RoamAbout Wireless Access Points
Download
Report
Transcript RoamAbout Wireless Access Points
“There is nothing more important
than our customers”
RoamAbout Wireless Product Portfolio
Customer Presentation
Enterasys RoamAbout WLAN Solutions
•
RoamAbout Product Portfolio
•
Management Applications
•
Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved.
2
WLAN Implementation – The Major Challenges
The WLAN must be as secure as the LAN
infrastructure
Performance
The WLAN should support today’s
standards and be 802.11n ready
Deployment
Optimize positioning of Access Points
Find and isolate rogue APs
Automatically reconfigure failed nodes
Management
Manage WLAN with existing resources
Easily authenticate and authorize corporate
and guest users
User
Satisfaction
Non-stop operation
Ready for Next gen productivity apps, such
as Voice over WLAN
© 2007 Enterasys Networks, Inc. All rights reserved.
RoamAbout Solutions from Enterasys
Security
3
RoamAbout - Enterasys’ Wireless LAN Heritage
More Than 14 years experience in WLAN technology
-
First RoamAbout product shipped in January 1993
-
100,000+ RoamAbout Access Points have been deployed
-
1,000+ enterprise class customers worldwide
Many industry innovations
-
First Access Point with Power over Ethernet
-
First Access Point with secure SNMP v3 support
-
First 802.11b PCMCIA Radio Card with 128 bit encryption
-
First radio technology-upgradeable Acess Point
Committed to open standards
-
WiFi Alliance
-
IEEE
-
UNH WLAN Interoperability Lab
• Numerous large deployments across a broad spectrum of
industries
-
Goodyear
-
Unisys
-
West Hartford Public Schools
-
Montgomery Township
© 2007 Enterasys Networks, Inc. All rights reserved.
4
RoamAbout – A Flexible Product Portfolio Today
• Secure Networks
- Enterasys’ embedded security
architecture for wired & wireless
networks
• Wireless Switches
- The intelligence for next gen
wireless networks
- Provides ACL policy, centralized
management, plug and play
deployment, L3 mobility, rogue
detection, reliability, and load
balancing
• Access Points
- Performance, security and 802.11
standards compliance
• WLAN Management Software
- Operations center for network
• Site Survey Tools
- Helps size and optimize wireless
network for customer environment
© 2007 Enterasys Networks, Inc. All rights reserved.
5
RoamAbout Wireless Switches
Mobility System Software Version
5.0 includes support for all wireless
switch controllers
Ports
Active
APs
AP
configs
TPRZ-MXR2
Remote Office Solution
2 x 10/100/ RJ45 with PoE *
3
3
RBT-8110
1 x Gigabit RJ45
1 x 10/100/ RJ45
1 x Console
24
120
RBT-8210
2 x Gigabit RJ45
1 x Console
24
48
72
300
RBT-8400
4 x Gigabit (GBIC or RJ45)
1 x Console
1 x Flash card slot
40
80
120
480
* Note: TPRZ-MXR2 works with RBT-1602 Access Point only
© 2007 Enterasys Networks, Inc. All rights reserved.
6
RoamAbout Wireless Access Points
RBT-4102
• Convertible AP that supports either Thick or Thin Modes
• Secure Networks edge policy in Thick Mode
• ACL-based edge policy in Thin Mode
• Single RJ45 LAN connection with Standards-Based PoE
• Redundant, Load-Sharing Power when External Power is use with PoE
RBT-1002, RBT-1602
• Support for Thin Mode ONLY
• Dual radio for 802.11a+b/g, less expensive than RBT-4102
• Supports ACL-based edge policy
• dual-homed LAN and dual-homed PoE (RBT-1602)
• RBT-1602 can ONLY be powered via PoE
• Redundant, load-sharing power with PoE + external (RBT-1002)
TPRZ-MP-620
• Weatherproofed for Outdoor Deployments
• Support for Thin Mode ONLY
• Dual radio for 802.11a+b/g
• Supports ACL-based edge policy
• Single Ethernet port with PoE support
• External RSSI port for field antenna alignment
• Built-in lightning protector
© 2007 Enterasys Networks, Inc. All rights reserved.
7
Enterasys RoamAbout WLAN Solutions
•
RoamAbout Product Portfolio
•
Management Applications
•
Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved.
8
RoamAbout WLAN Management
NetSight Console & Policy Manager
RoamAbout Switch Manager
Management Application for
RoamAbout AP4102 operating
in Thick Mode.
Management Application for all
Enterasys Wireless Systems operating
in Thin Mode.
© 2007 Enterasys Networks, Inc. All rights reserved.
9
RoamAbout Switch Manager (RASM)
• Feature rich NMS for
RoamAbout WLAN Switches
• Integrates Site Survey
Information
- User location and roaming history
- Intrusion detection and location
• Device & User Management
- With a template model to simplify
enterprise class deployments
• Performance tracking
- At multiple levels of granularity –
from campus-wide to user-specific
- Includes real-time to 30 day history
logging
• Fault and event viewing
- Network Admins can quickly isolate
and eliminate malfunctioning APs
• Scales to manage 1 to 100+
RoamAbout switches
© 2007 Enterasys Networks, Inc. All rights reserved.
10
RoamAbout Thick Mode WLAN APs
Thick Mode
• WLAN Access Points operating standalone
• Access Points use Enterasys Edge-Policy
(equivalent to wired Switches).
• Relatively Simple Configuration that is easy to
deploy and easy to manage
• Deployments are relatively static
Advantages
• Supports Policy Management features
• Access Points are managed natively
using NetSight applications
• Uses NetSight Policy Manager to
enforces policy rules and roles
Why Choose a Thick Mode WLAN?
• Very efficient WLAN traffic-flow
• Limited dynamic mobility for users moving
• Enforces Secure Networks Policy characteristics because WLAN traffic is
between Access Points
not aggregated through a Wireless
• Simplified management using NetSight
Policy
Switch
Manager and other NetSight Applications
• APs are not dependent on a wireless
• APs are administered in a similar manner
switch,toso they can be “plug-and-play”
Ethernet Switches on the network
© 2007 Enterasys Networks, Inc. All rights reserved.
11
RoamAbout Thin Mode WLAN Switches & APs
Thin Mode
Advantages
• WLAN Switching with lightweight Access Points
• Scalable, centralized management for
large scale WLAN deployments
• Sophisticated controllers enable the use of
less intelligent Access Points
• Multiple APs are managed as a single system
• Advanced rogue Access Point detection
& suppression
• Self-healing capabilities with auto• WLAN Switching enables automated RF
power and auto-channel functions
domain sizing, power adjustments and
Why Choose Thin Mode?
• Support for Web based authentication
channel selection
• Multiple Access Points behave as a single
• Supports Topography views in
• Convergence and Telephony apps are
entity
management applications
enhanced with fast roaming capability
• Improved support for advanced features,
• Wireless Switches are designed to
including Voice
support future 802.11n networks
• Elimination of Subnet Roaming Issues
• ACL-based edge-policies can be
configured to equate with Secure
Networks policies in the LAN.
© 2007 Enterasys Networks, Inc. All rights reserved.
12
Enterasys RoamAbout WLAN Solutions
•
RoamAbout Product Portfolio
•
Management Applications
•
Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved.
13
Dynamic Response to Rogue APs
• Rogue Access Points are a serious security
threat
-
Unauthorized parties can gain wireless access to
the entire IT infrastructure
-
They are not subject to IT administration or
monitoring
-
Access Point
Access Point
They interfere with production WLAN operation
• RoamAbout WLAN switch infrastructures can
automatically detect and isolate rogue APs
-
Access Points temporarily convert to WLAN
Sensors to locate the rogue AP
-
once the threat is mitigated Access Points revert
to normal operation
-
this approach negates the need for an overlay
WLAN security sensor network
• In addition Enterasys Policy-enabled LAN
Switches can limit access for rogue APs
-
LAN ports deploy authentication techniques that
block network access for non-authenticated
devices, such as Rogue APs
-
Security policy prevents IP addresses resolving
to unauthorized DHCP Servers hosted by Rogue
APs
-
MAC locked LAN ports block unauthorized APs
from joining the network
Rogue AP
Access Point
© 2007 Enterasys Networks, Inc. All rights reserved.
Access Point
Access Point
14
WLAN Switch Automation Tools
Simplify IT Administration
• Self healing infrastructure ensures
business continuity
- Adjacent APs detect and respond to
AP failure or RF degradation
Access Point
- Clients are automatically migrated
to fully functional APs
• Dynamic load balancing addresses
the “over-subscribed AP”
challenge
- Automatic frequency selection and
power control for adjacent APs
Access Point
- Changes are localized, do not
cascade throughout the network
Access Point
- Option to dedicate bandwidth to
QOS sensitive applications such as
video and voice
© 2007 Enterasys Networks, Inc. All rights reserved.
15
Seamless Subnet to Subnet Roaming
• Supports leading edge corporate
productivity applications
Subnet A
- Non disrupted use of WiFi and dual
mode telephony handsets on the
corporate WLAN
- Increase the effectiveness of PDA
and handheld computer applications
• RoamAbout WLAN Switches
integrate advanced roaming
technologies including
- Synchronized handoffs to avoid call
jitter for VoIP
- Fast subnet to subnet handoff times
of less than 100ms
- Eliminate the need for client reauthentication
© 2007 Enterasys Networks, Inc. All rights reserved.
Subnet B
16
Enhanced Security with WLAN Intrusion Defense
for AP1602
• Integrated IDS and IPS for the
WLAN network
- Optional AirDefense software turns each
RoamAbout AP1602 into an “on-demand”
AirDefense Sensor
- A centralized Security Dashboard
aggregates threat information from each
Air Defense Sensor
WLAN
Switch
WLAN
Switch
- Includes real-time dedicated monitoring
of all channels and frequencies for
Intruders and Impending threats
- Forensics & incident analysis capabilities
- May be used for regulatory compliance
monitoring
- Common Criteria certified
AP
© 2007 Enterasys Networks, Inc. All rights reserved.
AP
17
Real Time Asset Tracking & Location
• The ability to rapidly locate mobile assets
is a key competitive advantage for many
industries
- Tracking raw materials and WIP in a
manufacturing setting
- Locating patients and medical diagnostic
equipment within a healthcare facility
© Copyright (c) 2000-2005 Ekahau, Inc.
All rights reserved.
- Managing inventory and shipments in a warehouse
• Automated asset tracking improves
productivity
- While increaing cycle count accuracy and reducing
operational costs
• RoamAbout switch infrastructures support
real-time location services
- Using WiFi Tags and 3rd party Location Servers
- Operates with products from AeroScout and
Ekahau
Location Server
© 2007 Enterasys Networks, Inc. All rights reserved.
18
“There is nothing more important
than our customers”
Wireless Networking Vision
Today - RoamAbout® “Thick” WLAN
solutions
• Independent operation
• Convertible to “thin” mode
• Configured and managed with
NetSight policy manager
• Continuous identity
management
• Flexible operational modes
- Workgroup
- Point-to-Point
- Point-to-Multipoint
© 2007 Enterasys Networks, Inc. All rights reserved.
Today - RoamAbout “thin” WLAN solutions
Wireless Controllers
• Wireless controllers
Product
TRPZ-MXR-2
- Network security
RBT-8110
RBT-8210
RBT-8400
› Network Access Control
RBT-8500
› ACL Policy
Interfaces
1 x 10/100 RJ45 with PoE, 1 x 10/100 RJ45
without PoE
1 x Gigabit RJ45, 1 x 10/100 RJ45, 1 x Console
2 x Gigabit RJ45, 1 x console
4 x Gigabit (GBIC or RJ45), 1 x Console,
1 x Flash Card Slot
2 x Gigabit SFP (MGBIC), 1 x console,
1 x Flash Card Slot
Active APs
Up to 3
Up to 24
Up to 72
up to 120
up to 128
Wireless Access Points
› Data encryption
Product
RBT-4102
› Continuous identity management
RBT-1002
- 802.11n capable
RBT-1602
TRPZ-MP-422
TRPZ-MP-620
- Low latency L3 mobility
- WiFi rogue detection
TRPZ-MP-432
Interfaces
(1) Wired 10/100 Mbps, (1) Console port
RS232, (2) reverse male SMA connectors
(4102 only)
(1) Wired 10/100 Mbps, (1) Console port
RS232, (2) reverse male SMA connectors
(4102 only)
(2) Wired 10/100 Mbps, (2) reverse male SMA connectors
(2) Wired 10/100 Mbps, (2) reverse male SMA connectors
(1) Wired 10/100 Mbps, (1) Console port
RS232, (2) reverse male SMA connectors
(4102 only)
2 Gigabit Ethernet uplink ports
- Plug and play management
applications
• Wireless access points
• RoamAbout Switch Manager
- Operations center for WLAN
• Site Survey Tools
- Easy to use RF planning
© 2007 Enterasys Networks, Inc. All rights reserved.
Protocol
802.11a/b/g
802.11a/b/g
802.11a/b/g
802.11a/b/g
802.11a/b/g
802.11a/b/g/n
2008 - Software Releases
• Version 7.0
- Multi hop meshing
› Reduce cabling costs and deploy APs in
locations where cabling is not possible
- 802.11n support dramatically increases
WLAN throughput (up to 600 Mbps) while
improving client coverage and density
› TRPZ-MP-432
- Indoor 802.11 a/b/g/
n
AP
- Enterasys NAC Support
› Force re-auth, quarantine, etc.
- Wireless Switch Clustering
› Scalable and dynamic backup/recovery
services for switch controllers
• Version 7.2
- Automatic AP and controller load balancing
- Controller Distributed Configurations
- Security Enhancements
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 –WLAN “Thin” Mode Multi Hop
Meshing
• Wireless AP access where wired interfaces are not available
- Radio link to multiple access points that do not have wired interfaces
• Cost effective WLAN deployments
- Reduces number of switch controllers
- Reduces cabling costs(~$200/AP)
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 – RASM / Smart Pass
• RASM Planning
- Tools ease installation and eliminate surprises
- Improved outdoor RF planning
- Improved scaling
• RASM Management
- MS Vista support
- Full lifecycle indoor/outdoor management
- Wizards (for desired coverage, capacity, client type, e.g. WMM Voice or Spectralink SVP)
for rapid deployment of hundreds of APs
- Mobile client management, tacking, logging, and reporting for thousands of wireless
clients
• SmartPass
- Web-based provisioning for non-technical staff
- Secure guest access without network reconfigurations
- Scalable centralized client/server architecture with Radius API, up to 10,000 clients
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 - WLAN Controller: RBT-10000
• 28Gbps Ethernet switching capacity – industry’s highest density WLAN switch
• 2 x 10-Gbps ports; 8 x 1-Gbps ports
• Line-rate speed and throughput
• Industry’s only hardware-switched wired and wireless
• 512 active AP’s
• 12,000 active clients per switch
© 2007 Enterasys Networks, Inc. All rights reserved.
25
2008 – 802.11n Access Point
• Superior performance
- Simultaneous dual band operation
(2.4GHz and 5 GHz)
- 300 Mbps per band -> 600 Mbps total
- 3x3 MIMO in both bands
- 2x10/100/1000 uplink ports
• Leverages existing infrastructure
- Interoperates with existing switch
controllers
- Same PoE injectors
- Utilizes the same mounting brackets
• Flexible Power over Ethernet
options
- 802.3af injectors (1 or 2)
- 802.3at draft injectors
• WiFi certified ready
- Fully compliant with 802.11n draft 2.0
- Guaranteed interoperability with
standards based networks
- Upgradeable to final standard
• Optimal range
- Internal antenna design delivers
surround coverage
© 2007 Enterasys Networks, Inc. All rights reserved.
2009 – WLAN/LAN Integration
• Integrated WLAN and LAN solution offerings to the
enterprise
- Integrated with Enterasys edge switches
- Reduces complexity and expense of wireless controller
appliances
• “Unified” access points capable of dynamically converting
between “Thin” mode and “Thick” mode
- Provides increased resiliency for the WLAN in the event of a
switch layer failure
- 802.11n performance for bandwidth intensive applications
• Single, integrated WLAN/LAN management
- Cost effective
- Easy network administration
• Integrated WLAN/LAN network security
- Including IDS/IPS security mechanisms
© 2007 Enterasys Networks, Inc. All rights reserved.
RoamAbout Hardware – Timeline
Wireless Switches
· RBT-8500
32 – 128 Aps
2x1Ge SFP ports
· RBT-8500-32
License upgrade
for 32 additional
APs
Access Point
· TRPZ-MP-432
· RBT-10000
802.11 a/b/g/N AP
10 Gigabit switch
controller
up to 512 APs
Feb 2008
Jun 2008
RBT-8500
Feb
Mar
Wireless Switches
May
Jun
Jul
· Edge switch with
embedded wireless
controller
· TRPZ-MP-632
Outdoor 802.11 a/
b/g/N AP
Oct 2008
Indoor 802.11n
Apr
Access Point
Feb 2009
RBT-10000
Aug
Sep
Oct
Nov
Jan 1, 2008
Outdoor 802.11n
Dec
Jan
Feb
Mar
Mar 31, 2009
© 2007 Enterasys Networks, Inc. All rights reserved.
Mobility Switching Software – Timeline
v7.0 wireless
switching
Wireless Switching
v7.2 wireless
switching
· RASM 6.2
· Mesh multi-hop support
RF Planning Enh
· 802.11n
Outdoor RF Planning. · Bandwidth Control
· SmartPass 6.3
Per User
Per SSID
· ETS NAC support
· Wireless Switch/
Controller Clustering
Apr 2008
Jun 2008
MSS 6.2
Feb
Mar
Apr
May
Jul
Aug
Security enhancements
Capacity scaling
Distributed configs
Resilient clustering
Nov 2008
MSS 7.0
Jun
·
·
·
·
MSS 7.2
Sep
Oct
Nov
Jan 1, 2008
Dec
Jan
Feb
Mar
Mar 31, 2009
© 2007 Enterasys Networks, Inc. All rights reserved.
Thank you
© 2007 Enterasys Networks, Inc. All rights reserved.
30
Enterasys RoamAbout WLAN Solutions
•
Additional Slides
© 2007 Enterasys Networks, Inc. All rights reserved.
31
Evolution of Wireless Standards
2005
2004
802.11e
2005 - QoS which also exposed WMM (wireless QoS)
802.11i
2004 - AES (advanced encryption standard truw wireless security)
802.11f - Inter-Access Point Protocol.
2003
802.11g - 2.4 GHz 54 Mbps 11 Channels only 3 non-overlapping
802.11h - Spectrum and Transmit Power Management for Europe
2002
2001
802.11d - Auto Regulatory Domains
802.11j - 4.9 - 5.1 GHz Japanese Regulatory
802.1X - Secure Authentication
802.16 - WiMAX for static networks
2000
1999
802.11 - 2.4GHz, 2Mbps 11 Channels only 3 non-overlapping
802.11a - 5GHz, 54Mbps up to 23 channels all non-overlapping
802.11b - 2.4GHz 11 Mbps 11 Channels only 3 non-overlapping
© 2007 Enterasys Networks, Inc. All rights reserved.
32
Next Few Years – More Alphabet Soup
802.11s - Mesh (efficient mulitcast/broadcast)
802.11t - Wireless Performance Prediction (standard comparison tests)
2008
802.11u - Inter-operation with External Networks (off 11 roaming)
802.11n – 100 Mb/s+ of user throughputs (wireless radio-trunking)
802.11v - Wireless Network Management (more advanced IAPP)
2007
802.11m - Enhanced Maintenance & Mgmt Security (paperwork)
802.11r - Fast Authentication Roaming (faster roaming)
.
2006
802.11k - Radio Resource Measurement (AP-to-client queries & vice versa)
802.16e - WiMAX for mobile networks (wireless MANs)
© 2007 Enterasys Networks, Inc. All rights reserved.
33
Secure Networks Support – Thick Mode
Secure Networks Policy:
• Same Policy Architecture as Wired LAN, configurable
with NetSight Policy Manager
• Provides for a consistent user experience across the
wired or wireless infrastructure
How it Works:
• Policies are defined and applied simultaneously to the
wired and wireless infrastructures.
• The RBT-4102 supports most, but not all policy types
seen in the wired switches. Policy Manager helps to
identify inconsistencies.
• The system uses a RADIUS back end for AAA and policy
implementation.
• The RADIUS return-attribute: “FILTER-ID” is used to
dynamically apply policy settings.
• Upon sign-on, consistent policy rules are applied based
upon user’s role – (Policy and QoS follow the user)
© 2007 Enterasys Networks, Inc. All rights reserved.
34
Secure Networks Support – Thin Mode
ACL-Based Policy:
• Uses dynamically-applied ACL’s to closely replicate the
Secure Networks policies existing on the Wired LAN
• Provides for a consistent user experience across the
wired or wireless infrastructure
How it Works:
• Policy is defined for the wired and wireless
infrastructures using Secure Networks policy for wired
devices and analogous ACL-based policies in wireless.
• Both systems share the RADIUS back end for AAA and
policy implementation
• The RADIUS return-attribute: “FILTER-ID” is used to
dynamically apply policy settings.
• Upon sign-on, consistent policy rules are applied
based upon user’s role – (Policy and QoS follow the
user)
© 2007 Enterasys Networks, Inc. All rights reserved.
35
RoamAbout Firmware Version 4.1.11.0
Thick Mode
Added Support for Specified Countries
© 2007 Enterasys Networks, Inc. All rights reserved.
• AE
UNITED ARAB EMIRATES
• AR
ARGENTINA
• AU
AUSTRALIA
• BR
BRAZIL
• CN
CHINA
• EG
EGYPT
• IL
ISRAEL
• IN
INDIA
• JP
JAPAN (W52/W53)
• KR
KOREA, REPUBLIC OF
• KW
KUWAIT
• MY
MALAYSIA
• NZ
NEW ZEALAND
• PH
PHILIPPINES
• SA
SAUDI ARABIA
• SG
SINGAPORE
• TH
THAILAND
• TW
TAIWAN
• VE
VENEZUELA
• VN
VIETNAM
• ZA
SOUTH AFRICA
36
Approaches to WLAN Architectures
Thick Architecture
Centralized Architecture
Direct Path Forwarding
Limited Control Features
Controllers can be Bottlenecks
Intelligent Switching
Distributed Forwarding for Latencysensitive Applications
Centralized Forwarding for Other
Applications (e.g. security-sensitive)
Control
Control
Control
Management
Management
Management
Efficient Traffic
Efficient Traffic
Efficient Traffic
© 2007 Enterasys Networks, Inc. All rights reserved.
37
Direct Path Forwarding
Application-Driven Direct Path Forwarding - EXAMPLES
Voice over Wireless
Guest Access
802.11n Ready Today
Latency Sensitive Applications
Security Sensitive Mobility Applications
Tomorrow’s Applications
Direct Path
Proceed Through Switch
Direct path
© 2007 Enterasys Networks, Inc. All rights reserved.
38
802.11n – Problem and Solution
Typical Thin Approach
Direct Path Forwarding
Return-to-Core Forwarding
Intelligent Switching
Direct Path Forwarding
Intelligent WLAN controller
Offered load exceeds
controller capacity
X
Offered load increases up to 10x
Offered load increases up to 10x
• 802.11n creates up to 10x increase in
throughput
• Forwarding occurs at the AP, not
through controller
• Throughput exceeds controller capacity
• No impact on controller
• Cannot scale without expensive
hardware upgrades
• Scales in place without expensive
forklift upgrade
© 2007 Enterasys Networks, Inc. All rights reserved.
39