View
223
Download
2
Tags:
Embed Size (px)
Citation preview
RM Managed Wireless
Brian AndrewsSenior Product Manager
Wireless within Education
• Computers and Internet used daily– Curriculum– Administration
• Ubiquitous network access– Throughout the school– Across the LA area
• Growing number of wireless clients– Staff phone within the classroom– Student portable devices
• Increased demand on security– Student network safety– School resources
Schools WLAN Requirements
• Low deployment and operations costs– Minimal IT and RF expertise required– Simple to deploy indoors or outdoors– Simplified district-wide management
• Secure access and user segregation– Satisfy regulatory requirements– Separate students, teachers, admin, guests
• Extended operational life-span– Must last 5+ years, and handle traffic growth– Immune to evolving standards and higher data rates– Ability to support new applications over time
• Voice, Streaming video, Surveillance, Location
WLANs enable New Services
• New teaching methods– Distance learning, Podcasts, Blogs– Teach anywhere, even outside– Not dependent on lab availability
• Improved teacher productivity– Attendance, Grading– Curriculum development– Professional development– Internal communication
• Improved security and safety– Wireless voice services– Video surveillance over IP– Location tracking
RM Managed Wireless Goals
• Reliable– Fundamental part of the
School infrastructure– Eliminate downtime and
disruption to learning
• Safe and secure– Secure network access – Identify and correct rogue
activity
• Flexible management– Zero maintenance for small
schools– Monitored and controlled
centrally for LA wide deployment
• High performance– Deliver educational benefits
to students and staff– Available throughout the
school whenever required
• Commercially viable for Education
– Low Operational Cost– Investment protection
• Allow for future growth– Easy, flexible and secure
Guest access– Advanced location tracking of
individuals and equipment
RM Managed Wireless Solution
Controllers
Management
Security
Location
Access Points
Controller Scalability
32-192 Access Points16 FastEthernet (10/100) PoE2 x 1 GB SFP
12 Access Points8 FastEthernet (10/100) (2 PoE)
4 Access Points2 FastEthernet (10/100) (1 PoE)
Library/Primary
Secondary/Academy/College
LA Data Center
Cost
/ C
ap
acit
y
512 Access Points2 x 10GB XFP8 x 1GB SFP, RJ45
32-192 Access Points2 x 1 GB SFP
RM Managed Wireless Goals
Reliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
Reliability
• Standard reliability measures
– Low MTBF
• AP Controller ‘virtualization’
– LA based controller for resiliency
• Single point of management
– Large geographic area monitored and controlled
• Multiple load-balancing levels
– Users– APs– Controllers
• No single point of failure
• In-service upgrade– Minimise disruption
N : 1 Failover
• Management– Load-shared AAA server groups– Local and/or remote AAA– Distributed MX database– RingMaster redundancy
• Controllers– Dual hot-swap power– Load balanced uplinks – N:1 Controller failover
• Access Points– RF auto-tuning– Radio load balancing– Dual homed uplinks
Device ResiliencyRingMaster
AAA
RingMaster
RM Managed Wireless Goals
Reliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
ReliabilityReliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
High Performance
• Key issues– Optimum voice support– QoS preservation– ‘Local’ access to data– Scale to 802.11n throughputs– Band-steering capability
Local Switching Capability
Distributed Switching• Most direct path– Optimal data flow– Extremely low latency
• Optimized for Voice Over IP– High quality calls– Eliminates dropped calls
Local switching eases scalability
Handles 802.11n without upgrade
.11n .11n
Offered load increases by up to 10x
.11n
• Traffic forwarding– Handled by the AP
• 802.11n– No impact on controller– Scales without upgrade
Balancing Resources• Most Wi-Fi devices default to 2.4Ghz (better range)
– Increases contention for spectrum, while 5Ghz virtually unused
• WLAN improved by steering 5Ghz-capable clients to 802.11a/n– Provides 30-40% better bandwidth utilisation with no cost
802.11b/g 802.11a
Dynamic Load Balancing• Clients tend to collect on same AP
– But often the client is in range of other APs that are idle
• APs collaborate to balance client load more evenly– Takes account of global load-balancing policies
RM Managed Wireless Goals
ReliabilityReliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & Secure
Manageable
Cost Effective
Growth
Safety and Security
• Key Issues– Secure session mobility– System-wide fast handoffs between APs– Standards compliant– Identity-based networking– Built-in Firewall and Intrusion Detection System– Endpoint Integrity integration– Safe and scaleable guest access– Location-aware access control– Dynamic authorisations
AAA
Secure, Identity-Based Roaming• User credentials define access
and network resource privileges
• Different groups with different privileges share infrastructure
• Privileges and services follow users as they roam
• Overlay on Layer 2/3 network– No VLAN / Subnet changes
Central Policies
User roams1
Credentials& servicesfollow user
2
StrongEncrypti
on
Security
AAAServers Rogue AP
Trusted Client
XX
Authentication
•802.1X, EAP-TLS, PEAP, TTLS, MAC, Web
•802.11i, WPA2, WPA, AES, CCMP
Endpoint Integrity •Trusted Network Connect (Trusted Computing Group)
•Microsoft Network Access Protection (NAP)
•Network Admission Control (NAC)
Intrusion Protection
• Core WIDS/WIPS
• Scan, detect, locate, disable Rogues
• Location aware access control
802.1X Authenticati
on
RingMaster
Intrusion Detection & Protection
Application Firewall
•Per user, per station, per group policy enforcement
•Application-aware QoS scheduling
•Time and location based access control
Guests
Location Tracker
Rogue User
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
Manageable
Cost Effective
Growth
Network Management• Planning and Deployment
– Predictive planning tool– Creates network plan
• Configuration and Verification– Complete offline configuration– System and service wizards– Pushes configuration to MXs
• Monitoring and Reporting– By user, radio, AP, Controller, VLAN– Present location, roaming history– 30 day history– WIDS/WIPS integration
• Advanced Location tracking
LA Central Management
• Plan entire buildings
• Supports CAD files with pre-configured layers
• 3 dimensional model takes account of other floors
• Auto computes attenuation based on building properties
• Auto generated wireless coverage map and work order
• Predictive planning
LA Central Management
• Easy two-click configuration
• Powerful wizards – Voice, security, switch configuration
• Cluster-based configuration management
• Network wide change management
• All possible as in-service upgrades
• Predictive planning
• Network-wide Deployment
LA Central Management
• Dashboard view
• Network wide fault correlation and location
• Drill down to details
• 1 hour to 30 day reporting
• End user custom reports
• Predictive planning
• Network-wide Deployment
• Comprehensive Monitoring
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
ManageableManageable
Cost Effective
Growth
Easy Network Deployment
Wireless Network
• Non-disruptive overlay– Same security model– Same L2 / L3 topology– Same VLANs / Subnets– Zero changes required
• Industry standard security– Same directory / AAA– Active Directory, LDAP – All major RADIUS servers– 802.1X authentication– WPA, WPA2 certified– AES CCMP encryption
• Flexible Deployment Models
Wired Network
Same Solution Indoor/Outdoor
Indoor/Outdoor WLAN• Self-optimizing and load balancing
• Distributed policy enforcement
• Single management platform
• Seamless indoor/outdoor roaming
• Best performance
• Lowe operating costs
Common Feature Set
Indoor / Outdoor
Flexible Deployment Options• Cost effective controllers for small schools
– Primary, Library– Failover to LA based controllers
• Controller-less schools option– LA managed controller
– Local switching model
• Remote management– Value-add from the LA– Eliminates burden from school
Maximise Investment
• Load balancing uses WLAN resources better
• Capable of best in class voice services
• Scales easily to 802.11n with no controller upgrades
• Easiest to manage school district from one point
• Fully standards compliant from RF to Voice
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
ManageableManageable
Cost Effective
Growth
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
ManageableManageable
Cost EffectiveCost Effective
Growth
Managed Wireless Architecture
Thin AP Architecture
Security Management
Reliability Performance
Fat AP Architecture
Security Management
Reliability Performance
Central & Distributed
Security Management
Reliability Performance
CENTRALIZED
DISTRIBUTED
Location Tracking
• Find assets and staff quickly– Laptops, PDAs, Phones, Tags, Wi-Fi enabled devices
Modular Guest Access
Are you who you claim to be?
MAC Address, User ID, Password, Keys
Authentication End Point Integrity
Can your device be trusted?
Virus definitions, Firewall, Encryption
Are you who you claim to
be?
Can your device be trusted?
What access have you been granted?
Time-of-day, Location, Bandwidth, Apps
Access ControlAdvanced
Conventional
RM Managed Wireless Goals
ReliabilityReliability
PerformancePerformance
Safe & SecureSafe & Secure
ManageableManageable
Cost EffectiveCost Effective
Growth
RM Managed Wireless Goals
Reliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless
Questions?