BYOD and Beyond: Implementing a unified access solution


Published on

This book is designed for IT department network directors or specialists who are seeking solutions to their organization’s unique networking issues in responding to the challenges of technological trends, including BYOD, cloud computing, virtualization, mobility, and rich media collaboration for a truly unified access solution ...

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

BYOD and Beyond: Implementing a unified access solution

  1. 1. HP Solutions Series BYOD and Beyond access solution John Faulkner
  2. 2. About this book Focusing on the business challenges and opportunities presented by BYOD, Access solution of open, standards-based solutions. Discover how this solution helps businesses of all sizes improve the user experience, strengthen security, and simplify management, while reducing capital investments and operating expenses. This book is designed for IT department network directors or specialists who are seeking solutions to their organization’s unique networking issues in responding to the challenges of technological trends, including BYOD, cloud computing, virtualization, mobility, and rich media collaboration for a truly About HP HP creates new possibilities for technology to have a meaningful impact on people, businesses, governments, and society. As the world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services, and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at HP Press |
  3. 3. HP Solution Series BYOD and Beyond: Implementing a unified access solution HP Press 660 4th Street, #802 San Francisco, CA 94107
  4. 4. BYOD and Beyond: Implementing a unified access solution © 2013 Hewlett-Packard Development Company, L.P. Published by: HP Press 660 4th Street, #802 San Francisco, CA 94107 All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review. Warning and disclaimer This book is designed to provide information about HP Unified Wired and Wireless Access. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied. The information is provided on an “as is” basis. The author, HP Press, and Hewlett-Packard Development Company, L.P., shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it. The opinions expressed in this book belong to the author and are not necessarily those of Hewlett-Packard Development Company, L.P. Readers should be aware that Internet websites offered as citations and/or sources for further information may have changed or disappeared between the time this is written and when it is read. Trademark and acknowledgments All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. HP Press or Hewlett Packard Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
  5. 5. Feedback information At HP Press, our goal is to create in-depth technical books of the best quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the expertise of members from the professional technical community. Readers’ feedback is a continuation of the process. If you have any comments regarding how we could improve the quality of this book, or otherwise alter it to better suit your needs, you can contact us through email at Please make sure to include the book title in your message. We appreciate your feedback. HP HEADQUARTERS Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 USA Phone: (+1) 650-857-1501 Fax: (+1) 650-857-5518 HP, COMPAQ and any other product or service name or slogan or logo contained in the HP Press publications or web site are trademarks of HP and its suppliers or licensors and may not be copied, imitated, or used, in whole or in part, without the prior written permission of HP or the applicable trademark holder. Ownership of all such trademarks and the goodwill associated therewith remains with HP or the applicable trademark holder. Without limiting the generality of the foregoing: a. Microsoft, Windows and Windows Vista are either US registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries; and b. Celeron, Celeron Inside, Centrino, Centrino Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Core Inside, Intel Inside Logo, Intel Viiv, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, ViiV Inside, vPro Inside, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries.
  6. 6. iv Contents Chapter 1 Business opportunities versus networking challenges........................................................1 Consumerization driving BYOD........................................................... 2 Video driving UC&C............................................................................... 3 Technological challenges to BYOD and UC&C solutions.................. 4 Consumer devices, video, and voice .............................................4 Legacy systems................................................................................5 BYOD...................................................................................................5 Beyond the technical challenges........................................................ 6 UC&C and rich media........................................................................7 IT factors driving unified access......................................................... 7 Vendors moving beyond physical connections................................ 9 Gartner Magic Quadrant: HP a leader.............................................. 11 The HP solution.................................................................................. 12 Chapter 2 The HP Unified Wired and Wireless Access solution....................................................................... 15 Evaluating your current infrastructure........................................... 16 Architectural considerations........................................................16 Four top considerations................................................................16 Changing the rules of user access.................................................... 18 The HP three-phase approach.......................................................... 18 Phase 1: Unify wired and wireless networks.............................19 Phase 2: Optimize for wireless connectivity..............................20 Phase 3: Accelerate—provide wireless as the key form of connectivity.................................................................................21 Unifying the campus edge with integrated functionality ............ 23
  7. 7. v Chapter 3 Building a better network with HP........................ 27 HP Unified Wired and Wireless Access............................................. 27 HP wired switches for Unified Wired and Wireless Access............ 29 HP WLAN access points and controllers for unified access.......... 33 Features and benefits of HP Intelligent Management Center...... 36 Chapter 4 HP unified access meets the challenge............. 41 Key unified access features: BYOD................................................... 42 Key unified access features: UC&C................................................... 43 Key unified access features: rich media.......................................... 45 Chapter 5 Expert resources and next steps............................. 49 HP expertise........................................................................................ 49 HP ExpertOne career certifications for IT professionals.............. 50 More resources................................................................................... 52
  8. 8. Chapter 1 Business opportunities versus networking challenges In this chapter 99 are the technological challenges to implementing rich-media, bringWhat your-own-device (BYOD), and unified communications and collaboration (UC&C) solutions which can also be virtualized? 99 is the best way to unify a wired and wireless LAN (WLAN) edge? What 99 are the business requirements for implementing BYOD and UC&C policies What and procedures? 99 do industry analysts position the HP solution for unified wired and How wireless access? 99 is the HP solution for BYOD and UC&C challenges? What “T he rise of ‘bring your own device’ programs is the single most radical shift in the economics of client computing for business since PCs invaded the workplace,” 1 writes analyst David Willis for Gartner, Inc. Whether you are contemplating the creation of a BYOD program or currently trying to establish one, you already know that Mr. Willis is not overstating the obvious. There are not only new device types coming online but also rich-media applications that integrate voice, instant messaging, video, and email with enterprise software. This adds a new dimension of integration so that employees can communicate in real time and increases emerging technologies, such as virtualization, which need specific security and compliance requirements. And,
  9. 9. 2 Chapter 1: Business opportunities versus networking challenges although the trend has far-reaching implications not only for companies but also for the global workforce, the solutions cannot be revolutionary but must be evolutionary. In this chapter, we examine the factors that are driving companies like yours to implement BYOD and UC&C initiatives. The success of those initiatives is dependent on the consolidation and simplification of the network. We also explore business requirements for BYOD and UC&C initiatives and the reasons HP is positioned as a leader. And we take a conceptual look at HP Networking solutions. Consumerization driving BYOD Several consumer factors have shaped the acceptance of personal devices in business environments: zz Approximately half of U.S. adults own a smartphone, with rates higher among more educated and well-off individuals.2 zz The endpoint commodities, such as smartphones, tablets, and laptops, used by consumers compared to business users are converging. In the mid-1990s, devices used by business were very different from their consumer counterparts. Today, however, consumer smartphones and tablets often surpass the requirements of the business user. zz With significantly improved network performance, personal devices can use powerful software that is in the cloud. zz Consumers not only have more demanding computing devices but they are also upgrading faster than in the past. Consequently, companies can keep up with mobile technology innovation more effectively by catering to consumer devices rather than by adopting technology at the slower traditional pace of business. BYOD programs can improve employee satisfaction, which can be critical to attracting and retaining talented staff. Many Gartner clients report that satisfaction with IT improves substantially among users who opt in to companies’ BYOD programs.3 Plus, consumer buyers can take advantage of device and domestic-service costs that typically are on par with the deals that companies can leverage for their employees. As this parity creates an impact on commodities and services, the only difference between consumer and enterprise endpoints is the software—an area that IT can affect and, in many ways, control.
  10. 10. BYOD and Beyond Figure 1-1  Working environment requiring unified access solution Video driving UC&C Like the BYOD movement, several factors have shaped the business videobased communications that drive UC&C strategies, such as: zz Simplified and more effective usage of the increasingly broad range of communications and collaboration options, such as VoIP phones, for example. zz Improved responsiveness of individuals and groups to events like videobased webinars. zz Increased integration of communication functionality and tools, such as Microsoft Lync with applications like Microsoft Office. Some types of rich-media communications are more prevalent, such as webcasts and video conferencing, and some are new, such as troubleshooting manufacturing processes, creating transparency of government processes, and surveillance. Others include customer and employee training, as well as digital signage. 3
  11. 11. 4 Chapter 1: Business opportunities versus networking challenges These UC&C methods can be divided into two categories—live streaming (such as one-to-many webcasts, one-to-one video conferencing, many-toone video collaboration, or many-to-one surveillance) and on-demand video (training, downloading, movies, and digital signage). The demands on the network are different for each one: real-time streaming is very susceptible to network delays, and on-demand video is more resilient due to local buffering. Rich communications over the network require an infrastructure that delivers low latency and high resiliency and that ensures end-to-end traffic prioritization. The solution stack involves functionality from infrastructure to application layers. The network layer supports functionality, such as wired and wireless connectivity, QoS, virtualization, and optimization. The session layer provides video-call initiation, user registration, and interoperability; the application layer provides access to video application and integration with other UC&C applications. Security and manageability span across each layer. Technological challenges to BYOD and UC&C solutions IT is straining to adapt to the challenge of providing secure connectivity for: zz Users who are on the move. zz Devices that talk to one another without human intervention. zz Workers’ reliance on real-time, interactive, and cloud-based applications and services. Consumer devices, video, and voice Campus and branch networks must adapt to the latest WLAN mobility requirements for the new digital lifestyle driven by the consumerization of IT. A 2012 Gartner survey of CIOs at Gartner Summit events in the United States and Europe indicated that by 2014, 80 percent of the global workforce might be eligible to participate in BYOD programs.4 As video gains popularity for everyday collaboration, the rise of IP voice and video is requiring campus networks to have higher levels of performance and availability. To deliver the high-quality experience users expect from voice and video (which is driven by consumerization), the campus network must scale significantly to accommodate increased bandwidth, users, and services.
  12. 12. BYOD and Beyond Legacy systems Most enterprise networks were designed before the widespread adoption of mobility. Distributed applications and video, PCs, servers, and other computers were stationary. Applications were client/server, and user connectivity and network design were rigidly defined. Advanced threats—growing in sophistication and persistence every day—are bombarding corporate networks and endpoints. Using legacy three-tier architectures to provide secure access to workers who often access enterprise resources over both secured and unsecured wired, wireless, and remote connections is too complex and costly. As employees’ personally owned smartphones, tablets, and laptops gain access to the heart of corporate applications, resources, and data, the swift uptake of BYOD programs heightens the challenge. The velocity of transitioning to these new requirements makes the divide wider between wired and wireless on the campus and branch networks. Readily apparent to network administrators, “swivel-chair” management is the norm as IT juggles multiple disjointed tools in an attempt to control the entirety of the enterprise network. BYOD A BYOD strategy is often for a large minority of professional employees and part-time workers, but it is also being considered for the majority of contractors, interns, consultants, and other workers not directly employed by the enterprise. With a BYOD program, users are permitted certain access rights to enterprise applications and information on personally owned devices, subject to users accepting enterprise security and management policies. Users select and purchase devices, although IT might provide a list of acceptable devices for purchase. In turn, IT provides partial or full support for device access, applications, and data. In each case, support might be limited. Each organization decides whether to provide full, partial, or no reimbursement for the device or service plan. IT’s best strategy to deal with the rise of BYOD is to address it with a combination of policy, software, infrastructure controls, and education in the near term and with application management and appropriate cloud services in the longer term. BYOD impacts corporate risk, infrastructure and software costs, customer service levels, and TCO. It typically requires delivery mechanisms 5
  13. 13. 6 Chapter 1: Business opportunities versus networking challenges (app stores, file-sharing systems, and desktop virtualization) and significant technology protections, including authentication, network access control (NAC), mobile device management (MDM) and mobile application management, encryption, and content protections. It often forces companies to adopt thinner-client architectures, multiplatform mobile-application development environments and frameworks, and HTML5 for mobile applications. Companies might decide for various reasons not to have a BYOD program. In today’s business world, however, it is as important to declare that personal devices are not acceptable endpoints to access company data as a policy as it is to develop a BYOD program. Otherwise, employees might assume that BYOD is an acceptable practice, and this assumption can unnecessarily complicate employee expectations and relationships. Beyond the technical challenges Although the technical challenges are most critical to the success of BYOD initiatives, several administrative tasks are also fundamental to effectively implementing and sustaining BYOD policies, including: zz Organization-specific BYOD policies that are developed in conjunction with Legal and HR. zz Guidelines for who is eligible (and who is not). zz New employee agreements for support, risk, and responsibility. zz Adjustments to service levels. zz Service-desk training. zz Funding and reimbursement strategies. zz Employee education. zz IT specifications on acceptable devices. The approach to BYOD policies typically requires customization by country. It can also have tax implications for both employee and employer.
  14. 14. BYOD and Beyond UC&C and rich media Effective communication tools are critical for the success of businesses. With the adoption of new technologies, business communications are constantly changing. Not too long ago, new tools emerged, such as email, instant messaging, collaboration applications, and thin clients. Presence has now become an integral part of the repertoire of communication tools. As a result, legacy telephony systems are migrating to VoIP systems to reduce operational costs and to simplify integration with other UC&C tools. Now, visual communication is in the vanguard, and businesses are deciding how to make use of video. Video communication can be used to resolve customers’ issues quickly, train employees and customers, and help executive management teams communicate corporate priorities with an entire organization simultaneously. IP cameras are deployed in process manufacturing to troubleshoot issues with production lines and for surveillance at public venues, like malls and stadiums. Frost & Sullivan research shows that 76 percent of companies use some version of video conferencing today, and 38 percent use it extensively throughout their organizations.5 Legacy networks were designed to handle data communications. The convergence of data, voice, video, and collaboration tools is pushing legacy networks to a breaking point. The impact of enabling video is immediately felt on the network, so careful consideration must be given to designing optimal networks with capabilities to support rich-media communications. IT factors driving unified access In addition to the demand for BYOD and UC&C solutions, limited IT resources and reduced IT budgets are dictating what IT purchases and deploys at the edge of the network. As businesses adjust the size of their infrastructures for efficiency, the number of switching ports at the network edge continues to decrease. And, according to a 2012 Gartner survey, 76 percent of enterprises have only one employee dedicated to making these changes.6 As a result, these changes are driving the evolutionary emergence of a unified access layer that provides both wired and wireless connectivity. 7
  15. 15. 8 Chapter 1: Business opportunities versus networking challenges Gartner Report: Impact of WLANs and reduced complexity at the edge According to Gartner research,7 WLANs will address the new connectivity requirements, and enterprises will re-evaluate how wired ports are used, eliminating unneeded ports. IT organizations will reduce the complexity and costs of provisioning and managing network components by eliminating the need for duplicate network applications and consoles. The following is excerpted from that report. Impact: Wireless LANs will address new connectivity requirements, and enterprises will rightsize the edge of the network by re-evaluating how wired ports are used and eliminate unneeded ports. IT organizations continue to scrutinize network designs. At the edge of the network this includes understanding how many users are actually connecting to the wired ports that are currently deployed within the enterprise. Standard network tools will report to IT managers the number of times the network is accessed and how active network ports have been for a defined period of time. These reports will help enterprise eliminate unused ports without affecting service to end users. Users are bringing more devices to the enterprise for connectivity, and these new devices are seeking wireless connectivity, so rightsizing the current usage of existing ports will decrease the number of switch ports that need to be refreshed, as well as the savings associated with the maintenance and requirements for additional upstream ports. Impact: IT organizations will reduce the complexity and costs of provisioning and managing network components by eliminating the need for duplicate network applications and consoles. As switching companies continue to integrate wireless products into a unified access layer solution, enterprises are looking for the tools needed to provision, manage, secure and maintain all components with the access layer of the network to be consolidated. It is no longer acceptable to have two different network management applications or differing guest access applications, especially if the solution is being provided by the same vendor. Unifying network service applications reduces complexity by providing a single display and reduces costs associated with redundant solutions.
  16. 16. BYOD and Beyond Impact: Network service application innovation is being delivered by WLAN vendors, and enterprises will purchase this new function across the edge of the network to both wired and wireless clients. Innovative leadership functionality for network service applications in recent years has been led by wireless vendors. The adoption of 802.1X for client security across the network was enhanced when the industry felt that wireless networks were unsecure. Guest access has moved from a media access control (MAC) access control list (ACL) with a single captive portal experience to certificate-based and Web-based authentication methods that provide a front end to multiple captive portals that allow IT organizations to define the end-user experience with much more granularity. The ability to integrate context-aware variables such as location, as well as time and date, provide even more granularity for enterprises to control where and when users access the network. Vendors moving beyond physical connections More frequently, vendors are providing network services and applications beyond the physical connection, including: zz Role-provisioning and guest-access administration for wired and wireless guests. zz Firewalls. zz Policy enforcement. zz Network management integrated with system management that is aware of wired components and is WLAN-vendor independent. zz Onboarding and NAC, including authentication and authorization services. zz WLAN forensics. zz Intrusion protection for wired LANs and WLANs. zz Voice services that enhance the application, including integrating with unified communications services. zz Video services that enhance the application. zz Location-based management. services, context-oriented services, and asset 9
  17. 17. 10 Chapter 1: Business opportunities versus networking challenges As vendors continue to expand their functionality, they provide additional information to enterprises, enabling clients to maximize the productivity and ROI of all access-layer connectivity. Unified access business requirements for BYOD and UC&C programs To establish BYOD and UC&C programs, several business requirements must be met: zz Secure network access for end users, regardless of device types, that is, consistent security and policy enforcement for all wired and wireless devices. zz Provide seamless performance for enterprisewide applications across the wired and wireless network so that video and rich media run smoothly with wireless near-gigabit speeds. zz Accelerate productivity across the organization (rich-media access from any wired or wireless device). zz Reduce the complexity and the costs of provisioning and managing network components (integrated network management tools with full network and application visibility). zz Purchase devices and software that are based on industry standards. HP Networking is placed in the Leaders section* of the Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.8 *Gartner does not endorse any vendor, product, or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
  18. 18. BYOD and Beyond 11 Gartner Magic Quadrant: HP a leader Gartner evaluation criteria To place vendors in the Magic Quadrant for the Wired and Wireless LAN Access Infrastructure arena, Gartner based its in-depth analysis on a wide variety of criteria, from the effectiveness of the products to the health of the organization, as well as presales, marketing, operations, and completeness of vision. Ability to execute zz Product/service zz Overall viability (business unit, financial, strategy, or organization) zz Sales execution/pricing zz Market responsiveness and track record zz Market execution zz Customer experience zz Operations Completeness of vision zz Market understanding zz Market strategy zz Sales strategy zz Offering (product) strategy zz Business model zz Vertical/industry strategy zz Innovation zz Geographic strategy According to the research analysts at Gartner, “Connectivity at the edge of the enterprise network is more than just a wired or wireless LAN infrastructure. Enterprises must choose infrastructure vendors that support network services, including security and management, and can integrate wired and wireless networking products.”9
  19. 19. 12 Chapter 1: Business opportunities versus networking challenges To help its clients find the right vendor for their wired and wireless infrastructures, Gartner has developed its Magic Quadrant for Wired and Wireless LAN Infrastructure by evaluating vendors that supply such products with a comprehensive set of criteria (see sidebar, “Gartner evaluation criteria”). The quadrant’s four sections are labeled Challengers, Niche Players, Leaders, and Visionaries. The HP solution HP integrates functionality to unify access at the network edge. The HP solution includes a comprehensive portfolio of campus access technologies so that businesses can deliver high-performance, reliable network services to growing numbers of mobile users, with many benefits, including: zz High-performance wireless to support today’s and tomorrow’s mobile devices. zz Optimal wireless and high-speed wired connectivity. zz HP Intelligent Management Center (IMC) role-based access and centralized policy enforcement for consistent wired and wireless security. zz Energy efficiency for greater savings. zz Greater visibility into network and application performance with HP IMC single-pane-of-glass management. zz Simplified architecture with enterprise-class reliability. zz Global reach of HP sales channel, plus service and support.
  20. 20. BYOD and Beyond 13 Key takeaways With the HP Unified Wired and Wireless Access solution, IT can unify wired and wireless LANs to deliver consistent user experience, integrated security, and singlepane-of-glass management. 99 End-device security and management, along with reliable network performance for wired and wireless connectivity, optimized power, and clear visibility, are the key technological challenges faced by IT today. 99 Secure access, smooth enterprise-application delivery, worker satisfaction, reduced complexity, and industry standards are key requirements for a unified access solution. 99 HP Networking portfolio of solutions that provide wired and wireless The access, plus network management—all based on industry standards—is the key reason behind HP leadership in the Gartner Magic Quadrant. The HP sales channel and service and support provide global reach and access to opportunities that few companies can match. 99 Campus networks can be unified with the HP Unified Wired and Wireless Access solution to improve the user experience, strengthen security, and simplify management. By integrating wired and wireless networks at the edge, you can more effectively enforce security and manage the network as a cohesive integrated system. In the following chapters, we look at the details of the unified wired and wireless access solutions, specific HP technologies, their benefits and features, and how these products and services meet the connectivity challenges of your enterprise. We also outline next steps and describe how to take advantage of key HP services to unify your enterprise’s wired and wireless connectivity.
  21. 21. 14 Chapter 1: Business opportunities versus networking challenges References 1 Willis, David. “Bring Your Own Device: New Opportunities, New Challenges.” Gartner, Inc. August 16, 2012. 2 Smith, Aaron. “Nearly half of Americans adults are smartphone owners.” Pew Internet, Pew Charitable Trust, March 1, 2012. Smartphone-Update-2012/Findings.aspx 3 Willis, David. “Bring Your Own Device: New Opportunities, New Challenges.” Gartner, Inc. August 16, 2012. 4 Disabato, Michael. “Creating a Bring Your Own Device (BYOD) Policy.” Gartner, Inc. April 13, 2012. 5 “Best Practices for Successful Video Collaboration—Services Make All the Difference.” Frost & Sullivan. July 2010. promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdf 6 Zimmerman, Tim, and Mark Fabbi. “Unified Access Layer Forces Changes to Infrastructure Thinking at the Edge of the Network.” Gartner, Inc. March 20, 2012. 7 Ibid. 8 Zimmerman, Tim, and Mark Fabbi. “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.” Gartner, Inc. June 13, 2012. 9 Ibid.
  22. 22. Chapter 2 The HP Unified Wired and Wireless Access solution In this chapter 99 issues should you consider before planning a unified access solution? What 99 is the HP approach to implementing a unified access solution? What 99 is the current HP Unified Wired and Wireless Access solution? What 99 key features are critical to deploying a unified access solution? What N ow that your company has decided to implement a BYOD program, you have been tasked with addressing the technical issues. Your legacy IT infrastructure is struggling to keep up with current needs, and now you need to ensure network performance for bandwidth-intensive applications, simplify deployment and management, and maintain security with limited resources. The preferred way for your users to connect to wireless is through a WLAN rather than through lower-speed 3G or 4G networks. Your employees and contractors around the globe need access to applications from anywhere at any time to stay productive, which means applications must be delivered flawlessly from a virtual data center to a virtual workplace, around the clock. Before we look at the HP three-phase approach to unifying your network access, consider the four top issues for evaluating a unified wired and wireless access solution that can help you design a road map for success.
  23. 23. 16 Chapter 2: The HP Unified Wired and Wireless Access solution Evaluating your current infrastructure Start your road map for a unified network by assessing and evaluating your existing network infrastructure and how your organization wants to grow the network based on which applications need to be accessed by which users and from which locations. Next, estimate the traffic load that wireless users and new mobile applications will impose upon the wired and wireless infrastructure. Then, identify potential bottlenecks that might require capacity upgrades. Architectural considerations When unifying wired and wireless, there are also architectural considerations. You need to provide unified network access as part of a networking solution that leverages common hardware and software. Then, you must also provide consistent and correlated wired and wireless services, such as network management and policy enforcement, as well as a scalable network core to optimize end-to-end application performance. When implemented correctly, mobility appears as just another integrated service of an enterprise networking solution, like routing and security. Four top considerations Before we describe the HP Unified Wired and Wireless Access solution, we take a look at the four top considerations to implementing a unified wired and wireless network: zz Level of integration—Consider the level of integration between wired and wireless in a solution. Without the correct level of hardware integration, it is difficult for a solution to provide meaningful TCO reduction. For wired network devices, consider either integrated chassis-based solutions to lower acquisition costs, reduced rack space, and redundancy for always-on unified network access, or stackable switches that allow for growth over time. For wireless solutions, consider the latest generation of 802.11 technology for increased throughput, performance, and reliability.
  24. 24. BYOD and Beyond 17 zz Comprehensive, unified network management—It is no longer acceptable to have multiple network management applications or differing guest access and BYOD solutions. A common, intuitive, and automated solution for provisioning, monitoring, troubleshooting, and reporting that is based on combined and correlated wired and wireless network information is essential. This reduces software complexity, maintenance costs, and unplanned downtime by eliminating the need for redundant network management applications. In other words, unified management should improve operational and administrative efficiency, along with problem resolution. As a result, your IT staff has more time to focus on strategic initiatives. zz Integrated security—Role-based access and centralized policy enforcement ensure that security and policies are assigned and applied consistently for wired and wireless network access. Also, consider solutions with integrated BYOD support to provide network access control, policy enforcement, and quarantining for employee-owned devices, ensuring the security and regulatory compliance of your network infrastructure. zz Open standards—A unified access layer that is based on industry standards ensures a level of compatibility with installed endpoints and systems, and it simplifies support and integration of applications in your network. A survey from Information Week Analytics on its Network Computing website confirms that IT buyers favor products built to industry standards over those with the latest innovation.1 The report also notes “a general wariness of proprietary features, where many cuttingedge capabilities are in flux—either the standards aren’t complete or are yet to be widely adopted.” (For more information, see also the HP article, “Top 4 Considerations for Unified Wired and Wireless Access Solutions” by Martine Velkeniers at Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ ba-p/128941.)
  25. 25. 18 Chapter 2: The HP Unified Wired and Wireless Access solution Changing the rules of user access At HP, we are changing the rules of networking with HP FlexNetwork architecture, a component of proven HP Converged Infrastructure (for more information about HP Converged Infrastructure or HP FlexNetwork architecture, go to With FlexNetwork architecture (see Figure 2-1), networks can be open, scalable, secure, agile, and consistent from the data center, where applications are generated, to the campus and branch, where users consume them. Figure 2-1  The HP FlexNetwork architecture With HP FlexCampus, an integral part of HP FlexNetwork architecture, you can unify wired and WLAN campus networks to deliver consistent user experience, integrated security, and single-pane-of-glass management. The solution seamlessly connects servers, storage, applications, and end users across a highperformance network with one management platform to give you a simplified architecture, improved security, agile service delivery, and reduced IT costs. The HP three-phase approach The HP vision is an evolutionary three-phase approach to unifying network access that protects your existing investments and minimizes disruption along the way. In the first phase, you begin by unifying your existing wired network with your wireless network. In the second phase, you optimize the campus network for wireless connectivity. And, in the third phase, you accelerate by establishing wireless as the key form of connectivity, offering wired as needed (see Figure 2-2).
  26. 26. BYOD and Beyond 19 Figure 2-2  HP three-phase approach to unifying access Phase 1: Unify wired and wireless networks In the first phase, you unify access to wired and wireless networks to bring together these once-disparate networks in a seamless fashion. Unifying access improves the user experience and lowers capital and operational expenses. HP provides the flexibility to choose networking solutions that fit your company’s business needs. We offer a broad portfolio of wired switches and wireless LANs, and we continue to evolve our switches and mobility solutions. HP offers the following to unify the wired and wireless LAN access layer components: Integrated and dedicated wireless controllers—Seamless integration of WLAN controllers with HP fixed and modular switching platforms is an option from HP. These integrated controllers unify hardware to provide the necessary high availability and redundancy with one device to manage. Another option is dedicated mobility controllers, which are also available for customers with multivendor wireless networks.
  27. 27. 20 Chapter 2: The HP Unified Wired and Wireless Access solution Unified management and BYOD—HP Intelligent Management Center, or IMC, provides network monitoring and security for wired and wireless networks. HP IMC gives IT a single-pane-of-glass management application for the campus network and for data center and branch office networks. The HP Unified Wired and Wireless Access solution leverages technologies in HP IMC and the network infrastructure to protect company-issued and personally owned mobile devices. Your administrators can specify the network access rules, policies, and endpoint health posture requirements to meet your organization’s policies and industry-compliance requirements. IT can also manage BYOD devices across the full cycle, including device onboarding, provisioning, and monitoring, from the same tool. Network security and performance policies for BYOD and company-owned mobile devices can be dynamically provisioned based on user, device, location, and endpoint security health. Unified features—Because all HP products are based on industry standards, IT can deploy consistent features and access policies for all devices—no matter what type of device it is. Features, such as 802.11x, sFlow, and QoS, can be set once and pushed to all devices to provide consistency across the network. Also, with features such as Power Over Ethernet (PoE), management policies can be set to turn off devices at certain times during the day to help with energy efficiency. Phase 2: Optimize for wireless connectivity After implementing unified wired and wireless access in Phase 1 with the current HP tools, you can further optimize the WLAN on your campus networks. It is a new opportunity to rebalance your networks to make the WLAN ubiquitous. You can also reduce redundant access where and when it makes sense to further reduce capital and operational expenditures through HP Virtual Application Networks. In addition, HP RF optimization features and HP Wi-Fi Clear Connect software are important in further optimizing the performance of your wireless campus network. HP Wi-Fi Clear Connect automatically monitors and tunes the performance of your WLAN and adjusts to the changing RF conditions present in your environment. These capabilities make it easier for you to deliver the seamless Wi-Fi experience that your workers expect today.
  28. 28. BYOD and Beyond 21 Figure 2-3  HP Virtual Application Networks with HP FlexNetwork architecture Phase 3: Accelerate—provide wireless as the key form of connectivity In the third phase, you establish wireless as the key form of connectivity and wired availability as needed. During this phase, your IT can move to an allwireless network. You can also deploy Virtual Application Networks automation and administration with SLA monitoring, global policy management, highly granular access-based threat management, and agile provisioning. HP Virtual Application Networks delivers large-scale performance, resiliency, and security, as well as improved wireless capacity through RF innovation, such as multiuser multiple input and multiple output (MIMO) and smart antenna technology, along with advanced network management tools. In addition, Virtual Application Networks provides a seamless interface to the suite of HP Business Process Management tools for dynamic problem resolution, advanced analytics and client self-provisioning, distributed QoS and application support, and per-port intrusion prevention with acceleration.
  29. 29. 22 Chapter 2: The HP Unified Wired and Wireless Access solution Figure 2-4  HP Virtual Application Networks Administrators use templates to characterize application-delivery requirements to ensure optimal application performance and reliability. Different virtual networks can be designed to fit the needs of your various tenants, applications, and services. Policy templates specify a broad range of parameters, from QoS to security to bandwidth requirements. Polices are enforced consistently, even in global networks. The foundation of the Virtual Application Networks solution is HP IMC, which provides the tools to design, create, and manage these virtual networks. Ultimately, your administrators can quickly and efficiently design network connectivity and instantly connect new services, applications, and users to your network. Another key advance is that IT can manage the network with policies rather than with CLI scripts.
  30. 30. BYOD and Beyond 23 Unifying the campus edge with integrated functionality The HP Unified Wired and Wireless Access solution gives your IT the platform it needs to capture today’s rich-media, BYOD, UC&C, and converged-infrastructure transformations to enable business innovations. Selecting products from the comprehensive HP portfolio of campus access technologies, your business can deliver reliable high-performance network services to mobile users and rich-media applications. With guest and BYOD access, high-speed performance, consistent policy enforcement, and single-pane-of-glass management, HP unified access solutions deliver a clear advantage over standalone wired or wireless LAN solutions. High-performance wireless—HP offers a portfolio of high-performance wireless solutions, including dual 802.11n 450 Mb/s access points (APs) with three-stream technology. Also, HP MultiService Mobility (MSM) access points, RF optimization features, and wireless controllers deliver the wired-like performance needed to support today’s mobile workers. Optimal wireless connectivity—Enterprises and solution providers can use HP RF Planner to accurately model WLAN coverage by factoring in variables, such as physical features, building materials, and WLAN equipment characteristics. With RF Planner, your network architects can optimize 802.11n networks for today’s dense mobile environments. RF Planner also facilitates deployment by assessing security risks and generating equipment lists. As organizations add WLAN capacity to meet workers’ mobility needs, they typically deploy more PoE. PoE gives organizations greater flexibility in deployment and eliminates the need to run additional wires to power wireless access points or IP phones, IP surveillance cameras, and other devices. HP supports 802.3af PoE and IEEE 802.3at PoE+ in a broad selection of HP switches. Unified security and policy—In a world where users are constantly on the move, you can unify access control with HP products to strengthen your security. Permissions are associated with a user’s identity, so the appropriate security policies are applied—regardless where the user goes. IT has a consistent method to provide guest and BYOD access, user authentication, policy enforcement, and user management, whether users connect over wired or
  31. 31. 24 Chapter 2: The HP Unified Wired and Wireless Access solution wireless networks. Unifying access control also reduces the number of network tools. And it reduces the complexity and cost of the network application services needed to provision, manage, and authenticate users across one or multiple enterprises. Today, with the HP Unified Wired and Wireless Access solution, you can deploy hardware platforms on the access layer with integrated functionality that deliver unified wired and wireless LAN connectivity, including guest access, single-pane-of-glass management, and reliable security and policy enforcement. With this integration, you can deliver a consistent user experience while minimizing capital and operational expenditures. Energy efficiency for greater savings—With HP solutions, you can optimize power for your campus networks and thus deliver additional savings. Multiple HP switches support Energy-Efficient Ethernet (EEE). Also known as IEEE 802.1az, EEE optimizes switches’ power usage by reducing power to switch ports when they are not transmitting or receiving. In addition, multiple HP switches conserve power through power-management techniques implemented in the highly integrated HP ProVision application-specific integrated circuits (ASICs), including voltage islands and variable clocking, which reduce the chip’s power consumption. Greater visibility into network performance—HP products support sFlow, which provides clear visibility to the usage and active routes of both wired and wireless connections. Integrated support for sFlow across HP Networking portfolio means higher performance and a more cost-effective solution. Using HP sFlow, your administrators have insight into metrics, such as top talkers, top applications, and network connections, on wired and wireless networks. Network monitoring and troubleshooting is simplified with a unified access layer, and support for sFlow is essential for gaining visibility to the unified network. Single-pane-of-glass management—HP IMC delivers unified and consistent management for all network components, including wired and wireless networks, and delivers single-pane-of-glass management. In addition, access control, application performance management, and management of Virtual Application Networks on the campus are modular features that can be added to IMC, further extending its rich capabilities.
  32. 32. BYOD and Beyond 25 Role-based access and centralized policy enforcement—Identity-based access ensures that the appropriate security and policies are applied consistently, whether the user connects through a wired or wireless LAN. Advanced QoS provides your users with the optimal experience, even when using timesensitive voice, video, and other rich-media applications. With HP IMC, you can enforce the controls you need, while giving users the freedom to use the mobile devices they want. Enterprise-class reliability and lifetime warranty—All HP Networking switches that are part of the HP Unified Wired and Wireless Access solution are backed by the HP lifetime warranty with next-business-day advance replacement. There is no charge for software updates and phone support. This lifetime warranty from HP with free, normal-business-hours phone support drastically reduces your TCO. While most businesses pay close attention to the availability and reliability of their core networks, campus networks are often considered to be less critical. However, mobility makes the resiliency of the campus network more important than ever before. If a wired switch fails, the attached access points can lose connectivity, potentially cutting off network services to hundreds of users. HP access switches are prepared to meet high levels of reliability, and they are designed with redundant and hotswappable power supplies, modules, and fans to ensure continuous network operations.
  33. 33. 26 Chapter 2: The HP Unified Wired and Wireless Access solution Key takeaways Before you begin planning for a unified network, there are several issues to take into consideration. After you understand these issues, you can use the HP three-phase approach to implement your strategy without disrupting your company’s network. Using HP Networking products, you can implement your BYOD and UC&C policies while planning for future needs. 99 Ensure high performance for bandwidth-intensive applications, simplify deployment and management, and maintain security with limited resources. 99 an evolutionary—not revolutionary—approach to move from a mostly Use wired solution to a high-speed, secure, mixed wired and wireless solution. Use the HP three-phase approach to bring legacy networks into unified networks. 99 Deliver a unified solution to campus networks to improve the user experience, strengthen security, and simplify management with an HP Unified Wired and Wireless Access solution. 99 Capture today’s rich-media, BYOD, UC&C, and converged-infrastructure capabilities to enable business innovations at the edge of the network with the HP Unified Wired and Wireless Access solution. In Chapter 3: Building a better network with HP, we take a look at current HP wired, wireless, and management features and benefits that can help you build and optimize your network for unified wired and wireless access. Reference 1 Mullins, Robert. “Network Buyers Survey: Standards Trump Features.” January 11, 2012. network-buyers-survey-standards-trump-f/232400059
  34. 34. Chapter 3 Building a better network with HP In this chapter 99 Which three key product components make HP Unified Wired and Wireless Access possible? 99 is required of wired devices to access a unified network? What 99 is required of wireless devices to access a unified network? What 99 should network management software be able to do for a unified access What network? HP Unified Wired and Wireless Access W ith the comprehensive HP Networking portfolio of campus access technologies, businesses can deliver reliable high-performance network services to the growing numbers of mobile users.
  35. 35. 28 Chapter 3: Building a better network with HP Figure 3-1  Features of the HP Networking portfolio at work With guest and BYOD access, consistent policy enforcement, and single-paneof-glass management, HP Unified Wired and Wireless Access solutions deliver many benefits, including: zz Single-pane-of-glass management with HP Intelligent Management Center, or IMC, which simplifies network management and delivers reliable security for wired and wireless networks. zz Unified access and policy control associated with a user’s identity, which provides consistent guest and BYOD access, user authentication, policy enforcement, and user management across wired or wireless networks. zz Integrated 802.11n WLAN controller modules for HP modular switching platforms, which save you real-estate space and provide redundancy for always-on network access. zz Dedicated mobility controllers, which are available to deliver flexibility and choice. zz EEE, IMC power-saving policies, and other power-saving features, which help decrease your total energy costs.
  36. 36. BYOD and Beyond 29 HP wired switches for Unified Wired and Wireless Access When legacy networks are pushed to the limit, they become fragile, vulnerable, difficult to manage, and expensive to operate. Businesses with networks at this breaking point risk missing the next wave of opportunities, such as BYOD and UC&C. HP offers a variety of switches that help meet the needs of various network environments. These switches provide connectivity, performance, scalability, security, and energy efficiency, and they all can be managed through single-pane-of-glass management software. Industry standards—All HP switches are built on industry standards. You benefit from the open, standards-based approach that provides your business scalability, security, agility, and a consistent user experience. With HP FlexNetwork architecture, you can build a modular, heterogeneous network with interoperable multivendor components to extend wireless and wired networks that are integrated, secure, and easier to manage. The HP FlexNetwork architecture is a solution that adapts to your business conditions and gives you a new way to connect and condense architecture with single-pane-ofglass management. 1 GbE and 10 GbE—With switches that provide 1 GbE access and 10 GbE uplinks, you can minimize network bottlenecks, which are often the result of employees straining the capabilities of the network with bandwidth-intensive applications, such as streaming video. HP has designed several switch series to alleviate this problem with 1 GbE connections to client devices and up to 10 GbE to the core. Layer 2 and Layer 3 functionality—HP access switches have the resiliency, scalability, and Layer 2 and Layer 3 functionality needed to support migration from the traditional three-tier networking model to a consolidated two-tier model that is based on one collapsed tier for Layer 2 and Layer 3 distribution and access switching. The benefits of a single layer of aggregation in the wiring closet include reduced switch count, simplified traffic flow patterns, elimination of potential Layer 2 loops, as well as STP scalability issues and improved overall reliability.
  37. 37. 30 Chapter 3: Building a better network with HP Figure 3-2  HP optimized core and access layers Power Over Ethernet—PoE provides convenience, cost savings, and in some cases, solutions that are very difficult to conveniently provide any other way. For example, clients can be placed wherever they are needed without requiring power in proximity—they need only the wired Ethernet connection. The most obvious client type that can take advantage of this is the wireless AP, which can be situated for best radio-signal characteristics or hidden overhead in the ceiling without having to pull power to that spot. Another key benefit of PoE is cost savings. Getting power to areas that are not typically served by power can greatly reduce installation cost. Power circuits require electricians and breaker boxes, and providing power in the Ethernet cable avoids these issues. Moving the client, if necessary, is also much easier. Also, PoE enables solutions that are not otherwise available. For example, building infrastructure, such as network-controlled door locks or security cameras, are difficult to implement without PoE power. Many of these solutions cannot fulfill the flexibility of location without PoE. QoS and bandwidth management—Advanced QoS features in HP switches ensure that your employees have the optimal experience, even when using time-sensitive voice, video, and other rich-media applications. Also, HP sFlow provides clear visibility into the usage and active routes of both wired and wireless connections, and integrated support for HP sFlow across the HP Networking portfolio means higher performance and a more cost-effective solution. HP sFlow gives administrators insight into metrics, such as top talk-
  38. 38. BYOD and Beyond 31 ers, top applications, and network connections, on wired and wireless networks. Network monitoring and troubleshooting are simplified with a unified access layer, and support for sFlow provides essential visibility into the unified network. High availability built in—Some HP access switches have redundant hardware components, such as power supplies and fans. These components can be hot-swapped when they fail without affecting network traffic. If one of the modules fails, advanced chassis switches offer redundant fabric and management modules that provide nonstop switching and routing. Advanced features, such as In-Service Software Upgrade (ISSU), are typically deployed in the network distribution and core devices to minimize downtime. Energy Efficiency Ethernet—EEE is a physical-layer standard that reduces network power consumption by disabling transmit logic when there are idle periods. The key benefit of EEE is realized when port traffic is underutilized. EEE works out of the box and does not require any management software that needs additional overhead or monitoring. When two EEE devices are connected, you immediately start realizing the energy savings. Depending on traffic patterns and idle periods, power savings can be fairly substantial because PHY power consumption is second only to packet-processing silicon. And because EEE is an inter-network (versus an internal) power-saving mechanism, power savings are achieved on both the receiver and the transmitter switch. The periods of power-saving enablement are controlled by a standard link protocol negotiated on both sides of a link. Thus, the energy savings are in real time and can be realized across the connected network devices. Security—Identity-based access ensures that the appropriate security and policies are applied consistently, whether users connect through a wired or wireless LAN. Advanced QoS ensures that your users have the optimal experience, even when using time-sensitive voice, video, and other rich-media applications. With our access switches, you can enforce the controls you need while giving users the freedom to use the devices they want. Many HP switch products fully support 802.1x access control as well as Mac-Address Failure Redirect (MAFR), which enables Simple Network Access Control (SNAC), a simpler way to support BYOD. Devices are authenticated and authorized before accessing the network, reducing vulnerabilities and security breaches.
  39. 39. 32 Chapter 3: Building a better network with HP Stacking and modular functionality—HP offers a variety of modular and fixed-port, stackable switches to meet your networking requirements. Modular switches often provide maximum flexibility and investment protection, and they offer an array of interface modules that are typically cycled through upgrades at least three times over a period of seven to ten years. Modular switches usually offer much better backplane performance than a stack of switches, and they normally have better power utilization on a perport basis than a stack. Because the switch management is isolated from the I/O modules, an I/O failure has no impact on either the switch performance or the other ports on the chassis. With the HP set of switch virtualization technologies, your enterprise can dramatically simplify the design and operations of your campus fixed-port networks. HP stacking technologies essentially flatten campus networks, helping to eliminate the need for a dedicated aggregation layer, and provide direct, higher capacity connections between your users and network resources. Your enterprise can overcome the limitations of legacy design and inefficient protocols by delivering new levels of network performance and resiliency. HP switch virtualization technologies extend the performance and scalability benefits of modular, chassis-based switches to both modular and stackable switches. You no longer need to compromise enterprise capabilities for the convenience and cost of a stackable switch. These HP switch virtualization technologies, including HP Intelligent Resilient Framework, or IRF, and HP Mesh, are included in a variety of HP campus switches. UC&C application integration—Voice services that enhance applications can be integrated in a switch as part of your company’s unified communications services. The HP AllianceOne Partner Program is focused on enabling you to deliver secure, best-in-class networking solutions for your enterprise. HP AllianceOne gives you the confidence that the joint solution works and is supported—while providing the right application choice. This confidence is provided through selected channel partners, HP support, and HP AllianceOne Networking solution certifications. You can rely on HP Networking channel partners who are qualified in both HP and alliance partners’ products to provide support services for the combined solution.
  40. 40. BYOD and Beyond 33 HP WLAN access points and controllers for unified access By the end of the decade, an estimated 50 billion devices will connect to wireless networks.1 For worker and machine-to-machine transactions, WLAN will emerge as the preferred method of network connectivity. One day very soon, a wired-only network will be the exception. Yet, many enterprises have found that their existing WLAN deployments deliver a substandard user experience compared to wired networks. Distance limitations of legacy WLAN implementations hinder true mobility, and performance of those networks inhibits video delivery. In addition, securing a WLAN often requires a separate platform, which drives up complexity and cost and potentially impacts performance. Nonblocking optimized architecture—HP MultiService Mobility (MSM) APs and MSM wireless controllers deliver the wired-like performance needed to support your mobile workers who rely heavily on smartphones, tablets, and laptops. The optimized HP WLAN architecture supports flexible traffic distribution models and combines centralized management and control with intelligent access points at the edge of the network for unparalleled scalability, performance, and ease of deployment. The highly extensible WLAN architecture and product family (which includes HP MSM 802.11n APs and HP controllers) enable optimal performance with low impact on the wired backbone, no single point of failure, and cost-effective scalability. MSM APs—HP dual-radio three spatial-stream 802.11n APs give you neargigabit client access and support twice the number of users compared to two spatial-stream access points. Sitting at the wired-wireless boundary, these intelligent APs can apply policies and forward packets directly between clients and servers or can forward traffic to a centralized WLAN controller for handling so that your network planners have greater choice and flexibility as they roll out and expand wireless infrastructure. The APs also leverage RF optimization features, such as beam-forming and band-steering, to optimize client performance and to move 5 GHz–capable clients to the less-congested 5 GHz spectrum. This leaves the 2.4 GHz for clients that are not 802.11n capable, which increases your overall network capacity. Your IT administrators can also use channel bonding in the 5 GHz spectrum to double effective throughput for high-bandwidth applications and BYOD traffic.
  41. 41. 34 Chapter 3: Building a better network with HP HP WLAN controllers—You can meet the needs of any size organization, from small offices to large enterprise campuses. HP controllers provide refined user control and management, comprehensive RF management and security, fast roaming, strong QoS and IPv4/IPv6 features, and powerful WLAN access-control capability. The controllers support both central- ized and distributed forwarding to deliver flexible deployment options that optimize traffic flow, reduce latency, and increase WLAN scalability. HP large-enterprise controllers provide resiliency and high availability with 1+1 fast backup and N+1 and N+N redundancy options. HP 1+1 redundancy option supports subsecond failover to ensure continuity of services in large enterprise networks. Working together with HP APs, the HP WLAN controllers can be deployed on Layer 2 or Layer 3 networks without affecting existing configurations. HP WLAN controllers can be integrated with existing fixed and modular switching platforms. The HP portfolio also includes dedicated mobility controllers for overlay deployments. HP integrated controller modules for midmarket and enterprise switching platforms unify hardware to provide the necessary high availability and redundancy with one device to manage. Self-optimizing WLAN performance—With the HP unified access solution, your WLAN is self-healing, so you do not need to worry about users encountering dead spots or unpredictable performance when there is RF interference or if an AP or radio fails. HP Wi-Fi Clear Connect software automatically adjusts to changing RF conditions and delivers reliable Wi-Fi service to your users. HP Wi-Fi Clear Connect uses advanced Radio Resource Management (RRM) to optimize WLAN performance and reliability, mitigate interference, detect wireless threats, and simplify management. RRM automatically assigns and tunes the transmit power levels and RF channels on APs to optimize the system-wide performance and reliability of your WLAN. RRM takes place in the background. Each AP scans all its available radio channels to monitor and identify RF interference from non–Wi-Fi sources. If an AP detects persistent interference, it chooses the best alternative channel after verifying that the interference is not present on the alternative channel. Scanning happens quickly so that it does not impact the AP’s ability to service clients.
  42. 42. BYOD and Beyond 35 For example, if an AP detects interference from a microwave oven on Channel 1, it automatically changes its clients to Channel 11 (see Figure 3-3). The AP minimizes disruptions as Wi-Fi devices are moved to the new channel, so users’ IP voice and application sessions continue without pause. Figure 3-3  Automatic interference mitigation Wi-Fi Clear Connect further helps you improve your users’ Wi-Fi experience by using dynamic client load balancing and airtime fairness. Dynamic client load balancing is especially important in dense environments, such as classrooms or conference rooms, as well as for supporting BYOD initiatives. With dynamic client load balancing, the software determines the client load of its neighboring APs or the average number of clients per radio per band that the AP supports. It then balances the client load among APs by adjusting the transmit power to move the clients gracefully to a less-crowded AP, which gives users greater performance and a better experience. Specifically, airtime fairness enhances the user experience for 802.11n devices. In a mixed network where 802.11a/b/g clients transmit at lower speeds than 802.11n devices, the performance of the faster 802.11n laptops, tablets, and smartphones can suffer. But with airtime fairness built in to the HP WLAN system, all Wi-Fi clients are ensured equal transmit time over the air. This way, one client cannot dominate the bandwidth, none of the Wi-Fi devices starve, and the older, slower Wi-Fi devices do not hold up the faster 802.11n laptops, tablets, and smartphones. Airtime fairness is also aware of the underlying QoS policies, ensuring that voice and other high-priority traffic is never delayed by low-priority traffic.
  43. 43. 36 Chapter 3: Building a better network with HP HP Wi-Fi Clear Connect safeguards the WLAN against wireless threats with an integrated wireless intrusion detection system (WIDS). The WIDS detects common threats, including denial-of-service attacks, as well as unauthorized APs and clients. Wireless threat detection is built in (no additional license fees), and with it, your administrators can deploy APs as dedicated sensors or in a hybrid mode that provides both sensor functionality and client services. HP RF Planner—With the HP RF Planner, you can model WLAN coverage accurately by factoring in variables, such as physical features, building materials, and WLAN equipment characteristics. Using this software, your network architects can ensure that your 802.11n network is optimized for the dense mobile environments that support today’s mobile workers and tablets. Features and benefits of HP Intelligent Management Center Using different toolsets—one for your wired network, one for your wireless— can be challenging to your efforts to manage your network, not to mention troubleshooting the root cause of issues affecting either one. Instead of turning to a myriad of network management tools, your IT staff can use HP IMC for single-pane-of-glass management across wired and wireless devices and other multivendor network infrastructures that require in-depth control and management of virtual environments. You can easily find and rectify issues with the HP IMC deep visibility and management of both networks. HP IMC delivers unified and consistent management for all network components, including wireless and wired networks. The single IMC console manages more than 6,000 devices from 220 manufacturers, plus the complete HP portfolio. HP IMC provides full-fault, configuration, accounting, performance, and security (FCAPS) management and scales easily from small to very large deployments. It is a modular platform that deepens the breadth and depth of network management functions and other network services when needed. By consolidating what traditionally is deployed as a variety of separate tools, IMC simplifies operations and management and boosts network availability through improved mean time to repair (also known as MTTR) through a single place for monitoring and remediation.
  44. 44. BYOD and Beyond 37 HP IMC network access control—HP IMC uses role-based access and centralized policy enforcement, that is, identity-based access ensures that the appropriate security and policies are applied consistently to users and their devices regardless of whether they connect through a wired or wireless LAN. The access-control solution of HP IMC consists of three components that are integrated seamlessly in the IMC base platform and provides NAC, policy enforcement, and quarantining to ensure the security of the network infrastructure: zz HP IMC User Access Manager (UAM) module is the first component of the NAC solution. IMC UAM extends management to wired, wireless, and remote network devices and enables the integration, correlation, and collaboration of user- and network-device management on one platform. By providing authentication and authorization for devices accessing the network, IMC UAM helps reduce vulnerabilities and security breaches. For granular, consistent policy enforcement across users and devices, IMC UAM also identifies devices through fingerprinting. zz The second component, IMC Endpoint Admission Defense (EAD) service module, provides security policy management and enforcement for ensuring that end-user devices comply with established security policies. With IMC EAD software, which works in conjunction with HP IMC UAM, administrators can control endpoint admission based on each device’s identity and posture. If an endpoint is not compliant with the established policies, access to the network can be isolated or blocked for remediation. Also, for ongoing protection, IMC EAD software continually monitors each endpoint’s traffic, installed software running processes, and registry changes. zz The third component, IMC iNode client, is an agent that is installed on the end-user computer. The IMC iNode client works in conjunction with both IMC UAM and EAD to provide access, authorization, security management, and enforcement. The IMC iNode client works with the IMC UAM service module to ensure that the access policies defined in IMC UAM for access, authorization, and authentication are both supported and enforced at the endpoint. The IMC iNode client works with the IMC EAD service module to ensure that the security policies defined in IMC EAD are enforced and, when necessary, actions are taken to quarantine endpoints and to support users in resolving security policy violations. In essence,
  45. 45. 38 Chapter 3: Building a better network with HP IMC UAM and EAD service modules, along with endpoint control through the IMC iNode client, consolidate NAC functions for you in one integrated platform. zz HP IMC user monitoring—IMC also gives your network administrators visibility into user behavior with the IMC User Behavior Analyzer (UBA) module. With the UBA module, your administrators can audit user behavior for website access, including information on specific URLs. Administrators can also audit user activity by email sender or receiver addresses, database access and operations, file transfers, and FTP access. When used in conjunction with the IMC UAM service module, IMC UBA also provides user-behavior auditing by user name and IP address. IMC UBA visibility is the result of analyzing data from many sources, including NAT (network address translation) records, NetStream, NetFlow, and sFlow records, and DIG probe logs. HP IMC UBA gives your administrators control of filtering, data aggregation, and application identification and definitions. As with other IMC features, with UBA your administrators can manage auditing tasks, including saving task configurations for future use. UBA provides summarized audit reporting that can query, sort, and group audit results by many fields, as well as saving audit results to a file for downloading. HP IMC QoS Manager The HP IMC QoS Manager (QoSM) component enhances visibility and control over QoS configurations on network devices. It provides real-time network detection of QoS configurations, so you can unify management of QoS policies. With QoSM, your administrators can organize traffic into different classes based on the configured matching criteria—such as IP protocol type, among others—to provide differentiated services. The software gives you insight into committed access rate (CAR), generic traffic shaping (GTS), priority marking, queue scheduling, and congestion avoidance so that IT staff can more effectively control and allocate network resources.
  46. 46. BYOD and Beyond 39 With a rich set of QoS device and configuration management functions, IMC assists your administrators to focus on QoS service planning and the most economical and effective use of network resources, ignoring differences in the QoS configurations of multiple devices. HP IMC QoSM provides real-time network detection of QoS configurations because it identifies QoS network-wide configurations, enabling unified management of QoS policies. Key takeaways You can implement an evolutionary plan to unify your wired and wireless access connections with HP Networking products at your own pace without replacing your entire legacy network. With HP switches, you can scale your network when you need to expand capabilities for connectivity, performance, security, and energy efficiency. With HP IMC, you can consolidate network control with its single-pane-of-glass management software. 99 HP Unified Wired and Wireless Access solution comprises three key comThe ponents: HP IMC, HP Wired Switches, and HP WLAN APs and controllers. 99 HP Wired Switches portfolio is a complete line of products providing The superior reliability, scalability, and performance, as well as comprehensive features that help reduce complexity and maximize IT ROI. 99 HP Networking portfolio offers intelligent wireless solutions that provide The planning guidance, access, management, and security. 99 HP IMC is a comprehensive platform that enables the efficient implemenThe tation of network management. Its modular design makes it possible to integrate traditionally separate management tools. In Chapter 4: HP unified access meets the challenge, we look at how these HP products meet your requirements for a complete unified access solution. References 1 “More Than 50 Billion Connected Devices,” Ericcson. February 2011. com/res/docs/whitepapers/wp-50-billions.pdf
  47. 47. Chapter 4 HP unified access meets the challenge In this chapter 99 Which key HP products are available to control user access and to manage your identity-based policies for BYOD and UC&C initiatives? 99 do HP unified access and HP AllianceOne partnerships provide the netHow work speed for rich-media communications and simplify network design? 99 do you use HP unified access to integrate third-party applications, such How as Microsoft Lync, to provide survivable services (for example, external phone calls) while sustaining internal peer-to-peer communications when the data center cannot be reached? Y our business is deploying new technologies and applications to gain a competitive advantage. With your company’s expanding mobility requirements, now is the time to plan how to unify your wired and wireless access for your new BYOD and UC&C initiatives. But you might be apprehensive about adding complexity to your IT infrastructure, so you might try to acquire applications from your existing networking vendor. However, these are rarely bestin-class. With HP Networking products and services, you can plan a migration path to suit your business needs, your budget, and your own timeline. The open, standards-based HP FlexNetwork architecture strategy incorporates applications from a variety of vendors, so you can choose the applications that best meet your needs, whether that means integrating WLAN controllers in access switches or leveraging dedicated mobility controllers. With a high-performance HP WLAN solution that integrates products from
  48. 48. 42 Chapter 4: HP unified access meets the challenge an extensive switching, routing, and security portfolio, you can meet your company’s demand for an evolving mix of wired and wireless network services while lowering capital and operational expenses. And, through the HP AllianceOne partner program, the applications you choose go through a rigorous certification process to ensure that all components are effective. We take a look at how the HP Unified Wired and Wireless Access solution can help you accomplish this. Key unified access features: BYOD An HP BYOD solution based on HP IMC delivers complete visibility from the data center to the network edge. IMC goes beyond BYOD requirements by delivering converged management across various networks—physical and virtual, wired and wireless—and applies the appropriate security policies to your users and their devices (personal or company owned). Traditionally separate management tools, network services, policy management, and user and traffic monitoring are integrated in the HP IMC modular design so that you can manage and secure your wired and wireless infrastructure easily from one central location. Because of the HP IMC modular design, deploying your BYOD solution is less complicated and easier to use. The modular design gives you the flexibility to add functionality as needed without the need to deploy separate management tools. For granular network and application access, HP IMC manages user access and identity-based policies so that your IT managers can resolve complex security challenges associated with BYOD policies. Your IT administrators can establish and enforce granular and consistent network access policies for wired, wireless, and VPN users to protect your IT assets, mitigate risks, optimize network availability, and monitor regulatory compliance. HP IMC provides a comprehensive BYOD solution that supports wired and wireless device onboarding, provisioning, and monitoring.
  49. 49. BYOD and Beyond 43 Figure 4-1  HP BYOD solution Key unified access features: UC&C To effectively communicate and collaborate on projects with employees, vendors, and partners, sophisticated tools are essential for your businesses to stay ahead of the competition. However, the bandwidth needed for tools employing voice, video, and desktop-sharing can place a heavy burden on already overtaxed legacy networks. Using HP FlexNetwork architecture and UC&C methods and devices, users can easily implement and use third-party, best-in-class UC&C tools. The low-latency and QoS requirements of UC&C solutions are well served with the comprehensive HP Networking portfolio. To achieve the necessary call and video quality for UC&C initiatives, Microsoft and HP have partnered to produce a complete UC&C solution. In addition, the partnership has developed HP 4110 and 4120 Lync-certified IP phones and the HP Survivable Branch Communications zl Module, which ensures continuous service for your Lync VoIP calls by routing traffic to the PSTN (public switch telephone network) if your WAN is down.
  50. 50. 44 Chapter 4: HP unified access meets the challenge The HP-Microsoft alliance delivers UC&C benefits During the 25 years of the successful HP-Microsoft partnership, our engineers have worked together to deliver integrated products that solve real business challenges. For example, throughout the HP and Microsoft alliance, HP remains the number one infrastructure provider, and Microsoft is the number one operating system–applications provider. Together, HP and Microsoft are satisfying the UC&C requirements of millions of customers worldwide. When you leverage the power of HP and Microsoft by deploying or adding Lync voice and HP infrastructure to your UC&C environment, you can: zz Reduce infrastructure cost and complexity—HP Converged Infrastructure is an open, standards-based architecture that can be integrated with your legacy infrastructure to intelligently and dynamically evolve to an advanced flexible architecture for overall improvement of services, ease of use, and scalability. zz Leverage existing Microsoft application and infrastructure investments—Seamlessly integrate Lync voice with Microsoft Office, SharePoint Server, and Exchange Server. Create a consistent user experience companywide while reducing communications costs. zz Increase efficiency and worker productivity—Support a mobile or distributed workforce without adding IT resources. Launch telecommuting, work-from-home, and green initiatives to support virtual teams across geographies or regions. zz Enhance communications—The tested and validated Lync solution from HP and Microsoft increases communication reliability so that your teams can better serve customers, retain a competitive edge, and differentiate your business from the competition. These solutions, developed by the HP-Microsoft partnership, are aligned with the HP Unified Wired and Wireless Access solution to give you full scalability, manageability, and supportability, plus access to your entire network.
  51. 51. BYOD and Beyond 45 Figure 4-2  HP UC&C solution Key unified access features: rich media Video is compelling because of the richness of the information it can deliver. Video conferencing is used to improve collaboration of distributed teams, provide training, and help executive management teams align the organization with corporate priorities. Legacy networks, however, were designed to handle data communications. The convergence of data, voice, video, and collaboration tools is pushing the legacy networks to a breaking point. Voice and video place huge demands on the network and are one of the primary drivers of change at the network edge. Support for PoE and PoE Plus, QoS, NAC /802.1X, resiliency, and survivability are required. When you add video capabilities, the demand has an immediate impact on the network. Careful consideration must be given to designing optimal networks with capabilities to support rich-media communications. Because the HP Unified Wired and Wireless Access solution is based on open standards, your IT team has the freedom to choose the proven solution for your business. The HP Unified Wired and Wireless Access solution can help your IT department securely deploy and centrally orchestrate a video-optimized solution starting from the access layer.
  52. 52. 46 Chapter 4: HP unified access meets the challenge Benefits of HP Unified Wired and Wireless Access solution for rich media zz Low latency network—The HP solution simplifies the network. Organizations can move to an optimized network, reducing latency and improving users’ video experiences. This approach delivers superior end-to-end 802.1p/q–based QoS and a network bandwidth optimized for video with delivery at near-gigabit WLAN speeds. zz Improved WAN connectivity—HP offers enhanced WAN from our HP AllianceOne partner Riverbed to accelerate access to rich-media content through our modular wired-switch solutions. With this solution, you can implement prepositioning and video-on-demand caching (HTTP or HTTPS), split-stream technology, and multicast and unicast support. Improved WAN connectivity means regulated video streams, both in applications and social-based media. zz Video application delivery—With FlexNetwork architecture, you can use video on demand and other video services—all integrated in one module. With the virtualization technology built in the module, HP solutions can simplify deployment and reduce the number of devices. Also, HP was the first networking vendor to bring EEE-compliant switches to the market. These switches consume less power than the industry average, contributing to lower TCO. Our switches support PoE/PoE+ features to power up remote video-surveillance cameras. zz Interoperability—HP and our AllianceOne partners offer a variety of solutions to enhance and support your video applications. We have video gateways for visual collaboration (H.324, SIP), and our switches support Link Layer Discovery Protocol-Media Endpoint Discovery and autodiscovery features.
  53. 53. BYOD and Beyond 47 Figure 4-3  Solution architecture for rich-media communications and collaboration Key takeaways The HP Networking portfolio offers several products that can deliver the business requirements for implementing BYOD and UC&C initiatives. Through partnership with major vendors, such as Microsoft, HP delivers products that improve productivity across your enterprise. 99 key HP products for controlling user access and managing your identityThe based policies for BYOD and UC&C initiatives are in the wired, wireless, and network management portfolios, which provide choice and flexibility. 99 Unified Wired and Wireless Access solution, your IT staff can provide With employees customized workplace applications and tools, which can help them collaborate and communicate with video communications cost-effectively. Third-party applications, such as Microsoft Lync, are integrated in the HP portfolio to provide survivable services (for example, external phone calls) while sustaining internal peer-to-peer communications when the data center cannot be reached. In Chapter 5: Expert resources and next steps, we explore the HP experts and services that are available to help you instigate an HP Unified Wired and Wireless Access solution. We also take a look at the HP ExpertOne career certification program for IT professionals.
  54. 54. Chapter 5 Expert resources and next steps In this chapter 99 HP services are available to help you plan and implement an HP Unified Which Wired and Wireless Access solution? 99 HP program can help you train your employees as HP-certified experts? Which N ow that you understand the key components of HP Networking and how they can be configured to implement a unified access solution for your campus, there are some first steps you can take toward evolving your network and implementing your own BYOD and UC&C initiatives. Consult with the networking experts at HP. For long-range planning, you can also train your own experts through the HP ExpertOne certification program. HP expertise HP offers consulting, outsourcing, and support services to help your enterprise plan, deploy, and operate your network infrastructure for better results. HP can identify opportunities for automation and can integrate various aspects of the HP Networking portfolio in your business processes for increased business efficiency with new business models to help you redefine your marketplace.
  55. 55. 50 Chapter 5: Expert resources and next steps The HP life-cycle approach to your unified-access solution begins with expert consultations and their assessments to help you develop your strategy. This approach includes architecture planning and design through solution implementation and global support, and then outsourcing, if desired. Regardless of the products you choose, HP services and solutions deliver business value at every phase. The HP approach is also collaborative and modular, so you can implement the HP Networking components that address your most pressing needs first and then add future capabilities according to a flexible timeline. HP ExpertOne career certifications for IT professionals Join the HP ExpertOne community of 500,000 IT professionals and gain access to other HP experts that are working around the globe. HP offers education services that are focused on the management of change to foster pervasive user adoption and learning solutions. The HP ExpertOne certification program offers excellent training and the appropriate certifications across a wide range of solutions—from all-in-one PCs to cloud computing. Choose the HP learning options that work for you and your employees, including HP Press publications and instructor-led or web-based training. HP Networking certification topics include: zz Cloud zz Converged Infrastructure zz Wireless networks zz Network security zz Virtualization zz TippingPoint Security
  56. 56. BYOD & Beyond 51 Refer to Table 5-1 for more information on ExpertOne certifications and HP Networking services and training. Table 5-1  HP ExpertOne certification programs and HP Networking services Service or program Web address HP ExpertOne HP ExpertOne networking career certification HP Networking services HP Networking training HP Press publications
  57. 57. 52 Chapter 5: Expert resources and next steps More resources Go to the HP Networking website ( to find a wealth of information about HP Networking solutions and products. Resources include white papers, videos, blogs, press releases, brochures, case studies, fact sheets, and solution briefs. For more information on specific technologies related to BYOD and on wired and wireless access solutions, see Table 5-2. Table 5-2  More HP Networking resources HP webpage Web address Mobility Bring Your Own Device (BYOD), a Holistic Approach HP Unified Wired and Wireless Access Rich-media communications Unified communications HP Virtual Application Networks Data Center Interconnect (DCI) Dynamic Virtual Private Network (DVPN) OpenFlow: Enabling technology for software-defined networking
  58. 58. Acknowledgments At HP Press, our goal is to create in-depth technical books of the best quality and value. Each book is crafted with care and precision, undergoing rigorous development that involves the expertise of members from the professional technical community. We would like to acknowledge the team of experts who helped bring this book to market. Author: John Faulkner HP Press Program Manager: Michael Bishop HP Contributors: Rebecca Humphress Martine Velkeniers Kevin Secino Gladys Alegre-Kimura Steve Brar Kowshik Bhat Publisher: HP Press We want to hear from you. Send email to HP HEADQUARTERS Hewlett-Packard Company 3000 Hanover Street Palo Alto, CA 94304-1185 USA Phone: (+1) 650-857-1501 Fax: (+1) 650-857-5518