The document provides an overview of Colubris Networks and their wireless networking products and solutions. Key points include: - Colubris is a leading provider of unified wireless LAN/LAN systems and mobility solutions for enterprises. - Their distributed architecture places intelligence at the access point to provide localized services like VPN termination, QoS, and security enforcement while maintaining centralized management. - Their solutions enable high-quality voice over wireless, secure intra-subnet roaming, and public access hotspot services for venues like hotels, cafes, and retailers.

1. … Extend Your Business Mobilize Your Network … Colubris Networks Product Overview

2. Wilfredo López Escobar DATEN System Engineer Caribbean and Latin America [email_address]

3. What is Wi-Fi? Wireless Ethernet – WLAN IEEE 802.11 Broadband wireless data service that connects mobile devices to an Ethernet network Data rates: 11 to 54 Mbps Distance: 300 ft, depending on antenna and environment Ethernet Wi-Fi Access Point Network

4. Colubris Overview Mission: Industry-leading developer of unified multiservice WLAN/LAN systems Highly scalable business mobility solutions for enterprises and service providers Market Leadership: Over 1,000 customers worldwide 60,000 WLAN devices installed, worldwide #2 global market share in hospitality and service provider; #1 in transportation Founded in 2000; HQ in Waltham, MA Profile: Strategic Partners – Alcatel, Juniper, Avaya #1 privately held WLAN company

5. Distributed Intelligence VPN Termination/Aggregation Distributed Intelligence – VPN termination on AP eliminates separate WLAN infrastructure Secure VPN perimeter from client-to-corporate LAN On-board encryption accelerator optimizes performance Local termination enables simplicity, greater scale Back-end aggregation to fewer VPN tunnels Secure VPN management interface SSID=Employee Security=VPN CN1250 Employees Corporate HQ AAA NMS DHCP VPN Server Wide Area Network

6. Next Generation WLAN Architecture Smart Access Management & Control (incl. 1 st Gen WLAN Switch) Scalability & Services Breadth

7. Localized Services Policy Control Services applied at AP Distributed architecture with Centralized management and control NOT in Data Path Adds centralized WLAN QoS , security and roaming to existing LAN 10x higher scalability than WLAN switch solutions Leverages commercial AP chips for reduced costs Smooth migration to unified switch and 802.11n standards WLAN RF & system mgt. QoS and security enforcement, packet forwarding AP AP NMS Central QoS and security control, roaming MultiService Controller LAN Policy Data Base

8. Colubris WLAN Solution InMotion VoIP-PBX InCharge CNMS InCharge RF Security Server L2/L3 Switch Internet Gateway Internet InReach VLAN Switch VLAN Switch .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

9. Product Application- Mobility Voice Over WLAN Service Highest R-values and voice session capacity More than 28% lower jitter than competitors Fast, Secure Intra/Inter Subnet Roaming Service Mobility Enabled for real-time applications Secure WPA2 hand-offs < 50 milliseconds RF Security and Management Embedded Wireless IDS/IPS Sensor Active load balancing and congestion management VSC 2 VSC 1 Voice Telephony Segment Traffic P1 QoS Priority PBX Destination Filter Data Applications Segment Traffic WPA Security P3 QoS Priority Server VoIP PBX VLAN Switch Intelligent MultiService System

10. Free or Fee-based Hotspot Services Cafes and restaurants Hotels and marinas Train stations Increase foot traffic Customer stays longer Generate revenue FEE-BASED SERVICE OPPORTUNITIES Retailers, Malls Municipalities Increase foot traffic Attract techno-savvy clients FREE SERVICE OPPORTUNITIES NOC CN3200 Access Network Kiosk Hotspot

11. Public Interface

13. Internal Web Page

14. Original URL and Session Page

15. Customized Local (MSC) Pages

16. Rich Content Remote WEB server Page

17. Interactive Captive Portal

18. Payment options

19. Credit Card Payment

20. Public Internet Access Industry Structure Wireless service provider Owns and operates WLAN infrastructure Carrier Owns and operates Internet network service Back-office service provider Performs back-end authentication, billing, phone support Venue owner (hotel, restaurant, etc.) Aggregator Markets services to end-users Aggregates service operated by 3 rd party WSPs End User Venue Owner Wireless Service Provider Back Office Service Provider Carrier

21. Global Hospitality Customers and Partners Hotspot Service Partners Global Customer Base

22. Public Access Service Business Models Service branding Private label for venue Wireless service provider brand Aggregator brand Revenue models Service paid by venue owner Service paid by end user and split with venue owner Service paid by aggregator and split with service provider and venue owner Various back office and carrier outsourcing models Aggregator Wireless Service Provider Back Office Service Provider Carrier

23. Public Access Solution Partners Speed Entry Back-office service partners lower barriers to entry CIMS supports billing and customer service outsourcing Aggregator (roaming) partners make hotspots part of a larger network CIMS interoperability enables WSP to join large aggregator networks Back-office Service Partners Aggregator Partners

24. Public Access Service Network Components Back Office Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS Broadband client connectivity Client authentication, service presentation, billing support Routing services, security Access Gateway NMS manages and controls public access infrastructure, Portal delivers web content to clients Back Office Subscriber authentication, Credit card processing Public Internet Access Venue Portal Carrier Internet Service Cable/DSL Modem

25. CIMS Fully Integrated Public Access Solution Back Office InMotion MSC InReach MAP(s) InCharge Colubris NMS (CNMS) Service Provider MultiService client connectivity Turnkey public access CPE solution Integrated access gateway, router, firewall, access point CNMS manages and controls geographically distributed public access infrastructure Back Office Comprehensive support for AAA and back-office billing systems Public Access Venue Portal Carrier Internet Service Cable/DSL Modem CNMS MultiService Controller MultiService Access Point

26. CIMS Meets Public Access Business Needs Easy for Customers to Use Colubris “Zero Configuration” service interface Per user bandwidth management Range of Billing Models Rich AAA interface supports range of billing models Location-aware billing support Minimizes Operating Costs Highly reliable integrated system Central WLAN management system for ease of operation Low Deployment Costs Low cost, purpose-built solutions are easy to install Public Access Venue NOC CNMS WLAN Mgmt AAA, Billing, Portal Internet VSC 1 Public Internet Access Segment Traffic Access Control Bandwidth Management Intelligent MultiService System

27. Fixed Network Infrastructure Wireless Network Infrastructure Defining W ireless LANS Components of a Generic 802.11 Nework AP AP STA STA Router Switch Internet Protocol: CSMA-CA w/ ACK

28. Wi-Fi Primer Interoperability: Wi-Fi Alliance Governing standard: IEEE 802.11 Specification Ratified Data Rate Distance (dipole) Frequency Band 802.11 a 1999 54 Mbps 100 ft. 5 GHz 802.11 b 1999 11 Mbps 300 ft. 2.4 GHz 802.11 g 2003 54 Mbps 300 ft. 2.4 GHz

29. SSID and Windows XP

30. VAPs – Access Contol lists and Backend Services LAN/WAN SSID=Admin Security=VPN QoS=P2 RADIUS Profile 2 ACL 3 SSID=Voice Security=WEP QoS=P1 RADIUS Profile 2 ACL - 4 SSID= POS Security=MAC QoS=P2 RADIUS Profile 2 ACL - 2 SSID=Guest Security=Open QoS=P3 RADIUS Profile 3 ACL - 5 POS Server VoIP Gateway SSID=Hotspot Security=Open QoS=P4 RADIUS Profile 3 ACL - 6 Services Controller Access Devices Radius Profile 1 – Walled Garden ACL’a Back-end RADIUS 4 & WEB AAA NMS Billing Portal Back-end RADIUS 3 & WEB AAA NMS Billing Portal Back-end RADIUS 2 & WEB AAA NMS Billing Portal Back-end RADIUS 1 & WEB AAA NMS Billing Portal

31. Multi-Service WLANs for Higher Education LAN/MAN/WAN SSID=Faculty Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Student Security=Open QoS=P4 Admin Services Student Services VoIP Gateway Faculty Data Center SSID=Assets Security=WPA QoS=P2 Students CNMS WLAN Mgmt AAA/ VPN Server Services Controller Access Devices Internet

32. GSM / Wi-Fi phones are here

33. Toll-Quality Voice Service Broad QoS support for VoWLAN handsets SpectraLink, 802.11e, Vocera, SIP and H.323 softphones Transparent client subnet roaming support Traffic segregation and IP filters reinforce security Open support for 3 rd party power-save modes Employee Server VoIP Gateway CN1250 SSID=VOICE Security= WEP IP Filter=VoIP G/W QoS=P1 Router Data Center Subnet “A” Subnet “B” Seamless Subnet Roaming

34. Multimedia Service WMM/802.11e EDCA QoS protocol support Four classes of service enable rich multimedia applications Service-Aware QoS for non-protocol client devices Enables legacy devices to access QoS Mapping to wired network QoS policies 802.1p and TOS/DiffServ integration CN320 Switch/Router Video Server SSID=VIDEO Security=Open Filter=Video server QoS=P2 SSID=Multimedia Security=WPA QoS=802.11e Surveillance Video Conference Internet

35. Colubris: QoS Enforced at the AP Edge Policies applied at WLAN/wired network boundary Mapping between WLAN and LAN/WAN policies Embedded processors provide scalability to large networks Each AP adds processing power for 16 services to network CNMS centrally configures QoS policies for ease of operation Applications Corporate HQ Suppliers IP Backbone LAN Backbone 802.1p TOS/DiffServ QoS Policy Enforcement SSID 802.1p WME 802.1p TOS/DiffServ

36. Interoperability with QoS-Capable Clients Protocol-based policy enables client device to request priority 802.11e WME provides open voice, video, data interoperability SVP support provides interoperability with SpectraLink phones Part of end-to-end QoS scheme Client-AP-Ethernet SVP QoS WME QoS No QoS Ethernet Wi-Fi 1 2 3 4 Protocol-based Forwarding SSID=Multimedia Security=Open QoS=Protocol

37. WMM for Voice over Wi-Fi Support Corporate Server VoIP Gateway SSID=Voice Security=WEP SSID=Employee Security=WPA SSID=Voice Security=WEP Normal Priority Corporate Data Traffic WMM-Tagged VoIP Traffic 802.1p-Tagged VoIP Traffic

38. Problems with next generation Solutions Phone IP NEW IP Inter AP Roam – re associate & KEY .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. VoIP-PBX Management VLAN Switch Subnet A Master VLAN Switch IP Router Internet RADIUS Server DNS Server VLAN Switch Subnet B

39. Large Site / Campus deployment VLAN Switch In Motion MSC VoIP-PBX Control / mgmt Call Setup Legend: Call CNMS Management VLAN Switch Master VLAN Switch IP Router Internet Secure Control IP Tunnel In Motion MSC .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

40. InMotion ™ Delivers New Services New Industry-leading Voice Over WLAN Service Highest R-values and voice session capacity More than 28% lower jitter than competitors New Fast, Secure Intra/Inter Subnet Roaming Service Mobility for real-time applications MOBILE IP Protocol Secure WPA2 hand-offs < 50 milliseconds New Plug-and-Play Deployment Service Automatic MAP discovery and configuration Mutual authentication and encryption for security Industry-Leading Public/guest Network Access Service “ Zero configuration” for easy client access Rich service management policies MultiService Controllers

41. Retail Multi-Service WLAN LAN/WAN Retailer Headquarters Supplier Headquarters Back-end Hotspot Services AAA NMS Billing Portal Supplier SSID=Admin Security=VPN QoS=P2 Scanner SSID=Voice Security=WEP QoS=P1 Voice SSID= POS Security=MAC QoS=P2 SSID=Guest Security=Open QoS=P3 POS Server VoIP Gateway Manager SSID=Hotspot Security=Open QoS=P4 Customer DHCP, AAA VPN Server Firewall Services Controller Access Devices CNMS Central Mgt Retail Store Location

42. Healthcare Multi-service WLAN LAN/MAN/WAN SSID=Admin Security=VPN QoS=P2 SSID=Voice Security=WEP QoS=P1 Staff SSID=Guest Security=Open QoS=P4 Admin Services EMR System SSID=Patient Info Security=WPA QoS=P2 Doctors Nurses VoIP Gateway Admin SSID=Badges Security=WEP QoS=P1 Affiliated Clinics Doctor/Clinician Office, Home Supplier Headquarters Data Center Asset Tracking SSID=Assets Security=WPA QoS=P2 Suppliers CNMS WLAN Mgmt AAA/ VPN Server Services Controller Access Devices

43. Data Network Security 3 Requirements Access Control – Bi directional, verifiable, centrally Managed Confidentiality – Encryption Data Integrity – Frame Check and Sequencing Cipher Text Encryption KEY Encryption KEY RC4 DES/3DES CCMP AES RC4 DES/3DES CCMP AES Static – PSK Certificate PMK TKIP DATA DATA Encryption Engine Encryption Engine

44. Wi-Fi Security WEP – Wired Equivalent Privacy Original 802.11 encryption scheme RC4 - Static Weak Key VPN – Virtual Private Network (DES, 3DES) cryptography – VPN client and Gateway IEEE 802.1x – Access Control EAP protocol using Radius Authentication WPA – Wireless Protected Access Strong encryption TKIP RC4 Requires access to authentication server IEEE 802.11i – WPA2 Strongest encryption (AES) Government approved HTML Access Control Public Access via Captive Portal authentication

45. Managed Services Network Components Firewall/ Router WLAN Access Point (s) Service Provider NOC Service Provider NMS QoS for real-time services Segments services Broadband client connectivity Routing services Security VoIP switch provides telephony service Application server delivers business services NMS Manages and controls CPE Customer Premises VoIP Switch Cable/DSL Modem Carrier Internet Service App. Server Business Applications Telephony

46. CIMS Managed WLAN Services Solution Easy WLAN access to multiple voice, video, data network services VSCs tailor QoS and security policy for each service VSC traffic mapped to separate NOC or customer premise destinations Comprehensive remote WLAN management minimizes operations costs VSC 2 Voice Telephony Segment Traffic P1 QoS Enterprise Premise Internet NOC VSC 3 Credit Card Processing Segment Traffic P3 QoS VPN Security Intelligent MultiService System VSC 1 Public Internet Access Segment Traffic Access Control P4 QoS

47. Colubris Unique Selling Proposition Centralized management and control minimizes OpEx Distributed network intelligence for service flexibility Highly scalable architecture minimizes CapEx Comprehensive Public/Guest Internet Access Service XYZ Networks ABC Co. Acme Co.

48. WLAN System Components

49. Colubris Products Product Type 1 Radio 2 ports total 2 Radios 3 ports total Appliance No Radio, 4 Ethernet Ports only In Reach MAP – MultiService Access Point MAP-320 MAP-320R CN320 WAP-200 2 VAP no QOS MAP-330 MAP-330R CN330 In Motion MSC – MultiService Access Contoller MSC-3200 MSC-3200R CN3200 100 concurrent Users MSC-3300 MSC-3300R CN3300 100 concurrent Users MSC-5200 CN3400 500 concurrent Users MSC-5500 2000 concurrent Users 2-1000BASE-T4 MGW – MultiService Gateway MGW-1250 CN1250 MGW-3500 CN3500 1000 concurrent Users

50. Access Controller

51. Product Positioning Performance- User Capacity, Future Proofing Features- Connectivity, Security, Mobility MSC-3200 MSC-3300 100 Users 500 Users/25 AP 2000 Users/200 AP MSC-5500 MSC-5200 MGW-3500 1000 Users

52. InMotion ™ MultiService Controllers Specifications MSC-5200 MSC-5500 Software Configuration COS Access Service COS Service Pack COS Access Service COS Service Pack Services VoWLAN Fast Roaming Plug & Play Deployment Public/Guest Access           Maximum MAPs N.A. 25 N.A. 200 Max. Public/Guest Access Users 500 500 2,000 2,000

53. Firewall

54. NAT

55. VPN Client To protect the VPN, add the following definitions to the access list: access-list=vpn,DENY,all,192.168.30.0/24,all use-access-list=vpn

56. Centralized Mode

57. Dual Radio Access Device Features Industry first dual a/b/g radios Two channels on single band increases performance, coverage Configurable AP, WDS Bridge and Monitor operating modes Flexibility and investment protection Enables continuous full-spectrum rogue scanning for increased security Robust monitor and diagnostic capability Eliminates cost of redundant probes/monitors Configurability Radio 1 Radio 2 Transceiver Mode a/b/g a/b/g Operating Mode AP, Bridge, Monitor AP, Bridge, Monitor

58. Single Radio vs Dual Radio

59. Extended Access Control Network

60. Network Topology - WDS MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Access line Client Client client Client Client Client Client MAP-330 MAP-3300 MAP-330 MAP-330 MAP-330 MAP-330 MAP-330 Internet MAP-330 Client Client Client Client Client Client .11g or 11a (WDS) .11b ch 1 area (AP) .11b ch 6 area (AP) .11b ch 11 area (AP) MAP-3300/MAP-330 – one radio in AP mode and the other radio in WDS mode Potential hidden node issue, for shared WDS/AP radios

61. Rogue AP Detection and Reporting Wireless RF Scanning Use of existing, authorized APs for wireless scans Differentiates between true “rogues” and “ignored” 3 rd party APs Multi-vendor support enables most comprehensive Rogue AP detection Wireline Rogue Discovery Scans network via multiple protocols Automatically IDs the “fingerprints” of rogue APs Integrated Rogue AP Reporting Correlates all information to rapidly locate and disable rogues

62. Outdoor Rated Enclosure: MSC-3200R, MAP-320R Die-Cast Aluminum, NEMA 67 rating 2 waterproof N-type Antennas option Waterproof, quick disconnect RJ-45 connector 3 point silicone-rubber gasket Pole-top and wall-mount mounting options Colubris Logo Applied This slide for planning purposes only, content and dates subject to change

63. Locking Mounting Bracket Die-Cast Aluminum Wall or Ceiling Mountable Compatible with standard product enclosure (slides in and out) Padlock not included List Price $50 (USD) This slide for planning purposes only, content and dates subject to change

64. CNMS - WiFi Network Management

65. WiFi Network Management

66. CNMS Overview NMS Authentication RADIUS SNMP NOC WAN/LAN Campus A Campus B CN3200 CN320 CN3200 CN1250 SNMP/HTTP/TFTP CNMS Monitor AP discovery User monitoring Rogue AP detection NMS & AAA integration Analyze Alerts & diagnostics Performance reports RF event correlation Act Multi-vendor config mgt Firmware distribution Grouping & scheduling

67. Colubris Networks Offers a Comprehensive RF Security and Management Solution InCharge RF Server InReach 330P InCharge RF Planner Automatically prevent Wi-Fi security attacks Perform real-time network audits Assist performance troubleshooting Monitor wireless LAN health

68. InCharge RF Server Two appliance models support up to 50 sensors or up to 200 sensors Correlates sensor data Analyzes and classifies Wi-Fi devices Enforces security policy Web interface Within CNMS, launch InCharge RF Server screens in Phase 1 Tight integration with CNMS in Phase 2 InCharge RF Server, InReach 330P, InCharge RF Planner InReach 330P Scans 2.4 and 5 GHz bands Centrally managed and configured by Server Dedicated sensor function in Phase 1 Concurrent AP and Sensor function at Phase 2; Phase 1 InReach 330P devices can be upgraded to Phase 2 capability Power over Ethernet InCharge RF Planner Stand-alone Windows-based application Models wireless LAN coverage without a physical site survey Evaluates security risk from wireless LAN spillage outside building Assesses changes with simple drag and drop techniques Generates equipment lists for installation team Provides powerful predictive planning Input floor plan Add building material type Specify 802.11b, g or a Input minimum bandwidth requirements Drag and drop APs Supports dynamic floor plan models RF coverage Channels Signal strength Spillage InReach 330P Web Interface InCharge RF Server InCharge Security Server

69. The Threat!!!; Eight Major Classes of Wi-Fi Threats Firewalls, VPNs, and 802.11 Security Standards Do Not Prevent These Wi-Fi Threats on Either Wired or Wireless Networks Enterprise Network Neighboring Network ? Ad Hoc Denial of Service Attack AP MAC Spoofing Rogue AP Mis-configured AP Unauthorized Association Mis-association Honeypot Common Rogue Access Points Mis-configured Access Points Ad hoc connections Client mis-associations Unauthorized client associations Malicious Honeypot APs MAC Spoofing APs Client > Malicious AP Denial of Service De-authentication flood Packet storm

70. Monitor/Detect Scan all bands 2.4 GHz and 5 GHz Detect all Wi-Fi activity Access points, soft APs, NATing APs, clients Correlate information from multiple sensors Eliminate confusing duplicate reports of the same device

71. Visualize Make your airwaves visible View RF coverage in real time Handhelds only provide a snapshot in time Plan for security and Wi-Fi coverage Only integrated solution that ensures proper sensor placement Model detection and prevention levels Self-calibrating Site-specific RF characteristics Deployment orientation Good Coverage No RF Coverage Poor RF Coverage

72. Auto-Classify Comprehensive Access points Authorized, Rogue, External Clients Authorized and Unauthorized Accurate and Reliable No false positives/no false negatives Instantaneous No manual user intervention required InCharge RF Server dashboard automatically classifies Access Points and Clients into appropriate categories.

73. Prevent Over-the-air Ensures non-stop protection Instantaneous Based on quarantine policy and accurate auto-classification Doesn’t require manual administrator intervention No harm policy Won’t disrupt your own or neighbor’s networks Most comprehensive solution All major classes of threats Rogue access points, Evil Twin/Honey Pot APs, MAC spoofing APs, mis-configured APs, rogue clients, client mis-associations, ad hoc networks and DoS attacks InCharge RF Server dashboard shows rogue access points that has been quarantined; I.e. automatically blocked to prevent any and all client connections. 3 5

74. Locate Precise Locates rogues and other Wi-Fi security threats for physical remediation Pinpoints all AP and client device locations Authorized, unauthorized and neighbor Immediate One click operation Site calibrated Displays location on a floor plan One click operation provides graphical probability analysis of location Not just a red ‘X’ InCharge RF Server integrates a floor plan to show a range of probable locations of rogue APs or clients.

75. Prevent Wi-Fi Threats in a Non Wi-Fi Network Even if you have no 802.11 AP’s, most laptops have 802.11 cards A laptop radio is default configured to ‘automatically associate’ with the strongest signal from a list of SSID’s Hackers simple sit outside the building with an AP configured to a common SSID and wait for a number of laptops to connect SSID: linksys Corporate Firewall Internet X X X X Honeypot attack lures in multiple laptops to miss-associate.

76. Rogue AP Blocking Rogue AP is Detected Over-the-air detection Network connect tested Auto-classified No False Positives Does not rely on switch Blocked over-the-air De-auth all Clients 100% accurate Any network / switch Better than port blocking Port blocking is not reliable Port blocking may cause DoS Rogue AP Wi-Fi Ready Laptop X Corporate Firewall Internet

77. Prevent Client Mis-Association Enterprise Network Neighboring Network SSID: a1b2c3 SSID: a1b2c3 SSID: a1b2c3 X X X X Clients associate to strongest signal Blocks clients that mis-associate Prevents SSID spoofing Client roaming

78. Prevent MAC & Air-Jack Attack Enterprise Network SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 SSID: a1b2c3 MAC: 00.20.A6.4C.1A.46 X X Detects MAC Spoofing Blocks unauthorized spoofed AP’s Prevent malicious threats Evil Twin Man-in-the-middle

79. Denial of Service Attack Prevention Wi-Fi Denial of Service can shut down your network Blocks DoS attacks Exclusive vendor DoS prevention Patented ‘ Virtual Selective Jamming’ technique Corporate Firewall Internet Enterprise Network X X X DoS attack

80. Complete Protection Requires Simultaneous Threat Prevention Enterprise Network X X X X X Rogue AP Single Sensor must block multiple Clients and multiple Rogue AP’s on multiple channels simultaneously Corporate Firewall Internet SSID: linksys

81. Knowledge-Based Troubleshooting Step-by-step flowchart Connectivity and performance problems Client and access point issues Not just problem identification Suggests remedies Easy to use Helpdesks Remote administrators Live over-the-air packet capture Ethereal

82. Knowledge-based Troubleshooting (cont’d) Administrator logs into the InCharge RF Server & chooses the device to troubleshoot Administrator selects the appropriate sensor to troubleshoot the device Step 1 Step 2 Live Packet stream

83. Customizable Reports This custom report captures uncategorized & unauthorized clients that are not quarantined!

84. Security & Performance Monitoring Monitor & alert for security and performance issues Total of 140 events! Complete protection Sensors scan ALL channels Independent of regulatory domain Details provided for each event Suggested remedies

85. Availability Phase 1: GA End of October InReach 300P (dedicated sensor) InCharge RF Server appliance InCharge RF Planning Tool Phase 2: target GA of 1Q06 Multi-function MAP-330 will support AP and sensor function or act as a dedicated sensor Software migration path from Phase 1 to Phase 2 capability Tight integration of InCharge CNMS and RF server

86. A New Paradigm Determine AP and security sensor placement without physical walk around Much more efficient method than physical site survey What-if analysis Predictive planning enables simply, easily Building floor plan with predicted RF coverage

87. How it Works Predictive planning Input floor plan Add building material type Specify 802.11b, g or a Input minimum bandwidth requirements Drag and drop APs Dynamic floor plan models RF coverage Channels Signal strength Spillage

88. InCharge RF Planner Wi-Fi Site Planning InCharge RF Planner Site Planner for Wireless LAN Access Point Coverage Site Planner for Performance Optimization Planning for WLAN Security Sensors Coverage Advantages Software solution does not require manual site surveys Automatic RF Mapping with ‘True Map’ Automatic report generation Planning for Coverage, Performance and Security

89. Wi-Fi Site Planning Software Planning Tool Import or create floor plans State-of-the-art RF propagation modeling for wireless LAN and security sensor coverage Models site specific parameters Ensure optimum performance Capacity and coverage Allows for redundancy planning Ensures no blind spots Provides visual confirmation Determine security level needed Detection vs. prevention coverage areas Security sensitivity modeling Good security coverage blind spots

90. Wireless LAN Coverage Model building RF reflection, refraction, and absorption Import floor map from virtually any electronic format Plan for complete and optimum coverage

91. Redundancy Planning Eliminate blind spots Model 802.11 a/b/g Minimize AP requirements

92. Link Speed Performance optimization modeling Model 802.11a/b/g Building specific

93. Channel Allocation Visualize Channel Overlap to minimize interference Model various scenarios Vendor APs Antennae Antennae direction Power a/b/g

94. Channel Interference Minimize Interference Model multiple scenarios Optimize performance

95. Security Exposure Know where you are vulnerable Model various scenarios to minimize risk

96. Comprehensive Security Coverage Planning Accurately determines number of sensors based on customer specific risk profile Five specific variables used to model coverage level Site specific characteristics Detection vs. prevention range Detection range vs. transmit power of rogue or attacker Redundancy Other solutions blindly quote coverage ranges with no real method to determine actual security level SpectraGuard Enterprise shows precisely the detection (blue) versus protection (purple) range of each sensor.

97. Work Order Automatic work order generation Detailed management reporting Ease deployment and maintain performance of your WLAN project

98. Global Customer Deployments Wireline Wireless Cable ISP Hospitality Retail Education Transportation Sporting Venues Service Providers Verticals Partners New Zealand Argentina

99. Customer Success: McDonald’s Restaurants McDonald's is the leading global foodservice retailer with more than 30,000 restaurants serving nearly 47 million people in more than 120 countries each day. Trigger Events: 500+ “Store of the Future” WLAN Program Initiative Why Colubris: Open systems, multiservice platform provided a simple, cost-effective means to evaluate and launch new business applications to improve quality and speed of service Scale and manageability to potentially thousands of locations Simple integration with existing Juniper infrastructure Goals: Enhanced customer satisfaction and revenue throughput Consistent quality monitoring Real-time inventory management Timely corporate communications Vision Point: Use wireless mobility to improve customer service, quality and cost across business systems Solution: CN3200 AP/SC platform, CNMS Management Competition: Cisco & Symbol

100. McDonald’s “Store of the Future” VSC 1 VSC 2 Roaming Quality Audits Segment Traffic WPA Security VSC 3 Public Internet Access Segment Traffic Access Control Best Effort Priority Quality & Inventory POS Line Busting Hotspot Quality Control Mobile Order Taking Segment Traffic WEP Security Intelligent Access & Service Control 3 VSCs deliver separate service through single WLAN system VSC security and QoS policies tailored to each application Open support for wide range of devices, users and apps. Applications under evaluation: Wireless telemetry, Inventory management, VoIP (drivethru), Signage WLAN Management Internet

101. Customer Success: Wendy's Wendy’s is one of the world's largest restaurant operating and franchising companies with more than 9,500 restaurants under the Wendy's Old Fashioned Hamburgers®, Tim Horton's and Baja Fresh® Mexican Grill brands. Trigger Events: Interoperable, low cost WLAN equipment widely available Why Colubris: Delivers multiple private and public WLAN services in one device Integrated IP routing and VPN security services Centralized management of 1000s of remote sites Easy to deploy solution for autonomous franchises Goals: Wireless mobility for all headquarters and regional employees Real-time network automation of restaurant equipment Single WLAN architecture for campus, regional offices and stores Eliminate cabling expenses Offer customers public Internet access services Vision Point: Common wireless infrastructure for restaurant automation, enhanced customer service and human resource productivity initiatives Solution: CN1250 (HQ), CN3200 (Restaurant), CNMS management Competition: Cisco, Sonic Wall, ReefEdge

102. Wendy’s Common WLAN Infrastructure Restaurant Automation Segment Traffic P2 Priority Public Internet Access Segment Traffic Access Control Best Effort Priority Equipment Controller POS HotSpot (Future) Equipment Automation & Telemetry Regional Mgr Network Segment Traffic VPN Security Wireless connectivity to HQ VPN network VSC security and QoS policies segment traffic tailored to each application CNMS centralizes management for HQ, regional offices and restaurants WLAN Management Intelligent Access & Service Control VPN access to HQ applications Headquarters Intelligent Access & Service Control Point of Sale/ Line Busting (Future) POS Segment Traffic VPN Security VSC 3 VSC 4 VSC 2 VSC 1 VPN Server Internet

103. Gander Mountain “Store of the Future” VSC 1: Associate Communication Segment Traffic WEP Security Voice Priority VSC 2: Inventory Control Segment Traffic WPA Security Quality & Inventory Management POS WLAN Management Intelligent Access & Service Control VSCs deliver 3 separate services through single WLAN system VSC security and QoS policies segment traffic tailored to each application VSCs provide open support for wide range of devices, users and applications VoWLAN Wire Replacement Wire Replacement VSC 3: Corporate Employee Segment Traffic WPA Security Best Effort Priority Internet

104. Customer Success: Emory University Trigger Events: Availability of unified WLAN voice and data network technology Emory University is recognized as one of the U.S.’s top 25 national universities. It is known for its demanding academics, outstanding undergraduate college of arts and sciences, highly ranked professional schools and state-of-the-art research facilities. Why Colubris: VSC capabilities Leadership VoFi and QoS solution Central management for scalability and ease of operation Goals: Easy access to network services from any campus location Instant voice communications for all staff members Wireless student Net access Guest Internet access in hospitals Vision Point: Improved staff, faculty, student productivity through ubiquitous broadband network services Solution: CN1250 Secure Gateway, CNMS Management Competition: Cisco

105. Emory University Ubiquitous WLAN VSC 1 VSC 2 VPN Data Service Segment Traffic VPN Security VSC 4 Public Internet Access Segment Traffic Access Control Best Effort Priority Data Services VoIP Gateway VoFi Hotspot (hospital) Student, Staff, Faculty Voice Service Segment Traffic High Priority Intelligent Access & Service Control SpectraLink VoWLAN phone support Smooth migration from VPN to WPA capable devices Student, Staff and Faculty security privileges set by RADIUS authentication WLAN Management VSC 3 WPA Data Service Segment Traffic WPA Security Student, Staff, Faculty Internet

106. Customer Success: SJ Trigger Events: “ Internet On Track” -- The first full fleet roll out by a train operator of an onboard wireless Internet service and the world's first implementation of 3G/Satellite -enabled Wi-Fi service SJ is Sweden’s leading rail traffic company and operator of the X2000, Sweden’s high-speed train, and its new X40 fleet – servicing 85 trains beginning in summer 2005. Why Colubris: VSC capabilities Security policies ensure internal applications are protected from public Internet traffic Corporate responsiveness and networking expertise Goals: Integrate an Internet access service into business class ticket Optional fee service for coach class ticket holders Separate internal WLAN service for train monitoring Vision Point: Continuous broadband Internet service improves passenger experience Solution: CN320 Intelligent MultiService Access Point Competition: Cisco, Proxim

107. SJ “Internet On Track” Service Data Collection Train Data Monitor Hotspot Intelligent Access & Service Control Segment traffic per VSC for security Strong security for internal train applications Selective Layer 2 isolation prevents snooping on passenger hotspot service while enabling peer-peer monitoring connections VSC 2 Public Internet Access Segment Traffic Access Control Best Effort Priority VSC 1 Data Collection Segment Traffic WPA Security High Priority Internet

108. Wi-Fi on the Train Head Car Rear Car Middle Cars (7) Mobility Router GPRS, EDGE, CDMA, UMTS, WCDMA, 3G and satellite technologies. Provide wireless multi-service applications in a single footprint Provide Access Control CN330 CN320 CN330 CN3300 Public Access – internet for passengers Personnel Access – ticket sales, inter cart communication Video surveillance SSID 1 SSID 2 SSID 3 Internet

109. Customer Success: Sprint Sprint is a Fortune 100 company with more than $27 billion in annual revenues in 2004, Sprint is widely recognized for developing, engineering and deploying state-of-the-art network technologies. Trigger Events: Previous vendors unable to reach vision point Why Colubris: VSC capabilities: traffic segmentation, security & QoS policies per VSC Ease of management with CNMS Interoperability with 3 rd party hotspot back-end services Goals: Upsell existing WAN service customers to managed Wi-Fi Offer revenue-generating hotspot service to retailers and public venue operators Flexibility to add new software-defined Wi-Fi service offerings (training, video surveillance, point-of-sale system, credit card service) Vision Point: Managed Wi-Fi service for installed base of 8,000 enterprises Solution: CN3200 AP/SC platform, CNMS Management Competition: Cisco, Nomadix, AireSpace

110. Sprint “Enterprise Wi-Fi Access” Service Hotspot Intelligent Access & Service Control Segment traffic per VSN for security Authenticate hotspot users via Airpath back-end service CNMS in NOC centralizes management for all customer sites Additional VSCs available for future services Security Surveillance Service (Future) VSC 2 Video Surveillance Segment Traffic High Priority Back-end Hotspot Service Point of Sale Credit Verification (Future) POS Segment Traffic VPN Security VSC 3 Enterprise Customer Premise WLAN Management Sprint NOC Internet VSC 1 Public Internet Access Segment Traffic Access Control Best Effort Priority

111. Customer Success: Best Western Europa The Europa is a 180-room business hotel located in downtown Montreal and a franchise of the Best Western hotel chain. Trigger Events: Best Western mandate to offer Wi-Fi Internet access in all properties Why Colubris: VSC capabilities Strong security policy enforcement VoWLAN and QoS support Goals: Differentiate by offering wireless keycard and wireless guest authentication services Upgrade path to VoWLAN service for guests Reduce operating costs while expanding guest services Vision Point: Leverage Wi-Fi to provide multiple wireless customer conveniences Solution: CN3200 AP/SC platform, CN320 AP, CNMS Management Competition: Cisco

112. Best Western MultiService WLAN Guest Internet Access Service Intelligent Access & Service Control Segment traffic per VSC for security Authenticate hotspot users via Airpath back-end service Additional VSCs available for future services VSC 1 Public Internet Access Segment Traffic Access Control Best Effort Priority Wireless Guest Authentication and Direct Billing VSC 2 Guest Authentication Segment Traffic WPA Security Guest Wireless Voice Service (Future) Telephony Segment Traffic High priority VSC 3 VoIP Gateway Property Management System Internet

113. Veteran Leadership Team Barry Fougere - President & CEO A.T. Kearney, EDS, Cambridge Strategic Mgt Group Pierre Trudeau - Co-founder & CTO Eicon Technology, Touch Tones Digital Jukebox Larry Whitman - CFO WaveSmith Networks, Shiva John O’Hara – VP, Engineering WaveSmith Networks, New Oak Communications Marty Falaro – VP, Sales & Business Development Altiga Networks, Cisco, PictureTel Roger Sands – VP, Enterprise Development Accton Technoloogies, US Robotics Ken MacLure – VP, Operations Narad Networks, Cascade Michael Welts – VP, Marketing Unisphere, Castle Networks, Bay Networks

114. Demonstration Setup MSC-3300 MAP-330 5.8GHz WDS Secure Link In Charge CNMS 192.168.2.20 RADIUS/Apache 192.168.2.99 WIN2K Server 192.168.2.100 Gateway Router Internet