Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

Dickens Solution Event: Ghost of BYOD Future


Published on

  • Be the first to comment

  • Be the first to like this

Dickens Solution Event: Ghost of BYOD Future

  1. 1. The Ghost of BYOD FutureFrank RoysRegional Sales ManagerRuckus WirelessHotel RoanokeDecember 6, 2012 RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
  2. 2. About Us Founded 2004, Sunnyvale, CA Innovation Carrier class Smart Wi-Fi Customers 15,000+ Unique Customers Employees 700 in 20 countries R&D Centers Sunnyvale, China, Taiwan, India, Israel Capitalization (NYSE:RKUS) $102 million 2012 Financials $150K in 3 Qtrs, Profitable Patents 55 granted (80 pending) Units shipped 10 million and counting Markets Carrier/enterprise infrastructure2 | Meeting Name
  4. 4. What is BYOD? ▪ Bring Your Own Device ▪ Recognition by enterprise companies that their employees would rather use computing tools of their own choice than your well-intended computing platform ▪ Allows you to leverage employee’s natural propensity for a specific kind of computing device – highly subjective ▪ Introduces risks in terms of proprietary information loss, indemnification, replacement of broken devices and inappropriate use. ▪ Requires your IT department to be flexible and to mitigate risk to an acceptable level.4 | Meeting Name
  5. 5. The Realities of BYOD % % % %5 | Meeting Name
  6. 6. What Enterprises REALLY Want 1 Simple onboarding 2 Automated enforcement of user/device policies 3 Visibility of who and what is on the WLAN 4 Extension of wired security to WLAN 5 More capacity to deal with flood of devices 6 Leverage existing infrastructure6 | Meeting Name
  7. 7. Two Problems ▪ New devices driving BYOD adoption = very poor Wi-Fi clients ▪ Need help mitigating new risks introduced by BYOD We can address both problems7 | Meeting Name
  8. 8. New Devices Driving BYOD ▪ Much more affordable in scarce money budgets ▪ People LOVE them ▪ Tech refresh every birthday and Christmas ▪ Inherently more secure ▪ Apple iOS, Android OS ▪ Tougher, harder to damage ▪ Easier to Find ▪ “Find Me” Apps ▪ Millions of Apps8 | Meeting Name
  9. 9. What’s Driving Enterprise-class Wireless Adoption? 2/3rds of all US Buyers are opting For Smartphones And Touch-screen Tablets (iPads, Kindles and Galaxies)9 | Meeting Name
  10. 10. Who’s “Winning”?10 | Meeting Name
  11. 11. BUT - the Market-Driving Devices are the WORST Wi-Fi clients! Single polarity antenna Low Power 10mw radios Save Battery Power11 | Meeting Name
  12. 12. What Happens When Connectivity is Unreliable? ▪ In Schools: ▪ Takes too long to get everyone on ▪ Disconnects = loss of attention ▪ Loss of attention = blown lesson plans ▪ In Healthcare ▪ Can’t use laptops on carts everywhere ▪ Takes longer to retrieve electronic records ▪ Frustrates doctors, patients and staff ▪ In Government ▪ Poor guest access experience ▪ Web-based applications time out ▪ Can’t maintain SLA for sustainability ▪ In Utilities and Manufacturing ▪ Severe impact on productivity ▪ Slows distribution and delivery ▪ Over-spend adding superfluous AP’s12 | Meeting Name
  13. 13. Two Options to Fix Small Device Issues ▪ More graphical management ▪ Local or outsourced in a “Cloud” ▪ Let someone else try dealing with crappy wi-fi ▪ Spend more on management than on AP’s ▪ 2X number of AP’s to solve orientation ▪ Focus on Better Connectivity ▪ Can hear weak radio devices at a distance ▪ With a solution for device orientation ▪ No loss of high quality management13 | Meeting Name
  14. 14. Introducing ZoneFlex 7982 Highest Performing Access Point for the Enterprise ▪ Industry’s first 3x3:3 dual-band AP with dynamic antenna and chip-based beamforming (TxBF) ▪ Advanced features ▪ Adaptive Polarization Diversity ▪ Spectrum Analysis * ▪ Up to 500 clients per radio (512 total) * ▪ Highest performing in the industry ▪ Up to 900 Mbps ▪ Sleek and sophisticated design secures to T-bar rails, walls and ceilings ▪ Plenum-rated ▪ Powered by standard 802.3af +14 | Meeting Name
  15. 15. Inside the 7982 Over 3000 unique Integrated key Dual antenna holes for wall or radios patterns ceiling mount 3x3:3 (900 Mbps) Vertical and Routing horizontal channel polarity for cables Release mechanism Integrated protected T-bar mount Secured withwith security Kensington Lock screw Hidden Two 10/100/1000 cables Ethernet ports with 802.2af PoE 15 | Meeting Name
  16. 16. Extending Performance at Range Adaptive Antennas and Transmit Beamforming Working Together 6dB 9dB 3dB > 15dB OF > 9dB OF S I G N A L T O INTEFERENCE M I T I G AT I O N INTEFERENCE PLUS NOISE (SINR) IMPROVEMENT16 | Meeting Name
  17. 17. Adaptive Polarization Diversity Device orientation accounts for up to 5x performance ▪ Better reception (PD-MRC) for weak and differential among products hard to “hear” devices ▪ Better transmission to devices constantly changing their orientation HORIZONTAL POLARIZATION VERTICAL POLARIZATION17 | Meeting Name
  18. 18. Current Software Wireless and Network  Transmit Beamforming plus Antenna-based Beamforming  DHCP Relay  Proxy ARP and ARP Broadcast filter (per SSID for ZD tunnel & at AP)  512 Client support on (7982, 7762-AC, 7782)  Passpoint™ (802.11u/Hotspot 2.0)  WMM-AC  802.1x/MAC by-pass Dynamic VLANs (Ethernet ports)  Device Policy Enforcement  Customizable Channel Range Control  Increased Encrypted LWAPP Tunnel Throughput on ZD 5000 Management  Performance Monitoring with RF Pollution  TACACS+ ZD/AP/FM admin auth & role support  Increased reporting granularity (30 days @ 15 minute interval)  High Availability18 | Meeting Name
  19. 19. High Network Availability ▪ Single ZoneDirector Failure ▪ no data or state loss in the virtual machine ▪ All state preserved (storage, memory, networking) ▪ No new clients can be added but existing clients stay connected ▪ No need for additional operating system and software licenses. ▪ AP-level high availability ▪ Self-healing ▪ Automatic Load Balancing ▪ Automatic Band-Steering ▪ In N+1 Networks with 2 ZoneDirectors ▪ Automatic re-establishment of fault tolerance after HW failure19 | Meeting Name
  20. 20. How Can I Lower Risk?? SIMPLIFYING BYOD WITH RUCKUS20 | Meeting Name
  21. 21. Don’t Reinvent the Wheel FIREWALLS CONTENT AAA/AD/LDAP ACLs / VLANS FILTERS SERVERS21 | Meeting Name
  22. 22. Defining the SSID Structure ▪ DOMAIN SSID ▪ Enterprise-owned / managed devices with access to all resources: printers, applications, files shares ▪ Guest Visitor SSID ▪ Users who are not in the OUI with access only to the internet ▪ Staff and Student BYOD SSID ▪ Non-enterprise-owned / managed devices needing Internet access and specified school resources, VLAN and content filtering applied ▪ Provisioning SSID ▪ Hotspot with a walled garden attribute, redirecting all users to an activation page22 | Meeting Name
  23. 23. Automating Role-Based Access DOMAIN Administrator automatically placed on VLAN W, no rate limits GUEST Allowed on via a Guest Pass, accepting terms and conditions automatically placed on VLAN Z, rate limited at 1 Mbps STAFF Staff automatically placed on VLAN X, rate limited at 5 Mbps INVITED Automatically placed on VLAN Y, rate limited at 1 Mbps GUESTS STRANGERS User does NOT have account and is denied23 | Meeting Name
  24. 24. How to BYOD with Ruckus 1 Unknown device associates with provisioning SSID 2 User challenged to authenticate 3 ZD queries LDAP (AAA domain) 4 User placed into requisite role based on security group membership, VLAN dynamically assigned 5 Unique dynamic PSK automatically generated, bound with device and pushed to client 6 Policies applied per role and VLAN membership24 | Meeting Name
  25. 25. What it Looks Like WHAT HAPPENS WHEN? User Student Staff Guest Database Resources Resources Resources 1. Users connect to a provisioning SSID and are re-directed to an Internet onboarding portal. 2. Users enter domain credentials which are verified against a user database. 3. The user’s role assignment and permissions are automatically determined based on authentcaion. 4. Using Zero-IT, the device is Guest SSID auto-provisioned with a Onboarding Student SSID Staff SSID SSID (hotspot) dynamic pre-shared key and dynamically assigned to the requisite WLAN. 5. Devices re-connect on a secure WLAN, receiving network permissions Student Staff Guest according to their role. New BYOD Devices Provisioned BYOD Guest25 | Meeting Name
  26. 26. Key Technologies SIMPLIFYING BYOD WITH RUCKUS26 | Meeting Name
  27. 27. Zero IT Automates Onboarding ▪ Requirement: automatic, secure authentication and roaming ▪ Enabled by SSID and authorization protocol configuration ▪ Easy-to-use Ruckus Invitation Branded ‘One-Click’ approach to push Landing Configuration configuration Page ▪ Uses mobile OS auto- Automatic detect and -authenticate Authentication Enabled features, not a separate connection manager app27 | Meeting Name
  28. 28. D-PSK Automates Security/Config ZD applies role, LDAP sends generates D-PSK user security pushes dissolvable group information PROV file to device to ZD WLAN profile configured device, and on the WLAN based on allowed by role.28 | Meeting Name
  29. 29. Client Fingerprinting Hostname: dstiff’s iPhone MAC: 50:ea:d6:7c:30:e4 ▪ Visibility “Who’s device is this?” ▪ Self-registration ▪ Automatically registers and maintains client info on WLAN and Wired interfaces ▪ Operating System ▪ Operating System Hostname ▪ Control by device type ▪ Permit/allow ▪ Assign to VLAN ▪ Rate limit (Down/Up) ▪ Management ▪ WLAN controller or standalone ▪ WLAN dashboard ▪ Client monitor ▪ Client details29 | Meeting Name
  30. 30. Device Specific Policy Enforcement (9.5) ▪ Segregates trusted and untrusted devices on single SSID ▪ Simplified access rules per device ✖  Windows  Windows Mobile  Mac OS  iOS  Linux  Android  VoIP  Gaming VLAN 20 VLAN 10  Printers ▪ Control network access per device Device Policy Access Control Rate Limit ▪ Permit/Deny Device Type Access VLAN DL|UL Gaming Deny - - ▪ Assign to VLAN Windows, Mac OS, Linux Permit 20 - ▪ Rate Limit (Down/Up) iOS, Windows Mobile, Android Permit 10 4 Mb | 1 Mb30 | Meeting Name
  31. 31. BYOD How-To Guide & Videos Step by Step guide to configuring Ruckus BYOD31 | Meeting Name
  32. 32. Fast and Fierce GROWTH OF TOP 3 WORLDWIDE ENTERPRISE WLAN LEADERS WLAN MARKET SHARE Unit shipment growth 303% Unit shipments, 1Q12 1Q11 to 1Q12 SOURCE: Other 26% Cisco 46% Ruckus 12% Aruba 16% Ruckus 25% 28% HP Aruba32 | Meeting Name
  33. 33. Taking Market Share WORLDWIDE ENTERPRISE Top 3 WW WLAN Market Share Leaders WLAN MARKET SHARE 2010 WLAN Coordinated Access Points by Unit shipments, 1Q 2012 Revenue Others Other 26.5% 26% Cisco 46%Ruckus 6% Ruckus 51.7% 12% Aruba 16.7% 16% Aruba Cisco lost 5.7% MS in a Cisco market growing 36% CAGR Ruckus has DOUBLED its market share 33 | Meeting Name
  34. 34. Trusting 802.11 Like You Do 802.3 Unified Situational Streaming Awareness Video Comms & Mobile Device and For SIP Router Management Healthcare Education (Mobility) Apps Market Emerging 802.11 A/B/G/N 802.11AC 802.11 Ruckus Attributes Wired Core and Edge Switches34 | Meeting Name
  35. 35. Starter Kit Promo Check out this amazing wireless technology! GREAT No charge – no obligation CONNECTION!35 | Meeting Name
  36. 36. A Dickens of a Special: 3 Free Evaluation Kits ▪ ZoneDirector 1106 (6 AP licenses) ▪ Two ZoneFlex 7982 Access Points ▪ Free site survey ▪ A Ruckus Dog!! Parker Pearson - ALI 434-386-4284 parker@ali-inc.com36 | Meeting Name