Wireless In The Data Centre Presentation

WORK SMART

10/04/2023 1

Wireless in the Data Centre“Decoding the Spin” Seminar

16th July 2014 – FINAL 3

Copyright 2014, All rights reserved

http://www.ait-pg.co.uk/secure-wired-and-wireless-network-solutions/ait-and-wireless-network-industry-news/wireless-in-the-data-centre-whitepaper/

WORK SMART

10/04/2023 2

Enterprise Class Wi-Fi


10/04/20233

Enterprise WLAN Development


WLM (Wireless LAN Management)

WLC (Wireless LAN Controller)

WLA (Wireless Access Point)WLA/ WLM (at edge)

WLA/ WLM (at edge switch)

http://www.ait-pg.co.uk/secure-wired-and-wireless-network-solutions/wireless-lan/

10/04/20234

Enterprise WLAN Components


WLM (Wireless LAN Management)

WLM (Management)– Configuration– Monitoring/ Reporting– Location– Intruder detection

WLC (Wireless LAN Controller)

WLC (Control)– Radio Resource Management– Encryption– Authentication– Roaming

WLA (Wireless Access Point)

WLA (Access)– Client Traffic

10/04/20235

Enterpise Class Wi-Fi (Aerohive Networks)

Cloud-managed Mobile Networking Company– Cloud (Public & Private), Controller-less Wi-Fi, Routing, VPN, Switching– Visionary Vendor - Gartner MQ for Wired & Wireless LAN 2013


Branch & Teleworker

RoutersEnterprise Wi-Fi

Cloud Services Platform

Public Partner Private (on-premise)

Access Switches

10/04/20236

Firewall (L2 –L7)– UTM level integration– Application control– Deep packet inspection– 712 application signatures

User Profile– Identity based networking– Granular separation of users and devices– Separate by device classification

Security


10/04/20237

Wireless Intrusion Prevention– Wireless DoS detection and prevention– Rogue detection (AP and client)– Countermeasures – Compliance monitoring

Security


10/04/20238

Authentication– 802.1x with RADIUS, Active Directory, OpenLDAP

• Aerohive APs can act as RADIUS server(s) or RADIUS proxy

– Captive Web Portal (CWP) authentication

Private Pre Shared Key– Dedicated key per user– People know PSKs– Secure (AES encryption)– Flexibility of PSK with enterprise security of 802.1x

Security


10/04/20239

Trusted vs Untrusted

Trusted Devices– White list

• Corporate Laptops• 802.1x• Directory Services

Integration

Untrusted Devices– Black list

• Non corporate guests


Everything in between– Shades of grey

• BYOD• Staff owned• Corporate Owned

personal• Corporate Owned

shared

10/04/202310

BYOD/ CYOD

Corporate Owned Devices– Choose Your Own

Device– Tablets– Smartphones– Corporate owned data– Remote wipe


Staff Owned Devices– Bring Your Own

Device– Corporate Data– Ring fenced– Containerised apps

Staff Owned Devices (2)– No corporate data– Guest Access

http://www.ait-pg.co.uk/secure-wired-and-wireless-network-solutions/bring-your-own-device/

10/04/202311

Mobile Device Management (MDM)

Mobile Device Onboarding– Configuration profiles

• Wi-Fi configuration/ keys/ certs• Mail/ VPN

Mobile Content Management– Secure content access

• Data Loss Prevention

Mobile Application Management– App store front/ redirection– Authentication enforcement


http://www.ait-pg.co.uk/secure-wired-and-wireless-network-solutions/bring-your-own-device/mobile-device-management/

WORK SMART

10/04/2023 12

Wireless Guest Access / ID Manager


10/04/202313

Guest Access

Aerohive ID Manager– Cloud Enabled Guest Management– Private PSKs more secure than traditional “Starbucks” style CWP– Key delivery options (Mail, SMS, Printed Voucher, Twitter!)– Kiosk Mode


http://www.ait-pg.co.uk/secure-wired-and-wireless-network-solutions/wireless-lan/wlan-guest-access/

10/04/202314

Secure Guest Access in Data Centre’s

Key management– Temporary PPSKs – Role based key drops into specific user profile/ VLAN– Different user profiles for different customers– Key dies as soon as customer leaves building


10/04/202315

Secure Separation of Guest Networks


Core Switch

Edge Switch

AccessPoints

Internet

DMZ

Guest Network separation using tunneling

Corporate Gateway

GRE Tunnel

Normal Traffic

10/04/202316

Secure Separation of Guest Networks


DMZ

Edge DMZ

Core Switch

Edge Switch

AccessPoints

Internet

Guest Network separation using physical separation

Corporate Gateway

DualPorts

Normal Traffic

Guest Traffic

10/04/202317

Independent Monitoring Network


DMZ

Edge DMZ

Core Switch

Edge Switch

AccessPoints

Internet

Monitoring Network Can be separate to Corporate Network

Corporate Gateway

DualPorts

Traffic via DMZ

Not under your control

WORK SMART

10/04/2023 18

Wireless Power & Environmental


10/04/202319

Intelligent Vs Non-Intelligent Rack PDUs


Millions of $s

10/04/202320

iPDU Adoption Life Cycle – varies by region


10/04/202321

Wired Monitoring ConnectivityIP Address per device– 5 per cabinet– 350 cabinets = 1750 IP addresses

Proprietary Solution – Single point of failure– 350 cabinets = 200+ IP addresses


T1

T2

T3

IP 1

T1

T2

T3

IP 1 IP 2 IP 3 IP 5IP 4

10/04/202322

Wireless Monitoring Connectivity


IP Address per access point– 5 per data centre (or less)

10/04/202323

Wireless iPDUs now available

Easy deployment of best practice monitoring of each rack– Temperature - top middle & bottom– Humidity

Saves ethernet ports– hundreds of PDUs per access point

Can be an ‘isolated’ Wi-fi network– This one has its own ‘SSID’

Typical Wi-Fi Dongle shown


Wi-Fi Dongle

10/04/202324

PX-IOS App PDView

Tablet based PDU managementFeatures: – View PDU configuration – See kW, VA, pF, kWh etc– Switch outlets on and off


10/04/202325

PDView – Per Outlet View


Control – On/Off

Per Outlet Power

10/04/202326

Power Management Reports


Sophisticated reports via web browser

10/04/202327

Health Map of Demo Data Centre


10/04/202328

Tabular Reports - Bill Back Report per Customer


10/04/202329

Tabular Reports - Load per IT Device


10/04/202330

Tabular Reports- Rack KW per cabinet


10/04/202331

Secure Cabinet Access Authentication System

What is SCAAS? – Door locking application for

Cabinets and Containment

Example– French Bank– 3 Containments, 84 Cabinets,

174 Doors, 6 Card Readers, 72 iPDUs


10/04/202332

Secure Cabinet Access Authentication System

SCAAS VA software Door Control Sensor EMKA door handle

BenefitsConnects into PX iPDUsCan be wireless


10/04/202333

SCAAS Features (1)

Collective Door Access Control – Containment Doors, Cabinet Doors (front and back) – A single ID-card reader controls a collection of doors

according to privileges of card-owner

Centralized Management of – Operation (unlock/lock, history-log) – Access Administration (cards, card-owners, privileges) – Site Setup (Containment, Cabinets, Doors, etc.)


10/04/202334

SCAAS Features (2)

Access Log – All activity is logged: presented card, user, unlocked/locked

doors, opened/closed doors, alarms. – Length of log is configurable

Audible Alarms – Unlocked doors by timeout or inside containment – Make use of iPDU buzzer


10/04/202335

Connectivity Summary

The following functionality could potentially use 5 switch ports per rack;– 2 x iPDU– 3 x temperature/humidity– 1 x access control– 1 x web cam

This would be 300 switch ports in a 60 rack data centre compared to 5 (or less) if wireless enabled– Multi-use, non-proprietary, open standards– Easily scalable


10/04/202336

Summary

Speed of deploymentReduced cost of deploymentNo dead patch panel ports to worry aboutNo delays while IT services team provision a switch port for each iPDU or environmental management applianceNon proprietary solution – all product is based on open standardUp to 6,400 sensors and 2,000 metered outlets on a single AP!Cost of a Wi-Fi dongle circa £25


Qs on Wireless Power & Environmental?

WORK SMART

10/04/2023 38

Real Time Tracking of Assets


10/04/202339

Real Time Tracking of Assets within the DC RTLS - Real Time Location SolutionUses same wireless infrastructure – not zigbee or 433.92MHz

Tracking where people go (security/alerting)Lone-worker safety (man down)Asset Tracking & Sensors (locating equipment)


Asset tags:

Wearable tags:Staff badge/pager:

Temp/RH sensors:

10/04/202340

Tracking Personnel in the DC


A complete Wi-Fi-based Real Time Location System for tracking the location and status of assets, inventory and people.

Ekahau Applications

Ekahau RTLS Controller

Ekahau Wi-Fi Tags

Ekahau Site Survey

Asset tags:

Wearable tags:Staff badge/pager:

Temp/RH sensors:

Location beacons:

10/04/202341

Staff Safety and Alarm Escalation


SOS key

Man-down

SOSAlert with detail location

Send email, Screen popup

Send alerts to local staff, remotely open doors.reposition video cameras etc

Patented RSSI Modeling Approach for Indoor Positioning

1. Patented, probabilistic multi-hypothesis tracking algorithms enable the industry’s leading location accuracy and reliability

2. RF characteristics such as multi-path reflections are recorded during the site calibration.

3. Calibration data is stored in the location server

4. Based on the calibration data and the information received from the tag/client, the server software calculates the real-time location

Ekahau RTLS - Technology

WLAN Best Practice • Physical design of the WLAN and placement of access points plays a critical role in

RTLS accuracy• RTLS accuracy relies on ‘Location Coverage’, a combination of access point

density and placement, signal quality, and signal differentiation. • Triangulation is important

• Access points (green circles), placed every 50 to 75 feet around the edge, as well as centre of building

10/04/202344

Airmagnet WLAN Survey

Passive Survey Active Survey


WORK SMART

10/04/2023 45

Working at the Rack


10/04/202346

Mobile Devices & DCIM software

WLAN enables tablets, laptops and mobiles installed with DCIM apps to update at the rack


10/04/202347

Mobile Devices & DCIM software Speeding up the auditing and importing of data Manage change control by issuing work orders directly to mobile devicesMaking it easier to maintain accurate records including photographs


WORK SMART

10/04/2023 48

Summary


Contact – www.ait-pg.co.uk tel: 0845 293 2790 email: [email protected]

http://www.ait-pg.co.uk/

10/04/202349

How Enterprise WLAN enables Best Practise!

Reduce the cost, and speed up the time, of deploying iPDUs, sensors, access control, asset tracking and DCIM software.Use 90% less switch ports then wired networks saving costs and reducing dependency on corporate IT teamsAn open 802.11 infrastructure will support mobile computing, as well as monitoring and management applications which means you no longer have to depend on multiple proprietary point solutions.AIT have the expertise to convince your IT teams that security is no longer a valid objection to implementing a WLAN in a data centre.


http://www.ait-pg.co.uk/