuration. If I wanted to 802.1x, if I want to do user roles, if I want to do Radiant, I just literally copy, paste and done. That's another huge savings from our perspective and where I see existing Aruba customers finding it very, very attractive.
So putting it all together for Brandeis, we really see this is unified access role, right? So that's the same access provision across the entire campus. A single interface for administrative control. That's huge. This is -- this eliminates a tremendous amount of legwork, groundwork done by network teams that have a lot of other things they need to be worrying about these days. So that's a big timesaver for us.
Automated port configuration. The idea of a colorless port. So if you look -- and I haven't looked -- the room was opened -- the IT room here and every single port was plugged into every single switch, and you know that every single port on that switch was hand-configured and it needs it to do its right thing. And if you had to change, you go in and you change that. Not anymore. On our side, the way we're going to deploy this is, you plug in an access point into that switch, the switch discovers that it's an access point and it goes right off the bat. I don't have to touch it. I plug a printer in. It discovers that it's a printer and it automatically configures itself as a printer, and in our case, it puts on an access control list that restricts it.
Think about the AirGroup functionality that will come back into this mobility switch. The ability to share printers out wirelessly or wired through an AirGroup functionality. That's huge. I mean, the idea of being able to go in. I experienced this. I went upstairs to my lab to go play. I needed to print a bar code out and then it took me -- I eventually almost walked downstairs and carried the printer upstairs. That's how bad it was because I couldn't connect the printer that was next to me.
Automated security. I just went over that. That's fantastic.
And then AirWave. Bringing AirWave management into this is huge. The unified platform for us to manage all the devices, wired and wireless, and get things like power efficiency, users, user role, device classification. There were some other features that were demoed at AirHeads looking at traffic classification and having that -- pulling that onto the wired side. All of these really speaks to a very, very rich Edge community that is going to just benefit us, the customer, tremendously from a time-saving, cost-saving and just efficiency standpoint.
So anyway, that is my presentation. I appreciate taking the time and listening to me. And I think later on, if you have any questions, you'll find me then or send me an e-mail at firstname.lastname@example.org. Thanks.
Thank you very much, John. That was great. Next up. I was talking to Mike from Google last night. And you know what, when you think of Google, if you talk to anyone in Google's IT organization, it's rapidly apparent that, that organization is a rather forward-leaning, innovative organization. And I met Mike last night for dinner and it became rapidly apparent that he's a rather forward-leaning and innovative individual, himself. And I thought he'd be perfect to come share with you his perspectives around this whole BYOD phenomenon that we've been talking a lot about this morning, and specifically, his view on it and how he and his role at Google is looking at contending with this. So without further ado, Mike, come on up.
Who's like, I'm one Android user, who's the other 2? Well, you are? You're the one? Okay. Great. I had to do a VC call with my wife right now. Honey, by the way, this is not FaceTime. We see a lot of FaceTime things going on. This is on a non-Mac enabled device. And my wife doesn't really know what I do. So I'm just going to give the phone to you. You just got to hold it and then talk to her, don't let her know that I'm doing anything crazy. She's right there with you. So that's kind -- that's a non-Mac device, a non-iPhone 4 talking to a Mac at home. I did a call this morning to my London office, to a manager there and then I also had a call with a guy in Dublin via my phone because I don't want like to pull up my Mac a lot, so is my wife okay? Is she okay? Is she doing great? My son's still there, right? They don't know. I changed the camera around, right. So it's facing me. She's -- You're cuter than I am, right? I'm just kind of worried, right? Do I have a presentation? It's live actually. Do I have to push a button? Push a button like this button here. Wow, it's a nice presentation.
So I get the call this morning on my phone with Dublin and talked to the guys in the office as well as Keith [ph] was on his way out the door, so he got into his car and we were talking lies in his car driving. The message there is it's just really pervasive, right? The wireless and the mobility piece. And it continues to be that way. You can hang up on her, if you don't mind. Bye, babe. See you. If you see me walk in, she's pretty happy. My son is still there. You didn't talk to him, did you? So do you want to see her, my wife? Beautiful, beautiful woman. So now she knows and now everybody knows.
But the 2 things you probably should take away is that there's -- wireless is pretty pervasive in the enterprise space. I mean it's just not -- it's not going away. It's going to continue to be embedded. And as more devices and things open up -- the probably the second thing you should take away from is that it's got a pretty well pretty long adoption curve, right? I mean some people really jumped on it earlier on and now there's just big, long tail of just people just adding more and more stuff happening.
I don't represent the product side of Google, so let me give you a quick disclaimer, okay? Google products, ads, search and those other things, that's not me. I run, manage, own, operate and Google corporate enterprise network. I just love to see nodding of heads and say that's really cool. So I'm going to talk to you a little bit about that. And as it goes, it's this: The way we see things -- again you can read this but it's just about the consumer. The consumer of the technologies that we have to build in our enterprise space is our end users. And our end users are the ones who develop products on Google platforms that will ultimately deliver them to the industry in the mains and drains of users that are out there. So I have to enable a whole bunch of people to do a lot of cool things so you can not use FaceTime, right? Because you can call multiple platforms, you can do hangouts in Google+ and stuff. That's what these guys build and that's my core functionality. I don't know if I really like purple ties, right? Because they use FaceTime a lot. But some of the features of technology and so did Keerti, and we're really at the edge of that adoption thing. We really believe that users are going to come in. They can demand more from us because they want to be innovative, they want to be collaborative they want to continue to move and they actually want to make Google a better company or a better place to work as it relates, right? So the consumer is actually the most important thing and the customer. The great thing is that we've actually deployed Aruba networks for quite some time and we have just continued to do so and it's been rock-solid for us for periods of years.
Again, a view of enterprise, and I think that -- I would like to think that we're actually ahead of the curve in this where we talk about this thing. For us, it's a frictionless enterprise where, again, you as a user, or you as a consumer of this network, you come in, there's nothing that you can't do in this space. When you walk out, you can do the same things. Guys write lines of code and develop certain things maybe in the bathroom. I don't know. But at other places, at the Starbucks, in the cab, they walk into the enterprise and everything should just be working. It should be very frictionless. The business actually demands that mobility. We don't really get a lot of choices now. The users are driving us and we're having to adapt to that quickly. And we need to be able to adapt a that in such a way that it doesn't cost us significant amounts of money that we can move and change things as time goes on. It has to be ubiquitous. And we have to have the right product to allow for great engineering. So again, we're not developing that as an internal IT organization. Aruba develops a great product, other folks develop products. So we have to have the right product to allow for that engineering. I put this point up there so we plan for a failure. The reason why we plan for a failure is that we actually have to believe that we can -- that some cost will set us free, and we need to reinvent sometimes. And so we have to measure our successes, plan for potential failures, know that there's plenty of devices, not just Android devices coming in the market. There's tons of devices that are coming out, right?
And wireless is a topic as a chip, as something that is being embedded is significant in various different products that are coming to us. And we need -- the user experience has to be the same always, you guys would agree with that I hope, and we have to find a way to turn off our BlackBerrys, right? Reduce our physical footprints, right? Our physical footprints are huge today, but in any infrastructure it costs us a significant amount of money. We need to figure out how to reduce that and quickly and be actually very agile and show up in markets where we don't have a lot of infrastructure, but we can still execute and do our job well. And then we actually believe that data, not necessarily the hype.
And so that's where instrumentation starts to come in, and we actually believe that as we see more users show up, as we see the types of traffics and patterns that they're running with, and we see the demand showing way up, we really see this data starting to move us, and we're reacting or acting upon that data.
Mobility or this idea of mobile ubiquity is an enabler of our innovation. It enables the end user. An end user ultimately is the innovating engine, right, that delivers certain things inside Google. So they have to be online/offline, and they're online/offline all the time. That's kind of an oxymoron a bit, but all buildings have to have to this guest and corporate access, Wi-Fi access.
The commuter, we have buses in Mountain View, California. We have buses in other parts of the world that are actually enabled via Wi-Fi. As soon as they get on a bus, they're on a Wi-Fi network, that's a secure network, it relates to Google and they work -- they're working on their commute in because of the hours of time they spend doing such. The SOHO experience, the VPN access in the conferences and the events that they go to and they participate with other folks in the market. Plus the product engineering, which is as it relates to a vendor. Mobility has to be a forethought, they're lightweight, they have to be standards-based. They have to be identical user experience regardless of location, et cetera, and they have to be synced and tightly integrated with common standards.
Which all gives us this thing; whether you're going to do a PC or a Mac, whether it's a smartphone or a tablet, whether you're at your home, your office or commuting, who really cares, right? You're enabled. And you're enabled the whole way through your course, through your life cycle that day, and you're innovating. Google innovation enablers, the principles for us is: Wires are actually very constrained. Again, fixing ports to a location, costing us infrastructure dollars. We need to remove those, and we move end users and help them essentially be more enabled in a wireless space.
And we have to maximize that connectivity to the best of our ability. That means -- I think Dom put up a slide talking about AP density in the future, and that's where -- that's what you see in some of these things like they call heat maps that engineers work on. We really have to focus on where user concentration exists, hot times and hot content essentially or moments where there's a need for capacity, redirect that capacity to that particular pace -- space and allow for things to happen. An example, in our San Francisco office, 500 users from a college will show up one day, and they will want to get access to something either inside Google. It might be a code exercise or whatever it is. We have to deliver that bandwidth fairly quickly, and we have to deliver it at a capacity that makes it very seamless to the organization. It doesn't impact us, but allows for that innovation to occur.
Those kind of things are important, and that's why we talk about AP density and allowing to instrument how we build these networks. The BYOD challenge, I put this slide up there. To most people there's a trusted device, there's a semi-trusted device, and there's a not-so trusted device, and they all look like the same device, right? So this is the challenge, right, is that for the most part people come in, they register on a network, they get an IP address, they get an access to something and then now you have to figure out what you do with it, right? And this isn't that easy sometimes to solve. People have to go work on developing solutions for this. Aruba's working on that. It has built that. So policy and device management is needed because I have a laptop that is very trusted. It's a very trusted device. It sits right here that gets on your corporate network that you have access to. All the critical IP inside my organization.
But you also have -- but there's other people that bring laptops in with my network. There's other people that bring tablets into my network. There's other things that you might bring your tablet. It might be a semi-trusted tablet because you are an employee at Google, but -- and you get access a certain of things, but not everything because maybe your wife uses that tablet as well or she played games. And I call my wife on my phone, or she uses my phone or my kid gets my phone and plays Angry Birds with it and then sends an e-mail to Larry Page or something, right? I mean, my point is, some are trusted, some are not semi-trusted and some are just not trusted at all.
And that type of -- when you talk about bringing your own device into the network -- and talking about the scale and the financials of it, but these things are occurring today, right? As soon as you walked into my network with your phone, you actually are registering onto a guest space that's very open, it doesn't require a username or a password. We have this egalitarian view of things, right? So we want things, everybody to have this open access to a specific space and network. You're not going to get a fast page from us, you're just going to get access to the Internet.
And so we use that because we have a lot of people that's come in through Google. So this is very difficult to manage, but we're heading down the right path and with the right venture [ph]. Just in case people kind of forget that the demand is not real or real, we've added I think 50,000 Android devices to our network, 40,000 users are using calling in bikes [ph], 180-plus offices worldwide and then 40,000 or so laptops. I manage and own and operate a network at the corporate enterprise and all of those things are there, right? And all of them are wireless. So that's pretty significant sometimes when it comes to maintaining, supporting and scaling something.
So definitely there'll be some time for questions in just a moment, yes. So I'm going to end with this because I wanted to definitely save it up for some Q&A. The future is now, and it's kind of cliche-ish, but you get it, social networks, cloud apps, end users always on, always needing to access information. They run voice, video, live TV, augmented reality, personal devices in any platform in any OS. Mobile solutions are everywhere. I really do use my mobile phone for everything I do, including talking to my wife, right, and including talking to the business, checking my e-mail, pulling up my presentation, in and out of the office, it's everywhere.
I don't want to lose my phone. It's a trusted device. It has to have security policies and things around it. I have a networking partner that helps me do that. Okay, but there is a question right here. Someone had raised their hand. Sure.
Yes, I don't want to answer all of those crazy questions, but we have a lot, yes. And those are OS specific, right? So...
I'm sorry, the question was, is how many Chromebooks do we have in the network? I can tell you, I own a Chromebook and probably everybody in my organization owns a Chromebook. I know it's a lot. I use -- using generic numbers because that [ph] tends to get to some people and they think Chrome versus Android versus stuff, and we want to be very generic with that.
That's like 4 questions, right? So could I pass them [ph] today, right? No, we don't use that today currently. We're a certificate trusted based solution right now. We're digging into the details of how well we're going to be able to utilize that type of platform, if and when in the future, right? Does that help you? Okay, so it's an option on the table, we're talking about what does that mean for us, right? The second question was the switching architecture, the S3500 or something that. The answer is no and no, to be honest, right? No and no means no I'm not going to use it, no I'm not using it now, no I probably won't use it in the future, but I will say that we always have a mind to change, right? So assuming that there's a need or an opportunity, we would always consider every vendor or solution, right? And the third piece of that question was?
Who you use today?
Who do I use today? The switching architecture? A multitude of vendors, yes.
Yes, okay, I think I would love to do that without calling out a lot of names, but I'll tell you the strengths of Aruba versus Vender X. Is that fair? Okay, one is, the wireless space actually is if you talk about Vender X is they don't want to erode their switchboard architecture, right? Okay, so applying some kind of technology advancements or putting a lot of R&D and investment into something called wireless and making it very robust, scalable and extensible to this level that we need it or wanted might not be in their best interest, right? And it seems to be proven so by the amount of the roadmap and their future release in the direction that they've taken it. A wireless niche company such as Aruba, or let's just call it an access company, they have demonstrated by the speed of execution, the types of products, the scalability of those products, the ability to work within these pricing structures and get the R&D out in the space that we wanted to, they've proven to us that they've been able to do it very well and so we're happy with that.
Yes, we're going to hold off on questions until the end. Before we break down to a press conference.
Thanks. Appreciate it.
Mike, thank you very much. So thank you, John and Mike. I thought that was great insight in terms of what we've been talking about, but is obviously, it's always best to hear from the folks on the frontline, that are architective [ph] of next-generation access networks, contending with BYOD. What we thought we'd do next is talk about how we're expanding our opportunities.
I want to make sure. Not right now, yes. You heard a lot about from Dom and Hitesh, Keerti about how the market is behaving, how -- what are the drivers behind the expansion and specifically the broader portfolio that we're bringing to bear on this market today. And I know in past years in our analyst conferences, Mike Kirby, our Head of Global Sales, has talked to you about our focus, our sales organization, our unique value proposition advantage in the market because of that focus. So Mike why don't you come on up. Mike and I thought we'd do it a little bit different this year, given the dynamics and the change in the market, given our expanded portfolio, what we thought we would do is have a little conversation, and the conversation is about how we're expanding our opportunities to meet what we believe are some immediate as well as some rapidly emerging growth opportunities for the company.
Now to be clear, the market and our performance in it that Hitesh talked about earlier, it's a market that outperformed expectations over the past year. We talked about the reasons why, and we've grown faster than that, that expectation. So we've been gaining share over the last year. When we take a look moving forward, we see an immediate opportunity and remember everything that Keerti talked about earlier, we have an opportunity, and we're seeing this today, and we're going to give you -- Mike's going to give us some real-life examples here of an opportunity primarily with our installed base to go in and expand our wallet share.
And this may be with the existing buyer, this may be with existing budgets, often this is with new IT budgets. And it comes in the form of broader wireless LAN footprint, driven by BYOD. It comes in the form of mobility access switching platform. John talked about this as a great example there. But increasingly, it is about more of the security focus budget that may be budget that was previously applied to desktop management, as Dom talked about earlier this morning.
Our Remote Access Points and other -- our VBN story there also is a great entry point for us into broader opportunities. So we think there's an immediate opportunity within our install base to grow and expand our footprint and access new budget centers. At the same time, you look at the market, we see some emerging opportunities as well. One is mid-tier. So just in the past few months, we have -- well, in the past year, we have expanded our channel reach. We've done so with our Dell relationship, we've done so with broader 2 tier and larger direct marketer relationships like CDW, and we've done so with the recently signed new distribution agreement with SYNNEX. You put that together with a virtual controller architecture that Keerti talked about earlier and we have, we believe, an emerging opportunity to drive new customer acquisition and growth into this space.
And then lastly, another key growth opportunity we see is emerging, is in the service provider market. And I know you probably if you follow this space you all hear about the service market, how it's developing, in particular for us with our value proposition in the area of managed services. So without further ado, I'm going to bring Mike in on this conversation and what we thought we would do is bring these growth opportunities to life, and we're going to do so by sharing with you some very recent wins that illustrate both the immediate opportunity we have with this expanded portfolio as well as some of these emerging new areas. So Mike?
Good morning. This doesn't work either, does it? Does it work now? Are we on? Good morning. Does it work? Okay, great. So good morning again. Sorry, about that. Yes, this was interesting. During the break, someone came up to me and said, "Gee, how are you going to, do you have any large financial customers?" And I said, yes, we do. And the person said, "Well, how can you compete with Cisco in that space?" And I said actually I'll have a slide on that. And it's actually not by a frontal assault, okay? Usually what happens in this particular case, a very, very large global bank knew -- or found out that we had a home-office solution. We call it our RAP product or our VBN product line and a couple of their executives tried it. They were very impressed with its ease of installation, its cost, the IT organization was enamored with it. But the key was, it gave us the opportunity to have dialogue with a bank that 3 or 4 years ago we would've never gotten in to see that IT department.
So once the dialogue begins then, and you become a trusted vendor, maybe not strategic but at least trusted for your opinions, you start to learn things. And what we learned was that they had a guest access problem. They were using our competitor's product, it wasn't working for them. And they gave us a try and now, company-wide, we will use our ClearPass to be able to deliver device onboarding to this customer. In addition to that, it has opened up the opportunity for us to discuss with them that same VBN technology that they will use in their branches, and we're rolling that out as we speak. So Cisco may have a lock on an account, but they can't have a lock on every door.
I think there's a parallel to be drawn here, Mike. Several years ago with the AirWave acquisition, right? It was a new conversation away, in that case with a multi-vendor wireless LAN solution that turned into broader pull-through business for us, see a parallel?
Absolutely, because the parallel is customer pain, right? And customers couldn't manage those Cisco networks, they needed to get the best-of-breed device to be able to do that. And of course, it wasn't viewed as a strategic relationship at that point in time. Once the dialogue begins, you start to have broader conversations. We've converted a lot of early AirWave customers managing Cisco wireless networks to our own wireless networks. This is very similar, but I think the pain is worse because the BYOD problem will force these IT organizations to seek the best-in-class solution.
Yes. So here's another example on the financial services arena recently.
Yes. This is actually -- in my mind, we have several very large financials who are concerned about not just home access to the network, but also what happens if they can't get to New York, if they can't get into London or something like that. It's a business continuity thing. So we've seen a lot of large important financials use our technology. Why? Cost, but more importantly it's so easy to install, and so it's just 2 plugs and you've got the corporate SSID in your home office, and it's been very, very successful. I would say it's becoming best in class for the home environment for the large financials.
I think it's another good example. This one's more meat and potatoes perhaps. I talked about -- we have our lives on both market, it sounded more traditional vertical, but BYOD is hitting health care in a rather unique way too that's driving business for us.
Well, to your first slide, it's expanding inside of the customer base, right? Now this is a very large health care system. It's over 20 hospitals, and we were originally chosen for because it was so large they needed something very secure, very reliable obviously in an environment like this. So we've installed -- it's a long process to install 20 hospitals. We're in that process right now, but now the conversation has changed not only do we have that project going, and we have a remote AP home project going for the docs that support this system, but now we've also got a ClearPass conversation going with them, and we expect them to fully adopt a BYOD, a ClearPass as their BYOD solution.
In this case BYOD in hospitals and health care environments, it's the guests and the employees are bringing their devices in, but it's also -- there's different departments that are purchasing medical equipment and instrumentation right, so it's density, right?
Well, there's a density issue, but the BYOD thing is much more complex in this because everybody is not an employee, right? Docs come in and go, lab technicians come in and go. They might be working for somebody else, very, very dynamic environment.
Yes, very good. Next one, we had talked earlier about virtual controllers and architecture. So this is an example of a retail organization, large automobile parts retailer, very distributed brands i.e. store environment. Talk about this in relation to how we're able to solve their challenges with Aruba Instant.
I think that there's multiple stories here. One is, this was an environment where a controller-based architecture at least in the beginning wasn't required. So -- and this was a competitively held account, and we came in with our new controller-less architecture, and that's what we've installed here, 3,500 different stores, one AP per store, it's got PCI compliance, it's got all of the guest access things. These are actually a fully functioning controller inside of an AP. And that's very profound. That changes our market reach, and it changes the breadth of solutions that we have to customers and of course, this is an excellent product for the mid-market.
And Mike, these last 2 industries we just highlighted here, I'd say that health care and retail, right, they've been early adopters of wireless LAN technologies. Health care, probably if you look in the past, Cisco's maybe probably of their market share, one of their highest market share positions, but we're seeing a lot of new traction in that space. And then the retail environment, particularly the expansion of our portfolio, you often saw Motorola as legacy.
In those accounts are now -- we're seeing a lot of, we believe, particular share gain in these 2 more classic adopter verticals.
Well, retail in particular was the very early adopter of wireless. And we're seeing now an upgrade cycle. And I think every retailer is fair game and may the best technology and best company win.
All right. So I got another one here, Mike. Really large, right, Fortune 100 global technology firm. This is a different budget center story for us, isn't it?
Oh, it's much different than that. I've got -- this is an interesting story. This is a big technology company. They've got a wireless business. As part of their wireless business, they've actually got, I'm sorry, they've got a networking division. As part of their networking division, they have wireless market share. Do you think they would want to use our wireless? Maybe some of them would in IT, but I'm sure it wouldn't be a popular decision there. The problem is for them to be able to get 100,000 users guest access because it's called -- their network is called Mobile Net, and it is an employee network, employees are highly mobile and so managing their access to the network, they actually chose our ClearPass solution, and it's running of course in their networking environment.
Yes, guest access has been an application for wireless deployment for a long time. This really puts it on steroids in this case.
Well, it shows how bad the problem is, one and two if a vendor of this size, a technology vendor of this size to be able to come to us to be able to use it indicates that maybe we've got the best-of-breed in the market.
Yes, I agree. Next example, global family entertainment enterprise. Talk about this because this is absolutely an expanded move portfolio play for us.
Yes, theme parks and a company wants to change the user experience in the theme park. So there is multiple ramifications to that. They want, I'm not going to discuss their applications, but they want to make sure that every user through whatever device they bring has access to the park's network. A couple of interesting things, it has our entire product portfolio. All of our outdoor products, obviously, our traditional indoor Wi-Fi products. It's got our remote products in it, and now there is going to be a full adoption of our MOVE architecture with the ClearPass product suite, and I want you to think about this in a different way. This is a hotspot designed for 0.5 million users. We run on multiple fronts, not just technology but also density, the ability to build big networks, big, big dense networks, but that's the design guide.
Mike, you've talked in the past at these conferences about the unique mobility expertise we have within the company. Talk about our ACE team relative -- because this is indoor, outdoor, high-density coverage scenarios, a very dynamic environment.
It's an interesting thing. No other company has our ACE team, a ACE team, the designer requirements that we're able to do for something like this, and our other large public venues is very unique, and we're leveraging it as much as we can.
Very good, output. So we talked earlier, I mentioned mid-tier, right? A very emerging growth opportunity for us is by expanding our channel pace and going after broader, smaller to medium-sized institutions, as well as highly distributed environments with Aruba Instant, with expanded channel base. So talk about this in a particular way.
A couple of interesting things here is, this is again the Instant or IAP product line, the controller-less architecture. K-12 is considered mid-market, but I can tell you from our perspective the deals are very large, and so it's a market we're excited about, and we're going after aggressively. And just to let you know, this was a public bid. So we won this on the technical level, we won it on the price level.
And it's a combination here, obviously, there's a demand for a very cost-effective wireless LAN access for a large number of students in this case, right? But also it had to scale given the size of it like Keerti was talking about.
Had to scale to 180,000 students, and it had to be installed by the people that you would find in facilities in a K-12.
Talk about the role of our channel partner in this particular significant win.
Well it was found, the proposal was developed, the bid was responded to by a channel partner that actually frankly guided us through the process to be able to secure this for us.
Good. Service provider. Lots of discussion in the market about the service provider market in relation to Wi-Fi and different applications for it. We sell a lot to service providers, talk about -- and I mentioned in particular managed services opportunities, right? So talk about this particular example.
So someone else came up to me during the break and said, mentioned that we weren't in the service -- we had backed out of the service, but we weren't in the service provider business and how we weren't going to participate in 3G offload. And I would tell you that I don't view it that way. In this particular case, we've got a retail customer with tens of thousands of stores. They will -- this will be a managed service by a very large Asian service provider who deals directly with the end user. We deal with the service provider. The application is not just running the network inside of the store, but also 3G offload. And this is going to be quite a large and a network we're quite proud of, and it gets us a lot of brand awareness in an important country. And finally I would say to that one particular question, wherever there is a large public venue or a retail environment, we are doing 3G offload. It's something we do every day. Sometimes we do it in conjunction with a service provider. Sometimes we do it with the end-user, but 3G offload is something that we're -- is driving the business in a big way.
Yes. And I'd say in particular these managed services opportunities in this case with these retail stores. Yes, it's about the access for Wi-Fi, but as we show with other examples, this case with a service provider delivering with ClearPass, yes, in particular it's delivering an experience, right, it's delivering in this case different multimedia and entertainment assets to their customers, another case it may be theme park information. So all of a sudden our conversations maybe with the marketing, people like me in the marketing department or others, not just folks within the networking and IT department.
Right, when we were talking about that, that one network with the major technology company, that came out -- that was not an IT budget where we got that.
Yes, good example there. So that's all we have time for today. Mike, thank you very much. Hope you found this a good switch up on how we talked about the voice from the field, right? How we are growing and how we are winning in applying this broader portfolio given the market dynamics.
So last but not least, I'd like to invite up Mr. Michael Galvin to give us his update. Mike?
Michael M. Galvin
Thank you, Ben. Good morning, everyone, and welcome or maybe it's -- maybe we're afternoon now. We must be getting close. Hopefully you've heard a lot of great stuff today about -- by my cohorts about the market drivers, and the architectural differentiation that we are seeing on the access layer of the network and why we believe Aruba is so well positioned as the leader and really in the pole position to take advantage of that transformation.
What I want to do in this update is take you through the way those points brought up this morning, the way they translate to our financial model, and the way we're looking at things go forward. So to start out, I just want to give you a quick recap of the financial strength that we put ourselves in after our first decade as a company which Dom mentioned earlier.
A couple of simple charts. Just on the left is the quarterly revenue of the last couple of years, just very strong linear growth culminating in $126 million quarter that we just finished. And on the right, our cumulative customer count, very, very strong growth of our installed base, putting us at over 19,000 customers. And importantly from a growth standpoint, the last 3 quarters we've added over 1,500 customers in each of those quarters.
So margin expansion. The bars on the left are the last 4 fiscal years, and the bar on the right is the first half of this fiscal year. The top chart is gross margin, the bottom chart is operating margin. So by all measures, fantastic expansion of our margin. The gross margin showing the real differentiation that we're selling in the marketplace. The operating margin, again, including strong performance in the first half of this year, showing the operating leverage that we're bringing to our model.
And finally on cash in the balance sheet. The top chart, cash flow from operations, what we've done the last 4 fiscal years. And you can see in the first half of '12 we've generated just about 3/4 of the cash we generated all of last fiscal year. So again, testament to the model and the profitability and the way it's operating. And our cash balance is approaching $300 million, very strong on the balance sheet. So what does that mean for go forward? Well first, I want to give a recap, the company's been public for 5 years now. And as many of you in the room are aware, we've had an operating model since the time we went public, and that's the operating model I'm showing here.
And a key context to that model is when we went public, we talked about these targets in the context of $100 million to $120 million revenue quarter. When we set that first milestone out for the company, that's where we pegged these numbers. So you can see the gross margin 65% [ph]. Some of our spending levels, the R&D at 14% to 15%, sales and marketing at 27% to 28%, and G&A at 5% to 6%. For an operating margin in the 19% to 20% range.
So what I want to talk about in these next slides is how we've done over the last 5 years and what that means, and how we're looking at things go forward. So first of all, gross margin performance. So what you've got here is you've got 20 quarters of being a public company, those are the bars, and you've got this shaded region in the middle, which is the model we set out towards reaching that $100 million to $120 million a quarter milestone.
And you can see that 65% to 68% range, which I know most if not all of you are aware, we've been significantly outperforming that benchmark. And it really goes to the innovation and the value, all the stuff you heard this morning from my cohorts. The innovation and value we're selling into the market is driving those numbers. So significant outperformance there on the gross margin as we just passed that milestone last quarter, we had $126 million quarter last quarter as we hit that first milestone for our company.
So what are the gross margin drivers for us? Okay, first of all, product mix, alright? We've got a combination of products in our platform, access points, controllers, switches, software, the stuff you guys have heard about this morning. We were very happy with both the performance of those gross margins on those products, individually, and very much the way the platform is selling and the mix in that platform. Absolutely, a key driver on gross margin.
So services mix. Okay, for most of our history, the company has been a -- our services revenue line has largely been a support revenue line. And that gross margin has been kind of in the high 70s to low 80s has been the range there. Well, a lot of what you heard this morning about ClearPass, about software services, and you heard a lot, too, about the complexity of the networks and the complexity of those software solutions that we're building. So something we're looking at as a company is go forward, the capacity of those networks, the complexity of the software installations usually bring with them some professional services, which is an area that we haven't driven a big business in.
We're not going to drive a big business in it, go forward, but nonetheless it is an additional mix with these software services that can start to play into the mix, and I think as most of you know from other companies, professional services can carry a lower margin and can be a bit of a weighting factor, okay? So that's something that we look at. And then finally international mix of revenue. This is something we've talked about a lot on our earnings calls and on the follow-up calls, and we absolutely have a strategy and an ambition to grow the international mix of our revenue.
I mean, it's frankly why we want to get on the path to a much bigger company. It's one of the reasons. As I've talked about a lot, that international mix does carry a lower gross margin to it, selling into a lot of regions, not all regions around the world. There are some absolutely some regions in the world that margin out just as well as the United States, in some cases better. But if you take the blanket of international regions across the world, that would have a weighting impact on gross margin.
So when we look at these factors, like I said, the original model we had from the time we went public was targeting that $100 million to $120 million quarter which we just passed. Well, our next marker in the company for ourselves is $1 billion in annual revenue, okay? And so based on these factors we've looked at, this very strong performance in our product mix and the innovation and value we're selling into the market, factoring in other things like service mix, international mix, where do we see this model progressing at our next marker, which is $1 billion in annual revenue?
And what we've looked with our confidence on what we've seen, if you take this up, we want to take that $1 billion marker and say our new gross margin target in the model is a 67% to 70% range for the company. So a really nice progression. We've obviously been performing very well on that metric and a really nice progression in terms of, if you start talking about $1 billion in revenue and those kind of gross margin ranges very strong.
So let's talk about spending a little bit and operating leverage, if you will. Again, these are the 20 quarters we've been public, and what we've spent in R&D as a percentage of revenue over those 20 quarters. The shaded range is our target model of 14% to 15% and what you can see there is really for the last couple of years we've pretty much been in that band, moving around inside, a little bit outside of that band.
We very much plan -- the R&D investment is the future of the company. All the stuff you heard from Keerti and Hitesh and the others this morning, that's the future of the company, okay? So we do plan to operate within this band for the foreseeable future and holding the model at that like we've been doing. That investment will be both organic and as you've also seen, acquisition-related. The tuck-in acquisitions we've done, et cetera, they're largely R&D centric shops that we're buying, and so we do take some lumps into that R&D line when we buy these companies. That will continue.
So sales and marketing. Okay, the biggest expense line in the P&L. You can see the shaded area there, of the 27% to 28% target range, and what you see here is a really great picture of leverage and investing properly in that line as we go. We invest both in our direct sales force and the direct footprint we put around the world to sell the Aruba products. But then importantly, we very much invest in our channel and to get the leverage out of the channel. And so we've had a really nice progression on that line toward the long-term model. We think that will continue, and we're making both of those investments still, the direct investment and the channel investment we think will continue and migrate towards that target range.
Finally on G&A expense. If you look at the shaded region as the 5% to 6% target, you can see on kind of a macro basis over a few years, we have migrated down towards that target. But frankly in the last year, we've ticked up a little bit on that line. It's something that I've talked about. We've had -- we have been building and investing in infrastructure in the company. Professional services there can be large, a little bit lumpy, things centered around acquisitions, our international tax structure that we set up, legal fees and IT infrastructure and buildout. Again, things that are setting the platform for our goal as a $1 billion company. But I can tell you despite that tick up you've seen this year as a percentage of revenue, we don't expect that to continue and be a trend. We do expect that percentage to migrate down into the 5% to 6% range.
So when you take all that into account, what does it mean for operating margin, both the gross margin and the spending issues that I've talked about? Our model up through $100 million to $120 million has been 19% to 20%. We are now -- like I said, the next marker is that $1 billion. So when you factor all these things in, the way we picture the operating margin targets go forward, you follow the bar there is a 20% to 23% operating margin range.
Again, we think these are just very positive directions and very positive statements about the way we're adding leverage to the company and selling the differentiation that we do. So what I just went through is $1 billion -- it's our next milestone, okay? But we're not going to get to $1 billion tomorrow as much as we don't like that to happen, right? So there's -- we're going to get there over time.
So what about in the near-term? How do we feel about the operating model in the near-term? Actually, I jumped ahead a slide. Let me just do a quick recap here. I think you guys got all this, but basically if you take the IPO model to the $1 billion model, you can see the gross margin range from 65% to 68% to 67% to 70%, and the op margin range from 19% to 20% to 20% to 23%. Okay, so now what about this near-term? Okay, as we go on a path towards $1 billion, how do we feel about that?
So first of all, I'll describe my own definition -- I'll describe the near-term as the balance of our fiscal year '12 which is the next 2 quarters and fiscal year '13, so roughly about 1.5 years. Okay, how do we feel about things in that timeframe? Well like I've said, the gross margin has been significantly over performing. We feel good about the differentiation we're selling, the way the product mix is built. So we do feel good, very good about the 70%-plus gross margins in that timeframe compared to the 67% to 70% long-term as a $1 billion company. We're going to continue to balance strong gross margin with investment for growth. That will just continue, and we'll continue to make those trade-offs and decisions.
So in this kind of 1.5 years timeframe, 20% to 22% operating margins. Last quarter was the first quarter we surpassed right at that revenue mark, that target we were trying to get to, which was 20% and above. And so we feel very good in the next 1.5 years for this 20% to 22% range. And importantly on the tax rate which was a new phenomenon for us this year, we became a taxpayer and set up our international tax structure, we do see in FY '13 a slight improvement in that line, and I'll talk a little bit more about that.
So a few other just planning assumptions for everybody to kind of keep in their spreadsheet, if you will, or in their back pocket. So I talked about tax. As I think you all know, my guidance for this year on tax is 28% to 29% and an important thing for everybody to remember on that line is the U.S. versus international mix of revenue is really the key thing, and that's not unique to us. That's unique to any companies with a international tax structure. That, international mix of revenue over time is -- there's a lot of variables in the equation, but that's the single biggest driver, okay?
And as we try to grow that business up, okay? Like I said, we think we can get a 1% to 2% improvement out of that in FY '13. So the FY '13 of 27% to 28%. And importantly, the long-term improvement as you all see with more mature companies who have grown their international piece of the business to significant levels as that improves, we do think we can come down through the 20%, get to the mid-20s and ultimately multiple years out when we're a bigger company to continue to pull that down through the 20%.
Like I mentioned, tuck-in acquisitions. We will continue to focus on -- you've seen Amigopod, you've seen Avenda, you've seen Azalea; these companies we purchased over time. We will continue to focus on those and make those acquisitions. It contributes to maintaining our R&D investment levels, and we'll use -- importantly, we'll use a mix of cash and stock on those acquisitions.
So our channel mix will remain predominantly 2 tier. It's been the vast lion's share of our business for a few years now, and that will remain the case. And then like I said, expanding that international footprint. And then the thing to remember there, too, is I talked a little bit -- there's a little bit of a plus and a minus here. I mean, one, we're getting a bigger revenue footprint out there. I talked a little bit about it as a little bit of a weighting negative impact on gross margin, but it's also a benefit to the tax line.
So you just kind of think of those 2 things as you think of us trying to get to a bigger number. So that's an update on where we're at. We're extremely pleased with the first 5 years, the 10 years as a company, 5 years being a public company. We're extremely pleased with getting to that $100 million to $120 million a quarter revenue state, and the way the operating model has performed during that time. And hopefully this sets out for you now our next marker, and what we're looking at doing with that operating model.
So with that, I'd like to hand it back over to Dominic who's going to give his summary, biggest points from the day that he'd like to get across to you.
Dominic P. Orr
Thank you, Mike. I think the company has closed in on our first decade and launching on our second decade in this conference. We ask ourselves as we make through this turn what could be the biggest question mark in your mind, and I think it would be a fair guess that there will be a combination of growth and long-term sustainable differentiation. And the 2 actually are coupled in strategy, but need to play out in time. Growth for the last couple of years, we have been delivering somewhere between 35% to 45% range year-over-year. So the question is, over time can we sustain that? And my answer is, unquestionably we can. So why is the guidance for this quarter in the 25% range, right? So if you look into the makeup of our revenue for the last quarter, on Q2 that we deliver, we did announce that we backed out gracefully, hopefully, of a low-margin China service provider hotspot business. Notice the emphasis, it's -- we actually are growing in our China service provider business, putting the enterprise managed service side. In fact, it's growing very nicely. What -- we did not say we are backing out of the global 3G outflow or Hotspot business. We're just saying that there is certain market that we grew very well and then we found out it is not profitable. And I was talking to some of the -- a view in the BRIC and said that this is the time that I decided that I want to pull out of that market with the last bid we had, we had 35 other bidders on the same RFP. And I didn't even know the last time I checked, it was people that were making the equipment.
We believe and that, in fact, mechanically the last quarter and the probably a couple of quarters to come -- from the year-year, year-to-year comparison.
And the second thing is, we talk about wireless LAN market share. And that is a peer Layer-1, Layer-2 measure. And we talk -- and the company as a strategy, had decided many years back that when we grow up to be that multibillion-dollar company, this is a mobile secure access company that excels in wireless.
We're not a Layer-2 wireless LAN-only company because we know that the long-term access Layer-2, Layer-1 access company, it will get harder to differentiate. Therefore the company strategically invested and we've shown you, step-by-step the last couple of years of software value in Layer-4 and Layer-7 and with particular differentiation in Layer-5 to 6, to the Edge. So as we're coming into this term, we’re picking this asset, and using BYOD in the general enterprise as an entrée. Our strategic mission, need to continue to be the leader. We changed our mission. In the last decade of our company, we say we are -- we aim to be the clear alternative to the incumbent in the wireless space for the enterprise. In the second decade, our aim is to be the leader in secure mobile access for the large distributor enterprise. Our go-to-market effort, our R&D effort, in this turn, are we gear to focus on long-term wallet share in this -- annuity accounts, while we still derive revenue momentum from our traditional vertical of health care, education, retail that are more project-oriented. We are restructuring our sales force to support in our product roadmap to get into and successfully sell this large distributed international enterprise for sustainable differentiation and repeatable wallet share.
So the next few quarter, you will see that our successes in penetrating this account is going to be increasing, but the rate of revenue acquisition, will be somewhat different from the project base, campus by campus, edu, hospitals, the retail shops, all right? So I am positioning the company to make this turn so that we can, next decade, to get into the leadership position for that high-value, high-margin general access market for the large enterprise using wireless and using BYOD as an entrée. That is the Aruba vision for the next decade. So I need you to understand that vision. With that I, think I'd like to invite my colleagues up to the stage and had you shook. Yes, Mark?
Mark Sue - RBC Capital Markets, LLC, Research Division
It's Mark Sue, RBC. Dominic, as we look at your revenue trajectory and kind of how you're messaging the turn of the business, what should we kind of think about the revenue composition near-term as it winds down from the Wi-Fi access business and from a hotspot access business? And how does that -- when do we kind of see a year-over-year acceleration from a top line growth perspective as we go for these larger accounts and a repeatable business?
Dominic P. Orr
Okay. So everybody heard the question, I assume. So there's 2 elements in it. There is the element of we backed out of the low-margin China hotspot business. What's the impact? I think there's a couple of more quarters of impact. I think we have about 3 quarter ones. But we really foresee them in the Q2. And the second aspect is that revenue acceleration beyond the traditional vertical in the enterprise. What we find is the selling cycle, for now our traditional vertical is probably into the 3 to 6 months range and the large enterprise where traditionally the incumbent is stronger, is taking more of a 6 to 12 month cycle. So it all goes back to 3, 4, 5 years ago in the core space. So I would say if you look at that in combination of probably you are looking at 3 to 4 quarter denominant. When I get question when we can have a reaccelerated of growth because of the broad wallet share capture in the larger enterprise.
Mark Sue - RBC Capital Markets, LLC, Research Division
Okay, so mechanically, Dom, does that mean beyond the near term, we see EO VO revenues actually slow further? It goes back up or?
Dominic P. Orr
I'm saying that people that there would be some total mechanical effect on the next couple of quarters of the year-to-year comparisons and then the rate we are acquiring new business is going to be a bit, a couple of quarters longer sales cycle than the rate -- we will continue to gain market share I'm sure, in the retail and the health care and the education verticals. Those revenue growth will not decelerate. I'm just saying the new business that we venture into for the large enterprises, those incremental ramp is going to be longer sales cycle...
Mark Sue - RBC Capital Markets, LLC, Research Division
So a couple of quarters have returned to a baseline and then reacceleration on top of that?
Dominic P. Orr
Yes, further exploration.
Mark Sue - RBC Capital Markets, LLC, Research Division
Further? Extra, exemplary.
Dominic P. Orr
But of course I'll place where we guiding one quarter at a time, so I don't want you do extra math on it.
I want to ask some questions on the ClearPass product, obviously you've a lot of interest in that product. Dom, could you talk a little bit about because of the ClearPass opportunity, and specifically, cross-selling. As you look out maybe 5 years from now, is ClearPass a product that's going to be penetrated to 10%, 20% of the installed base? Or could this be potentially more pervasive in impact and be insolvent across 50% of the installed base or more? And then Mike, what are the model implications of ClearPass? What's the gross margin implications as we think about that business? And then revenue, kind of model there, is that still going to be priced on a kind of per user, per device basis? How does that work?
Dominic P. Orr
Let me take the first part. And so when you look at our kind of go-to-market model, this is traditional direct touch campus network for enterprise, for edu, for healthcare. I think in that space, my expectation is ClearPass will have a penetration of way more than 50% of our, any customer we touch in the future. And then we have a piece of managed service business through the service provider partner. I expect that, that ClearPass will actually have a much higher, even concentration because of service provider orientation needs to apply the act of control, apply the device management, and so on. So I think that is going to be a significant differentiation in our go-to-market through a service provider channel. For example, that stake [ph], the, one of the biggest hotspots that we helped to create that is 0.5 million people hotspot in order to impact. You can imagine that the service provider will provide that hotspot, actually would use every component of this access control and the [indiscernible] and so on. And then there's the third piece, which I think we just starting in the business, and has not kicked in, the growth engine yet is the meatier business which traditional don't touch much, particularly domestic in the U.S. Now we have the full suite of Aruba instant capability. We're going to go, really go bust out in that market. That is more of pure connectivity market. I do not expect ClearPass penetration to be that high. So does that make sense, the 3...
Dominic P. Orr
Okay, so I said 2 components of our ClearPass, right? The first component is this whole policy definition and fundamentally 90% or more of large enterprises run their policy on Microsoft active directory. Or equivalent alt dev product. This structure, for decades, is set up to address employee's hierarchy and device volume. In fact, Microsoft device profile, right? And what we are saying is the world has changed. There are more and more of employees operating in the network. There are employees and that they bring in devices that is not on your directories. There are employees through the BYOD phenomenon is bringing in the device that is not in the directory, plus we have more and more of these devices are not Microsoft made. So in -- the clear -- one of the advantage of ClearPass is basically it lets you, in the next several years to come, to extend your enterprise class policy engines to adopt the user dimension and the non-company-owned device dimension and that is a solid platform. I think that is a unique platform in 2 -- and so that is story number one. Number two is that this is a policy management platform that is applicable not just to wireless, but to wired and to remote. But the third and the most long-standing differentiation that I believe that we have an insurmountable lead is coupling that step of flexible extensive policy definition to the enforcement [ph] engine, which is the controller, which is staring at Layer-1, Layer-2, as we have demonstrated time and again to you this morning. Nobody in the industry that we know of has an R&D program that is doing those 2 dimensions in the same -- under the same roof, not to even mention couple them together. And that is the most exciting part of the story that I -- and I feel most if anything.
Yes, so on margin with ClearPass, it is largely a software business, and so that's absolutely a positive to the gross margin profile. We've got other things we talked about that are maybe negative aspects of the gross margin over time, but without a doubt, ClearPass, the software services platform that we've been talking about it's a positive, to the gross margin profile, it's largely software.
Just if we could take a step back and think about the growth profile of the business. We're thinking about a revenue growth reacceleration. And I guess part of that can come from the core enterprise wireless networking business, maybe if the view is that, that reaccelerates. And then part of it comes from software bells and whistles. And I guess any clarity you can provide on where does that come from? Is the view of the company that the enterprise wireless networking market accelerates? Or is it these other pieces of the business that are accelerating the total revenue growth line would be helpful. And then also, if you could comment on the sales discussion. It's taking longer, the sales cycles are taking longer. Is there --
Dominic P. Orr
For the new account, for the new enterprise account?
Yes. So if there's any change in the tactical sales discussion, maybe that's happening now that maybe close deals faster or something?
Dominic P. Orr
So let me just adjust that and give you a finer grain profile. The sales cycle for BYOD management actually is very quick. We have a short, a 30-day sales cycle in getting into the helping people kind of managing the iPad. So from there, from that Trojan Horse, to say hey, let's look at your remote product, let's look at your next wireless refresh cycles. Wipe out some of the wire switch and so on. That is the cycle, the claiming of the wallet share is the longer cycle that I'm talking about. In fact, the BYOD cycle even in the large enterprise is well within 90 days. I just want to make that clear differentiation. But this thing is, we don't want to just sell, what you say, the bells and whistles. We need the bells to pull the rest. And don't forget the wire access part is well. So the remote access, the core wireless LAN, the wire access and what you call the bells and whistles. So those are 4 components in there.
[indiscernible] On the gross piece, does the acceleration come from the core market or does the acceleration come from these new markets and newer products?
Dominic P. Orr
From both. Do you want to expand on that?
Yes, the only thing I'd say to you as I look into the questions you're asking, these core wireless end markets, I think as you've talked about time and time again today, is in its I'll assume it converts strongly, is in its early innings. So the acceleration that we're going to see, the adoption of wireless LAN is only going to speed up from where we are right now. So you can expect that we're going to drive a good portion of our growth from that. But we have ambitions to grow beyond that as well, and to Dom's point, to get into the adjacent part of [indiscernible], introducing the spot of our growth solutions. The sales cycle ultimately sell that solution is a long term cycle, okay? That is not to be confused with what it takes to go and sell and drive growth from core wireless plants. Does that help? Okay, all right.
Jeffrey T. Kvaal - Barclays Capital, Research Division
It's Jeff from Barclays. And I have 2 angles. I think, Mike, first as a clarification, would you mind reminding us what the contribution from the discontinued China operations were? And then secondly, I guess perhaps, for you Dom? Could you talk a little bit about the competition, not necessarily from the point of the larger vendors, I think you spent a lot of time talking about that. I think we do hear about new entrants to the market from the private side, and in particular, I think we have heard out some of the similar themes about application awareness, context awareness, et cetera, et cetera coming out of those folks. So that makes you worry there's acquisition risks, that one of the larger guys can snap up some of that capability that you've talked about today.
Michael M. Galvin
Yes, so the China hotspot business, the bulk of the revenue impact was Q2, the quarter that we just finished, and then the bigger impact was Q3 and Q4. And a couple of things we said last quarter, we reported 35% growth. We said that last quarter at that was ramping up the growth, would've been 37%. That's the impact from last quarter. These next few quarters, Q3 to quarter we're in, and next quarter, we had about $5 million to $6 million of revenue, Q3 and Q4 stepladder '11 last year, in those quarters. So that's the revenue comparable that we're going up against. And then when we get to Q1 '13, that's where that there's still some we had in Q1 of '12 this year, but the ramp down is pretty significant at that point. So it's really these next 2 quarters are the tougher comparables.
Dominic P. Orr
And regarding the smaller competitors, they are primarily very active in the Layer-1 or Layer-2 space. And most of that in relation, really is happening, either in there radio or the antenna or the access point. Just take advantage of the increased performance of the process and access point. So let me give you an example. You mentioned about application awareness. Maybe because of the increase in processing power and access point you can be aware of an application. The question is, can you do something about it? You need to -- in order for you to do something about it, you need to provide the core infrastructure that's where the controller or switches and so on. It is not only necessary to detect what's happening, but to take an action. And again, coupling the taking of action is the comprehensive R&D program Aruba has, is that everything we said, we in place to take an action, be it remote, wireless or wired and it is a newly found action, right? So the egg, will, for example, I detect that somebody wants to do a printer. Independently well that printer is hooked on to wirelessly or on the wired system in the same network or not. I can enforce it, right? But that enforcement piece is lacking. So you have a very large infrastructure company buying one of the smaller guys, okay, you have the awareness, but they have to go retrofit their last 10 years' inventions that already has been stocked up out there to enforce -- to implement the enforcement. And that is really where we have to attend.
Dom, if I may add, I think the other thing Jeff said that's probably worth noting here, you've got to look at this in context of the enterprise access architecture. A lot of the point vendors are talking about as it becomes point there are you're layer 2 -- there are layer 1, layer 2 vendors at some semblance of okay, we can understand what packet is going through, but really. At the end of the day, when you look at the access architecture, and what did you do to simplify it, extract the software intelligence, centralize that and deliver a policy engine that can manage that network. That, I can assure you is a non-trivial thing to do. And even in our case, ultimately it led to an acquisition. And this is that readily doable, we're going to just build the software ourselves, right? And the other thing note here is that if you look even the way the market is looking at the enterprise network, Gartner, as I'm sure all of you here know by now, is moving away from just pure Layer-1, Layer-2 wallet and metric quadrant, they're now looking at unified access, because that's where the transition is occurring, okay?
Just 2 years ago, everyone was focused on margin [indiscernible] margins and stuff. Now it does going to be a lot more [indiscernible] that's where my question is going as well. So I guess if we x out, sort of that China contribution, Mike, if you look at like the last 10 quarters, the contribution from quarter-to-quarter-to-quarter has been somewhere around $7 million of incremental revenue. So Keerti, you keep saying that we're in the very early innings of the core wireless. Is that sort of the way that we look at this market? Is that it's an incremental bump of somewhere around $7 million? And then, probably a follow-on easier question is, when you're talking about the AC, you were saying that the AC market is going to be predominately consumer in the early innings. Could you sort of talk about why it's going to be focused on consumer versus enterprise, and what those applications would be?
So first of all, I want to thank you for calling me Keerti. So I got distracted there, so I got the second question about AC. What is the first question again? The discussion –- the description about the early innings of wireless interruption in the enterprise is directly tied to the rate at which we're seeing BYOD explode. The China hotspot thing is not directly -- I mean I'm going to make sure I understand the question correctly for this, but that China hotspot market that we entered and then we decided to back away because the margin consideration and all that, is in one way reflective of the exploding need for wireless LAN. That is not directly connected to the exploding need for BYOD inside the enterprise. Those are very different things. The, that -- when I say we are in the early innings of wireless LAN adoption inside the enterprise, it is directly correlated to the explosion of BYOD inside the enterprise. And then what that can do for us as a business in driving our growth. Does that -- I'll make sure I'm answering your question.
Dominic P. Orr
And our growth. No, it's not good where it's -- there's nothing magic about a $7 million incremental vehicle. I'm very sure when we make that turn, we get the wallet share this thing's going to blow away and we'll never even look back at that $7 million.
So again -- say -- I think I'll take the easy question. So the chipsets have just been announced by the semiconductors, actually vendors like Broadcom, they announced that their chipsets are available for AC. By the time it -- somebody slaps some software on it, and brings it to the market, usually the consumer guys, whose main goal is basically is 0 to 16, 2 seconds type metric, they'll probably come out to the market first, and we expect some demo [ph] class products to come out hitting retail stores, second half of this year.
Dominic P. Orr
Which absolutely do nothing for you other than the fact that you bought a gigabit router.
It integrates completely -- there's not a lot of devices, frankly that can take advantage of AC. So you're just going to buy it on "Hey, this thing can do 1 gigabit per second." And there's some market for that, and people will introduce that. In the enterprise it's a different game. I mean they're looking for true capacity improvement, and it does not always come from necessarily sending packets at the highest speed. It Comes from channelization, proper spectrum management, from managing URLs like this and the device mix to date, is still primarily 11n, right? If you look at what’s out there. And to take advantage of that, AC is not necessarily one to help. So enterprise folks know that. But nonetheless, we will -- we're going to -- as one of the leading vendors in the wireless LAN space, we will have products 11 AC products come out, enterprise-class 11 AC products, not consumer-class. The device memory footprint, that ICPU architecture, et cetera. And with that hits the market, we expect it to take a very similar trajectory as 11M, because for customers that are doing a initial evaluation and rollout of a wireless network, they will like the future profits so, they'll probably pay the premium to go with AC, but if you're already in the midst of a rollout of 11n, you're most likely going to stick to that rollout and complete the rollout so.
I don't see a particular application, to be honest with you, that is going to drive it other than just the bulk need for more capacity. More users -- if anything, BYOD and the ongoing trend of BYOD, plus the video traffic overall is going to drive basically more capacity. And then customers have a choice saying, "I want to future-proof for AC, even though my devices are not there yet." They'll probably make that choice, assuming they can afford the price premium for that, at least for the initial phase of the rollout. And after that.
Dominic P. Orr
So if you just take a history of 11n 3 years ago, what we saw was, first of all, people waiting for standardization for the [indiscernible] to finish, and second is they weigh things with a premium. When it first came out, for example, in a large university environment so they will say well, we'll just take premium, I'm going to just put it in the lecture hall. And then when the premium, drop below I believe the magic formula's somewhere, 1.3, 1.4x, then they say let's just go for it, right? And so I think there will be similar dynamics is going to happen.
I guess either Dominic or Michael. There seems to be some disconnect a little bit between kind of the way you're describing your outlook and where the street models are from a revenue perspective. I think street's kind of 25% year-over-year this coming quarter, and then things taper off from there. You're describing longer-term on acceleration. I think you're suggesting that it'll be in the 35% to 45% range, that's where things come back to. Is there any -- is the 2 scenarios weighing on the growth, are the, the China piece? And then this longer sales cycle that maybe plays out for in the outer quarters.
Dominic P. Orr
So I think in all reality, we still – we’re looking at this extended TAM, right? But we have no right to claim it yet until we prove to you that we can get access to it. And so we have -- I have no problem, people modeling us as if we are a wireless LAN company only for now until the proof point comes and since we are not guiding more than 1 quarter I feel like I have not in a position to deduct.
And you don't see large numbers reducing that 35% to 45% longer-term?
Dominic P. Orr
Ultimately yes, but there will be when we are a multibillion-dollar company. Right now, we have nothing.
Last question, then. Any thoughts of buybacks or anything that would reduce dilution from options and whatnot? Or how are you thinking of cash?
Michael M. Galvin
Yes, so a couple of things. One is just to get clear in everybody's mind, nobody on the stage said 35% to 40% future growth, as Dom said. So yes, with regards to buyback, we always -- we're always looking at our capital structure, our use of cash, things like dilution like you guys look at. We obviously don't have anything on the shelf right now. It's -- there's a lot of things that go into market timing, market dynamics, et cetera. So it's one of the things we look at. We obviously don't have anything on the shelf right now, but it's -- we do pay close attention to managing dilution, and in kind of targeting that issue. And you can do it from a variety of ways, a buyback is one of them. And so that's one of the things we have on the table.
Sanjiv Wadhwani - Stifel, Nicolaus & Co., Inc., Research Division
So question for either Keerti or Dom. Just trying to get some clarity on the abg migration because I think from the user group, you mentioned that half of your customers still have abg, it looks like though that, that migration entails a larger number of access points? I just want to get a clarity on why that is, and maybe pick up the example of Brandeis where they're replacing I think 700 with 2,200 or whatever the number was, access point. Can you just talk about what the dynamics are between abg?
Dominic P. Orr
Yes, I mean, I'll tell you anecdotally what I see when I talk to customers. Basically a lot of -- and this is not the core verticals, right, if you take higher education, healthcare, retail and others. There is the high tech verticals. They have been much more aggressive at outsource of mobility, so the transition to 11n is more aggressively happening there. But if you take the traditional enterprise, where wireless LAN has, until the BYOD phenomenon has been a nice [indiscernible] . That transition has happened. And what the build-out -- the traditional enterprise has done has been centered mostly around guest access for conference rooms, and technologies like abg was what they used. So there's some coverage. But the vast portion of the converative [ph] space, so to speak, is not covered. So when you look at the next investment that you make on Wi-Fi, you're probably going to go and try to cover what is not covered. And that technology is going to be covered with 11n today. While leaving the abg infrastructure as is, because it still provides some coverage, then go back and interpret and change that with 11n, so there's a -- and that's why we feel it's in the early innings, because while the core verticals are aggressive at out turns, the maintained enterprise [ph] , I think is coming from behind, they're trying to catch up. So there's a lot of discussion right now around how do I deal with BYOD, and this lack of having the wireless signal everywhere is a big issue. So that's how we feel like there's still a, an opportunity to transition abg to 11n, it's not completely done yet.
And part of it is also there's a 5-year time lapse now between the network design then and now and the device sense probably more than quadrupled, so people are reducing the sell side to make sure we have coverage. So when we started I remember the recommendation was roughly 4,000 or 5,000 square foot per access point, now a lot of customers doing 2,000, 2,500 square foot with 36% footprint overlap. So your routine really screams up because the cost, when you have to open up the ceiling and so on, is not in the access point, it's in the whole engineering project, and so they would rather just model over provisions. It's just like nobody ever needs other than the vendor telling you need 4 to 6 port of Ethernet per user, right? That's why you put in the cable, while you're doing that, and while you're turning the switch installing a couple more, it’s presenting always.
Yes, I mean in terms of the design point, the 5,000 square foot, we use our design for 10 devices, 10 to 15 devices. Today 2,500 square foot, we design for 50 devices.
Yes, I'll repeat the question. A very good question And that is, I think, the most interesting counterintuitive observation of mobility. The question is, it is -- we talked about centralizing this weird [ph] controllers with the virtual control architecture and as network scale, the intuitive thing tells you that the more distributed a hotspot already can take advantage of, the more you can scale your network, okay? And that is true for a fixed network, but things don't move. As people try to move around, it's all a question of how and where you manage state, right? And stated user device location and application. At this completely distributed world, where the state of living at the edge, the state needs to move around now, with the user. And managing that is what causes the scaling problem, right? So you're moving session state, user state, device state there's a lot of control plane and data plane CPU that gets chew up in managing that state, right? By centralizing that in the controller, you are not basically offloading the access point, so it can do its job of picking up packets over the air and putting it on the wire, and not have to do all this extra processing. And basically use the mobility controller as a server boost, to overall boost the performance of the overall network itself. And that is the counterintuitive observation that I think is the most interesting one, as you begin to scale. And it's all because of the mobility issue that is afterward [ph] .
And I think it's a very, very important point is just as you go and track live, Google is winning against the incumbent, one good reason is there's a famous saying – if you put Aruba wireless LAN overlay on top of the existing line infrastructure guy, you don't need to touch that slide infrastructure, right? And if you buy a wireless LAN from those -- each one of those wired infrastructure vendors, you actually have to go back and touch it. And the difference is because you know mobility control is one of the big thing that we do is we remap the mobile user road, because we are user-centric to the fixed network. It turns out from 2 decades now, networks are organized seconds before this VLAN which is basically separating things each floor, separate one another in each floor, approximately, let's say 100 devices, right? So what this network has is 100 devices, saying that it's all locked in called VLAN, and other infrastructure, and now with mobility, people keep walking across all of those boundaries and that is what drives a lot of the sales managers crazy and Aruba's saying forget about all that. Let us assume they just come through that as we map the world for you, of who you are, independent of those segment of every 100 desks. And that need does not go away because those networks have been built about 20 years that way. So you put a virtual control desk, what you punt is that using the network guy is now saying, ultimately all the wireless traffic has to back the backhaul through a wired network, right? So that wired network guys have to bear the burden of keep reconfiguring to figure out all the mobility needs. And I think that is -- and the bigger the network, the more of those mapping it, and the stronger the control architecture. So a lot of people just totally, conveniently ignore that aspect. A lot of this wire network managers, they have said they have done they have lay out the network for the last 10 years that way, and they have other things to do than to go back to redesign the wired network because of mobility projects.
No, in fact, the question was don't you loop performance backhaul into a central point, absolutely not. Because in fact, as I showed in the slide, we actually gain performance. Because the same traffic as you're not U-turning it through the network. And that is the counterintuitive part, right, is by putting that controller in the middle, a package shows up on the network only once, as opposed to 3x, right? And that you are actually reducing the burden of packet processing in the network by putting a controller. So that -- I mean overall, is something that, it requires the next level of just examination just to understand that. And that's something a lot of our large customers resonates with. And no building that I know of is bandwidth constrained on the CAT 5 connecting the access point to -- you have bandwidth constraint on the Internet pipe, you’re bandwidth constraint on the air. Nobody can even use that 100 megabits for depth not that some of the [indiscernible], so that is really a no.
It'd be great to get Dom's as well as Mike's perspective when you kind of think about these new large enterprise accounts beyond just the simple lengthening of the sales cycle, what changes from the direct sales force standpoint, if anything? And then also from the distribution channel, what do you need to do to get that fired up?
Dominic P. Orr
I'll let Mike answer the question about the screen share. But I just want to clarify one thing. I want to clarify one thing, is I'm not saying we are lengthening the sales cycle of the wireless LAN, of BYOD. But in those large enterprise, we have a vision of being the next tier -- next-generation access vendor, providing the full access, right? From the wire and so, and that cycle is longer than the typical wireless LAN only going into a hospital and saying, I set up a wire [ph] . Because our next growth is going to be in that space, so we should have fairly long expectation to gain that. It's not like that the wireless LAN cycle is lengthening or anything -- it's that one it's just relative to our aspiration about getting more wallet share; that takes more time.
Michael M. Galvin
Just to add on to that. I would say the difference is an architecture sell versus a system sell. The sell system is that is what we have always done, install wireless systems. And that is actually shortening, because people need them worse now than they did a couple of years ago. But the entire architecture, to be able to re-architect the way you build a network, I think that is what Dom was referring to. I see -- I think your second question was what you do with the direct sales organization? What you do with your partners and what you going to do with distribution, right? Expand them all, is the answer. I mean, I don't think we've got a flood sales model right now. We've got things that we can improve upon, and relative to bringing in more distributors. But as the brand continues to grow, the acceptance by distributors that wouldn't talk to us years ago is increasing. We have to develop more -- one of the reasons we've always won is because of the level of expertise in our core market, right? Well now as we leave that core market we're -- and getting into new markets, we have to develop new centers of excellence there to continue to be the best-of-breed for those segments. That's going to be a challenge for us, but I think we're up for it, we've got a plan. But I don't see anything radical happening other than just getting better.
Dominic P. Orr
I think the only thing I will add is that obviously for Aruba Instant, we're creating a lot more kind of indirect channel, and channel manager rather than the [indiscernible] of ASP what for, and I also personally expect that the service provider will increasingly become a stronger mix to our go-to-market. Again, not so much to hotspot business rather than managed service business. Particularly internationally, we're seeing more and more important projects we're going through service point in the retail space, in the hospitality space and so on.
Maybe one just brief end point on that. There is what Mike described, there's also, if you look at the IT community. If you talk about architecture, right, foundation walls, roofs, right? If you plug that to architecting for this mobile world, you can say there's wireless [indiscernible] expertise, there's how do you secure this new environment, a lot what Dom talked about, and how do you contend with the manager's mobile devices? Connecting those 3 dots in terms of the core technical competence in the market, with an IT organization, it's rather rare to find that. So I think it is worth noting that in addition to what we're doing in our go-to-market front, a key part of that is getting very aggressive in training and education certification around connecting those 3 dots. And I think part of this ecosystem is, simply put, there's a lot of certifications in the market today, kind of based on the old switching and routing and product-orients in the world. And so one thing that's a big part of my organization's focus is how do we push out this technical advocacy and training that connects those 3 dots together, which I contend is kind of the new mobility era architecture, so that the kids agree, right? That we're selling into it the IT expertise that's more conducive to thinking about these new major areas together. So I think it's worth noting that's a major thrust and focus for the company.
I wonder if we could drill down a little bit on the 3,500 switch product because it seems like that -- a big link to this vision of getting to the bigger piece of your customer's wallet. So we're about a year into this. How do you guys sort of measure success with that? Where are we within this, I don't know -- John's still here, but he seems to be early in the customer base, and he's maybe even early in his purchasing decision? I'm just trying to figure out how to size all that up.
Yes, I think the -- given the procedure in the product life cycles, the best measure is design win. And we've got a pretty significant list of design wins at this point, okay, and because they tend to be architectural in nature. Remember, the kinds of customers who are going to gravitate to the 3,500 from us are people who buy the architecture, story. They're not -- I think this is really critical, we have said this before, but I just want to say it again. We're not simply entering the Layer-2, Layer-3 switching space. That is not interesting. That is simply not interesting. But insofar as the customer buys into the mobility architecture that we are talking to them, they've essentially, and more often than not, there'll be existing Wi-Fi customers who understand the value proposition. Those are the customers who are going to gravitate to trying not to switch and then ultimately buying the switch from us. So the measure for us in this period of time, and I would say even for the next several quarters, is really growing that base of design wins to create that foundation for ultimate revenue growth.
[indiscernible] timing of that? What is the relative size of the revenue that you see there, relative to the size of the design wins still very, very small?
Dominic P. Orr
Have to understand in a switching and a structural think is once you've win a design for from pilot and so on, you have to wait for either the existing switching retirement of the current box, or you have a new facility. So not too many people have the guts to go to the boss to say that I think it's a good idea to change a lot of switches, so we're running out of things to do, or we have too much money, right? So that, what we want is to penetrate all that as they turn, either through the presence of existing one or they have a new facility come up and we're not monitoring that and that is part of the longer cycle that I referred to, you have to sell the concept and as they churn.
One thing that is unique in the way we talk to our customers that differentiates us in a good way, is their interest and ultimately, it serves us well as well, [indiscernible] switching vendors, people who have wired parts, who go to the customer and say, you should buy as few of these as possible. We actually are [indiscernible] rightsizing and really, it's all about wireless and you have few of these as possible. And we tend to be fairly unique, well we go and do that, vis-à-vis, anybody else who follows us or has been there before us, who is saying exactly the opposite. Okay, and that, that puts us in a good place.
I think that does it for Q&A.