March 22, 2011<br />iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile Devices<br />
Agenda<br />2<br />1<br />User Transition to Mobile Tablets and Devices<br />Best practices and tips for enabling reliable...
Your Users Have New ExpectationsThe Evolving Workplace Landscape<br />NEW SCHOOL<br />OLD SCHOOL<br /><ul><li>Anywhere, an...
Work is a function —Globally dispersed, mixed device ownership
Change in IT control and management paradigm
Enterprise provided mobile devices
Work is a place you go to—limited off campus access
IT visibility and control into user devices and applications</li></ul>Executive<br />Employee<br />IT<br />
The Transformation Of The Desktop Driven by Demand for Mobility<br />Traditional<br />Revolutionize<br />Modernized<br />C...
Key Market FindingsMobility Is Here to Stay<br />32%<br />50%<br />Employees globally rely on more than one mobile data de...
Key Market FindingsThe Challenge Is to Ensure Network Performance and Security<br />32%<br />74%<br />40%<br />57%<br />Em...
Embrace Mobility. Address Security.Some Questions to Consider<br />Do I have the WLAN capacity to support increase in mobi...
Best practices and tips:Providing a reliable and high performance wireless network<br />
Follow these steps: <br />Start Migration to 802.11n to Enhance Network Performance<br />1<br />2<br />3<br />4<br />5<br ...
Step 1: Migrate to 802.11n to Enhance Network Performance<br />Challenge<br /><ul><li>Scaling a growing number of tablets ...
Beam forming
Spatial multiplexing </li></ul>40 MHz Channels<br /><ul><li>Two adjacent 20 MHz channels are combined to create a single 4...
Block Acknowledgements</li></ul>Enables Throughput and Coverage Needed to Scale Mobile Devices<br />
Step 2: Configure for High Density   Wireless Deployments<br />Challenge<br /><ul><li>Properly configuring the WLAN to pro...
Step 2: Assess Application Bandwidth Requirements <br /><ul><li>Determine the bandwidth required for each user of the targ...
This is the aggregate bandwidth you will require in your space
Divide the aggregate by the protocol throughput to determine number of channels required in the space</li></li></ul><li>St...
Step 3: Improve Reliability and Coverage with Cisco ClientLink<br />Challenge<br /><ul><li>802.11a/g Client Connection Not...
Step 3: Optimize the Installation<br />Configure 2.4 GHz for 20MHz and three non-overlapping channels/cells<br />Provides ...
Step 4: Detect and Mitigate RF Interference with Cisco CleanAir<br />Challenge<br /><ul><li>Identifying and managing sourc...
Step 5: Improve Video Applications with Cisco VideoStream Technology<br />Challenge<br /><ul><li>Delivering high quality m...
Step 6: Implement Cisco Radio Resource Management <br />Challenge<br /><ul><li>Simplifying  RF Management to improve cover...
Best practices and tips:Implementing mobile device policies and secure network access<br />
Embrace Mobility. Address Security.Some Questions to Consider<br />How do I keep this flood of new devices off my network?...
Flood of New Devices<br />Which are corporate devices?<br />What corporate data is on these devices?<br />Security?<br />F...
Job Role<br />Supply Partner<br />Unmanaged desktop; complex support issues<br />Requires limited access to corporate reso...
Local LAN Access Policy<br />Partial Corporate  LAN Access <br />Full Corporate LAN Access<br />Managed / UnManaged<br />A...
Local LAN Access Policy<br />Partial Corporate  LAN Access <br />Full Corporate LAN Access<br />Managed / UnManaged<br />A...
Machine Access Restriction Solution<br />Full Access or Deny<br />Authentication<br />User authentication must be proceede...
Active Directory/User Certificate Solution<br />Authentication<br />Maintain the existing username/password infrastructure...
Network Access Control Solution<br />Profiling, Fingerprinting<br />Watermarking<br />Clientless<br />Profiling using MAC ...
Embrace Mobility. Address Security.Some Questions to Consider<br />How do I keep this flood of new devices off my network?...
Global Threat Telemetry<br />Global Threat Telemetry<br />Cisco Security Intelligence Operation<br />Cisco SensorBase<br /...
Threat Intelligence: SIO<br />Network Security<br />Access<br />Control<br />Secure Mobility<br />Content Security<br />Ci...
Upcoming SlideShare
Loading in …5
×

Support iPads, Tablets and Smartphones on your Wi-Fi: Best Practices

5,622 views
5,525 views

Published on

Learn actionable best-practices and tips to prepare your 802.11n wireless network for tablets, smartphones and other mobile devices. Step-by-step guide that you can implement today. Learn more: http://cisco.com/go/wireless

Published in: Technology, Business
0 Comments
6 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
5,622
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
0
Comments
0
Likes
6
Embeds 0
No embeds

No notes for slide

Support iPads, Tablets and Smartphones on your Wi-Fi: Best Practices

  1. 1. March 22, 2011<br />iPad. Galaxy. Cius. Best Practices to Support the influx of Mobile Devices<br />
  2. 2. Agenda<br />2<br />1<br />User Transition to Mobile Tablets and Devices<br />Best practices and tips for enabling reliable and secure mobile device access<br />Best practices and tips for enabling reliable and secure mobile device access<br />
  3. 3. Your Users Have New ExpectationsThe Evolving Workplace Landscape<br />NEW SCHOOL<br />OLD SCHOOL<br /><ul><li>Anywhere, anytime, any device usage
  4. 4. Work is a function —Globally dispersed, mixed device ownership
  5. 5. Change in IT control and management paradigm
  6. 6. Enterprise provided mobile devices
  7. 7. Work is a place you go to—limited off campus access
  8. 8. IT visibility and control into user devices and applications</li></ul>Executive<br />Employee<br />IT<br />
  9. 9. The Transformation Of The Desktop Driven by Demand for Mobility<br />Traditional<br />Revolutionize<br />Modernized<br />Centralized provisioning, management and security for users and applications<br />Apps<br />Apps<br />Virtual Apps<br />Virtual Apps<br />Virtual Apps<br />Virtual Apps<br />WinXP<br />WinXP<br />Thick Client<br />HVD<br />HVD<br />HVD<br />ZeroClient<br />Thin Client<br />Mobile Client<br />Virtualized Platforms<br />
  10. 10. Key Market FindingsMobility Is Here to Stay<br />32%<br />50%<br />Employees globally rely on more than one mobile data device during their typical workday<br />Global enterprises consider WLAN as mission critical to operations<br />
  11. 11. Key Market FindingsThe Challenge Is to Ensure Network Performance and Security<br />32%<br />74%<br />40%<br />57%<br />Employees use unmanaged devices on their corporate network<br />IT staff—security the biggest challenge<br />
  12. 12. Embrace Mobility. Address Security.Some Questions to Consider<br />Do I have the WLAN capacity to support increase in mobile devices?<br />How do I ensure business critical WLAN reliability?<br />How do I enforce security policies on non compliant devices?<br />How do I grant different levels of access to protect my network?<br />How do I ensure data loss prevention on devices where I don’t have visibility?<br />How should I address the cool kids (tech-savvy) who trade-up to new devices? New Policy?<br />How do I protect my Intellectual Property/personal information?<br />
  13. 13. Best practices and tips:Providing a reliable and high performance wireless network<br />
  14. 14. Follow these steps: <br />Start Migration to 802.11n to Enhance Network Performance<br />1<br />2<br />3<br />4<br />5<br />6<br />Design your Cisco 802.11n Network to Optimize Rich Media on Mobile Devices<br />Properly Configure for High Density Wireless Deployments<br />Improve Reliability and Coverage with Cisco ClientLink<br />Detect and Mitigate RF Interference with Cisco CleanAir<br />Improve Video Applications with VideoStream<br />Implement Cisco Radio Resource Management<br />
  15. 15. Step 1: Migrate to 802.11n to Enhance Network Performance<br />Challenge<br /><ul><li>Scaling a growing number of tablets and mobile devices accessingbandwidth intensive applications across the WLAN</li></ul>Advantage<br /><ul><li>802.11n optimizes high bandwidth data, voice and video applications on Wi-Fi enabled devices</li></ul>7x higher throughput<br />More reliable and predictable coverage<br /><ul><li>Backwards compatibility with 802.11a/b/g clients</li></ul>Primary 802.11n Components<br />Multiple Input Multiple Output (MIMO)<br /><ul><li>Maximal Ratio Combining
  16. 16. Beam forming
  17. 17. Spatial multiplexing </li></ul>40 MHz Channels<br /><ul><li>Two adjacent 20 MHz channels are combined to create a single 40 MHz channel</li></ul>Improved MAC Efficiency<br /><ul><li>Packet aggregation
  18. 18. Block Acknowledgements</li></ul>Enables Throughput and Coverage Needed to Scale Mobile Devices<br />
  19. 19. Step 2: Configure for High Density Wireless Deployments<br />Challenge<br /><ul><li>Properly configuring the WLAN to provide reliable network access to Wi-Fi enabled devices users in increasingly concentrated areas</li></ul>Advantage<br /><ul><li>These RF design best practices help fine tune the network in advance to accommodate high density areas </li></ul>Assess the application’s Bandwidth Requirements Per user<br />Define the supported wireless protocols—calculate required channels<br />132<br />36<br />48<br />60<br />100<br />149<br />104<br />116<br />64<br />52<br />44<br />36<br />Efficient RF Design Improves Coverage for Mobile Devices in Concentrated Areas<br />
  20. 20. Step 2: Assess Application Bandwidth Requirements <br /><ul><li>Determine the bandwidth required for each user of the target application</li></ul>Determine the minimum acceptable throughput applications require—design for the highest bandwidth requirement<br /><ul><li>Multiply this number by the number of connections/seats that you need to support
  21. 21. This is the aggregate bandwidth you will require in your space
  22. 22. Divide the aggregate by the protocol throughput to determine number of channels required in the space</li></li></ul><li>Step 2: Protocol Selection—Important? Why? <br />Beacon Size (Bytes)<br />250<br />300<br />200<br />100<br />350<br />DSSS<br />1<br />896<br />1969<br />2096<br />2496<br />2896<br />2<br />496<br />896<br />1096<br />1296<br />1496<br />5.5<br />241<br />387<br />460<br />532<br />605<br />11<br />169<br />241<br />276<br />314<br />351<br />OFDM<br />6<br />153<br />287<br />353<br />420<br />487<br />12<br />87<br />153<br />187<br />220<br />253<br />24<br />53<br />87<br />103<br />120<br />137<br />54<br />35<br />50<br />57<br />64<br />72<br />130<br />26<br />32<br />35<br />38<br />42<br />300<br />23<br />25<br />27<br />28<br />29<br />802.11 b/g/a/n and Duty Cycle<br />Time µS<br />
  23. 23. Step 3: Improve Reliability and Coverage with Cisco ClientLink<br />Challenge<br /><ul><li>802.11a/g Client Connection Not Optimized, Creating Coverage Holes</li></ul>Advantage<br /><ul><li>ClientLink uses Beam Forming to Direct Signal to Improve Performance and Coverage for 802.11a/g Devices</li></ul>802.11a/g<br />802.11a/g<br />WithoutClientLink and Beam Forming<br />WithClientLink and Beam Forming<br />Up to 65% Increase in Throughput<br />Up to 27% Improvement in Channel Capacity<br />Existing 802.11n Solutions Beam Strength Not Directed to Client<br />Increases Overall Wireless System Capacity in Mixed Client Environment<br />
  24. 24. Step 3: Optimize the Installation<br />Configure 2.4 GHz for 20MHz and three non-overlapping channels/cells<br />Provides greater flexibility for access point placement for optimal coverage and capacity<br />Disable lower data rates in 2.4GHz<br />Encourage clients to use 5-GHz by enabling Cisco BandSelect<br />BandSelect directs clients to 5 GHz optimizing RF usage<br />Better usage of the higher capacity 5GHz band<br />Frees up 2.4 GHz for single band clients<br />Consider using DFS Channels—Supported by Cisco Cius , Apple iPad, Intel 5100/5300/6200/6300 radios<br />Dual-Band Client Radio 2.4/5GHz <br />Discovery Probes<br />Looking for AP<br />Discovery Response<br />2.4<br />5<br />802.11n<br />
  25. 25. Step 4: Detect and Mitigate RF Interference with Cisco CleanAir<br />Challenge<br /><ul><li>Identifying and managing sources of RF interference that impact application performance on mobile devices </li></ul>Advantage<br /><ul><li>CleanAir uses silicon-level intelligence in the access point to improve Air Quality and mobility experience of end-users</li></ul>Detects and classifies interference<br />Locates problem sources<br />Automatically avoids interference<br />POOR<br />GOOD<br />CH 11<br />Maintain Air Quality<br />CH 1<br />Improves Connectivity of Mobile Devices by Eliminating Impact of Interference<br />
  26. 26. Step 5: Improve Video Applications with Cisco VideoStream Technology<br />Challenge<br /><ul><li>Delivering high quality multicast video on mobile devices at scale</li></ul>Advantage<br /><ul><li>Provides HD multicast video by protecting QoS of all streams with Prioritization and RRC </li></ul>Primary 802.11n Components<br />Stream Prioritization<br />Resource Reservation Control<br />MULTICAST STREAM<br />VIDEO NOTAVAILABLE<br />COMPANY ALL HANDS<br />TRAINING PROGRAM<br />AP<br />AP<br />AP<br />WLC<br />LIVE SPORTING EVENT<br />UNICAST STREAMS<br />Efficiently Scales Enterprise-Class Video Collaboration on Mobile Devices<br />
  27. 27. Step 6: Implement Cisco Radio Resource Management <br />Challenge<br /><ul><li>Simplifying RF Management to improve coverage and network performance</li></ul>Advantage<br /><ul><li>Automates RF management </li></ul>Access point channel assignments and output power<br />Coverage hole compensation <br /><ul><li>Enables Full RF visibility</li></ul>Access points at maximum power<br />Configuration mismatches<br />Channel changes/ change reason<br />Coverage hole events<br />Provides Quick Assessment and Adjustment of RF Environment for Enhanced Connectivity <br />
  28. 28. Best practices and tips:Implementing mobile device policies and secure network access<br />
  29. 29. Embrace Mobility. Address Security.Some Questions to Consider<br />How do I keep this flood of new devices off my network?<br />How do I grant different levels of access to protect my network?<br />How do I deal with people who trade-up to new devices?<br />How do I ensure data loss prevention and malware protection?<br />How do I enforce security policies on non compliant devices?<br />How does remote access differ from local LAN access?<br />Do I have the WLAN capacity to support increase in mobile devices?<br />How do I ensure business critical WLAN reliability?<br />How do I enforce security policies on non compliant devices?<br />How do I grant different levels of access to protect my network?<br />How do I ensure data loss prevention on devices where I don’t have visibility?<br />How should I address the cool kids (tech-savvy) who trade-up to new devices? New Policy?<br />How do I protect my Intellectual Property/personal information?<br />How do I keep this flood of new devices off my network?<br />How do I grant different levels of access to protect my network?<br />How do I deal with people who trade-up to new devices?<br />How do I ensure data loss prevention and malware protection?<br />How do I enforce security policies on non compliant devices?<br />How does remote access differ from local LAN access?<br />How do I keep this flood of new devices off my network?<br />How do I grant different levels of access to protect my network?<br />How do I enforce security policies on non compliant devices?<br />How do I deal with people who trade-up to new devices?<br />How do I ensure data loss prevention and malware protection?<br />How do I enforce security policies on non compliant devices?<br />How does remote access differ from local LAN access?<br />
  30. 30. Flood of New Devices<br />Which are corporate devices?<br />What corporate data is on these devices?<br />Security?<br />Friend or Foe?<br />Managed vs. UnManaged<br />
  31. 31. Job Role<br />Supply Partner<br />Unmanaged desktop; complex support issues<br />Requires limited access to corporate resources<br />Employee<br />Managed desktop; potentially unmanaged personal devices<br />Full access for managed devices<br />Contractor, Temp <br />Access requirementsvary greatly. Unmanaged or managed devices; access needs to be limited<br />Teleworker<br />Managed desktop; unmanaged personal devices <br />Requires consistent LAN-like performance<br />
  32. 32. Local LAN Access Policy<br />Partial Corporate LAN Access <br />Full Corporate LAN Access<br />Managed / UnManaged<br />Asset<br />Guestnet / Deny<br />Role<br />Managed<br />Employee<br />UnManaged<br />Managed<br />Contractor<br />UnManaged<br />Vendor / Guest<br />UnManaged<br />
  33. 33. Local LAN Access Policy<br />Partial Corporate LAN Access <br />Full Corporate LAN Access<br />Managed / UnManaged<br />Asset<br />Guestnet / Deny<br />Role<br />Managed<br />Employee<br />UnManaged<br />Managed<br />Contractor<br />UnManaged<br />Vendor / Guest<br />UnManaged<br />
  34. 34. Machine Access Restriction Solution<br />Full Access or Deny<br />Authentication<br />User authentication must be proceeded by machine authentication<br />Calling station ID database<br />ACS 4.0 or greater<br />Requires user and machine credentials<br />Typically used with username/password<br />Enterprise LAN<br />
  35. 35. Active Directory/User Certificate Solution<br />Authentication<br />Maintain the existing username/password infrastructure for partial LAN access<br />Deploy user certificates to all managed devices for local LAN or remote access authentication<br />Certificates must be locked to the device<br />Certificate Revocation List<br />Web Enrollment<br />Simple Certificate Enrollment Protocol (SCEP)<br />Web Search: “Windows server certificate services”<br />
  36. 36. Network Access Control Solution<br />Profiling, Fingerprinting<br />Watermarking<br />Clientless<br />Profiling using MAC OUI, DHCP, HTTP, DNS<br />Customizable profiles<br />Regular profile updates<br />The RIGHT Person<br />On the RIGHT Device<br />In The RIGHT Way<br />
  37. 37. Embrace Mobility. Address Security.Some Questions to Consider<br />How do I keep this flood of new devices off my network?<br />How do I grant different levels of access to protect my network?<br />How do I deal with people who trade-up to new devices?<br />How do I ensure data loss prevention and malware protection?<br />How do I enforce security policies on non compliant devices?<br />How does remote access differ from local LAN access?<br />
  38. 38. Global Threat Telemetry<br />Global Threat Telemetry<br />Cisco Security Intelligence Operation<br />Cisco SensorBase<br />Threat Operations Center<br />Advanced Algorithms<br />8:10 GMT<br />All Cisco Customers Protected<br />Ad Agency HG in London<br />Bank Branch in Chicago<br />ISP Datacenter in Moscow<br />8:00 GMT Detects New Malware<br />8:03 GMT Sensor Detects Hacker Probing<br />8:07 GMT Sensor Detects New Botnet<br />Higher Threat Coverage, Greater Accuracy, Proactive Protection<br />
  39. 39. Threat Intelligence: SIO<br />Network Security<br />Access<br />Control<br />Secure Mobility<br />Content Security<br />Cisco Security Solutions Portfolio<br />ASA, <br />ASA for Catalyst, VSG, <br />ASA with IPS, <br />IPS 4200, <br />ISR IOS security, <br />ASR, <br />CSM<br />Access Control Server, TrustSec,<br />NAC<br />ASA SSL VPN, <br />ASA IPSEC VPN, Adaptive Wireless IPS, Cisco Virtual Office, AnyConnect<br />IronPort Email Security Appliance, <br />IronPort Web Security Appliance, <br />ScanSafe Web Security<br />Secure Cloud and Virtualization<br />
  40. 40. Existing Architecture<br />Leverage Current Investments<br />Leverage On-Premise Security<br />CENTRALIZED SECURITY<br />Malware Threat Protection<br />Acceptable Use Policy<br />Centralized Policy Enforcement<br />AnyConnect Always-On VPN<br />Traffic Backhauled<br />MainOffice<br />IronPortWeb Security Appliance<br />Remote User<br />BranchOffice<br />DataCenter<br />
  41. 41. Cloud Security<br />Malware Threat Protection<br />Acceptable Use Policies<br />DE-CENTRALIZED SECURITY<br />Distributed Policy Enforcement<br />VPN Data Center Access<br />Security and VPN Clients<br />Minimum Backhaul<br />MainOffice<br />MobileUser<br />DataCenter<br />InternetCafé<br />MobileUser<br />InternetCafé<br />
  42. 42. www.cisco.com/go/securityreport<br />
  43. 43. How do I keep this flood of new devices off my network?<br />How do I grant different levels of access to protect my network?<br />How do I deal with people who trade-up to new devices?<br />How do I ensure data loss prevention and malware protection?<br />How do I enforce security policies on non compliant devices?<br />How does remote access differ from local LAN access?<br />Embrace Mobility. Address Security.Some Questions to Consider<br />
  44. 44. Cisco SecureX: The Ultimate Security SolutionAnnounced at RSA<br />Keep Bad Stuff Out<br />Protect Good Stuff<br />Enable Productivity and Innovation<br />Keep Critical Services Running<br />Be Inbounds/ Compliant<br />Requires an Architectural Approach<br />
  45. 45. Borderless Network ArchitectureEnabling Mobility—Securely, Seamlessly and Reliably<br />Architecture for Agile Delivery of the Borderless Experience<br />BORDERLESS END-POINT/USER SERVICES<br />Securely, Reliably, Seamlessly:AnyConnect<br />POLICY<br />App Performance: App Velocity<br />Energy Management: EnergyWise<br />Multimedia Optimization: Medianet<br />Mobility:Motion<br />Security:TrustSec<br />BORDERLESS NETWORK SERVICES<br />MANAGEMENT<br />BORDERLESS NETWORK SYSTEMS<br />APIs<br />Core<br />Fabric<br />Extended Cloud<br />ExtendedEdge<br />Unified<br />Access<br />Application Networking/ Optimization<br />BORDERLESSINFRASTRUCTURE<br />Switching<br />Security<br />Routing<br />Wireless<br />SMART PROFESSIONAL AND TECHNICAL SERVICES: Realize the Value of Borderless Networks Faster<br />
  46. 46. Cisco’s Borderless Networks Solutions Prepare Your Enterprise Network for Mobile Devices <br />Implement a high capacity, high performance WLAN. <br />Enable context-aware security for end-points and the network<br />Meet User Demand for Mobility<br />
  47. 47. Key Resources<br />White Paper: Optimize the Cisco Unified Wireless Network to Support Wi-Fi Enabled Phones and Tablets<br />http://wifi-cs.co/ijRBqz<br />White Paper: The Future of Network Security: Cisco SecureXArchitecture<br />http://wifi-cs.co/jVazao<br />

×