1© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road
Making Airport Public Spaces More Valuable to Mobile Professionals
222© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Agenda
• Introducing Cisco Mobile Office—On the Road
• Mobility trends
• Cisco Mobile Office—On the Road program
• Wireless update
• Enabling technologies and standards
• Products
• Architecture
• Design requirements
• Implementation
• Migration
• Third-party arrangements
• Roaming
• Example deployment
• Why Cisco
333© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Introducing Cisco Mobile Office—On the Road
• Cisco Mobile Office—On the Road offers the opportunity for you to:
Build air traveler loyalty
Increase passenger satisfaction
Create new sources of revenue
Provide a platform to deploy new applications
• How?
Provide value-added services that enable secure remote access to corporate resources, travel services, and other sources of information
444© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road High-Speed Network Access for Air Travelers
• Internet and corporate VPN access
• Access from airline lounge, boarding gate, and/or airport restaurant
Need picture of air traveler here
555© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road High-Speed Network Access for the Enterprise
• Virtual private network (VPN)
• Minimize expenses
• Increase productivity
• Leverage existing network infrastructure
• Scalable
• Future-proof
• Access to hotspots
666© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Requirements for Mobile Professionals
• Secure
• Fast
• Available
• Access to business applications
• Video and voice integrated with data
• Convenient access and accounting
777© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Mobility RequirementMobility Requirement Cisco Addresses the RequirementCisco Addresses the Requirement
Secure connectionsSecure connections
Cisco Addresses the Requirements for Mobility
• VPN security• Firewall• VLANs• 802.1x• EAP/LEAP
• VPN security• Firewall• VLANs• 802.1x• EAP/LEAP
Fast, instant access to Internet/intranetFast, instant access to Internet/intranet
• Standards-based, reliable broadband infrastructure
• Standards-based, reliable broadband infrastructure
Available any time, anywhere, to any deviceAvailable any time, anywhere, to any device
• Wired and wireless access solutions• Wired and wireless access solutions
Easy access to data, voice, and video applicationsEasy access to data, voice, and video applications
Consistent user experience Consistent user experience • Virtual networking• IP domain management• Mobile IP
• Virtual networking• IP domain management• Mobile IP
Cisco Mobile Office Channel SE Airport Venue
• AVVID• Content optimization• AVVID• Content optimization
888© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road Partner Community
Enterprise
Development Partners
Venue Partners
Other Partners
HotelsHotels
Train Stations
Train Stations
Airports/Airlines
Airports/Airlines
Visitor-Based Networks
Visitor-Based Networks
ConventionCenters
ConventionCenters
CPN ServiceProviders
Resellers SettlementProviders
PC OEMs PC OEMs
ASPsASPs
ContentProvidersContent
Providers
Provide services to venues
Provide hardware and applications
Create Demand for Access and Brand
© 2002, Cisco Systems, Inc. All rights reserved.
Integrators
999© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Wireless ISP Roaming (WISPr) Forum
• Wireless Ethernet Compatibility Alliance (WECA)
• Global industry-wide representation
Hardware manufacturers (Cisco, Agere, Toshiba, Funk, Intel, Nokia, Nomadix)
Software vendors (Microsoft, Woodside Networks)
Settlement providers (iPass, GRiC, TSI, Excilan, Fiberlink)
WISPs (Wayport, Airwave, HereUare)
Operators (Sprint PCS)
101010© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Objectives of WISPr
• Define Wireless ISP Roaming best practices:
Billing and roaming
Consistent end-user experience
Third-party billing settlement
Network-wide security
• Initiate creation of standards for roaming through groups such as IEEE, ETSI or the IETF
111111© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Enabling Technologies and Standards
WLAN SecurityWLAN Security
Wireless LAN (WLAN)Wireless LAN (WLAN) 802.11
Wi Fi
802.11
Wi Fi
802.1x
Extensible Application Protocol (EAP)
Light Extensible Application Protocol (LEAP)
3DES encryption
IPsec
AAA RADIUS
802.1x
Extensible Application Protocol (EAP)
Light Extensible Application Protocol (LEAP)
3DES encryption
IPsec
AAA RADIUS
121212© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Standards Wireless Security—802.1X
• IEEE draft standard
• Overcomes limitations of 802.11 security
• Leverages existing standards
Extensible Authentication Protocol (EAP)
RADIUS
• Available authentication types
Light Extensible Authentication Protocol (LEAP)
EAP-TLS
client
AP
RADIUSserver
EAP
RADIUS
userdatabase
1
2
3
1
2
3
4 4
Mutual authentication
Dynamic, session-based encryption keys
Centralized user administration
Extensible authentication support
131313© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Light Extensible Authentication Protocol (LEAP)
Start
challenge
response
broadcast key
username
challenge
response
AP sends client broadcast key, encrypted with session key
AP blocks all requests until LEAP completes
username
RADIUS server authenticates client
Request identity
success success
challenge challenge
response response, key
Client authenticates RADIUSserver
key length
clientAP
RADIUS server
keykey
141414© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
How LEAP Challenges and Responses Work
challenge
Create
password from
database
one-wayhash
password hash
LEAP algorithmresponse A
challenge
challenge
Using password from database, generate response to own challenge
151515© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
How LEAP Challenges and Responses Work
user-supplied
password
one-wayhash
password hash
response B
response B
If response A = response B, then authenticate user
Why?
challenge
challenge
LEAP algorithm
response A
Using user-supplied password, generate response to challenge
161616© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Comparing Responses
password from
database
one-wayhash
password hash
LEAP algorith
mresponse A
challenge
user-supplied
password
one-wayhash
password hash response B
challenge
LEAP algorith
m
If response A = response B, then user-supplied password = password from database
171717© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Deriving the Session Key
hash (hash (password))
client challenge to RADIUS RADIUS challenge to client
RADIUS response to client client response to RADIUS
MD5
128-bit key
181818© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Deploying LEAP
Clients
• Cisco Aironet ® adapters
Turn on LEAP in ACU
Windows: Use Windows Networking logon
Others: Use ACU window
• Others: No support for LEAP
Use static WEP
On Windows XP, use EAP-TLS
One AP can support LEAP, EAP-TLS, and static WEP
RADIUS servers
• Cisco Secure ACS
Supports LEAP
Needs access to an NT-formatted database or ODBC connection to NT Domain Controller or Active Directory
With LEAP proxy in V3.0, can interact with database manager that supports MS-CHAP*
• Others:
Funk Software
Interlink Networks
Open Systems Consultants
* LDAP and NDS do not support MS-CHAP
191919© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Setting Up ACS
• ACS can handle 40+ LEAP logons per second
• Connection from site to ACS must be reliable
• Access to backup ACS server is advisable
• ACS for LEAP Design Guide provides details
202020© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
T1/E1
Cisco Mobile Office—On the Road Mobility from Public Access Facilities
BBSM
In-line powered switch
Internet
Wireless access points
Router
Wiring ClosetWiring Closet
Coffee Shop
Coffee Shop
AirportAirport
EnterpriseEnterprise
Cisco VPN Client on LaptopsCisco VPN Client on Laptops
Centricom VPN Client on PDAsCentricom VPN Client on PDAs
Terminal fiber run
HotelHotel Wireless access point
Aggregator switch
Third-party broadband
roaming/settlement/
billing service
212121© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road Mobility from Public Access Facilities
BBSM
Catalyst 3524-PWR XL in-line powered switch
Cisco 2600 Series router and firewall
Wiring ClosetWiring Closet
AirportAirport Cisco VPN Client on LaptopsCisco VPN Client on Laptops
Centricom VPN Client on PDAsCentricom VPN Client on PDAs
Terminal fiber run
Catalyst ® 3500 Series aggregator
switch
Cisco Aironet ® 1200 wireless access points
T1/E1
Internet
Coffee Shop
Coffee Shop
EnterpriseEnterprise
HotelHotel
Third-party broadband
roaming/settlement/
billing service
222222© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Network Options for Any Public Space
10/100/1000 high-speed Ethernet switching for areas with Category 5 wiring
10/100/1000 high-speed Ethernet switching for areas with Category 5 wiring
Wireless LANs for concourses, airline lounges, concession, ticket counter, and baggage claim areas
Wireless LANs for concourses, airline lounges, concession, ticket counter, and baggage claim areas
Long-reach Ethernet for areas with category 1/2/3 wiring and/or long runs
Long-reach Ethernet for areas with category 1/2/3 wiring and/or long runs
Cisco Building Broadband Services Manager (BBSM)Cisco Building Broadband Services Manager (BBSM)
Routers for enterprise-class multi-service solutions and managed services
Routers for enterprise-class multi-service solutions and managed services
Service Selection Gateway (SSG) – menu-based service selection and billing for individual services
Service Selection Gateway (SSG) – menu-based service selection and billing for individual services
Cisco Mobile Office Channel SE Airport Venue
232323© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Aironet ® Series Wireless LAN Access
• Access points
10/100 Ethernet
Can be used as a repeater
Minimum setup
Maximum flexibility
Internal testing for RF link
• Client adapters
PC
LM
PCI
• Wireless bridges
8 MAC addresses
New!
Cisco Aironet 1200 Series Access Point
242424© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Long-reach Ethernet (LRE)
• Cisco Catalyst ® 2900 Long-Reach Ethernet LRE XL switch
Up to 15-Mbps symmetric Ethernet
Management
QoS, scalability, security
Supports POTS
Supports Cisco switch clustering
• Cisco Long-Reach Ethernet LRE 48 POTS Splitter
LRE and POTS on the same telephone line
• Cisco 575 Long-Reach Ethernet LRE Customer Premise Equipment CPE
Bridges LRE and Ethernet
Small footprint
252525© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Switches
Cisco Catalyst 2900 Series
Performance
Migration path to Gigabit in the LAN
LAN-edge QoS
Multicast management
Cluster management
High availability and security
Cisco Catalyst 3500 Series XL
Stackable
10/100 and Gigabit Ethernet
Mid-sized networks
Internet business applications
262626© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Routers
Cisco 3600 Series
For medium to large offices
Modular, multi-service
Data/voice/video integration
Cisco 2600 Series
For branch offices
Modular, multi-service
Data/voice/video integration
Cisco 7200 Series
For diverse VPN environments
IOS-based services
VPN Acceleration module
Service Selection Gateway (SSG)
Cisco 7100 Series
Integrated VPN solution
Routing and VPN services
272727© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Building Broadband Service Manager (BBSM)
• Software platform for subscriber session management
• MXU environment
• High-speed Internet access in building broadband networks
• BBSM provides
Subscriber session management
Integrated billing
Easy plug-and-play access
• Most widely deployed in-building service platform
• Compatible with broadband technologies
Ethernet
Long-reach Ethernet (LRE)
Digital subscriber line (DSL)
Cable
Wireless
Fiber
282828© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Content Transformation Engine CTE 1400
• Solutions for:Many device types — Connection management
Existing content not wireless-friendly — Presentation management
Connections are intermittent and many — Data management
• Leverage existing content
• Rapid deployment
• Fast, seamless installation
• Easy to use
• Line rate performance
• Scalability
• Low cost of ownership
292929© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Phase IIQ1CY02Phase IIQ1CY02
Phase III? Q3CY02
Phase III? Q3CY02
FeaturesFeatures
ProductsProducts Wireless LAN accessLong-reach Ethernet Plain old telephone service (POTS) Ethernet switchesRoutersService managementRADIUS serversVPN clientsFirewallsNetwork management
Wireless LAN accessLong-reach Ethernet Plain old telephone service (POTS) Ethernet switchesRoutersService managementRADIUS serversVPN clientsFirewallsNetwork management
Cisco Mobile Office—On the Road Product and Feature Roadmap
Phase I plus: Cisco CTE 1400Catalyst 5000Cisco IP Phone 7960 Cisco IP SoftPhone
Phase I plus: Cisco CTE 1400Catalyst 5000Cisco IP Phone 7960 Cisco IP SoftPhone
Phase II plus: Web collaboration softwareCisco Aironet APupgrade
Phase II plus: Web collaboration softwareCisco Aironet APupgrade
Phase IQ3CY01Phase IQ3CY01
End-to-end securityReliabilityScalabilityNetwork management
End-to-end securityReliabilityScalabilityNetwork management
Phase I plus:QoSVoIP support802.1 supportGSM/CDMS billing
Phase I plus:QoSVoIP support802.1 supportGSM/CDMS billing
Phase II plus:VLAN supportVisitor-based networkWISPr supportGSM/CDMS roaming
Phase II plus:VLAN supportVisitor-based networkWISPr supportGSM/CDMS roaming
303030© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Design Requirements
• Traffic requirements
• Security requirements
• Interference with other networks
• Additional traffic on existing infrastructure
• Regulatory requirements
313131© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Implementation
• Site survey — a vital component
Refer to BBSU Web site:
http://www.cisco.com/warp/customer/504/index.html
• Logical segregation/prioritization of traffic between public and private segments
• Maintenance, root access control implementation
• Set-up of walled garden, access rights, billing and authentication (relevant to the deployment)
• Evaluate in-house resources
• Consider leveraging an integration partner
323232© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Migration
• Effects on existing backbone connection – need to upgrade?
• Management framework for upgrades/servicing
• Dual-mode (802.11a/b) upgrade issues
• Appropriate framework for 802.1x
• Scalability requirements for future services
333333© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Third-Party Arrangements
• Setup of billing and roaming arrangements
ISP
Settlement provider
• Infrastructure-less WISPs will need access agreements and interoperability testing, too
343434© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Airport Roaming—Single Service Provider
Internet
Cisco 2600 or BBSM
Subscriber management function resides here
ISP
Airline 1TicketingBaggage
Airline 2TicketingBaggage
Airport gates
RADIUS/SNMP/DHCP/DNS/
application servers
353535© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Airport Roaming Model—Shared Infrastructure (ISP-to-ISP SLAs)
RADIUS/SNMP/HLR servers
Subscriber management function resides here
Airline 1TicketingBaggage
Airline 2TicketingBaggage
Airport gates Cisco 2600
or BBSM
ISP #1
RADIUS/SNMP/DHCP/DNS/
application servers
Internet
ISP #2
363636© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Airport Roaming—Shared Infrastructure (Clearinghouse)
Clearinghouse (iPASS, GRIC)
ISP #2 #3 #4Airline 1TicketingBaggage
Airline 2TicketingBaggage
Airport gates Cisco 2600
or BBSM
InternetISP #1
RADIUS/SNMP/DHCP/DNS/
application servers
Subscriber management function resides here
373737© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Example Deployment—Minneapolis/St. Paul Airport• Wireless access points throughout the airport terminal in almost all gate areas
• For public access to an 802.11b wireless network.
• Deployment:
February - pilot (network already implemented)
March - live public access
• Solutions
BBSM and wireless access points (first phase)
• Products
Cisco Aironet 350 access points
Cisco Broadband Service Manager (BBSM)
• Partners
Concourse Communications
EDS - Cisco products
iPASS - service provider
• Second phase
Airline and airport operations
Other tenant services
383838© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Mobility—Cisco Advantage
• End-to-end solution
From enterprise to venue
End-to-end security
Tailored to airports
• Demand generation
For venue partner
For service provider
• Market leadership
Cisco brand
World-class solution
393939© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
On the RoadOn the Road
Get Started Now
Engage in the Cisco Mobile Office—On the Road program
Cisco Mobile Office
40Cisco Mobile Office Channel SE Airport Venue © 2002, Cisco Systems, Inc. All rights reserved.
414141© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Information for Systems Engineers
• The following material is not to be presented to the customer
424242© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Information for Systems Engineers—Agenda
• Why Sell Cisco Mobile Office—On the Road?
• Decision makers
• Technical qualifying questions
• Overcoming technical objections
• Tools to help you sell Cisco Mobile Office—On the Road
434343© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Why Sell Cisco Mobile Office—On the Road?
• Strong demand
• High-speed access in buildings and public spaces is becoming a competitive requirement
• New revenue opportunity
• First step towards multiple broadband application (and sales) opportunities
VoIP, video, and vertical market applications
• Cisco offers complete solutions
444444© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Typical structureTypical structure Title of decision makerTitle of decision maker
City Director of IT, CIO…City Director of IT, CIO…CityCity Many airports are owned and operated by the local city government
Many airports are owned and operated by the local city government
Airport ITAirport IT Airport Director of IT or IT ManagerAirport Director of IT or IT Manager
Most Tier 1 and some Tier 2 airports have their own IT departments that make their own decisions
Most Tier 1 and some Tier 2 airports have their own IT departments that make their own decisions
Port authorityPort authority An IT group makes decisions for all transit networks
An IT group makes decisions for all transit networks
Port Authority Director of IT, CIO…Port Authority Director of IT, CIO…
Decision Makers
454545© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Technical Qualifying Questions
• Is there more than one wireless Internet service provider (WISP) delivering wireless services in the venue?
• What is your existing infrastructure?
Frame?
ATM?
Ethernet?
• Do you have shared media deployed?
• Is there a security policy in place?
• What relationships with technical partners exist, if any?
• Is there any wireless deployed?
If so, do you use SSID?
Or (name the alternative to SSID)?
464646© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Overcoming Technical Objections
• It’s not secure enough
• It may not be available all the time
• The quality of service may be unacceptable
• It could be hard to manage
474747© 2002, Cisco Systems, Inc. All rights reserved.
Cisco Mobile Office Channel SE Airport Venue
Cisco Mobile Office—On the Road Tools for Successful Selling
• Web site www.cisco.com/go/mobileofficeWhite papers
Contacts
Presentations
Case studies
Partners
HotSpot Locator
• Resources for resellersCisco packaged services
Partner and reseller communications
Partner and Reseller Helpline
Sales Tools Central
Networking Products MarketPlace for Resellers
Cisco Resource Network for Resellers
Partner and reseller training