adtran’s virtual about the denver center wireless lan ... · cost-effective solution and we ......

The Denver Center for the Performing Arts (DCPA)As the flagship theatre of the Rocky Mountain region, the not-for-profit DCPA has 10 performance venues on its four-block, 12-acre campus, annually serving 750,000 patrons and 50,000 students.

The DCPA encompasses the following entities:

• Denver Center Theatre Company, a Tony Award-winning professional resident theatre, which produces classic and contemporary plays, revivals and world premieres.

• Denver Center Attractions, presenter of blockbuster Broadway musicals and cabaret.

• National Theatre Conservatory, a Congressionally-chartered Master of Fine Arts program.

• Denver Center Theatre Academy, a theatre education program offering acting instruc-tion to individuals and opportunities for schools.

The Challenge for DCPAAs a non-profit with ticket sales paying for less than half of their production and theatre education program costs, DCPA relies heavily on contributions from donors. Investments in infrastructure are carefully examined to ensure cost efficiencies—not only at the time of purchase but also in the future.

ADTRAN’s virtual Wireless LAN (vWLAN) Solution Provides Increased Bandwidth and Unsurpassed Scalability to The Denver Center for the Performing Arts.

Bluesocket 1800 Bluesocket 1840

About The Denver Center for the Performing Arts

The Denver Center for the Performing Arts (DCPA) presents and produces live

theatre with Broadway touring shows, cabaret productions and a professional theatre company. The DCPA also is the

site of training schools for actors and unique rental facilities. The Tony

Award-winning Denver Center Theatre Company is the largest professional theatre company between Chicago

and the West Coast.

The ChallengeWith multiple buildings spread across a

12-acre campus, DCPA was experiencing a growth in wireless usage resulting

in the need for more bandwidth. With VMware deployed, the DCPA also looked

to leverage their VMware investment whenever possible.

The SolutionDCPA selected ADTRAN’s vWLAN

solution operating on VMware. In addi-tion, DCPA has deployed ADTRAN’s Bluesocket 1800 and 1840 wireless

access points campus-wide.

The BenefitWith ADTRAN’s vWLAN solution DCPA has increased bandwidth capacity and

scalability in the future; centralized control of all access points and wireless

hand-held scanners; enforced security at the access point to eliminate unwanted

LAN traffic; and implemented role-based login credentials with specific policies

for staff, guests and rental venues.

Supporting multiple buildings within a 12-acre campus, growth in wireless usage caused the need for more bandwidth. The DCPA’s wireless usage consists of various user groups, all with specific needs and defined access parameters. With VMware® deployed, the DCPA also looked to leverage their VMware investment whenever possible.

The SolutionDCPA selected ADTRAN®’s virtual Wireless LAN (vWLAN®) solution operating on VMware to migrate away from a hardware-based controller solution, achieving future scalability, increased bandwidth while leveraging all the advantages of virtualization.

ADTRAN’s solution transitioned the WLAN to the software-based vWLAN solution on VMware. In addition, DCPA deployed ADTRAN’s Bluesocket® 1800 and 1840 high-performance, dual-radio 802.11n wireless access points with 3rd party external antennas to provide extended range coverage.

“vWLAN is an impressive, cost-effective solution and we couldn’t be more thrilled.” John H. Voorheis Manager of Infrastructure

The Benefits of ADTRAN’s vWLAN SolutionSome of the key benefits that The DCPA has experienced since deploying ADTRAN’s vWLAN solution include:

Increased Scalability• EliminationofthephysicalWLAN

hardware controller to:

m increase bandwidth to the capacity of over 300 Gbps since system capacity is no longer determined by the backplane capacity of a hardware controller

m leverage the scale capabilities of virtualization and the data center

• Scalingwirelesscapabilitiesthroughsoftware on the access point and virtualized control rather than wireless-only hardware

Reduced Risk• Securityattheaccesspointtoensurethatunwanted

and undifferentiated traffic never enters the LAN

• Advancedguestaccessservicestoaccommodatespecific needs of various user groups

• Simplifiedimplementationandexpansiondue to a software-based virtual controller residing in the datacenter

Lower Costs• Onesinglesoftware-basedcontrolinstance

on VMware at the data center rather than the added cost of multiple, disbursed hardware- based controllers

• Costsavingsrecognizedfrom:

m implementing a virtual software-controller rather than costly hardware-based controllers expenditures

m a reduction of energy costs since a hardware- controller accounts for 80% of the power consumption costs

The DCPA is pleased with their deployment of ADTRAN’s vWLAN solution and can now ensure the cost efficient operation and scalability of their wireless LAN today and in the future.

EN1623A August Copyright © 2011 ADTRAN, Inc. All rights reserved. ADTRAN believes the information in this publication to be accurate as of publication date, and is not responsible for error. Specifications subject to change without notice. ADTRAN, Bluesocket, NetVanta, VMware and vWLAN are registered trade-marks of ADTRAN, Inc. and its affiliates in the U.S. and certain other countries. All other trade-marks mentioned in this document are the property of their respec-tive owners. Five-year warranty applies only to products sold in North America.

ADTRAN products may besubject to U.S. export controls and other trade restrictions. Any export, re-export, or transfer of the products contrary to law is prohibited. For more information regarding ADTRAN‘s export license, please visitwww.adtran.com/exportlicense

“(ADTRAN) Bluesocket enabled us to move WLAN control into the data

center on VMware releasing us from a physical controller and giving us high

availability and portability of the controller through our virtual

infrastructure—increasing bandwidth and providing unsurpassed scalability.”

John H. Voorheis, Manager of Infrastructure

Kronos IncorporatedAs the global leader in workforce management solutions—with tens of thousands of customers in 60 countries including more than half of the Fortune 1000—Kronos knows well the importance of technology as a framework for business success. Kronos once again turned to ADTRAN® to upgrade its wireless network.

The Challenge for KronosKronos’ IT department supports over 3,000 employees who are using over 1,500 wireless devices per day. the sudden growth of various “pure wireless” devices (e.g. smartphones and iPads) which lack any wired networking functionality. Kronos not only expects this trend to continue in the future but also expects that these devices will quickly dominate the installed base.

Kronos® Boosts Connectivity and Employee Productivity with vWLAN®

About KronosFounded in 1977, by Mark Ain, a Massachusetts Institute of Technology (MIT) graduate, Kronos has more than 30 years in business. Providing workforce management solutions, they offer key tools that companies need to help control labor costs, minimize compliance risk, and improve workforce productivity.

The Challenge Kronos needed to upgrade their wireless LAN to support the rapid growth of various “pure wireless” devices (e.g. smartphones and iPads). At the same time they wanted to ensure a consistent implementation worldwide, security enforcement at the edge, and the solution needed to support Kronos’ commitment to virtualization.

The SolutionKronos selected ADTRAN’s vWLAN solution operating on VMware® to support a global transition to an 802.11n-based wireless LAN. Kronos has also deployed approximately 200 ADTRAN’s Bluesocket® wireless access points across global locations.

The BenefitWith ADTRAN’s vWLAN solution, Kronos has upgraded to 802.11n technology; has leveraged virtualiza-tion to easily scale across global locations, and realized major cost- savings by eliminating hardware-based controllers.

However, with these devices also comes a substantially greater increase in network traffic.

According to new 2011 figures from Juniper Research, a provider of research and analytical services to the global hi-tech communications sector, the amount of mobile data traffic generated by smartphones, feature phones and tablets will exceed 14,000 Petabytes by 2015, equivalent to 18 billion movie downloads or three trillion music tracks.

While planning their wireless LAN upgrade, Kronos outlined critical needs including; security enforcement at the edge, a consistent 802.11n implementa-tion worldwide, and support of the corporate commitment to virtualization.

With over 3,000 employees

worldwide, secure and reliable

high-speed wireless connectivity is

fundamental to the productivity of

Kronos employees. Kronos selected

ADTRAN’s virtual Wireless LAN

(vWLAN) solution to support a global

transition to 802.11n and away from a

controller-based solution.

“We needed a solution that would allow us to upgrade to 802.11n technology, accommodate the proliferation of devices hitting our network, and allow expansion cost-effectively and efficiently across remote sites.”Douglas Tamasanis, Senior Director of IT

The SolutionvWLAN deployment included high availability operating in two data centers (Chelmsford, Massachusetts and Noida, India), 150 Bluesocket 802.11n access points deployed in three main locations followed by another 50 access points in London, Chicago, Sydney, and Bangalore.

The Benefitsn Elimination of the physical WLAN hardware

controller completely to leverage the scale capabilities of virtualization and the enterprise data center

n Scaling wireless capabilities through software on the access point and virtualized control rather than wireless-only hardware

n High availability configuration that provides failover with zero packet loss—achieved by a secondary virtual control instance that supports each access point

n As a multi-site deployment, the use of one single control instance at the data center rather than controllers at each site

n Security at the access point to ensure that unwanted and undifferentiated traffic never enters the LAN

n Simplified implementation and expansion due to a software-based virtual controller

n Cost savings recognized from:o implementing a virtual software-controller

rather than costly hardware-based controllers expenditures

o a reduction of energy costs since a hardware-controller accounts for 80 percent of the power costs

Kronos is delighted with their deployment of ADTRAN’s vWLAN solution and have now planned to have all future WLAN controllers be virtual.

EN1650A November Copyright © 2011 ADTRAN, Inc. All rights reserved. ADTRAN believes the information in this publication to be accurate as of publication date, and is not responsible for error. Specifications subject to change without notice. ADTRAN, Bluesocket and vWLAN are registered trade-marks of ADTRAN, Inc. and its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.

ADTRAN products may be subject to U.S. export controls and other trade restrictions. Any export, re-export, or transfer of the products contrary to law is prohibited. For more information regarding ADTRAN‘s export license, please visit www.adtran.com/exportlicense

ADTRAN, Inc.Attn: Enterprise Networks901 Explorer BoulevardHuntsville, AL 35806

P.O. Box 140000Huntsville, AL 35814-4000

256 963-8000256 963-8699 fax

General Information800 [email protected]

Pre-Sales Technical Support800 615-1176 [email protected]/support

Where to Buy877 280-8416 [email protected]/where2buy

Post-Sales Technical Support888 [email protected]/support

Global Inquiries256 963-8000 voice256 963-6300 [email protected]/global

Brevard County LibrariesBrevard County Libraries enables people of all ages to improve their quality of life by providing information and enrichment through traditional resources and new technology. This public library system strives to offer services that meet the needs of the local community.

The Internet is an important resource toward meeting their mission of providing citizens with current information, educational materials, and lifelong learning opportunities. For children and youths the Internet can offer many benefits, including homework help, assistance with science research projects, job applications, as well as access to numerous educational websites.

To support this mission every Brevard County library has computers with internet access that patrons may use at no charge and free computer classes are offered at some libraries. Free public internet access is also offered for persons with wireless-enabled portable

Brevard County Libraries Enhances User Experience and Security with vWLAN.

About Brevard County LibrariesThe Brevard County Libraries is made up of seventeen public libraries, and a pickup/drop off only location. Located on Florida’s Space Coast. Brevard County is geographically unique at 72 miles long and 25 miles wide at the broadest point. This public library system offers more than 1.4 million books, DVDs, CDs, and other items to the county’s 537,000 residents, 45 percent of whom have a library card.

The Challenge The Brevard County Libraries system was looking at a cost effective solution to manage and control the 18 geographically disbursed hotspot locations, and ensure a future proof wireless LAN technology that lever-ages the benefits of virtualization.

The SolutionBrevard County Libraries selected ADTRAN’s vWLAN solution based on VMware®, with Bluesocket® 802.11n access points deployed at all 18 locations.

The BenefitWith ADTRAN’s vWLAN solution, Brevard County Libraries has central control of all access points across 18 locations, and recognized significant costs savings by eliminating hardware-based controllers. In addition, role-based login credentials ensure traffic from underage patrons is directed through an in-line content filtering device to block offensive content.

computers or Personal Digital Assistants (PDAs). This allows visitors to quickly and easily connect and access the library online resources, databases and the Internet. This service uses the library’s network resources to connect to the Internet and as such provides the same connectivity as the wired patron public access computers installed at the library locations when connected to the service as a guest account.

The Challenge for Brevard County Libraries With designated Wi-Fi® hotspot locations clearly marked within all of the 18 Brevard County Library buildings, wireless usage within the libraries is now at an all-time high. Connection to the service using a Brevard County Library card allows the patron to access some services not available using the public access computers—such as Instant Messaging and email using an email client program.

Offering wireless connectivity to

patrons and visitors, Brevard County

Libraries selected ADTRAN®’s virtual

Wireless LAN (vWLAN®) solution to

cost effectively manage and control

18 geographically disbursed hotspot

locations and to ensure a future proof

WLAN technology that leverages all the

advantages of virtualization.

“The vWLAN helps us share information in a way we never could before—befitting the information age.” Michael Renninger, Information Systems Tech II. Brevard County I.T.

The Solution ADTRAN’s deployment included; vWLAN controlling Bluesocket 802.11n access points deployed across all 18 library locations.

The Benefits of ADTRAN’s vWLAN

n Elimination of the physical WLAN hardware controller completely to leverage the scale capabilities of virtualization

n Scaling wireless capabilities through software on the access point and virtualized control rather than wireless-only hardware

n Security at the access point to ensure that unwanted and undifferentiated traffic never enters the LAN

n Simplified implementation and expansion due to a software-based virtual controller

n Support of the SIP2 protocol for patron authentication provides various functions such as preventing delinquent patrons from making requests

n Reinforcement of CIPA (Children’s Internet Protection Act) compliancy with role-based login credentials that direct underage patron traffic to an inline content filtering device to restrict access of unsuitable content

n Support of current eBook collection (contains more than 27,000 netLibrary eBooks) and readiness for future eBook initiatives

n Visibility of and defined access for patron, guest and staff wireless usage via role-based login credentials

n Investment protect with vWLAN, a future proof WLAN solution, ends the perpetual cycle of controller hardware upgrades

n Cost savings recognized from:o implementing a virtual software-controller

rather than costly hardware-based controllers expenditures

o a reduction of energy costs since a hardware-controller accounts for 80 percent of the power costs

With their deployment ADTRAN’s vWLAN solution, the Brevard County Libraries can now cost effectively and effortlessly scale across 18 hotspot locations to ensure ideal network access and an optimal experience for all users.

EN1654A November Copyright © 2011 ADTRAN, Inc. All rights reserved. ADTRAN believes the information in this publication to be accurate as of publication date, and is not responsible for error. Specifications subject to change without notice. ADTRAN, Bluesocket and vWLAN are registered trademarks of ADTRAN, Inc. and its affiliates in the U.S. and certain other countries. All other trademarks mentioned in this document are the property of their respective owners.

ADTRAN products may be subject to U.S. export controls and other trade restrictions. Any export, re-export, or transfer of the products contrary to law is prohibited. For more information regarding ADTRAN‘s export license, please visit www.adtran.com/exportlicense

ADTRAN, Inc.Attn: Enterprise Networks901 Explorer BoulevardHuntsville, AL 35806

P.O. Box 140000Huntsville, AL 35814-4000

256 963-8000256 963-8699 fax

General Information800 [email protected]

Pre-Sales Technical Support800 615-1176 [email protected]/support

Where to Buy877 280-8416 [email protected]/where2buy

Post-Sales Technical Support888 [email protected]/support

Global Inquiries256 963-8000 voice256 963-6300 [email protected]/global

“As a library in the information age it is important for us to stay relevant. ADTRAN’s wireless technology helps

our patrons access information quickly and easily.”

Michael Renninger, Information Systems Tech II,

Brevard County I.T.

vWLAN® Whitepaper The next generation wireless solution:

vWLAN™ Architecture White Paper

_________________________________________________________________________________________________________________________

© 2010 Bluesocket, Inc. Bluesocket Inc.! | 52 Second Avenue !Burlington, MA 01803 !USA | 781.328.0888 2

Table of Contents Bluesocket’s Next Generation Secure Wireless Solution ___________________________________ 3

Market Evolution ______________________________________________________________________________ 3

Smart 802.11n Access Points Support State-of-the-Art Security _______________________________________ 3

Delivering Massive Scalability ___________________________________________________________________ 4

Sustainability Means Maximizing Efficiency _______________________________________________________ 4

vWLAN’s Innovative Approach ___________________________________________________________ 5

Highly Scalable NAC solution ____________________________________________________________________ 5 Security Role Enforcement at the AP ______________________________________________________________________ 5 Distributed Encryption __________________________________________________________________________________ 5 Out-of-Band Endpoint Compliance ________________________________________________________________________ 6 Distributed Wireless IDS Analysis ________________________________________________________________________ 6

Convergence Results in a Simple, Higher Performance Network _______________________________________ 7

Seamlessly Roam to Anywhere ___________________________________________________________________ 7

High Availability With Less Complexity ___________________________________________________________ 8

Distributed Quality of Service ___________________________________________________________________ 9 Bandwidth Management _______________________________________________________________________________ 10 WMM/ Packet Prioritization ____________________________________________________________________________ 10 Airtime Fairness______________________________________________________________________________________ 10 Packet Remarking ____________________________________________________________________________________ 10

Simplification through Integration _______________________________________________________________ 10 Integrated Guest Access________________________________________________________________________________ 10 Reporting ___________________________________________________________________________________________ 11 RF Management______________________________________________________________________________________ 11

Summary of Solution Benefits ______________________________________________________________ 12

A Distributed Architecture


_________________________________________________________________________________________________________________________


Bluesocket’s Next Generation Secure Wireless Solution

Market Evolution

Over the past several years, the availability of wireless devices and demand for wireless networking has skyrocketed. Increasingly, secure, robust wireless networking is a mission critical component of the communications needs of any organization. The growth of high bandwidth devices and applications has created the need for high performance, secure wireless service deployed over large areas such as corporate or university campuses, hospitals, municipalities and arenas. As more and more wireless applications evolve, wireless networks will need the capability to expand to meet the ever-increasing demand.

A leader in providing secure wireless solutions since 1999, Bluesocket has engineered its next generation secure wireless solution called vWLAN™ to meet this explosive growth. vWLAN's architecture unifies the wireless and wired networks to deliver maximum efficiency by separating the data plane from the wireless network management and control plane. This is achieved through the use of smart 802.11n access points which can support traffic forwarding decisions at the edge of the network. vWLAN offers customers the “3S” Competitive Advantage, Security, Scalability and Sustainability.

Smart 802.11n Access Points Support State-of-the-Art Security

Bluesocket’s well-known security capabilities were integrated into vWLAN to provide comprehensive protection including network access control (NAC), authentication server integration, enhanced guest access, and role-based policy enforcement. These security features were optimized in the next generation architecture for enhanced performance and scalability. vWLAN’s identity-based access control removes restrictions that were part of traditional WLAN solutions and provides more flexibility in managing wireless access.

Role-based policy enforcement permits a granular level of control over what each user is allowed to do on the network. Role-based privileges can be based on time, bandwidth use, type of traffic and location.

vWLAN’s distributed mobility solution handles subnet roaming at the edge, while its sophisticated centralized control software works at the core to determine the optimal tunneling endpoint and to guarantee seamless mobility. The algorithm incorporates intelligent tunnel load balancing, a subnet discovery protocol, and even a mechanism to detect and accommodate for misconfigured devices in the wired infrastructure to guarantee that wireless users can always access the network.

Bluesocket’s 802.11n Access Points incorporate our award winning fairness algorithm to provide optimal voice performance in a mix mode deployment. Prioritizing traffic at the edge is just one of the key, industry-leading features to support the highly secure and efficient vWLAN design.


_________________________________________________________________________________________________________________________


Delivering Massive Scalability Bluesocket’s innovative solution is architected to scale from 5 to 1500 access points on Bluesocket's current hardware platform, an increase of up to 90% over existing technology. As the number of wireless devices steadily increases, Bluesocket’s vWLAN makes it easy and efficient for their customers to scale their wireless networks. Customers can simply add additional APs and licenses to expand the footprint of their network and/or the number of users/devices supported. Flexible, software-based architecture greatly simplifies expanding, reconfiguring, and managing the wireless network, resulting in significant reduction in operating cost for customers.

Sustainability Means Maximizing Efficiency Bluesocket’s vWLAN energy efficient configuration supports customer sustainability efforts by reducing carbon emissions in two ways. First, vWLAN reduces hardware requirements up to 80%, thereby eliminating the energy required to produce, ship, install, store, maintain and dispose of that hardware. Second, significantly less required hardware reduces the amount of electricity required to operate the vWLAN. Since electricity generation is one of the largest producers of CO2, the vWLAN can be a strong contributor to a company’s sustainability initiatives and the reduction of a company’s CO2 footprint.


_________________________________________________________________________________________________________________________


vWLAN’s Innovative Approach Designed from the start with support for intelligent distributed switching at the edge, the Bluesocket solution leverages existing switching infrastructure to handle high-speed traffic and provide an optimal mix of security, control and quality of service (QoS). This approach delivers wired equivalent performance through edge forwarding thus eliminating network complexity and disruptive upgrades. vWLAN™ is easy to add to your existing network because it does not require network redesign, additional subnets or DHCP servers. vWLAN integrates directly into your existing network and leverages your pre-configured VLANs at Layer 2 or existing Layer 3 networks. The wireless users receive the same IP address as the wired users, simplifying your network management for both wired and wireless users. The vWLAN appliance can reside anywhere as long as the access points have network connectivity to the appliance. Since the vWLAN appliance provides control and management functionality, it is truly an out of band solution and can reside anywhere in the network.

Highly Scalable NAC solution When designing a WLAN system for scalability and performance, it is important to evaluate every component in the system and optimize its behavior. Bluesocket designed their robust security modules to operate out-of-band or at the edge of the network in order to achieve wired-equivalent performance throughout the system.

Security Role Enforcement at the AP vWLAN’s policy enforcement permits a granular level of control over what each user is allowed to do on the network. Role-based privileges can be based on time, bandwidth use, and location. In vWLAN, the user's policy is determined based on the user's identity. User roles are managed by the central control software but are enforced by the access point. The roles contain multiple attributes including VLAN/Subnet assignment, bandwidth and QoS, and other security related attributes. Since vWLAN is based on identity-based access control, a single SSID can be used to support multiple roles eliminating the need to manage multiple SSIDs. Each user role can have an associated schedule, which determines when the role is active (date and time). This is particularly useful for guest users or in a facility that has specific operating hours, for instance, between 9am-5pm. .

Distributed Encryption The access points perform Layer 2 encryption/decryption for WPA/WPA2 using specialized hardware in the radio module. This approach ensures the system scalability, especially with 802.11n data transfer rates.


_________________________________________________________________________________________________________________________


Out-of-Band Endpoint Compliance BlueProtect™ is Bluesocket’s integrated endpoint client scanning solution. With BlueProtect, IT Staff can be confident that client devices connecting to the corporate wireless network are safe and will not introduce threats into the network environment.

BlueProtect traffic, including client scanning and remediation, is forwarded to the centralized appliance while the client is deemed “unclean”. After completing the scan, the AP receives the updated role information and begins switching the client traffic locally.

Managed via the administration GUI of vWLAN, BlueProtect allows IT staff to monitor, control and enforce policies relating to the following:

• Anti-Virus • Anti-Spyware • Firewall • Files / Registry • Custom Rules • Peer-to-Peer Applications • OS/Patch Level

Distributed Wireless IDS Analysis

The BlueSecure WIDS is integrated into vWLAN and is used to identity and contain rogue APs and a host of WLAN DoS and spoofing attacks that threaten the security of your network.

The AP contains an analysis engine, which pre-processes wireless data and then sends event reports to vWLAN appliance thereby minimizing the uplink bandwidth requirement and offloads the vWLAN appliance from performing the analysis on the raw data. The APs can run in full time W-IDS mode to identify behavior based attacks or part-time mode where it can identify network events.


_________________________________________________________________________________________________________________________


Convergence Results in a Simple, Higher Performance Network

vWLAN tightly integrates with the wired network to guarantee wired-equivalent performance for high bandwidth and time sensitive applications. Adding vWLAN to your existing network is a simple plug-in rather than requiring time-consuming reconfigurations.

All data traffic in the system is handled by the APs and switched directly onto the layer 2 network. If the user’s role specifies a particular VLAN, their traffic is tagged appropriately.

vWLAN has a concept of “locations” which is defined as a unique subnet and VLAN id combination. Here are a few examples of locations:

Location 1: Subnet: 192.168.100.0 mask 255.255.255.0 VLAN id: 0



The locations can be pre-configured through the management UI or automatically discovered by the AP through probing the switch port where they are connected. A location can be assigned to one or more APs.

Once clients are assigned to a role, the role places the user into a particular location. If the client is associated to an AP that supports the user’s location, their traffic is switched directly onto the network. If the AP does not support the user’s location (i.e. the AP doesn’t have access to the VLAN), the client’s traffic is tunneled to an access point that has access to the location.

vWLAN provides high-performance subnet roaming so that users can roam anywhere (keeping their original IP address) and continue passing traffic without interruption. Subnet roaming is handled by tunneling traffic between APs rather than forwarding traffic to a central controller. All user traffic from their original subnet is forwarded to the client, regardless of where they are on the network.

Seamlessly Roam to Anywhere

The thoughtful design and distributed nature of vWLAN made it both possible and easy to support highly versatile and complex deployment scenarios with amazingly simple configuration, planning and integration effort.

vWLAN™ enables wireless users to truly ‘be anywhere’ and still have access to their native VLAN or home network without requiring any complex integration or switch configuration.


_________________________________________________________________________________________________________________________


vWLAN tracks user location and session information at the AP level to guarantee seamless roaming, whereever the client roams. Seamless roaming means that a client’s security key material and role information is present in the roamed-to AP before the client arrives at the AP thus the client maintains their authentication state and IP address.

In this example, the client is assigned location 1 based on their assigned role (i.e. Student). Location 1 was learned by AP2 to be 192.168.51.0 on VLAN 51. When the client roams from AP-2 to AP-5, the vWLAN knows that AP-5 doesn’t support location 1 and therefore must tunnel the client’s traffic back to AP-2.

vWLAN Appliance

Trunk Port - Native 50 / Tagged 51-54

Native 50 AP-1 AP-2

802.1q Switch

Remote x.x.x.x/24 Network 1

Layer 3 Router

AP-7AP-6

AP-5Net-3

Net-2

Net-1

Remote x.x.x.x/24 Network 2

Layer 3 Tunnel

Layer 3 Roam

Client X SessionInfo



vWLAN leverages its integrated RF management functionality to detect and organize adjacent APs into groups called vNeighbor clusters. vWLAN proactively shares client information between APs in the vNeighbor cluster (roles, 802.1x keys and session information). The innovation around vNeighbor guarantees scalability, as a client roams between APs, the vNeighbor cluster follows the client, updating newly adjacent APs and removing the session information from the non-adjacent APs.

High Availability With Less Complexity The vWLAN high availability approach is both unique and innovative. It allows customers to have the confidence to deploy large wireless networks without the concern of a service disruption. This high availability design guarantees zero-packet loss for users in the system during a failover event. The 1+1 high availability scheme is based on installing both a primary vWLAN appliance with a Hot-standby vWLAN appliance. Both vWLAN appliances can be deployed anywhere as long as the


_________________________________________________________________________________________________________________________


access points have Layer 3 connectivity to the appliances (same building, across campus or over the Internet.)

In the event the primary appliance is unreachable by the Bluesocket APs, the APs establish a connection to the Hot-standby appliance and automatically sync existing client information to provide seamless failover. The users are totally unaware a failure occurred in the system. When the primary appliance is back online, the APs transition from the hot-standby appliance to the primary appliance, againwith no packet loss from the end user’s perspective. The hot-standby appliance is licensed as a high availability appliance. The high availability system uses the same appliance and provides the same number of APs as the primary appliance. The high availability license forces the hot-standby appliance to only operate in failover mode. The high availability scheme can also be used for seamless software upgrades to the system. Instead of scheduling a maintenance window to perform a software upgrade, the hot-standby appliance can be upgraded and then a forced failure can be performed on the primary appliance where all the APs transition to the hot-standby appliance. After the primary is upgraded, all the APs automatically return to the primary appliance – again without disruption to the user.

Distributed Quality of Service vWLAN supports quality of service at the edge, of which there are four main components: Bandwidth Management, Packet Prioritization, Over the Air Fairness, and Packet Remarking.


_________________________________________________________________________________________________________________________


Bandwidth Management vWLAN provides granular bandwidth management at the AP including:

• Ability to limit bandwidth on a per user basis • Ability to limit bandwidth in the downstream (to the client) direction • Ability to limit bandwidth in the upstream (from the client) direction

WMM/ Packet Prioritization When WMM (WiFi Multimedia) is enabled, 802.11 frames contain a prioritization based on application. It is useful to prioritize and assign wireless traffic to certain roles. The Access Point prioritizes traffic based on the input wired packet QoS tags (either 802.1p or DSCP or the greater of the two), or can prioritize to a static value.

Airtime Fairness Bluesocket’s Airtime Fairness is integrated into all of its 802.11n APs. This algorithm guarantees that bandwidth is shared among clients in a mixed environment (legacy a/b/g and 802.11n clients) providing optimal network performance. The Airtime Fairness algorithm factors in the user’s role when determining fairness. If the administrator would like to “bias” users in a particular role higher than users in another role, the algorithm uses the bias when allocating tokens for transmission. For example, an administrator could de-prioritize traffic for guests allowing corporate users more airtime to send wireless traffic.

Packet Remarking Packet remarking is useful when the upstream network (i.e. switches/routers) are CoS aware of 802.1p or DSCP. 802.1p uses the VLAN header to apply a priority on a packet (0-7 where 7 is highest priority). DSCP uses the IP header to apply a priority on a packet (0-63, where 63 is the highest). Alternately, the administrator can choose to set a static 802.1p or DSCP mark for all traffic in the role. This is useful for Roles like IP Phones or other voice devices.

Simplification through Integration vWLAN was designed with simplicity as a key design goal because Bluesocket believes that managing your WLAN solution should not require a lot of time. vWLAN has integrated guest access, management and reporting, as well as a host of other services.

Integrated Guest Access

Unlike traditional networking equipment that requires 3rd party products for Guest Access, vWLAN includes a fully integrated guest access solution. Guest accounts can be created by any staff member in an organization authorized to do so. Staff members could include receptionists, hotel staff, event organizers etc., all of whom could access the system and create Guest accounts – and print receipts for them. The administrator accounts reside in the vWLAN appliance and the privileges can be setup to allow the guest admin to create only guest accounts (all the other vWLAN configuration is hidden from them). A super-guest admin can then run reports based on the guest accounts that were created.


_________________________________________________________________________________________________________________________


Reporting Unlike traditional networking gear that has little persistent storage (NVRAM), and relies on remote syslog servers for report generation, vWLAN stores historical data for long-term report generation. Example reports are:

• Bandwidth Reports (per User or Role) • User Reports (per User/MAC/IP, Role, SSID, or AP) • Inventory Report • Guest Access Creation and Usage Reports • System Performance over Time Report

RF Management Bluesocket’s integrated RF management functionality ensures that your entire WLAN system is appropriately setup with a balance of channels and power. RF management reduces the effort to setup and maintain your wireless network. The system detects any non-optimal environmental conditions such as:

• General interference or noise • Co-channel interference introduced by a neighboring AP • Loss of connectivity to an AP • Poor wireless client characteristics (low RSSIs, multiple failures or retries) • High user load

and either automatically adjusts the RF parameters or provides the administrator with a list of recommended changes. RF management accounts for both 20Mhz and 40Mhz wide channels when performing its calculations.


_________________________________________________________________________________________________________________________


Summary of Solution Benefits Bluesocket's next-generation vWLAN™ architecture unifies wireless and existing wired networks to produce a truly integrated and optimized networking solution. vWLAN™ enables customers to dramatically reduce the cost of deploying and operating large-scale Wi-Fi networks while providing wired-equivalent performance to wireless users, with seamless roaming and enterprise-class security and policy management. vWLAN™ architecture was designed around a concept of simplified scalability. In the era of wireless advancements including 802.11n, voice, and larger wireless networks, maintainability and total cost of ownership are at the forefront of new network designs. vWLAN™ removes the complexities of dealing with controller capacity by centralizing the management and control functions. Further, security and mobility are distributed at the edge of the network, the logical placement in networks that are designed for scalability and high availability. Adding additional access points to the vWLAN™ system is as easy as installing a Bluesocket software license, which extends coverage to thousands of APs without needing to worry about controller capacity. Bluesocket’s robust security architecture was integrated into vWLAN™ providing network access control (NAC), authentication server integration, enhanced guest access, and policy enforcement. These security features were optimized for performance and scalability. vWLAN™’s identify-based access control removes restrictions that were part of traditional WLAN solutions and provides more flexibility in managing wireless access. vWLAN™’s distributed mobility solution handles subnet roaming at the edge, while its sophisticated control software works at the core to determine the optimal tunneling endpoint and guarantees seamless mobility. The algorithm incorporates intelligent tunnel load balancing, a subnet discovery protocol (SDP), and even a mechanism to detect and accommodate for misconfigurations in the wired infrastructure to guarantee that wireless users can always access the network. The APs incorporate Bluesocket’s award winning fairness algorithm to provide optimal voice performance in a mix mode deployment. WLAN systems, especially in large campus environments, are expected to provide minimal downtime as they support a significant number of users and critical applications. vWLAN™ addresses this requirement by providing a seamless, high availability solution that is transparent to the wireless users (with zero packet loss) while also providing flexible deployment options. vWLAN™ provides a flexible solution that can operate in multiple deployments from a branch office to a large campus environment while offering low cost of ownership and optimal performance. Remote offices deployments are demanding more from the WLAN networks and vWLAN™ responded by integrating flexibility into the security and data forwarding modules. Finally, the integrated management module provides a rich set of visual tools for analyzing the state of the system and troubleshooting internetworking issues. The integrated management solution includes location maps, health summary, enhanced reporting, notifications, and summary of the overall RF environment.


_________________________________________________________________________________________________________________________


vWLAN™ architecture is a combination of Bluesocket’s core strengths in WLAN infrastructure and its vision of next-generation WLAN systems. The 802.11n market demands more than can be offered from traditional WLAN systems and Bluesocket has responded with this highly innovative solution.

adtran’s virtual about the denver center wireless lan ... · cost-effective solution and we ......

Documents