“there is nothing more important than our customers” roamabout wireless product portfolio...
TRANSCRIPT
“There is nothing more important than our customers”
RoamAbout Wireless Product Portfolio
Customer Presentation
© 2007 Enterasys Networks, Inc. All rights reserved. 2
Enterasys RoamAbout WLAN Solutions
• RoamAbout Product Portfolio
• Management Applications
• Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved. 3
WLAN Implementation – The Major Challenges
SecurityThe WLAN must be as secure as the LAN infrastructure
PerformanceThe WLAN should support today’s standards and be 802.11n ready
DeploymentOptimize positioning of Access PointsFind and isolate rogue APsAutomatically reconfigure failed nodes
ManagementManage WLAN with existing resourcesEasily authenticate and authorize corporate and guest users
UserSatisfaction
Non-stop operationReady for Next gen productivity apps, such as Voice over WLAN
Ro
am
Ab
ou
t So
lutio
ns
from
En
teras
ys
© 2007 Enterasys Networks, Inc. All rights reserved. 4
RoamAbout - Enterasys’ Wireless LAN Heritage
More Than 14 years experience in WLAN technology
First RoamAbout product shipped in January 1993
100,000+ RoamAbout Access Points have been deployed
1,000+ enterprise class customers worldwide
Many industry innovations
First Access Point with Power over Ethernet
First Access Point with secure SNMP v3 support
First 802.11b PCMCIA Radio Card with 128 bit encryption
First radio technology-upgradeable Acess Point
Committed to open standards
WiFi Alliance
IEEE
UNH WLAN Interoperability Lab
• Numerous large deployments across a broad spectrum of industries
Goodyear
Unisys
West Hartford Public Schools
Montgomery Township
© 2007 Enterasys Networks, Inc. All rights reserved. 5
• Secure Networks
Enterasys’ embedded security architecture for wired & wireless networks
• Wireless Switches
The intelligence for next gen wireless networks
Provides ACL policy, centralized management, plug and play deployment, L3 mobility, rogue detection, reliability, and load balancing
• Access Points
Performance, security and 802.11 standards compliance
• WLAN Management Software
Operations center for network
• Site Survey Tools
Helps size and optimize wireless network for customer environment
RoamAbout – A Flexible Product Portfolio Today
© 2007 Enterasys Networks, Inc. All rights reserved. 6
RoamAbout Wireless Switches
PortsActive APs
AP configs
TPRZ-MXR2Remote Office Solution2 x 10/100/ RJ45 with PoE * 3 3
RBT-81101 x Gigabit RJ45 1 x 10/100/ RJ451 x Console
24 120
RBT-82102 x Gigabit RJ45 1 x Console
244872
300
RBT-84004 x Gigabit (GBIC or RJ45)1 x Console1 x Flash card slot
4080
120480
Mobility System Software Version 5.0 includes support for all wireless
switch controllers* Note: TPRZ-MXR2 works with RBT-1602 Access Point only
© 2007 Enterasys Networks, Inc. All rights reserved. 7
RBT-4102 • Convertible AP that supports either Thick or Thin Modes
• Secure Networks edge policy in Thick Mode
• ACL-based edge policy in Thin Mode
• Single RJ45 LAN connection with Standards-Based PoE
• Redundant, Load-Sharing Power when External Power is use with PoE
RBT-1002, RBT-1602• Support for Thin Mode ONLY
• Dual radio for 802.11a+b/g, less expensive than RBT-4102
• Supports ACL-based edge policy
• dual-homed LAN and dual-homed PoE (RBT-1602)
• RBT-1602 can ONLY be powered via PoE
• Redundant, load-sharing power with PoE + external (RBT-1002)
TPRZ-MP-620• Weatherproofed for Outdoor Deployments
• Support for Thin Mode ONLY
• Dual radio for 802.11a+b/g
• Supports ACL-based edge policy
• Single Ethernet port with PoE support
• External RSSI port for field antenna alignment
• Built-in lightning protector
RoamAbout Wireless Access Points
© 2007 Enterasys Networks, Inc. All rights reserved. 8
Enterasys RoamAbout WLAN Solutions
• RoamAbout Product Portfolio
• Management Applications
• Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved. 9
RoamAbout WLAN Management
NetSight Console & Policy Manager
Management Application for RoamAbout AP4102 operating in Thick Mode.
RoamAbout Switch Manager
Management Application for all Enterasys Wireless Systems operating in Thin Mode.
© 2007 Enterasys Networks, Inc. All rights reserved. 10
RoamAbout Switch Manager (RASM)
• Feature rich NMS for RoamAbout WLAN Switches
• Integrates Site Survey Information
User location and roaming history
Intrusion detection and location
• Device & User Management With a template model to simplify
enterprise class deployments
• Performance tracking At multiple levels of granularity –
from campus-wide to user-specific
Includes real-time to 30 day history logging
• Fault and event viewing Network Admins can quickly isolate
and eliminate malfunctioning APs
• Scales to manage 1 to 100+ RoamAbout switches
© 2007 Enterasys Networks, Inc. All rights reserved. 11
Thick Mode
• WLAN Access Points operating standalone
• Access Points use Enterasys Edge-Policy (equivalent to wired Switches).
• Relatively Simple Configuration that is easy to deploy and easy to manage
• Deployments are relatively static
• Limited dynamic mobility for users moving between Access Points
RoamAbout Thick Mode WLAN APs
Advantages
• Supports Policy Management features
• Access Points are managed natively using NetSight applications
• Uses NetSight Policy Manager to enforces policy rules and roles
• Very efficient WLAN traffic-flow characteristics because WLAN traffic is not aggregated through a Wireless Switch
• APs are not dependent on a wireless switch, so they can be “plug-and-play”
Why Choose a Thick Mode WLAN?
• Enforces Secure Networks Policy
• Simplified management using NetSight Policy Manager and other NetSight Applications
• APs are administered in a similar manner to Ethernet Switches on the network
© 2007 Enterasys Networks, Inc. All rights reserved. 12
RoamAbout Thin Mode WLAN Switches & APs
Thin Mode
• WLAN Switching with lightweight Access Points
• Sophisticated controllers enable the use of less intelligent Access Points
• Multiple APs are managed as a single system
• WLAN Switching enables automated RF domain sizing, power adjustments and channel selection
• Convergence and Telephony apps are enhanced with fast roaming capability
Advantages
• Scalable, centralized management for large scale WLAN deployments
• Advanced rogue Access Point detection & suppression
• Self-healing capabilities with auto-power and auto-channel functions
• Support for Web based authentication
• Supports Topography views in management applications
• Wireless Switches are designed to support future 802.11n networks
• ACL-based edge-policies can be configured to equate with Secure Networks policies in the LAN.
Why Choose Thin Mode?
• Multiple Access Points behave as a single entity
• Improved support for advanced features, including Voice
• Elimination of Subnet Roaming Issues
© 2007 Enterasys Networks, Inc. All rights reserved. 13
Enterasys RoamAbout WLAN Solutions
• RoamAbout Product Portfolio
• Management Applications
• Advanced Features of Thin Mode WLANs
© 2007 Enterasys Networks, Inc. All rights reserved. 14
Dynamic Response to Rogue APs
Rogue AP
• Rogue Access Points are a serious security threat
Unauthorized parties can gain wireless access to the entire IT infrastructure
They are not subject to IT administration or monitoring
They interfere with production WLAN operation
• RoamAbout WLAN switch infrastructures can automatically detect and isolate rogue APs
Access Points temporarily convert to WLAN Sensors to locate the rogue AP
once the threat is mitigated Access Points revert to normal operation
this approach negates the need for an overlay WLAN security sensor network
• In addition Enterasys Policy-enabled LAN Switches can limit access for rogue APs
LAN ports deploy authentication techniques that block network access for non-authenticated devices, such as Rogue APs
Security policy prevents IP addresses resolving to unauthorized DHCP Servers hosted by Rogue APs
MAC locked LAN ports block unauthorized APs from joining the network
Access Point
Access Point
Access Point
Access PointAccess Point
© 2007 Enterasys Networks, Inc. All rights reserved. 15
WLAN Switch Automation ToolsSimplify IT Administration
• Self healing infrastructure ensures business continuity
Adjacent APs detect and respond to AP failure or RF degradation
Clients are automatically migrated to fully functional APs
• Dynamic load balancing addresses the “over-subscribed AP” challenge
Automatic frequency selection and power control for adjacent APs
Changes are localized, do not cascade throughout the network
Option to dedicate bandwidth to QOS sensitive applications such as video and voice
Access Point
Access Point
Access Point
© 2007 Enterasys Networks, Inc. All rights reserved. 16
Seamless Subnet to Subnet Roaming
• Supports leading edge corporate productivity applications
Non disrupted use of WiFi and dual mode telephony handsets on the corporate WLAN
Increase the effectiveness of PDA and handheld computer applications
• RoamAbout WLAN Switches integrate advanced roaming technologies including
Synchronized handoffs to avoid call jitter for VoIP
Fast subnet to subnet handoff times of less than 100ms
Eliminate the need for client re-authentication
Subnet A
Subnet B
© 2007 Enterasys Networks, Inc. All rights reserved. 17
Enhanced Security with WLAN Intrusion Defense for AP1602
•Integrated IDS and IPS for the WLAN network
Optional AirDefense software turns each RoamAbout AP1602 into an “on-demand” AirDefense Sensor
A centralized Security Dashboard aggregates threat information from each Air Defense Sensor
Includes real-time dedicated monitoring of all channels and frequencies for Intruders and Impending threats
Forensics & incident analysis capabilities
May be used for regulatory compliance monitoring
Common Criteria certified
WLANSwitch
AP
WLANSwitch
AP
© 2007 Enterasys Networks, Inc. All rights reserved. 18
Real Time Asset Tracking & Location
• The ability to rapidly locate mobile assets is a key competitive advantage for many industries
Tracking raw materials and WIP in a manufacturing setting
Locating patients and medical diagnostic equipment within a healthcare facility
Managing inventory and shipments in a warehouse
• Automated asset tracking improves productivity
While increaing cycle count accuracy and reducing operational costs
• RoamAbout switch infrastructures support real-time location services
Using WiFi Tags and 3rd party Location Servers
Operates with products from AeroScout and Ekahau
Location Server
© Copyright (c) 2000-2005 Ekahau, Inc. All rights reserved.
“There is nothing more important than our customers”
Wireless Networking VisionWireless Networking Vision
© 2007 Enterasys Networks, Inc. All rights reserved.
Today - RoamAbout® “Thick” WLAN solutions• Independent operation
• Convertible to “thin” mode
• Configured and managed with NetSight policy manager
• Continuous identity management
• Flexible operational modes
Workgroup
Point-to-Point
Point-to-Multipoint
© 2007 Enterasys Networks, Inc. All rights reserved.
Today - RoamAbout “thin” WLAN solutions
• Wireless controllers
Network security
› Network Access Control
› ACL Policy
› Data encryption
› Continuous identity management
802.11n capable
Low latency L3 mobility
WiFi rogue detection
Plug and play management applications
• Wireless access points
• RoamAbout Switch Manager
Operations center for WLAN
• Site Survey Tools
Easy to use RF planning
Estimate the optimal size and kit list
Wireless ControllersProduct Interfaces Active APs
TRPZ-MXR-2 1 x 10/100 RJ45 with PoE, 1 x 10/100 RJ45without PoE
Up to 3
RBT-8110 1 x Gigabit RJ45, 1 x 10/100 RJ45, 1 x Console Up to 24RBT-8210 2 x Gigabit RJ45, 1 x console Up to 72RBT-8400 4 x Gigabit (GBIC or RJ45), 1 x Console,
1 x Flash Card Slotup to 120
RBT-8500 2 x Gigabit SFP (MGBIC), 1 x console,1 x Flash Card Slot
up to 128
Wireless Access PointsProduct Interfaces Protocol
RBT-4102 (1) Wired 10/100 Mbps, (1) Console portRS232, (2) reverse male SMA connectors
(4102 only)
802.11a/b/g
RBT-1002 (1) Wired 10/100 Mbps, (1) Console portRS232, (2) reverse male SMA connectors
(4102 only)
802.11a/b/g
RBT-1602 (2) Wired 10/100 Mbps, (2) reverse male SMA connectors 802.11a/b/gTRPZ-MP-422 (2) Wired 10/100 Mbps, (2) reverse male SMA connectors 802.11a/b/gTRPZ-MP-620 (1) Wired 10/100 Mbps, (1) Console port
RS232, (2) reverse male SMA connectors(4102 only)
802.11a/b/g
TRPZ-MP-432 2 Gigabit Ethernet uplink ports 802.11a/b/g/n
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 - Software Releases
• Version 7.0
Multi hop meshing
› Reduce cabling costs and deploy APs in locations where cabling is not possible
802.11n support dramatically increases WLAN throughput (up to 600 Mbps) while improving client coverage and density
› TRPZ-MP-432
Indoor 802.11 a/b/g/n AP
Enterasys NAC Support
› Force re-auth, quarantine, etc.
Wireless Switch Clustering
› Scalable and dynamic backup/recovery services for switch controllers
• Version 7.2
Automatic AP and controller load balancing
Controller Distributed Configurations
Security Enhancements
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 –WLAN “Thin” Mode Multi Hop Meshing• Wireless AP access where wired interfaces are not available
Radio link to multiple access points that do not have wired interfaces
• Cost effective WLAN deployments
Reduces number of switch controllers
Reduces cabling costs(~$200/AP)
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 – RASM / Smart Pass
• RASM Planning
Tools ease installation and eliminate surprises
Improved outdoor RF planning
Improved scaling
• RASM Management
MS Vista support
Full lifecycle indoor/outdoor management
Wizards (for desired coverage, capacity, client type, e.g. WMM Voice or Spectralink SVP) for rapid deployment of hundreds of APs
Mobile client management, tacking, logging, and reporting for thousands of wireless clients
• SmartPass
Web-based provisioning for non-technical staff
Secure guest access without network reconfigurations
Scalable centralized client/server architecture with Radius API, up to 10,000 clients
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 - WLAN Controller: RBT-10000
• 28Gbps Ethernet switching capacity – industry’s highest density WLAN switch
• 2 x 10-Gbps ports; 8 x 1-Gbps ports
• Line-rate speed and throughput
• Industry’s only hardware-switched wired and wireless
• 512 active AP’s
• 12,000 active clients per switch
25
© 2007 Enterasys Networks, Inc. All rights reserved.
2008 – 802.11n Access Point
• Superior performance
Simultaneous dual band operation (2.4GHz and 5 GHz)
300 Mbps per band -> 600 Mbps total
3x3 MIMO in both bands
2x10/100/1000 uplink ports
• Leverages existing infrastructure
Interoperates with existing switch controllers
Same PoE injectors
Utilizes the same mounting brackets
• Flexible Power over Ethernet options
802.3af injectors (1 or 2)
802.3at draft injectors
• WiFi certified ready
Fully compliant with 802.11n draft 2.0
Guaranteed interoperability with standards based networks
Upgradeable to final standard
• Optimal range
Internal antenna design delivers surround coverage
© 2007 Enterasys Networks, Inc. All rights reserved.
2009 – WLAN/LAN Integration
• Integrated WLAN and LAN solution offerings to the enterprise
Integrated with Enterasys edge switches
Reduces complexity and expense of wireless controller appliances
• “Unified” access points capable of dynamically converting between “Thin” mode and “Thick” mode
Provides increased resiliency for the WLAN in the event of a switch layer failure
802.11n performance for bandwidth intensive applications
• Single, integrated WLAN/LAN management
Cost effective
Easy network administration
• Integrated WLAN/LAN network security
Including IDS/IPS security mechanisms
© 2007 Enterasys Networks, Inc. All rights reserved.
RoamAbout Hardware – Timeline
Jan 1, 2008 Mar 31, 2009
Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar
Wireless Switches
· RBT-850032 – 128 Aps2x1Ge SFP ports
· RBT-8500-32License upgrade for 32 additional APs
Access Point
· TRPZ-MP-432802.11 a/b/g/N AP
Wireless Switches
· RBT-1000010 Gigabit switch controller up to 512 APs
Access Point
· Edge switch with embedded wireless controller
· TRPZ-MP-632 Outdoor 802.11 a/b/g/N AP
Oct 2008RBT-10000
Feb 2008RBT-8500
Jun 2008Indoor 802.11n
Feb 2009Outdoor 802.11n
© 2007 Enterasys Networks, Inc. All rights reserved.
Mobility Switching Software – Timeline
Jan 1, 2008 Mar 31, 2009
Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec Jan Feb Mar
· Mesh multi-hop support· 802.11n· Bandwidth Control
Per UserPer SSID
· ETS NAC support· Wireless Switch/
Controller Clustering
v7.0 wireless switching
· Security enhancements· Capacity scaling· Distributed configs· Resilient clustering
v7.2 wireless switching
· RASM 6.2RF Planning EnhOutdoor RF Planning.
· SmartPass 6.3
Wireless Switching
Apr 2008MSS 6.2
Jun 2008MSS 7.0
Nov 2008MSS 7.2
© 2007 Enterasys Networks, Inc. All rights reserved. 30
Thank you
© 2007 Enterasys Networks, Inc. All rights reserved. 31
Enterasys RoamAbout WLAN Solutions
• Additional Slides
© 2007 Enterasys Networks, Inc. All rights reserved. 32
Evolution of Wireless Standards
1999
2000
2001
2002
2003
2004
2005
802.11 - 2.4GHz, 2Mbps 11 Channels only 3 non-overlapping
802.11a - 5GHz, 54Mbps up to 23 channels all non-overlapping
802.11b - 2.4GHz 11 Mbps 11 Channels only 3 non-overlapping
802.1X - Secure Authentication
802.16 - WiMAX for static networks
802.11f - Inter-Access Point Protocol.
802.11g - 2.4 GHz 54 Mbps 11 Channels only 3 non-overlapping
802.11h - Spectrum and Transmit Power Management for Europe
802.11d - Auto Regulatory Domains
802.11j - 4.9 - 5.1 GHz Japanese Regulatory
802.11i 2004 - AES (advanced encryption standard truw wireless security)
802.11e 2005 - QoS which also exposed WMM (wireless QoS)
© 2007 Enterasys Networks, Inc. All rights reserved. 33
Next Few Years – More Alphabet Soup
2006
2007
2008
802.11k - Radio Resource Measurement (AP-to-client queries & vice versa)
802.16e - WiMAX for mobile networks (wireless MANs)
802.11v - Wireless Network Management (more advanced IAPP)
802.11m - Enhanced Maintenance & Mgmt Security (paperwork)
802.11r - Fast Authentication Roaming (faster roaming)
.
802.11s - Mesh (efficient mulitcast/broadcast)
802.11t - Wireless Performance Prediction (standard comparison tests)
802.11u - Inter-operation with External Networks (off 11 roaming)
802.11n – 100 Mb/s+ of user throughputs (wireless radio-trunking)
© 2007 Enterasys Networks, Inc. All rights reserved. 34
Secure Networks Support – Thick Mode
Secure Networks Policy:
• Same Policy Architecture as Wired LAN, configurable with NetSight Policy Manager
• Provides for a consistent user experience across the wired or wireless infrastructure
How it Works:
• Policies are defined and applied simultaneously to the wired and wireless infrastructures.
• The RBT-4102 supports most, but not all policy types seen in the wired switches. Policy Manager helps to identify inconsistencies.
• The system uses a RADIUS back end for AAA and policy implementation.
• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.
• Upon sign-on, consistent policy rules are applied based upon user’s role – (Policy and QoS follow the user)
© 2007 Enterasys Networks, Inc. All rights reserved. 35
Secure Networks Support – Thin Mode
ACL-Based Policy:
• Uses dynamically-applied ACL’s to closely replicate the Secure Networks policies existing on the Wired LAN
• Provides for a consistent user experience across the wired or wireless infrastructure
How it Works:
• Policy is defined for the wired and wireless infrastructures using Secure Networks policy for wired devices and analogous ACL-based policies in wireless.
• Both systems share the RADIUS back end for AAA and policy implementation
• The RADIUS return-attribute: “FILTER-ID” is used to dynamically apply policy settings.
• Upon sign-on, consistent policy rules are applied based upon user’s role – (Policy and QoS follow the user)
© 2007 Enterasys Networks, Inc. All rights reserved. 36
RoamAbout Firmware Version 4.1.11.0
• AE UNITED ARAB EMIRATES
• AR ARGENTINA
• AU AUSTRALIA
• BR BRAZIL
• CN CHINA
• EG EGYPT
• IL ISRAEL
• IN INDIA
• JP JAPAN (W52/W53)
• KR KOREA, REPUBLIC OF
• KW KUWAIT
• MY MALAYSIA
• NZ NEW ZEALAND
• PH PHILIPPINES
• SA SAUDI ARABIA
• SG SINGAPORE
• TH THAILAND
• TW TAIWAN
• VE VENEZUELA
• VN VIETNAM
• ZA SOUTH AFRICA
Added Support for Specified Countries
Thick Mode
© 2007 Enterasys Networks, Inc. All rights reserved. 37
Approaches to WLAN Architectures
Thick Architecture
Limited Control Features
Centralized Architecture
Controllers can be Bottlenecks
Direct Path Forwarding
Intelligent Switching
Distributed Forwarding for Latency-sensitive Applications
Centralized Forwarding for Other Applications (e.g. security-sensitive)
Control
Management
Efficient Traffic
Control
Management
Efficient Traffic
Control
Management
Efficient Traffic
© 2007 Enterasys Networks, Inc. All rights reserved. 38
Direct Path Forwarding
Application-Driven Direct Path Forwarding - EXAMPLES
Voice over Wireless
Latency Sensitive Applications
Guest Access
Security Sensitive Mobility Applications
802.11n Ready Today
Tomorrow’s Applications
Direct Path Proceed Through Switch Direct path
© 2007 Enterasys Networks, Inc. All rights reserved. 39
802.11n – Problem and Solution
• 802.11n creates up to 10x increase in throughput
• Throughput exceeds controller capacity
• Cannot scale without expensive hardware upgrades
Typical Thin ApproachReturn-to-Core Forwarding
Direct Path ForwardingIntelligent Switching
• Forwarding occurs at the AP, not through controller
• No impact on controller
• Scales in place without expensive forklift upgrade
Offered load increases up to 10x
XOffered load exceeds
controller capacity
Direct Path ForwardingIntelligent WLAN controller
Offered load increases up to 10x