confidential © copyright 2011. aruba networks, inc. all rights reserved get your network ready for...

CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved


Get your network ready for Apple

Observations from Aruba Networks

•March 2012

CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved2

Who Is Aruba?

Leading provider of secure mobility

Aruba MOVEArchitecture

Industry’s most secure WLAN

Easiest BYOD & Guest Access

Zero-touch remote networking

Leader in Gartner MQ

~ $500M in annual revenue

HQ: Sunnyvale, CA

NASDAQ: ARUN


Issues facing Apple-centric networks

• Device density (Aruba Experience)• Spectrum optimization• Roaming issues• Service issues (Bonjour)• Device management issues


Density problem

• Airtime is precious. It must be preserved• iPad connect rate is 150mbps best-case• Divided by 30 users = 5mbps per channel. Real-world usage will

halve this number. Implies 1 channel per class• Other devices are even worse (53mbps)

• 2.4 Ghz band with 3 channels will not scale in a typical school• Clean 5Ghz is mandatory, provides 22ch• Clients should be LoS to the AP to keep speeds up• Keep randoms off the classroom AP (Guest, etc)


5Ghz spectrum is the key

• Design for 5Ghz and 802.11ac• Use Band-steering or selective SSID deployment• Keep power low. HT20 channel-plan instead of

HT40 in dense areas• Airtime fairness prevents starvation


Roaming issues

• Sticky-clients: slow to roam• Clients at a lower rate waste airtime for everyone• Marginal link quality is frustrating• Trim lower MCS rates to encourage roaming• Monitor for low rates and associations to distant APs

• Coverage Models don’t work in HD (1-1) classrooms

• Newer versions of iOS (5+) fix many WiFi issues


What is Apple Bonjour

Bonjour/mDNSBonjour is a discovery and communications

method that lets Apple devices communicate

over LAN/WLAN

Bonjour

Screen mirror from an iPhone, iPad, MacBook

to an AppleTV Personal use by

students in dorms Discovery based on

location by all users Shared use among

execs in meeting rooms

Print from an iPhone or iPad with a Bonjour

enabled printer Personal use by execs

in offices Discovery based on

location by all users Shared use based on

user role within the org

Most Popular Apps


Challenges with Apple Bonjour / mDNS

2. Limited WiFi performance• Multicast use lowest 802.11 rates• L3 forwarding increases Wi-Fi waste• Announcements eat airtime

3. Prone to end user errors• Services do not require authorization• Easy to pick the wrong service• No directory services

1. Designed for home• Operates in a single broadcast domain

and is not VLAN friendly• Devices are not visible across network

boundaries• Pre-Shared Key (PSK) for Wi-Fi security


Access Network Issues

• The access layer is being call upon to provide more than just connectivity.

• Your network vendor should be helping you address the issues that come with 1-to-1 and BYOD initiatives

• Minimize device-touch with onboarding• Direct visibility into how the network is performing• Wired/Wireless Convergence (Gartner does not distinguish)• Flexibility+options in how the Access Layer is deployed• Intelligent Access control (AAA)• Address technology-specific issues such as Apple Bonjour


Onboarding

• How are you going to configure hundreds of iPads?

• First things first: Get it on the network without a phone call• Leverage the Apple API for configuration? Certificates?• Minimize confusion over SSIDs. Enrollment vs Secured• PIN enforcement, other settings above/beyond?


Onboarding iPad Example

• Student connects with AD credentials• Credentials are validated, but district policy says device is

required to register• Student registers at portal• Certificates generated and pushed down• Network configuration pushed down

• Device is now functional using unique credentials instead of AD credentials


Visibility

• BOTH real-time and historical signal quality• Username/Device type/• Infrastructure health• Device association history• Location services?


Remote Mode• AP enabled with IPSec VPN

connect to a central controller

Branch Mode• Instant branch network with IPSec

VPN to a central controller

Campus Mode• Integrates with high performance

controller

Flexible Access Layer Architecture

Same AP, multiple modes of operation

Instant• APs form instant campus network

without controllers


Wired/Wireless convergence

• Smart AAA

• Consistent user experience regardless of connection

• Common areas• Staff devices• Multi-vendor support


Aruba AirGroup

Context Based AccessOnly the necessary services are made visible to mobile devices – per user, per role, per location.

Centralized Registration of ServicesSimple registration of shared and local services by IT. End users self-register their own personal service.

Zero Touch InstallNo gateways or multicast VLANs. No additional SSIDs, VLANs, MAC filters. No multicast routing configuration.


Aruba AirGroupPersonal, Shared, Local Plug-n-Play Services

AppleTV in the meeting room

Printer in CFO’s office

AppleTV in the

classroom

Printer in the copy room

Super’s iPad

Laptop in close proximity

Teacher Macbook

iPhone in close promixity

Personal AirGroup “Super”

Local AirGroup “Apple TVs”

Shared AirGroup “Teachers”

Local AirGroup “Printers”

Aruba Access Network



Thank You

confidential © copyright 2011. aruba networks, inc. all rights reserved get your network ready for...

Documents

aruba networks

rights reservedvoip

rights reserved2issues

rights reservedwho

arunconfidential copyright

voice phones

video cameras

apple devices