ast-0041266 2011 wi-fi challenge with links

8/6/2019 AST-0041266 2011 Wi-FI Challenge With Links

1/23

Network World and Robin Layland present

2011

The 2011 Wi-Fi ChallengeEnterprise Suppliers Respond to the Mobile

Multimedia Frenzy


2/23

The 2011 Wi-Fi Challenge

2

Introduction:Enterprise WLANs on Trackto Displace Ethernet..3

Professional Opinions Disclaimer:

All information presented and

opinions expressed in this

report represent the currentopinions of the author(s)

based on professional

judgment and best available

information at the time of the

presentation. Consequently,

the information is subject to

change, and no liability for

advice presented is assumed.

Ultimate responsibility for

choice of appropriate

solutions remains with thereader.

Contact:

Robin LaylandLayland Consulting(860) 561 - [email protected]

Copyright 2011 RobinLayland / Layland Consulting

Enabling the Mobility Experience....6

Enabling Effortless Wireless

Mobility...............................................9

Overlay vs. IntegratedWIPS Architecture............................12

Less Worry, More Intelligencefrom the Wireless Pioneer...............15

The Evolving Network Edge............18

Aruba Move...................................21


3/23

3

The tide is turning as Wi-Fi starts to edge out Ethernet as the primary LAN access network inmany enterprise organizations. A confluence of factors is driving the trend toward WLAN access:

Theuser/employee expectation of always-on mobility is shifting network traffic off ofwired networks and onto WLANs.

High-speed 802.11n network infrastructures can handle near-Ethernet connectrates. Some of the newer dual-mode access points, for example, support three spatialstreams per radio and deliver 900Mbps connect rates (with actual throughput roughly halfthat).

The price for some 802.11n equipment has fallen to 802.11g price levels. Offeringup to an eight-fold capacity improvement over 802.11g with no price premium, 802.11nhas become the default, go-to wireless LAN of choice.

A bevy of Wi-Fi-enabled consumer-grade mobile devices is hitting enterprisenetworks. 802.11n backbones are arriving just in the nick of time to support them and

the flood of traffic they create. Employees often use smartphones and, increasingly,tablet computers for both personal and business activity, creating unstoppable trendsknown as the consumerization of IT and bring your own device (BYOD). Whether theemployee buys the device, saving the enterprise capital dollars, or whether its purchasedby IT, users get a far better experience with Wi-Fi than with a slower cellular data networkwhen running todays high-bandwidth applications.

Many mobile applications contain video and multimedia components. Theapplications are often collaborative and sensitive to transmission delays, jitter and packetloss. Yet they are quickly joining the enterprise WLAN thanks to IT consumerization andBYOD trends.

Todays enterprises want their mobile networks to mirror many traits of wired Ethernet networks,

of course. Yet with all these trends afoot, new challenges arise in the delivery of consistent andreliable mobile performance, security, and policy enforcement.

What the WLAN Vendors Are Up To

For the vendors behind the curtain, achieving Ethernet parity with Wi-Fi is a tough nut to crack.The RF medium is shared among all users connecting to a given AP. It is also prone to co-channel interference from other Wi-Fi devices and non-Wi-Fi devices legitimately sharing Wi-Fisunlicensed 5GHz and 2.4GHz frequency bands. Voice calls nail up bandwidth for the duration of

By Robin LaylandPresident

LaylandConsulting

Enterprise WLANsOn Track to

Displace Ethernet

Vendors bolster Wi-Fiarchitectures, security,

management

By Joanie WexlerAnalyst/Editor

Joanie M. Wexler& Associates


4/23

2011 Wi-Fi Challenge

4

sessions, lowering the number of users who can connect to the AP. And Wi-Fi has moved beyondjust conference rooms and public areas into mainstream workspaces. Broader coverage plushigh-bandwidth applications creates a need to install APs in a fairly dense fashion. Consequently,enterprise-class vendors are hard at work building tools and tweaking their architectures toachieve some or all of the following:

Add capacity to APs while building in transmission power control capabilities for properoperation of high-density WLANs. High-density WLANs involve installing many more APsfor spectrum reuse and greater capacity. However, having more APs closer to oneanother can also increase co-channel interference if power levels arent tuned just right.

Avoid traffic bottlenecks by distributing data plane functions and, depending on vendor,some control plane functions to APs

Identify and eradicate interference and its sources

Enable converged management and policy-setting across Wi-Fi and wired Ethernetenvironments to lower operational expenses (opex)

Reinforce quality of service (QoS) capabilities with features above and beyond those inthe IEEE 802.11e set of QoS standards to handle real-time and streaming traffic on theWLAN

Offer flexible management and control options that include virtual machine (VM)alternatives both in on-premise virtualized servers and as cloud services. Virtualizationcan simplify operations and reduce capital expenses (capex).

Provide access control capabilities that offer visibility into the mobile device, user, andthe location of the user attempting to connect to the corporate network and apply policyaccordingly

Monitor the full spectrum of airwaves to detect and mitigate possible intrusions andperformance problems

Address the branch-office needs of companies with large numbers of distributed siteswith simpler WLAN setups and protection against WAN failures

These are currently the areas where the suppliers attempt to differentiate themselves from theircompetitors. The 2011 Wi-Fi Challenge serves as a kind of "cheat sheet" that you can use tocompare what the respective vendor participants are focusing on and get an idea of their primarystrengths.

Our Challenge to the Industry

So that you can learn specifically what the major enterprise-class vendors are doing to achieve

these goals and to help you evaluate potential 802.11n suppliers for your organization, we havebrought together six leading enterprise-class 802.11n network system vendors:

AirMagnet/Fluke Networks Enterasys Networks Aruba Networks Hewlett-Packard Cisco Motorola Solutions


5/23


5

We have challenged these companies to articulate to you, in the following pages, why they should beyour enterprise-class Wi-Fi vendor. Though every network has a unique set of challenges, and thevendor responses here can't address every possible nuance, responses to this challenge shouldeducate you about each vendor's primary value proposition.

This document is just one part of The 2011 Wi-Fi Challenge. We also encourage you to listen tothree audio panel discussions among the participating vendors, moderated by Network WorldWireless Alertauthor Joanie Wexler, on the following topics:

High-Density Design Amid the Mobile Explosionwith Jim Florwick, TechnicalMarketing Engineer at Cisco, and Rob Haviland, Technical Marketing Engineer atHewlett-Packard

The Mobility Free-For-All: Controlling Access to Your Networkwith OzerDondurmacioglu, Product Marketing Manager at Aruba Networks, and Mike Leibovitz,Product Manager for Wireless LANs at Enterasys Networks

Maintaining Consistent Wi-Fi Performance in Fickle RF Environments, with JesseFrankel, AirMagnet Product Marketing Manager at Fluke Networks, and Manju Mahishi,Director of Wireless Products Strategy at Motorola Solutions

These audio Webcasts are all accessible at the 2011 Wi-Fi Challenge Web site at Network World. Inaddition to the audio format, there is also a text transcript for each discussion available for downloadat the Web site.

Read, Listen, and Learn

We invite you to peruse the following documents, provided by the six Wi-Fi vendor participants, whichsum up their primary competitive differentiators. We asked the vendors not to address all the issues butinstead to concentrate on what they think are the most important ones and where they excel comparedwith their competition. The next step for you is to read and/or listen to what they have to say, thencontact them about issues you consider important that they didnt mention. Let them explain how theycan help you build a high-density 802.11n network that meets your performance, security, and

management requirements.


6/23


6

Enabling the MobilityExperience:

The Cisco Advantage

By Jake WoodhamsSenior Technical

Marketing ManagerCisco

We increasingly work, live, play, and learn in a world with no boundaries. The explosion of mobiledevices and technologies has changed expectations for enterprise network connectivity and hasplaced new demands on IT departments to embrace consumer devices led by the iPad. The borders ofthe workplace experience blur as globalization creates the need for partners, customers, andemployees to connect across traditional boundaries from a variety of environments and devices.Indeed, these technologies demand a mobile Borderless Networks experience that securely, reliably,and seamlessly connects people, information, and devices.

With more than 15 years of wireless experience, over 700 wireless engineers, 50 IEEE 802.11 activemembers, 141 granted patents, 272 patents pending, a growing list of customers and partners, and 60percent market share, Cisco is the leader in enterprise mobility. Cisco Borderless Networks delivers onthe mobile experience through a rich system of features that support a comprehensive, end-to-endmobility architecture. Cisco Borderless Networks provide:

Figure 1. The Benefits of Cisco Mobility Architecture

Pervasive, reliable, andscalable wireless coverage

Rich media andcollaboration experiences

Consistent, policy-basedaccess and granularcontrol over devices andusers across a unifiedaccess layer

Converged user andaccess management forunified access networks,with complete lifecyclemanagement

Together, these end-to-end architectural elements deliver a rich mobility experience for any user, onany device, at any time, and from anywhere (Figure 1).


7/23


7

Pervasive Connectivity

No architecture can stand without a strong foundation, and in the mobility world, this means a strongfoundation layer of RF excellence to meet the requirement for pervasive, reliable, and scalablewireless coverage. Cisco builds this foundation from the ground up, constructing it from best-in-class,

purpose-built radio hardware and innovative suites of features including Cisco CleanAir, Cisco radioresource management (RRM), and ClientLink technologies.

Cisco is also the only vendor in the industry that designs its own access points from scratch, usingenterprise-class silicon, custom-designed antennas, and well-engineered RF designs. From over adecade of experience and leadership in RF and 802.11 wireless technology, Cisco knows theimportance of this relentless focus on the highest-quality engineering and attention to detail. The Ciscowireless experience is fundamentally better because Cisco builds better access points.

Cisco CleanAirCisco CleanAir technology comprises a suite of systems-level features that use powerful, purpose-builtASICs in Cisco access points to provide proactive interference management, taking into account allpossible scenarios of RF interference and providing constant spectrum insight.

Interference can be characterized as bandwidth robbing, show-stopping, or/and malicious. To trulyprovide a proactive spectrum management solution that can detect all three types, the solution mustalways be ready to detect a problem and either avoid the source automatically or provide theadministrator with an alert about the issue. Ciscos CleanAir solution addresses all three of theseinterference categories with automatic detection, granular classification, location, and mitigationcapabilities. Furthermore, because it is ASIC-based and purpose-built, Ciscos CleanAir technologycan provide simultaneous dual-band spectrum analysis and data service for wireless clients, withoutany performance impact or need for external sensors.

Radio Resource ManagementComplementing CleanAir technology is Ciscos radio resource management (RRM), which constantlysamples the RF environment and then runs back-end calculations and algorithms that dynamicallyassign the best channels to access points, set access point transmit power, and mitigate coverage

holes. RRM is dynamic and responsive to the ephemeral nature of RF. RRM is also transparent to thenetwork operator and administrator, keeping the WLAN working optimally without laborious overhead.

Cisco ClientLinkCisco ClientLink uses implicit beamforming technology to maximize the perceived signal at the clientdevice so the client can stay connected at a higher data rate. ClientLInk offers three critical benefits:better throughput for the client device, more total system capacity, and more consistent coverage.

Rich Media and Collaboration

Cisco has implemented built-in application awareness for voice and video content to automaticallyrecognize and prioritize voice and multimedia applications. Session Initiation Protocol (SIP) sessionsnooping allows the controller to inspect SIP messages and then automatically recognize and prioritizethe appropriate Real-Time Transport Protocol (RTP) streams for the voice traffic. This allows voice-based applications that dont mark their packets to automatically receive priority. The actual SIPsnooping occurs in the wireless controller while the real-time processing and re-marking of voicepackets occurs at the access point. By processing and re-marking voice packets at the access point,voice packets are correctly prioritized starting at the edge of the network, allowing for proper handlingend-to-end and enabling greater efficiency and scale.


8/23


8

Cisco VideoStream technology automatically prioritizes the video streams at the access point basedon Video Admission Control settings. By default, the feature will re-mark multicast video flows into theWi-Fi Multimedia (WMM) video queue until the channel utilization limit is reached for video traffic. Theadministrator can then either configure VideoStream to allow additional video clients onto the networkusing the WMM best effort queue or deny any additional streams to reserve some bandwidth for data.

Ciscos multicast delivery mechanism enables video packets to be delivered efficiently over the wiredand wireless network.

Policy-based Access and Control

Cisco supports unified policy creation and provisioning for all network access scenarios. The mobilityarchitecture simplifies and centralizes policy creation, management, and troubleshooting, and providesan all-in-one access and policy platform streamlined for operational efficiencies. With this solution,Cisco can provide user-based policies for devices and users, assigning them network accessattributes that control what can be accessed on the network as well as specific levels of quality ofservice. When access control is enhanced with the Cisco Identity Services Engine (ISE),administrators gain the ability to control access dynamically, so that they can respond to specificevents, such as a device being profiled.

Converged User and Access Management

The final dimension of Cisco Borderless Network Architecture delivers converged user and accessmanagement for unified access networks, with complete wireless lifecycle management using theCisco Prime Network Control System (NCS) platform. NCS is the next phase in evolution for Ciscosindustry-leading Wireless Control System (WCS) management product, expanding from a wirelesssystems-level focus, to a user- and endpoint-centric management approach. WCS already includes acomprehensive set of tools for managing the complete lifecycle of Cisco wireless networks, includingplanning, deployment, monitoring, troubleshooting, and reporting. NCS builds on and enhances thisfunctionality by introducing complete visibility into endpoint connectivity, regardless of the deviceaccess method or location. NCS also includes flexible dashboard views, guided workflows, and built-indiagnostic tools based on comprehensive, actionable information.

Demonstrable Leadership

Cisco delivers pervasive, reliable, and scalable wireless coverage through best-of-breed RFtechnology based on purpose-built radio hardware and suites of features like ClientLink, CleanAir, andRRM technologies. Cisco brings pervasive, consistent policy-based access and granular control overdevices and users across a unified access layer through a tiered solution enhanced by Cisco ISE. Therich media and collaboration experience is enabled on the Cisco network through built-in applicationawareness and Cisco VideoStream. Finally, Cisco empowers IT administrators to manage theBorderless Networks mobility experience with a user- and device-centric approach to management viaNCS. For all these reasons, Cisco is the best choice to enable a rich borderless mobility experience.

For more information about the Cisco solutions described here, please visit:http://www.cisco.com/go/wireless


9/23

9

Enabling Effortless

Wireless Mobility

HP Addresses OverwhelmingPenetration of Wi-Fi Devices

on the Network

ByKevin Secino

Mobility Product MarketingManager

Brian GreenbergGlobal Competitive

Intelligence Manager

Hewlett-Packard

Why HP Networking

HP is changing the rules of networking as the only vendor that harnesses the power of a converged infrastructureto deliver a common architectural approach across the data center, campus, branch and cloud.

HPs FlexNetwork Architecture, which is the industrys first network architecture unifying the data center, campus,branch and cloud, supports a converged infrastructure which is key to an Instant-On Enterprise. With an Instant-On Enterprise, technology is fully embedded to accelerate time to value. It is where enterprises and IT innovatetogether to deliver value instantly to customers and citizens at all the points that matter. Behind the scenes, theInstant-On Enterprise streamlines everything that is required to deliver a service.

Clients recognize the imperative: Our research tells us that 85% of technology and business leaders saytechnology needs to be embedded in their enterprise in order for them to succeed. In a world of continuousconnectivity, the Instant-On Enterprise embeds technology in everything it does to serve customers, employees,partners and citizens with whatever they need, instantly. The Instant-On technology consists of:

HP Application Transformation: Solutions gain control over aging applications and inflexible processes.

HP Converged Infrastructure: Breaks through traditional, rigid IT silos to drive out costs, providing thefoundation for agile service delivery, while delivering the data center of the future.

HP Enterprise Security: Solutions protect the entire IT infrastructure by addressing all aspects of security:people, processes, technology, and content.

HP Information Optimization: Harnesses the power of information, ensures its integrity, and delivers it inthe context of the enterprise.

HP Hybrid Delivery: Solutions enable clients to select the best method of service delivery for themwhether it be traditional, private cloud, and/or public cloud.

HPs comprehensive solution includes servers, storage, powerand cooling, management software and

networking. Networking plays a vital role in a converged infrastructure, and HPs integrated wired/wirelessapproach delivers measurable business value. This is especially true when it comes to wireless infrastructure.

From Wi-Fi smart phones to handheld devices, the demand for Wi-Fi access is growing in enterprise settings.Enterprises are adding improved Wi-Fi capabilities, and some are making wireless LANs the primary or defaultaccess technology at the edge of the network. To address these trends, HP Wi-Fi solutions - part of HPsFlexCampus solution - provide improved service level agreements (SLAs) with wire-like service delivery thatdoubles the number of users per access point and provides up to 50% improvement in performance. Forexample, HD videoconference sessions are improved by 50% from 10 video sessions to 15 via the new family ofMSM460/466 access points.
http://www.hp.com/go/applicationtransformationhttp://www.hp.com/go/cihttp://www.hp.com/go/securityhttp://www.hp.com/go/informationoptimizationhttp://www.hp.com/go/cloudhttp://www.hp.com/go/cloudhttp://www.hp.com/go/informationoptimizationhttp://www.hp.com/go/securityhttp://www.hp.com/go/cihttp://www.hp.com/go/applicationtransformation


10/23


1 0

Maintaining high-qualitywireless sessions using somevendors equipment places a

tremendous burden on thenetwork as more video, voiceand higher bandwidthapplications join the network.Without the correctinfrastructure in place, awireless LAN network risks aninconsistent user experiencethat increases operationalcomplexity and creates gaps inaccess enforcement andsecurity while constrainingbudgets and addingheadcount to support thenetwork.

Optimizing the UserWi-Fi ExperienceMany wireless LAN vendorssell separate equipment,software and tools for wired and wireless environments, placing extra management, costs and training burdens onenterprises. HP, by contrast, offers integrated wired and wireless networking solutions through IMC (IntelligentManagement Center) for large enterprise environments and with PCM+ and Mobility Manager for mid market enterprisecustomers providing single pane of glass wired/wireless device management.

The increase in wireless users and the number of Wi-Fi clients that are being deployed over a wireless LAN, in addition tohigher bandwidth applications, have the ability to degrade the overall user experience. HPs optimized WLAN architecturegives customers the choice of either centrally controlling network traffic or distributing network traffic with intelligentaccess points at the edge of the network.

This architecture enables customers to choose how they want to address application delivery, whether centralized ordistributed, via the same access point. Having the flexibility to distribute network traffic is important especially when usinglow-latency applications such as voice traffic. The ability to choose the best distribution model is key to network efficiency;for example, voice traffic can be processed at the edge of the network, which is faster than competitive architectures thatrequire the traffic to flow back to a centralized controller before being redistributed. In addition, industry compliancy isaddressed: Mandates such as PCI DSS (Payment Card Industry Data Security Standards) require that sensitive financialdata be directed to a centralized controller. HP provides either centralized or distributed distribution methods providingthe customer flexible data distribution choices.

HP set the benchmark for 802.11n performance this year with the launch of the industrys first three-spatial stream802.11n dual-radio access points. The new HP E-MSM460 and HP E-MSM466 dual-radio 802.11n APs deliver neargigabit-speed connect rates to Wi-Fi client devices and offer superior range, density and coverage. These traits add up to

unmatched performance and reliability for todays on-the-go workforce. The product family also provides a solidfoundation for current and future bandwidth-intensive, delay-sensitive applications while preserving full compatibility withlegacy 802.11 clients and existing HP wireless controllers.

HPs Key Differentiators

Three spatial-stream MIMO for industry-leading throughput. HP offers three-stream 900Mbps dual-radioAPs at the same price as competitive two-stream 600Mbps dual-radio products.

Closed loop beamforming for improved coverage with less transmission overhead. HP supports standards-based 802.11n closed loop explicit beamforming to improve RF coverage areas and reduce roaming dead

Optimized Architecture Using Distributed Intelligence


11/23


1 1

spots while reducing transmission overhead. Beamforming provides a more reliable and predictable userexperience and offers customers greater choice and flexibility in networking solutions.

Band steering for optimal WLAN performance. Most enterprise access points contain two radios. Typicallyone radio is set to 5GHz for 802.11a/n clients and the other is set to 2.4GHz for 802.11b/g clients. By default,many clients are configured to prefer the 2.4GHz band. HP supports band steering to automatically andtransparently direct 5GHz-capable clients to the higher-performing, less-congested 5GHz band. Band steeringincreases wireless network capacity and helps solve client density issues by reducing the number of clients inthe crowded 2.4GHz space. It also improves performance for clients that remain on the 2.4GHz network.Band steering can be implemented quickly and easily since it requires no client-side configuration.

Concurrent operation in 5GHz band. HP E-MSM466 802.11n dual-radio APs support the concurrentoperation of both radios in the 5GHz band. Concurrent operation in the 5GHz band improves noise immunity(fewer sources of interference), increases channel availability, enables greater utilization of 40MHz channelsand supports higher density/high bandwidth deployment models for improved performance that enables awide range of mission critical applications to operate over Wi-Fi infrastructures.

Optimized WLAN architecture. Any HP E-Series 802.11n dual-radio AP can be deployed as an integralcomponent of HPs next-generation non-blocking WLAN architecture. The architecture enables optimalapplication delivery, with low impact on the wired core, no single point of failure or performance bottlenecks,cost-effective scalability and strong investment protection.

Built-In Intrusion Prevention

HPs approach to protecting the wireless LAN from security intrusions is through the implementation of a dedicated RFsensor. This approach guarantees 24x7 intrusion prevention and is highly efficient. Using dedicated sensors, accesspoints are designed to provide the optimum in client connectivity performance versus other vendors who implement RFscanning techniques via the same access points that provide client connectivity. This multitasking method limits clientconnectivity performance and does not provide an optimum user experience. HPs RF Manager 6.0 Wireless IDS/IPScombined with the deployment of dedicated E-MSM415 IEEE 802.11n wireless sensors enables enterprises to benefitfrom 24/7 wireless protection. Other vendors who share the security detection and support Wi-Fi clients on the sameaccess points are prone to client interruption and network performance degradation.

HP also offers a compelling TCO story. In a study conducted by IDC in the fall of 2010, HP LANs were shown to reducecosts by 66% as HP equipment provided a more stable environment than competitors with newer technology, lessfrequent equipment failures, better ease of use and reduced complexity. Customers receive cost benefits such as theability to save capital through better network utilization including fully active links that help avoid the cost of overprovisioning. They can also save on soft costs with lower total support costs. HPs industry leading lifetime warranty withnext-business day replacement and support options can help reduce the lifetime cost of a customers network. In additionto this, HP products deliver higher density with less power, and half the energy consumption when compared tocompetitors.

The proliferation of tremendous volumes of Wi-Fi client devices being introduced into the network requires that thenetworking infrastructure support this ongoing trend. For large enterprise mobility environments, customers can chooseHPs A-Series mobility solutions and specifically the A7500/A9500, which supports greater than 7000 access points perchassis. For the mid market enterprise customers HPs new family of MSM460 and 466 access points support more Wi-Fidevices, while providing additional range and performance. Both of these solutions provide enterprises with an optimizedarchitecture that scales and provides flexible distribution models as part of HPs FlexNetwork and the FlexCampus,

protecting investments today with tomorrows technology. Altogether this enables a network to be future proofed for thewave of new Wi-Fi devices being deployed. As a leader in mobility offerings, HP is helping customers mitigate the Wi-Fichallenges today and is the only vendor delivering best-in-class, unifed wired/wireless networking as part of a convergedinfrastructure.

_______________________

For more information about HP Networking and HP Networkings Wi-Fi solutions describedhere, please visit:www.hp.com/networking.
http://www.hp.com/networkinghttp://www.hp.com/networkinghttp://www.hp.com/networkinghttp://www.hp.com/networking


12/23

1 2

Overlay vs. IntegratedWIPS Architecture

The Debate Continues

By Chia-Chee

KuanCo-Founder &CTO

AirMagnet

A well-known best practice in enterprises is to take a layered, defense-in-depth approach to network security toguard against different kinds of attacks and intrusions. Like its wired counterpart, the wireless LAN (WLAN)

also requires multiple security layers to be most effective. One of these layers is a wireless intrusion preventionsystem (WIPS).

As wireless networks have evolved, so too have the systems designed to monitor and secure them. Today, aWIPS is a critical component for any enterprise running a high performance, secure WLAN. However, the bestapproach for implementing WIPS is a hotly debated topic.

There are several different ways to deploy these monitoring systems. First, WIPS functionality can be builtdirectly into your wireless LAN infrastructure (such as the APs) this is the integrated approach. Alternatively,WIPS can run as a standalone, dedicated security system from a third-party specialty company this is theoverlay approach. An IT department needs to understand the tradeoffs so it can appropriately balance theorganizations risk profile, depth of security required and budget, as it builds an effective, comprehensivewireless security strategy.

Tradeoffs to Consider

AirMagnet strongly believes in the defense-in-depth strategy and, therefore, designed a dedicated overlayWIPS solution. Because an AP has limited resources, a number of key capabilities simply arent supported inAPs acting as part time sensors using the integrated approach.

Some of the issues with this integrated approach include:

APs can only scan traffic for less than one second each minute, so they miss information

APs cant serve traffic and block an intrusion at the same time, so there are tradeoffs to performancefor security, and vice-versa

Since APs arent listening 24x7, they cant see problems that occur over time and cannot gather

enough information to meet compliance auditing requirements APs can only scan legal, licensed wireless channels and cant see dangerous activity on the 5 GHz

extended channels where malicious devices can hide

Many of these shortcomings can be attributed to the use of a time slicing technique in integrated WIPSapproaches. When implementing time slicing, wireless APs pull double-duty, as APs forwarding traffic and assecurity sensors scanning the air for anomalies.


13/23


1 3

Dedicated WIPS overlay networks, by contrast, are generally the most secure option. They remediate theissues with time slicing, missed events and other common problems encountered with integrated approaches.

Dedicated systems offer capabilities thatgenerally arent available in integratedsolutions. Among these capabilities arethe following:

Comprehensive regulatorycompliance reporting

Forensics for after-the-factanalysis

Event troubleshooting

Fully resilient configuration withautomatic sensor failover to a secondaryWIPS engine if the primary should fail

Recognition of far more threats,

including the most sophisticated andpotentially dangerous ones

AirMagnet Enterprise: Purpose Built for WLAN Security Monitoring

AirMagnets dedicated WIPS system is called AirMagnet Enterprise. It provides simple, scalable WLANsecurity monitoring that enables proactive detection and mitigation of all types of wireless security threats. Thesystem enforces enterprise policies and continuously audits the regulatory compliance of the wirelessenvironment and Wi-Fi users worldwide.

The AirMagnet Enterprise architecture contains unique elements to ensure the most complete independent

detection and remediation of WLAN threats. The system architecture is simple and efficient, consisting of theAirMagnet Enterprise server software and database, and dedicated sensors that monitor and analyze wirelessenvironments in the corporate premises even in areas with no authorized Wi-Fi service.

Each AirMagnet Enterprise sensor is a dedicated, hardened device, which contains no data accesscapabilities.Thus, the sensors dont suffer from the vulnerabities APs may experience when performing limitedWIPS scanning: APs can become victims of malicious activity or attacks that disable them and cause them tostop scanning.

Full Time, Complete, Dedicated Security Detection

The AirMagnet Enterprise intelligent sensors continuously scan every possible 802.11 channel for potentiallydangerous security problems, including the extended channels in the 5 GHz band, which cannot be scanned

by AP devices. The premise is constantly monitored for the presence of any type of unauthorized or roguedevice. The system accurately detects complex attacks that use multi-threaded traffic vectors, which may playout over minutes and would be missed by systems using time slicing security scanning.

AirMagnet Enterprise provides deep WLAN threat detection via the AirWISE intelligence engine that covers allthese important categories of security issues: rogue device detection and mitigation, including access points,stations and ad-hoc devices; denial-of-service (DoS) attacks against APs, stations infrastructure and generic

jamming attacks; known and hybrid attacks using hacking tools such as MDK3, Karmetasploit and derivatives;behavioral attacks; and compliance verification of unauthorized WLAN devices to corporate security policy.


14/23


1 4

Dynamic Threat Update Technology

Dynamic Threat Update (DTU)technology in AirMagnet Enterpriseensures that the corporate premises areautomatically protected against newlydiscovered WLAN security vulnerabilities.

This is far more secure than waitingmonths or longer to receive updates forWIPS functions embedded in APinfrastructure components, which thenrequire significant IT resources andnetwork downtime to deploy. Threatdefinitions are separately loadable, sothey can be automatically installedwithout any disruption to operationsrequiring change control planning.AirMagnet accelerates the developmentof new threat definition modules at thehighest rate in the industry, immediately

brining the benefits of dedicated wirelesssecurity research and developmentefforts to all global users.

Complete Protection and Analysis

The AirMagnet Enterprise architecture provides continuous wireless protection and avoids blind spots. Keycapabilities include the following:

Sensor operation with network/server connection loss: AP-based monitoring systems becomecompletely disabled if connection is lost

Hot standby server configuration for continuous operation of WIPS capabilities

Fully encrypted SSL-based tunnels for highly secure communications among system componentsDetailed compliance reports for regulatory standards including Sarbanes-Oxley, HIPAA, GLBA, DoD8100.2 and many more

Holistic Wireless Lifecycle Integration

AirMagnet Enterprise is part of a complete line of wireless solutions from Fluke Networks, covering the entirewireless lifecycle from planning, to deployment and verification, to troubleshooting and interference and 24x7security and monitoring. AirMagnet solutions allow users to ensure the health, performance and security oftheir wireless LAN from initial planning and deployment to ongoing maintenance and monitoring.

_____________

For more information about Fluke Networks AirMagnet solutions described here,please visit:http://www.airmagnet.comor call Fluke Networks at 1-800-283-5853.
http://www.airmagnet.com/http://www.airmagnet.com/http://www.airmagnet.com/http://www.airmagnet.com/


15/23

1 5

Less Worry, MoreIntelligence from the

Wireless Pioneer

Making Wi-Fi Easy

By Taqi MohiuddinSenior Manager

Product Marketing

Motorola Solutions

Is Your Enterprise Ready?

All Wi-Fi products are not made equal, even though they may seem similar at first glance. Having designed and builtwireless products for over 75 years, weve not only learned a few things but have put that knowledge back into improvingour customers experiences by building robust products that they can rely on. This has allowed us to build wirelessnetwork solutions that can grow and change with your needs. Our solution addresses the key challenges IT departments

face as wireless becomes the primary access method in the enterprise:

1. Increase in the number of devices and traffic on the WLAN

2. Managing security for all of these devices and users

3. Building a dependable wireless network that is always on

Let us show you how to meet these challenges head on and why no other vendor even comes close. Motorola Solutionsmakes it easy for IT departments to build, deploy, and maintain a trusted wireless network that is as reliable and highperforming as their wired networks.

The Architecture Matters!

There is both a rise in the number of devices connecting to

enterprise WLANs and in the number of wireless businessapplications using data, voice, and video. In December 2010,Motorola Solutions conducted a survey of IT professionals workingin companies with more than 1000 employees and learned thatWLANs are used as the main access network in 45% of thoseorganizations. As wireless use becomes ubiquitous, WLANs feelthe strain. Is your organization prepared to handle the flood oftraffic that is coming?

The transition to 802.11n definitely helps in providing greateraccess speeds to users, but how your WLAN is architected makesthe difference between providing your users the great quality ofexperience that they have come to expect and having frustrated

users who experience jitter in their voice and video applications.

Traditional deployments with controllers are based on hub andspoke architectures (see right). In these architectures, lessexpensive thin access points (APs) forward all traffic to thecontroller, which acts as the central point of management andwhere all the network and security policies are defined andenforced.


16/23


1 6

It is easy to see how high throughputs associated with 802.11n, as well as the increase in devices and applications, cancreate congestion and a bottleneck in the network, since all traffic must be forwarded to the controller with centralizedintelligence. Not only does this negatively impact the performance of real-time applications, but scalability is severelyimpacted as the number of controllers increases significantly as do associated costs.

Motorola specifically designed the WiNG 5 architecture to help organizations overcome these challenges and prepare forincrease in WLAN traffic and evolution to 802.11n. Intelligence is distributed between the controller and the APs.

Distributed intelligence allows optimized routing of data internally on the network or to the Internet without having the APsforward traffic to the controller, eliminating the controller bottleneck. Moving the controller intelligence or smarts down tothe APs allows critical decisions to be made locally and for the network to be more responsive to the dynamic nature ofRF environments. The controllers still provide centralized visibility and control of the RF network, but it is freed of the dataprocessing function, allowing it to manage a significantly larger number of APs. In this architecture, because the APs aremore intelligent and able to forward traffic and enforce policies, they can survive the loss of connectivity to a controller.

With this architecture the system becomes highly scalable a single controller can supervise up to 8 times the number ofAPs compared to the traditional hub-and-spoke model. This frees up controllers to focus more on large-scale network andpolicy management as well as other services. Quality of service (QoS) for video and voice applications, security, mobilityand site survivability are all handled at the AP, resulting in a more efficient architecture. With todays powerful chipsets,this is all done without increasing the cost of the APs, resulting in overall cost savings from fewer controllers and lowercosts of maintaining the network.

Security Management

Security not only involves firewalls but also wirelessintrusion protection to ensure the integrity of your WLAN.With WiNG 5 architecture, firewalling is pushed out to theedge. APs are roaming-aware and stateful, with theability to firewall at Layer 2 and Layer 3. Security policiesare also handled by the AP.

Another important feature is the ability for Motorola APs to providesimultaneous client access and full-time sensing for wireless intrusiondetection and prevention (WIPS) security and troubleshooting. TheAPs provide 24x7 sensing, detection, and mitigation of threats. Sincethe AP can provide access as well as sensing, overall costs ofdeployment, installation, and power are lower as the need fordedicated sensors is eliminated. Networks with distributedintelligence enable real-time troubleshooting and spectral analysis forgreater RF visibility and reduced maintenance costs.

Site Survivability Always On Networking

One of the key benefits of WiNG 5 is site survivability the ability ofAPs to continue to function even when they lose communication tothe controller. The APs continue to bridge traffic while still enforcing

QoS and security policies, including statefully inspecting Layer 2 (locally bridged) or Layer 3 traffic.

Another important effect of this distributed intelligence architecture is that it allows a number of APs to be deployed inremote locations without the need fora local controller. The APs in remote sites coordinate with each other to provideoptimized routing and self-healing functionality and deliver a superior quality of experience for business-criticalapplications. A significant number of branch offices need less than a couple of dozen APs. This means that in mostbranch offices there is no need for additional controller elements.


17/23


1 7

Motorola provides full scalability ranging fromsmall controller-less deployments to largedistributed organizations that have manybranch offices (such as retail, K-12 education,and banking). With the introduction of our NX9000 Integrated Services Controller, you cancentrally control networks of up to 10,000

WLAN APs that are geographically dispersedover many branch office sites. Clusters of upto 24 WiNG 5 APs intelligently handle trafficflows, QoS and mobility without compromisingsecurity while the NX 9000 provides anefficient single point of configuration, policyenforcement, and remote troubleshooting.

WiNG 5 provides multiple levels of resiliency:

AP failure Wired switch failure

Wireless controller failure

WAN outage

Reliable Wireless Operation inDynamic RF Environments

Motorola has integrated several functionalitiesunder its SmartRF umbrella of RFmanagement tools to ensure that the wireless network is resilient to interference and congestion and able to supportvarious multimedia applications with the right quality of experience.

In addition to the ability to automatically tune channel and transmit power levels in response to changing RF conditions orloss of an AP, there are other features that are pertinent to the reliable handling of latency-sensitive applications such asvoice and video:

Spectral Load Balancing. This ensures a well-balanced client distribution across the APs in the network. Weuse a comprehensive hierarchical methodology for client load balancing that takes into account bandwidthand RF utilization characteristics at the domain level.

AP Load Balancing. In addition to client load balancing, Motorola offers the flexibility of AP load balancingacross a geographically collocated or distributed cluster.

The Motorola WiNG 5 Advantage

The future wireless network architecture relies on distributed intelligence to meet the performance demands of the newwireless world without compromising security or QoS while at the same time providing flexibility and simplicity ofdeployment. The centralized hub-and-spoke architecture helped bring more cost-effective 802.11b/g solutions toorganizations. But with increased network traffic creating bottlenecks at the controller and an unreliable user experience,only an architecture that provides fully distributed intelligence at the network edge can provide the full benefits of what802.11n has to offer for the distributed enterprise.

________________

For more information about the Motorola Solutions WLAN solutions described here,please visitwww.motorola.com/wing5or call Motorola Solutions at +1.866.416.8545.
http://www.motorola.com/wing5http://www.motorola.com/wing5http://www.motorola.com/wing5http://www.motorola.com/wing5


18/23

1 8

The EvolvingNetwork Edge

BYOD with Security

By William GlynnSenior Product

Marketing ManagerEnterasys

The Evolving Network Edge

When you talk about the network edge today, youre most likely talking about wireless access. Todaysworkforce is highly mobile, outfitted with an ever-growing assortment of Wi-Fi-enabled devices, and has aninsatiable need for continuous network access.

Consequently, the market is experiencing high growth in wireless LAN deployments throughout all verticalmarkets, including schools, hospitals, warehouses, small and medium-sized businesses, and virtually everyother location where workers or people congregate. Todays business environment requires network accessto be omnipresent as well as reliable, and it must provide strong performance with seamless roamingcapabilities. While wired networking is still an important component of an enterprise network in data centersand other points of aggregation, the wireless edge continues to grow and has become a dominant factor in allnetwork rollouts and upgrades.

Creating a fully integrated, easily managed, and secure WLAN with wire-like performance need not be anexorbitantly costly and time-consuming endeavor fraught with pitfalls and gotchas. Enterasys Wireless

solutions dramatically lower the cost of upgrading indoor and outdoor WLANs so you realize the benefits of802.11n while eliminating unnecessary and time-consuming switch and infrastructure replacement costs.Enterasys solutions deliver these benefits, in part, with the following:

Specialized mounting hardware that leverages existing brackets to streamline installation

Automated AP discovery, configuration, and optimization to reduce installation and start-uptime

Full support for 3x3 MIMO operation with .af power, which eliminates the need to re-cable thePOE infrastructure

Building a Unified Access Layer

Leading IT organizations now demand mobile, transparent, and always-on wired-to-wireless edge services.This new unified access layer requires two components. The first is intelligent access components thatdistribute access control and business service resiliency across the entire infrastructure. Second, thesedistributed access components must be manageable from a single management console to ensureconsistency and minimal management overhead.


19/23


1 9

Enterasys unified access layerportfolio delivers both the distributed

access components andcentralized visibility andmanagement needed to maximizenetwork performance and reducerisks. These solutions provide

scalability and resiliency withminimal dependence on a centralmanagement plane.

The common thread that bindsEnterasys unified access portfoliois Enterasys exclusive automatedrole-based architecture. Uniquely,Enterasys enables multi-userauthentication, authorization,access control, and traffic flowoptimization, ensuring transparentaccess to business services and

unparalleled mobility. Thisautomated role-based provisioningsystem lowers OPEX costs andensures consistent access tobusiness services whether users are plugged into the wall or are untethered and moving freely across thecampus.

Network management is complicated by the fact that most enterprise networks typically comprise both wiredand wireless LANs, which is why Enterasys has taken a leadership role in integrating wired and wireless LANmanagement (see figure). The two network infrastructures can be managed and secured as a single entity tosignificantly simplify network management and deliver ongoing operational cost savings. A hallmark featureof Enterasys solutions is the ability to eliminate the inefficient and time-consuming task of manual, switch-by-switch or controller-by-controller network configuration changes. The benefits are not only efficiency but alsoerror reduction, since manual operations for network configuration changes (e.g., setting up individual telnetsessions to each switch and performing access control list changes and re-ordering) are eliminated.

The Enterasys Wireless Management Suite provides a powerful centralized management platform for theEnterasys Wireless portfolio. As an integrated component of the Enterasys Network Management Suite(NMS), Wireless Manager consolidates configurations across the entire WLAN to provide global managementcapabilities. Integrated security across the wired/wireless network enables quick diagnosis and resolution ofthreats, and real-time, at-a-glance location capabilities detect rogue users and shut down hot spots by exactlocation, addressing a critical enterprise challenge.

One of the biggest strengths of the Enterasys Wireless products is their deployment flexibility. Enterasysprovides complete flexibility over the location of the controller as well as how the WLAN is managed, whichreduces costs, simplifies management, and removes the barriers to deploying a wireless edge. Customerdeployment options include:

A typical on-premise wireless deployment where controllers are collocated in proximity to the accesspoints and self-managed by the customer

A private cloud model where the controller is centralized in the customers data center and self-managed by the customer

A managed services model where the controller is centralized in the customers data center andremotely managed by a managed service provider

Balancing Distributed and Centralized Functions


20/23


2 0

A public cloud/managed services model where the customers controller is located in a providers datacenter as part of a hosted service, which is then combined with a managed service where a managedservice provider remotely manages the controller

The mobile workforce has also had a dramatic impact on the portable device market and has given rise to theconsumerization of IT. The explosion of smartphones and WiFi-enabled devices has led to the popularity ofBring Your Own Device (BYOD) programs, because they enable employees to work from the device of their

choice, increasing employee satisfaction and productivity while decreasing corporate IT CAPEX costs.However, BYOD programs can increase IT workload and pose security challenges. Enterasys Wirelesssolutions can help you manage BYOD programs while dramatically reducing your time, cost, and effort.

Security from the Inside Out

Enterasys has always secured networks from the inside out by securing both the wired and wireless accesslayer together as a single infrastructure. Security concerns dont stop after a user or a device is grantedaccess to the network; a secure network must provide continuous monitoring of the wired and wirelessinfrastructure as well as automatically deal with threats in real time as they arise.

Utilizing an authentication system, network access control (NAC) products, as well as an integratedcentralized management and monitoring system, the Enterasys solution offers complete ability to

automatically enable threat containment and threat mitigation regardless of where or how the user or thedevice is accessing the network. As an example, a personal iPad might be allowed onto the network to gainInternet access but be restricted from communicating with any of the key corporate infrastructurecomponents.

Security is enhanced via the Enterasys role-based policy control, which is integral to the wired and wirelessswitching infrastructure. Policies are created once on the centralized Enterasys NMS and then propagated tothe edge of the network and enforced right at the point of ingress on the wired switch or the wireless accesspoint. Once the policies are created, which includes both security and quality of service attributes based uponuser and device type, the entire system is completely automated and enables the IT administrator toguarantee a consistent, secure network experience across the entire network infrastructure.

The Multidimensional Approach

Todays unified access layer of wired and wireless services requires a multidimensional approach to deliverthe service-level and security protection demanded by enterprises and educational organizations. Enterasysoffers a full complement of integrated networking solutions ensuring the highest level of resiliency andavailability to business services without sacrificing security and performance.

The entire network can be managed via an integrated wired/wireless management solution that runs as avirtualized management application with mobile access to provide anytime, anywhere visibility and control.Enterasys provides great flexibility for supporting wireless in the cloud by embedding intelligence into itsaccess points, which enables the wireless LAN controller to reside anywhere in either a private or publiccloud where it can be self-managed or managed by a third-party wireless services provider. The role-basedpolicy management system is integral to the entire wired and wireless network, providing a secure networkstarting right at the point of ingress.

By automatically detecting and authenticating devices, Enterasys supports all types of network devices andfully enables a BYOD program while maintaining network security. Since the AP and the controller arecovered by a lifetime warranty, an Enterasys WLAN solution also minimizes total ownership costs.

_____________

For more information about the Enterasys solutions described here, please visitwww.enterasys.comor call Enterasys at 978-495-6824.
http://www.enterasys.com/http://www.enterasys.com/http://www.enterasys.com/


21/23

2 1

Aruba MOVE

Unified Access Network

Architecture for Mobility

Byzer Dondurmacolu

Product Marketing ManagerAruba Networks Inc.

The New Access Network

The LAN as we know it no longer exists. The notion of networks being wired or wireless has become irrelevant.Today, its about mobility and providing secure access to network resources wherever your workforce happens tobe.

The Aruba Mobile Virtual Enterprise (MOVE) architecture unifies wired and wireless into one cohesive networkaccess solution. With Aruba MOVE, access privileges are linked to a users identity, the device they are using,where they are and which applications they need to access.

Aruba MOVE integrates a mobility services network, security and management into one unified system thatscontrolled from either a private or public cloud. These mobility services are uniform across all thin access on-ramps, Aruba 802.11n wireless access points, Mobility Access Switches and VPN software, which collectivelydeliver the following:

Access network cost reduction of up to 70%

Faster campus additions, moves and changes

Simpler access from remote locations Stronger network, user and data security

Lower end-user support costs and higher user satisfaction

Context-Awareness for Smartphone, Tablet Explosion

Conceived when access was confined to corporate campuses, legacy access networks are designed to protectphysical assets within the walls of the enterprise. This approach made sense when the same person connected tothe same port and used the same client device to access the same applications every day. That work model isincreasingly irrelevant for todays highly mobile and virtualized workforce.

Aruba MOVE represents a fundamental shift from more than 20 years of port-centric network architectures. Itplaces network services at the edge of the network, where a users mobile device first encounters enterpriseapplications. Context-aware networking, enabled by Aruba MOVE, makes it easier for IT to accommodate theever-increasing density of smartphones and tablets.

With Aruba MOVE, mobility services are centralized, eliminating the need to keep up with a long list of wiringclosets, firewalls, NAC solutions, management systems and reporting tools that operate in separate domains.Functions of Aruba MOVE mobility services include the following:

Centralized Management: Powered by ArubaOS, Aruba Mobility Controllers virtualize configuration andautomate software updates for thin access on-ramps.

End-to-End Security: Aruba Mobility Controllers integrate context-aware access control, ICSA-certifiedIPv4/v6 stateful firewall security, FIPS 140-2 certified centralized encryption, VPN termination and advancedwireless IPS. Aruba Context Security Service (CSS) leverages data centers around the world to enable webcontent security. CSS is automatically updated with new software features and additional security signatures.

Authorization: Aruba Amigopod enables self-registration of both employee- and guest-owned mobiledevices for automatic device enrollment, centralized EAP-TLS certificate installation and Wi-Fi profileconfiguration without requiring any touch from IT.


22/23


2 2

Visibility:Aruba AirWave enables reporting on a per-user and per-mobile-device basis and tracks usersand devices as they are connected to outdoor mesh, indoor WLAN, branch office network, small office WLAN, tothe wired LAN infrastructure or using remote VPN.

Operations: Aruba AirWave provides real-time, time-sensitive alerts and historical reporting for up to 550days. AirWave also enables management of multi-vendor networks that may include a mix of technologies. Itintegrates wireless security, location tracking and compliance reporting (e.g., PCI), and does not require separateappliances or sensors.

With Aruba MOVE, mobility services are delivered across a wide range of thin access on-ramps enabling thefollowing:

High Performance Indoor Wi-Fi. Aruba 802.11nAPssupport distributed and centralized traffic forwardingmodes, provide noise-aware RF management, integratealways-on wireless security and enable visibility to noisesources with integrated spectrum analysis. They alsoguarantee fair allocation of bandwidth among high density ofmobile devices with Adaptive Radio Management (ARM)technology and deliver speeds up to 900Mbps per AP.Remote APs support zero-touch provisioning for remotelocations and support wired and wireless connectivity, traffic

forwarding based on policy, context-aware security, andbackup links over cellular networks. Wired Security. ArubaMobility Access Switches

integrate stateful firewall, wired authentication and MACSecencryption, enabling context-aware networking for wiredaccess in campus, regional and branch offices. With zero-touch deployment capability similar to that found inAruba APs, they significantly reduce deployment costs.

Remote Access. Aruba Remote APs (RAPs) support zero-touch provisioning and support wired andwireless connectivity, traffic forwarding based on policy, context-aware security and backup links over cellularnetworks. Aruba Virtual Intranet Access (VIA) agent enables IPSec (with SSL backup) VPN connections formobile devices. End users can download VIA from Aruba Mobility Controllers by using corporate credentials, azero-touch transaction for IT.

Instant Wi-Fi. Aruba Instant APs share roaming, security, RF management and other major WLAN

functions among access points without relying on a mobility controller. Due to its unique virtual controllertechnology, failure of an Instant AP can be easily mitigated. As WLAN scale and management requirementsexpand, Aruba Instant can be re-imaged as an 802.11n campus AP and associated with an advanced controller-based WLAN.

High Performance Outdoor Wi-Fi. The Aruba AirMesh solution combines a unique multi-radio, multi-frequency architecture and adaptive Layer 3 routing to bring use of high-performance applications (e.g., HDvideo) to outdoor environments. It is designed to scale while maintaining throughput across multiple hops in awireless mesh network.

Aruba MOVE Solutions

Aruba MOVE enables IT organizations to roll out new mobility applications and services to end users rapidly,without compromising network security or increasing access network deployment and maintenance costs.

Network Rightsizing. At a time when network traffic is increasing faster than IT budgets, Aruba MOVE leveragesmobility to help organizations rightsize their access network investments. This is achieved by eliminatingequipment from data centers and wiring closets, thereby reducing capital and operational expenses.


23/23


2 3

Aruba MOVE makes it easier to rightsize over-built wirednetworks by replacing infrequently used Ethernet ports withWi-Fi access. Ideal for refresh projects and new networkdeployments, wiring closet rightsizing can save companiesmillions of dollars in one-time and ongoing expenses. ArubaMOVE combines six different management interfaces into one,with a common policy framework for the entire access network.

Aruba MOVE automates common tasks, due to its self-installing and self-configuring thin access on-ramps. This zero-touch approach eliminates hundreds of hours of manual work.

Bring Your Own Device. The Aruba Mobile Device AccessControl (MDAC) solution enables secure provisioning andmanagement of smartphones and tablets, also known as theBring-Your-Own-Device (BYOD) phenomenon. Designed foruse with or without Mobile Device Management (MDM) solutions that focus solely on device configuration, ArubaMDAC enforces device and network-use policies and controls network usage by blocking mobile devices that donot meet company policy (e.g., Blackberry vs. Android). It also controls application usage by whitelisting or

blacklisting network services (e.g., smartphones arerestricted to email and Internet), and controls bandwidth

usage by rate limiting network access by device type. ArubaMDAC automates mobile provisioning by redirectingemployee smartphones and tablets to self-registrationportals and network configuration downloads, and increasesdevice visibility for monitoring and troubleshooting withdevice-specific data, statistics and usage reports.

Broadcast Video over Wi-Fi. Arubas Multimedia-grade Wi-Fi gives users a broadcast-quality experience using severalvideo optimization techniques to deliver jitter-free,multichannel video over Wi-Fi to mobile devices. ArubaApplication Fingerprinting technologyguarantees thedelivery of cinema-grade video in mixed-use environments

by identifying video traffic and then reserving bandwidth and prioritizing video over other, less latency-sensitive

applications. Dynamic Multicast Optimization technology capabilities improve network efficiency and maximizeavailable capacity. They do this by considering real-time network usage and video subscription characteristics toautomatically select multicast or unicast for transmitting video over the air to a client.

Aruba MOVE is designed to enable mobility across the entire access network infrastructure. By deployingnetworks based on MOVE, IT organizations can realize up to a 70% reduction in TCO compared to legacy, fixednetwork approaches from other vendors.

Aruba MOVE provides concurrent visibility into the identity of all users, their devices and their locations on bothwired and wireless networks. Context-aware access policies allow IT to control users and devices, so thatemployees can switch effortlessly among desktops, laptops, tablets, smartphones and other mobile devices. Bytaking advantage of centrally managed services, Aruba MOVE dramatically simplifies the process of providingnetwork access to remote locations. It eliminates traditional tasks that IT departments must perform to complete

additions, moves and changes.

The Aruba MOVE architecture transforms IT organizations from a culture of no to a culture of yes. It does soby unifying disparate wired and wireless infrastructures into one seamless network access solution for corporateheadquarters, branch offices, traveling business professionals, remote workers and guests.

___________________

For more information about Aruba Networks solutions described here, please visit:http://www.arubanetworks.com/the-lan-is-dead/or call Wilson Craig at (408) 227-4500.
http://www.arubanetworks.com/the-lan-is-dead/http://www.arubanetworks.com/the-lan-is-dead/http://www.arubanetworks.com/the-lan-is-dead/

ast-0041266 2011 wi-fi challenge with links

Documents