Network World and Robin Layland present

The 2011 Wi-Fi Challenge

Enterprise Suppliers Respond to the Mobile Multimedia Frenzy

2011

The 2011 Wi-Fi Challenge Introduction: Enterprise WLANs on Track to Displace Ethernet..3

Enabling the Mobility Experience....6

Enabling Effortless Wireless Mobility...............................................9

Professional Opinions Disclaimer: All information presented and opinions expressed in this report represent the current opinions of the author(s) based on professional judgment and best available information at the time of the presentation. Consequently, the information is subject to change, and no liability for advice presented is assumed. Ultimate responsibility for choice of appropriate solutions remains with the reader.

Overlay vs. Integrated WIPS Architecture............................12

Contact: Robin Layland Layland Consulting (860) 561 - 4425 Robin@Layland.com

Less Worry, More Intelligence from the Wireless Pioneer...............15

The Evolving Network Edge............18

Copyright 2011 Robin Layland / Layland Consulting

Aruba Move...................................21

Enterprise WLANs On Track to Displace Ethernet

Vendors bolster Wi-Fi architectures, security, management

By Robin Layland President Layland Consulting

By Joanie Wexler Analyst/Editor Joanie M. Wexler & Associates

The tide is turning as Wi-Fi starts to edge out Ethernet as the primary LAN access network in many enterprise organizations. A confluence of factors is driving the trend toward WLAN access: The user/employee expectation of always-on mobility is shifting network traffic off of wired networks and onto WLANs. High-speed 802.11n network infrastructures can handle near-Ethernet connect rates. Some of the newer dual-mode access points, for example, support three spatial streams per radio and deliver 900Mbps connect rates (with actual throughput roughly half that). The price for some 802.11n equipment has fallen to 802.11g price levels. Offering up to an eight-fold capacity improvement over 802.11g with no price premium, 802.11n has become the default, go-to wireless LAN of choice. A bevy of Wi-Fi-enabled consumer-grade mobile devices is hitting enterprise networks. 802.11n backbones are arriving just in the nick of time to support them and the flood of traffic they create. Employees often use smartphones and, increasingly, tablet computers for both personal and business activity, creating unstoppable trends known as the consumerization of IT and bring your own device (BYOD). Whether the employee buys the device, saving the enterprise capital dollars, or whether its purchased by IT, users get a far better experience with Wi-Fi than with a slower cellular data network when running todays high-bandwidth applications. Many mobile applications contain video and multimedia components. The applications are often collaborative and sensitive to transmission delays, jitter and packet loss. Yet they are quickly joining the enterprise WLAN thanks to IT consumerization and BYOD trends.

Todays enterprises want their mobile networks to mirror many traits of wired Ethernet networks, of course. Yet with all these trends afoot, new challenges arise in the delivery of consistent and reliable mobile performance, security, and policy enforcement.

What the WLAN Vendors Are Up To

For the vendors behind the curtain, achieving Ethernet parity with Wi-Fi is a tough nut to crack. The RF medium is shared among all users connecting to a given AP. It is also prone to cochannel interference from other Wi-Fi devices and non-Wi-Fi devices legitimately sharing Wi-Fis unlicensed 5GHz and 2.4GHz frequency bands. Voice calls nail up bandwidth for the duration of

2011 Wi-Fi Challenge

sessions, lowering the number of users who can connect to the AP. And Wi-Fi has moved beyond just conference rooms and public areas into mainstream workspaces. Broader coverage plus high-bandwidth applications creates a need to install APs in a fairly dense fashion. Consequently, enterprise-class vendors are hard at work building tools and tweaking their architectures to achieve some or all of the following: Add capacity to APs while building in transmission power control capabilities for proper operation of high-density WLANs. High-density WLANs involve installing many more APs for spectrum reuse and greater capacity. However, having more APs closer to one another can also increase co-channel interference if power levels arent tuned just right. Avoid traffic bottlenecks by distributing data plane functions and, depending on vendor, some control plane functions to APs Identify and eradicate interference and its sources Enable converged management and policy-setting across Wi-Fi and wired Ethernet environments to lower operational expenses (opex) Reinforce quality of service (QoS) capabilities with features above and beyond those in the IEEE 802.11e set of QoS standards to handle real-time and streaming traffic on the WLAN Offer flexible management and control options that include virtual machine (VM) alternatives both in on-premise virtualized servers and as cloud services. Virtualization can simplify operations and reduce capital expenses (capex). Provide access control capabilities that offer visibility into the mobile device, user, and the location of the user attempting to connect to the corporate network and apply policy accordingly Monitor the full spectrum of airwaves to detect and mitigate possible intrusions and performance problems Address the branch-office needs of companies with large numbers of distributed sites with simpler WLAN setups and protection against WAN failures

These are currently the areas where the suppliers attempt to differentiate themselves from their competitors. The 2011 Wi-Fi Challenge serves as a kind of "cheat sheet" that you can use to compare what the respective vendor participants are focusing on and get an idea of their primary strengths.

Our Challenge to the Industry

So that you can learn specifically what the major enterprise-class vendors are doing to achieve these goals and to help you evaluate potential 802.11n suppliers for your organization, we have brought together six leading enterprise-class 802.11n network system vendors:

AirMagnet/Fluke Networks Aruba Networks Cisco

Enterasys Networks Hewlett-Packard Motorola Solutions

2011 Wi-Fi Challenge

We have challenged these companies to articulate to you, in the following pages, why they should be your enterprise-class Wi-Fi vendor. Though every network has a unique set of challenges, and the vendor responses here can't address every possible nuance, responses to this challenge should educate you about each vendor's primary value proposition. This document is just one part of The 2011 Wi-Fi Challenge. We also encourage you to listen to three audio panel discussions among the participating vendors, moderated by Network World Wireless Alert author Joanie Wexler, on the following topics: High-Density Design Amid the Mobile Explosion with Jim Florwick, Technical Marketing Engineer at Cisco, and Rob Haviland, Technical Marketing Engineer at Hewlett-Packard The Mobility Free-For-All: Controlling Access to Your Network with Ozer Dondurmacioglu, Product Marketing Manager at Aruba Networks, and Mike Leibovitz, Product Manager for Wireless LANs at Enterasys Networks Maintaining Consistent Wi-Fi Performance in Fickle RF Environments, with Jesse Frankel, AirMagnet Product Marketing Manager at Fluke Networks, and Manju Mahishi, Director of Wireless Products Strategy at Motorola Solutions

These audio Webcasts are all accessible at the 2011 Wi-Fi Challenge Web site at Network World. In addition to the audio format, there is also a text transcript for each discussion available for download at the Web site.

Read, Listen, and Learn

We invite you to peruse the following documents, provided by the six Wi-Fi vendor participants, which sum up their primary competitive differentiators. We asked the vendors not to address all the issues but instead to concentrate on what they think are the most important ones and where they excel compared with their competition. The next step for you is to read and/or listen to what they have to say, then contact them about issues you consider important that they didnt mention. Let them explain how they can help you build a high-density 802.11n network that meets your performance, security, and management requirements.

2011 Wi-Fi Challenge

Enabling the Mobility Experience:

The Cisco Advantage

By Jake Woodhams Senior Technical Marketing Manager Cisco

We increasingly work, live, play, and learn in a world with no boundaries. The explosion of mobile devices and technologies has changed expectations for enterprise network connectivity and has placed new demands on IT departments to embrace consumer devices led by the iPad. The borders of the workplace experience blur as globalization creates the need for partners, customers, and employees to connect across traditional boundaries from a variety of environments and devices. Indeed, these technologies demand a mobile Borderless Networks experience that securely, reliably, and seamlessly connects people, information, and devices. With more than 15 years of wireless experience, over 700 wireless engineers, 50 IEEE 802.11 active members, 141 granted patents, 272 patents pending, a growing list of customers and partners, and 60 percent market share, Cisco is the leader in enterprise mobility. Cisco Borderless Networks delivers on the mobile experience through a rich system of features that support a comprehensive, end-to-end mobility architecture. Cisco Borderless Networks provide: Figure 1. The Benefits of Cisco Mobility Architecture Pervasive, reliable, and scalable wireless coverage Rich media and collaboration experiences Consistent, policy-based access and granular control over devices and users across a unified access layer Converged user and access management for unified access networks, with complete lifecycle management

Together, these end-to-end architectural elements deliver a rich mobility experience for any user, on any device, at any time, and from anywhere (Figure 1).

2011 Wi-Fi Challenge Pervasive Connectivity

No architecture can stand without a strong foundation, and in the mobility world, this means a strong foundation layer of RF excellence to meet the requirement for pervasive, reliable, and scalable wireless coverage. Cisco builds this foundation from the ground up, constructing it from best-in-class, purpose-built radio hardware and innovative suites of features including Cisco CleanAir, Cisco radio resource management (RRM), and ClientLink technologies. Cisco is also the only vendor in the industry that designs its own access points from scratch, using enterprise-class silicon, custom-designed antennas, and well-engineered RF designs. From over a decade of experience and leadership in RF and 802.11 wireless technology, Cisco knows the importance of this relentless focus on the highest-quality engineering and attention to detail. The Cisco wireless experience is fundamentally better because Cisco builds better access points.

Cisco CleanAir
Cisco CleanAir technology comprises a suite of systems-level features that use powerful, purpose-built ASICs in Cisco access points to provide proactive interference management, taking into account all possible scenarios of RF interference and providing constant spectrum insight. Interference can be characterized as bandwidth robbing, show-stopping, or/and malicious. To truly provide a proactive spectrum management solution that can detect all three types, the solution must always be ready to detect a problem and either avoid the source automatically or provide the administrator with an alert about the issue. Ciscos CleanAir solution addresses all three of these interference categories with automatic detection, granular classification, location, and mitigation capabilities. Furthermore, because it is ASIC-based and purpose-built, Ciscos CleanAir technology can provide simultaneous dual-band spectrum analysis and data service for wireless clients, without any performance impact or need for external sensors.

Radio Resource Management

Complementing CleanAir technology is Ciscos radio resource management (RRM), which constantly samples the RF environment and then runs back-end calculations and algorithms that dynamically assign the best channels to access points, set access point transmit power, and mitigate coverage holes. RRM is dynamic and responsive to the ephemeral nature of RF. RRM is also transparent to the network operator and administrator, keeping the WLAN working optimally without laborious overhead.

Cisco ClientLink
Cisco ClientLink uses implicit beamforming technology to maximize the perceived signal at the client device so the client can stay connected at a higher data rate. ClientLInk offers three critical benefits: better throughput for the client device, more total system capacity, and more consistent coverage.

Rich Media and Collaboration

Cisco has implemented built-in application awareness for voice and video content to automatically recognize and prioritize voice and multimedia applications. Session Initiation Protocol (SIP) session snooping allows the controller to inspect SIP messages and then automatically recognize and prioritize the appropriate Real-Time Transport Protocol (RTP) streams for the voice traffic. This allows voicebased applications that dont mark their packets to automatically receive priority. The actual SIP snooping occurs in the wireless controller while the real-time processing and re-marking of voice packets occurs at the access point. By processing and re-marking voice packets at the access point, voice packets are correctly prioritized starting at the edge of the network, allowing for proper handling end-to-end and enabling greater efficiency and scale.

2011 Wi-Fi Challenge

Cisco VideoStream technology automatically prioritizes the video streams at the access point based on Video Admission Control settings. By default, the feature will re-mark multicast video flows into the Wi-Fi Multimedia (WMM) video queue until the channel utilization limit is reached for video traffic. The administrator can then either configure VideoStream to allow additional video clients onto the network using the WMM best effort queue or deny any additional streams to reserve some bandwidth for data. Ciscos multicast delivery mechanism enables video packets to be delivered efficiently over the wired and wireless network.

Policy-based Access and Control

Cisco supports unified policy creation and provisioning for all network access scenarios. The mobility architecture simplifies and centralizes policy creation, management, and troubleshooting, and provides an all-in-one access and policy platform streamlined for operational efficiencies. With this solution, Cisco can provide user-based policies for devices and users, assigning them network access attributes that control what can be accessed on the network as well as specific levels of quality of service. When access control is enhanced with the Cisco Identity Services Engine (ISE), administrators gain the ability to control access dynamically, so that they can respond to specific events, such as a device being profiled.

Converged User and Access Management

The final dimension of Cisco Borderless Network Architecture delivers converged user and access management for unified access networks, with complete wireless lifecycle management using the Cisco Prime Network Control System (NCS) platform. NCS is the next phase in evolution for Ciscos industry-leading Wireless Control System (WCS) management product, expanding from a wireless systems-level focus, to a user- and endpoint-centric management approach. WCS already includes a comprehensive set of tools for managing the complete lifecycle of Cisco wireless networks, including planning, deployment, monitoring, troubleshooting, and reporting. NCS builds on and enhances this functionality by introducing complete visibility into endpoint connectivity, regardless of the device access method or location. NCS also includes flexible dashboard views, guided workflows, and built-in diagnostic tools based on comprehensive, actionable information.

Demonstrable Leadership
Cisco delivers pervasive, reliable, and scalable wireless coverage through best-of-breed RF technology based on purpose-built radio hardware and suites of features like ClientLink, CleanAir, and RRM technologies. Cisco brings pervasive, consistent policy-based access and granular control over devices and users across a unified access layer through a tiered solution enhanced by Cisco ISE. The rich media and collaboration experience is enabled on the Cisco network through built-in application awareness and Cisco VideoStream. Finally, Cisco empowers IT administrators to manage the Borderless Networks mobility experience with a user- and device-centric approach to management via NCS. For all these reasons, Cisco is the best choice to enable a rich borderless mobility experience.

For more information about the Cisco solutions described here, please visit: http://www.cisco.com/go/wireless

Enabling Effortless Wireless Mobility

HP Addresses Overwhelming Penetration of Wi-Fi Devices on the Network
Why HP Networking

By Kevin Secino Mobility Product Marketing Manager

Brian Greenberg Global Competitive Intelligence Manager Hewlett-Packard

HP is changing the rules of networking as the only vendor that harnesses the power of a converged infrastructure to deliver a common architectural approach across the data center, campus, branch and cloud. HPs FlexNetwork Architecture, which is the industrys first network architecture unifying the data center, campus, branch and cloud, supports a converged infrastructure which is key to an Instant-On Enterprise. With an InstantOn Enterprise, technology is fully embedded to accelerate time to value. It is where enterprises and IT innovate together to deliver value instantly to customers and citizens at all the points that matter. Behind the scenes, the Instant-On Enterprise streamlines everything that is required to deliver a service. Clients recognize the imperative: Our research tells us that 85% of technology and business leaders say technology needs to be embedded in their enterprise in order for them to succeed. In a world of continuous connectivity, the Instant-On Enterprise embeds technology in everything it does to serve customers, employees, partners and citizens with whatever they need, instantly. The Instant-On technology consists of: HP Application Transformation: Solutions gain control over aging applications and inflexible processes. HP Converged Infrastructure: Breaks through traditional, rigid IT silos to drive out costs, providing the foundation for agile service delivery, while delivering the data center of the future. HP Enterprise Security: Solutions protect the entire IT infrastructure by addressing all aspects of security: people, processes, technology, and content. HP Information Optimization: Harnesses the power of information, ensures its integrity, and delivers it in the context of the enterprise. HP Hybrid Delivery: Solutions enable clients to select the best method of service delivery for them whether it be traditional, private cloud, and/or public cloud.

HPs comprehensive solution includes servers, storage, power and cooling, management software and networking. Networking plays a vital role in a converged infrastructure, and HPs integrated wired/wireless approach delivers measurable business value. This is especially true when it comes to wireless infrastructure. From Wi-Fi smart phones to handheld devices, the demand for Wi-Fi access is growing in enterprise settings. Enterprises are adding improved Wi-Fi capabilities, and some are making wireless LANs the primary or default access technology at the edge of the network. To address these trends, HP Wi-Fi solutions - part of HPs FlexCampus solution - provide improved service level agreements (SLAs) with wire-like service delivery that doubles the number of users per access point and provides up to 50% improvement in performance. For example, HD videoconference sessions are improved by 50% from 10 video sessions to 15 via the new family of MSM460/466 access points.

The 2011 Wi-Fi Challenge

Maintaining high-quality wireless sessions using some vendors equipment places a tremendous burden on the network as more video, voice and higher bandwidth applications join the network. Without the correct infrastructure in place, a wireless LAN network risks an inconsistent user experience that increases operational complexity and creates gaps in access enforcement and security while constraining budgets and adding headcount to support the network.

Optimized Architecture Using Distributed Intelligence

Optimizing the User Wi-Fi Experience

Many wireless LAN vendors sell separate equipment, software and tools for wired and wireless environments, placing extra management, costs and training burdens on enterprises. HP, by contrast, offers integrated wired and wireless networking solutions through IMC (Intelligent Management Center) for large enterprise environments and with PCM+ and Mobility Manager for mid market enterprise customers providing single pane of glass wired/wireless device management. The increase in wireless users and the number of Wi-Fi clients that are being deployed over a wireless LAN, in addition to higher bandwidth applications, have the ability to degrade the overall user experience. HPs optimized WLAN architecture gives customers the choice of either centrally controlling network traffic or distributing network traffic with intelligent access points at the edge of the network. This architecture enables customers to choose how they want to address application delivery, whether centralized or distributed, via the same access point. Having the flexibility to distribute network traffic is important especially when using low-latency applications such as voice traffic. The ability to choose the best distribution model is key to network efficiency; for example, voice traffic can be processed at the edge of the network, which is faster than competitive architectures that require the traffic to flow back to a centralized controller before being redistributed. In addition, industry compliancy is addressed: Mandates such as PCI DSS (Payment Card Industry Data Security Standards) require that sensitive financial data be directed to a centralized controller. HP provides either centralized or distributed distribution methods providing the customer flexible data distribution choices. HP set the benchmark for 802.11n performance this year with the launch of the industrys first three-spatial stream 802.11n dual-radio access points. The new HP E-MSM460 and HP E-MSM466 dual-radio 802.11n APs deliver near gigabit-speed connect rates to Wi-Fi client devices and offer superior range, density and coverage. These traits add up to unmatched performance and reliability for todays on-the-go workforce. The product family also provides a solid foundation for current and future bandwidth-intensive, delay-sensitive applications while preserving full compatibility with legacy 802.11 clients and existing HP wireless controllers.

HPs Key Differentiators

Three spatial-stream MIMO for industry-leading throughput. HP offers three-stream 900Mbps dual-radio APs at the same price as competitive two-stream 600Mbps dual-radio products. Closed loop beamforming for improved coverage with less transmission overhead. HP supports standardsbased 802.11n closed loop explicit beamforming to improve RF coverage areas and reduce roaming dead

10

The 2011 Wi-Fi Challenge

spots while reducing transmission overhead. Beamforming provides a more reliable and predictable user experience and offers customers greater choice and flexibility in networking solutions. Band steering for optimal WLAN performance. Most enterprise access points contain two radios. Typically one radio is set to 5GHz for 802.11a/n clients and the other is set to 2.4GHz for 802.11b/g clients. By default, many clients are configured to prefer the 2.4GHz band. HP supports band steering to automatically and transparently direct 5GHz-capable clients to the higher-performing, less-congested 5GHz band. Band steering increases wireless network capacity and helps solve client density issues by reducing the number of clients in the crowded 2.4GHz space. It also improves performance for clients that remain on the 2.4GHz network. Band steering can be implemented quickly and easily since it requires no client-side configuration. Concurrent operation in 5GHz band. HP E-MSM466 802.11n dual-radio APs support the concurrent operation of both radios in the 5GHz band. Concurrent operation in the 5GHz band improves noise immunity (fewer sources of interference), increases channel availability, enables greater utilization of 40MHz channels and supports higher density/high bandwidth deployment models for improved performance that enables a wide range of mission critical applications to operate over Wi-Fi infrastructures. Optimized WLAN architecture. Any HP E-Series 802.11n dual-radio AP can be deployed as an integral component of HPs next-generation non-blocking WLAN architecture. The architecture enables optimal application delivery, with low impact on the wired core, no single point of failure or performance bottlenecks, cost-effective scalability and strong investment protection.

Built-In Intrusion Prevention

HPs approach to protecting the wireless LAN from security intrusions is through the implementation of a dedicated RF sensor. This approach guarantees 24x7 intrusion prevention and is highly efficient. Using dedicated sensors, access points are designed to provide the optimum in client connectivity performance versus other vendors who implement RF scanning techniques via the same access points that provide client connectivity. This multitasking method limits client connectivity performance and does not provide an optimum user experience. HPs RF Manager 6.0 Wireless IDS/IPS combined with the deployment of dedicated E-MSM415 IEEE 802.11n wireless sensors enables enterprises to benefit from 24/7 wireless protection. Other vendors who share the security detection and support Wi-Fi clients on the same access points are prone to client interruption and network performance degradation. HP also offers a compelling TCO story. In a study conducted by IDC in the fall of 2010, HP LANs were shown to reduce costs by 66% as HP equipment provided a more stable environment than competitors with newer technology, less frequent equipment failures, better ease of use and reduced complexity. Customers receive cost benefits such as the ability to save capital through better network utilization including fully active links that help avoid the cost of over provisioning. They can also save on soft costs with lower total support costs. HPs industry leading lifetime warranty with next-business day replacement and support options can help reduce the lifetime cost of a customers network. In addition to this, HP products deliver higher density with less power, and half the energy consumption when compared to competitors. The proliferation of tremendous volumes of Wi-Fi client devices being introduced into the network requires that the networking infrastructure support this ongoing trend. For large enterprise mobility environments, customers can choose HPs A-Series mobility solutions and specifically the A7500/A9500, which supports greater than 7000 access points per chassis. For the mid market enterprise customers HPs new family of MSM460 and 466 access points support more Wi-Fi devices, while providing additional range and performance. Both of these solutions provide enterprises with an optimized architecture that scales and provides flexible distribution models as part of HPs FlexNetwork and the FlexCampus, protecting investments today with tomorrows technology. Altogether this enables a network to be future proofed for the wave of new Wi-Fi devices being deployed. As a leader in mobility offerings, HP is helping customers mitigate the Wi-Fi challenges today and is the only vendor delivering best-in-class, unifed wired/wireless networking as part of a converged infrastructure. _______________________

For more information about HP Networking and HP Networkings Wi-Fi solutions described here, please visit: www.hp.com/networking. 11

Overlay vs. Integrated WIPS Architecture The Debate Continues

By Chia-Chee Kuan Co-Founder & CTO AirMagnet

A well-known best practice in enterprises is to take a layered, defense-in-depth approach to network security to guard against different kinds of attacks and intrusions. Like its wired counterpart, the wireless LAN (WLAN) also requires multiple security layers to be most effective. One of these layers is a wireless intrusion prevention system (WIPS). As wireless networks have evolved, so too have the systems designed to monitor and secure them. Today, a WIPS is a critical component for any enterprise running a high performance, secure WLAN. However, the best approach for implementing WIPS is a hotly debated topic. There are several different ways to deploy these monitoring systems. First, WIPS functionality can be built directly into your wireless LAN infrastructure (such as the APs) this is the integrated approach. Alternatively, WIPS can run as a standalone, dedicated security system from a third-party specialty company this is the overlay approach. An IT department needs to understand the tradeoffs so it can appropriately balance the organizations risk profile, depth of security required and budget, as it builds an effective, comprehensive wireless security strategy.

Tradeoffs to Consider
AirMagnet strongly believes in the defense-in-depth strategy and, therefore, designed a dedicated overlay WIPS solution. Because an AP has limited resources, a number of key capabilities simply arent supported in APs acting as part time sensors using the integrated approach. Some of the issues with this integrated approach include: APs can only scan traffic for less than one second each minute, so they miss information APs cant serve traffic and block an intrusion at the same time, so there are tradeoffs to performance for security, and vice-versa Since APs arent listening 24x7, they cant see problems that occur over time and cannot gather enough information to meet compliance auditing requirements APs can only scan legal, licensed wireless channels and cant see dangerous activity on the 5 GHz extended channels where malicious devices can hide

Many of these shortcomings can be attributed to the use of a time slicing technique in integrated WIPS approaches. When implementing time slicing, wireless APs pull double-duty, as APs forwarding traffic and as security sensors scanning the air for anomalies.

12

2011 Wi-Fi Challenge

Dedicated WIPS overlay networks, by contrast, are generally the most secure option. They remediate the issues with time slicing, missed events and other common problems encountered with integrated approaches. Dedicated systems offer capabilities that generally arent available in integrated solutions. Among these capabilities are the following: Comprehensive regulatory compliance reporting Forensics for after-the-fact analysis Event troubleshooting

Fully resilient configuration with automatic sensor failover to a secondary WIPS engine if the primary should fail Recognition of far more threats, including the most sophisticated and potentially dangerous ones

AirMagnet Enterprise: Purpose Built for WLAN Security Monitoring

AirMagnets dedicated WIPS system is called AirMagnet Enterprise. It provides simple, scalable WLAN security monitoring that enables proactive detection and mitigation of all types of wireless security threats. The system enforces enterprise policies and continuously audits the regulatory compliance of the wireless environment and Wi-Fi users worldwide. The AirMagnet Enterprise architecture contains unique elements to ensure the most complete independent detection and remediation of WLAN threats. The system architecture is simple and efficient, consisting of the AirMagnet Enterprise server software and database, and dedicated sensors that monitor and analyze wireless environments in the corporate premises even in areas with no authorized Wi-Fi service. Each AirMagnet Enterprise sensor is a dedicated, hardened device, which contains no data access capabilities.Thus, the sensors dont suffer from the vulnerabities APs may experience when performing limited WIPS scanning: APs can become victims of malicious activity or attacks that disable them and cause them to stop scanning.

Full Time, Complete, Dedicated Security Detection

The AirMagnet Enterprise intelligent sensors continuously scan every possible 802.11 channel for potentially dangerous security problems, including the extended channels in the 5 GHz band, which cannot be scanned by AP devices. The premise is constantly monitored for the presence of any type of unauthorized or rogue device. The system accurately detects complex attacks that use multi-threaded traffic vectors, which may play out over minutes and would be missed by systems using time slicing security scanning. AirMagnet Enterprise provides deep WLAN threat detection via the AirWISE intelligence engine that covers all these important categories of security issues: rogue device detection and mitigation, including access points, stations and ad-hoc devices; denial-of-service (DoS) attacks against APs, stations infrastructure and generic jamming attacks; known and hybrid attacks using hacking tools such as MDK3, Karmetasploit and derivatives; behavioral attacks; and compliance verification of unauthorized WLAN devices to corporate security policy.

13

2011 Wi-Fi Challenge

Dynamic Threat Update Technology
Dynamic Threat Update (DTU) technology in AirMagnet Enterprise ensures that the corporate premises are automatically protected against newly discovered WLAN security vulnerabilities. This is far more secure than waiting months or longer to receive updates for WIPS functions embedded in AP infrastructure components, which then require significant IT resources and network downtime to deploy. Threat definitions are separately loadable, so they can be automatically installed without any disruption to operations requiring change control planning. AirMagnet accelerates the development of new threat definition modules at the highest rate in the industry, immediately brining the benefits of dedicated wireless security research and development efforts to all global users.

Complete Protection and Analysis

The AirMagnet Enterprise architecture provides continuous wireless protection and avoids blind spots. Key capabilities include the following: Sensor operation with network/server connection loss: AP-based monitoring systems become completely disabled if connection is lost Hot standby server configuration for continuous operation of WIPS capabilities Fully encrypted SSL-based tunnels for highly secure communications among system components Detailed compliance reports for regulatory standards including Sarbanes-Oxley, HIPAA, GLBA, DoD 8100.2 and many more

Holistic Wireless Lifecycle Integration

AirMagnet Enterprise is part of a complete line of wireless solutions from Fluke Networks, covering the entire wireless lifecycle from planning, to deployment and verification, to troubleshooting and interference and 24x7 security and monitoring. AirMagnet solutions allow users to ensure the health, performance and security of their wireless LAN from initial planning and deployment to ongoing maintenance and monitoring.

_____________ For more information about Fluke Networks AirMagnet solutions described here, please visit: http://www.airmagnet.com or call Fluke Networks at 1-800-283-5853.

14

Less Worry, More Intelligence from the Wireless Pioneer

Making Wi-Fi Easy
Is Your Enterprise Ready?

By Taqi Mohiuddin Senior Manager Product Marketing Motorola Solutions

All Wi-Fi products are not made equal, even though they may seem similar at first glance. Having designed and built wireless products for over 75 years, weve not only learned a few things but have put that knowledge back into improving our customers experiences by building robust products that they can rely on. This has allowed us to build wireless network solutions that can grow and change with your needs. Our solution addresses the key challenges IT departments face as wireless becomes the primary access method in the enterprise: 1. Increase in the number of devices and traffic on the WLAN 2. Managing security for all of these devices and users 3. Building a dependable wireless network that is always on Let us show you how to meet these challenges head on and why no other vendor even comes close. Motorola Solutions makes it easy for IT departments to build, deploy, and maintain a trusted wireless network that is as reliable and high performing as their wired networks.

The Architecture Matters!

There is both a rise in the number of devices connecting to enterprise WLANs and in the number of wireless business applications using data, voice, and video. In December 2010, Motorola Solutions conducted a survey of IT professionals working in companies with more than 1000 employees and learned that WLANs are used as the main access network in 45% of those organizations. As wireless use becomes ubiquitous, WLANs feel the strain. Is your organization prepared to handle the flood of traffic that is coming? The transition to 802.11n definitely helps in providing greater access speeds to users, but how your WLAN is architected makes the difference between providing your users the great quality of experience that they have come to expect and having frustrated users who experience jitter in their voice and video applications. Traditional deployments with controllers are based on hub and spoke architectures (see right). In these architectures, less expensive thin access points (APs) forward all traffic to the controller, which acts as the central point of management and where all the network and security policies are defined and enforced.

15

2011 Wi-Fi Challenge

It is easy to see how high throughputs associated with 802.11n, as well as the increase in devices and applications, can create congestion and a bottleneck in the network, since all traffic must be forwarded to the controller with centralized intelligence. Not only does this negatively impact the performance of real-time applications, but scalability is severely impacted as the number of controllers increases significantly as do associated costs. Motorola specifically designed the WiNG 5 architecture to help organizations overcome these challenges and prepare for increase in WLAN traffic and evolution to 802.11n. Intelligence is distributed between the controller and the APs. Distributed intelligence allows optimized routing of data internally on the network or to the Internet without having the APs forward traffic to the controller, eliminating the controller bottleneck. Moving the controller intelligence or smarts down to the APs allows critical decisions to be made locally and for the network to be more responsive to the dynamic nature of RF environments. The controllers still provide centralized visibility and control of the RF network, but it is freed of the data processing function, allowing it to manage a significantly larger number of APs. In this architecture, because the APs are more intelligent and able to forward traffic and enforce policies, they can survive the loss of connectivity to a controller. With this architecture the system becomes highly scalable a single controller can supervise up to 8 times the number of APs compared to the traditional hub-and-spoke model. This frees up controllers to focus more on large-scale network and policy management as well as other services. Quality of service (QoS) for video and voice applications, security, mobility and site survivability are all handled at the AP, resulting in a more efficient architecture. With todays powerful chipsets, this is all done without increasing the cost of the APs, resulting in overall cost savings from fewer controllers and lower costs of maintaining the network.

Security Management
Security not only involves firewalls but also wireless intrusion protection to ensure the integrity of your WLAN. With WiNG 5 architecture, firewalling is pushed out to the edge. APs are roaming-aware and stateful, with the ability to firewall at Layer 2 and Layer 3. Security policies are also handled by the AP. Another important feature is the ability for Motorola APs to provide simultaneous client access and full-time sensing for wireless intrusion detection and prevention (WIPS) security and troubleshooting. The APs provide 24x7 sensing, detection, and mitigation of threats. Since the AP can provide access as well as sensing, overall costs of deployment, installation, and power are lower as the need for dedicated sensors is eliminated. Networks with distributed intelligence enable real-time troubleshooting and spectral analysis for greater RF visibility and reduced maintenance costs.

Site Survivability Always On Networking

One of the key benefits of WiNG 5 is site survivability the ability of APs to continue to function even when they lose communication to the controller. The APs continue to bridge traffic while still enforcing QoS and security policies, including statefully inspecting Layer 2 (locally bridged) or Layer 3 traffic. Another important effect of this distributed intelligence architecture is that it allows a number of APs to be deployed in remote locations without the need for a local controller. The APs in remote sites coordinate with each other to provide optimized routing and self-healing functionality and deliver a superior quality of experience for business-critical applications. A significant number of branch offices need less than a couple of dozen APs. This means that in most branch offices there is no need for additional controller elements.

16

2011 Wi-Fi Challenge

Motorola provides full scalability ranging from small controller-less deployments to large distributed organizations that have many branch offices (such as retail, K-12 education, and banking). With the introduction of our NX 9000 Integrated Services Controller, you can centrally control networks of up to 10,000 WLAN APs that are geographically dispersed over many branch office sites. Clusters of up to 24 WiNG 5 APs intelligently handle traffic flows, QoS and mobility without compromising security while the NX 9000 provides an efficient single point of configuration, policy enforcement, and remote troubleshooting. WiNG 5 provides multiple levels of resiliency: AP failure Wired switch failure Wireless controller failure WAN outage

Reliable Wireless Operation in Dynamic RF Environments

Motorola has integrated several functionalities under its SmartRF umbrella of RF management tools to ensure that the wireless network is resilient to interference and congestion and able to support various multimedia applications with the right quality of experience. In addition to the ability to automatically tune channel and transmit power levels in response to changing RF conditions or loss of an AP, there are other features that are pertinent to the reliable handling of latency-sensitive applications such as voice and video: Spectral Load Balancing. This ensures a well-balanced client distribution across the APs in the network. We use a comprehensive hierarchical methodology for client load balancing that takes into account bandwidth and RF utilization characteristics at the domain level. AP Load Balancing. In addition to client load balancing, Motorola offers the flexibility of AP load balancing across a geographically collocated or distributed cluster.

The Motorola WiNG 5 Advantage

The future wireless network architecture relies on distributed intelligence to meet the performance demands of the new wireless world without compromising security or QoS while at the same time providing flexibility and simplicity of deployment. The centralized hub-and-spoke architecture helped bring more cost-effective 802.11b/g solutions to organizations. But with increased network traffic creating bottlenecks at the controller and an unreliable user experience, only an architecture that provides fully distributed intelligence at the network edge can provide the full benefits of what 802.11n has to offer for the distributed enterprise. ________________

For more information about the Motorola Solutions WLAN solutions described here, please visit www.motorola.com/wing5 or call Motorola Solutions at +1.866.416.8545. 17

The Evolving Network Edge

BYOD with Security
The Evolving Network Edge

By William Glynn Senior Product Marketing Manager Enterasys

When you talk about the network edge today, youre most likely talking about wireless access. Todays workforce is highly mobile, outfitted with an ever-growing assortment of Wi-Fi-enabled devices, and has an insatiable need for continuous network access. Consequently, the market is experiencing high growth in wireless LAN deployments throughout all vertical markets, including schools, hospitals, warehouses, small and medium-sized businesses, and virtually every other location where workers or people congregate. Todays business environment requires network access to be omnipresent as well as reliable, and it must provide strong performance with seamless roaming capabilities. While wired networking is still an important component of an enterprise network in data centers and other points of aggregation, the wireless edge continues to grow and has become a dominant factor in all network rollouts and upgrades. Creating a fully integrated, easily managed, and secure WLAN with wire-like performance need not be an exorbitantly costly and time-consuming endeavor fraught with pitfalls and gotchas. Enterasys Wireless solutions dramatically lower the cost of upgrading indoor and outdoor WLANs so you realize the benefits of 802.11n while eliminating unnecessary and time-consuming switch and infrastructure replacement costs. Enterasys solutions deliver these benefits, in part, with the following: Specialized mounting hardware that leverages existing brackets to streamline installation Automated AP discovery, configuration, and optimization to reduce installation and start-up time Full support for 3x3 MIMO operation with .af power, which eliminates the need to re-cable the POE infrastructure

Building a Unified Access Layer

Leading IT organizations now demand mobile, transparent, and always-on wired-to-wireless edge services. This new unified access layer requires two components. The first is intelligent access components that distribute access control and business service resiliency across the entire infrastructure. Second, these distributed access components must be manageable from a single management console to ensure consistency and minimal management overhead.

18

2011 Wi-Fi Challenge

Enterasys unified access layer portfolio delivers both the distributed access components and centralized visibility and management needed to maximize network performance and reduce risks. These solutions provide scalability and resiliency with minimal dependence on a central management plane.

Balancing Distributed and Centralized Functions

The common thread that binds Enterasys unified access portfolio is Enterasys exclusive automated role-based architecture. Uniquely, Enterasys enables multi-user authentication, authorization, access control, and traffic flow optimization, ensuring transparent access to business services and unparalleled mobility. This automated role-based provisioning system lowers OPEX costs and ensures consistent access to business services whether users are plugged into the wall or are untethered and moving freely across the campus. Network management is complicated by the fact that most enterprise networks typically comprise both wired and wireless LANs, which is why Enterasys has taken a leadership role in integrating wired and wireless LAN management (see figure). The two network infrastructures can be managed and secured as a single entity to significantly simplify network management and deliver ongoing operational cost savings. A hallmark feature of Enterasys solutions is the ability to eliminate the inefficient and time-consuming task of manual, switch-byswitch or controller-by-controller network configuration changes. The benefits are not only efficiency but also error reduction, since manual operations for network configuration changes (e.g., setting up individual telnet sessions to each switch and performing access control list changes and re-ordering) are eliminated. The Enterasys Wireless Management Suite provides a powerful centralized management platform for the Enterasys Wireless portfolio. As an integrated component of the Enterasys Network Management Suite (NMS), Wireless Manager consolidates configurations across the entire WLAN to provide global management capabilities. Integrated security across the wired/wireless network enables quick diagnosis and resolution of threats, and real-time, at-a-glance location capabilities detect rogue users and shut down hot spots by exact location, addressing a critical enterprise challenge. One of the biggest strengths of the Enterasys Wireless products is their deployment flexibility. Enterasys provides complete flexibility over the location of the controller as well as how the WLAN is managed, which reduces costs, simplifies management, and removes the barriers to deploying a wireless edge. Customer deployment options include: A typical on-premise wireless deployment where controllers are collocated in proximity to the access points and self-managed by the customer A private cloud model where the controller is centralized in the customers data center and selfmanaged by the customer A managed services model where the controller is centralized in the customers data center and remotely managed by a managed service provider

19

2011 Wi-Fi Challenge

A public cloud/managed services model where the customers controller is located in a providers data center as part of a hosted service, which is then combined with a managed service where a managed service provider remotely manages the controller The mobile workforce has also had a dramatic impact on the portable device market and has given rise to the consumerization of IT. The explosion of smartphones and WiFi-enabled devices has led to the popularity of Bring Your Own Device (BYOD) programs, because they enable employees to work from the device of their choice, increasing employee satisfaction and productivity while decreasing corporate IT CAPEX costs. However, BYOD programs can increase IT workload and pose security challenges. Enterasys Wireless solutions can help you manage BYOD programs while dramatically reducing your time, cost, and effort.

Security from the Inside Out

Enterasys has always secured networks from the inside out by securing both the wired and wireless access layer together as a single infrastructure. Security concerns dont stop after a user or a device is granted access to the network; a secure network must provide continuous monitoring of the wired and wireless infrastructure as well as automatically deal with threats in real time as they arise. Utilizing an authentication system, network access control (NAC) products, as well as an integrated centralized management and monitoring system, the Enterasys solution offers complete ability to automatically enable threat containment and threat mitigation regardless of where or how the user or the device is accessing the network. As an example, a personal iPad might be allowed onto the network to gain Internet access but be restricted from communicating with any of the key corporate infrastructure components. Security is enhanced via the Enterasys role-based policy control, which is integral to the wired and wireless switching infrastructure. Policies are created once on the centralized Enterasys NMS and then propagated to the edge of the network and enforced right at the point of ingress on the wired switch or the wireless access point. Once the policies are created, which includes both security and quality of service attributes based upon user and device type, the entire system is completely automated and enables the IT administrator to guarantee a consistent, secure network experience across the entire network infrastructure.

The Multidimensional Approach

Todays unified access layer of wired and wireless services requires a multidimensional approach to deliver the service-level and security protection demanded by enterprises and educational organizations. Enterasys offers a full complement of integrated networking solutions ensuring the highest level of resiliency and availability to business services without sacrificing security and performance. The entire network can be managed via an integrated wired/wireless management solution that runs as a virtualized management application with mobile access to provide anytime, anywhere visibility and control. Enterasys provides great flexibility for supporting wireless in the cloud by embedding intelligence into its access points, which enables the wireless LAN controller to reside anywhere in either a private or public cloud where it can be self-managed or managed by a third-party wireless services provider. The role-based policy management system is integral to the entire wired and wireless network, providing a secure network starting right at the point of ingress. By automatically detecting and authenticating devices, Enterasys supports all types of network devices and fully enables a BYOD program while maintaining network security. Since the AP and the controller are covered by a lifetime warranty, an Enterasys WLAN solution also minimizes total ownership costs.

_____________
For more information about the Enterasys solutions described here, please visit www.enterasys.com or call Enterasys at 978-495-6824.

20

Aruba MOVE
Unified Access Network Architecture for Mobility
The New Access Network

By zer Dondurmacolu Product Marketing Manager Aruba Networks Inc.

The LAN as we know it no longer exists. The notion of networks being wired or wireless has become irrelevant. Today, its about mobility and providing secure access to network resources wherever your workforce happens to be. The Aruba Mobile Virtual Enterprise (MOVE) architecture unifies wired and wireless into one cohesive network access solution. With Aruba MOVE, access privileges are linked to a users identity, the device they are using, where they are and which applications they need to access. Aruba MOVE integrates a mobility services network, security and management into one unified system thats controlled from either a private or public cloud. These mobility services are uniform across all thin access onramps, Aruba 802.11n wireless access points, Mobility Access Switches and VPN software, which collectively deliver the following: Access network cost reduction of up to 70% Faster campus additions, moves and changes Simpler access from remote locations Stronger network, user and data security Lower end-user support costs and higher user satisfaction

Context-Awareness for Smartphone, Tablet Explosion

Conceived when access was confined to corporate campuses, legacy access networks are designed to protect physical assets within the walls of the enterprise. This approach made sense when the same person connected to the same port and used the same client device to access the same applications every day. That work model is increasingly irrelevant for todays highly mobile and virtualized workforce. Aruba MOVE represents a fundamental shift from more than 20 years of port-centric network architectures. It places network services at the edge of the network, where a users mobile device first encounters enterprise applications. Context-aware networking, enabled by Aruba MOVE, makes it easier for IT to accommodate the ever-increasing density of smartphones and tablets. With Aruba MOVE, mobility services are centralized, eliminating the need to keep up with a long list of wiring closets, firewalls, NAC solutions, management systems and reporting tools that operate in separate domains. Functions of Aruba MOVE mobility services include the following: Centralized Management: Powered by ArubaOS, Aruba Mobility Controllers virtualize configuration and automate software updates for thin access on-ramps. End-to-End Security: Aruba Mobility Controllers integrate context-aware access control, ICSA-certified IPv4/v6 stateful firewall security, FIPS 140-2 certified centralized encryption, VPN termination and advanced wireless IPS. Aruba Context Security Service (CSS) leverages data centers around the world to enable web content security. CSS is automatically updated with new software features and additional security signatures. Authorization: Aruba Amigopod enables self-registration of both employee- and guest-owned mobile devices for automatic device enrollment, centralized EAP-TLS certificate installation and Wi-Fi profile configuration without requiring any touch from IT.

21

2011 Wi-Fi Challenge

Visibility: Aruba AirWave enables reporting on a per-user and per-mobile-device basis and tracks users and devices as they are connected to outdoor mesh, indoor WLAN, branch office network, small office WLAN, to the wired LAN infrastructure or using remote VPN. Operations: Aruba AirWave provides real-time, time-sensitive alerts and historical reporting for up to 550 days. AirWave also enables management of multi-vendor networks that may include a mix of technologies. It integrates wireless security, location tracking and compliance reporting (e.g., PCI), and does not require separate appliances or sensors. With Aruba MOVE, mobility services are delivered across a wide range of thin access on-ramps enabling the following: High Performance Indoor Wi-Fi. Aruba 802.11n APs support distributed and centralized traffic forwarding modes, provide noise-aware RF management, integrate always-on wireless security and enable visibility to noise sources with integrated spectrum analysis. They also guarantee fair allocation of bandwidth among high density of mobile devices with Adaptive Radio Management (ARM) technology and deliver speeds up to 900Mbps per AP. Remote APs support zero-touch provisioning for remote locations and support wired and wireless connectivity, traffic forwarding based on policy, context-aware security, and backup links over cellular networks. Wired Security. Aruba Mobility Access Switches integrate stateful firewall, wired authentication and MACSec encryption, enabling context-aware networking for wired access in campus, regional and branch offices. With zero-touch deployment capability similar to that found in Figure 4: Aruba MOVE Architecture Aruba APs, they significantly reduce deployment costs. Remote Access. Aruba Remote APs (RAPs) the Users Instead of the Network Manage support zero-touch provisioning and support wired and wireless connectivity, traffic forwarding based on policy, context-aware security and backup links over cellular Aruba MOVE a networks. Aruba Virtual Intranet Access (VIA) agent focusing onrepresentsdevices the cor e offrom the 20+ yearsitof port-centric network ar at the edge of the enables IPSec fundamental shiftbackup) VPN connections for chitectures. Instead (with SSL network access places network services of physical mobile devices. End users can download VIA fromnetwork, where a users mobile device rstby usingenterprise applications. Aruba Mobility Controllers encounters corporate credentials, a zero-touch transaction for IT. In a world where users are always on the move and utilizing more than one mobile security, RF management and other major WLAN Instant Wi-Fi. Aruba Instant APs share roaming, device, it makes perfect sense to manage and secure network Network Rightsizing with Mobility access based functions among access points without relying on a mobilityon who you are, rather than where you are or the device controller controller. Due to its unique virtual By rightsizing its network with the you are using. Aruba mobility technology, failure of an Instant AP can be easily mitigated. As WLAN scale and management requirements solution, KPMG This user-centric approach enables stronger security and simplies reduced its wired infrastructure expand, Aruba Instant can be re-imaged as an 802.11n campus AP wired, wireless, remote and outdoor advanced controllerand associated with an user administration across costs by 50% realizing $2 million based WLAN. networks. As pointed out previously, it also eliminates the need for in build-out savings VLANs AirMesh solution combines a unique multi-radio, multi- and an esti High Performance Outdoor Wi-Fi. The Arubabecause network services are centralized. Additionally, granular mated $760,000 reduction in annual user, device and application visibility enables QoS and accelerates frequency architecture and adaptive Layer 3 routing to bring use of high-performance applications (e.g., HD troubleshooting across the network. operating expenses. video) to outdoor environments. It is designed to scale while maintaining throughput across multiple hops in a wireless mesh network. Rightsize, Don t Supersize

Aruba MOVE Solutions

At a time when network trafc is incr easing faster than budgets, Aruba MOVE leverages mobility to rightsize the network. This is achieved by eliminating equipment fr om data centers and wiring closets, ther eby reducing capital and operational expenses.

Aruba MOVE network services consolidate the functions of multiple independent management Aruba MOVE enables IT organizations to roll out new mobility applications and services to end users rapidly, tools, conguration servers, location servers, NAC systems, VPNs, spectrum analyzers, and wir eless intrusion without compromising network security or increasing access network networks, this complex maze of functions r equire separate devices to install, detection systems. In legacy deployment and maintenance costs. manage, maintain and troubleshoot.

Network Rightsizing. At a time when network traffic is increasing faster than IT budgets, Aruba MOVE leverages Mobile Virtual Enterprise Aruba network mobility to help organizations rightsize their accessNetworks investments. This is achieved by eliminating equipment from data centers and wiring closets, thereby reducing capital and operational expenses.

22

2011 Wi-Fi Challenge

Aruba MOVE makes it easier to rightsize over-built wired networks by replacing infrequently used Ethernet ports with Wi-Fi access. Ideal for refresh projects and new network deployments, wiring closet rightsizing can save companies millions of dollars in one-time and ongoing expenses. Aruba MOVE combines six different management interfaces into one, with a common policy framework for the entire access network. Aruba MOVE automates common tasks, due to its selfinstalling and self-configuring thin access on-ramps. This zerotouch approach eliminates hundreds of hours of manual work. Bring Your Own Device. The Aruba Mobile Device Access Control (MDAC) solution enables secure provisioning and management of smartphones and tablets, also known as the Bring-Your-Own-Device (BYOD) phenomenon. Designed for use with or without Mobile Device Management (MDM) solutions that focus solely on device configuration, Aruba MDAC enforces device and network-use policies and controls network usage by blocking mobile devices that do not meet company policy (e.g., Blackberry vs. Android). It also controls application usage by whitelisting or blacklisting network services (e.g., smartphones are restricted to email and Internet), and controls bandwidth usage by rate limiting network access by device type. Aruba MDAC automates mobile provisioning by redirecting employee smartphones and tablets to self-registration portals and network configuration downloads, and increases device visibility for monitoring and troubleshooting with device-specific data, statistics and usage reports. Broadcast Video over Wi-Fi. Arubas Multimedia-grade WiFi gives users a broadcast-quality experience using several video optimization techniques to deliver jitter-free, multichannel video over Wi-Fi to mobile devices. Aruba Application Fingerprinting technology guarantees the delivery of cinema-grade video in mixed-use environments by identifying video traffic and then reserving bandwidth and prioritizing video over other, less latency-sensitive applications. Dynamic Multicast Optimization technology capabilities improve network efficiency and maximize available capacity. They do this by considering real-time network usage and video subscription characteristics to automatically select multicast or unicast for transmitting video over the air to a client. Aruba MOVE is designed to enable mobility across the entire access network infrastructure. By deploying networks based on MOVE, IT organizations can realize up to a 70% reduction in TCO compared to legacy, fixed network approaches from other vendors. Aruba MOVE provides concurrent visibility into the identity of all users, their devices and their locations on both wired and wireless networks. Context-aware access policies allow IT to control users and devices, so that employees can switch effortlessly among desktops, laptops, tablets, smartphones and other mobile devices. By taking advantage of centrally managed services, Aruba MOVE dramatically simplifies the process of providing network access to remote locations. It eliminates traditional tasks that IT departments must perform to complete additions, moves and changes. The Aruba MOVE architecture transforms IT organizations from a culture of no to a culture of yes. It does so by unifying disparate wired and wireless infrastructures into one seamless network access solution for corporate headquarters, branch offices, traveling business professionals, remote workers and guests. ___________________

For more information about Aruba Networks solutions described here, please visit: http://www.arubanetworks.com/the-lan-is-dead/ or call Wilson Craig at (408) 227-4500. 23