25/3/2019 Gartner Reprint

Licensed for Distribution

Critical Capabilities for Wired and Wireless LAN Access Infrastructure

Published 21 August 2018 - ID G00346712 - 37 min read

By Analysts Christian Canales, Tim Zimmerman, Bill Menezes, Mike Toussaint

Trends such as network automation, use of richer analytics and the need to secure IoT endpoints are emerging as critical components in
access networking solutions. I&O leaders can use this research to assess vendor hardware and software capabilities across six enterprise
access networking use cases.

Overview
Key Findings
■ All vendors serving this market can provide the needed functionality to serve basic connectivity needs, yet capabilities can vary significantly for
network application services such as policy enforcement, network management and assurance, and locationing.

■ The Internet of Things (IoT) has begun to play a bigger role in wireless LAN (WLAN) deployment decisions, including related security implications.
The diversity of IoT devices has made authentication and device identity management methods more challenging.

■ The use of artificial intelligence (AI) and machine learning (ML) technology can further complement the use of analytics for root cause analysis
and problem remediation, especially for wireless.

Recommendations
Infrastructure and operations (I&O) leaders responsible for planning, sourcing and managing wired and wireless access networks and related
services should:

■ Shortlist vendor proposals by identifying how each vendor’s network service applications match with the level of services required for both new
and legacy access network infrastructure.

■ Assess security capabilities for IoT use cases, such as secure tunneling and automatic detection and segmentation functionality. This will help
separate IoT solutions from the rest of the corporate network, since IoT endpoints are prone to weak or nonexistent authentication.

■ Implement best practices for strong implementation of WLANs. While the use of analytics leveraging AI/ML can simplify troubleshooting and
deliver better network assurance, poorly designed and implemented WLANs will continue to result in a poor user experience.

Strategic Planning Assumption

By 2021, more than 60% of all IoT devices on enterprise infrastructure will be “virtually segmented” from traditional business applications, up from
less than 5% today.

What You Need to Know

This Critical Capabilities research is the companion to Gartner’s “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.” It scores 17
vendors across six use cases designed to reflect the primary evaluation criteria Gartner recommends for use by I&O leaders responsible for
planning, procuring and managing enterprise wired and wireless access networks.

The rated vendors provide some or all of the core hardware and software for:

■ Wired access network switches

■ WLAN, including wireless access points (APs) and physical or virtual WLAN controllers

■ Network service applications that are cloud-, appliance- or virtual appliance-based, including but not limited to:

■ Network management, monitoring and performance

■ Access control and security

■ Policy enforcement

■ Location services

■ Analytics for security, network performance or vertical market applications (such as mobile marketing)

As the market has evolved, standards-based access networking hardware has become less differentiated. Many enterprises now focus more on the
features and functionality of network service applications when evaluating which vendor will best meet the organization’s access network

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 1/14
25/3/2019 Gartner Reprint

requirements. Additionally, enterprises are scrutinizing network service applications for WLAN-only and remote branch office connectivity, either on-
premises or in a public or private cloud. This Critical Capabilities note revises the use-case definitions to reflect this changing landscape.

Analysis
This research is intended to help organizations shortlist vendors that match their access networking requirements. It evaluates vendor effectiveness
in addressing an organization’s needs in six use cases:

■ Unified wired and WLAN access managed through a “single pane of glass” for tasks such as device configuration and troubleshooting, with the
aid of reporting tools

■ Wired-only access network refresh or new build, with requirements either for a wired-only network or for expanding- or refreshing-only wired
switching

■ WLAN-only refresh or new build, reflecting requirements not only for the wireless elements of a unified access network, but also for a “wireless-
first” environment, where the WLAN is the primary or predominant first connection to the enterprise network

■ Performance stringent applications, for deployments that require high availability or must support latency-sensitive applications, using either a
cloud-based or on-premises management solution

■ Multivendor networking environment to address enterprises that must manage a mix of vendor infrastructure

■ Remote branch office with corporate headquarters (HQ) to address organizations with widely distributed offices in addition to a central corporate
office

The Critical Capabilities research differs from that performed for “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure” by
focusing on product and service capabilities, rather than the vendor’s position, vision and execution in the market for enterprise networks.

Critical Capabilities Use-Case Graphics

Figure 1. Vendors’ Product Scores for Unified Wired and WLAN Access Use Case

HPE = Hewlett Packard Enterprise

Source: Gartner (August 2018)

Figure 2. Vendors’ Product Scores for Performance Stringent Applications Use Case

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 2/14
25/3/2019 Gartner Reprint

HPE = Hewlett Packard Enterprise

Source: Gartner (August 2018)

Figure 3. Vendors’ Product Scores for Multivendor Networking Environment Use Case

HPE = Hewlett Packard Enterprise

Source: Gartner (August 2018)

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 3/14
25/3/2019 Gartner Reprint
Figure 4. Vendors’ Product Scores for Remote Branch Office With Corporate HQ Use Case

HPE = Hewlett Packard Enterprise

Source: Gartner (August 2018)

Figure 5. Vendors’ Product Scores for Wired-Only Refresh/New Build Use Case

HPE = Hewlett Packard Enterprise

S G t (A t 2018)
https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 4/14
25/3/2019 Gartner Reprint
Source: Gartner (August 2018)

Figure 6. Vendors’ Product Scores for WLAN-Only Refresh/New Build Use Case

HPE = Hewlett Packard Enterprise

Source: Gartner (August 2018)

Vendors
Aerohive
Aerohive provides a cloud-managed access networking portfolio of access points, switches and branch routers, with an emphasis on serving WLAN-
focused deployments through its controllerless architecture and HiveManager management platform, available as either on-premises or through the
cloud. HiveManager offers network access, policy management and security behavioral analytics. Aerohive also includes basic management
functionality in the price of its wireless APs and switches, with customers able to buy additional functionality for network access, policy
management and security behavioral analytics in full versions of HiveManager. The company’s basic (seven models) lineup of stand-alone and
stackable wired switches limits its capabilities for enterprises requiring wired-only campus networks. The switch portfolio is nonetheless sufficient
for branch office deployments and for most unified wired and wireless access networking use cases where the enterprise prefers a single vendor.
Aerohive customers with more complex switching requirements, such as 802.3bz multigig ports, can use HiveManager’s full capabilities to manage
the broader N-Series switches from strategic partner Dell EMC. Organizations using Juniper Networks campus switches can use that vendor’s Sky
Enterprise management solution to also monitor Aerohive wireless access points, via HiveManager APIs integrated with Sky. Large or midsize
enterprises should evaluate Aerohive for primarily WLAN-focused solutions in its targeted markets of retail, education and distributed enterprises for
the company’s primary regions of North America and EMEA.

ALE
ALE, marketed under the brand Alcatel-Lucent Enterprise, provides a unified wired and wireless access network using its OmniSwitch wired campus
switches paired with the cost-competitive OmniAccess Stellar line of wireless access points. Organizations can manage the same switch and AP
hardware with either the OmniVista 2500 Network Management System (NMS) on-premises solution, or ALE’s newer Cirrus cloud-managed SaaS
option. Cirrus provides some price flexibility by offering a “freemium” tier of basic services. These provide entry-level functionality, such as a
dashboard for viewing basic network and device inventory and available software and firmware updates for registered network devices.
Organizations requiring more advanced services (such as network provisioning, unified management of ALE switches and Stellar APs, network heat
mapping, and network performance monitoring) must buy the premium Cirrus tier. Enterprises with multivendor deployments of ALE and HPE Aruba
hardware also can do basic network management of HPE Aruba APs with OmniVista 2500, utilizing either that solution or Aruba’s ClearPass Policy
Manager for access control and guest access management. Organizations with branch or campus networks in ALE’s primary enterprise markets of
hospitality, healthcare, education and government in its primary business regions of EMEA, North America and Asia/Pacific outside of China should
include ALE in their access layer vendor evaluations.

Allied Telesis

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 5/14
25/3/2019 Gartner Reprint

Allied Telesis offers an end-to-end portfolio comprising LAN switching, WLAN and network management. All products, including industrial-grade
switches, use the same operating system (AlliedWare Plus), offering uniform functionality and upgradability. Enterprises can manage the switching
and WLAN product portfolio on-premises with Vista Manager EX or in the private or public cloud using Autonomous Management Framework (AMF)
Cloud. Customers requiring a controller-based architecture must use the Autonomous Wave Control (AWC) plug-in with the vendor’s Vista Manager
EX unified management solution or integrated with Allied Telesis’ AR-Series firewall products. Allied Telesis’ switching product line is broad, but as
with the rest of its portfolio predominantly targets small and midsize businesses (SMBs). The wireless offering remains limited, despite the launch
of the MWS “small business” series access points in 2017. Vista Manager EX supports multivendor monitoring, requiring SNMP configuration. Allied
Telesis offers limited choices for guest access functionality, and onboarding capabilities for wired/wireless policy enforcement are restricted. These
limitations — plus limited capabilities for expanded requirements, such as indoor location or analytic reporting — place Allied Telesis in the bottom
quartile of vendor scores for wireless-related use cases. Predominantly SMBs in the Asia/Pacific region, North America and EMEA should assess
Allied Telesis for its wired and wireless LAN infrastructure needs.

ARRIS (Ruckus)
ARRIS International completed its acquisition of the former Ruckus Wireless and the Brocade ICX wired switch business of Broadcom in December
2017. Those operations now provide enterprise access networking solutions as “Ruckus Networks, an ARRIS Company.” Ruckus’ key enterprise
vertical markets include hospitality, retailing, education and government, in addition to a strong focus on the service provider market. Ruckus offers
enterprises unified wired and wireless access networking for on-premises managed and cloud-managed deployments. Ruckus’ primary solution is
its line of SmartZone WLAN controllers, and alternative controllerless options include Unleashed and the subscription-based Cloud Wi-Fi offering.
Both the on-premises and cloud architectures make use of the same wireless APs, but integration between Cloud Wi-Fi and the ICX campus
switches remains limited. Organizations utilize the Cloudpath Enrollment System, as either a cloud or on-premises solution, for wired and wireless
access management, policy management, onboarding and guest access control. Organizations utilize the SmartCell Insight (SCI) network analytics
tool for WLAN reporting and analytics.

Organizations in Ruckus’ primary global markets of hospitality, retailing, education and government should evaluate Ruckus for enterprise access
networking requirements.

Cisco
Cisco continues to provide the broadest portfolio of access wired switching and WLAN products. The company introduced its Software-Defined
Access architecture in 2H17, which provides automation and programmable policy enforcement and segmentation from the edge of the network to
the application. The launch of the Catalyst 9000 switching product line, and more recently the Aironet 4800 access points, is part of the solution.
Customers must choose between two separate access layer solutions — Aironet/Catalyst and Meraki — which are loosely tied together through the
Digital Network Architecture Center (DNA-C) network monitoring dashboard. The DNA-C offering provides management and automation capabilities
for the Cisco Aironet and Catalyst product lines that are not available in the Meraki cloud platform. DNA Center version 1.1 enables a single
dashboard for visibility and control for both Meraki and Aironet/Catalyst product families, even though Cisco continues to maintain the Meraki
Dashboard for full management of Cisco Meraki switches and APs. Cisco SD-Access along with Assurance provides network analytics across the
access layer that works in conjunction with the automated network fabric. This provides initial provisioning of network components and ongoing
automation of policies, as well as the capability to simplify IoT deployments through virtual segmentation. Clients should assess Cisco globally for
all enterprise on-premises and cloud-based access layer opportunities.

Dell EMC
Enterprise customers using Dell EMC infrastructure for a unified wired and wireless access network essentially get Aerohive APs and Dell EMC’s N-
Series campus switches. These are managed (both on-premises or from the cloud) by a fully integrated, Dell-branded version of Aerohive’s
HiveManager NG. However, this solution does not support management of access infrastructure for vendors other than Dell EMC and Aerohive.
Users must deploy Dell EMC OpenManage Network Manager for wired switches from third-party vendors. Organizations that require features or
capability beyond HiveManager NG can use the vendor’s own ecosystem of integrated solutions for unified endpoint management (VMware
AirWatch), multifactor network access control (Impulse SafeConnect) and security behavioral analytics (RSA NetWitness). In 1Q18, Dell EMC
announced an OEM relationship with Ruckus. Midsize enterprises in Dell EMC’s primary target markets of public education, healthcare, hospitality
and government can consider this vendor for their access networking requirements, especially in global regions where its sales and support
infrastructure is more developed than Aerohive’s.

D-Link
D-Link can provide low-cost wired and wireless access network infrastructure suitable for campus networks or branch location deployments with
basic connectivity and management requirements. Organizations can manage D-Link enterprise switches and APs using its on-premises, browser-
based D-View 7 software. This software provides basic network monitoring and management functionality, including device identification, traffic
management and management of third-party devices using command line interface (CLI) scripts. In 1Q18, D-Link announced its Nuclias cloud-based
(and controllerless) wired/wireless network management platform, which can be deployed in a multitenant environment. Nuclias complements D-
Link’s management capabilities, but was not included in the scores of this research note. D-Link includes basic guest access network capabilities at
no extra cost with its Wireless Controller (DWC), Business AP (DAP and DWL) and campus switch (DES/DGS/DXS) product lines. The vendor does
not provide more complex network services applications, such as location-based services. This makes it suitable primarily for cost-conscious
organizations with basic access networking requirements in regions such as EMEA and North America, where D-Link has its largest business
presence.

Extreme Networks
Extreme Networks is a wired/wireless LAN access layer vendor that continues to expand globally. In the past year, we have seen Extreme
demonstrate its ability to deploy and support clients globally with a portfolio that allows Extreme to address all enterprise access layer
opportunities. Extreme has edge-to-core infrastructure solutions that can be optimized from on-premises, cloud or hybrid network service
https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 6/14
25/3/2019 Gartner Reprint

applications. The company’s customers have licensing flexibility instead of a “one size fits all” model for applications needed for their business
requirements, such as ExtremeManagement, ExtremeControl and ExtremeAnalytics. Extreme Fabric Connect also addresses the growing need for
IoT segmentation, and ExtremeAI uses network data and machine learning to automatically tune the wired and wireless access network. Extreme is
one of only three vendors covered by this research that supports time-sensitive networking services across a number of its switching platforms.
Extreme continues to provide strong customer service through a 100% insourced service and support team. While Extreme is still a relatively small
campus network provider, in 2017, the company revenue grew by 36% for switches and doubled for WLAN. Most growth was due to acquisitions,
although the company reported organic revenue growth as well. Clients should assess Extreme Networks globally for all wired/WLAN access layer
opportunities.

Fortinet
Based on version 6.0 of its Fortinet network security OS (FortiOS), Fortinet has expanded the automation and AI capabilities of its core network and
security management platform. Unifying its products into its Security Fabric umbrella enables single-pane-of-glass access to security, application
identification, policy application and enforcement integration. Additionally, enterprises manage Fortinet’s wireless and wired switching as a unified
fabric, which allows simplicity of end-to-end network configuration by treating both wired and wireless networks as a single entity. FortiCloud
provides network management from the cloud, both as a free offering or subscription-based for additional features such as customized reporting
and sandboxing. The FortiWLM provides management of wireless infrastructure, with the option of deploying it as a virtual machine in the cloud.
Fortinet has placed additional emphasis on building its wired and wireless network products with IoT and multicloud access requirements at top of
mind. However, Fortinet does not offer the same capabilities when applied to a multivendor environment, which is the status quo for most
environments in which Fortinet will be deployed. This requires that enterprises operate multiple distinct network infrastructures, each with its own
tools, which increases complexity and has a negative effect on cost of ownership. Evaluate Fortinet when considering vendors for a unified-access
network deployment.

HPE (Aruba)
Aruba, a Hewlett Packard Enterprise company, is one of the leading global providers of wired and wireless access networking products. Aruba
ranked top in five use cases. The 8400 and 8320 aggregation/core switches have made its end-to-end solution more complete, on capabilities
including automation, network analytics and security. Aruba offers WLAN controllerless options with its Instant access points, as well as a cloud-
managed subscription offering with Aruba Central, which can also manage switches. Aruba Central nonetheless continues to lag behind in full-
feature parity compared with its on-premises AirWave and ClearPass solutions. AirWave (network management) and ClearPass (network access
control) remain some of the most complete solutions in the market. AirWave provides basic configuration for a list of supported third-party devices,
predominantly legacy products from Cisco and Juniper. Recent integration of user and entity behavior analytics (UEBA) provides ClearPass the
ability to act on anomalous and inconsistent activities that may indicate a security threat, leveraging ML technology. Aruba continues to develop its
capabilities for network service assurance through NetInsight, which provides analytics on user connectivity for recommended network
configuration changes. Aruba continues to lag on IT/operational technology (OT) convergence. Aruba’s wired and wireless LAN solutions are
suitable for consideration globally for all access layer opportunities.

Huawei
Huawei’s Enterprise Business Group (EBG) has a large wired/wireless access layer portfolio. The Agile Controller-Campus (AC-Campus) campus
networking flagship product leverages software-defined network (SDN) technology, scaling up to 6,000 APs and more than 1,000 access switches.
AC-Campus subscriptions deliver functionality encompassing AAA security, authentication, onboarding, guest access management and security
orchestration. The on-premises implementation of AC-Campus leverages eSight for integrated wired and wireless network management, additionally
supporting basic multivendor network device monitoring and management using SNMP. Huawei’s CloudCampus architecture allows management of
wired and wireless LAN infrastructure in a private or public cloud, including firewalls and access routers. Organizations have the flexibility of being
able to shift from an on-premises to a cloud-managed deployment via a software and license upgrade. Huawei has added 2.5/5 Gbps support to its
S6720-SI fixed-form switching series. Huawei remains one of the most cost-effective vendors profiled in this research. Huawei relies on partnerships
for its location-based services. Its CampusInsight solution filled a gap in analytical reporting and automation for network service assurance.
However, this product was introduced in 1Q18 and for this reason was not included in the scores of this research note. Assess this vendor for
enterprise campus deployments primarily in its core markets of China and EMEA.

Juniper Networks
Juniper introduced its subscription-based Juniper Sky Enterprise platform in January 2018 for cloud management of its networking and security
products. Additional capabilities enable automation, zero-touch provisioning and less reliance on direct interface with the Junos OS, while still
providing the CLI as an option. Juniper continues to align its products with a security focus under the Software-Defined Secure Networks (SDSN)
banner, which provides automated and centralized security policy definitions through the Juniper Policy Enforcer engine. SDSN utilizes all Juniper
switches, routers and firewalls for security profiling and threat detection, while integrating directly into the Juniper Sky Enterprise cloud platform.

Juniper NFX products offer compelling WAN edge capabilities with support for virtual customer premises equipment (vCPE) and network function
virtualization (NFV), managed by the Contrail Controller. Junos Fusion provides switch aggregation to support integrated management of multiple
campus switches as a single logical device. Campus and data center EX switches are now fully integrated into the Jupiter Sky Enterprise cloud
platform. However, despite continuing to build on its wired networking infrastructure capabilities, Juniper still relies on partnerships for wireless
products and management systems. This limits the control that it can have over its wireless technology roadmap and how well it can provide an
integrated end-to-end networking offering. Assess Juniper for wired switching opportunities or for unified access networking if your organization has
WLAN requirements that can be met by Juniper’s WLAN partners.

LANCOM Systems
LANCOM Systems can provide wired and wireless access networking infrastructure suitable for basic enterprise connectivity, using either stand-
alone, controller-based or controllerless architecture managed by the LANCOM Management Cloud (LMC) solution. The portfolio of wired campus
https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 7/14
25/3/2019 Gartner Reprint

switches and wireless APs is competitively priced with comparable hardware and network service applications available from larger competitors.
However, LANCOM’s ability to support management of multivendor hardware deployments was still under development at the time of this research.
The company provides a REST API enabling third-party developers to access monitoring data gathered by LMC, to use for advanced network
analytics and other functionality. Customers requiring IoT traffic segmentation are limited to LANCOM’s solution focused on its ePaper digital
labeling and signage product, which uses the AP as a gateway for aggregating and segregating IoT endpoint traffic. The vendor currently has its
business concentrated in Western Europe, primarily Germany, making it suitable for enterprise access networking requirements in that region.

Mist Systems
Mist Systems offers its own WLAN portfolio, plus wired switches from strategic technology partners like Juniper. The core competency and
innovation of Mist is provided in its wireless portfolio that is typically delivered as a service from the cloud. Both wired and wireless products can be
purchased from Mist for a complete access layer solution, but the recommended route is to purchase through channel partners. Mist’s dual radio
access points have 16 integrated antenna elements for Bluetooth low energy (BLE) and collect over 100 different user states, which are processed
through an unsupervised ML engine. Mist provides indoor location capabilities and virtual BLE beacon functionality for wayfaring applications and
asset management. Mist’s AI-driven Wi-Fi provides guest access, network management and policy applications, as well as analytics, IoT
segmentation and behavioral analysis at scale. The Mist architecture also allows it to leverage AI technology for proactive operations, predictive
recommendations and rapid troubleshooting required to provide network assurance and automation. Enterprises should evaluate Mist for access
layer opportunities globally.

Mojo Networks
Mojo Networks offers a wireless-focused, cloud-managed access layer infrastructure with its portfolio of access points, access layer applications
and a limited lineup of wired switches. While focused in North America, Mojo has a global customer base. The cloud-managed Cognitive WiFi
solution has been optimized for large-enterprise networks, as well as higher education and K-12 markets, but it can be deployed on-premises if
needed. While this provides flexibility, on-premises network management lacks some advanced capabilities, such as indoor location services and
IoT containment. Having a software-defined solution, Mojo has the industry-leading ability to create a digital twin of an existing client network in the
cloud and test configuration changes or new code revisions in a digital “sandbox.” Network analytics is provided within Mojo Cognitive WiFi, with the
ML and big data platform tracking more than 300 key performance indicators (KPIs). Mojo’s wired portfolio is basic, consisting of three fixed-format
Ethernet switches, and the company’s capabilities to support IoT segmentation/containment are limited. Evaluate Mojo Networks in North America
for all wireless cloud-based access layer connectivity projects and globally through distribution partners that provide the required ability to support
installations. In August 2018, Arista Networks announced the intention to acquire Mojo Networks, with the acquisition expected to be completed in
3Q18.

New H3C
New H3C Group, a joint venture of Tsinghua Holdings (51%) and HPE (49%), has a large wired/wireless access layer portfolio. Enterprises can use
New H3C’s intelligent Management Center (iMC) for unified wired/wireless management, as well as for applications such as device profiling, policy
enforcement, network traffic analysis, and management of quality of service (QoS) configurations. In a cloud-managed and multitenant environment,
the H3C Oasis platform provides data analytics and basic device/user behavior analysis. Introduced in 2017, the Wireless Beneath Cloud (WBC)
controller enables a private cloud implementation of the Oasis platform. Integrating with edge computing capabilities, the WBC supports location-
based services, analytics and network assurance services. The company has also made progress with its CUPID 2.0 indoor location service
platform, with advancements to its algorithms and broader support of location technologies. Despite CUPID’s updates to integrate data from both
Bluetooth beacons and Wi-Fi, New H3C has few partners outside China, limiting the development of location applications outside the region.

Although New H3C’s target customer base includes service providers and smart city deployments, other key vertical markets include education,
healthcare and government. Basic multivendor network management support is available for selected Cisco and Aruba devices. New H3C has the
vast majority of its business concentrated in Asia/Pacific, primarily China, making it suitable for enterprise access networking requirements in that
region.

Riverbed
Riverbed continues to align its products around SteelConnect as the central management and configuration platform for its products. The
integration of the WLAN and switching assets acquired from Xirrus with SteelConnect’s software-defined WAN (SD-WAN) functionality has expanded
Riverbed’s capabilities from the edge of the network to the WAN. Riverbed has retained the Xirrus brand. The Xirrus product line has a proven track
record in providing high-performance Wi-Fi supporting low to high densities and challenging RF environments, with the ability to scale. Xirrus
Management System (XMS) manages WLAN infrastructure, and SteelConnect Manager further integrates wired and WAN network management.
Both solutions can be deployed on-premises or in the cloud. EasyPass, an add-on for XMS, offers ease of access for guests, bring your own device
(BYOD) and IoT devices, as well as single sign-on (SSO) integration with Office 365 and Google G Suite. SteelCentral Aternity, also integrated into
Xirrus WLAN, provides end-user experience monitoring of business applications. While Riverbed has increased its capabilities at the edge, it does
not have a product line for aggregation and core switches, which hampers its ability to offer a single-pane-of-glass platform for SD-WAN and
software-defined LAN (SD-LAN). The former Xirrus switches, rebranded SteelConnect, predominantly meet the needs of the midmarket, which is not
aligned with the SteelHead, SD-WAN and Xirrus products, which have large-enterprise capabilities. Riverbed can be considered globally as an
enterprise branch office wired and wireless access networking option.

Context
Access layer hardware has become increasingly commoditized, especially from mainstream vendors, with all major vendors offering 802.11ac Wave
2 access points. A growing number of switch models support 2.5/5 Gbps (multigigabit), even though availability of the technology has made slow
progress since the ratification of the 802.3bz standard in September 2016. This means that vendor differentiation continues to predominantly rely on
software capabilities used to configure, secure, manage and operate the network. Network service applications supporting mobile work styles have

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 8/14
25/3/2019 Gartner Reprint

become a more significant consideration for enterprises planning central office or campus network support for voice over wireless LAN (VoWLAN),
onboarding and monitoring of BYOD devices and location-based services. Equally important are network service application capabilities supporting
outsourced managed LAN services. For these, the customer may focus on network assurance capabilities and on the SLAs for supporting a specific
user experience more than on the listed throughput, capacity or antenna specs for the deployed infrastructure.

IoT has begun to play a bigger role in WLAN deployment decisions, especially in vertical markets such as manufacturing, transportation, retail,
healthcare and utilities. Gartner has forecast the installed base of IoT endpoints in businesses to surpass 9 billion units by 2021. IoT devices and
new applications will increasingly impact WLAN investments, with the need to meet latency and high-coverage density requirements. A growing
number of organizations are also looking at the convergence of IT and OT, with emerging technologies such as Time-Sensitive Networking (TSN).
For industrial automation use cases and critical control loops, wired and wireless TSN capabilities allow mission-critical real-time traffic with
extremely low packet loss, low jitter and zero congestion loss (for more information, see “Emerging Technology Analysis: Time-Sensitive
Networking”).

IoT has also brought new requirements and challenges from a security standpoint. As highlighted in “IoT Solutions Can’t Be Trusted and Must Be
Separated From the Enterprise Network to Reduce Risk,” a CEB (now Gartner) survey found that nearly 20% of organizations observed at least one
IoT-based attack in the past three years. Unlike laptops and servers that can be authenticated through 802.1X and managed through enterprise
mobility management (EMM) and network management applications, the diversity of IoT devices leaves enterprises vulnerable. Wired and wireless
access layer capabilities addressing IoT security needs include tunneling functionality based on identity, policy enforcement using context-based
variables, segmentation with traffic filtering, and IoT traffic isolation into IPsec encrypted zones.

In the past 18 months, we have seen growing activity in the realm of ML and AI technology in campus networking for wireless, wired and device
problem identification. As highlighted in “Automation and AI Will Slash Access Layer Downtime and the Reliance on Network Administrators,” we
anticipate that, in the next three to five years, most access layer vendor offerings will leverage analytics for root cause analysis and problem
remediation. By leveraging AI/ML, the resolution of network issues will be able to advance from generating alerts to making real-time changes at the
edge of the network. This can impact tasks encompassing policy enforcement, troubleshooting and network automation, ultimately delivering better
network assurance.

Worldwide port shipments for campus Ethernet switches grew by 20% from 2016 to 2017 and revenue by 7%. Enterprise WLAN market revenue grew
by 12%, which represented an improvement compared with the 9.5% increase seen from 2015 to 2016. For more information, see “Market Share:
Enterprise Network Equipment by Market Segment, Worldwide, 4Q17 and 2017.”

Product/Service Class Definition

Wired/WLAN access networking consists of a wide range of features and functions. In this research, we examine six critical networking capabilities
that enterprises should consider when looking to develop broad, unified and access layer migration roadmaps, and when choosing strategic
suppliers. We evaluate vendors on the following capabilities.

Critical Capabilities Definition

Wired Access
This accounts for the vendor’s wired switching solution hardware (fixed-form-factor and modular) and integrated software, which may include port-
extension capabilities. Key components include performance, availability, scalability, interoperability, cost, support and the portfolio architecture.

Capabilities also include:

■ Form factors and port densities that meet specific wired switching requirements. These include fixed-form-factor, port-extension and chassis-
based switches.

■ 802.3bz capabilities that enable 2.5/5Gb links to wireless access points for supporting high-density 802.11ac Wave 2 deployments without the
need to replace existing Cat 5e or Cat 6 cables.

■ Single-application management of hardware from differing vendors, including end-user security and policies.

WLAN Access
This accounts for the vendor’s wireless-access solution in a traditional, carpeted enterprise, which includes hardware (such as access points in a
variety of configuration and antennas) and integrated software.

Key capabilities include:

■ A range of wireless AP form factors to support different indoor and outdoor enterprise and campus environments.

■ The ability to measure latency for voice and data applications and to provide sufficient data for mean opinion score (MOS) calculations to support
toll-quality VoWLAN.

■ Single-application management of hardware from differing vendors, including end-user security and policies.

■ Ability to scale from hundreds to several thousand APs. The network retains active ability of connectivity to the controller, whether on-premises or
cloud-based.

Network Access/Guest Access/BYOD

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elqat=2 9/14
25/3/2019 Gartner Reprint

This provides the ability to define granular access policy enforcement.

It includes the ability to provide captive portals for guests and to onboard IoT and other “headless” devices (without a human interface, such as
printers and digital signage). It also includes the ability to define roles of varying access to the network, with attention to BYOD situations.

Access roles will use device, device profile, user, location, time/date, duration and application access as primitives to consistently determine access
to the wired or wireless network, regardless of device or location.

Management and Administration

This refers to the deployment, configuration and ongoing management/administration capability of the vendor’s products and other access layer
networking products.

This can also include functionality embedded into individual network elements, vendor-provided network management system software/hardware
and integration with existing management tools (such as network performance monitoring [NPM] and network configuration and change
management [NCCM]) via standardized protocols or APIs. Other capabilities include:

■ Zero-touch or automated provisioning

■ Policy-based management and configuration

■ Network monitoring

■ On-premises and cloud-based management options

■ Physical and virtual controller or controllerless options

Additional Network Service Apps

This capability includes a broad and growing set of network service applications, including analytics, forensics, video services that enhance the
application, network assurance solutions and location-based services, which may be vertical-market-specific.

Network analytics applications look at the network, as well as the end-user data. Network forensics tools determine what’s happening across the
entire access layer, in addition to security functionality and fixed mobile convergence capabilities. Location services include the ability to provide Wi-
Fi-based or active RFID/beacon location, as well as an application toolkit for zonal or real-time location services (RTLS). Other capabilities include:

■ Flexibility to deploy access network applications on-premises or in a private or public cloud to address implementation scenarios, such as remote
or branch offices

■ Network application innovation to support security, policy enforcement and other access layer functionality

Multivendor Management Support

This is the ability of a network management solution to identify, configure and manage wired and WLAN elements from multiple vendors through a
“single pane of glass.”

This capability may be enabled by:

■ Native multivendor capabilities for specified third-party vendor devices and software configurations

■ The ability to discover and manage third-party devices that support a standard SNMP Management Information Base (MIB) and Link Layer
Discovery Protocol (LLDP)

■ The ability to manage configurations and hardware/software aspects of third-party components

■ The ability to gain visibility and analytics into the operation and the performance of third-party components

■ The use of a management agent installed on network devices or on a monitoring appliance to enable the provisioning, configuration or monitoring
of the devices

■ Open APIs enabling third-party vendors to integrate with the vendor’s network management solution

Use Cases
Unified Wired and WLAN Access
This is an enterprise facility or campus environment with 500+ users that requires wired and WLAN access networking components to deploy across
carpeted office spaces.

Unified wired and WLAN access will provide the ability to monitor and manage the network from one integrated network management solution.

Most users are typically badged employees, although contractors and guests also require connectivity. Employees are usually issued corporate-
owned devices. However, the network may also support BYOD for mobile devices, such as smartphones, tablets and possibly laptops. This buyer is

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elq… 10/14
25/3/2019 Gartner Reprint

typically technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components. This is the most common use
case for newly constructed office space, although it’s often initiated by a campus refresh.

Performance Stringent Applications

This is a physical facility or campus environment requiring high network reliability or supporting a latency-sensitive application, with greater
emphasis on wireless access.

Network application services that enhance voice and video applications are an important requirement.

This organization’s access network needs not only to be governed by uptime, but also to be measured by the availability of data center or cloud
applications to end users. This includes the ability to use the network if multiple path redundancy is configured or if applications must be accessed
locally. Most users are typically badged employees, but contractors and guests also require connectivity. This buyer is typically highly technically
competent and/or routinely makes granular changes to wired/WLAN infrastructure components.

Multivendor Networking Environment

This is a mixed vendor environment (for example, when an incumbent vendor’s equipment must be used with new equipment as part of the wired
and WLAN access layer solution).

This encompasses a single, small location or a large, campus-based enterprise. Differing vendor hardware may be deployed at multiple locations,
but the hardware and end-user security and policies must be managed by a single application that may be located in the cloud or on-premises. Most
users are typically badged employees, but contractors and guests also require connectivity. This buyer is typically highly technically competent
and/or routinely makes granular changes to wired/WLAN infrastructure components.

Remote Branch Office With Corporate HQ

This requires wired/WLAN access networking components and knowledge of WLAN connectivity.

This use case involves a single physical facility of 10 to 50 users, potentially with a headquarters site with up to 499. It is typically observed for small
enterprises or small, remote offices of larger enterprises, deployed in carpeted office spaces where there is also a central corporate headquarters.
Users are typically badged employees, but contractors and guests also require connectivity. Remote (cloud-based) network management is
important functionality. This is because there is typically little or no on-site technical support in the remote locations, but there is an IT organization
that supports these locations at the central headquarters.

Wired-Only Refresh/New Build

This is a physical facility or campus environment with more than 500 users that requires only wired access networking components.

This use case is most often applied to “brownfield” and refresh opportunities, often when an incumbent wireless solution is in place and:

■ There is either no desire to replace it; or

■ It serves a highly risk-averse environment in which no wireless has been deployed

Most users are typically badged employees. However, contractors and guests also require connectivity. This buyer is typically technically competent
and/or routinely makes granular changes to wired/WLAN infrastructure components.

WLAN-Only Refresh/New Build

This applies to refresh opportunities or to new builds in which wireless was the primary or predominant connection to the enterprise network.

This use case can encompass single, small locations or large, campus-based enterprises. It may include limited wired components to provide
connectivity for WLAN or as incremental updates for expanding an existing infrastructure. In addition to data connectivity, the implementation
supports the use of the WLAN for toll-quality voice calls, either from cellular smartphones or from softphones on desktop, laptop or tablet
computing devices. The voice requirement is to implement, manage and measure the network to provide toll-quality calls. This use case is typically
observed for brownfield and refresh opportunities. Most users are typically badged employees, but contractors and guests also require connectivity.
This buyer is typically highly technically competent and/or routinely makes granular changes to wired/WLAN infrastructure components.

Vendors Added and Dropped

Added
■ LANCOM Systems was added for the first time this year.

Dropped
■ No vendors were dropped from the 2017 Magic Quadrant. The entry for Brocade (Ruckus) has changed to ARRIS (Ruckus), given that ARRIS
completed its acquisition of Ruckus in 2017.

Inclusion Criteria
To qualify for inclusion, vendors need to:

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elq… 11/14
25/3/2019 Gartner Reprint
■ Demonstrate relevance to Gartner clients in the enterprise access layer market by offering switching and WLAN hardware to address enterprise
access layer networking requirements outlined in the Market Definition/Description section of “Magic Quadrant for the Wired and Wireless LAN
Access Infrastructure.”

■ Demonstrate relevance to Gartner clients in the enterprise access layer market by providing one or more network service applications as outlined
in the Market Definition/Description section of the Magic Quadrant, with annual network service application revenue exceeding $10 million.

■ Produce and release enterprise access layer networking products for general availability as of 15 February 2018. All components must be publicly
available, shipping and included on the vendor’s published price list.

■ Have at least 50 enterprise customers that use its access layer networking products in production environments as of 15 February 2018.

■ Demonstrate production enterprise customers with at least five reference customers supporting access layer networks of more than 100 access
points.

Table 1: Weighting for Critical Capabilities in Use Cases

Remote
Unified
Branch
Wired Performance Multivendor Wired-Only WLAN-O
Critical Office
and Stringent Networking Refresh/New Refresh/
Capabilities With
WLAN Applications Environment Build Build
Corporate
Access
HQ

Wired Access 20% 10% 10% 10% 50% 0

WLAN Access 30% 20% 10% 20% 0% 50

Network 15% 10% 10% 20% 10% 10

Access/Guest
Access/BYOD

Management 15% 30% 10% 25% 15% 15

and
Administration

Additional 15% 30% 10% 25% 15% 15

Network
Service Apps

Multivendor 5% 0% 50% 0% 10% 10

Management
Support

Total 100% 100% 100% 100% 100% 10

As of August 2018

Source: Gartner (August 2018)

This methodology requires analysts to identify the critical capabilities for a class of products/services. Each capability is then weighed in terms of
its relative importance for specific product/service use cases.

Critical Capabilities Rating

Each of the products/services has been evaluated on the critical capabilities on a scale of 1 to 5. A score of 1 = poor (most or all defined
requirements are not achieved), while 5 = outstanding (significantly exceeds requirements).

Table 2: Product/Service Rating on Critical Capabilities

Critical Allied ARRIS Dell D-
Aerohive ALE Cisco
Capabilities Telesis (Ruckus) EMC Link

Wired Access 3.0 3.8 3.3 3.8 4.4 3.7 3.2

WLAN Access 4.0 3.9 2.6 3.8 4.1 3.2 3.0

Network 3.8 3.5 2.4 3.8 4.3 3.8 2.5

Access/Guest
Access/BYOD

Management 3.8 3.5 2.8 3.2 4.0 3.5 2.3

and
Administration

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elq… 12/14
25/3/2019 Gartner Reprint

Critical Allied ARRIS Dell D-

Aerohive ALE Cisco
Capabilities Telesis (Ruckus) EMC Link

Additional 3.8 3.5 2.3 3.2 4.0 3.3 1.0

Network
Service Apps

Multivendor 3.2 3.2 2.6 2.8 2.8 3.2 2.0

Management
Support

As of August 2018

Source: Gartner (August 2018)

Table 3 shows the product/service scores for each use case. The scores, which are generated by multiplying the use-case weightings by the
product/service ratings, summarize how well the critical capabilities are met for each use case.

Table 3: Product Score in Use Cases

Use Allied ARRIS Dell D-
Aerohive ALE Cisco
Cases Telesis (Ruckus) EMC Link

Unified 3.67 3.67 2.70 3.57 4.10 3.45 2.51

Wired and
WLAN
Access

Performance 3.76 3.61 2.62 3.44 4.09 3.43 2.16

Stringent
Applications

Multivendor 3.44 3.42 2.64 3.18 3.48 3.35 2.20

Networking
Environment

Remote 3.76 3.61 2.61 3.50 4.12 3.47 2.25

Branch
Office With
Corporate
HQ

Wired-Only 3.34 3.62 2.92 3.52 4.11 3.57 2.55

Refresh/New
Build

WLAN-Only 3.84 3.67 2.57 3.52 3.96 3.32 2.45

Refresh/New
Build

As of August 2018

Source: Gartner (August 2018)

To determine an overall score for each product/service in the use cases, multiply the ratings in Table 2 by the weightings shown in Table 1.

Evidence
For this research, we considered:

■ More than 500 access network-related Gartner client inquiries conducted during the evaluation period.

■ Vendor questionnaire responses and vendor briefings conducted during the product evaluation period and conducted specifically for this
document.

■ A survey of 126 vendor-provided client references.

■ Other publicly available vendor product and service information, and interaction with other Gartner analysts who have conducted inquiries or
research relevant to this area.

Critical Capabilities Methodology

This methodology requires analysts to identify the critical capabilities for a class of products or services. Each capability is then weighted in terms
of its relative importance for specific product or service use cases. Next, products/services are rated in terms of how well they achieve each of the
critical capabilities. A score that summarizes how well they meet the critical capabilities for each use case is then calculated for each
product/service.
https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elq… 13/14
25/3/2019 Gartner Reprint

"Critical capabilities" are attributes that differentiate products/services in a class in terms of their quality and performance. Gartner recommends
that users consider the set of critical capabilities as some of the most important criteria for acquisition decisions.

In defining the product/service category for evaluation, the analyst first identifies the leading uses for the products/services in this market. What
needs are end-users looking to fulfill, when considering products/services in this market? Use cases should match common client deployment
scenarios. These distinct client scenarios define the Use Cases.

The analyst then identifies the critical capabilities. These capabilities are generalized groups of features commonly required by this class of
products/services. Each capability is assigned a level of importance in fulfilling that particular need; some sets of features are more important than
others, depending on the use case being evaluated.

Each vendor’s product or service is evaluated in terms of how well it delivers each capability, on a five-point scale. These ratings are displayed side-
by-side for all vendors, allowing easy comparisons between the different sets of features.

Ratings and summary scores range from 1.0 to 5.0:

1 = Poor or Absent: most or all defined requirements for a capability are not achieved

2 = Fair: some requirements are not achieved

3 = Good: meets requirements

4 = Excellent: meets or exceeds some requirements

5 = Outstanding: significantly exceeds requirements

To determine an overall score for each product in the use cases, the product ratings are multiplied by the weightings to come up with the product
score in use cases.

The critical capabilities Gartner has selected do not represent all capabilities for any product; therefore, may not represent those most important for
a specific use situation or business objective. Clients should use a critical capabilities analysis as one of several sources of input about a product
before making a product/service decision.

© 2018 Gartner, Inc. and/or its affiliates. All rights reserved. Gartner is a registered trademark of Gartner, Inc. and its affiliates. This publication may not be reproduced or
distributed in any form without Gartner's prior written permission. It consists of the opinions of Gartner's research organization, which should not be construed as
statements of fact. While the information contained in this publication has been obtained from sources believed to be reliable, Gartner disclaims all warranties as to the
accuracy, completeness or adequacy of such information. Although Gartner research may address legal and financial issues, Gartner does not provide legal or investment
advice and its research should not be construed or used as such. Your access and use of this publication are governed by Gartner’s Usage Policy. Gartner prides itself on
its reputation for independence and objectivity. Its research is produced independently by its research organization without input or influence from any third party. For
further information, see "Guiding Principles on Independence and Objectivity."

About Careers Newsroom Policies Site Index IT Glossary Gartner Blog Network Contact Send Feedback

© 2018 Gartner, Inc. and/or its Affiliates. All Rights Reserved.

https://www.gartner.com/doc/reprints?id=1-5DH3DWJ&ct=180822&st=sb&elqTrackId=d7a45441d353482bb852df599f48b177&elqaid=727&elq… 14/14