Professional Documents
Culture Documents
2011
The 2011 Wi-Fi Challenge Introduction: Enterprise WLANs on Track to Displace Ethernet..3
Professional Opinions Disclaimer: All information presented and opinions expressed in this report represent the current opinions of the author(s) based on professional judgment and best available information at the time of the presentation. Consequently, the information is subject to change, and no liability for advice presented is assumed. Ultimate responsibility for choice of appropriate solutions remains with the reader.
Aruba Move...................................21
The tide is turning as Wi-Fi starts to edge out Ethernet as the primary LAN access network in many enterprise organizations. A confluence of factors is driving the trend toward WLAN access: The user/employee expectation of always-on mobility is shifting network traffic off of wired networks and onto WLANs. High-speed 802.11n network infrastructures can handle near-Ethernet connect rates. Some of the newer dual-mode access points, for example, support three spatial streams per radio and deliver 900Mbps connect rates (with actual throughput roughly half that). The price for some 802.11n equipment has fallen to 802.11g price levels. Offering up to an eight-fold capacity improvement over 802.11g with no price premium, 802.11n has become the default, go-to wireless LAN of choice. A bevy of Wi-Fi-enabled consumer-grade mobile devices is hitting enterprise networks. 802.11n backbones are arriving just in the nick of time to support them and the flood of traffic they create. Employees often use smartphones and, increasingly, tablet computers for both personal and business activity, creating unstoppable trends known as the consumerization of IT and bring your own device (BYOD). Whether the employee buys the device, saving the enterprise capital dollars, or whether its purchased by IT, users get a far better experience with Wi-Fi than with a slower cellular data network when running todays high-bandwidth applications. Many mobile applications contain video and multimedia components. The applications are often collaborative and sensitive to transmission delays, jitter and packet loss. Yet they are quickly joining the enterprise WLAN thanks to IT consumerization and BYOD trends.
Todays enterprises want their mobile networks to mirror many traits of wired Ethernet networks, of course. Yet with all these trends afoot, new challenges arise in the delivery of consistent and reliable mobile performance, security, and policy enforcement.
These are currently the areas where the suppliers attempt to differentiate themselves from their competitors. The 2011 Wi-Fi Challenge serves as a kind of "cheat sheet" that you can use to compare what the respective vendor participants are focusing on and get an idea of their primary strengths.
These audio Webcasts are all accessible at the 2011 Wi-Fi Challenge Web site at Network World. In addition to the audio format, there is also a text transcript for each discussion available for download at the Web site.
We increasingly work, live, play, and learn in a world with no boundaries. The explosion of mobile devices and technologies has changed expectations for enterprise network connectivity and has placed new demands on IT departments to embrace consumer devices led by the iPad. The borders of the workplace experience blur as globalization creates the need for partners, customers, and employees to connect across traditional boundaries from a variety of environments and devices. Indeed, these technologies demand a mobile Borderless Networks experience that securely, reliably, and seamlessly connects people, information, and devices. With more than 15 years of wireless experience, over 700 wireless engineers, 50 IEEE 802.11 active members, 141 granted patents, 272 patents pending, a growing list of customers and partners, and 60 percent market share, Cisco is the leader in enterprise mobility. Cisco Borderless Networks delivers on the mobile experience through a rich system of features that support a comprehensive, end-to-end mobility architecture. Cisco Borderless Networks provide: Figure 1. The Benefits of Cisco Mobility Architecture Pervasive, reliable, and scalable wireless coverage Rich media and collaboration experiences Consistent, policy-based access and granular control over devices and users across a unified access layer Converged user and access management for unified access networks, with complete lifecycle management
Together, these end-to-end architectural elements deliver a rich mobility experience for any user, on any device, at any time, and from anywhere (Figure 1).
Cisco CleanAir
Cisco CleanAir technology comprises a suite of systems-level features that use powerful, purpose-built ASICs in Cisco access points to provide proactive interference management, taking into account all possible scenarios of RF interference and providing constant spectrum insight. Interference can be characterized as bandwidth robbing, show-stopping, or/and malicious. To truly provide a proactive spectrum management solution that can detect all three types, the solution must always be ready to detect a problem and either avoid the source automatically or provide the administrator with an alert about the issue. Ciscos CleanAir solution addresses all three of these interference categories with automatic detection, granular classification, location, and mitigation capabilities. Furthermore, because it is ASIC-based and purpose-built, Ciscos CleanAir technology can provide simultaneous dual-band spectrum analysis and data service for wireless clients, without any performance impact or need for external sensors.
Cisco ClientLink
Cisco ClientLink uses implicit beamforming technology to maximize the perceived signal at the client device so the client can stay connected at a higher data rate. ClientLInk offers three critical benefits: better throughput for the client device, more total system capacity, and more consistent coverage.
Cisco VideoStream technology automatically prioritizes the video streams at the access point based on Video Admission Control settings. By default, the feature will re-mark multicast video flows into the Wi-Fi Multimedia (WMM) video queue until the channel utilization limit is reached for video traffic. The administrator can then either configure VideoStream to allow additional video clients onto the network using the WMM best effort queue or deny any additional streams to reserve some bandwidth for data. Ciscos multicast delivery mechanism enables video packets to be delivered efficiently over the wired and wireless network.
Demonstrable Leadership
Cisco delivers pervasive, reliable, and scalable wireless coverage through best-of-breed RF technology based on purpose-built radio hardware and suites of features like ClientLink, CleanAir, and RRM technologies. Cisco brings pervasive, consistent policy-based access and granular control over devices and users across a unified access layer through a tiered solution enhanced by Cisco ISE. The rich media and collaboration experience is enabled on the Cisco network through built-in application awareness and Cisco VideoStream. Finally, Cisco empowers IT administrators to manage the Borderless Networks mobility experience with a user- and device-centric approach to management via NCS. For all these reasons, Cisco is the best choice to enable a rich borderless mobility experience.
For more information about the Cisco solutions described here, please visit: http://www.cisco.com/go/wireless
HP is changing the rules of networking as the only vendor that harnesses the power of a converged infrastructure to deliver a common architectural approach across the data center, campus, branch and cloud. HPs FlexNetwork Architecture, which is the industrys first network architecture unifying the data center, campus, branch and cloud, supports a converged infrastructure which is key to an Instant-On Enterprise. With an InstantOn Enterprise, technology is fully embedded to accelerate time to value. It is where enterprises and IT innovate together to deliver value instantly to customers and citizens at all the points that matter. Behind the scenes, the Instant-On Enterprise streamlines everything that is required to deliver a service. Clients recognize the imperative: Our research tells us that 85% of technology and business leaders say technology needs to be embedded in their enterprise in order for them to succeed. In a world of continuous connectivity, the Instant-On Enterprise embeds technology in everything it does to serve customers, employees, partners and citizens with whatever they need, instantly. The Instant-On technology consists of: HP Application Transformation: Solutions gain control over aging applications and inflexible processes. HP Converged Infrastructure: Breaks through traditional, rigid IT silos to drive out costs, providing the foundation for agile service delivery, while delivering the data center of the future. HP Enterprise Security: Solutions protect the entire IT infrastructure by addressing all aspects of security: people, processes, technology, and content. HP Information Optimization: Harnesses the power of information, ensures its integrity, and delivers it in the context of the enterprise. HP Hybrid Delivery: Solutions enable clients to select the best method of service delivery for them whether it be traditional, private cloud, and/or public cloud.
HPs comprehensive solution includes servers, storage, power and cooling, management software and networking. Networking plays a vital role in a converged infrastructure, and HPs integrated wired/wireless approach delivers measurable business value. This is especially true when it comes to wireless infrastructure. From Wi-Fi smart phones to handheld devices, the demand for Wi-Fi access is growing in enterprise settings. Enterprises are adding improved Wi-Fi capabilities, and some are making wireless LANs the primary or default access technology at the edge of the network. To address these trends, HP Wi-Fi solutions - part of HPs FlexCampus solution - provide improved service level agreements (SLAs) with wire-like service delivery that doubles the number of users per access point and provides up to 50% improvement in performance. For example, HD videoconference sessions are improved by 50% from 10 video sessions to 15 via the new family of MSM460/466 access points.
10
For more information about HP Networking and HP Networkings Wi-Fi solutions described here, please visit: www.hp.com/networking. 11
A well-known best practice in enterprises is to take a layered, defense-in-depth approach to network security to guard against different kinds of attacks and intrusions. Like its wired counterpart, the wireless LAN (WLAN) also requires multiple security layers to be most effective. One of these layers is a wireless intrusion prevention system (WIPS). As wireless networks have evolved, so too have the systems designed to monitor and secure them. Today, a WIPS is a critical component for any enterprise running a high performance, secure WLAN. However, the best approach for implementing WIPS is a hotly debated topic. There are several different ways to deploy these monitoring systems. First, WIPS functionality can be built directly into your wireless LAN infrastructure (such as the APs) this is the integrated approach. Alternatively, WIPS can run as a standalone, dedicated security system from a third-party specialty company this is the overlay approach. An IT department needs to understand the tradeoffs so it can appropriately balance the organizations risk profile, depth of security required and budget, as it builds an effective, comprehensive wireless security strategy.
Tradeoffs to Consider
AirMagnet strongly believes in the defense-in-depth strategy and, therefore, designed a dedicated overlay WIPS solution. Because an AP has limited resources, a number of key capabilities simply arent supported in APs acting as part time sensors using the integrated approach. Some of the issues with this integrated approach include: APs can only scan traffic for less than one second each minute, so they miss information APs cant serve traffic and block an intrusion at the same time, so there are tradeoffs to performance for security, and vice-versa Since APs arent listening 24x7, they cant see problems that occur over time and cannot gather enough information to meet compliance auditing requirements APs can only scan legal, licensed wireless channels and cant see dangerous activity on the 5 GHz extended channels where malicious devices can hide
Many of these shortcomings can be attributed to the use of a time slicing technique in integrated WIPS approaches. When implementing time slicing, wireless APs pull double-duty, as APs forwarding traffic and as security sensors scanning the air for anomalies.
12
Fully resilient configuration with automatic sensor failover to a secondary WIPS engine if the primary should fail Recognition of far more threats, including the most sophisticated and potentially dangerous ones
13
_____________ For more information about Fluke Networks AirMagnet solutions described here, please visit: http://www.airmagnet.com or call Fluke Networks at 1-800-283-5853.
14
All Wi-Fi products are not made equal, even though they may seem similar at first glance. Having designed and built wireless products for over 75 years, weve not only learned a few things but have put that knowledge back into improving our customers experiences by building robust products that they can rely on. This has allowed us to build wireless network solutions that can grow and change with your needs. Our solution addresses the key challenges IT departments face as wireless becomes the primary access method in the enterprise: 1. Increase in the number of devices and traffic on the WLAN 2. Managing security for all of these devices and users 3. Building a dependable wireless network that is always on Let us show you how to meet these challenges head on and why no other vendor even comes close. Motorola Solutions makes it easy for IT departments to build, deploy, and maintain a trusted wireless network that is as reliable and high performing as their wired networks.
15
Security Management
Security not only involves firewalls but also wireless intrusion protection to ensure the integrity of your WLAN. With WiNG 5 architecture, firewalling is pushed out to the edge. APs are roaming-aware and stateful, with the ability to firewall at Layer 2 and Layer 3. Security policies are also handled by the AP. Another important feature is the ability for Motorola APs to provide simultaneous client access and full-time sensing for wireless intrusion detection and prevention (WIPS) security and troubleshooting. The APs provide 24x7 sensing, detection, and mitigation of threats. Since the AP can provide access as well as sensing, overall costs of deployment, installation, and power are lower as the need for dedicated sensors is eliminated. Networks with distributed intelligence enable real-time troubleshooting and spectral analysis for greater RF visibility and reduced maintenance costs.
16
For more information about the Motorola Solutions WLAN solutions described here, please visit www.motorola.com/wing5 or call Motorola Solutions at +1.866.416.8545. 17
When you talk about the network edge today, youre most likely talking about wireless access. Todays workforce is highly mobile, outfitted with an ever-growing assortment of Wi-Fi-enabled devices, and has an insatiable need for continuous network access. Consequently, the market is experiencing high growth in wireless LAN deployments throughout all vertical markets, including schools, hospitals, warehouses, small and medium-sized businesses, and virtually every other location where workers or people congregate. Todays business environment requires network access to be omnipresent as well as reliable, and it must provide strong performance with seamless roaming capabilities. While wired networking is still an important component of an enterprise network in data centers and other points of aggregation, the wireless edge continues to grow and has become a dominant factor in all network rollouts and upgrades. Creating a fully integrated, easily managed, and secure WLAN with wire-like performance need not be an exorbitantly costly and time-consuming endeavor fraught with pitfalls and gotchas. Enterasys Wireless solutions dramatically lower the cost of upgrading indoor and outdoor WLANs so you realize the benefits of 802.11n while eliminating unnecessary and time-consuming switch and infrastructure replacement costs. Enterasys solutions deliver these benefits, in part, with the following: Specialized mounting hardware that leverages existing brackets to streamline installation Automated AP discovery, configuration, and optimization to reduce installation and start-up time Full support for 3x3 MIMO operation with .af power, which eliminates the need to re-cable the POE infrastructure
18
The common thread that binds Enterasys unified access portfolio is Enterasys exclusive automated role-based architecture. Uniquely, Enterasys enables multi-user authentication, authorization, access control, and traffic flow optimization, ensuring transparent access to business services and unparalleled mobility. This automated role-based provisioning system lowers OPEX costs and ensures consistent access to business services whether users are plugged into the wall or are untethered and moving freely across the campus. Network management is complicated by the fact that most enterprise networks typically comprise both wired and wireless LANs, which is why Enterasys has taken a leadership role in integrating wired and wireless LAN management (see figure). The two network infrastructures can be managed and secured as a single entity to significantly simplify network management and deliver ongoing operational cost savings. A hallmark feature of Enterasys solutions is the ability to eliminate the inefficient and time-consuming task of manual, switch-byswitch or controller-by-controller network configuration changes. The benefits are not only efficiency but also error reduction, since manual operations for network configuration changes (e.g., setting up individual telnet sessions to each switch and performing access control list changes and re-ordering) are eliminated. The Enterasys Wireless Management Suite provides a powerful centralized management platform for the Enterasys Wireless portfolio. As an integrated component of the Enterasys Network Management Suite (NMS), Wireless Manager consolidates configurations across the entire WLAN to provide global management capabilities. Integrated security across the wired/wireless network enables quick diagnosis and resolution of threats, and real-time, at-a-glance location capabilities detect rogue users and shut down hot spots by exact location, addressing a critical enterprise challenge. One of the biggest strengths of the Enterasys Wireless products is their deployment flexibility. Enterasys provides complete flexibility over the location of the controller as well as how the WLAN is managed, which reduces costs, simplifies management, and removes the barriers to deploying a wireless edge. Customer deployment options include: A typical on-premise wireless deployment where controllers are collocated in proximity to the access points and self-managed by the customer A private cloud model where the controller is centralized in the customers data center and selfmanaged by the customer A managed services model where the controller is centralized in the customers data center and remotely managed by a managed service provider
19
_____________
For more information about the Enterasys solutions described here, please visit www.enterasys.com or call Enterasys at 978-495-6824.
20
Aruba MOVE
Unified Access Network Architecture for Mobility
The New Access Network
The LAN as we know it no longer exists. The notion of networks being wired or wireless has become irrelevant. Today, its about mobility and providing secure access to network resources wherever your workforce happens to be. The Aruba Mobile Virtual Enterprise (MOVE) architecture unifies wired and wireless into one cohesive network access solution. With Aruba MOVE, access privileges are linked to a users identity, the device they are using, where they are and which applications they need to access. Aruba MOVE integrates a mobility services network, security and management into one unified system thats controlled from either a private or public cloud. These mobility services are uniform across all thin access onramps, Aruba 802.11n wireless access points, Mobility Access Switches and VPN software, which collectively deliver the following: Access network cost reduction of up to 70% Faster campus additions, moves and changes Simpler access from remote locations Stronger network, user and data security Lower end-user support costs and higher user satisfaction
21
At a time when network trafc is incr easing faster than budgets, Aruba MOVE leverages mobility to rightsize the network. This is achieved by eliminating equipment fr om data centers and wiring closets, ther eby reducing capital and operational expenses.
Aruba MOVE network services consolidate the functions of multiple independent management Aruba MOVE enables IT organizations to roll out new mobility applications and services to end users rapidly, tools, conguration servers, location servers, NAC systems, VPNs, spectrum analyzers, and wir eless intrusion without compromising network security or increasing access network networks, this complex maze of functions r equire separate devices to install, detection systems. In legacy deployment and maintenance costs. manage, maintain and troubleshoot.
Network Rightsizing. At a time when network traffic is increasing faster than IT budgets, Aruba MOVE leverages Mobile Virtual Enterprise Aruba network mobility to help organizations rightsize their accessNetworks investments. This is achieved by eliminating equipment from data centers and wiring closets, thereby reducing capital and operational expenses.
22
For more information about Aruba Networks solutions described here, please visit: http://www.arubanetworks.com/the-lan-is-dead/ or call Wilson Craig at (408) 227-4500. 23