I am very pleased and proud to announce that we have released HiveManager/HiveOS version 6.4r1, formerly known as and code-named “HongKong”.
Why should I care about this?
HongKong contains a number of enhancements and bug-fixes to both HiveOS and HiveManager.
Platforms supported: AP121, AP141, AP230, AP330, AP350, AP1130, BR200, BR200-WP, BR200-LTE-VZ, SR2024, SR2024P, SR2124P-rev2, SR2148 devices; VPN Gateway Appliance, and VPN Gateway Virtual Appliance; HiveManager Online, and all HiveManager Physical and Virtual Appliances.
Platforms not getting new images in this release: AP20, AP28, AP110, AP120, AP170, AP320, AP340, AP370, AP390, APSR2124P-rev1, BR100.
What are the relevant dates?
Announcement to customers about planned downtime: Email sent Wednesday December 24th, downtime scheduled for evening of Friday January 9th from 7:00pm to 9:00pm PST.
General Availability (i.e. HMOL updated, files available on Support Portal, etc): Monday 05 January 2015
Retail Analytics servers, Planner, Demo, FreeAP servers will be updated by Friday 9 January 2015
"Fly the Bee" on 6.1, 6.2, and 6.3 servers to let HMOL customers self-upgrade to 6.4r1: Monday 26 January 2015
What are the highlighted features of the 6.4r1 release?
Basic HiveManager 6.2r1 functionality, plus
AP230 as iBeacon: Bluetooth Low Energy (BLE) wireless technology provides many new applications for retail and commercial enterprises. With this release, you can enable an AP230 to behave as an iBeacon transmitter by connecting a Bluetooth dongle to the external USB port interface. iBeacon functions are configured in HiveManager.
FCC DFS support for AP230: AP230 devices now support dynamic frequency selection (DFS} in the FCC domain (previous releases supported DFS for CE regulatory domain, which is required when wireless devices are operating in the same regions as active radar systems. Because radar systems use part of the 5 GHz band, devices must be able to detect the radar activity and select an unoccupied channel automatically.
Delegate remote deployment of Aerohive devices: Aerohive currently supports the HiveManager capability to upload a specific HiveOS image and configuration to all automatically discovered devices as soon as they make an initial CAPWAP connection with HiveManager. This release introduces enhancements to the provisioning process, and eliminates any additional manual input that was previously required by the remote deployment administrator. All device-specific settings are now imported to devices using the CSV import file, the device auto provisioning network policy is automatically created based on the CSV import file, and the device firmware upgrade is performed as defined in the policy.
Unified IP Firewall Policy extended to switches: In this release, the unified IP firewall policy extends to the SR Series switches, covering both inbound and outbound traffic on wireless and wired clients. Previously, the IP firewall policy only supported Aerohive APs.
Hong Kong area support for DFS for the AP230 and AP330: When operating in the Hong Kong geographic area, AP230 and AP330 devices now support the use of dynamic frequency selection (DFS) where radar systems are in use. This allows the devices to select a radar-free channel automatically when a radar presence is detected. For a complete description of DFS, see the HiveManager Online Help.
AP230 support for the China country code: AP230 devices now support for the China country code.
AP1130 support for the Korea country code: AP1130 devices now support the Korea country code.
Support Enhancements for NAC: This release extends support for Network Access Control (NAC) applications. NAC Change of Authorization (CoA) messages can now redirect bring your own device (BYOD) users to an external captive web portal (in addition to the Aerohive internal web portal) for firs-time credential entry, or remediation, such as anti-virus software installation or other updates required to bring the user device into compliance with the network policy.
Technology Preview: Cooperative-Application Visibility and Control Extended to SR Series Switches:
Cooperative-Application Visibility and Control (C-AVC) extends AVC to the SR Series switches, enabling you to monitor traffic patterns on wired and wireless networks. Using C-AVC, Aerohive switches and access points leverage Cooperative Control protocols to analyze application usage data from wired clients, while HiveManager provides monitoring and reporting of Layer 7 application data gathered from both wired and wireless clients. C-AVC is available on SR2024, SR2024P, SR2124P, and SR2148P switches when a supported AP230, AP330, or AP350 is connected directly to the switch.
For more information about C-AVC, including currently supported features, supported configurations, and setup instructions, please see the C-AVC Technology Preview.
Basic HiveOS 6.2r1 functionality, plus
AP230 Location Services: AP230 devices can now perform background scanning to discover the received signal strength (RSSI) values of client transmissions and report these values to HiveManager, which uses them to calculate the probable location of the client, and display an icon for the client on a map. For a complete description of location services, see the HiveManager Online Help.
AP230 Protected Management Frames: AP230 devices now support the use of protected management frames (PMF) established with 802.11w, which prevents the malicious use of spoofed management frames to disrupt the operation of the wireless network.
AP230 Spectrum Analysis: AP230 devices now support spectrum analysis. This feature extracts RF interference information and classifies the cause based on spectrum signatures on both the 2.4 GHz and 5 GHz bands. For a complete description of spectrum analysis, see the HiveManager Online Help.
Asynchronous RADIUS Accounting Update: A RADIUS accounting update interval is a repeating, 20 second period of time during which APs report DHCP-snooped IP addresses of associated clients to the RADIUS server, so they can be recorded and be properly authorized for network access. This enhancement removes the requirement that the AP waits until the end of the interval to update the RADIUS server. The AP now provides updated IP addresses of clients to an external RADIUS server immediately as soon as this information is obtained.
MAC address bypass for captive web portal: The MAC address bypass enhancement allows administrators to configure a whitelist containing specific client MAC addresses. When paired with an SSID profile, these clients can bypass the normal captive web portal authentication and interaction process. This allows “headless” or embedded devices, such as ATMs and vending machines, to connect to the WLAN network without admin intervention.
What about IDM/CM/Social Login?
They too are getting updated, but since they are only loosely coupled to HiveOS/HiveManager, they are tracked differently.