We think you have liked this presentation. If you wish to download it, please recommend it to your friends in any social system. Share buttons are a little bit lower. Thank you!
Presentation is loading. Please wait.
Published byMary Oyler
Modified about 1 year ago
© 2011 Aerohive Networks CONFIDENTIAL Troy Roberts 2012 THE NEW WI-FI PARADIGM – PREPARING YOUR NETWORK FOR THE MOBILE DEVICE AND APPLICATION EXPLOSION
© 2011 Aerohive Networks CONFIDENTIAL Agenda 2 Addressing the new Wi-Fi paradigm »Wi-Fi as the primary access layer »Wi-Fi client explosion »Consumer grade Wi-Fi devices are flooding the enterprise Architecting a Robust and Resilient WLAN »An architecture for n, ac, and beyond »Catering to consumer grade devices »Considerations for high density and high performing WLANs BYOD – Bring your own device »Access, Control, Resources »Device Fingerprinting and Policy Enforcement »Device Fingerprinting and contextual awareness The Complete Package »Bonjour Challenges – Airprint and Airplay »Security and Threat Assesment »The remote experience
© 2011 Aerohive Networks CONFIDENTIAL Wi-Fi Client Explosion 3 Wi-Fi primary access layer requirements 3x device explosion management burden BYOD and Corp iPad deployments Issues with low powered Wi-Fi devices
© 2011 Aerohive Networks CONFIDENTIAL The new Wi-Fi paradigm Wi-Fi as the primary access layer Majority of network devices will not have an Ethernet port › Faster clients, more demanding applications require faster, more deterministic, reliable, and affordable Wi-Fi infrastructure Wi-Fi client explosion 3-4x increase in number of devices As IT staff are typically not RF experts and Wi-Fi can be more difficult/expensive to manage › IT headcount will not increase to compensate and Wi-Fi needs to easier to use, deploy, and support Consumer Wi-Fi devices are flooding the enterprise IT has to manage employee/exec desire to BYOD Virtual Desktop Infrastructure (VDI) enables inexpensive consumer devices to run enterprise apps Consumer device Wi-Fi performance characteristics differ from enterprise devices › Wi-Fi infrastructure must compensate and harness 4
© 2011 Aerohive Networks CONFIDENTIAL The role of architecture in High Performance WI-FI 5 A New architecture »Architectural advantage to controller-less »Reliability, redundancy and fault tolerance »Infinite scalability »Purpose built for n, ac, and beyond »Catering to consumer grade devices Leveraging the cloud »Benefits of cloud-enabled approach »Addressing enterprise issues with cloud-enabled networks
© 2011 Aerohive Networks CONFIDENTIAL Introduction to Aerohive Networking pioneer with a history of innovation › Aerohive’s award-winning solutions eliminate complexity, cost, and single points of failure with: »Controller-less, distributed intelligence Wi-Fi »Public or private cloud-enabled networking »Branch office / Teleworker routing and VPN › Delivering mission critical reliability, granular security, simple management and the ability to start small and expand without limitations Branch & Teleworker Routers* Enterprise Wi-Fi Cloud Services Platform Public Partner Private (on-premise) * 2H 2011 Visionary Gartner Magic Quadrant 2011 Wireless Security 6 MQ
© 2011 Aerohive Networks CONFIDENTIAL Controller–less Wi-Fi Architecture Delivering simplicity, reliability and affordability 7 or WAN Tunnel Management Control Data Policy-based configuration Complete monitoring, debug Multi-admin, multi-entity Cloud-based, or on premise Not required for ongoing operation No bottlenecks, No single point of failure Autodiscovery & configuration Seamless secure roaming, Dynamic RF, RRM, SLA Per user QoS, security
© 2011 Aerohive Networks CONFIDENTIAL Consumer Devices Battery powered › Low power Consumer radios › Varying quality High expectations New n APs High performance › 3x3: 3 Stream - 450Mbps Custom-designed radios Custom-designed radios › High-power radios › High Rx sensitivity Better coverage, higher data rates, less errors Wi-Fi infrastructure has to compensate for consumer devices HiveAP 330 HiveAP 350 HiveAP Infrastructure that compensates for Consumer Devices
© 2011 Aerohive Networks CONFIDENTIAL Why use High Powered Radios to aid Mobility? 9 Given that FCC and CE requirements limit power output, why bother with high-power radio? While this is mostly true, high-powered radios give other benefits › A high-power radio operating at the same power as a regular-power radio will deliver a lower error rate (lower EVM) Regular Power Radio High Power Radio Lower Error Rates 10W amp outputting 10W Amplifier set to 10 = DISTORTION 100W amp outputting 10W Amplifier set to 1 = MUSIC Audio Analogy
© 2011 Aerohive Networks CONFIDENTIAL Client Health Score at a glance…understanding a client’s health. Automatic Optimazation and Remediation Automatically Remediate Client & Network Issues Move Clients › Band steer or load balance clients triggered by low client health score Airtime Boost › Boosts clients’ airtime if unable to hit performance target Visibility and Control Detail 10
© 2011 Aerohive Networks CONFIDENTIAL A Cloud Services Platform – Redefining Ease of Management HiveManager Online › Scalable multi-tenant cloud services platform »Ease of bring up – time to value »Zero touch device provisioning »Flexible expansion »Management from anywhere »Improved supportability »Reduced costs: backup, power, cooling, rack space »On demand upgrades Topology Reporting Heat Maps SLA Compliance RF Survey & Planner WAN Aerohive Cloud Services Customer 2 HQ / Campus / Hospital Customer 1 Branch 1 Customer 1 Branch 2 Partner Admin Configuration and Reporting 11
© 2011 Aerohive Networks CONFIDENTIAL BYOD – Bring your won device 12 Managing different devices with different needs »Determining my BYOD Strategy »Device Fingerprinting and contextual awareness »Access Control and applying the right policy
© 2011 Aerohive Networks CONFIDENTIAL Device Ownership and Management 13 What is the difference between these iPads? Almost Everything Company-Owned Consumer devices qualified, bought and deployed by IT (Consumerization of IT) Replace legacy devices Lower HW costs Flexible, powerful Enable new working models BYOD Enable employees to bring their device of choice Not owned or controlled by IT Wide range of devices Driven by employee satisfaction and shifting of CapEx spend Embrace MDM Agents on Devices More App Flexibility Contain Network-based MDM Secure Apps Only (e.g. VDI, Citrix)
© 2011 Aerohive Networks CONFIDENTIAL Limited Access Zone: The Third “Network” Limited Access Zone Corporate Network Managed Device Credentials Guest Network Managed Device Credentials Managed Device Credentials
© 2011 Aerohive Networks CONFIDENTIAL Policy based on Context Identity, Device, Location, Time of Day 15 RADIUS PPSKCWP L2-4 Firewall Corp user Corp user - BYOD Guest user CORP Policy Corp VLAN LAN & Web FW 10Mbps per user 24HR Access BYOD Policy Restricted VLAN & Web FW 5Mbps per user M-F 8am-9pm GUEST Policy DMZ Web Only FW 1Mbps per user M-F 9am-5pm OS Detection
© 2011 Aerohive Networks CONFIDENTIAL Device Fingerprinting and Policy Application 16 Internet Corp HR VDI Active Directory Guest Secure Guest (SSID) Access (SSID) Corp (SSID) Private PSK Corp Laptop (full access) Personal iPhone Encrypted with a unique revocable key Corporate access to only and internet Captive Web Portal User Agent Safari iOS4, iPhone 4 Secure Guest Access Guest self-registration via CWP Assigned unique Private-PSK Personal Device Access CWP can also authenticate users to AD Device can be determined by various means Specific personal MIDs policy can be applied Does not require certificates leverages PPSK Can be set to work with only one device Corp Device Access Self-registration with AD or Preconfigured 802.1X or Assigned unique Private-PSK Device can be determined by various means Policy applied based on role or identity limiting access and applying QoS › VDI protocols can be prioritized Corp iPad (business APPs only) Private PSK Or 802.1X SaaS Corporate access to business APPs only
© 2011 Aerohive Networks CONFIDENTIAL Solution Scenarios: Network & Profile-Based MDM Solutions 17 www Corp Contain (BYOD) Access Isolate Network-based MDM Enrollment - CWP, PPSK - AD integration Access Control - Device/OS Type - Domain Membership Policy Enforcement - QoS, Security - Apps (e.g., VDI only) Profile-based MDM Device Management App/SW Installs & Updates Policy Enforcement and Compliance eBook distribution www Corp Embrace (Corporate-Deployed) MDM Quarantine Enroll Force MDM profile install
© 2011 Aerohive Networks CONFIDENTIAL THE COMPLETE PACKAGE 18 Apple Devices »Managing Bonjour Extending The Enterprise »Mobile Hotspots »Teleworker »Small Branch office Security and Threat Assessment »Rogue Detection »Mitigation Bringing it all together
© 2011 Aerohive Networks CONFIDENTIAL Bonjour Gateway – Aerohive & Non Aerohive Networks 19 Router / L3 Switch iPad can AirPrint or AirPlay Server: (file sharing etc) Printer (AirPrint) AppleTV (AirPlay) SSID “Subnet #1” SSID “Subnet #2” iPad can print and project via AirPrint & AirPlay Bonjour GW Feature ON “with filters” Optionally attach to both subnets for non Aerohive Multi-Vendor – Works in both Aerohive and Non-Aerohive networks Plug and Play – No requirement for VLAN and Multicast gymnastics Flexible – Supports bi-directional service advertisements Efficient – No tunneling, only sends changes in service, with option to filter Secure and Scalable – Preserves enterprise security & data forwarding methodology Available for beta Q2; shipping mid year Share Services List
© 2011 Aerohive Networks CONFIDENTIAL Work Is something you do, not somewhere you go ! 20
© 2011 Aerohive Networks CONFIDENTIAL Internet Consistent Policy, Security, and Permissions 21 Home Home Printer Work Laptop Personal Corporate Personal iPhone Work Laptop Guest Branch Corp VoIP Phone Work Laptop Personal iPhone Guest Laptop
© 2011 Aerohive Networks CONFIDENTIAL Aerohive Branch on Demand™ 22
© 2011 Aerohive Networks CONFIDENTIAL Internet HiveManager Online HQ WAN/VPN Gateway Cloud VPN Gateway (VPN Concentration) Cloud Service Platform Deployment Scenarios - Teleworker 23 Corporate Access via VPN & Internet via Cloud Security Home Network - Internet Access Only 3G/4G Primary/Backup Corporate Access Guest Access Deployment Scenarios – Small Branch
© 2011 Aerohive Networks CONFIDENTIAL The Complete Mobility Solution 24 Branch Office / Teleworker Solution VPN Mobile Applications VPN Retail / Point of Sale VPN Guest Access / BYOD / Fingerprinting Access control and Policy Indoor / Outdoor / Mesh Stadiums / Theatres / Lecture Hall High Density Solutions I Security / WIPS / Location Tracking I-device, AppleTV, Projector, Printer Bonjour Gateway Cloud Services Platform (Management) 3G / 4G
© 2011 Aerohive Networks CONFIDENTIAL Reducing Capex and Opex costs 25 Less Infrastructure Cost › Wi-Fi access reduces cabling »Integrated Mesh, RADIUS, AD integration and QoS also reduces costs › Controller-less architecture + Cloud »Reduced H/W, sparing & energy costs › Cloud Mgmt moves Capex to Opex Start Small & Expand › Cloud Wi-Fi Mgmt per AP service › No over provisioning › No feature licenses › Linear cost growth curve – add APs Easy to Use Management › Easy to use, cloud-enabled, policy-based mgmt simplifies deployments › Vertical specific apps »StudentManager/TeacherView Aerohive Cisco Cost Comparisons
© 2011 Aerohive Networks CONFIDENTIAL THANK YOU! 26
© 2011 Aerohive Networks CONFIDENTIAL Use of Discreet Components: Better Quality Signal, Less APs, Balanced Links Using discrete radio components High-powered radios are discrete components, affording the opportunity to improve receive sensitivity by also using better receive components (e.g. Low- Noise Amp (LNA)) Superior receive sensitivity can improve upstream performance, especially of low-power consumer devices, balancing the AP/client link AP Tx AP Rx AP Tx AP Rx Marginal Performance AP Tx AP Rx Increase AP Density/Reduce Power AP Tx AP Rx Increase AP Receive Sensitivity 27
© 2011 Aerohive Networks CONFIDENTIAL The Value of Sensitivity The extra 5 dB sensitivity beyond a standard AP can even out coverage for various client types Better 5Ghz coverage enables 2.4GHz to be preserved for single band devices 20 dB 2.4 GHz dB dB 10 – 15 dB HiveAP 320 HiveAP dB 5 GHz 2.4 GHz 28
© 2011 Aerohive Networks CONFIDENTIAL Enhanced Visibility and Control 29
© 2011 Aerohive Networks CONFIDENTIAL How Aerohive automates client self healing Move Clients › Encourage clients to move to different radio (band steer) or a different AP (load balance) › Triggered by low client health score Enhanced Airtime Boost › Boosts clients’ airtime if unable to hit performance target › Enhancement – only does this for healthy clients based on Client Health Score 30
© 2011 Aerohive Networks CONFIDENTIAL Rogue Mitigation and WIPS 31 Rogue Detection › Supports a/b/g & n › Detect Both Rogue & AdHocPC’s › Detect “On-Network” Rogue › Confirm compliant BSSID, SSID, WMM › Generate Reports on rogue activity Rogue Mitigation › Mitigate rogue APs and clients connected to Rogue APs IP & MAC DoS Detection › Detect RF Management Layer Attacks (i.e Probes & association floods etc.) › Detect Wireless Authentication attacks › Detect IP Dos (i.e Port scan, flood & TCP syn Check ect) › Mitigate attacks at the RF layer and “BAN” client for determined period of time HiveAP’s periodically scan all channels.. (HiveAP’s coordinate scan & do not impact VoIP or data app’s) os/Patches/PP116.jpg “On-Network” Rogue Trusted Client Launching IP DoS attack
© 2011 Aerohive Networks CONFIDENTIAL Time 2 Fast Clients 1 Slow Client, 1 Fast Client With Contention, Fast Clients Wait for Airtime and Perform Like the Slowest Client Principles of Dynamic Airtime Scheduling 32 Time 2 Fast Clients 1 Slow Client, 1 Fast Client Dynamic Airtime Scheduling Allows Fast Clients to Transmit more Packets, Finish Quickly and Free Up the Air for the Slow Clients Throughput Fast Client Slow Client Speed of the network is subject to the slowest client Throughput Fast Client Slow Client Faster clients dramatically improve their performance without impacting slower clients 10x faster
© 2011 Aerohive Networks CONFIDENTIAL Feedback Dynamic Airtime Scheduling How it works Measures actual airtime for each packet - faster clients consume less airtime Measures retries as well If the clients have equal weight, they get equal access to airtime – faster clients get to send more often Additional weight can applied by User Policy 33 Fast n Client (135Mbps) g Client (48 Mbps) Distant or Legacy Client (5.5 Mbps) 90 s 253 s 2208 s 650 s RF Medium HiveOS Microsecond Air Interface Distributed control plane puts control and data intelligence in the same place as the radio –Enables near instantaneous reaction to client behavior Requires intelligence in the AP not milliseconds away
© 2011 Aerohive Networks CONFIDENTIAL Dynamic Airtime Scheduling How it works 34 Client A (135Mbps) Client B (48 Mbps) Client C (5.5 Mbps) Time Client A Web Server Client B Client C Equal Airtime Allocation Aerohive QoS Engine Scheduler Schedules traffic (based on airtime allocation & airtime consumed) into the Wireless Multi-Media hardware queues Client C has used up its share of airtime Client B has used up its share of airtime Faster clients are able to send more often achieving higher throughput 6 Frames 3 Frames 2 Frames
© 2011 Aerohive Networks CONFIDENTIAL Goodput Kbps Time (s) Veriwave WiMix TCP Downlink Test Mixed a & n – 20,000 Frames ~ 100 Seconds 6 x.11a/n clients - Without Dynamic Airtime Scheduling With Dynamic Airtime Scheduling - 10sec ~ 10x performance improvement - 15sec ~ 6x performance improvement - 30sec ~ 3x performance improvement - 35sec ~ 2.5x improvement - 65sec ~ 1.5x improvement Goodput Kbps Time (s) Upstream IxChariot
© 2011 Aerohive Networks CONFIDENTIAL Wireless Mesh Network Access Switches Distribution Switches Wired Network Wired Uplink Wireless Uplink HiveAPs Wireless Client 36 Scalable Wireless Mesh Inherent wireless mesh eases the deployment of wireless APs in hard to wire locations Automatic Dynamic Routing makes mesh easy to deploy and resilient Automatic loop prevention allows more than one portal to be active at once Voice Ready - Low latency, QoS enabled Mesh 36
© 2012 Aerohive Networks CONFIDENTIAL Redefining Enterprise Access AEROHIVE BYOD OVERVIEW.
Branch Repeater 5.6, 5.7 & VPX Technical Presentation.
Michael Leworthy Senior Product Manager Windows Server & Management.
Call Recording Made Easy Presented by Barbara Courneya National Director of Contact Center Technology Avaya Certified Contact Center Expert ,
Trends in Endpoint Security by Richard Lau Trends in Endpoint Security by Richard Lau 29 September 2005.
1 © 2007 Avaya Inc. All rights reserved. Understanding SIPs Role in Intelligent Communications Tom Doria Director – Avaya P2P Technical Business Development.
Copyright© 2004 Avaya Inc. All rights reserved Responsive Communications for the Mobile Worker Making Wireless as Good as Wired Micky Tsui, Vice President.
Copyright 2011 John Wiley & Sons, Inc6 - 1 Business Data Communications and Networking 11th Edition Jerry Fitzgerald and Alan Dennis John Wiley & Sons,
UNIT I FUNDAMENTAL OF E-COMMERCE 1.1INTRODUCTION TO E-COMMERCE 1.2 DRIVING FORCES OF E-COMMERCE 1.3 BENEFITS AND LIMITATIONS OF E-COMMERCE 1.4 DATA MINING.
Field TDM Deck Optimize and Secure Your Core Infrastructure for Midsize Businesses.
1 MOTOROLA and the Stylized M Logo are registered in the US Patent & Trademark Office. All other product or service names are the property of their respective.
CHTP REVIEW. HFTP Todays Session Structure Four-Hour Review Designed for Exam Review Sectioned Same as Exam Breaks when needed.
© Copyright XO Communications, LLC. All rights reserved. XO, the XO design logo, and all related marks are registered trademarks of XO.
Is Wi-Fi Ready for This?. High Performance Wi-Fi for Education: Planning, Deploying, and Managing Wi-Fi in Campus Environments © 2011 Xirrus, Inc. All.
Technical Track n – Wireless Performance for Control? Paul Brooks, Rockwell Automation Paul Didier, Cisco.
Ch 5 : Multimedia Network Standardization, QoS, Access Media Science and Technology Faculty Informatics Arini, ST, MT Com
Longhorn Academy Server Management Dave & Sebastian.
Wireless Technology. Similarities Between WLAN and LAN A wireless LAN is an 802 LAN. Transmits data using RF carriers vs. data over the wire Looks like.
© 2007 – 2010, Cisco Systems, Inc. All rights reserved. Cisco Public ROUTE v6 Chapter 1 1 Chapter 1: Routing Services CCNP ROUTE: Implementing IP Routing.
Where are we going?. 2 Some of the forces driving WLAN (re)design Migration to IPv6 Consumer devices in the enterprise Migration to the.
Whats New in vSphere 5.0? Dan Wofford Staff Systems Engineer - VMware.
Copyright © signal Solutions, Inc. Wi-Fi / WLAN Performance Management and Optimization Veli-Pekka Ketonen CTO, 7signal Solutions.
ViPNt ViPNet Product Presentation Infotecs GmbH 2008.
© Copyright Ovum. All rights reserved. Ovum is a subsidiary of Informa plc. 1 Addressing “The BYOD Gap” Richard Absalom, Analyst, Consumer Impact Technology.
Dynamic Computing & Dynamic Threats Requires Dynamic Security.
CWSP Guide to Wireless Security Operational Support and Wireless Convergence.
Copyright © Siemens Enterprise Communications GmbH & Co. KG All rights reserved. Siemens Enterprise Communications GmbH & Co. KG is a Trademark Licensee.
Wireless Systems: Where are we heading?. 2 Outline Some definitions Current situation Near Future 4G: what we really want What are the obstacles Higher.
© 2016 SlidePlayer.com Inc. All rights reserved.