iPods, iPhones and iPads – The Challenge of Managing Wireless Clients


Published on

802.11n may signal the end of Ethernet, but by itself it’s no more than just faster connectivity. In the real world it needs to cope with an explosion in the number – and type – of connected clients and work in an increasingly congested RF environment. How can this be achieved?

Published in: Technology
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide
  • Discuss how organisations have become geographically and organizationally distributed
  • Speaking about the change from two handed mobility to one handed mobility  On Apple:http://blogs.techrepublic.com.com/mac/?p=654http://www.apple.com/pr/library/2010/07/20results.htmlhttp://www.zdnet.com/blog/btl/apple-ipad-breaking-through-in-the-enterprise/36542?tag=leftCol;post-654On RIM:http://www.rim.com/investors/documents/pdf/financial/2011/Q2_financial_information.pdf On Motorola: http://investor.motorola.com/common/download/download.cfm?companyid=ABEA-2FO3VV&fileid=391258&filekey=6a20c007-8ed1-45c4-ab9a-f0ccfca3c819&filename=Q2_2010_Motorola_Inc_Earnings_Conference_Call_Presentation.pdf (slide 10) On Smartphone growth, it is actually >50% according to IDC:http://www.idc.com/getdoc.jsp?containerId=prUS22486010 On Laptops/Netbooks according to Gartner:http://www.gartner.com/it/page.jsp?id=1374913
  • If tow out of three networking devices the average employee has, doesn’t have an ethernet port, how much money is being wasted with empty desks in the mobile enterprise, how useful is the network port to the iPad
  • This was the era of ABG networks, of overlay networksThe era of hotspots,The era of two handed mobility
  • The End of abg networks, the rise of 11n, the move to a pervasive network because of one handed mobility.The need for the network to be more reliableThe need for the network to be more secure to consumer devices (peap on the iPad)The need for managability and able to fault-find, (RF / Spectrum / history)So how do you start to manage these devices
  • ARM is find for WifI, but what if you have non wifi sources (microwave ovens, central heating pumps, TV trucks parked outside your building) you need Spectrum Analyis. Some sources are wideband, like a microwave oven.Speak about how this is important to make a solution that is always available, that is quick to resolve issues.There is not much point having it in a device that is just moved around because you need it there when you have the problem, not 4 hours later when you finally get an engineer to site.It’s not just about pretty colours, it’s also about having a signatiure that allows us to recognise what the thing is that is causing trouble . In other words, its not just a spectrogram, it will tell you what device is making the RF noise, and where it is is, and an alert is sent
  • Since the iPad doesn’t support OKC it is strongly recommended to enable “Validate PMKID” . If Validate PMKID is not enabled the Access Point will not check for the PKMID Since the iPad is not supporting OKC it will not send the PMKID When roaming to an AP the first time and connecting without the client sending the PMKID, the AP will never start the authentication process resulting in connection failure.iPads hold onto their IP address so it is essential to have Layer 3 roaming.To support weak encryption OP modes WEP or TKIP “Allow weak encryption” must be enabled within the High throughput SSID profile or the iPad will fail to connect to the wireless network. WPA2-AES EAP-TLS (Terminating on Aruba Controller) To configure and deploy EAP-TLS with the iPad you must download and install the iPhone Configuration Utility For Windows http://support.apple.com/kb/dl926 For Mac OS http://support.apple.com/kb/DL851 Once you installed the iPad configuration utility you can configure the iPad for EAP-TLS. These instructions imply you have access to your organizations Root and Personal Certificate needed for authentication. The root certificate and client certificate must be installed on the PC from which you are configuring the iPad using the iPhone configuration. Drop broadcast and Multicast with Aruba Controller’s stateful firewall Multicast and broadcast traffic can wreak havoc on WLAN performance. On a WLAN broadcast and multicast is sent at lower rates to ensure that can be heard by the farthest client from the AP reducing the overall performance in the process. Since the bulk of the mcast/bcast traffic is generated by the clients through applications like Bonjour, iTunes, or other peer to peer applications this type of traffic could be reduced or eliminated all together.
  • So characterising the performance of the iPad is very important to know what can be expexted,Our whitepaper – download it.
  • Now that we have let you know about the different set of technologies we are bringing to market – let’s talk a little bit about what type of resources we are making available for the industry, for our customers and channel partners. Aruba is releasing a Validated Reference Design (VRD) guide on High Density Wireless Networks– providing detailed information on how to implement a wireless network that must provide high-speed access to an auditorium-style room with 500 or more seats. It explains the design principles, capacity planning methods, and physical installation knowledge needed to successfully deploy WLANs with high user density. Certainly a unique piece of collateral in the industry. While many vendors have published test results showing that they can support high density of users, they never told anyone how to do it and what to watch out for. This paper is aimed at bridging that gap. Anything from AP placement to radio coverage patterns to Aruba mobility controller configuration for different performance requirements are explained in this paper. Aruba is also releasing a whitepaperon enabling high performance wireless networking for the Apple iPadin the enterprise. This paper highlights best practices for interoperability between Aruba WLANs and the Apple iPad, step-by-step configuration of the Apple iPad for secure wireless LAN authentication, and a set of wireless LAN test results on the Apple iPad. For instance, roaming results with the iPad was tested using Aruba Networks corporate network with WPA2-Enterprise, with AES encryption using applications that require constant high quality network such as iSIP VoIP client, Skype, iTunes and YouTube.Last but not least, a third party validation by Network Test. Dave Newman, president of Network Test, I am sure you know who he is from his extensive participation in NetworkWorldClearChoice awards – he is quoted in our press release and ready to talk with you if you wish to give him a call. He has validated Aruba’s wireless LAN performance, ARM technology and Spectrum Analyzer in a high density client environment. Key goal for the test was to see if all clients in a densely populated environment can meet high performance service level requirements. Test results show that 80x wireless clients from different manufacturer all achieve fair access to the 802.11 medium and satisfy 7.5Mbps service level requirement across 4x Aruba AP-105 802.11n access points. According to test results, efficiency in using available 802.11 channel bandwidth improves by 30% with the introduction of Aruba’s ARM technology.
  • iPods, iPhones and iPads – The Challenge of Managing Wireless Clients

    1. 1. Beyond 11n: Managing the “i” in EnterpriseOctober 2010<br />Roger HockadayDirector of Marketing<br />Aruba Networks EMEA<br />
    2. 2. Aruba at a Glance<br />Overview<br />Innovation Leader<br />Cumulative Aruba Customers<br />(Domestic & International)<br />
    3. 3. Megatrends for Users – Virtual workforce <br />Traditional Workforce<br />New ‘Virtual’ Workforce<br />Sales<br />Contractors<br />Finance<br />Operations<br /><ul><li>Increasingly Heterogeneous
    4. 4. Contractors, consultants, auditors, partners, …
    5. 5. Geographically Dispersed</li></ul>-- 88% of employees work outside HQ (Source: Nemertes Research)<br />-- Half of employees spend more than 20% time away from their primary work area (Yankee Group)<br />
    6. 6. Megatrend for Network – Onslaught of Clients<br />Mobile PCs<br /><ul><li> >3M sold in 80 days (3)
    7. 7. 50% of Fortune 500 (3)
    8. 8. >40% growth (1)
    9. 9. Netbook sales up >70% (1)
    10. 10. Average price down >15% (1)</li></ul>Smartphones<br />(1) Latest numbers from Gartner<br />(2) IDC Worldwide Quarterly Mobile Phone Tracker, September 2010<br />(3) Apple Q2’FY10 Financial Results<br />(4) Motorola Q2’CY10 Financial Results<br />(5) RIM Q2’FY10 Financial Results<br /><ul><li> >50% growth in first 6 months of 2010 (2)
    11. 11. >8M iPhones(3), >2M Motorola devices (4), >12M Blackberries (5) in 3 months</li></li></ul><li>Computer of Choice Has Changed<br />120 Million iOSdevices sold to date <br />
    12. 12. What Price the Ethernet Port?<br />DesktopPC<br />PBX<br />DeskPhone<br />Server<br />PSTN<br />Internet<br />SparePort 1<br />Wall<br />Jack<br />LAN Switch<br />Firewall<br />Spare Port 2<br />Server Ports<br />User Ports<br />User Office<br />Data Center<br />Over-Provisioned and Under-Subscribed<br /><ul><li>Unpredictable user moves, adds, changes results in an over-provisioned network
    13. 13. Non-blocking network philosophy results in massive under-utilization</li></li></ul><li>End of the ‘Hotspot’ WLAN?<br />Controller<br />Wireless LAN<br />Controller<br />Distribution<br />Access<br />Core<br />Data Center<br />Traditional WLAN will be challenged<br /><ul><li>Scaling connectivity will challenge coverage
    14. 14. Tools must be in place to allow effective support and management</li></li></ul><li>Wireless LAN<br />Distribution<br />Access<br />Core<br />Data Center<br />Performance<br /><ul><li>WLAN speeds to match or exceed that of the wired LAN,</li></ul>Reliability<br /><ul><li>Eliminate coverage holes, manage RF automatically, and guarantee client connection</li></ul>Manageability<br /><ul><li>Create a wireless network as reliable, supportable, and accountable as the wired</li></ul>End of the ‘Hotspot’ WLAN?<br />
    15. 15. Differentiate Access by Device Type<br />AAA FastConnect<br />Role-Based Access Control<br />Access Rights<br />SSID-Based Access Control<br />RADIUS<br />LDAP<br />AD<br />Staff<br />Windows user<br />Virtual AP 1<br />SSID: Corp<br />iPad user<br />Contractors<br />Blackberry<br />Voice<br />HR<br />Virtual AP 2<br />SSID: GUEST<br />Video<br />Corporate<br />Services<br />DMZ<br />Secure Tunnel<br />To DMZ<br />Guest<br />Captive Portal<br />Guest<br /><ul><li> Single Infrastructure
    16. 16. Differentiated Access
    17. 17. By User, Device, App
    18. 18. By Time, Location</li></ul>Continuous Compliance Monitoring for Sensitive Data<br />Zero-Day Attack Detection and Protection<br />User Quarantine vs. User Blacklisting<br />
    19. 19. Adaptive Radio Management<br />5 GHz<br />Ch 161<br />5 GHz<br />Ch 52<br />5 GHz<br />Ch 149<br />2.4 GHz<br />Ch 1<br />2.4 GHz<br />Ch 11<br />5 GHz<br />Ch 36<br />2.4 GHz<br />Ch 6<br />2.4 GHz<br />Ch 1<br />Adaptive RF – Automate RF setup and optimization<br />Band Steering – Load balance clients to higher capacity 5GHz band<br />Spectrum Load Balancing – Load balance clients across channels<br />Co-Channel Interference – Coordinated access to APs that share a single channel<br />Airtime Fairness – Scheduled access for dense deployment of mixed clients<br />Self-Healing– Adjust power to address coverage holes<br />X<br />X<br />X<br />
    20. 20. Always-On Spectrum Analysis<br />Cost Effective<br /><ul><li>Integrated to Wi-Fi chipset in all Aruba 802.11n APs
    21. 21. Does not require specialized AP or external laptop for monitoring</li></ul>Always On<br /><ul><li>No specialized chip in AP
    22. 22. No need to spare scanning time
    23. 23. Record and Playback on Demand</li></ul>Detailed Charts<br /><ul><li>14 simultaneous views within the Aruba Mobility Controller
    24. 24. No need for external laptop</li></li></ul><li>iPad Interoperability Considerations<br />Enhanced Roaming<br /><ul><li>Validate PMKID should be enabled for all Apple clients</li></ul>Support Weak Opmodes<br /><ul><li>To support WEP/TKIP “allow weak encryption” or iPad will not connect </li></ul>Strong (WPA2) Recommended<br /><ul><li>WPA2-AES EAP-TLS requires iPhone configuration utility kb/dl926 & kb/DL851
    25. 25. Root & client cert for auth</li></ul>Stateful Firewall & Multicast <br /><ul><li>Drop broadcast/multicast or limit applications like Bonjour, iTunes, other peer-to-peer apps</li></li></ul><li>Apple iPad Interoperability<br />New!<br /><ul><li>Security
    26. 26. Encryption, Authentication, EAP methods supported
    27. 27. Roaming
    28. 28. Layer 2 and Layer 3
    29. 29. Inter and intra-controller
    30. 30. Performance, Hibernate
    31. 31. Ixia Chariot throughput (1x1:1)
    32. 32. Rate vs. range
    33. 33. Sleep/awake/move/reboot
    34. 34. Works with Aruba ARM
    35. 35. Air-time fairness, Band Balancing, Spectrum Load Balancing</li></li></ul><li>Validated Performance<br />High Density Wireless Reference Design Guide<br />1.<br />iPad Technical Brief<br />2.<br />Network Test 3rd Party Validation: <br />High Density Clients with Aruba ARM and <br />Aruba Spectrum Analyzer<br />3.<br />