…  Extend Your Business  Mobilize Your Network …  Colubris Networks Product Overview
Wilfredo López Escobar DATEN  System Engineer   Caribbean and Latin America [email_address]
What is Wi-Fi? <ul><li>Wireless Ethernet – WLAN IEEE 802.11 </li></ul><ul><li>Broadband wireless data service that connect...
Colubris Overview Mission: Industry-leading developer of unified  multiservice  WLAN/LAN systems <ul><li>Highly  scalable ...
Distributed Intelligence  VPN Termination/Aggregation <ul><li>Distributed Intelligence –  VPN termination on AP eliminates...
Next Generation WLAN Architecture Smart Access Management & Control (incl. 1 st  Gen WLAN Switch) Scalability & Services B...
Localized Services Policy Control <ul><li>Services   applied at AP </li></ul><ul><li>Distributed  architecture with  Centr...
Colubris WLAN Solution InMotion VoIP-PBX InCharge  CNMS InCharge RF Security Server  L2/L3 Switch Internet Gateway Interne...
Product Application- Mobility <ul><li>Voice Over WLAN Service </li></ul><ul><ul><li>Highest R-values and voice session cap...
Free or Fee-based Hotspot Services <ul><li>Cafes and restaurants </li></ul><ul><li>Hotels and marinas </li></ul><ul><li>Tr...
Public Interface
Internal Web Page
Original URL and Session Page
Customized Local (MSC) Pages
Rich Content Remote WEB server Page
Interactive Captive Portal
Payment options
Credit Card Payment
Public Internet Access Industry Structure <ul><li>Wireless service provider </li></ul><ul><ul><li>Owns and operates WLAN i...
Global Hospitality Customers and Partners Hotspot Service Partners Global Customer Base
Public Access Service Business Models <ul><li>Service branding </li></ul><ul><ul><li>Private label for venue </li></ul></u...
Public Access Solution Partners Speed Entry <ul><li>Back-office service partners lower barriers to entry </li></ul><ul><ul...
Public Access Service Network Components Back Office Firewall/ Router WLAN  Access Point (s) Service  Provider NOC Service...
CIMS Fully Integrated Public Access Solution Back Office InMotion  MSC InReach  MAP(s) InCharge  Colubris  NMS (CNMS) Serv...
CIMS Meets Public Access Business Needs <ul><li>Easy for Customers to Use </li></ul><ul><ul><li>Colubris “Zero Configurati...
Fixed Network Infrastructure Wireless Network Infrastructure Defining  W ireless LANS Components of a Generic 802.11  Newo...
Wi-Fi Primer <ul><li>Interoperability:  Wi-Fi Alliance  </li></ul><ul><li>Governing standard:  IEEE 802.11 </li></ul>Speci...
SSID and Windows XP
VAPs – Access Contol lists and Backend Services LAN/WAN SSID=Admin Security=VPN QoS=P2 RADIUS Profile 2 ACL 3 SSID=Voice S...
Multi-Service WLANs for Higher Education LAN/MAN/WAN SSID=Faculty Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff...
GSM / Wi-Fi phones are here
Toll-Quality Voice Service <ul><li>Broad QoS support for VoWLAN handsets </li></ul><ul><ul><li>SpectraLink, 802.11e, Vocer...
Multimedia Service <ul><li>WMM/802.11e EDCA QoS protocol support </li></ul><ul><ul><li>Four classes of service enable rich...
Colubris: QoS Enforced at the AP Edge <ul><li>Policies applied at WLAN/wired network boundary </li></ul><ul><ul><li>Mappin...
Interoperability with QoS-Capable Clients <ul><li>Protocol-based policy enables client device to request priority </li></u...
WMM for Voice over Wi-Fi Support Corporate Server VoIP Gateway SSID=Voice Security=WEP SSID=Employee Security=WPA SSID=Voi...
Problems with next generation Solutions Phone IP NEW  IP Inter AP Roam – re associate & KEY  .. .. .. .. .. .. .. .. .. .....
Large Site / Campus deployment VLAN Switch In Motion MSC VoIP-PBX Control /  mgmt Call Setup Legend: Call CNMS Management ...
InMotion ™  Delivers New Services <ul><li>New  Industry-leading Voice Over WLAN Service </li></ul><ul><ul><li>Highest R-va...
Retail Multi-Service WLAN LAN/WAN Retailer Headquarters Supplier Headquarters Back-end  Hotspot Services AAA NMS Billing P...
Healthcare Multi-service WLAN LAN/MAN/WAN SSID=Admin Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Guest S...
Data Network Security <ul><li>3 Requirements </li></ul><ul><li>Access Control – Bi directional, verifiable, centrally Mana...
Wi-Fi Security <ul><li>WEP – Wired Equivalent Privacy </li></ul><ul><ul><li>Original 802.11 encryption scheme RC4 - Static...
Managed Services Network Components Firewall/ Router WLAN  Access Point (s) Service Provider NOC Service Provider NMS <ul>...
CIMS Managed WLAN Services Solution <ul><li>Easy WLAN access to multiple voice, video, data network services </li></ul><ul...
Colubris Unique Selling Proposition <ul><li>Centralized management and control minimizes OpEx </li></ul><ul><li>Distribute...
WLAN System Components
Colubris Products Product Type 1 Radio 2 ports total 2 Radios 3 ports total Appliance  No Radio, 4 Ethernet Ports only In ...
Access Controller
Product Positioning Performance- User Capacity, Future Proofing Features- Connectivity, Security, Mobility MSC-3200 MSC-33...
InMotion ™  MultiService Controllers Specifications MSC-5200 MSC-5500 Software Configuration COS Access Service COS Servic...
Firewall
NAT
VPN Client To protect the VPN, add the following definitions to the access list: access-list=vpn,DENY,all,192.168.30.0/24,...
Centralized Mode
Dual Radio Access Device Features <ul><li>Industry first dual a/b/g radios </li></ul><ul><ul><li>Two channels on single ba...
Single Radio vs Dual Radio
Extended Access Control Network
Network Topology - WDS MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Access line Client Client client Client Client Client Clien...
Rogue AP Detection and Reporting <ul><li>Wireless RF Scanning </li></ul><ul><ul><li>Use of existing, authorized APs for wi...
Outdoor Rated Enclosure: MSC-3200R, MAP-320R <ul><li>Die-Cast Aluminum, NEMA 67 rating </li></ul><ul><li>2 waterproof N-ty...
Locking Mounting Bracket <ul><li>Die-Cast Aluminum </li></ul><ul><li>Wall or Ceiling Mountable </li></ul><ul><li>Compatibl...
CNMS - WiFi Network Management
WiFi Network Management
CNMS Overview NMS Authentication RADIUS SNMP NOC WAN/LAN Campus A Campus B CN3200 CN320 CN3200 CN1250 SNMP/HTTP/TFTP CNMS ...
Colubris Networks Offers a Comprehensive RF Security and Management Solution <ul><li>InCharge RF Server </li></ul><ul><li>...
<ul><li>InCharge RF Server </li></ul><ul><ul><li>Two appliance models support up to 50 sensors or up to 200 sensors </li><...
The Threat!!!; Eight Major Classes of  Wi-Fi Threats Firewalls, VPNs, and 802.11 Security Standards Do Not Prevent These W...
Monitor/Detect <ul><li>Scan all bands </li></ul><ul><ul><li>2.4 GHz and 5 GHz </li></ul></ul><ul><li>Detect all Wi-Fi acti...
Visualize <ul><li>Make your airwaves visible </li></ul><ul><li>View RF coverage in real    time </li></ul><ul><ul><li>Hand...
Auto-Classify <ul><li>Comprehensive </li></ul><ul><ul><li>Access points </li></ul></ul><ul><ul><ul><li>Authorized, Rogue, ...
Prevent <ul><li>Over-the-air </li></ul><ul><ul><li>Ensures non-stop protection </li></ul></ul><ul><li>Instantaneous </li><...
Locate <ul><li>Precise </li></ul><ul><ul><li>Locates rogues and other Wi-Fi security threats for physical remediation </li...
Prevent Wi-Fi Threats in a Non Wi-Fi Network <ul><li>Even if you have no 802.11 AP’s, most laptops have 802.11 cards </li>...
Rogue AP Blocking <ul><li>Rogue AP is Detected </li></ul><ul><ul><li>Over-the-air detection </li></ul></ul><ul><ul><li>Net...
Prevent Client Mis-Association Enterprise Network Neighboring Network SSID:  a1b2c3 SSID:  a1b2c3 SSID:  a1b2c3 X X X X <u...
Prevent MAC & Air-Jack Attack Enterprise Network SSID:  a1b2c3 MAC:  00.20.A6.4C.1A.46 SSID:  a1b2c3 MAC: 00.20.A6.4C.1A.4...
Denial of Service Attack Prevention <ul><li>Wi-Fi Denial of Service can shut down your network </li></ul><ul><li>Blocks Do...
Complete Protection Requires Simultaneous Threat Prevention Enterprise Network X X X X X Rogue AP  Single Sensor must bloc...
Knowledge-Based Troubleshooting <ul><li>Step-by-step flowchart </li></ul><ul><ul><li>Connectivity and performance problems...
Knowledge-based Troubleshooting (cont’d)  <ul><li>Administrator logs into the InCharge RF Server &  chooses the device to ...
Customizable Reports This custom report captures uncategorized & unauthorized clients that are not quarantined!
Security & Performance Monitoring <ul><li>Monitor & alert for security and performance issues </li></ul><ul><li>Total of 1...
Availability <ul><li>Phase 1: GA End of October </li></ul><ul><ul><li>InReach 300P (dedicated sensor) </li></ul></ul><ul><...
A New Paradigm <ul><li>Determine AP and security    sensor  placement without    physical  walk around </li></ul><ul><li>M...
How it Works <ul><li>Predictive planning </li></ul><ul><ul><li>Input floor plan </li></ul></ul><ul><ul><li>Add building ma...
InCharge RF Planner  Wi-Fi Site Planning <ul><li>InCharge RF Planner </li></ul><ul><ul><li>Site Planner for Wireless LAN A...
Wi-Fi Site Planning <ul><li>Software Planning Tool </li></ul><ul><ul><li>Import or create floor plans </li></ul></ul><ul><...
Wireless LAN Coverage <ul><li>Model building RF    reflection, refraction, and    absorption </li></ul><ul><li>Import floo...
Redundancy Planning <ul><li>Eliminate blind spots </li></ul><ul><li>Model 802.11 a/b/g </li></ul><ul><li>Minimize AP    re...
Link Speed <ul><li>Performance    optimization modeling  </li></ul><ul><li>Model 802.11a/b/g  </li></ul><ul><li>Building s...
Channel Allocation <ul><li>Visualize Channel    Overlap to minimize    interference </li></ul><ul><li>Model various scenar...
Channel Interference <ul><li>Minimize Interference </li></ul><ul><li>Model multiple    scenarios </li></ul><ul><li>Optimiz...
Security Exposure <ul><li>Know where you are    vulnerable </li></ul><ul><li>Model various scenarios    to minimize risk <...
Comprehensive Security Coverage Planning <ul><li>Accurately determines    number of sensors based on    customer specific ...
Work Order <ul><li>Automatic work order    generation </li></ul><ul><li>Detailed management    reporting </li></ul><ul><li...
Global Customer Deployments Wireline  Wireless  Cable  ISP  Hospitality  Retail  Education  Transportation  Sporting Venue...
Customer Success: McDonald’s Restaurants McDonald's is the leading global foodservice retailer with more than 30,000 resta...
McDonald’s “Store of the Future” VSC 1 VSC 2 Roaming Quality Audits <ul><li>Segment Traffic  </li></ul><ul><li>WPA Securit...
Customer Success:  Wendy's Wendy’s is one of the world's largest restaurant operating and franchising companies with more ...
Wendy’s Common WLAN Infrastructure Restaurant Automation <ul><li>Segment Traffic  </li></ul><ul><li>P2 Priority </li></ul>...
Gander Mountain “Store of the Future” VSC 1: Associate Communication <ul><li>Segment Traffic </li></ul><ul><li>WEP Securit...
Customer Success:  Emory University Trigger Events: <ul><li>Availability of unified WLAN voice and data network technology...
Emory University Ubiquitous WLAN VSC 1 VSC 2 VPN Data Service <ul><li>Segment Traffic  </li></ul><ul><li>VPN Security </li...
Customer Success:  SJ Trigger Events: <ul><li>“ Internet On Track” -- The first full fleet roll out by a train operator of...
SJ “Internet On Track” Service Data Collection Train Data Monitor Hotspot Intelligent Access & Service Control <ul><li>Seg...
Wi-Fi on the Train Head Car Rear Car Middle Cars (7) Mobility Router GPRS, EDGE, CDMA, UMTS, WCDMA, 3G and satellite techn...
Customer Success:  Sprint Sprint is a Fortune 100 company with more than $27 billion in annual revenues in 2004, Sprint is...
Sprint “Enterprise Wi-Fi Access” Service Hotspot Intelligent Access & Service Control <ul><li>Segment traffic per VSN for ...
Customer Success:  Best Western Europa The Europa is a 180-room business hotel located in downtown Montreal and a franchis...
Best Western MultiService WLAN Guest Internet Access Service Intelligent Access & Service Control <ul><li>Segment traffic ...
Veteran Leadership Team <ul><li>Barry Fougere - President & CEO </li></ul><ul><li>A.T. Kearney, EDS, Cambridge Strategic M...
Demonstration Setup MSC-3300 MAP-330 5.8GHz WDS Secure Link In Charge CNMS 192.168.2.20 RADIUS/Apache 192.168.2.99 WIN2K S...
Upcoming SlideShare
Loading in...5
×

Colubris Basic Customer Presentation

4,750
-1

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,750
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
132
Comments
0
Likes
1
Embeds 0
No embeds

No notes for slide
  • Colubris Basic Customer Presentation

    1. 1. … Extend Your Business Mobilize Your Network … Colubris Networks Product Overview
    2. 2. Wilfredo López Escobar DATEN System Engineer Caribbean and Latin America [email_address]
    3. 3. What is Wi-Fi? <ul><li>Wireless Ethernet – WLAN IEEE 802.11 </li></ul><ul><li>Broadband wireless data service that connects mobile devices to an Ethernet network </li></ul><ul><ul><ul><li>Data rates: 11 to 54 Mbps </li></ul></ul></ul><ul><ul><ul><li>Distance: 300 ft, depending on antenna and environment </li></ul></ul></ul>Ethernet Wi-Fi Access Point Network
    4. 4. Colubris Overview Mission: Industry-leading developer of unified multiservice WLAN/LAN systems <ul><li>Highly scalable business mobility solutions for enterprises and service providers </li></ul>Market Leadership: Over 1,000 customers worldwide <ul><li>60,000 WLAN devices installed, worldwide </li></ul><ul><li>#2 global market share in hospitality and service provider; #1 in transportation </li></ul>Founded in 2000; HQ in Waltham, MA Profile: <ul><li>Strategic Partners – Alcatel, Juniper, Avaya </li></ul><ul><li>#1 privately held WLAN company </li></ul>
    5. 5. Distributed Intelligence VPN Termination/Aggregation <ul><li>Distributed Intelligence – VPN termination on AP eliminates separate WLAN infrastructure </li></ul><ul><li>Secure VPN perimeter from client-to-corporate LAN </li></ul><ul><ul><li>On-board encryption accelerator optimizes performance </li></ul></ul><ul><li>Local termination enables simplicity, greater scale </li></ul><ul><ul><li>Back-end aggregation to fewer VPN tunnels </li></ul></ul><ul><li>Secure VPN management interface </li></ul>SSID=Employee Security=VPN CN1250 Employees Corporate HQ AAA NMS DHCP VPN Server Wide Area Network
    6. 6. Next Generation WLAN Architecture Smart Access Management & Control (incl. 1 st Gen WLAN Switch) Scalability & Services Breadth
    7. 7. Localized Services Policy Control <ul><li>Services applied at AP </li></ul><ul><li>Distributed architecture with Centralized management and control NOT in Data Path </li></ul><ul><li>Adds centralized WLAN QoS , security and roaming to existing LAN </li></ul><ul><li>10x higher scalability than WLAN switch solutions </li></ul><ul><li>Leverages commercial AP chips for reduced costs </li></ul><ul><li>Smooth migration to unified switch and 802.11n standards </li></ul>WLAN RF & system mgt. QoS and security enforcement, packet forwarding AP AP NMS Central QoS and security control, roaming MultiService Controller LAN Policy Data Base
    8. 8. Colubris WLAN Solution InMotion VoIP-PBX InCharge CNMS InCharge RF Security Server L2/L3 Switch Internet Gateway Internet InReach VLAN Switch VLAN Switch .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    9. 9. Product Application- Mobility <ul><li>Voice Over WLAN Service </li></ul><ul><ul><li>Highest R-values and voice session capacity </li></ul></ul><ul><ul><li>More than 28% lower jitter than competitors </li></ul></ul><ul><li>Fast, Secure Intra/Inter Subnet Roaming Service </li></ul><ul><ul><li>Mobility Enabled for real-time applications </li></ul></ul><ul><ul><li>Secure WPA2 hand-offs < 50 milliseconds </li></ul></ul><ul><li>RF Security and Management </li></ul><ul><ul><li>Embedded Wireless IDS/IPS Sensor </li></ul></ul><ul><ul><li>Active load balancing and congestion management </li></ul></ul>VSC 2 VSC 1 Voice Telephony <ul><li>Segment Traffic </li></ul><ul><li>P1 QoS Priority </li></ul><ul><li>PBX Destination Filter </li></ul>Data Applications <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul><ul><li>P3 QoS Priority </li></ul>Server VoIP PBX VLAN Switch Intelligent MultiService System
    10. 10. Free or Fee-based Hotspot Services <ul><li>Cafes and restaurants </li></ul><ul><li>Hotels and marinas </li></ul><ul><li>Train stations </li></ul><ul><li>Increase foot traffic </li></ul><ul><li>Customer stays longer </li></ul><ul><li>Generate revenue </li></ul>FEE-BASED SERVICE OPPORTUNITIES <ul><li>Retailers, Malls </li></ul><ul><li>Municipalities </li></ul><ul><li>Increase foot traffic </li></ul><ul><li>Attract techno-savvy clients </li></ul>FREE SERVICE OPPORTUNITIES NOC CN3200 Access Network Kiosk Hotspot
    11. 11. Public Interface
    12. 12.
    13. 13. Internal Web Page
    14. 14. Original URL and Session Page
    15. 15. Customized Local (MSC) Pages
    16. 16. Rich Content Remote WEB server Page
    17. 17. Interactive Captive Portal
    18. 18. Payment options
    19. 19. Credit Card Payment
    20. 20. Public Internet Access Industry Structure <ul><li>Wireless service provider </li></ul><ul><ul><li>Owns and operates WLAN infrastructure </li></ul></ul><ul><li>Carrier </li></ul><ul><ul><li>Owns and operates Internet network service </li></ul></ul><ul><li>Back-office service provider </li></ul><ul><ul><li>Performs back-end authentication, billing, phone support </li></ul></ul><ul><li>Venue owner (hotel, restaurant, etc.) </li></ul><ul><li>Aggregator </li></ul><ul><ul><li>Markets services to end-users </li></ul></ul><ul><ul><li>Aggregates service operated by 3 rd party WSPs </li></ul></ul>End User Venue Owner Wireless Service Provider Back Office Service Provider Carrier
    21. 21. Global Hospitality Customers and Partners Hotspot Service Partners Global Customer Base
    22. 22. Public Access Service Business Models <ul><li>Service branding </li></ul><ul><ul><li>Private label for venue </li></ul></ul><ul><ul><li>Wireless service provider brand </li></ul></ul><ul><ul><li>Aggregator brand </li></ul></ul><ul><li>Revenue models </li></ul><ul><ul><li>Service paid by venue owner </li></ul></ul><ul><ul><li>Service paid by end user and split with venue owner </li></ul></ul><ul><ul><li>Service paid by aggregator and split with service provider and venue owner </li></ul></ul><ul><li>Various back office and carrier outsourcing models </li></ul>Aggregator Wireless Service Provider Back Office Service Provider Carrier
    23. 23. Public Access Solution Partners Speed Entry <ul><li>Back-office service partners lower barriers to entry </li></ul><ul><ul><li>CIMS supports billing and customer service outsourcing </li></ul></ul><ul><li>Aggregator (roaming) partners make hotspots part of a larger network </li></ul><ul><ul><li>CIMS interoperability enables WSP to join large aggregator networks </li></ul></ul>Back-office Service Partners Aggregator Partners
    24. 24. Public Access Service Network Components Back Office Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS Broadband client connectivity Client authentication, service presentation, billing support Routing services, security Access Gateway NMS manages and controls public access infrastructure, Portal delivers web content to clients Back Office Subscriber authentication, Credit card processing Public Internet Access Venue Portal Carrier Internet Service Cable/DSL Modem
    25. 25. CIMS Fully Integrated Public Access Solution Back Office InMotion MSC InReach MAP(s) InCharge Colubris NMS (CNMS) Service Provider <ul><li>MultiService client connectivity </li></ul><ul><li>Turnkey public access CPE solution </li></ul><ul><li>Integrated access gateway, router, firewall, access point </li></ul><ul><li>CNMS manages and controls geographically distributed public access infrastructure </li></ul>Back Office <ul><li>Comprehensive support for AAA and back-office billing systems </li></ul>Public Access Venue Portal Carrier Internet Service Cable/DSL Modem CNMS MultiService Controller MultiService Access Point
    26. 26. CIMS Meets Public Access Business Needs <ul><li>Easy for Customers to Use </li></ul><ul><ul><li>Colubris “Zero Configuration” service interface </li></ul></ul><ul><ul><li>Per user bandwidth management </li></ul></ul><ul><li>Range of Billing Models </li></ul><ul><ul><li>Rich AAA interface supports range of billing models </li></ul></ul><ul><ul><li>Location-aware billing support </li></ul></ul><ul><li>Minimizes Operating Costs </li></ul><ul><ul><li>Highly reliable integrated system </li></ul></ul><ul><ul><li>Central WLAN management system for ease of operation </li></ul></ul><ul><li>Low Deployment Costs </li></ul><ul><ul><li>Low cost, purpose-built solutions are easy to install </li></ul></ul>Public Access Venue NOC CNMS WLAN Mgmt AAA, Billing, Portal Internet VSC 1 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Bandwidth Management </li></ul>Intelligent MultiService System
    27. 27. Fixed Network Infrastructure Wireless Network Infrastructure Defining W ireless LANS Components of a Generic 802.11 Nework AP AP STA STA Router Switch Internet Protocol: CSMA-CA w/ ACK
    28. 28. Wi-Fi Primer <ul><li>Interoperability: Wi-Fi Alliance </li></ul><ul><li>Governing standard: IEEE 802.11 </li></ul>Specification Ratified Data Rate Distance (dipole) Frequency Band 802.11 a 1999 54 Mbps 100 ft. 5 GHz 802.11 b 1999 11 Mbps 300 ft. 2.4 GHz 802.11 g 2003 54 Mbps 300 ft. 2.4 GHz
    29. 29. SSID and Windows XP
    30. 30. VAPs – Access Contol lists and Backend Services LAN/WAN SSID=Admin Security=VPN QoS=P2 RADIUS Profile 2 ACL 3 SSID=Voice Security=WEP QoS=P1 RADIUS Profile 2 ACL - 4 SSID= POS Security=MAC QoS=P2 RADIUS Profile 2 ACL - 2 SSID=Guest Security=Open QoS=P3 RADIUS Profile 3 ACL - 5 POS Server VoIP Gateway SSID=Hotspot Security=Open QoS=P4 RADIUS Profile 3 ACL - 6 <ul><li>Services Controller </li></ul><ul><li>Access Devices </li></ul>Radius Profile 1 – Walled Garden ACL’a Back-end RADIUS 4 & WEB AAA NMS Billing Portal Back-end RADIUS 3 & WEB AAA NMS Billing Portal Back-end RADIUS 2 & WEB AAA NMS Billing Portal Back-end RADIUS 1 & WEB AAA NMS Billing Portal
    31. 31. Multi-Service WLANs for Higher Education LAN/MAN/WAN SSID=Faculty Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Student Security=Open QoS=P4 Admin Services Student Services VoIP Gateway Faculty Data Center SSID=Assets Security=WPA QoS=P2 Students CNMS WLAN Mgmt AAA/ VPN Server <ul><li>Services Controller </li></ul><ul><li>Access Devices </li></ul>Internet
    32. 32. GSM / Wi-Fi phones are here
    33. 33. Toll-Quality Voice Service <ul><li>Broad QoS support for VoWLAN handsets </li></ul><ul><ul><li>SpectraLink, 802.11e, Vocera, SIP and H.323 softphones </li></ul></ul><ul><li>Transparent client subnet roaming support </li></ul><ul><li>Traffic segregation and IP filters reinforce security </li></ul><ul><li>Open support for 3 rd party power-save modes </li></ul>Employee Server VoIP Gateway CN1250 SSID=VOICE Security= WEP IP Filter=VoIP G/W QoS=P1 Router Data Center Subnet “A” Subnet “B” Seamless Subnet Roaming
    34. 34. Multimedia Service <ul><li>WMM/802.11e EDCA QoS protocol support </li></ul><ul><ul><li>Four classes of service enable rich multimedia applications </li></ul></ul><ul><li>Service-Aware QoS for non-protocol client devices </li></ul><ul><ul><li>Enables legacy devices to access QoS </li></ul></ul><ul><li>Mapping to wired network QoS policies </li></ul><ul><ul><li>802.1p and TOS/DiffServ integration </li></ul></ul>CN320 Switch/Router Video Server SSID=VIDEO Security=Open Filter=Video server QoS=P2 SSID=Multimedia Security=WPA QoS=802.11e Surveillance Video Conference Internet
    35. 35. Colubris: QoS Enforced at the AP Edge <ul><li>Policies applied at WLAN/wired network boundary </li></ul><ul><ul><li>Mapping between WLAN and LAN/WAN policies </li></ul></ul><ul><li>Embedded processors provide scalability to large networks </li></ul><ul><ul><li>Each AP adds processing power for 16 services to network </li></ul></ul><ul><li>CNMS centrally configures QoS policies for ease of operation </li></ul>Applications Corporate HQ Suppliers IP Backbone LAN Backbone 802.1p TOS/DiffServ QoS Policy Enforcement SSID 802.1p WME 802.1p TOS/DiffServ
    36. 36. Interoperability with QoS-Capable Clients <ul><li>Protocol-based policy enables client device to request priority </li></ul><ul><ul><li>802.11e WME provides open voice, video, data interoperability </li></ul></ul><ul><ul><li>SVP support provides interoperability with SpectraLink phones </li></ul></ul><ul><li>Part of end-to-end QoS scheme </li></ul><ul><ul><li>Client-AP-Ethernet </li></ul></ul>SVP QoS WME QoS No QoS Ethernet Wi-Fi 1 2 3 4 Protocol-based Forwarding SSID=Multimedia Security=Open QoS=Protocol
    37. 37. WMM for Voice over Wi-Fi Support Corporate Server VoIP Gateway SSID=Voice Security=WEP SSID=Employee Security=WPA SSID=Voice Security=WEP Normal Priority Corporate Data Traffic WMM-Tagged VoIP Traffic 802.1p-Tagged VoIP Traffic
    38. 38. Problems with next generation Solutions Phone IP NEW IP Inter AP Roam – re associate & KEY .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. VoIP-PBX Management VLAN Switch Subnet A Master VLAN Switch IP Router Internet RADIUS Server DNS Server VLAN Switch Subnet B
    39. 39. Large Site / Campus deployment VLAN Switch In Motion MSC VoIP-PBX Control / mgmt Call Setup Legend: Call CNMS Management VLAN Switch Master VLAN Switch IP Router Internet Secure Control IP Tunnel In Motion MSC .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    40. 40. InMotion ™ Delivers New Services <ul><li>New Industry-leading Voice Over WLAN Service </li></ul><ul><ul><li>Highest R-values and voice session capacity </li></ul></ul><ul><ul><li>More than 28% lower jitter than competitors </li></ul></ul><ul><li>New Fast, Secure Intra/Inter Subnet Roaming Service </li></ul><ul><ul><li>Mobility for real-time applications MOBILE IP Protocol </li></ul></ul><ul><ul><li>Secure WPA2 hand-offs < 50 milliseconds </li></ul></ul><ul><li>New Plug-and-Play Deployment Service </li></ul><ul><ul><li>Automatic MAP discovery and configuration </li></ul></ul><ul><ul><li>Mutual authentication and encryption for security </li></ul></ul><ul><li>Industry-Leading Public/guest Network Access Service </li></ul><ul><ul><li>“ Zero configuration” for easy client access </li></ul></ul><ul><ul><li>Rich service management policies </li></ul></ul>MultiService Controllers
    41. 41. Retail Multi-Service WLAN LAN/WAN Retailer Headquarters Supplier Headquarters Back-end Hotspot Services AAA NMS Billing Portal Supplier SSID=Admin Security=VPN QoS=P2 Scanner SSID=Voice Security=WEP QoS=P1 Voice SSID= POS Security=MAC QoS=P2 SSID=Guest Security=Open QoS=P3 POS Server VoIP Gateway Manager SSID=Hotspot Security=Open QoS=P4 Customer DHCP, AAA VPN Server Firewall <ul><li>Services Controller </li></ul><ul><li>Access Devices </li></ul>CNMS Central Mgt Retail Store Location
    42. 42. Healthcare Multi-service WLAN LAN/MAN/WAN SSID=Admin Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Guest Security=Open QoS=P4 Admin Services EMR System SSID=Patient Info Security=WPA QoS=P2 Doctors Nurses VoIP Gateway Admin SSID=Badges Security=WEP QoS=P1 Affiliated Clinics Doctor/Clinician Office, Home Supplier Headquarters Data Center Asset Tracking SSID=Assets Security=WPA QoS=P2 Suppliers CNMS WLAN Mgmt AAA/ VPN Server <ul><li>Services Controller </li></ul><ul><li>Access Devices </li></ul>
    43. 43. Data Network Security <ul><li>3 Requirements </li></ul><ul><li>Access Control – Bi directional, verifiable, centrally Managed </li></ul><ul><li>Confidentiality – Encryption </li></ul><ul><li>Data Integrity – Frame Check and Sequencing </li></ul>Cipher Text Encryption KEY Encryption KEY RC4 DES/3DES CCMP AES RC4 DES/3DES CCMP AES Static – PSK Certificate PMK TKIP DATA DATA Encryption Engine Encryption Engine
    44. 44. Wi-Fi Security <ul><li>WEP – Wired Equivalent Privacy </li></ul><ul><ul><li>Original 802.11 encryption scheme RC4 - Static Weak Key </li></ul></ul><ul><li>VPN – Virtual Private Network </li></ul><ul><ul><li>(DES, 3DES) cryptography – VPN client and Gateway </li></ul></ul><ul><li>IEEE 802.1x – Access Control </li></ul><ul><ul><li>EAP protocol using Radius Authentication </li></ul></ul><ul><li>WPA – Wireless Protected Access </li></ul><ul><ul><li>Strong encryption TKIP RC4 </li></ul></ul><ul><ul><li>Requires access to authentication server </li></ul></ul><ul><li>IEEE 802.11i – WPA2 </li></ul><ul><ul><li>Strongest encryption (AES) Government approved </li></ul></ul><ul><li>HTML Access Control </li></ul><ul><ul><li>Public Access via Captive Portal authentication </li></ul></ul>
    45. 45. Managed Services Network Components Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS <ul><li>QoS for real-time services </li></ul><ul><li>Segments services </li></ul><ul><li>Broadband client connectivity </li></ul><ul><li>Routing services </li></ul><ul><li>Security </li></ul><ul><li>VoIP switch provides telephony service </li></ul><ul><li>Application server delivers business services </li></ul><ul><li>NMS Manages and controls CPE </li></ul>Customer Premises VoIP Switch Cable/DSL Modem Carrier Internet Service App. Server Business Applications Telephony
    46. 46. CIMS Managed WLAN Services Solution <ul><li>Easy WLAN access to multiple voice, video, data network services </li></ul><ul><li>VSCs tailor QoS and security policy for each service </li></ul><ul><li>VSC traffic mapped to separate NOC or customer premise destinations </li></ul><ul><li>Comprehensive remote WLAN management minimizes operations costs </li></ul>VSC 2 Voice Telephony <ul><li>Segment Traffic </li></ul><ul><li>P1 QoS </li></ul>Enterprise Premise Internet NOC VSC 3 Credit Card Processing <ul><li>Segment Traffic </li></ul><ul><li>P3 QoS </li></ul><ul><li>VPN Security </li></ul>Intelligent MultiService System VSC 1 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>P4 QoS </li></ul>
    47. 47. Colubris Unique Selling Proposition <ul><li>Centralized management and control minimizes OpEx </li></ul><ul><li>Distributed network intelligence for service flexibility </li></ul><ul><li>Highly scalable architecture minimizes CapEx </li></ul><ul><li>Comprehensive Public/Guest Internet Access Service </li></ul>XYZ Networks ABC Co. Acme Co.
    48. 48. WLAN System Components
    49. 49. Colubris Products Product Type 1 Radio 2 ports total 2 Radios 3 ports total Appliance No Radio, 4 Ethernet Ports only In Reach MAP – MultiService Access Point MAP-320 MAP-320R CN320 WAP-200 2 VAP no QOS MAP-330 MAP-330R CN330 In Motion MSC – MultiService Access Contoller MSC-3200 MSC-3200R CN3200 100 concurrent Users MSC-3300 MSC-3300R CN3300 100 concurrent Users MSC-5200 CN3400 500 concurrent Users MSC-5500 2000 concurrent Users 2-1000BASE-T4 MGW – MultiService Gateway MGW-1250 CN1250 MGW-3500 CN3500 1000 concurrent Users
    50. 50. Access Controller
    51. 51. Product Positioning Performance- User Capacity, Future Proofing Features- Connectivity, Security, Mobility MSC-3200 MSC-3300 100 Users 500 Users/25 AP 2000 Users/200 AP MSC-5500 MSC-5200 MGW-3500 1000 Users
    52. 52. InMotion ™ MultiService Controllers Specifications MSC-5200 MSC-5500 Software Configuration COS Access Service COS Service Pack COS Access Service COS Service Pack Services VoWLAN Fast Roaming Plug & Play Deployment Public/Guest Access           Maximum MAPs N.A. 25 N.A. 200 Max. Public/Guest Access Users 500 500 2,000 2,000
    53. 53. Firewall
    54. 54. NAT
    55. 55. VPN Client To protect the VPN, add the following definitions to the access list: access-list=vpn,DENY,all,192.168.30.0/24,all use-access-list=vpn
    56. 56. Centralized Mode
    57. 57. Dual Radio Access Device Features <ul><li>Industry first dual a/b/g radios </li></ul><ul><ul><li>Two channels on single band increases performance, coverage </li></ul></ul><ul><li>Configurable AP, WDS Bridge and Monitor operating modes </li></ul><ul><ul><li>Flexibility and investment protection </li></ul></ul><ul><ul><li>Enables continuous full-spectrum rogue scanning for increased security </li></ul></ul><ul><li>Robust monitor and diagnostic capability </li></ul><ul><ul><li>Eliminates cost of redundant probes/monitors </li></ul></ul>Configurability Radio 1 Radio 2 Transceiver Mode a/b/g a/b/g Operating Mode AP, Bridge, Monitor AP, Bridge, Monitor
    58. 58. Single Radio vs Dual Radio
    59. 59. Extended Access Control Network
    60. 60. Network Topology - WDS MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Access line Client Client client Client Client Client Client MAP-330 MAP-3300 MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Internet MAP-330 Client Client Client Client Client Client .11g or 11a (WDS) .11b ch 1 area (AP) .11b ch 6 area (AP) .11b ch 11 area (AP) MAP-3300/MAP-330 – one radio in AP mode and the other radio in WDS mode Potential hidden node issue, for shared WDS/AP radios
    61. 61. Rogue AP Detection and Reporting <ul><li>Wireless RF Scanning </li></ul><ul><ul><li>Use of existing, authorized APs for wireless scans </li></ul></ul><ul><ul><li>Differentiates between true “rogues” and “ignored” 3 rd party APs </li></ul></ul><ul><ul><li>Multi-vendor support enables most comprehensive Rogue AP detection </li></ul></ul><ul><li>Wireline Rogue Discovery </li></ul><ul><ul><li>Scans network via multiple protocols </li></ul></ul><ul><ul><li>Automatically IDs the “fingerprints” of rogue APs </li></ul></ul><ul><li>Integrated Rogue AP Reporting </li></ul><ul><ul><li>Correlates all information to rapidly locate and disable rogues </li></ul></ul>
    62. 62. Outdoor Rated Enclosure: MSC-3200R, MAP-320R <ul><li>Die-Cast Aluminum, NEMA 67 rating </li></ul><ul><li>2 waterproof N-type Antennas option </li></ul><ul><li>Waterproof, quick disconnect RJ-45 connector </li></ul><ul><li>3 point silicone-rubber gasket </li></ul><ul><li>Pole-top and wall-mount mounting options </li></ul><ul><li>Colubris Logo Applied </li></ul>This slide for planning purposes only, content and dates subject to change
    63. 63. Locking Mounting Bracket <ul><li>Die-Cast Aluminum </li></ul><ul><li>Wall or Ceiling Mountable </li></ul><ul><li>Compatible with standard product enclosure (slides in and out) </li></ul><ul><li>Padlock not included </li></ul><ul><li>List Price $50 (USD) </li></ul>This slide for planning purposes only, content and dates subject to change
    64. 64. CNMS - WiFi Network Management
    65. 65. WiFi Network Management
    66. 66. CNMS Overview NMS Authentication RADIUS SNMP NOC WAN/LAN Campus A Campus B CN3200 CN320 CN3200 CN1250 SNMP/HTTP/TFTP CNMS <ul><li>Monitor </li></ul><ul><ul><li>AP discovery </li></ul></ul><ul><ul><li>User monitoring </li></ul></ul><ul><ul><li>Rogue AP detection </li></ul></ul><ul><ul><li>NMS & AAA integration </li></ul></ul><ul><li>Analyze </li></ul><ul><ul><li>Alerts & diagnostics </li></ul></ul><ul><ul><li>Performance reports </li></ul></ul><ul><ul><li>RF event correlation </li></ul></ul><ul><li>Act </li></ul><ul><ul><li>Multi-vendor </li></ul></ul><ul><ul><li> config mgt </li></ul></ul><ul><ul><li>Firmware distribution </li></ul></ul><ul><ul><li>Grouping & scheduling </li></ul></ul>                    
    67. 67. Colubris Networks Offers a Comprehensive RF Security and Management Solution <ul><li>InCharge RF Server </li></ul><ul><li>InReach 330P </li></ul><ul><li>InCharge RF Planner </li></ul><ul><li>Automatically prevent Wi-Fi security attacks </li></ul><ul><li>Perform real-time network audits </li></ul><ul><li>Assist performance troubleshooting </li></ul><ul><li>Monitor wireless LAN health </li></ul>
    68. 68. <ul><li>InCharge RF Server </li></ul><ul><ul><li>Two appliance models support up to 50 sensors or up to 200 sensors </li></ul></ul><ul><ul><li>Correlates sensor data </li></ul></ul><ul><ul><li>Analyzes and classifies Wi-Fi devices </li></ul></ul><ul><ul><li>Enforces security policy </li></ul></ul><ul><ul><li>Web interface </li></ul></ul><ul><ul><li>Within CNMS, launch InCharge RF Server screens in Phase 1 </li></ul></ul><ul><ul><li>Tight integration with CNMS in Phase 2 </li></ul></ul>InCharge RF Server, InReach 330P, InCharge RF Planner <ul><li>InReach 330P </li></ul><ul><ul><li>Scans 2.4 and 5 GHz bands </li></ul></ul><ul><ul><li>Centrally managed and configured by Server </li></ul></ul><ul><ul><li>Dedicated sensor function in Phase 1 </li></ul></ul><ul><ul><li>Concurrent AP and Sensor function at Phase 2; Phase 1 InReach 330P devices can be upgraded to Phase 2 capability </li></ul></ul><ul><ul><li>Power over Ethernet </li></ul></ul><ul><li>InCharge RF Planner </li></ul><ul><li>Stand-alone Windows-based application </li></ul><ul><ul><li>Models wireless LAN coverage without a physical site survey </li></ul></ul><ul><ul><li>Evaluates security risk from wireless LAN spillage outside building </li></ul></ul><ul><ul><li>Assesses changes with simple drag and drop techniques </li></ul></ul><ul><ul><li>Generates equipment lists for installation team </li></ul></ul><ul><ul><li>Provides powerful predictive planning </li></ul></ul><ul><ul><ul><li>Input floor plan </li></ul></ul></ul><ul><ul><ul><li>Add building material type </li></ul></ul></ul><ul><ul><ul><li>Specify 802.11b, g or a </li></ul></ul></ul><ul><ul><ul><li>Input minimum bandwidth requirements </li></ul></ul></ul><ul><ul><ul><li>Drag and drop APs </li></ul></ul></ul><ul><ul><li>Supports dynamic floor plan models </li></ul></ul><ul><ul><ul><li>RF coverage </li></ul></ul></ul><ul><ul><ul><li>Channels </li></ul></ul></ul><ul><ul><ul><li>Signal strength </li></ul></ul></ul><ul><ul><ul><li>Spillage </li></ul></ul></ul>InReach 330P Web Interface InCharge RF Server InCharge Security Server
    69. 69. The Threat!!!; Eight Major Classes of Wi-Fi Threats Firewalls, VPNs, and 802.11 Security Standards Do Not Prevent These Wi-Fi Threats on Either Wired or Wireless Networks Enterprise Network Neighboring Network ? Ad Hoc Denial of Service Attack AP MAC Spoofing Rogue AP Mis-configured AP Unauthorized Association Mis-association Honeypot <ul><li>Common </li></ul><ul><ul><li>Rogue Access Points </li></ul></ul><ul><ul><li>Mis-configured Access Points </li></ul></ul><ul><ul><li>Ad hoc connections </li></ul></ul><ul><ul><li>Client mis-associations </li></ul></ul><ul><ul><li>Unauthorized client associations </li></ul></ul><ul><li>Malicious </li></ul><ul><ul><li>Honeypot APs </li></ul></ul><ul><ul><li>MAC Spoofing APs </li></ul></ul><ul><ul><ul><li>Client > Malicious AP </li></ul></ul></ul><ul><ul><li>Denial of Service </li></ul></ul><ul><ul><ul><li>De-authentication flood </li></ul></ul></ul><ul><ul><ul><li>Packet storm </li></ul></ul></ul>
    70. 70. Monitor/Detect <ul><li>Scan all bands </li></ul><ul><ul><li>2.4 GHz and 5 GHz </li></ul></ul><ul><li>Detect all Wi-Fi activity </li></ul><ul><ul><li>Access points, soft APs, NATing APs, clients </li></ul></ul><ul><li>Correlate information from multiple sensors </li></ul><ul><ul><li>Eliminate confusing duplicate reports of the same device </li></ul></ul>
    71. 71. Visualize <ul><li>Make your airwaves visible </li></ul><ul><li>View RF coverage in real time </li></ul><ul><ul><li>Handhelds only provide a snapshot in time </li></ul></ul><ul><li>Plan for security and Wi-Fi coverage </li></ul><ul><ul><li>Only integrated solution that ensures proper sensor placement </li></ul></ul><ul><ul><li>Model detection and prevention levels </li></ul></ul><ul><li>Self-calibrating </li></ul><ul><ul><li>Site-specific RF characteristics </li></ul></ul><ul><ul><li>Deployment orientation </li></ul></ul>Good Coverage No RF Coverage Poor RF Coverage
    72. 72. Auto-Classify <ul><li>Comprehensive </li></ul><ul><ul><li>Access points </li></ul></ul><ul><ul><ul><li>Authorized, Rogue, External </li></ul></ul></ul><ul><ul><li>Clients </li></ul></ul><ul><ul><ul><li>Authorized and Unauthorized </li></ul></ul></ul><ul><li>Accurate and Reliable </li></ul><ul><ul><li>No false positives/no false negatives </li></ul></ul><ul><li>Instantaneous </li></ul><ul><ul><li>No manual user intervention required </li></ul></ul>InCharge RF Server dashboard automatically classifies Access Points and Clients into appropriate categories.
    73. 73. Prevent <ul><li>Over-the-air </li></ul><ul><ul><li>Ensures non-stop protection </li></ul></ul><ul><li>Instantaneous </li></ul><ul><ul><li>Based on quarantine policy and accurate auto-classification </li></ul></ul><ul><ul><li>Doesn’t require manual administrator intervention </li></ul></ul><ul><li>No harm policy </li></ul><ul><ul><li>Won’t disrupt your own or neighbor’s networks </li></ul></ul><ul><li>Most comprehensive solution </li></ul><ul><ul><li>All major classes of threats </li></ul></ul><ul><ul><li>Rogue access points, Evil Twin/Honey Pot APs, MAC spoofing APs, mis-configured APs, rogue clients, client mis-associations, ad hoc networks and DoS attacks </li></ul></ul>InCharge RF Server dashboard shows rogue access points that has been quarantined; I.e. automatically blocked to prevent any and all client connections. 3 5
    74. 74. Locate <ul><li>Precise </li></ul><ul><ul><li>Locates rogues and other Wi-Fi security threats for physical remediation </li></ul></ul><ul><ul><li>Pinpoints all AP and client device locations </li></ul></ul><ul><ul><ul><li>Authorized, unauthorized and neighbor </li></ul></ul></ul><ul><li>Immediate </li></ul><ul><ul><li>One click operation </li></ul></ul><ul><li>Site calibrated </li></ul><ul><ul><li>Displays location on a floor plan </li></ul></ul><ul><li>One click operation provides graphical probability analysis of location </li></ul><ul><ul><li>Not just a red ‘X’ </li></ul></ul>InCharge RF Server integrates a floor plan to show a range of probable locations of rogue APs or clients.
    75. 75. Prevent Wi-Fi Threats in a Non Wi-Fi Network <ul><li>Even if you have no 802.11 AP’s, most laptops have 802.11 cards </li></ul><ul><li>A laptop radio is default configured to ‘automatically associate’ with the strongest signal from a list of SSID’s </li></ul><ul><li>Hackers simple sit outside the building with an AP configured to a common SSID and wait for a number of laptops to connect </li></ul>SSID: linksys Corporate Firewall Internet X X X X Honeypot attack lures in multiple laptops to miss-associate.
    76. 76. Rogue AP Blocking <ul><li>Rogue AP is Detected </li></ul><ul><ul><li>Over-the-air detection </li></ul></ul><ul><ul><li>Network connect tested </li></ul></ul><ul><ul><li>Auto-classified </li></ul></ul><ul><li>No False Positives </li></ul><ul><ul><li>Does not rely on switch </li></ul></ul><ul><li>Blocked over-the-air </li></ul><ul><ul><li>De-auth all Clients </li></ul></ul><ul><ul><li>100% accurate </li></ul></ul><ul><ul><li>Any network / switch </li></ul></ul><ul><li>Better than port blocking </li></ul><ul><ul><li>Port blocking is not reliable </li></ul></ul><ul><ul><li>Port blocking may cause DoS </li></ul></ul>Rogue AP Wi-Fi Ready Laptop X Corporate Firewall Internet
    77. 77. Prevent Client Mis-Association Enterprise Network Neighboring Network SSID: a1b2c3 SSID: a1b2c3 SSID: a1b2c3 X X X X <ul><li>Clients associate to strongest signal </li></ul><ul><li>Blocks clients that mis-associate </li></ul><ul><li>Prevents </li></ul><ul><ul><li>SSID spoofing </li></ul></ul><ul><ul><li>Client roaming </li></ul></ul>
    78. 78. Prevent MAC & Air-Jack Attack Enterprise Network SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 X X <ul><li>Detects MAC Spoofing </li></ul><ul><li>Blocks unauthorized spoofed AP’s </li></ul><ul><li>Prevent malicious threats </li></ul><ul><ul><li>Evil Twin </li></ul></ul><ul><ul><li>Man-in-the-middle </li></ul></ul>
    79. 79. Denial of Service Attack Prevention <ul><li>Wi-Fi Denial of Service can shut down your network </li></ul><ul><li>Blocks DoS attacks </li></ul><ul><ul><li>Exclusive vendor DoS prevention </li></ul></ul><ul><li>Patented </li></ul><ul><ul><li>‘ Virtual Selective Jamming’ technique </li></ul></ul>Corporate Firewall Internet Enterprise Network X X X DoS attack
    80. 80. Complete Protection Requires Simultaneous Threat Prevention Enterprise Network X X X X X Rogue AP Single Sensor must block multiple Clients and multiple Rogue AP’s on multiple channels simultaneously Corporate Firewall Internet SSID: linksys
    81. 81. Knowledge-Based Troubleshooting <ul><li>Step-by-step flowchart </li></ul><ul><ul><li>Connectivity and performance problems </li></ul></ul><ul><ul><li>Client and access point issues </li></ul></ul><ul><li>Not just problem identification </li></ul><ul><ul><li>Suggests remedies </li></ul></ul><ul><li>Easy to use </li></ul><ul><ul><li>Helpdesks </li></ul></ul><ul><ul><li>Remote administrators </li></ul></ul><ul><li>Live over-the-air packet capture </li></ul><ul><ul><li>Ethereal </li></ul></ul>
    82. 82. Knowledge-based Troubleshooting (cont’d) <ul><li>Administrator logs into the InCharge RF Server & chooses the device to troubleshoot </li></ul><ul><li>Administrator selects the appropriate sensor to troubleshoot the device </li></ul>Step 1 Step 2 Live Packet stream
    83. 83. Customizable Reports This custom report captures uncategorized & unauthorized clients that are not quarantined!
    84. 84. Security & Performance Monitoring <ul><li>Monitor & alert for security and performance issues </li></ul><ul><li>Total of 140 events! </li></ul><ul><li>Complete protection </li></ul><ul><ul><li>Sensors scan ALL channels </li></ul></ul><ul><ul><li>Independent of regulatory domain </li></ul></ul><ul><li>Details provided for each event </li></ul><ul><ul><li>Suggested remedies </li></ul></ul>
    85. 85. Availability <ul><li>Phase 1: GA End of October </li></ul><ul><ul><li>InReach 300P (dedicated sensor) </li></ul></ul><ul><ul><li>InCharge RF Server appliance </li></ul></ul><ul><ul><li>InCharge RF Planning Tool </li></ul></ul><ul><li>Phase 2: target GA of 1Q06 </li></ul><ul><ul><li>Multi-function MAP-330 will support AP and sensor function or act as a dedicated sensor </li></ul></ul><ul><ul><li>Software migration path from Phase 1 to Phase 2 capability </li></ul></ul><ul><ul><li>Tight integration of InCharge CNMS and RF server </li></ul></ul>
    86. 86. A New Paradigm <ul><li>Determine AP and security sensor placement without physical walk around </li></ul><ul><li>Much more efficient method than physical site survey </li></ul><ul><li>What-if analysis </li></ul><ul><li>Predictive planning enables simply, easily </li></ul>Building floor plan with predicted RF coverage
    87. 87. How it Works <ul><li>Predictive planning </li></ul><ul><ul><li>Input floor plan </li></ul></ul><ul><ul><li>Add building material type </li></ul></ul><ul><ul><li>Specify 802.11b, g or a </li></ul></ul><ul><ul><li>Input minimum bandwidth requirements </li></ul></ul><ul><ul><li>Drag and drop APs </li></ul></ul><ul><li>Dynamic floor plan models </li></ul><ul><ul><li>RF coverage </li></ul></ul><ul><ul><li>Channels </li></ul></ul><ul><ul><li>Signal strength </li></ul></ul><ul><ul><li>Spillage </li></ul></ul>
    88. 88. InCharge RF Planner Wi-Fi Site Planning <ul><li>InCharge RF Planner </li></ul><ul><ul><li>Site Planner for Wireless LAN Access Point Coverage </li></ul></ul><ul><ul><li>Site Planner for Performance Optimization </li></ul></ul><ul><ul><li>Planning for WLAN Security Sensors Coverage </li></ul></ul><ul><li>Advantages </li></ul><ul><ul><li>Software solution does not require manual site surveys </li></ul></ul><ul><ul><li>Automatic RF Mapping with ‘True Map’ </li></ul></ul><ul><ul><li>Automatic report generation </li></ul></ul>Planning for Coverage, Performance and Security
    89. 89. Wi-Fi Site Planning <ul><li>Software Planning Tool </li></ul><ul><ul><li>Import or create floor plans </li></ul></ul><ul><ul><li>State-of-the-art RF propagation modeling for wireless LAN and security sensor coverage </li></ul></ul><ul><ul><li>Models site specific parameters </li></ul></ul><ul><li>Ensure optimum performance </li></ul><ul><ul><li>Capacity and coverage </li></ul></ul><ul><ul><li>Allows for redundancy planning </li></ul></ul><ul><ul><li>Ensures no blind spots </li></ul></ul><ul><ul><li>Provides visual confirmation </li></ul></ul><ul><li>Determine security level needed </li></ul><ul><ul><li>Detection vs. prevention coverage areas </li></ul></ul><ul><ul><li>Security sensitivity modeling </li></ul></ul>Good security coverage blind spots
    90. 90. Wireless LAN Coverage <ul><li>Model building RF reflection, refraction, and absorption </li></ul><ul><li>Import floor map from virtually any electronic format </li></ul><ul><li>Plan for complete and optimum coverage </li></ul>
    91. 91. Redundancy Planning <ul><li>Eliminate blind spots </li></ul><ul><li>Model 802.11 a/b/g </li></ul><ul><li>Minimize AP requirements </li></ul>
    92. 92. Link Speed <ul><li>Performance optimization modeling </li></ul><ul><li>Model 802.11a/b/g </li></ul><ul><li>Building specific </li></ul>
    93. 93. Channel Allocation <ul><li>Visualize Channel Overlap to minimize interference </li></ul><ul><li>Model various scenarios </li></ul><ul><ul><li>Vendor APs </li></ul></ul><ul><ul><li>Antennae </li></ul></ul><ul><ul><li>Antennae direction </li></ul></ul><ul><ul><li>Power </li></ul></ul><ul><ul><li>a/b/g </li></ul></ul>
    94. 94. Channel Interference <ul><li>Minimize Interference </li></ul><ul><li>Model multiple scenarios </li></ul><ul><li>Optimize performance </li></ul>
    95. 95. Security Exposure <ul><li>Know where you are vulnerable </li></ul><ul><li>Model various scenarios to minimize risk </li></ul>
    96. 96. Comprehensive Security Coverage Planning <ul><li>Accurately determines number of sensors based on customer specific risk profile </li></ul><ul><li>Five specific variables used to model coverage level </li></ul><ul><ul><li>Site specific characteristics </li></ul></ul><ul><ul><li>Detection vs. prevention range </li></ul></ul><ul><ul><li>Detection range vs. transmit power of rogue or attacker </li></ul></ul><ul><ul><li>Redundancy </li></ul></ul><ul><li>Other solutions blindly quote coverage ranges with no real method to determine actual security level </li></ul>SpectraGuard Enterprise shows precisely the detection (blue) versus protection (purple) range of each sensor.
    97. 97. Work Order <ul><li>Automatic work order generation </li></ul><ul><li>Detailed management reporting </li></ul><ul><li>Ease deployment and maintain performance of your WLAN project </li></ul>
    98. 98. Global Customer Deployments Wireline Wireless Cable ISP Hospitality Retail Education Transportation Sporting Venues Service Providers Verticals Partners New Zealand Argentina
    99. 99. Customer Success: McDonald’s Restaurants McDonald's is the leading global foodservice retailer with more than 30,000 restaurants serving nearly 47 million people in more than 120 countries each day. Trigger Events: <ul><li>500+ “Store of the Future” WLAN Program Initiative </li></ul>Why Colubris: <ul><li>Open systems, multiservice platform provided a simple, cost-effective means to evaluate and launch new business applications to improve quality and speed of service </li></ul><ul><li>Scale and manageability to potentially thousands of locations </li></ul><ul><li>Simple integration with existing Juniper infrastructure </li></ul>Goals: <ul><li>Enhanced customer satisfaction and revenue throughput </li></ul><ul><li>Consistent quality monitoring </li></ul><ul><li>Real-time inventory management </li></ul><ul><li>Timely corporate communications </li></ul>Vision Point: <ul><li>Use wireless mobility to improve customer service, quality and cost across business systems </li></ul>Solution: <ul><li>CN3200 AP/SC platform, CNMS Management </li></ul>Competition: <ul><li>Cisco & Symbol </li></ul>
    100. 100. McDonald’s “Store of the Future” VSC 1 VSC 2 Roaming Quality Audits <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul>VSC 3 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>Quality & Inventory POS Line Busting Hotspot Quality Control Mobile Order Taking <ul><li>Segment Traffic </li></ul><ul><li>WEP Security </li></ul>Intelligent Access & Service Control <ul><li>3 VSCs deliver separate service through single WLAN system </li></ul><ul><li>VSC security and QoS policies tailored to each application </li></ul><ul><li>Open support for wide range of devices, users and apps. </li></ul><ul><li>Applications under evaluation: </li></ul><ul><ul><li>Wireless telemetry, Inventory management, VoIP (drivethru), Signage </li></ul></ul>WLAN Management Internet
    101. 101. Customer Success: Wendy's Wendy’s is one of the world's largest restaurant operating and franchising companies with more than 9,500 restaurants under the Wendy's Old Fashioned Hamburgers®, Tim Horton's and Baja Fresh® Mexican Grill brands. Trigger Events: <ul><li>Interoperable, low cost WLAN equipment widely available </li></ul>Why Colubris: <ul><li>Delivers multiple private and public WLAN services in one device </li></ul><ul><li>Integrated IP routing and VPN security services </li></ul><ul><li>Centralized management of 1000s of remote sites </li></ul><ul><li>Easy to deploy solution for autonomous franchises </li></ul>Goals: <ul><li>Wireless mobility for all headquarters and regional employees </li></ul><ul><li>Real-time network automation of restaurant equipment </li></ul><ul><li>Single WLAN architecture for campus, regional offices and stores </li></ul><ul><li>Eliminate cabling expenses </li></ul><ul><li>Offer customers public Internet access services </li></ul>Vision Point: <ul><li>Common wireless infrastructure for restaurant automation, enhanced customer service and human resource productivity initiatives </li></ul>Solution: <ul><li>CN1250 (HQ), CN3200 (Restaurant), CNMS management </li></ul>Competition: <ul><li>Cisco, Sonic Wall, ReefEdge </li></ul>
    102. 102. Wendy’s Common WLAN Infrastructure Restaurant Automation <ul><li>Segment Traffic </li></ul><ul><li>P2 Priority </li></ul>Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>Equipment Controller POS HotSpot (Future) Equipment Automation & Telemetry Regional Mgr Network <ul><li>Segment Traffic </li></ul><ul><li>VPN Security </li></ul><ul><li>Wireless connectivity to HQ VPN network </li></ul><ul><li>VSC security and QoS policies segment traffic tailored to each application </li></ul><ul><li>CNMS centralizes management for HQ, regional offices and restaurants </li></ul>WLAN Management Intelligent Access & Service Control VPN access to HQ applications Headquarters Intelligent Access & Service Control Point of Sale/ Line Busting (Future) POS <ul><li>Segment Traffic </li></ul><ul><li>VPN Security </li></ul>VSC 3 VSC 4 VSC 2 VSC 1 VPN Server Internet
    103. 103. Gander Mountain “Store of the Future” VSC 1: Associate Communication <ul><li>Segment Traffic </li></ul><ul><li>WEP Security </li></ul><ul><li>Voice Priority </li></ul>VSC 2: Inventory Control <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul>Quality & Inventory Management POS WLAN Management Intelligent Access & Service Control <ul><li>VSCs deliver 3 separate services through single WLAN system </li></ul><ul><li>VSC security and QoS policies segment traffic tailored to each application </li></ul><ul><li>VSCs provide open support for wide range of devices, users and applications </li></ul>VoWLAN Wire Replacement Wire Replacement VSC 3: Corporate Employee <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul><ul><li>Best Effort Priority </li></ul>Internet
    104. 104. Customer Success: Emory University Trigger Events: <ul><li>Availability of unified WLAN voice and data network technology </li></ul>Emory University is recognized as one of the U.S.’s top 25 national universities. It is known for its demanding academics, outstanding undergraduate college of arts and sciences, highly ranked professional schools and state-of-the-art research facilities. Why Colubris: <ul><li>VSC capabilities </li></ul><ul><li>Leadership VoFi and QoS solution </li></ul><ul><li>Central management for scalability and ease of operation </li></ul>Goals: <ul><li>Easy access to network services from any campus location </li></ul><ul><li>Instant voice communications for all staff members </li></ul><ul><li>Wireless student Net access </li></ul><ul><li>Guest Internet access in hospitals </li></ul>Vision Point: <ul><li>Improved staff, faculty, student productivity through ubiquitous broadband network services </li></ul>Solution: <ul><li>CN1250 Secure Gateway, CNMS Management </li></ul>Competition: <ul><li>Cisco </li></ul>
    105. 105. Emory University Ubiquitous WLAN VSC 1 VSC 2 VPN Data Service <ul><li>Segment Traffic </li></ul><ul><li>VPN Security </li></ul>VSC 4 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>Data Services VoIP Gateway VoFi Hotspot (hospital) Student, Staff, Faculty Voice Service <ul><li>Segment Traffic </li></ul><ul><li>High Priority </li></ul>Intelligent Access & Service Control <ul><li>SpectraLink VoWLAN phone support </li></ul><ul><li>Smooth migration from VPN to WPA capable devices </li></ul><ul><li>Student, Staff and Faculty security privileges set by RADIUS authentication </li></ul>WLAN Management VSC 3 WPA Data Service <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul>Student, Staff, Faculty Internet
    106. 106. Customer Success: SJ Trigger Events: <ul><li>“ Internet On Track” -- The first full fleet roll out by a train operator of an onboard wireless Internet service and the world's first implementation of 3G/Satellite -enabled Wi-Fi service </li></ul>SJ is Sweden’s leading rail traffic company and operator of the X2000, Sweden’s high-speed train, and its new X40 fleet – servicing 85 trains beginning in summer 2005. Why Colubris: <ul><li>VSC capabilities </li></ul><ul><li>Security policies ensure internal applications are protected from public Internet traffic </li></ul><ul><li>Corporate responsiveness and networking expertise </li></ul>Goals: <ul><li>Integrate an Internet access service into business class ticket </li></ul><ul><li>Optional fee service for coach class ticket holders </li></ul><ul><li>Separate internal WLAN service for train monitoring </li></ul>Vision Point: <ul><li>Continuous broadband Internet service improves passenger experience </li></ul>Solution: <ul><li>CN320 Intelligent MultiService Access Point </li></ul>Competition: <ul><li>Cisco, Proxim </li></ul>
    107. 107. SJ “Internet On Track” Service Data Collection Train Data Monitor Hotspot Intelligent Access & Service Control <ul><li>Segment traffic per VSC for security </li></ul><ul><li>Strong security for internal train applications </li></ul><ul><li>Selective Layer 2 isolation prevents snooping on passenger hotspot service while enabling peer-peer monitoring connections </li></ul>VSC 2 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>VSC 1 Data Collection <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul><ul><li>High Priority </li></ul>Internet
    108. 108. Wi-Fi on the Train Head Car Rear Car Middle Cars (7) Mobility Router GPRS, EDGE, CDMA, UMTS, WCDMA, 3G and satellite technologies. Provide wireless multi-service applications in a single footprint Provide Access Control CN330 CN320 CN330 CN3300 Public Access – internet for passengers Personnel Access – ticket sales, inter cart communication Video surveillance SSID 1 SSID 2 SSID 3 Internet
    109. 109. Customer Success: Sprint Sprint is a Fortune 100 company with more than $27 billion in annual revenues in 2004, Sprint is widely recognized for developing, engineering and deploying state-of-the-art network technologies. Trigger Events: <ul><li>Previous vendors unable to reach vision point </li></ul>Why Colubris: <ul><li>VSC capabilities: traffic segmentation, security & QoS policies per VSC </li></ul><ul><li>Ease of management with CNMS </li></ul><ul><li>Interoperability with 3 rd party hotspot back-end services </li></ul>Goals: <ul><li>Upsell existing WAN service customers to managed Wi-Fi </li></ul><ul><li>Offer revenue-generating hotspot service to retailers and public venue operators </li></ul><ul><li>Flexibility to add new software-defined Wi-Fi service offerings (training, video surveillance, point-of-sale system, credit card service) </li></ul>Vision Point: <ul><li>Managed Wi-Fi service for installed base of 8,000 enterprises </li></ul>Solution: <ul><li>CN3200 AP/SC platform, CNMS Management </li></ul>Competition: <ul><li>Cisco, Nomadix, AireSpace </li></ul>
    110. 110. Sprint “Enterprise Wi-Fi Access” Service Hotspot Intelligent Access & Service Control <ul><li>Segment traffic per VSN for security </li></ul><ul><li>Authenticate hotspot users via Airpath back-end service </li></ul><ul><li>CNMS in NOC centralizes management for all customer sites </li></ul><ul><li>Additional VSCs available for future services </li></ul>Security Surveillance Service (Future) VSC 2 Video Surveillance <ul><li>Segment Traffic </li></ul><ul><li>High Priority </li></ul>Back-end Hotspot Service Point of Sale Credit Verification (Future) POS <ul><li>Segment Traffic </li></ul><ul><li>VPN Security </li></ul>VSC 3 Enterprise Customer Premise WLAN Management Sprint NOC Internet VSC 1 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>
    111. 111. Customer Success: Best Western Europa The Europa is a 180-room business hotel located in downtown Montreal and a franchise of the Best Western hotel chain. Trigger Events: <ul><li>Best Western mandate to offer Wi-Fi Internet access in all properties </li></ul>Why Colubris: <ul><li>VSC capabilities </li></ul><ul><li>Strong security policy enforcement </li></ul><ul><li>VoWLAN and QoS support </li></ul>Goals: <ul><li>Differentiate by offering wireless keycard and wireless guest authentication services </li></ul><ul><li>Upgrade path to VoWLAN service for guests </li></ul><ul><li>Reduce operating costs while expanding guest services </li></ul>Vision Point: <ul><li>Leverage Wi-Fi to provide multiple wireless customer conveniences </li></ul>Solution: <ul><li>CN3200 AP/SC platform, CN320 AP, CNMS Management </li></ul>Competition: <ul><li>Cisco </li></ul>
    112. 112. Best Western MultiService WLAN Guest Internet Access Service Intelligent Access & Service Control <ul><li>Segment traffic per VSC for security </li></ul><ul><li>Authenticate hotspot users via Airpath back-end service </li></ul><ul><li>Additional VSCs available for future services </li></ul>VSC 1 Public Internet Access <ul><li>Segment Traffic </li></ul><ul><li>Access Control </li></ul><ul><li>Best Effort Priority </li></ul>Wireless Guest Authentication and Direct Billing VSC 2 Guest Authentication <ul><li>Segment Traffic </li></ul><ul><li>WPA Security </li></ul>Guest Wireless Voice Service (Future) Telephony <ul><li>Segment Traffic </li></ul><ul><li>High priority </li></ul>VSC 3 VoIP Gateway Property Management System Internet
    113. 113. Veteran Leadership Team <ul><li>Barry Fougere - President & CEO </li></ul><ul><li>A.T. Kearney, EDS, Cambridge Strategic Mgt Group </li></ul><ul><li>Pierre Trudeau - Co-founder & CTO </li></ul><ul><li>Eicon Technology, Touch Tones Digital Jukebox </li></ul><ul><li>Larry Whitman - CFO </li></ul><ul><li>WaveSmith Networks, Shiva </li></ul><ul><li>John O’Hara – VP, Engineering </li></ul><ul><li>WaveSmith Networks, New Oak Communications </li></ul><ul><li>Marty Falaro – VP, Sales & Business Development </li></ul><ul><li>Altiga Networks, Cisco, PictureTel </li></ul><ul><li>Roger Sands – VP, Enterprise Development </li></ul><ul><li>Accton Technoloogies, US Robotics </li></ul><ul><li>Ken MacLure – VP, Operations </li></ul><ul><li>Narad Networks, Cascade </li></ul><ul><li>Michael Welts – VP, Marketing </li></ul><ul><li>Unisphere, Castle Networks, Bay Networks </li></ul>
    114. 114. Demonstration Setup MSC-3300 MAP-330 5.8GHz WDS Secure Link In Charge CNMS 192.168.2.20 RADIUS/Apache 192.168.2.99 WIN2K Server 192.168.2.100 Gateway Router Internet
    1. A particular slide catching your eye?

      Clipping is a handy way to collect important slides you want to go back to later.

    ×