Tài liệu

Extreme Networks


Magic Quadrant for the Wired and Wireless LAN Access Infrastructure

Published: 17 October 2017 ID: G00316060


 Tim Zimmerman, Christian Canales, Bill Menezes


Enterprise LAN vendors providing access layer connectivity must respond to changing demands. Infrastructure and operations leaders should evaluate vendors based on their ability to provide an intelligent access layer capable of network automation that addresses all of the business requirements.

Strategic Planning Assumption


By 2022, more than 60% of IT organizations will use access layer network automation, up from less than 5% today.

Market Definition/Description


Gartner's view of the market is focused on the vendor's ability to anticipate and integrate transformational technologies or approaches delivering on the future needs of end users. Gartner defines the wired and wireless LAN access infrastructure market as a market that consists of vendors supplying wired and wireless networking hardware and software that enables devices to connect to the enterprise wired LAN or Wi-Fi network. These devices may include laptops; smartphones, tablets and other mobile smart devices; networked office equipment; sensors and other Internet of Things (IoT) endpoints; and other fixed or mobile endpoints communicating to a wired switch port or a wireless access point at the edge of the enterprise infrastructure. This research does not cover wired and wireless access networking infrastructure for adjacent markets, such as public venues, small office/home office, commercial and industrial settings, or point-to-point solutions.

Enterprise wired and wireless local-area networking components include:

  • Software — Network service applications that are cloud-based or deployed on an appliance or virtual appliance, including but not limited to:

    • Network management

    • Network monitoring

    • Guest access

    • Onboarding services

    • Authentication, authorization and accounting (AAA) security

    • Policy enforcement

    • Intrusion detection systems/wireless intrusion detection systems

    • Location services

    • Performance management

    • Network assurance

    • Application visibility

    • Network and vertical market analytics

    • Security including behavioral analysis

  • Hardware — Physical network elements including:

    • Wireless access points

    • Wired switches

    • Controllers, if needed

Vendors serve enterprises with three distinct go-to-market approaches:

  • The vendor provides its own wired and wireless infrastructure components, network applications and services. Examples include Cisco, Hewlett Packard Enterprise (HPE) Aruba, Extreme Networks and Huawei.

  • The vendor primarily provides a specific connectivity option, such as either wired or wireless components. These vendors often focus on solutions addressing a unique set of market requirements, such as cloud-based management of a predominantly wireless LAN (WLAN) or a vertical market, such as retail or healthcare. Examples include Aerohive, Mist Systems and Mojo Networks.

  • The vendor uses a strategic partner to provide some or all of the hardware or software components of an end-to-end access solution. These vendors provide differentiating functionality in the network applications for the combined solution. Examples include Dell and Juniper Networks.

Magic Quadrant

Figure 1. Magic Quadrant for the Wired and Wireless LAN Access Infrastructure
Source: Gartner (October 2017)

Vendor Strengths and Cautions


Aerohive provides public and private cloud management, as well as on-premises management for access points, switches and routers. For unified access networks using Aerohive wireless access points and HiveManager NG software, the enterprise can employ the vendor's own stand-alone and stackable switches or manage any Fastpath-based switch, including N-Series switches from strategic partner Dell. HiveManager NG comprises a full suite of access applications, including network configuration and management, policy management, onboarding and provisioning guest access. Aerohive provides network analytics for reporting and forensics, as well as presence location service applications.

With 87% of sales generated in North America and EMEA, Aerohive grew faster than the overall WLAN market with 16.8% revenue growth in 2016. Aerohive continues to focus on serving clients in the educational and retail industries, and other enterprises with distributed locations. Small and midmarket organizations in North America and Western Europe should include Aerohive when evaluating on-premises or cloud-managed WLANs. Aerohive should also be included for a global enterprise opportunity that uses Dell wired switching based on the product integration and uses Dell's global support capabilities.

  • Aerohive addresses small and midsize businesses or larger enterprises with remote offices where the Connect configuration of HiveManager NG provides basic functionality for network configuration, autoprovisioning tools, device and client monitoring, and guest access. Organizations can add more functionality from an advanced configuration menu when it is needed with seamless scalability.

  • Aerohive can deploy HiveManager NG as an on-premises solution or in either a public or private cloud where competitors often require two separate offerings depending on whether the deployment is on-premises or in the cloud.

  • Aerohive gives clients the ability to monitor all end users through a client health score, which also enables automatic corrective actions to meet preset service-level agreements (SLAs) for end-user connectivity.

  • HiveManager NG's multivendor network management capabilities are limited to Dell's N-Series switch line, likely deterring prospective customers that must maintain substantial deployments of legacy hardware from other vendors.

  • Aerohive continues to be a growing vendor that is geographically limited without its channel and strategic partnerships. Enterprises with global deployments must ensure that Aerohive is able to provide the necessary support capabilities.

  • Aerohive has limited machine learning and artificial intelligence capabilities that will affect its near-term ability to deliver on advanced enterprise requirements.


ALE, marketed under the brand Alcatel-Lucent Enterprise, is a private company owned by China Huaxin, which attained 100% ownership of the company in June 2017. The vendor provides a unified access network portfolio comprising its Alcatel-Lucent OmniSwitch wired switches combined with either its own Alcatel-Lucent OmniAccess Stellar wireless access points or those from OEM partner HPE Aruba. For larger and more complex campus deployments, access points from HPE Aruba or its Stellar products can be managed with the Alcatel-Lucent OmniVista 2500 management application. For Stellar access points, the OmniVista application also provides simplified guest access functionality, including automated onboarding of guest or employee "bring your own device" (BYOD), social media login capability and device fingerprinting.

ALE's unified wired and wireless access network capabilities primarily serve the hospitality, healthcare, transportation, education and government verticals, as well as general enterprise campus deployments. Clients in North America, EMEA and Asia/Pacific within their target markets should evaluate ALE.

  • Launch of the OmniAccess Stellar access points allows ALE to guide its own product roadmap and speed to address market requirements.

  • ALE continues expanding its OmniSwitch product line, including new models: its OmniSwitch 6560 fixed-format switches aimed at remote office deployments; the OmniSwitch 6865 hardened access switch intended for industrial or outdoor IoT deployments; and new modules for the 9900 48-port chassis switch aimed at core, aggregation or access network functions.

  • ALE's Intelligent Fabric technology enables automated configuration or reconfiguration of devices or applications, helping to reduce deployment time and related overhead costs for adds, moves or changes.

  • ALE offers two WLAN solutions, including an in-house option and an OEM option. There is currently overlap in capability, which can confuse prospects and lead to suboptimal selection.

  • Enterprises must be aware that ALE has multiple pricing methods — consumption and direct purchase — which may cause difficulty in determining the total solution price.

  • ALE has limited machine learning and network automation, as well as a limited indoor location strategy that will affect its ability to deliver on advanced enterprise access layer requirements.

Allied Telesis

Allied Telesis offers an end-to-end wired and wireless LAN portfolio, even though the Extricom product line that was acquired in 2015 has been retired. Organizations can manage the switching and WLAN product portfolio on-premises with Vista Manager EX or in the private or public cloud using AMF Cloud. Allied Telesis also has a new controller, the Unified Wireless Controller (UWC), which is suitable for small and midsize deployments and can be deployed as hardware or a virtual appliance. The Allied Telesis Autonomous Management Framework (AMF) delivers a suite of features to optimize reporting and network management. Allied Telesis sells predominantly through channels. The company does not appear in Gartner inquires, although it has a global footprint and more than 50% of its revenue comes from Japan. Allied Telesis mainly targets the public-sector, education, healthcare and hospitality vertical markets. Predominantly small and midsize businesses should consider Allied Telesis for their wired and wireless LAN infrastructure needs.

  • All products operate via the same operating system (AlliedWare Plus) for uniform functionality, better support, migration and upgradability.

  • Vista Manager/AMF can be deployed on-premises or in the cloud and offers integration, which provides deployment flexibility while simplifying network management and automation.

  • Vista Manager/AMF can also be integrated with Allied Telesis Secure Enterprise Software Defined Networking (SES) which offers an additional layer of protection to organizations.

  • Allied Telesis has limited functionality for basic applications, such as guest access. It does not have a captive portal that is capable of automatically issuing guest access through SMS or email.

  • Allied Telesis has limited real-time traffic analysis or security behavioral analytics that will affect its near-term ability to deliver on advanced enterprise requirements.

  • Allied Telesis operates globally but has less than 2% global market share and has 60% of its revenue from a single geography. Clients should validate that the reselling partner has the ability to provide sufficient local support capabilities.

Brocade (Ruckus)

Brocade provides unified access networks integrating its ICX wired switch line with WLAN infrastructure from Ruckus, a division of Brocade, which it acquired in May 2016. Currently, there is a pending acquisition of Brocade by Broadcom and another acquisition of the Brocade access layer switching assets and the Ruckus WLAN organization by Arris that may occur and should be considered in enterprise evaluations. Both switches and wireless hardware in larger implementations can be managed and monitored by the Brocade Network Advisor solution. For wireless-centric deployments, the Ruckus Cloud Wi-Fi or SmartZone WLAN controller provide management and monitoring functionality at no additional licensing cost. Brocade offers both controller-based and cloud-managed WLAN architectures plus a complete suite of network service applications for indoor location services, guest access and policy management.

Enterprises in North America and EMEA with access layer opportunities in education, hospitality and government should evaluate Brocade (Ruckus) but should exercise caution until the details of the acquisition are known.

  • The CloudPath network service application provides device onboarding, self-service guest access, security and policy management across the ICX switch, and Ruckus WLAN infrastructure.

  • The Brocade ICX 7000 switches support a campus fabric that allows the network to look like a single logical switch, which simplifies deployment and management.

  • Ruckus SmartCell Insight (SCI) provides predictive analytics and reporting that alerts IT organization of anomalies in the WLAN solution.

  • Acquisitions create uncertainty in long-term strategies and roadmaps. Enterprises must be aware of current pending and proposed acquisitions as part of their evaluation process.

  • The Brocade switch fabric does not include the Ruckus controllers and access points, limiting the fabric benefits, as well as requiring a separate management application.

  • A Brocade (Ruckus) solution has many management and network service application options, including CloudPath, Brocade Network Advisor, Cloud Wi-Fi, ZoneDirector, Unleashed and SmartZone. This can confuse customers and lead them to purchase the wrong application and/or overpay for multiple applications.


Cisco has the broadest portfolio of access wired switching and WLAN products. DNA Center, announced in July 2017, allows Cisco to provide network assurance to the access layer through contextual insights from network monitoring, security, analytics and policy enforcement. Cisco continues to be the market share leader for access layer connectivity, but it continues to lose market share. From 2015 to 2016, Cisco's revenue grew by 1.3% for WLAN and declined by 10.6% for campus switching, while the rest of the market grew 16.7% and 11.8%, respectively. The vendor continues to offer two access layer solutions: Aironet/Catalyst and Meraki. Cisco's on-premises solutions include the new Catalyst 9000 switching family as part of its Catalyst line of fixed-format and modular switches. Cisco's controller-based and controllerless Aironet access points provide on-premises WLAN connectivity that is supported by Identity Services Engine (ISE) for policy-based access and Prime for management. Cisco's Meraki solution has its own separate fixed-format switches and access points and a separate cloud-based policy and management console solution.

Clients should consider Cisco globally for all enterprise on-premises and cloud-based access layer opportunities.

  • Cisco's Software-Defined Access is a programmable network architecture that provides software-based policy and segmentation from the edge of the network to the application. The fabric architecture provides investment protection to address the requirements of IoT and new markets.

  • Cisco expanded its switching product line with the introduction of Catalyst 9000 Series. It is a high-end purpose-built campus platform with expandable storage designed for high-performance requirements.

  • Cisco has a robust set of network services, including Software-Defined Access and Network as a Sensor (NaaS) with Cisco ISE for IoT segmentation and encrypted traffic analytics with Cisco Stealthwatch to address end-user security concerns.

  • Meraki is not part of Cisco's DNA Center and cannot provide network assurance or directly manage the Catalyst 9000.

  • The Aironet/Catalyst and Meraki engineering and marketing teams continue to operate separately, and functionality is implemented differently between two teams.

  • End users looking to deploy both Catalyst/Aironet and Meraki solutions will need to purchase and implement ISE/Prime and the Meraki components, because consolidation to a single dashboard through DNA Center is not yet available.

Dell EMC

Dell EMC supports the unified access network market through its Dell EMC N-Series fixed-port, stackable Ethernet switches with Aerohive wireless access points. This architecture is administered via an integrated, Dell EMC-branded version of HiveManager NG that provides control and network service applications for the unified network. Dell EMC also provides its own OpenManage solution for management of either Dell EMC or multivendor wired switches. Dell EMC supports customers in over 200 countries and focuses on higher education, public institutions and government vertical markets, as well as healthcare and life sciences.

Enterprise organizations needing a global access layer vendor in Dell EMC's target markets should evaluate the solution, especially incumbent organizations that have existing Dell EMC switching infrastructure.

  • Dell EMC has an end-to-end wired/wireless LAN access infrastructure solution that can be deployed on-premises, as well as cloud-based network service applications.

  • Dell EMC continues developing and expanding its N-model wired switches with the addition of 802.3bz 2.5 Gbps and 5 Gbps ports, available for the N2100 and N3100 lines.

  • Dell EMC provides ProDeploy, an enterprise suite of services to help customers in all phases of installation and deployment and to test/validate the results.

  • Dell EMC offers multiple access layer solutions, which may cause confusion or redundant licensing. It continues to support the embedded base of its legacy, controller-based W-Series WLAN architecture, while offering a migration path to its Aerohive-based portfolio.

  • Dell relies on Aerohive for new wireless technology development, which means it has less control over its ability to respond to changing enterprise requirements.

  • Dell EMC does not deliver advanced enterprise access requirements, such as machine learning and network automation.


D-Link provides wired and wireless solutions for the unified access layer, as well as other network and security devices. Government, education and communications service providers are the most important markets for D-Link, which generates 85% of its revenue through channels. In 2016, D-Link released an 802.11ac access point, a new WLAN controller platform for larger configurations and a 10 Gigabit Ethernet switch. D-Link has also made some investments in IoT solutions and introduced Auto Surveillance VLAN. Supported on some of its switches, this is a technology that allows the support of a hybrid network that can handle data and Internet Protocol (IP) surveillance traffic separately. D-Link focuses on delivering a basic wired and wireless solution that is scalable and easy to use. However, the solution is limited in the network application functionality that is needed to automate processes such as guest access or policy enforcement.

Prospects in EMEA, Asia and North America with basic access layer requirements looking for a practical and cost-effective solution for small branch offices or remote locations or in the education market should engage D-Link.

  • D-Link provides its Central WiFiManager software at no cost to the overall solution, which addresses network management and guest access that makes D-Link solutions very cost-effective for organizations with basic requirements.

  • D-Link remains a low-price leader for a broad range of wired switch and wireless network hardware for enterprises with a limited number of use cases.

  • D-Link provides a better hardware warranty than its competitors, and there are no annual software maintenance costs for its network applications for solutions where the business requirements can be addressed.

  • D-View 7 provides basic wired and wireless network management that is behind on advanced services, such as device location insight, user roles, radio frequency performance and detailed monitoring capabilities.

  • D-Link's Central WiFiManager software supports only the vendor's access points and cannot be deployed in a cloud-based model.

  • D-Link is not keeping pace with enterprise requirements, such as limited indoor location services, policy enforcement, network assurance, analytics and IoT containment/separate strategies.

Extreme Networks

Extreme Networks is a global vendor with a broad portfolio of wired and wireless products that can meet a wide range of enterprise needs. In 2017, Extreme acquired Avaya's access layer business to further grow its customer base and strengthen its presence in its target markets. Government and education remain the top vertical market, but retail, manufacturing and healthcare growth was bolstered through the Zebra acquisition, which included the WiNG technology. Extreme provides enterprise flexibility by delivering edge-to-core infrastructure solutions that can be managed from on-premises, cloud or hybrid network service applications. ExtremeManagement, ExtremeControl and ExtremeAnalytics provide network management, guest access, policy enforcement and application analytics for Extreme network components, as well as multivendor networks for Cisco, Aruba and others. Extreme continues to provide strong customer service through a 100% insourced service and support team.

Prospects in North America, South America or EMEA should consider Extreme for access layer opportunities in education, government, retail, hospitality, manufacturing and healthcare.

  • Extreme has an experienced management team that is developing and executing its access layer strategy.

  • ExtremeManagement is a single console that provides multivendor, centralized management applications for wired and wireless environments that can be deployed on-premises or virtually in a public or private cloud environment.

  • ExtremeWireless semiautonomous access points offer management for on-premises or the cloud using the same hardware (switches and access points), offering investment protection for either mode of deployment.

  • Extreme now has three separate access layer architectures that will need to be rationalized. Strategic investment in multiple platforms may wane with time and not keep pace with enterprise requirements.

  • Extreme's indoor location services lack the granularity of competitive offerings. Organizations using location solutions from ExtremeWireless or ExtremeWireless WiNG need to document and test to assure that the technology addresses the use case.

  • Extreme's implementation of network assurance is implemented using two applications (Extreme Management Center and ExtremeAnalytics) requiring organizations to review their requirements to assure the combination of Extreme Management Center and ExtremeAnalytics addresses the business needs.


Fortinet delivers a unified-access wired/wireless network capability with strong security applications that simplify management, troubleshooting and policy enforcement. Fortinet serves midsize and distributed enterprises, including education and retailers. The Secure Access Architecture integrates Fortinet's core firewall and other security capabilities into a unified access network. Version 5.6 of FortiOS (Fortinet's network security operating system) has extended network visibility and management under a common framework that includes switches, WLAN access points, sandboxing and security products (Fortinet's previous operating system included only firewall and endpoint products). Fortinet's wireless solution has two distinctive architectures. One is based on the FortiGate firewall appliances with integrated WLAN controller functionality, and the other is a more traditional infrastructure — based on its acquisition of Meru Networks — that can be managed on-premises via a WLAN controller or from the cloud. The FortiAP-S series is Wave 1 and Wave 2 802.11ac access points that also include an integrated firewall and are able to perform real-time security processing. The company generates about 80% of its revenue in the North America and EMEA regions and focuses on education, retail and distributed enterprise markets.

Prospects, globally, should include Fortinet when considering vendors for a unified-access network deployment or refresh in education or retail, and when considering options for consolidating access network security infrastructure.

  • Fortinet pushes real-time security patches and malware or virus definition updates out to network customers, rather than providing them as periodic batch updates, reducing the time that network elements may be vulnerable to newly created or identified threats.

  • Fortinet does not charge a licensing fee for its infrastructure wireless access points, leading to lower cost.

  • The combination of FortiOS running on every Fortinet device with FortiSIEM delivers a strong security framework for managing IoT devices at the access layer, including the ability to implement IoT containment through policy-driven segmentation.

  • Fortinet's unified network management solution enables management of only Fortinet switches, access points and security appliances. This narrows its appeal to enterprises with multivendor infrastructure deployments.

  • Fortinet has several different lines of wireless access points that are usable to different degrees across the vendor's different access networking architectures. This potentially causes customer confusion about the interoperability and migration of the overall product line, as well as suboptimal choices.

  • Fortinet does not directly control the roadmap direction of FortiPresence, its indoor location service and application platform, since the functionality exists through an ecosystem partnership. This may limit Fortinet's ability to keep pace with changing enterprise requirements.

HPE (Aruba)

Aruba operates as a subsidiary of HPE and retains its brand for campus networking and security solutions. HPE (Aruba) is the second-largest vendor in the wired/wireless LAN access layer worldwide market, with revenue share of 19% for wireless and 10% for campus switching in 2016. HPE has rationalized what was a complex and overlapping portfolio of WLAN and wired access switching products. The company has a wide portfolio that includes WLAN controllers, a controllerless architecture through the Aruba Instant access points, and a cloud-managed offering with Aruba Central. Recent additions to Aruba Central include guest access management that leverages some functionality derived from ClearPass, the addition of Clarity (a feature that enables real-time testing of the quality of network connectivity services) and the ability to manage Aruba switches. Aruba Meridian, a cloud-only solution, provides end-to-end location-based services with remote beacon management tools, offering analytics, wayfinding and asset tracking capabilities. The Mobile First Platform is a software platform that allows organizations and third-party developers to access network, security and location insights. Aruba has expanded its security portfolio beyond ClearPass to include user and entity behavioral analytics (UEBA) with the acquisition of Niara (rebranded as IntroSpect). The combination of the AirWave management solution and Aruba's AppRF technology performs deep packet inspection for application visibility and control, and enables organizations to monitor latency of voice and video sessions, both over wireless and wired.

Evaluate HPE (Aruba) globally for all wired/WLAN access layer opportunities.

  • Gartner clients report a high degree of satisfaction with Aruba's ClearPass, which provides guest access, device profiling, posture assessment and onboarding.

  • Aruba's management and service applications (ClearPass, IMC, Meridian and AirWave) support non-HPE devices such as Cisco, ALE and others, which simplifies orchestration within multivendor environments.

  • The acquisition of Niara and Rasa Networks strengthen Aruba network traffic and security monitoring capabilities.

  • HPE FlexNetwork legacy switches do not offer the same level of functionality from AirWave and ClearPass compared with Aruba switches, which increases the likelihood of a suboptimal deployment. Enterprises should evaluate the difference in relation to their requirements.

  • Aruba Central, Aruba's cloud offering, currently lacks the same functionality as its on-premises ClearPass and AirWave offerings, limiting its capabilities.

  • Aruba has made changes to HPE's broadly available lifetime warranty for campus switches, which may be confusing and increase the total cost for the Aruba solution.


Huawei's Enterprise Business Group (EBG) is a global solution provider that has strong presence in its local Chinese market, which generated more than 55% of its switching and WLAN revenue in 2016. In the last three years, Huawei has grown at above-average market rates, although primarily in the Asia/Pacific and EMEA regions. Huawei's Agile Network Solution offers end-to-end campus networking that is predominantly focused on education, government and the public sector, hospitality, and retail. Many Huawei switches have integrated WLAN controller functionality, eliminating the need for a physical appliance and providing a more cost-effective solution. The Agile Controller platform offers programmability for tighter wired and wireless management and monitoring of network application services in branch offices. The Agile Controller also acts as the gateway for Huawei's CloudCampus solution, which allows management of switches and WLAN access points from the cloud.

Clients should evaluate Huawei for all wired/WLAN access layer opportunities, especially where it has a sizable installation base, mainly in China and EMEA.

  • Huawei's campus Agile Controller architecture can scale to up to 6,000 access points and over 1,000 access switches.

  • Huawei has a strong foundation in switching, which provides a broad range of fixed-form and modular switches, generally at lower prices than competitors.

  • eSight is a flexible network management application that supports infrastructure and devices from third-party providers, as well as the broad range of Huawei wired and wireless access layer components.

  • Organizations should request references for implementation and service of applicable Huawei solutions when installations are outside of China and EMEA.

  • Huawei's location services lag behind competitive offerings. Organizations should ask for proof points and review Huawei's ecosystem of partners for additional capabilities.

  • Huawei has a limited machine learning, network automation strategy that will affect its ability to deliver on advanced enterprise access layer requirements, such as SLAs that will need to act on the data instead of collecting and alerting IT.

Juniper Networks

Juniper Networks provides access networking via its EX Series wired switching and NFX Series service platform, but largely relies on ecosystem partnerships for wireless and expanded network applications through its Open Convergence Framework strategy. This ecosystem includes HPE (Aruba), Aerohive, Brocade (Ruckus), Lancom Systems and Samsung. The Juniper Unite Cloud-Enabled Enterprise is an integrated framework that provides automation, analytics and security from the cloud to the campus to branch networks. Juniper continues to expand its focus on security with its Software-Defined Secure Networks (SDSN) strategy, which delivers automated security policy enforcement to network device throughout the network via the Juniper Policy Enforcer engine. Junos Space Network Director delivers on-premises, single-pane-of-glass network management for wired, wireless, security and policy network elements.

Juniper maintains a well-thought-out campus switching architecture but lacks control over a wireless connectivity roadmap that is an enterprise connectivity requirement. Juniper should be considered for wired switching opportunities in midsize and large enterprises.

  • Juniper's Unite Branch solution extends SDSN to the branch, applying security policies for organizations that have a central campus (headquarters) as well as remote offices.

  • Juniper Unite and its Open Convergence Framework ecosystem deliver choice for hardware and software components. The interoperable options have been expanded to the global ecosystem of partners.

  • Junos Fusion Enterprise creates a campus network fabric which behaves as a single logical device for simplified management and provides virtual segmentation to isolate IoT devices from the access layer to the data center.

  • The Open Convergence Framework strategy limits Juniper's ability to control WLAN roadmaps, including indoor location, traffic analytics and security behavioral analysis, which may cause the company to lag competitors in keeping pace with enterprise needs.

  • Juniper's wireless relationships are "meet in the channel," which means sales, support and maintenance are separate from the relationship with Juniper.

  • Juniper has a limited unified wired and wireless LAN access strategy, since it must collect information from partners that are part of the Open Convergence Framework, but none are integrated into Juniper's network fabric.

Mist Systems

As one of the smallest but fastest-growing vendors, Mist Systems has over 200% growth year over year. Mist offers a portfolio of wired and wireless components, which are typically delivered in the cloud. Mist dual radio access points have 16 integrated antenna elements for Bluetooth low energy (BLE) and collect over 100 different user states, which are processed through a machine learning engine. In addition to guest access, network management and policy applications, Mist provides indoor location capabilities and virtual BLE beacon functionality for wayfaring applications and asset management. The Mist architecture also allows it to leverage artificial intelligence technology for proactive operations, predictive recommendations and rapid troubleshooting required to provide network assurance and automation.

Mist focuses on midsize and large enterprises and should be evaluated in education and retail opportunities in North America or globally through partners, such as NTT, that have a global footprint.

  • Mist has an indoor location solution that provides 1- to 3-meter granularity and virtualizes BLE beacons, eliminating the need for physical-battery-powered beacons.

  • The Mist solution has over 100 pre- and postconnection user states in its access points, which are integrated into a machine learning engine to deliver network automation and lower the cost of management by automating operations and making predictive troubleshooting.

  • The Mist solution provides a complete view of metrics for the users of Wi-Fi and BLE data on the cloud console, which can also be deployed on-premises. Organizations that have custom reporting or analytic requirements should review all the information available via APIs.

  • Mist has a small direct and indirect sales organization that focuses mainly in North America. Organizations need to assure that sales and support, either directly from Mist or through partners, are available for all geographical areas where the Mist solution will be deployed.

  • Lack of control of wired connectivity, which is provided through partners, limits Mist's ability to directly control development in areas such as traffic analytics, security behavioral analysis and IoT containment. Organizations must understand the functionality and support of Mist's ecosystem partners.

  • Mist has higher-priced access points in a market that has continually declined in price. Organizations must assure that any access point premium yields the appropriate return on investment.

Mojo Networks

Mojo Networks is a wired and wireless access layer infrastructure provider with a portfolio of switches, access points and access layer applications. While focused in North America, Mojo has a global customer base. The cloud-managed Cognitive WiFi solution has been optimized for large-enterprise networks, as well as higher education and K-12 markets. Mojo is a proponent of open standards and is a member of the Open Compute Project Foundation (OCP), which helps drive the vendor community to open-source access layer connectivity. It recently demonstrated several Open Network Install Environment (ONIE)-compliant "white box" access points, working in tandem with several ecosystem partners, and released a three-radio access point. The third radio is to be used for many applications, including full-time wireless intrusion prevention systems (WIPSs), spectrum analysis and client simulation. Evaluate Mojo Networks in North America for all wireless cloud-based access layer connectivity projects and globally through partners that provide the required ability to support installations.

  • In line with enterprise clients' adoption of network automation, Mojo intelligent cognitive architecture automates network monitoring and troubleshooting, allowing the network to detect, diagnose and resolve autonomously. Organizations seeking high reliability and having limited IT staff or remote offices could benefit from the ability to rapidly troubleshoot and resolve issues.

  • Mojo AirTight is a WIPS that provides comprehensive protection from wireless vulnerabilities and threats. This is particularly suitable for enterprises with strong rogue or intrusion detection requirements.

  • Mojo's licensing model and hardware purchasing model make it very competitive in its target markets while providing ease of ordering and deployment.

  • Mojo has a direct sales organization that focuses in North America and EMEA with a global presence through partners. Organizations need to assure that sales and support are available for all geographical areas where the Mojo Networks solution will be deployed.

  • Mojo lacks roadmap control and development resources of wired connectivity, indoor location and IoT containment. Organizations must evaluate those portions of the solution provided by Mojo's ecosystem partners.

  • The lack of multivendor network management support in Mojo's cloud means organizations need to be aware that multiple vendor-specific network applications may be needed.

New H3C

In May 2016, HPE announced that it had closed the sale transaction of H3C with Tsinghua Holdings. New H3C is a strong infrastructure vendor in China with a large portfolio of hardware and applications, including switches, WLAN, security and cloud computing products. For wired/wireless LAN access layer opportunities, New H3C's key vertical markets are the education, healthcare and government sectors. The intelligent Management Center (iMC) provides unified wired/wireless management and guest access, and the more recent Oasis platform provides wireless management from the cloud, including data analytics and basic device/user behavior analysis in a multitenant environment.

Clients with Asia/Pacific access layer opportunities should consider New H3C.

  • Organizations can deploy iMC modules that provide capabilities ranging from user behavior analysis to security policy management and automation.

  • New H3C has a strong foundation in switching, with a broad portfolio of fixed-form and modular switches at competitive pricing.

  • New H3C's Oasis platform provides cloud-based management that supports network health inspection, user experience, wireless network analysis, troubleshooting and indoor location application services in conjunction with its Cupid indoor location services.

  • Over 90% of New H3C's revenue is in Asia/Pacific; organizations considering New H3C in other geographies should request partner references for implementation and support/servicing.

  • iMC is a large network service application with many modules that is confusing to organizations and requires additional training for network administrators.

  • New H3C lags behind other vendors in the breadth of controllerless products, such as access points with embedded controller functionality, which are more resilient and cost-effective.

Riverbed (Xirrus)

Riverbed acquired Xirrus in April 2017 as part of expanding its SteelConnect software-defined wide-area network (SD-WAN) offering with an enterprise-grade cloud-managed WLAN solution. The addition of Xirrus' wireless-focused portfolio provides a larger range of access points; the cloud-based or on-premises Xirrus Management System (XMS); and service applications such as its EasyPass access solution suite. As with any acquisition, execution within the first 12 months is critical to success, and Riverbed (Xirrus) is faced with the task of integrating and rationalizing multiple hardware, software and management product lines, and merging corporate cultures.

Prospects in North America and EMEA should evaluate Riverbed (Xirrus) for opportunities in education and distributed enterprises.

  • Riverbed (Xirrus) access points support two to eight software-defined radios to provide flexibility to address increasing density requirements as clients carry more devices.

  • EasyPass is a suite of network applications that provides Wi-Fi device onboarding and guest access services and policy control, including single sign-on for users with Microsoft Office 365 or Google Cloud credentials.

  • The acquisition of Xirrus by Riverbed adds additional sales and support resources to expand the ability to deliver an access layer solution.

  • Customers that have recently purchased Xirrus wireless access points or prospects should request detailed sales, support and migration plans from Riverbed (Xirrus).

  • Riverbed (Xirrus) has a limited machine learning and network automation strategy that will affect its ability to deliver on advanced enterprise access layer requirements.

  • Riverbed (Xirrus) has limited traffic and security monitoring capabilities beyond network management and device profiling functionality.

Vendors Added and Dropped

We review and adjust our inclusion criteria for Magic Quadrants as markets change. As a result of these adjustments, the mix of vendors in any Magic Quadrant may change over time. A vendor's appearance in a Magic Quadrant one year and not the next does not necessarily indicate that we have changed our opinion of that vendor. It may be a reflection of a change in the market and, therefore, changed evaluation criteria, or of a change of focus by that vendor.


The following vendors were added to this year's Magic Quadrant:

  • New H3C

  • Mist Systems

  • Mojo Networks

  • Riverbed (Xirrus)


The following vendors were dropped from this year's Magic Quadrant:

  • Avaya's switching and WLAN organization was acquired by Extreme Networks. It will be assessed as Extreme Networks.

  • Xirrus was acquired by Riverbed. The combination will be assessed as Riverbed (Xirrus).

  • Zebra Technologies' WLAN organization was acquired by Extreme Networks.

  • ZTE did not meet the inclusion criteria.

Other Vendors

There are several additional vendors that garner interest from Gartner clients or that could impact this market over time. These vendors do not currently meet our inclusion criteria, but they can address enterprise access layer connectivity in certain usage scenarios. In some cases, these vendors sell to customers outside the traditional IT organization. Specific players we track include:

  • Adtran

  • Cloud4Wi

  • Lancom Systems

  • Netgear

  • Ruijie Networks

  • Ubiquiti Networks

  • Zyxel Communications

Inclusion and Exclusion Criteria


The inclusion criteria represent the specific attributes that analysts believe are necessary for inclusion in this research.

To qualify for inclusion, vendors need to:

  • Demonstrate relevance to Gartner clients in the enterprise access layer market by offering switching and WLAN hardware to address enterprise access layer networking requirements outlined in the Market Definition/Description section.

  • Demonstrate relevance to Gartner clients in the enterprise access layer market by providing one or more network applications as outlined in the Market Definition/Description section with an annual network service revenue exceeding $5 million.

  • Produce and release enterprise access layer networking products for general availability as of 15 April 2017. All components must be publicly available, shipping and included on the vendors' published price list. Products shipping after this date will only have an influence on the Completeness of Vision axis.

  • Have at least 50 enterprise customers that use its access layer networking products in production environments as of 15 April 2017.

  • Demonstrate production enterprise customers with at least five reference customers supporting access layer networks of more than 100 access points.

Evaluation Criteria


Ability to Execute

Gartner evaluates technology providers on the quality and efficacy of the processes, systems, methods or procedures that enable IT provider performance to be competitive, efficient and effective, and to have a positive effect on revenue, retention and reputation. Technology providers are ultimately judged on their ability and success in capitalizing on their vision.

Product/Service: We evaluate vendors for completeness of their access layer infrastructure products and services consisting of switches, access points and related components such as external antennas and outdoor enclosures needed for the end-to-end solutions in various vertical markets. This year, we have placed greater emphasis on network applications