Your SlideShare is downloading. ×
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Colubris Basic Customer Presentation
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×
Saving this for later? Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime – even offline.
Text the download link to your phone
Standard text messaging rates apply

Colubris Basic Customer Presentation

4,542

Published on

Published in: Technology, Business
0 Comments
1 Like
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total Views
4,542
On Slideshare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
129
Comments
0
Likes
1
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide
  • Transcript

    • 1. … Extend Your Business Mobilize Your Network … Colubris Networks Product Overview
    • 2. Wilfredo López Escobar DATEN System Engineer Caribbean and Latin America [email_address]
    • 3. What is Wi-Fi?
      • Wireless Ethernet – WLAN IEEE 802.11
      • Broadband wireless data service that connects mobile devices to an Ethernet network
          • Data rates: 11 to 54 Mbps
          • Distance: 300 ft, depending on antenna and environment
      Ethernet Wi-Fi Access Point Network
    • 4. Colubris Overview Mission: Industry-leading developer of unified multiservice WLAN/LAN systems
      • Highly scalable business mobility solutions for enterprises and service providers
      Market Leadership: Over 1,000 customers worldwide
      • 60,000 WLAN devices installed, worldwide
      • #2 global market share in hospitality and service provider; #1 in transportation
      Founded in 2000; HQ in Waltham, MA Profile:
      • Strategic Partners – Alcatel, Juniper, Avaya
      • #1 privately held WLAN company
    • 5. Distributed Intelligence VPN Termination/Aggregation
      • Distributed Intelligence – VPN termination on AP eliminates separate WLAN infrastructure
      • Secure VPN perimeter from client-to-corporate LAN
        • On-board encryption accelerator optimizes performance
      • Local termination enables simplicity, greater scale
        • Back-end aggregation to fewer VPN tunnels
      • Secure VPN management interface
      SSID=Employee Security=VPN CN1250 Employees Corporate HQ AAA NMS DHCP VPN Server Wide Area Network
    • 6. Next Generation WLAN Architecture Smart Access Management & Control (incl. 1 st Gen WLAN Switch) Scalability & Services Breadth
    • 7. Localized Services Policy Control
      • Services applied at AP
      • Distributed architecture with Centralized management and control NOT in Data Path
      • Adds centralized WLAN QoS , security and roaming to existing LAN
      • 10x higher scalability than WLAN switch solutions
      • Leverages commercial AP chips for reduced costs
      • Smooth migration to unified switch and 802.11n standards
      WLAN RF & system mgt. QoS and security enforcement, packet forwarding AP AP NMS Central QoS and security control, roaming MultiService Controller LAN Policy Data Base
    • 8. Colubris WLAN Solution InMotion VoIP-PBX InCharge CNMS InCharge RF Security Server L2/L3 Switch Internet Gateway Internet InReach VLAN Switch VLAN Switch .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    • 9. Product Application- Mobility
      • Voice Over WLAN Service
        • Highest R-values and voice session capacity
        • More than 28% lower jitter than competitors
      • Fast, Secure Intra/Inter Subnet Roaming Service
        • Mobility Enabled for real-time applications
        • Secure WPA2 hand-offs < 50 milliseconds
      • RF Security and Management
        • Embedded Wireless IDS/IPS Sensor
        • Active load balancing and congestion management
      VSC 2 VSC 1 Voice Telephony
      • Segment Traffic
      • P1 QoS Priority
      • PBX Destination Filter
      Data Applications
      • Segment Traffic
      • WPA Security
      • P3 QoS Priority
      Server VoIP PBX VLAN Switch Intelligent MultiService System
    • 10. Free or Fee-based Hotspot Services
      • Cafes and restaurants
      • Hotels and marinas
      • Train stations
      • Increase foot traffic
      • Customer stays longer
      • Generate revenue
      FEE-BASED SERVICE OPPORTUNITIES
      • Retailers, Malls
      • Municipalities
      • Increase foot traffic
      • Attract techno-savvy clients
      FREE SERVICE OPPORTUNITIES NOC CN3200 Access Network Kiosk Hotspot
    • 11. Public Interface
    • 12.
    • 13. Internal Web Page
    • 14. Original URL and Session Page
    • 15. Customized Local (MSC) Pages
    • 16. Rich Content Remote WEB server Page
    • 17. Interactive Captive Portal
    • 18. Payment options
    • 19. Credit Card Payment
    • 20. Public Internet Access Industry Structure
      • Wireless service provider
        • Owns and operates WLAN infrastructure
      • Carrier
        • Owns and operates Internet network service
      • Back-office service provider
        • Performs back-end authentication, billing, phone support
      • Venue owner (hotel, restaurant, etc.)
      • Aggregator
        • Markets services to end-users
        • Aggregates service operated by 3 rd party WSPs
      End User Venue Owner Wireless Service Provider Back Office Service Provider Carrier
    • 21. Global Hospitality Customers and Partners Hotspot Service Partners Global Customer Base
    • 22. Public Access Service Business Models
      • Service branding
        • Private label for venue
        • Wireless service provider brand
        • Aggregator brand
      • Revenue models
        • Service paid by venue owner
        • Service paid by end user and split with venue owner
        • Service paid by aggregator and split with service provider and venue owner
      • Various back office and carrier outsourcing models
      Aggregator Wireless Service Provider Back Office Service Provider Carrier
    • 23. Public Access Solution Partners Speed Entry
      • Back-office service partners lower barriers to entry
        • CIMS supports billing and customer service outsourcing
      • Aggregator (roaming) partners make hotspots part of a larger network
        • CIMS interoperability enables WSP to join large aggregator networks
      Back-office Service Partners Aggregator Partners
    • 24. Public Access Service Network Components Back Office Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS Broadband client connectivity Client authentication, service presentation, billing support Routing services, security Access Gateway NMS manages and controls public access infrastructure, Portal delivers web content to clients Back Office Subscriber authentication, Credit card processing Public Internet Access Venue Portal Carrier Internet Service Cable/DSL Modem
    • 25. CIMS Fully Integrated Public Access Solution Back Office InMotion MSC InReach MAP(s) InCharge Colubris NMS (CNMS) Service Provider
      • MultiService client connectivity
      • Turnkey public access CPE solution
      • Integrated access gateway, router, firewall, access point
      • CNMS manages and controls geographically distributed public access infrastructure
      Back Office
      • Comprehensive support for AAA and back-office billing systems
      Public Access Venue Portal Carrier Internet Service Cable/DSL Modem CNMS MultiService Controller MultiService Access Point
    • 26. CIMS Meets Public Access Business Needs
      • Easy for Customers to Use
        • Colubris “Zero Configuration” service interface
        • Per user bandwidth management
      • Range of Billing Models
        • Rich AAA interface supports range of billing models
        • Location-aware billing support
      • Minimizes Operating Costs
        • Highly reliable integrated system
        • Central WLAN management system for ease of operation
      • Low Deployment Costs
        • Low cost, purpose-built solutions are easy to install
      Public Access Venue NOC CNMS WLAN Mgmt AAA, Billing, Portal Internet VSC 1 Public Internet Access
      • Segment Traffic
      • Access Control
      • Bandwidth Management
      Intelligent MultiService System
    • 27. Fixed Network Infrastructure Wireless Network Infrastructure Defining W ireless LANS Components of a Generic 802.11 Nework AP AP STA STA Router Switch Internet Protocol: CSMA-CA w/ ACK
    • 28. Wi-Fi Primer
      • Interoperability: Wi-Fi Alliance
      • Governing standard: IEEE 802.11
      Specification Ratified Data Rate Distance (dipole) Frequency Band 802.11 a 1999 54 Mbps 100 ft. 5 GHz 802.11 b 1999 11 Mbps 300 ft. 2.4 GHz 802.11 g 2003 54 Mbps 300 ft. 2.4 GHz
    • 29. SSID and Windows XP
    • 30. VAPs – Access Contol lists and Backend Services LAN/WAN SSID=Admin Security=VPN QoS=P2 RADIUS Profile 2 ACL 3 SSID=Voice Security=WEP QoS=P1 RADIUS Profile 2 ACL - 4 SSID= POS Security=MAC QoS=P2 RADIUS Profile 2 ACL - 2 SSID=Guest Security=Open QoS=P3 RADIUS Profile 3 ACL - 5 POS Server VoIP Gateway SSID=Hotspot Security=Open QoS=P4 RADIUS Profile 3 ACL - 6
      • Services Controller
      • Access Devices
      Radius Profile 1 – Walled Garden ACL’a Back-end RADIUS 4 & WEB AAA NMS Billing Portal Back-end RADIUS 3 & WEB AAA NMS Billing Portal Back-end RADIUS 2 & WEB AAA NMS Billing Portal Back-end RADIUS 1 & WEB AAA NMS Billing Portal
    • 31. Multi-Service WLANs for Higher Education LAN/MAN/WAN SSID=Faculty Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Student Security=Open QoS=P4 Admin Services Student Services VoIP Gateway Faculty Data Center SSID=Assets Security=WPA QoS=P2 Students CNMS WLAN Mgmt AAA/ VPN Server
      • Services Controller
      • Access Devices
      Internet
    • 32. GSM / Wi-Fi phones are here
    • 33. Toll-Quality Voice Service
      • Broad QoS support for VoWLAN handsets
        • SpectraLink, 802.11e, Vocera, SIP and H.323 softphones
      • Transparent client subnet roaming support
      • Traffic segregation and IP filters reinforce security
      • Open support for 3 rd party power-save modes
      Employee Server VoIP Gateway CN1250 SSID=VOICE Security= WEP IP Filter=VoIP G/W QoS=P1 Router Data Center Subnet “A” Subnet “B” Seamless Subnet Roaming
    • 34. Multimedia Service
      • WMM/802.11e EDCA QoS protocol support
        • Four classes of service enable rich multimedia applications
      • Service-Aware QoS for non-protocol client devices
        • Enables legacy devices to access QoS
      • Mapping to wired network QoS policies
        • 802.1p and TOS/DiffServ integration
      CN320 Switch/Router Video Server SSID=VIDEO Security=Open Filter=Video server QoS=P2 SSID=Multimedia Security=WPA QoS=802.11e Surveillance Video Conference Internet
    • 35. Colubris: QoS Enforced at the AP Edge
      • Policies applied at WLAN/wired network boundary
        • Mapping between WLAN and LAN/WAN policies
      • Embedded processors provide scalability to large networks
        • Each AP adds processing power for 16 services to network
      • CNMS centrally configures QoS policies for ease of operation
      Applications Corporate HQ Suppliers IP Backbone LAN Backbone 802.1p TOS/DiffServ QoS Policy Enforcement SSID 802.1p WME 802.1p TOS/DiffServ
    • 36. Interoperability with QoS-Capable Clients
      • Protocol-based policy enables client device to request priority
        • 802.11e WME provides open voice, video, data interoperability
        • SVP support provides interoperability with SpectraLink phones
      • Part of end-to-end QoS scheme
        • Client-AP-Ethernet
      SVP QoS WME QoS No QoS Ethernet Wi-Fi 1 2 3 4 Protocol-based Forwarding SSID=Multimedia Security=Open QoS=Protocol
    • 37. WMM for Voice over Wi-Fi Support Corporate Server VoIP Gateway SSID=Voice Security=WEP SSID=Employee Security=WPA SSID=Voice Security=WEP Normal Priority Corporate Data Traffic WMM-Tagged VoIP Traffic 802.1p-Tagged VoIP Traffic
    • 38. Problems with next generation Solutions Phone IP NEW IP Inter AP Roam – re associate & KEY .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. VoIP-PBX Management VLAN Switch Subnet A Master VLAN Switch IP Router Internet RADIUS Server DNS Server VLAN Switch Subnet B
    • 39. Large Site / Campus deployment VLAN Switch In Motion MSC VoIP-PBX Control / mgmt Call Setup Legend: Call CNMS Management VLAN Switch Master VLAN Switch IP Router Internet Secure Control IP Tunnel In Motion MSC .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
    • 40. InMotion ™ Delivers New Services
      • New Industry-leading Voice Over WLAN Service
        • Highest R-values and voice session capacity
        • More than 28% lower jitter than competitors
      • New Fast, Secure Intra/Inter Subnet Roaming Service
        • Mobility for real-time applications MOBILE IP Protocol
        • Secure WPA2 hand-offs < 50 milliseconds
      • New Plug-and-Play Deployment Service
        • Automatic MAP discovery and configuration
        • Mutual authentication and encryption for security
      • Industry-Leading Public/guest Network Access Service
        • “ Zero configuration” for easy client access
        • Rich service management policies
      MultiService Controllers
    • 41. Retail Multi-Service WLAN LAN/WAN Retailer Headquarters Supplier Headquarters Back-end Hotspot Services AAA NMS Billing Portal Supplier SSID=Admin Security=VPN QoS=P2 Scanner SSID=Voice Security=WEP QoS=P1 Voice SSID= POS Security=MAC QoS=P2 SSID=Guest Security=Open QoS=P3 POS Server VoIP Gateway Manager SSID=Hotspot Security=Open QoS=P4 Customer DHCP, AAA VPN Server Firewall
      • Services Controller
      • Access Devices
      CNMS Central Mgt Retail Store Location
    • 42. Healthcare Multi-service WLAN LAN/MAN/WAN SSID=Admin Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Guest Security=Open QoS=P4 Admin Services EMR System SSID=Patient Info Security=WPA QoS=P2 Doctors Nurses VoIP Gateway Admin SSID=Badges Security=WEP QoS=P1 Affiliated Clinics Doctor/Clinician Office, Home Supplier Headquarters Data Center Asset Tracking SSID=Assets Security=WPA QoS=P2 Suppliers CNMS WLAN Mgmt AAA/ VPN Server
      • Services Controller
      • Access Devices
    • 43. Data Network Security
      • 3 Requirements
      • Access Control – Bi directional, verifiable, centrally Managed
      • Confidentiality – Encryption
      • Data Integrity – Frame Check and Sequencing
      Cipher Text Encryption KEY Encryption KEY RC4 DES/3DES CCMP AES RC4 DES/3DES CCMP AES Static – PSK Certificate PMK TKIP DATA DATA Encryption Engine Encryption Engine
    • 44. Wi-Fi Security
      • WEP – Wired Equivalent Privacy
        • Original 802.11 encryption scheme RC4 - Static Weak Key
      • VPN – Virtual Private Network
        • (DES, 3DES) cryptography – VPN client and Gateway
      • IEEE 802.1x – Access Control
        • EAP protocol using Radius Authentication
      • WPA – Wireless Protected Access
        • Strong encryption TKIP RC4
        • Requires access to authentication server
      • IEEE 802.11i – WPA2
        • Strongest encryption (AES) Government approved
      • HTML Access Control
        • Public Access via Captive Portal authentication
    • 45. Managed Services Network Components Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS
      • QoS for real-time services
      • Segments services
      • Broadband client connectivity
      • Routing services
      • Security
      • VoIP switch provides telephony service
      • Application server delivers business services
      • NMS Manages and controls CPE
      Customer Premises VoIP Switch Cable/DSL Modem Carrier Internet Service App. Server Business Applications Telephony
    • 46. CIMS Managed WLAN Services Solution
      • Easy WLAN access to multiple voice, video, data network services
      • VSCs tailor QoS and security policy for each service
      • VSC traffic mapped to separate NOC or customer premise destinations
      • Comprehensive remote WLAN management minimizes operations costs
      VSC 2 Voice Telephony
      • Segment Traffic
      • P1 QoS
      Enterprise Premise Internet NOC VSC 3 Credit Card Processing
      • Segment Traffic
      • P3 QoS
      • VPN Security
      Intelligent MultiService System VSC 1 Public Internet Access
      • Segment Traffic
      • Access Control
      • P4 QoS
    • 47. Colubris Unique Selling Proposition
      • Centralized management and control minimizes OpEx
      • Distributed network intelligence for service flexibility
      • Highly scalable architecture minimizes CapEx
      • Comprehensive Public/Guest Internet Access Service
      XYZ Networks ABC Co. Acme Co.
    • 48. WLAN System Components
    • 49. Colubris Products Product Type 1 Radio 2 ports total 2 Radios 3 ports total Appliance No Radio, 4 Ethernet Ports only In Reach MAP – MultiService Access Point MAP-320 MAP-320R CN320 WAP-200 2 VAP no QOS MAP-330 MAP-330R CN330 In Motion MSC – MultiService Access Contoller MSC-3200 MSC-3200R CN3200 100 concurrent Users MSC-3300 MSC-3300R CN3300 100 concurrent Users MSC-5200 CN3400 500 concurrent Users MSC-5500 2000 concurrent Users 2-1000BASE-T4 MGW – MultiService Gateway MGW-1250 CN1250 MGW-3500 CN3500 1000 concurrent Users
    • 50. Access Controller
    • 51. Product Positioning Performance- User Capacity, Future Proofing Features- Connectivity, Security, Mobility MSC-3200 MSC-3300 100 Users 500 Users/25 AP 2000 Users/200 AP MSC-5500 MSC-5200 MGW-3500 1000 Users
    • 52. InMotion ™ MultiService Controllers Specifications MSC-5200 MSC-5500 Software Configuration COS Access Service COS Service Pack COS Access Service COS Service Pack Services VoWLAN Fast Roaming Plug & Play Deployment Public/Guest Access           Maximum MAPs N.A. 25 N.A. 200 Max. Public/Guest Access Users 500 500 2,000 2,000
    • 53. Firewall
    • 54. NAT
    • 55. VPN Client To protect the VPN, add the following definitions to the access list: access-list=vpn,DENY,all,192.168.30.0/24,all use-access-list=vpn
    • 56. Centralized Mode
    • 57. Dual Radio Access Device Features
      • Industry first dual a/b/g radios
        • Two channels on single band increases performance, coverage
      • Configurable AP, WDS Bridge and Monitor operating modes
        • Flexibility and investment protection
        • Enables continuous full-spectrum rogue scanning for increased security
      • Robust monitor and diagnostic capability
        • Eliminates cost of redundant probes/monitors
      Configurability Radio 1 Radio 2 Transceiver Mode a/b/g a/b/g Operating Mode AP, Bridge, Monitor AP, Bridge, Monitor
    • 58. Single Radio vs Dual Radio
    • 59. Extended Access Control Network
    • 60. Network Topology - WDS MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Access line Client Client client Client Client Client Client MAP-330 MAP-3300 MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Internet MAP-330 Client Client Client Client Client Client .11g or 11a (WDS) .11b ch 1 area (AP) .11b ch 6 area (AP) .11b ch 11 area (AP) MAP-3300/MAP-330 – one radio in AP mode and the other radio in WDS mode Potential hidden node issue, for shared WDS/AP radios
    • 61. Rogue AP Detection and Reporting
      • Wireless RF Scanning
        • Use of existing, authorized APs for wireless scans
        • Differentiates between true “rogues” and “ignored” 3 rd party APs
        • Multi-vendor support enables most comprehensive Rogue AP detection
      • Wireline Rogue Discovery
        • Scans network via multiple protocols
        • Automatically IDs the “fingerprints” of rogue APs
      • Integrated Rogue AP Reporting
        • Correlates all information to rapidly locate and disable rogues
    • 62. Outdoor Rated Enclosure: MSC-3200R, MAP-320R
      • Die-Cast Aluminum, NEMA 67 rating
      • 2 waterproof N-type Antennas option
      • Waterproof, quick disconnect RJ-45 connector
      • 3 point silicone-rubber gasket
      • Pole-top and wall-mount mounting options
      • Colubris Logo Applied
      This slide for planning purposes only, content and dates subject to change
    • 63. Locking Mounting Bracket
      • Die-Cast Aluminum
      • Wall or Ceiling Mountable
      • Compatible with standard product enclosure (slides in and out)
      • Padlock not included
      • List Price $50 (USD)
      This slide for planning purposes only, content and dates subject to change
    • 64. CNMS - WiFi Network Management
    • 65. WiFi Network Management
    • 66. CNMS Overview NMS Authentication RADIUS SNMP NOC WAN/LAN Campus A Campus B CN3200 CN320 CN3200 CN1250 SNMP/HTTP/TFTP CNMS
      • Monitor
        • AP discovery
        • User monitoring
        • Rogue AP detection
        • NMS & AAA integration
      • Analyze
        • Alerts & diagnostics
        • Performance reports
        • RF event correlation
      • Act
        • Multi-vendor
        • config mgt
        • Firmware distribution
        • Grouping & scheduling
                          
    • 67. Colubris Networks Offers a Comprehensive RF Security and Management Solution
      • InCharge RF Server
      • InReach 330P
      • InCharge RF Planner
      • Automatically prevent Wi-Fi security attacks
      • Perform real-time network audits
      • Assist performance troubleshooting
      • Monitor wireless LAN health
    • 68.
      • InCharge RF Server
        • Two appliance models support up to 50 sensors or up to 200 sensors
        • Correlates sensor data
        • Analyzes and classifies Wi-Fi devices
        • Enforces security policy
        • Web interface
        • Within CNMS, launch InCharge RF Server screens in Phase 1
        • Tight integration with CNMS in Phase 2
      InCharge RF Server, InReach 330P, InCharge RF Planner
      • InReach 330P
        • Scans 2.4 and 5 GHz bands
        • Centrally managed and configured by Server
        • Dedicated sensor function in Phase 1
        • Concurrent AP and Sensor function at Phase 2; Phase 1 InReach 330P devices can be upgraded to Phase 2 capability
        • Power over Ethernet
      • InCharge RF Planner
      • Stand-alone Windows-based application
        • Models wireless LAN coverage without a physical site survey
        • Evaluates security risk from wireless LAN spillage outside building
        • Assesses changes with simple drag and drop techniques
        • Generates equipment lists for installation team
        • Provides powerful predictive planning
          • Input floor plan
          • Add building material type
          • Specify 802.11b, g or a
          • Input minimum bandwidth requirements
          • Drag and drop APs
        • Supports dynamic floor plan models
          • RF coverage
          • Channels
          • Signal strength
          • Spillage
      InReach 330P Web Interface InCharge RF Server InCharge Security Server
    • 69. The Threat!!!; Eight Major Classes of Wi-Fi Threats Firewalls, VPNs, and 802.11 Security Standards Do Not Prevent These Wi-Fi Threats on Either Wired or Wireless Networks Enterprise Network Neighboring Network ? Ad Hoc Denial of Service Attack AP MAC Spoofing Rogue AP Mis-configured AP Unauthorized Association Mis-association Honeypot
      • Common
        • Rogue Access Points
        • Mis-configured Access Points
        • Ad hoc connections
        • Client mis-associations
        • Unauthorized client associations
      • Malicious
        • Honeypot APs
        • MAC Spoofing APs
          • Client > Malicious AP
        • Denial of Service
          • De-authentication flood
          • Packet storm
    • 70. Monitor/Detect
      • Scan all bands
        • 2.4 GHz and 5 GHz
      • Detect all Wi-Fi activity
        • Access points, soft APs, NATing APs, clients
      • Correlate information from multiple sensors
        • Eliminate confusing duplicate reports of the same device
    • 71. Visualize
      • Make your airwaves visible
      • View RF coverage in real time
        • Handhelds only provide a snapshot in time
      • Plan for security and Wi-Fi coverage
        • Only integrated solution that ensures proper sensor placement
        • Model detection and prevention levels
      • Self-calibrating
        • Site-specific RF characteristics
        • Deployment orientation
      Good Coverage No RF Coverage Poor RF Coverage
    • 72. Auto-Classify
      • Comprehensive
        • Access points
          • Authorized, Rogue, External
        • Clients
          • Authorized and Unauthorized
      • Accurate and Reliable
        • No false positives/no false negatives
      • Instantaneous
        • No manual user intervention required
      InCharge RF Server dashboard automatically classifies Access Points and Clients into appropriate categories.
    • 73. Prevent
      • Over-the-air
        • Ensures non-stop protection
      • Instantaneous
        • Based on quarantine policy and accurate auto-classification
        • Doesn’t require manual administrator intervention
      • No harm policy
        • Won’t disrupt your own or neighbor’s networks
      • Most comprehensive solution
        • All major classes of threats
        • Rogue access points, Evil Twin/Honey Pot APs, MAC spoofing APs, mis-configured APs, rogue clients, client mis-associations, ad hoc networks and DoS attacks
      InCharge RF Server dashboard shows rogue access points that has been quarantined; I.e. automatically blocked to prevent any and all client connections. 3 5
    • 74. Locate
      • Precise
        • Locates rogues and other Wi-Fi security threats for physical remediation
        • Pinpoints all AP and client device locations
          • Authorized, unauthorized and neighbor
      • Immediate
        • One click operation
      • Site calibrated
        • Displays location on a floor plan
      • One click operation provides graphical probability analysis of location
        • Not just a red ‘X’
      InCharge RF Server integrates a floor plan to show a range of probable locations of rogue APs or clients.
    • 75. Prevent Wi-Fi Threats in a Non Wi-Fi Network
      • Even if you have no 802.11 AP’s, most laptops have 802.11 cards
      • A laptop radio is default configured to ‘automatically associate’ with the strongest signal from a list of SSID’s
      • Hackers simple sit outside the building with an AP configured to a common SSID and wait for a number of laptops to connect
      SSID: linksys Corporate Firewall Internet X X X X Honeypot attack lures in multiple laptops to miss-associate.
    • 76. Rogue AP Blocking
      • Rogue AP is Detected
        • Over-the-air detection
        • Network connect tested
        • Auto-classified
      • No False Positives
        • Does not rely on switch
      • Blocked over-the-air
        • De-auth all Clients
        • 100% accurate
        • Any network / switch
      • Better than port blocking
        • Port blocking is not reliable
        • Port blocking may cause DoS
      Rogue AP Wi-Fi Ready Laptop X Corporate Firewall Internet
    • 77. Prevent Client Mis-Association Enterprise Network Neighboring Network SSID: a1b2c3 SSID: a1b2c3 SSID: a1b2c3 X X X X
      • Clients associate to strongest signal
      • Blocks clients that mis-associate
      • Prevents
        • SSID spoofing
        • Client roaming
    • 78. Prevent MAC & Air-Jack Attack Enterprise Network SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 X X
      • Detects MAC Spoofing
      • Blocks unauthorized spoofed AP’s
      • Prevent malicious threats
        • Evil Twin
        • Man-in-the-middle
    • 79. Denial of Service Attack Prevention
      • Wi-Fi Denial of Service can shut down your network
      • Blocks DoS attacks
        • Exclusive vendor DoS prevention
      • Patented
        • ‘ Virtual Selective Jamming’ technique
      Corporate Firewall Internet Enterprise Network X X X DoS attack
    • 80. Complete Protection Requires Simultaneous Threat Prevention Enterprise Network X X X X X Rogue AP Single Sensor must block multiple Clients and multiple Rogue AP’s on multiple channels simultaneously Corporate Firewall Internet SSID: linksys
    • 81. Knowledge-Based Troubleshooting
      • Step-by-step flowchart
        • Connectivity and performance problems
        • Client and access point issues
      • Not just problem identification
        • Suggests remedies
      • Easy to use
        • Helpdesks
        • Remote administrators
      • Live over-the-air packet capture
        • Ethereal
    • 82. Knowledge-based Troubleshooting (cont’d)
      • Administrator logs into the InCharge RF Server & chooses the device to troubleshoot
      • Administrator selects the appropriate sensor to troubleshoot the device
      Step 1 Step 2 Live Packet stream
    • 83. Customizable Reports This custom report captures uncategorized & unauthorized clients that are not quarantined!
    • 84. Security & Performance Monitoring
      • Monitor & alert for security and performance issues
      • Total of 140 events!
      • Complete protection
        • Sensors scan ALL channels
        • Independent of regulatory domain
      • Details provided for each event
        • Suggested remedies
    • 85. Availability
      • Phase 1: GA End of October
        • InReach 300P (dedicated sensor)
        • InCharge RF Server appliance
        • InCharge RF Planning Tool
      • Phase 2: target GA of 1Q06
        • Multi-function MAP-330 will support AP and sensor function or act as a dedicated sensor
        • Software migration path from Phase 1 to Phase 2 capability
        • Tight integration of InCharge CNMS and RF server
    • 86. A New Paradigm
      • Determine AP and security sensor placement without physical walk around
      • Much more efficient method than physical site survey
      • What-if analysis
      • Predictive planning enables simply, easily
      Building floor plan with predicted RF coverage
    • 87. How it Works
      • Predictive planning
        • Input floor plan
        • Add building material type
        • Specify 802.11b, g or a
        • Input minimum bandwidth requirements
        • Drag and drop APs
      • Dynamic floor plan models
        • RF coverage
        • Channels
        • Signal strength
        • Spillage
    • 88. InCharge RF Planner Wi-Fi Site Planning
      • InCharge RF Planner
        • Site Planner for Wireless LAN Access Point Coverage
        • Site Planner for Performance Optimization
        • Planning for WLAN Security Sensors Coverage
      • Advantages
        • Software solution does not require manual site surveys
        • Automatic RF Mapping with ‘True Map’
        • Automatic report generation
      Planning for Coverage, Performance and Security
    • 89. Wi-Fi Site Planning
      • Software Planning Tool
        • Import or create floor plans
        • State-of-the-art RF propagation modeling for wireless LAN and security sensor coverage
        • Models site specific parameters
      • Ensure optimum performance
        • Capacity and coverage
        • Allows for redundancy planning
        • Ensures no blind spots
        • Provides visual confirmation
      • Determine security level needed
        • Detection vs. prevention coverage areas
        • Security sensitivity modeling
      Good security coverage blind spots
    • 90. Wireless LAN Coverage
      • Model building RF reflection, refraction, and absorption
      • Import floor map from virtually any electronic format
      • Plan for complete and optimum coverage
    • 91. Redundancy Planning
      • Eliminate blind spots
      • Model 802.11 a/b/g
      • Minimize AP requirements
    • 92. Link Speed
      • Performance optimization modeling
      • Model 802.11a/b/g
      • Building specific
    • 93. Channel Allocation
      • Visualize Channel Overlap to minimize interference
      • Model various scenarios
        • Vendor APs
        • Antennae
        • Antennae direction
        • Power
        • a/b/g
    • 94. Channel Interference
      • Minimize Interference
      • Model multiple scenarios
      • Optimize performance
    • 95. Security Exposure
      • Know where you are vulnerable
      • Model various scenarios to minimize risk
    • 96. Comprehensive Security Coverage Planning
      • Accurately determines number of sensors based on customer specific risk profile
      • Five specific variables used to model coverage level
        • Site specific characteristics
        • Detection vs. prevention range
        • Detection range vs. transmit power of rogue or attacker
        • Redundancy
      • Other solutions blindly quote coverage ranges with no real method to determine actual security level
      SpectraGuard Enterprise shows precisely the detection (blue) versus protection (purple) range of each sensor.
    • 97. Work Order
      • Automatic work order generation
      • Detailed management reporting
      • Ease deployment and maintain performance of your WLAN project
    • 98. Global Customer Deployments Wireline Wireless Cable ISP Hospitality Retail Education Transportation Sporting Venues Service Providers Verticals Partners New Zealand Argentina
    • 99. Customer Success: McDonald’s Restaurants McDonald's is the leading global foodservice retailer with more than 30,000 restaurants serving nearly 47 million people in more than 120 countries each day. Trigger Events:
      • 500+ “Store of the Future” WLAN Program Initiative
      Why Colubris:
      • Open systems, multiservice platform provided a simple, cost-effective means to evaluate and launch new business applications to improve quality and speed of service
      • Scale and manageability to potentially thousands of locations
      • Simple integration with existing Juniper infrastructure
      Goals:
      • Enhanced customer satisfaction and revenue throughput
      • Consistent quality monitoring
      • Real-time inventory management
      • Timely corporate communications
      Vision Point:
      • Use wireless mobility to improve customer service, quality and cost across business systems
      Solution:
      • CN3200 AP/SC platform, CNMS Management
      Competition:
      • Cisco & Symbol
    • 100. McDonald’s “Store of the Future” VSC 1 VSC 2 Roaming Quality Audits
      • Segment Traffic
      • WPA Security
      VSC 3 Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
      Quality & Inventory POS Line Busting Hotspot Quality Control Mobile Order Taking
      • Segment Traffic
      • WEP Security
      Intelligent Access & Service Control
      • 3 VSCs deliver separate service through single WLAN system
      • VSC security and QoS policies tailored to each application
      • Open support for wide range of devices, users and apps.
      • Applications under evaluation:
        • Wireless telemetry, Inventory management, VoIP (drivethru), Signage
      WLAN Management Internet
    • 101. Customer Success: Wendy's Wendy’s is one of the world's largest restaurant operating and franchising companies with more than 9,500 restaurants under the Wendy's Old Fashioned Hamburgers®, Tim Horton's and Baja Fresh® Mexican Grill brands. Trigger Events:
      • Interoperable, low cost WLAN equipment widely available
      Why Colubris:
      • Delivers multiple private and public WLAN services in one device
      • Integrated IP routing and VPN security services
      • Centralized management of 1000s of remote sites
      • Easy to deploy solution for autonomous franchises
      Goals:
      • Wireless mobility for all headquarters and regional employees
      • Real-time network automation of restaurant equipment
      • Single WLAN architecture for campus, regional offices and stores
      • Eliminate cabling expenses
      • Offer customers public Internet access services
      Vision Point:
      • Common wireless infrastructure for restaurant automation, enhanced customer service and human resource productivity initiatives
      Solution:
      • CN1250 (HQ), CN3200 (Restaurant), CNMS management
      Competition:
      • Cisco, Sonic Wall, ReefEdge
    • 102. Wendy’s Common WLAN Infrastructure Restaurant Automation
      • Segment Traffic
      • P2 Priority
      Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
      Equipment Controller POS HotSpot (Future) Equipment Automation & Telemetry Regional Mgr Network
      • Segment Traffic
      • VPN Security
      • Wireless connectivity to HQ VPN network
      • VSC security and QoS policies segment traffic tailored to each application
      • CNMS centralizes management for HQ, regional offices and restaurants
      WLAN Management Intelligent Access & Service Control VPN access to HQ applications Headquarters Intelligent Access & Service Control Point of Sale/ Line Busting (Future) POS
      • Segment Traffic
      • VPN Security
      VSC 3 VSC 4 VSC 2 VSC 1 VPN Server Internet
    • 103. Gander Mountain “Store of the Future” VSC 1: Associate Communication
      • Segment Traffic
      • WEP Security
      • Voice Priority
      VSC 2: Inventory Control
      • Segment Traffic
      • WPA Security
      Quality & Inventory Management POS WLAN Management Intelligent Access & Service Control
      • VSCs deliver 3 separate services through single WLAN system
      • VSC security and QoS policies segment traffic tailored to each application
      • VSCs provide open support for wide range of devices, users and applications
      VoWLAN Wire Replacement Wire Replacement VSC 3: Corporate Employee
      • Segment Traffic
      • WPA Security
      • Best Effort Priority
      Internet
    • 104. Customer Success: Emory University Trigger Events:
      • Availability of unified WLAN voice and data network technology
      Emory University is recognized as one of the U.S.’s top 25 national universities. It is known for its demanding academics, outstanding undergraduate college of arts and sciences, highly ranked professional schools and state-of-the-art research facilities. Why Colubris:
      • VSC capabilities
      • Leadership VoFi and QoS solution
      • Central management for scalability and ease of operation
      Goals:
      • Easy access to network services from any campus location
      • Instant voice communications for all staff members
      • Wireless student Net access
      • Guest Internet access in hospitals
      Vision Point:
      • Improved staff, faculty, student productivity through ubiquitous broadband network services
      Solution:
      • CN1250 Secure Gateway, CNMS Management
      Competition:
      • Cisco
    • 105. Emory University Ubiquitous WLAN VSC 1 VSC 2 VPN Data Service
      • Segment Traffic
      • VPN Security
      VSC 4 Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
      Data Services VoIP Gateway VoFi Hotspot (hospital) Student, Staff, Faculty Voice Service
      • Segment Traffic
      • High Priority
      Intelligent Access & Service Control
      • SpectraLink VoWLAN phone support
      • Smooth migration from VPN to WPA capable devices
      • Student, Staff and Faculty security privileges set by RADIUS authentication
      WLAN Management VSC 3 WPA Data Service
      • Segment Traffic
      • WPA Security
      Student, Staff, Faculty Internet
    • 106. Customer Success: SJ Trigger Events:
      • “ Internet On Track” -- The first full fleet roll out by a train operator of an onboard wireless Internet service and the world's first implementation of 3G/Satellite -enabled Wi-Fi service
      SJ is Sweden’s leading rail traffic company and operator of the X2000, Sweden’s high-speed train, and its new X40 fleet – servicing 85 trains beginning in summer 2005. Why Colubris:
      • VSC capabilities
      • Security policies ensure internal applications are protected from public Internet traffic
      • Corporate responsiveness and networking expertise
      Goals:
      • Integrate an Internet access service into business class ticket
      • Optional fee service for coach class ticket holders
      • Separate internal WLAN service for train monitoring
      Vision Point:
      • Continuous broadband Internet service improves passenger experience
      Solution:
      • CN320 Intelligent MultiService Access Point
      Competition:
      • Cisco, Proxim
    • 107. SJ “Internet On Track” Service Data Collection Train Data Monitor Hotspot Intelligent Access & Service Control
      • Segment traffic per VSC for security
      • Strong security for internal train applications
      • Selective Layer 2 isolation prevents snooping on passenger hotspot service while enabling peer-peer monitoring connections
      VSC 2 Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
      VSC 1 Data Collection
      • Segment Traffic
      • WPA Security
      • High Priority
      Internet
    • 108. Wi-Fi on the Train Head Car Rear Car Middle Cars (7) Mobility Router GPRS, EDGE, CDMA, UMTS, WCDMA, 3G and satellite technologies. Provide wireless multi-service applications in a single footprint Provide Access Control CN330 CN320 CN330 CN3300 Public Access – internet for passengers Personnel Access – ticket sales, inter cart communication Video surveillance SSID 1 SSID 2 SSID 3 Internet
    • 109. Customer Success: Sprint Sprint is a Fortune 100 company with more than $27 billion in annual revenues in 2004, Sprint is widely recognized for developing, engineering and deploying state-of-the-art network technologies. Trigger Events:
      • Previous vendors unable to reach vision point
      Why Colubris:
      • VSC capabilities: traffic segmentation, security & QoS policies per VSC
      • Ease of management with CNMS
      • Interoperability with 3 rd party hotspot back-end services
      Goals:
      • Upsell existing WAN service customers to managed Wi-Fi
      • Offer revenue-generating hotspot service to retailers and public venue operators
      • Flexibility to add new software-defined Wi-Fi service offerings (training, video surveillance, point-of-sale system, credit card service)
      Vision Point:
      • Managed Wi-Fi service for installed base of 8,000 enterprises
      Solution:
      • CN3200 AP/SC platform, CNMS Management
      Competition:
      • Cisco, Nomadix, AireSpace
    • 110. Sprint “Enterprise Wi-Fi Access” Service Hotspot Intelligent Access & Service Control
      • Segment traffic per VSN for security
      • Authenticate hotspot users via Airpath back-end service
      • CNMS in NOC centralizes management for all customer sites
      • Additional VSCs available for future services
      Security Surveillance Service (Future) VSC 2 Video Surveillance
      • Segment Traffic
      • High Priority
      Back-end Hotspot Service Point of Sale Credit Verification (Future) POS
      • Segment Traffic
      • VPN Security
      VSC 3 Enterprise Customer Premise WLAN Management Sprint NOC Internet VSC 1 Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
    • 111. Customer Success: Best Western Europa The Europa is a 180-room business hotel located in downtown Montreal and a franchise of the Best Western hotel chain. Trigger Events:
      • Best Western mandate to offer Wi-Fi Internet access in all properties
      Why Colubris:
      • VSC capabilities
      • Strong security policy enforcement
      • VoWLAN and QoS support
      Goals:
      • Differentiate by offering wireless keycard and wireless guest authentication services
      • Upgrade path to VoWLAN service for guests
      • Reduce operating costs while expanding guest services
      Vision Point:
      • Leverage Wi-Fi to provide multiple wireless customer conveniences
      Solution:
      • CN3200 AP/SC platform, CN320 AP, CNMS Management
      Competition:
      • Cisco
    • 112. Best Western MultiService WLAN Guest Internet Access Service Intelligent Access & Service Control
      • Segment traffic per VSC for security
      • Authenticate hotspot users via Airpath back-end service
      • Additional VSCs available for future services
      VSC 1 Public Internet Access
      • Segment Traffic
      • Access Control
      • Best Effort Priority
      Wireless Guest Authentication and Direct Billing VSC 2 Guest Authentication
      • Segment Traffic
      • WPA Security
      Guest Wireless Voice Service (Future) Telephony
      • Segment Traffic
      • High priority
      VSC 3 VoIP Gateway Property Management System Internet
    • 113. Veteran Leadership Team
      • Barry Fougere - President & CEO
      • A.T. Kearney, EDS, Cambridge Strategic Mgt Group
      • Pierre Trudeau - Co-founder & CTO
      • Eicon Technology, Touch Tones Digital Jukebox
      • Larry Whitman - CFO
      • WaveSmith Networks, Shiva
      • John O’Hara – VP, Engineering
      • WaveSmith Networks, New Oak Communications
      • Marty Falaro – VP, Sales & Business Development
      • Altiga Networks, Cisco, PictureTel
      • Roger Sands – VP, Enterprise Development
      • Accton Technoloogies, US Robotics
      • Ken MacLure – VP, Operations
      • Narad Networks, Cascade
      • Michael Welts – VP, Marketing
      • Unisphere, Castle Networks, Bay Networks
    • 114. Demonstration Setup MSC-3300 MAP-330 5.8GHz WDS Secure Link In Charge CNMS 192.168.2.20 RADIUS/Apache 192.168.2.99 WIN2K Server 192.168.2.100 Gateway Router Internet

    ×