RoamAbout Wireless Access Points

“There is nothing more important than our customers”

RoamAbout Wireless Product Portfolio

Customer Presentation

Enterasys RoamAbout WLAN Solutions

•

RoamAbout Product Portfolio

•

Management Applications

•

Advanced Features of Thin Mode WLANs

© 2007 Enterasys Networks, Inc. All rights reserved.

2

WLAN Implementation – The Major Challenges

Security

Performance

Deployment

Management

User

Satisfaction

The WLAN must be as secure as the LAN infrastructure

The WLAN should support today’s standards and be 802.11n ready

Optimize positioning of Access Points

Find and isolate rogue APs

Automatically reconfigure failed nodes

Manage WLAN with existing resources

Easily authenticate and authorize corporate and guest users

Non-stop operation

Ready for Next gen productivity apps, such as Voice over WLAN


3

RoamAbout - Enterasys’ Wireless LAN Heritage

More Than 14 years experience in WLAN technology

First RoamAbout product shipped in January 1993

100,000+ RoamAbout Access Points have been deployed

1,000+ enterprise class customers worldwide

Many industry innovations

First Access Point with Power over Ethernet

First Access Point with secure SNMP v3 support

First 802.11b PCMCIA Radio Card with 128 bit encryption

First radio technology-upgradeable Acess Point

Committed to open standards

WiFi Alliance

IEEE

UNH WLAN Interoperability Lab

• Numerous large deployments across a broad spectrum of industries

Goodyear

Unisys

West Hartford Public Schools

Montgomery Township


4

RoamAbout – A Flexible Product Portfolio Today

• Secure Networks

Enterasys’ embedded security architecture for wired & wireless networks

• Wireless Switches

The intelligence for next gen wireless networks

Provides ACL policy, centralized management, plug and play deployment, L3 mobility, rogue detection, reliability, and load balancing

• Access Points

Performance, security and 802.11 standards compliance

• WLAN Management Software

Operations center for network

• Site Survey Tools

Helps size and optimize wireless network for customer environment


5

RoamAbout Wireless Switches

Ports

TPRZ-MXR2

Remote Office Solution

2 x 10/100/ RJ45 with PoE *

Active

APs

AP configs

3 3

RBT-8110

1 x Gigabit RJ45

1 x 10/100/ RJ45

1 x Console

24 120

RBT-8210

2 x Gigabit RJ45

1 x Console

24

48

72

300

RBT-8400

4 x Gigabit (GBIC or RJ45)

1 x Console

1 x Flash card slot

40

80

120

480

Mobility System Software Version

5.0 includes support for all wireless switch controllers

* Note: TPRZ-MXR2 works with RBT-1602 Access Point only


6

RoamAbout Wireless Access Points

RBT-4102

• Convertible AP that supports either Thick or Thin Modes

• Secure Networks edge policy in Thick Mode

• ACL-based edge policy in Thin Mode

• Single RJ45 LAN connection with Standards-Based PoE

• Redundant, Load-Sharing Power when External Power is use with PoE

RBT-1002, RBT-1602

• Support for Thin Mode ONLY

• Dual radio for 802.11a+b/g, less expensive than RBT-4102

• Supports ACL-based edge policy

• dual-homed LAN and dual-homed PoE (RBT-1602)

• RBT-1602 can ONLY be powered via PoE

• Redundant, load-sharing power with PoE + external (RBT-1002)

TPRZ-MP-620

• Weatherproofed for Outdoor Deployments

• Support for Thin Mode ONLY

• Dual radio for 802.11a+b/g

• Supports ACL-based edge policy

• Single Ethernet port with PoE support

• External RSSI port for field antenna alignment

• Built-in lightning protector


7


•


•


•



8

RoamAbout WLAN Management

NetSight Console & Policy Manager

Management Application for

RoamAbout AP4102 operating in Thick Mode .

RoamAbout Switch Manager

Management Application for all

Enterasys Wireless Systems operating in Thin Mode .


9

RoamAbout Switch Manager (RASM)

• Feature rich NMS for

RoamAbout WLAN Switches

• Integrates Site Survey

Information

User location and roaming history

Intrusion detection and location

• Device & User Management

With a template model to simplify enterprise class deployments

• Performance tracking

At multiple levels of granularity – from campus-wide to user-specific

Includes real-time to 30 day history logging

• Fault and event viewing

Network Admins can quickly isolate and eliminate malfunctioning APs

• Scales to manage 1 to 100+

RoamAbout switches


10

RoamAbout Thick Mode WLAN APs

Thick Mode

•

•

•

WLAN Access Points operating standalone

Access Points use Enterasys Edge-Policy

(equivalent to wired Switches).

• Relatively Simple Configuration that is easy to deploy and easy to manage

• Deployments are relatively static

Advantages

• Supports Policy Management features

• Access Points are managed natively using NetSight applications

• Uses NetSight Policy Manager to enforces policy rules and roles

Why Choose a Thick Mode WLAN?

Limited dynamic mobility for users moving

• Enforces Secure Networks Policy

• Very efficient WLAN traffic-flow characteristics because WLAN traffic is not aggregated through a Wireless

Switch

• APs are administered in a similar manner to

Ethernet Switches on the network switch, so they can be “plug-and-play”


11

RoamAbout Thin Mode WLAN Switches & APs

Thin Mode Advantages

• WLAN Switching with lightweight Access Points

Why Choose Thin Mode?

• Scalable, centralized management for large scale WLAN deployments

• Sophisticated controllers enable the use of less intelligent Access Points • Advanced rogue Access Point detection

& suppression

• Multiple APs are managed as a single system

• WLAN Switching enables automated RF domain sizing, power adjustments and

• channel selection entity

• Self-healing capabilities with autopower and auto-channel functions

• Support for Web based authentication

• Multiple Access Points behave as a single

• Supports Topography views in management applications

• Improved support for advanced features, including Voice

• Wireless Switches are designed to support future 802.11n networks

• Elimination of Subnet Roaming Issues

• ACL-based edge-policies can be configured to equate with Secure

Networks policies in the LAN.


12


•


•


•



13

Dynamic Response to Rogue APs

• Rogue Access Points are a serious security threat

Unauthorized parties can gain wireless access to the entire IT infrastructure

They are not subject to IT administration or monitoring

They interfere with production WLAN operation

• RoamAbout WLAN switch infrastructures can automatically detect and isolate rogue APs

Access Points temporarily convert to WLAN

Sensors to locate the rogue AP

once the threat is mitigated Access Points revert to normal operation

this approach negates the need for an overlay

WLAN security sensor network

• In addition Enterasys Policy-enabled LAN

Switches can limit access for rogue APs

LAN ports deploy authentication techniques that block network access for non-authenticated devices, such as Rogue APs

Security policy prevents IP addresses resolving to unauthorized DHCP Servers hosted by Rogue

APs

MAC locked LAN ports block unauthorized APs from joining the network

Access Point

Access Point


Rogue AP

Access Point

Access Point

Access Point

14

WLAN Switch Automation Tools

Simplify IT Administration

• Self healing infrastructure ensures business continuity

Adjacent APs detect and respond to

AP failure or RF degradation

Clients are automatically migrated to fully functional APs

• Dynamic load balancing addresses the “over-subscribed AP” challenge

Automatic frequency selection and power control for adjacent APs

Changes are localized, do not cascade throughout the network

Option to dedicate bandwidth to

QOS sensitive applications such as video and voice

Access Point


Access Point

Access Point

15

Seamless Subnet to Subnet Roaming

• Supports leading edge corporate productivity applications

Non disrupted use of WiFi and dual mode telephony handsets on the corporate WLAN

Increase the effectiveness of PDA and handheld computer applications

• RoamAbout WLAN Switches integrate advanced roaming technologies including

Synchronized handoffs to avoid call jitter for VoIP

Fast subnet to subnet handoff times of less than 100ms

Eliminate the need for client reauthentication


Subnet A

Subnet B

16

Enhanced Security with WLAN Intrusion Defense for AP1602

• Integrated IDS and IPS for the

WLAN network

Optional AirDefense software turns each

RoamAbout AP1602 into an “on-demand”

AirDefense Sensor

A centralized Security Dashboard aggregates threat information from each

Air Defense Sensor

Includes real-time dedicated monitoring of all channels and frequencies for

Intruders and Impending threats

Forensics & incident analysis capabilities

May be used for regulatory compliance monitoring

Common Criteria certified

WLAN

Switch

AP


AP

WLAN

Switch

17

Real Time Asset Tracking & Location

• The ability to rapidly locate mobile assets is a key competitive advantage for many industries

Tracking raw materials and WIP in a manufacturing setting

Locating patients and medical diagnostic equipment within a healthcare facility

Managing inventory and shipments in a warehouse

• Automated asset tracking improves productivity

While increaing cycle count accuracy and reducing operational costs

• RoamAbout switch infrastructures support real-time location services

Using WiFi Tags and 3 rd party Location Servers

Operates with products from AeroScout and

Ekahau

© Copyright (c) 2000-2005 Ekahau, Inc.

All rights reserved.


Location Server

18

“There is nothing more important than our customers”

Wireless Networking Vision

Today - RoamAbout® “Thick” WLAN solutions

• Independent operation

• Convertible to “thin” mode

• Configured and managed with

NetSight policy manager

• Continuous identity management

• Flexible operational modes

Workgroup

Point-to-Point

Point-to-Multipoint


Today - RoamAbout “thin” WLAN solutions

• Wireless controllers

Network security

› Network Access Control

› ACL Policy

› Data encryption

› Continuous identity management

802.11n capable

Low latency L3 mobility

WiFi rogue detection

Plug and play management applications

• Wireless access points

Product

TRPZ-MXR-2

RBT-8110

RBT-8210

RBT-8400

RBT-8500

Product

RBT-4102

RBT-1002

RBT-1602

TRPZ-MP-422

TRPZ-MP-620

TRPZ-MP-432

• RoamAbout Switch Manager

Operations center for WLAN

• Site Survey Tools

Easy to use RF planning

Estimate the optimal size and kit

Wireless Controllers

Interfaces

1 x 10/100 RJ45 with PoE, 1 x 10/100 RJ45 without PoE

1 x Gigabit RJ45, 1 x 10/100 RJ45, 1 x Console

2 x Gigabit RJ45, 1 x console

4 x Gigabit (GBIC or RJ45), 1 x Console,

1 x Flash Card Slot

2 x Gigabit SFP (MGBIC), 1 x console,

1 x Flash Card Slot

Wireless Access Points

Interfaces

(1) Wired 10/100 Mbps, (1) Console port

RS232, (2) reverse male SMA connectors

(4102 only)



(4102 only)

(2) Wired 10/100 Mbps, (2) reverse male SMA connectors

(2) Wired 10/100 Mbps, (2) reverse male SMA connectors



(4102 only)

2 Gigabit Ethernet uplink ports

Active APs

Up to 3

Up to 24

Up to 72 up to 120 up to 128

Protocol

802.11a/b/g

802.11a/b/g

802.11a/b/g

802.11a/b/g

802.11a/b/g

802.11a/b/g/n

2008 - Software Releases

• Version 7.0

Multi hop meshing

› Reduce cabling costs and deploy APs in locations where cabling is not possible

802.11n support dramatically increases

WLAN throughput (up to 600 Mbps) while improving client coverage and density

› TRPZ-MP-432

Indoor 802.11 a/b/g/ n

AP

Enterasys NAC Support

› Force re-auth, quarantine, etc.

Wireless Switch Clustering

› Scalable and dynamic backup/recovery services for switch controllers

• Version 7.2

Automatic AP and controller load balancing

Controller Distributed Configurations

Security Enhancements


2008 –WLAN “Thin” Mode Multi Hop

Meshing

• Wireless AP access where wired interfaces are not available

Radio link to multiple access points that do not have wired interfaces

• Cost effective WLAN deployments

Reduces number of switch controllers

Reduces cabling costs(~$200/AP)


2008 – RASM / Smart Pass

• RASM Planning

Tools ease installation and eliminate surprises

Improved outdoor RF planning

Improved scaling

• RASM Management

MS Vista support

Full lifecycle indoor/outdoor management

Wizards (for desired coverage, capacity, client type, e.g. WMM Voice or Spectralink SVP) for rapid deployment of hundreds of APs

Mobile client management, tacking, logging, and reporting for thousands of wireless clients

• SmartPass

Web-based provisioning for non-technical staff

Secure guest access without network reconfigurations

Scalable centralized client/server architecture with Radius API, up to 10,000 clients


2008 - WLAN Controller: RBT-10000

• 28Gbps Ethernet switching capacity – industry’s highest density WLAN switch

• 2 x 10-Gbps ports; 8 x 1-Gbps ports

• Line-rate speed and throughput

• Industry’s only hardware-switched wired and wireless

• 512 active AP’s

• 12,000 active clients per switch


25

2008 – 802.11n Access Point

• Superior performance

Simultaneous dual band operation

(2.4GHz and 5 GHz)

300 Mbps per band -> 600 Mbps total

3x3 MIMO in both bands

2x10/100/1000 uplink ports

• Leverages existing infrastructure

Interoperates with existing switch controllers

Same PoE injectors

Utilizes the same mounting brackets

• Flexible Power over Ethernet options

802.3af injectors (1 or 2)

802.3at draft injectors

• WiFi certified ready

Fully compliant with 802.11n draft 2.0

Guaranteed interoperability with standards based networks

Upgradeable to final standard

• Optimal range

Internal antenna design delivers surround coverage


2009 – WLAN/LAN Integration

• Integrated WLAN and LAN solution offerings to the enterprise

Integrated with Enterasys edge switches

Reduces complexity and expense of wireless controller appliances

• “Unified” access points capable of dynamically converting between “Thin” mode and “Thick” mode

Provides increased resiliency for the WLAN in the event of a switch layer failure

802.11n performance for bandwidth intensive applications

• Single, integrated WLAN/LAN management

Cost effective

Easy network administration

• Integrated WLAN/LAN network security

Including IDS/IPS security mechanisms


RoamAbout Hardware – Timeline

Wireless Switches

·

RBT-8500

32 – 128 Aps

2x1Ge SFP ports

·

RBT-8500-32

License upgrade for 32 additional

APs

Access Point

·

TRPZ-MP-432

802.11 a/b/g/N AP

Wireless Switches

·

RBT-10000

10 Gigabit switch controller up to 512 APs

Access Point

·

Edge switch with embedded wireless controller

·

TRPZ-MP-632

Outdoor 802.11 a/ b/g/N AP

Feb 2008

RBT-8500

Jun 2008

Indoor 802.11n

Oct 2008

RBT-10000

Feb 2009

Outdoor 802.11n

Jan 1, 2008

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar

Mar 31, 2009


Mobility Switching Software – Timeline

Wireless Switching

·

RASM 6.2

RF Planning Enh

Outdoor RF Planning.

·

SmartPass 6.3

v7.0 wireless switching

·

Mesh multi-hop support

·

802.11n

·

Bandwidth Control

Per User

Per SSID

·

ETS NAC support

·

Wireless Switch/

Controller Clustering v7.2 wireless switching

·

Security enhancements

·

Capacity scaling

·

Distributed configs

·

Resilient clustering

Apr 2008

MSS 6.2

Jun 2008

MSS 7.0

Nov 2008

MSS 7.2

Jan 1, 2008

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar

Mar 31, 2009


Thank you


30


•

Additional Slides


31

Evolution of Wireless Standards

2005

2004

2003

2002

2001

2000

1999

802.11e

2005 - QoS which also exposed WMM (wireless QoS)

802.11i 2004 - AES (advanced encryption standard truw wireless security)

802.11f

- Inter-Access Point Protocol.

802.11g

- 2.4 GHz 54 Mbps 11 Channels only 3 non-overlapping

802.11h

- Spectrum and Transmit Power Management for Europe

802.11d

- Auto Regulatory Domains

802.11j

- 4.9 - 5.1 GHz Japanese Regulatory

802.1X

- Secure Authentication

802.16

- WiMAX for static networks

802.11

- 2.4GHz, 2Mbps 11 Channels only 3 non-overlapping

802.11a

- 5GHz, 54Mbps up to 23 channels all non-overlapping

802.11b

- 2.4GHz 11 Mbps 11 Channels only 3 non-overlapping


32

Next Few Years – More Alphabet Soup

2008

2007

2006

802.11s

- Mesh (efficient mulitcast/broadcast)

802.11t

- Wireless Performance Prediction (standard comparison tests)

802.11u

- Inter-operation with External Networks (off 11 roaming)

802.11n

– 100 Mb/s+ of user throughputs (wireless radio-trunking)

802.11v

- Wireless Network Management (more advanced IAPP)

802.11m

- Enhanced Maintenance & Mgmt Security (paperwork)

.

802.11r

- Fast Authentication Roaming (faster roaming)

802.11k

- Radio Resource Measurement (AP-to-client queries & vice versa)

802.16e

- WiMAX for mobile networks (wireless MANs)


33

Secure Networks Support – Thick Mode

Secure Networks Policy:

• Same Policy Architecture as Wired LAN, configurable with NetSight Policy Manager

• Provides for a consistent user experience across the wired or wireless infrastructure

How it Works:

• Policies are defined and applied simultaneously to the wired and wireless infrastructures.

• The RBT-4102 supports most, but not all policy types seen in the wired switches. Policy Manager helps to identify inconsistencies.

• The system uses a RADIUS back end for AAA and policy implementation.

• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.

• Upon sign-on, consistent policy rules are applied based upon user’s role – ( Policy and QoS follow the user )


34

Secure Networks Support – Thin Mode

ACL-Based Policy:

• Uses dynamically-applied ACL’s to closely replicate the

Secure Networks policies existing on the Wired LAN

• Provides for a consistent user experience across the wired or wireless infrastructure

How it Works:

• Policy is defined for the wired and wireless infrastructures using Secure Networks policy for wired devices and analogous ACL-based policies in wireless.

• Both systems share the RADIUS back end for AAA and policy implementation

• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.

• Upon sign-on, consistent policy rules are applied based upon user’s role – ( Policy and QoS follow the user )


35

RoamAbout Firmware Version 4.1.11.0

Thick Mode

Added Support for Specified Countries


•

JP

•

KR

•

KW

•

MY

•

NZ

•

PH

•

SA

•

SG

•

AE

•

AR

•

AU

•

BR

•

CN

•

EG

•

IL

•

IN

•

TH

•

TW

•

VE

•

VN

•

ZA

UNITED ARAB EMIRATES

ARGENTINA

AUSTRALIA

BRAZIL

CHINA

EGYPT

ISRAEL

INDIA

JAPAN (W52/W53)

KOREA, REPUBLIC OF

KUWAIT

MALAYSIA

NEW ZEALAND

PHILIPPINES

SAUDI ARABIA

SINGAPORE

THAILAND

TAIWAN

VENEZUELA

VIETNAM

SOUTH AFRICA

36

Approaches to WLAN Architectures

Thick Architecture

Limited Control Features

Centralized Architecture

Controllers can be Bottlenecks

Direct Path Forwarding

Intelligent Switching

Distributed Forwarding for Latencysensitive Applications

Centralized Forwarding for Other

Applications (e.g. security-sensitive)

Control

Management

Efficient Traffic

Control

Management

Efficient Traffic


Control

Management

Efficient Traffic

37


Application-Driven Direct Path Forwarding - EXAMPLES

Voice over Wireless

Latency Sensitive Applications

Direct Path

Guest Access

Security Sensitive Mobility Applications

Proceed Through Switch

802.11n Ready Today

Tomorrow’s Applications

Direct path


38

802.11n – Problem and Solution

Typical Thin Approach

Return-to-Core Forwarding

Direct Path Forwarding

Intelligent Switching


Intelligent WLAN controller

Offered load exceeds controller capacity

X

Offered load increases up to 10x Offered load increases up to 10x

• 802.11n creates up to 10x increase in throughput

• Throughput exceeds controller capacity

• Cannot scale without expensive hardware upgrades

• Forwarding occurs at the AP, not through controller

• No impact on controller

• Scales in place without expensive forklift upgrade


39

RoamAbout Wireless Access Points

RoamAbout Wireless Product Portfolio

Enterasys RoamAbout WLAN Solutions

RoamAbout Wireless Switches