“there is nothing more important than our customers” roamabout wireless product portfolio...

“There is nothing more important than our customers”

RoamAbout Wireless Product Portfolio

Customer Presentation

© 2007 Enterasys Networks, Inc. All rights reserved. 2

Enterasys RoamAbout WLAN Solutions

• RoamAbout Product Portfolio

• Management Applications

• Advanced Features of Thin Mode WLANs


WLAN Implementation – The Major Challenges

SecurityThe WLAN must be as secure as the LAN infrastructure

PerformanceThe WLAN should support today’s standards and be 802.11n ready

DeploymentOptimize positioning of Access PointsFind and isolate rogue APsAutomatically reconfigure failed nodes

ManagementManage WLAN with existing resourcesEasily authenticate and authorize corporate and guest users

UserSatisfaction

Non-stop operationReady for Next gen productivity apps, such as Voice over WLAN

Ro

am

Ab

ou

t So

lutio

ns

from

En

teras

ys


RoamAbout - Enterasys’ Wireless LAN Heritage

More Than 14 years experience in WLAN technology

First RoamAbout product shipped in January 1993

100,000+ RoamAbout Access Points have been deployed

1,000+ enterprise class customers worldwide

Many industry innovations

First Access Point with Power over Ethernet

First Access Point with secure SNMP v3 support

First 802.11b PCMCIA Radio Card with 128 bit encryption

First radio technology-upgradeable Acess Point

Committed to open standards

WiFi Alliance

IEEE

UNH WLAN Interoperability Lab

• Numerous large deployments across a broad spectrum of industries

Goodyear

Unisys

West Hartford Public Schools

Montgomery Township


• Secure Networks

Enterasys’ embedded security architecture for wired & wireless networks

• Wireless Switches

The intelligence for next gen wireless networks

Provides ACL policy, centralized management, plug and play deployment, L3 mobility, rogue detection, reliability, and load balancing

• Access Points

Performance, security and 802.11 standards compliance

• WLAN Management Software

Operations center for network

• Site Survey Tools

Helps size and optimize wireless network for customer environment

RoamAbout – A Flexible Product Portfolio Today


RoamAbout Wireless Switches

PortsActive APs

AP configs

TPRZ-MXR2Remote Office Solution2 x 10/100/ RJ45 with PoE * 3 3

RBT-81101 x Gigabit RJ45 1 x 10/100/ RJ451 x Console

24 120

RBT-82102 x Gigabit RJ45 1 x Console

244872

300

RBT-84004 x Gigabit (GBIC or RJ45)1 x Console1 x Flash card slot

4080

120480

Mobility System Software Version 5.0 includes support for all wireless

switch controllers* Note: TPRZ-MXR2 works with RBT-1602 Access Point only


RBT-4102 • Convertible AP that supports either Thick or Thin Modes

• Secure Networks edge policy in Thick Mode

• ACL-based edge policy in Thin Mode

• Single RJ45 LAN connection with Standards-Based PoE

• Redundant, Load-Sharing Power when External Power is use with PoE

RBT-1002, RBT-1602• Support for Thin Mode ONLY

• Dual radio for 802.11a+b/g, less expensive than RBT-4102

• Supports ACL-based edge policy

• dual-homed LAN and dual-homed PoE (RBT-1602)

• RBT-1602 can ONLY be powered via PoE

• Redundant, load-sharing power with PoE + external (RBT-1002)

TPRZ-MP-620• Weatherproofed for Outdoor Deployments

• Support for Thin Mode ONLY

• Dual radio for 802.11a+b/g

• Supports ACL-based edge policy

• Single Ethernet port with PoE support

• External RSSI port for field antenna alignment

• Built-in lightning protector

RoamAbout Wireless Access Points


RoamAbout WLAN Management

NetSight Console & Policy Manager

Management Application for RoamAbout AP4102 operating in Thick Mode.

RoamAbout Switch Manager

Management Application for all Enterasys Wireless Systems operating in Thin Mode.


RoamAbout Switch Manager (RASM)

• Feature rich NMS for RoamAbout WLAN Switches

• Integrates Site Survey Information

User location and roaming history

Intrusion detection and location

• Device & User Management With a template model to simplify

enterprise class deployments

• Performance tracking At multiple levels of granularity –

from campus-wide to user-specific

Includes real-time to 30 day history logging

• Fault and event viewing Network Admins can quickly isolate

and eliminate malfunctioning APs

• Scales to manage 1 to 100+ RoamAbout switches


Thick Mode

• WLAN Access Points operating standalone

• Access Points use Enterasys Edge-Policy (equivalent to wired Switches).

• Relatively Simple Configuration that is easy to deploy and easy to manage

• Deployments are relatively static

• Limited dynamic mobility for users moving between Access Points

RoamAbout Thick Mode WLAN APs

Advantages

• Supports Policy Management features

• Access Points are managed natively using NetSight applications

• Uses NetSight Policy Manager to enforces policy rules and roles

• Very efficient WLAN traffic-flow characteristics because WLAN traffic is not aggregated through a Wireless Switch

• APs are not dependent on a wireless switch, so they can be “plug-and-play”

Why Choose a Thick Mode WLAN?

• Enforces Secure Networks Policy

• Simplified management using NetSight Policy Manager and other NetSight Applications

• APs are administered in a similar manner to Ethernet Switches on the network


RoamAbout Thin Mode WLAN Switches & APs

Thin Mode

• WLAN Switching with lightweight Access Points

• Sophisticated controllers enable the use of less intelligent Access Points

• Multiple APs are managed as a single system

• WLAN Switching enables automated RF domain sizing, power adjustments and channel selection

• Convergence and Telephony apps are enhanced with fast roaming capability

Advantages

• Scalable, centralized management for large scale WLAN deployments

• Advanced rogue Access Point detection & suppression

• Self-healing capabilities with auto-power and auto-channel functions

• Support for Web based authentication

• Supports Topography views in management applications

• Wireless Switches are designed to support future 802.11n networks

• ACL-based edge-policies can be configured to equate with Secure Networks policies in the LAN.

Why Choose Thin Mode?

• Multiple Access Points behave as a single entity

• Improved support for advanced features, including Voice

• Elimination of Subnet Roaming Issues


Dynamic Response to Rogue APs

Rogue AP

• Rogue Access Points are a serious security threat

Unauthorized parties can gain wireless access to the entire IT infrastructure

They are not subject to IT administration or monitoring

They interfere with production WLAN operation

• RoamAbout WLAN switch infrastructures can automatically detect and isolate rogue APs

Access Points temporarily convert to WLAN Sensors to locate the rogue AP

once the threat is mitigated Access Points revert to normal operation

this approach negates the need for an overlay WLAN security sensor network

• In addition Enterasys Policy-enabled LAN Switches can limit access for rogue APs

LAN ports deploy authentication techniques that block network access for non-authenticated devices, such as Rogue APs

Security policy prevents IP addresses resolving to unauthorized DHCP Servers hosted by Rogue APs

MAC locked LAN ports block unauthorized APs from joining the network

Access Point

Access Point

Access Point

Access PointAccess Point


WLAN Switch Automation ToolsSimplify IT Administration

• Self healing infrastructure ensures business continuity

Adjacent APs detect and respond to AP failure or RF degradation

Clients are automatically migrated to fully functional APs

• Dynamic load balancing addresses the “over-subscribed AP” challenge

Automatic frequency selection and power control for adjacent APs

Changes are localized, do not cascade throughout the network

Option to dedicate bandwidth to QOS sensitive applications such as video and voice

Access Point

Access Point

Access Point


Seamless Subnet to Subnet Roaming

• Supports leading edge corporate productivity applications

Non disrupted use of WiFi and dual mode telephony handsets on the corporate WLAN

Increase the effectiveness of PDA and handheld computer applications

• RoamAbout WLAN Switches integrate advanced roaming technologies including

Synchronized handoffs to avoid call jitter for VoIP

Fast subnet to subnet handoff times of less than 100ms

Eliminate the need for client re-authentication

Subnet A

Subnet B


Enhanced Security with WLAN Intrusion Defense for AP1602

•Integrated IDS and IPS for the WLAN network

Optional AirDefense software turns each RoamAbout AP1602 into an “on-demand” AirDefense Sensor

A centralized Security Dashboard aggregates threat information from each Air Defense Sensor

Includes real-time dedicated monitoring of all channels and frequencies for Intruders and Impending threats

Forensics & incident analysis capabilities

May be used for regulatory compliance monitoring

Common Criteria certified

WLANSwitch

AP

WLANSwitch

AP


Real Time Asset Tracking & Location

• The ability to rapidly locate mobile assets is a key competitive advantage for many industries

Tracking raw materials and WIP in a manufacturing setting

Locating patients and medical diagnostic equipment within a healthcare facility

Managing inventory and shipments in a warehouse

• Automated asset tracking improves productivity

While increaing cycle count accuracy and reducing operational costs

• RoamAbout switch infrastructures support real-time location services

Using WiFi Tags and 3rd party Location Servers

Operates with products from AeroScout and Ekahau

Location Server

© Copyright (c) 2000-2005 Ekahau, Inc. All rights reserved.

“There is nothing more important than our customers”

Wireless Networking VisionWireless Networking Vision

© 2007 Enterasys Networks, Inc. All rights reserved.

Today - RoamAbout® “Thick” WLAN solutions• Independent operation

• Convertible to “thin” mode

• Configured and managed with NetSight policy manager

• Continuous identity management

• Flexible operational modes

Workgroup

Point-to-Point

Point-to-Multipoint


Today - RoamAbout “thin” WLAN solutions

• Wireless controllers

Network security

› Network Access Control

› ACL Policy

› Data encryption

› Continuous identity management

802.11n capable

Low latency L3 mobility

WiFi rogue detection

Plug and play management applications

• Wireless access points

• RoamAbout Switch Manager

Operations center for WLAN

• Site Survey Tools

Easy to use RF planning

Estimate the optimal size and kit list

Wireless ControllersProduct Interfaces Active APs

TRPZ-MXR-2 1 x 10/100 RJ45 with PoE, 1 x 10/100 RJ45without PoE

Up to 3

RBT-8110 1 x Gigabit RJ45, 1 x 10/100 RJ45, 1 x Console Up to 24RBT-8210 2 x Gigabit RJ45, 1 x console Up to 72RBT-8400 4 x Gigabit (GBIC or RJ45), 1 x Console,

1 x Flash Card Slotup to 120

RBT-8500 2 x Gigabit SFP (MGBIC), 1 x console,1 x Flash Card Slot

up to 128

Wireless Access PointsProduct Interfaces Protocol

RBT-4102 (1) Wired 10/100 Mbps, (1) Console portRS232, (2) reverse male SMA connectors

(4102 only)

802.11a/b/g

RBT-1002 (1) Wired 10/100 Mbps, (1) Console portRS232, (2) reverse male SMA connectors

(4102 only)

802.11a/b/g

RBT-1602 (2) Wired 10/100 Mbps, (2) reverse male SMA connectors 802.11a/b/gTRPZ-MP-422 (2) Wired 10/100 Mbps, (2) reverse male SMA connectors 802.11a/b/gTRPZ-MP-620 (1) Wired 10/100 Mbps, (1) Console port

RS232, (2) reverse male SMA connectors(4102 only)

802.11a/b/g

TRPZ-MP-432 2 Gigabit Ethernet uplink ports 802.11a/b/g/n


2008 - Software Releases

• Version 7.0

Multi hop meshing

› Reduce cabling costs and deploy APs in locations where cabling is not possible

802.11n support dramatically increases WLAN throughput (up to 600 Mbps) while improving client coverage and density

› TRPZ-MP-432

Indoor 802.11 a/b/g/n AP

Enterasys NAC Support

› Force re-auth, quarantine, etc.

Wireless Switch Clustering

› Scalable and dynamic backup/recovery services for switch controllers

• Version 7.2

Automatic AP and controller load balancing

Controller Distributed Configurations

Security Enhancements


2008 –WLAN “Thin” Mode Multi Hop Meshing• Wireless AP access where wired interfaces are not available

Radio link to multiple access points that do not have wired interfaces

• Cost effective WLAN deployments

Reduces number of switch controllers

Reduces cabling costs(~$200/AP)


2008 – RASM / Smart Pass

• RASM Planning

Tools ease installation and eliminate surprises

Improved outdoor RF planning

Improved scaling

• RASM Management

MS Vista support

Full lifecycle indoor/outdoor management

Wizards (for desired coverage, capacity, client type, e.g. WMM Voice or Spectralink SVP) for rapid deployment of hundreds of APs

Mobile client management, tacking, logging, and reporting for thousands of wireless clients

• SmartPass

Web-based provisioning for non-technical staff

Secure guest access without network reconfigurations

Scalable centralized client/server architecture with Radius API, up to 10,000 clients


2008 - WLAN Controller: RBT-10000

• 28Gbps Ethernet switching capacity – industry’s highest density WLAN switch

• 2 x 10-Gbps ports; 8 x 1-Gbps ports

• Line-rate speed and throughput

• Industry’s only hardware-switched wired and wireless

• 512 active AP’s

• 12,000 active clients per switch

25


2008 – 802.11n Access Point

• Superior performance

Simultaneous dual band operation (2.4GHz and 5 GHz)

300 Mbps per band -> 600 Mbps total

3x3 MIMO in both bands

2x10/100/1000 uplink ports

• Leverages existing infrastructure

Interoperates with existing switch controllers

Same PoE injectors

Utilizes the same mounting brackets

• Flexible Power over Ethernet options

802.3af injectors (1 or 2)

802.3at draft injectors

• WiFi certified ready

Fully compliant with 802.11n draft 2.0

Guaranteed interoperability with standards based networks

Upgradeable to final standard

• Optimal range

Internal antenna design delivers surround coverage


2009 – WLAN/LAN Integration

• Integrated WLAN and LAN solution offerings to the enterprise

Integrated with Enterasys edge switches

Reduces complexity and expense of wireless controller appliances

• “Unified” access points capable of dynamically converting between “Thin” mode and “Thick” mode

Provides increased resiliency for the WLAN in the event of a switch layer failure

802.11n performance for bandwidth intensive applications

• Single, integrated WLAN/LAN management

Cost effective

Easy network administration

• Integrated WLAN/LAN network security

Including IDS/IPS security mechanisms


RoamAbout Hardware – Timeline

Jan 1, 2008 Mar 31, 2009

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar

Wireless Switches

· RBT-850032 – 128 Aps2x1Ge SFP ports

· RBT-8500-32License upgrade for 32 additional APs

Access Point

· TRPZ-MP-432802.11 a/b/g/N AP

Wireless Switches

· RBT-1000010 Gigabit switch controller up to 512 APs

Access Point

· Edge switch with embedded wireless controller

· TRPZ-MP-632 Outdoor 802.11 a/b/g/N AP

Oct 2008RBT-10000

Feb 2008RBT-8500

Jun 2008Indoor 802.11n

Feb 2009Outdoor 802.11n


Mobility Switching Software – Timeline

Jan 1, 2008 Mar 31, 2009

Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar

· Mesh multi-hop support· 802.11n· Bandwidth Control

Per UserPer SSID

· ETS NAC support· Wireless Switch/

Controller Clustering

v7.0 wireless switching

· Security enhancements· Capacity scaling· Distributed configs· Resilient clustering

v7.2 wireless switching

· RASM 6.2RF Planning EnhOutdoor RF Planning.

· SmartPass 6.3

Wireless Switching

Apr 2008MSS 6.2

Jun 2008MSS 7.0

Nov 2008MSS 7.2


Thank you



• Additional Slides


Evolution of Wireless Standards

1999

2000

2001

2002

2003

2004

2005

802.11 - 2.4GHz, 2Mbps 11 Channels only 3 non-overlapping

802.11a - 5GHz, 54Mbps up to 23 channels all non-overlapping

802.11b - 2.4GHz 11 Mbps 11 Channels only 3 non-overlapping

802.1X - Secure Authentication

802.16 - WiMAX for static networks

802.11f - Inter-Access Point Protocol.

802.11g - 2.4 GHz 54 Mbps 11 Channels only 3 non-overlapping

802.11h - Spectrum and Transmit Power Management for Europe

802.11d - Auto Regulatory Domains

802.11j - 4.9 - 5.1 GHz Japanese Regulatory

802.11i 2004 - AES (advanced encryption standard truw wireless security)

802.11e 2005 - QoS which also exposed WMM (wireless QoS)


Next Few Years – More Alphabet Soup

2006

2007

2008

802.11k - Radio Resource Measurement (AP-to-client queries & vice versa)

802.16e - WiMAX for mobile networks (wireless MANs)

802.11v - Wireless Network Management (more advanced IAPP)

802.11m - Enhanced Maintenance & Mgmt Security (paperwork)

802.11r - Fast Authentication Roaming (faster roaming)

.

802.11s - Mesh (efficient mulitcast/broadcast)

802.11t - Wireless Performance Prediction (standard comparison tests)

802.11u - Inter-operation with External Networks (off 11 roaming)

802.11n – 100 Mb/s+ of user throughputs (wireless radio-trunking)


Secure Networks Support – Thick Mode

Secure Networks Policy:

• Same Policy Architecture as Wired LAN, configurable with NetSight Policy Manager

• Provides for a consistent user experience across the wired or wireless infrastructure

How it Works:

• Policies are defined and applied simultaneously to the wired and wireless infrastructures.

• The RBT-4102 supports most, but not all policy types seen in the wired switches. Policy Manager helps to identify inconsistencies.

• The system uses a RADIUS back end for AAA and policy implementation.

• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.

• Upon sign-on, consistent policy rules are applied based upon user’s role – (Policy and QoS follow the user)


Secure Networks Support – Thin Mode

ACL-Based Policy:

• Uses dynamically-applied ACL’s to closely replicate the Secure Networks policies existing on the Wired LAN

• Provides for a consistent user experience across the wired or wireless infrastructure

How it Works:

• Policy is defined for the wired and wireless infrastructures using Secure Networks policy for wired devices and analogous ACL-based policies in wireless.

• Both systems share the RADIUS back end for AAA and policy implementation

• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.

• Upon sign-on, consistent policy rules are applied based upon user’s role – (Policy and QoS follow the user)


RoamAbout Firmware Version 4.1.11.0

• AE UNITED ARAB EMIRATES

• AR ARGENTINA

• AU AUSTRALIA

• BR BRAZIL

• CN CHINA

• EG EGYPT

• IL ISRAEL

• IN INDIA

• JP JAPAN (W52/W53)

• KR KOREA, REPUBLIC OF

• KW KUWAIT

• MY MALAYSIA

• NZ NEW ZEALAND

• PH PHILIPPINES

• SA SAUDI ARABIA

• SG SINGAPORE

• TH THAILAND

• TW TAIWAN

• VE VENEZUELA

• VN VIETNAM

• ZA SOUTH AFRICA

Added Support for Specified Countries

Thick Mode


Approaches to WLAN Architectures

Thick Architecture

Limited Control Features

Centralized Architecture

Controllers can be Bottlenecks

Direct Path Forwarding

Intelligent Switching

Distributed Forwarding for Latency-sensitive Applications

Centralized Forwarding for Other Applications (e.g. security-sensitive)

Control

Management

Efficient Traffic

Control

Management

Efficient Traffic

Control

Management

Efficient Traffic


Direct Path Forwarding

Application-Driven Direct Path Forwarding - EXAMPLES

Voice over Wireless

Latency Sensitive Applications

Guest Access

Security Sensitive Mobility Applications

802.11n Ready Today

Tomorrow’s Applications

Direct Path Proceed Through Switch Direct path


802.11n – Problem and Solution

• 802.11n creates up to 10x increase in throughput

• Throughput exceeds controller capacity

• Cannot scale without expensive hardware upgrades

Typical Thin ApproachReturn-to-Core Forwarding

Direct Path ForwardingIntelligent Switching

• Forwarding occurs at the AP, not through controller

• No impact on controller

• Scales in place without expensive forklift upgrade

Offered load increases up to 10x

XOffered load exceeds

controller capacity

Direct Path ForwardingIntelligent WLAN controller

Offered load increases up to 10x

“there is nothing more important than our customers” roamabout wireless product portfolio...

Documents