RM Managed Wireless
Brian Andrews
Senior Product Manager
Wireless within Education
•
Computers and Internet used daily
–
–
•
Ubiquitous network access
–
–
•
Throughout the school
Across the LA area
Growing number of wireless clients
–
–
•
Curriculum
Administration
Staff phone within the classroom
Student portable devices
Increased demand on security
–
–
Student network safety
School resources
Schools WLAN Requirements
•
Low deployment and operations costs
–
–
–
Minimal IT and RF expertise required
Simple to deploy indoors or outdoors
Simplified district-wide management
•
Secure access and user segregation
– Satisfy regulatory requirements
– Separate students, teachers, admin, guests
•
Extended operational life-span
–
–
–
Must last 5+ years, and handle traffic growth
Immune to evolving standards and higher data rates
Ability to support new applications over time
• Voice, Streaming video, Surveillance, Location
WLANs enable New Services
•
New teaching methods
–
–
–
•
Improved teacher productivity
–
–
–
–
•
Distance learning, Podcasts, Blogs
Teach anywhere, even outside
Not dependent on lab availability
Attendance, Grading
Curriculum development
Professional development
Internal communication
Improved security and safety
–
–
–
Wireless voice services
Video surveillance over IP
Location tracking
RM Managed Wireless Goals
•
Reliable
–
–
•
•
Fundamental part of the School
infrastructure
Eliminate downtime and disruption
to learning
Safe and secure
–
–
–
Zero maintenance for small
schools
Monitored and controlled centrally
for LA wide deployment
High performance
–
–
•
Secure network access
Identify and correct rogue activity
Flexible management
–
•
Commercially viable for Education
–
–
•
Deliver educational benefits to
students and staff
Available throughout the school
whenever required
Low Operational Cost
Investment protection
Allow for future growth
–
–
Easy, flexible and secure Guest
access
Advanced location tracking of
individuals and equipment
RM Managed Wireless Solution
Access Points
Management
Security
Controllers
Location
Controller Scalability
Cost / Capacity
512 Access Points
2 x 10GB XFP
8 x 1GB SFP, RJ45
32-192 Access Points
16 FastEthernet (10/100) PoE
2 x 1 GB SFP
32-192 Access Points
2 x 1 GB SFP
12 Access Points
8 FastEthernet (10/100) (2 PoE)
4 Access Points
2 FastEthernet (10/100) (1 PoE)
Library/Primary
Secondary/Academy/College
LA Data Center
RM Managed Wireless Goals
Reliability
Performance
Safe & Secure
Manageable
Cost Effective
Growth
Reliability
•
Standard reliability measures
–
•
Low MTBF
LA based controller for resiliency
Single point of management
–
Large geographic area monitored
and controlled
Multiple load-balancing levels
–
–
–
AP Controller ‘virtualization’
–
•
•
Users
APs
Controllers
•
No single point of failure
•
In-service upgrade
–
Minimise disruption
Device Resiliency
N : 1 Failover
RingMaster
•
Management
–
–
–
–
•
Load-shared AAA server groups
Local and/or remote AAA
Distributed MX database
RingMaster redundancy
Controllers
–
–
–
•
RingMaster
Dual hot-swap power
Load balanced uplinks
N:1 Controller failover
Access Points
–
–
–
RF auto-tuning
Radio load balancing
Dual homed uplinks
AAA
RM Managed Wireless Goals
Reliability 
Performance
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
Reliability 
Performance
Safe & Secure
Manageable
Cost Effective
Growth
High Performance
• Key issues
–
–
–
–
–
Optimum voice support
QoS preservation
‘Local’ access to data
Scale to 802.11n throughputs
Band-steering capability
Local Switching Capability
• Most direct path
– Optimal data flow
– Extremely low latency
• Optimized for Voice Over IP
– High quality calls
– Eliminates dropped calls
Distributed Switching
Local switching eases scalability
• Traffic forwarding
Handles 802.11n without upgrade
– Handled by the AP
• 802.11n
– No impact on controller
– Scales without upgrade
Offered load increases by up to 10x
.11n
.11n
.11n
Balancing Resources
•
Most Wi-Fi devices default to 2.4Ghz (better range)
–
•
Increases contention for spectrum, while 5Ghz virtually unused
WLAN improved by steering 5Ghz-capable clients to 802.11a/n
–
Provides 30-40% better bandwidth utilisation with no cost
802.11b/g
802.11a
Dynamic Load Balancing
•
Clients tend to collect on same AP
–
•
But often the client is in range of other APs that are idle
APs collaborate to balance client load more evenly
–
Takes account of global load-balancing policies
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure
Manageable
Cost Effective
Growth
Safety and Security
• Key Issues
–
–
–
–
–
–
–
–
–
Secure session mobility
System-wide fast handoffs between APs
Standards compliant
Identity-based networking
Built-in Firewall and Intrusion Detection System
Endpoint Integrity integration
Safe and scaleable guest access
Location-aware access control
Dynamic authorisations
Secure, Identity-Based Roaming
Central
Policies
•
User credentials define access and
network resource privileges
•
Different groups with different privileges
share infrastructure
AAA
•
Privileges and services follow users as
they roam
Credentials
& services
follow user
•
Overlay on Layer 2/3 network
–
2
No VLAN / Subnet changes
1
User
roams
Security
Location Tracker
X
Guests
AAA
Servers
802.1X
Authentication
Intrusion
Detection &
Protection
Rogue AP
RingMaster
Strong
Encryption
X
Rogue User
Trusted Client
Authentication
Endpoint Integrity
Application Firewall
Intrusion Protection
• 802.1X, EAP-TLS,
PEAP, TTLS, MAC,
Web
• Trusted Network Connect
(Trusted Computing
Group)
• Per user, per station,
per group policy
enforcement
• Core WIDS/WIPS
• 802.11i, WPA2,
WPA, AES, CCMP
• Microsoft Network
Access Protection (NAP)
• Application-aware QoS
scheduling
• Scan, detect, locate,
disable Rogues
• Network Admission
Control (NAC)
• Time and location
based access control
• Location aware
access control
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable
Cost Effective
Growth
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable
Cost Effective
Growth
Network Management
•
Planning and Deployment
•
Configuration and Verification
•
Monitoring and Reporting
•
Advanced Location tracking
– Predictive planning tool
– Creates network plan
– Complete offline configuration
– System and service wizards
– Pushes configuration to MXs
–
–
–
–
By user, radio, AP, Controller, VLAN
Present location, roaming history
30 day history
WIDS/WIPS integration
LA Central Management
•
Predictive planning
• Plan entire buildings
• Supports CAD files with pre-configured layers
• 3 dimensional model takes account of other floors
• Auto computes attenuation based on building properties
• Auto generated wireless coverage map and work order
LA Central Management
•
Predictive planning
•
Network-wide
Deployment
• Easy two-click configuration
• Powerful wizards – Voice, security, switch configuration
• Cluster-based configuration management
• Network wide change management
• All possible as in-service upgrades
LA Central Management
•
Predictive planning
•
Network-wide
Deployment
•
Comprehensive
Monitoring
• Dashboard view
• Network wide fault correlation and location
• Drill down to details
• 1 hour to 30 day reporting
• End user custom reports
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective
Growth
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective
Growth
Easy Network Deployment
•
Non-disruptive overlay
–
–
–
–
•
Wireless Network
Industry standard security
–
–
–
–
–
–
•
Same security model
Same L2 / L3 topology
Same VLANs / Subnets
Zero changes required
Same directory / AAA
Active Directory, LDAP
All major RADIUS servers
802.1X authentication
WPA, WPA2 certified
AES CCMP encryption
Flexible Deployment Models
Wired Network
Same Solution Indoor/Outdoor
• Self-optimizing and load balancing
Indoor/Outdoor WLAN
• Distributed policy enforcement
• Single management platform
• Seamless indoor/outdoor roaming
• Best performance
• Lowe operating costs
Common Feature Set
Indoor / Outdoor
Flexible Deployment Options
• Cost effective controllers for small schools
– Primary, Library
– Failover to LA based controllers
• Controller-less schools option
– LA managed controller
– Local switching model
• Remote management
– Value-add from the LA
– Eliminates burden from school
Maximise Investment
• Load balancing uses WLAN resources better
• Capable of best in class voice services
• Scales easily to 802.11n with no controller upgrades
• Easiest to manage school district from one point
• Fully standards compliant from RF to Voice
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective 
Growth
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective 
Growth
Managed Wireless Architecture
Fat AP Architecture
Thin AP Architecture
Central & Distributed
CENTRALIZED
DISTRIBUTED
Security
Management
Security
Management
Security
Management
Reliability
Performance
Reliability
Performance
Reliability
Performance
Location Tracking
•
Find assets and staff quickly
–
Laptops, PDAs, Phones, Tags, Wi-Fi enabled devices
Modular Guest Access
Conventional
Authentication
End Point Integrity
Are you who you
claim to be?
Can your device be
trusted?
MAC Address, User ID,
Password, Keys
Virus definitions, Firewall,
Encryption
Advanced
Are you who
you claim to
be?
Access Control
Can your
device be
trusted?
What access have
you been granted?
Time-of-day, Location,
Bandwidth, Apps
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective 
Growth 
RM Managed Wireless Goals
Reliability 
Performance 
Safe & Secure 
Manageable 
Cost Effective 
Growth 
RM Managed Wireless
Questions?