510 likes | 862 Views
WiFi: voice & data Enterprise Converged Mobility. Omni Access. Alcatel ESD. Context of business mobility and evolution. Business mobility is impacted by:. Convergence: for the enterprise it is the consolidation of service into fewer platforms and infrastructure.
E N D
WiFi: voice & data Enterprise Converged Mobility OmniAccess Alcatel ESD
Context of business mobility and evolution • Business mobility is impacted by: • Convergence: for the enterprise it is the consolidation of service into fewer platforms and infrastructure • New mobility needs: is for the user the capability to increase efficiency by staying connected regardless of application and location • The right answer to support this evolution is converged mobility
WLAN is the right answer • Based on IP standards, WLAN support any application (voice, data, video,…) • Enterprise networks/solution will be coherent with mainstream standardized technologies in line with public environment (hotspot) • Professional users want to live in the office with their consumer habits • Global customers want to deploy worldwide solution
The extended workspace :focus on on-site mobility Voice only On site Mobility On site Mobility At the desktop At the desktop
New WLAN infrastructures • The evolution of WLAN products now offer better performances: • Availability • Security • Support for real time application • inter subnet mobility • And innovative features • Dynamic RF management • Localisation
Alcatel WLAN strategy • Built a unique mobility offer based on existing best of breed technologies in order to cover both voice and data applications • OmniAccess: WLAN infrastructure • Mobile IP Touch: range of VoWLAN phones • Use our leadership on mobility and convergence to co-develop new features • Improve communication services • Improve mobility management, capacity,… • Introduce unique features: • High end security coming from wires IP telephony • high accuracy location coupling WiFi and Alcatel technology like Assisted GPS
Wireless Server in appliance mode or wireless appliance Enterprise LAN LAN domain Access Point Centralized architecture to centralize the intelligence • APs are managed by a wireless server • They are physically connected to 10/100 ethernet ports on the server • Improved global performance • Mobility server has the complete view of the wireless network • It takes decision knowing what happens on the network • Processing speed adapted to real time application • Limited AP intelligence - “light APs” • AP slave to the Wireless Switch (LWAPP protocol) • No more than radio • Or the server could manage remotely the APs Enterprise LAN LAN domain Wireless Server direct connect/Switch mode Access Point
What is a Wireless Switch? • Wireless Switch provides wireless and wireline capabilities • Wireless: Channel assignment, AP power, load balancing, QoS, etc. (Air Director) • Wireline: Ethernet switching for APs (802.1Q,..), Power over Ethernet (PoE), ACLs • APs are directly connected to 10/100 Phy interfaces on Wireless Switch • Limited AP intelligence - “light APs” • AP slave to the Wireless Switch (LWAPP protocol) • Ideal for high density of AP to one wiring closet • Integrated PoE • The switch can work either in direct connect or appliance mode with same level of functionalities Enterprise LAN LAN domain Wireless Switch Access Point
What is a Wireless Appliance? • A Wireless Appliance Provides Wireless Control capabilities and core connectivity to LAN • Wireless : Channel assignment, AP RF power, load balancing, QoS, etc (Air Director) • Wireline : Ethernet uplinks ( 802.1Q,..), ACLs • Gigabit Ethernet uplinks connect appliance to backbone • Access Point connect to regular LAN switches (w/ PoE) • No Client Ethernet connectivity: no 10/100 interfaces, no PoE • Limited AP intelligence - “light APs” • AP slave to the Wireless Appliance (LWAPP protocol) • Ideal for environments with existing Ethernet backbones • Deployed behind Data Center Switch or Workgroup Switch • Wireless switch and appliance offer same level of functionalities (except PoE) Enterprise LAN
Alcatel system overview OmniAccess • Full radio support, 802.11b, 11g, 11a • Full protocol suite support: 802.1x, WEP, TKIP, WPA, AES, IPSec, 802.11i ready • Rogue Access Point detection, localization, containment • VPN and ACL enforcement at WLAN switch/appliance • VLAN and A-VLAN capable • Noise and interference detection/avoidance • Automatic/dynamic channel allocation and channel power • Automatic hole detection in case of single AP failure • Switch redundancy • WLAN QoS + Spectralink Voice Protocol (SVP) and future 802.11e • Fast roaming (less than 100ms, intra and inter subnet) • Automated network modeling integrated in ACS • Automatic RF Management (Channel assignment/Power Adjustment) • Centralized policy-based Network Management Application • Efficiency • Security • Availability • Voice support • Manageability
An advanced WLAN infrastructure OmniAccess 4012 and 4024 Wireless Switches • Distributed approach, usually in the wiring closet • Wireless control and Wireline capabilities • AP can be connected to 10/100 port on Wireless Switch • 12 or 24 10/100 PHY interfaces with PoE • 1 or 2 port Gigabit uplink OmniAccess 4102 Wireless Appliance • Centralized approach, usually in the Data Center • Wireless control, wireline connectivity to Data Center LAN switch • Not facing clients: no 10/100 ports, no PoE • Traffic backhauled from the edge to the appliance • Dual Gigabit Ethernet uplinks to connect appliance to backbone • Supports up to 36 APs OmniAccess 1200 Access Points • 802.11b&g and 802.11a/b&g (multimode) • 1200R extends WLAN services over WAN links (T1, cable modem, FR, etc) • Omni-directional, sectorized directional antenna or external antenna • 802.3af in-line powered (out-band power optional) • Air monitoring + traffic forwarding in same device • Lightweight Access Point Protocol (LWAPP)
OmniVista Air Control System (ACS)WLAN Systems mgt, Element mgt, Policy mgt • WLAN Systems Management • WLAN Planning (RF prediction/site survey) • Intelligent RF Management - portal into OmniVista Air Director Software • Locating Tracking • Port Mirroring/Monitoring • Fully-featured EMS system • Centralized visibility into clients • Troubleshooting, alarms, upgrades, etc. • Advanced policy engine • Point and click policy assignments Network-wide visibility • Flexible access options • HTTP, HTTPS, SNMP, CLI • Detailed GUI, including accurate heat maps • Integrates with external mgmt tools • HP OpenView and other OSS via SNMP
Alcatel OmniVistaAir Control System Alcatel OmniAccess 4102 RF Management AP Management Security / Mobility Security / Mobility Management Rogue Defense • Alcatel OmniAccess WLAN: • WLAN service delivery • RF management • Wireless Prevention/Protection • Location tracking • Capacity Management • Centralized management • Dynamic Control Enterprise LAN Rogue Sensors Heavy AP Alcatel OmniAccess 1200 Simplifying WLAN Deployment and Management
Configurations: Remote Office, Direct, Appliance and Hybrid Mode • Appliance • Connects to existing L2/L3 network • Fail-Over Redundancy • Direct • Fewer packets on the backbone • POE • <100m distance limit • Hybrid • 3rd Party APs • POE • Remote Office • Corporate security over WAN • Same RF-Management
Main differenciators • Infrastructure designed for voice • Voice traffic capacity =14 communications • Hand-over time < 100ms • Military Grade Security • New functionalities • Site survey and radio planning • Real time intelligent radio and interference management • Air space monitoring • Location 10m => 3m • Intrusion detection: rogue APs • Transparent for client • Transparent for wired infrastructure • Compatible with any 3rd party AP (wireless switch) • AP remote
Security: Multiple Levels of WLAN Protection • Protect authorized WLANs from unauthorized users and malicious behavior • Rogue AP detection/location/containment • address spoofing, bleeding coverage area • Multiple layers of WLAN protection • RF: 802.11 interference, bleeding coverage areas • Network: rogue detection, location, containment • User: protection from dictionary, MiM, and other attacks, Access Control Lists per user group (WLAN) • Application: protect data from DoS and other attacks • Security protocols/standards supported: • Web authentication, 802.1x, WEP, TKIP, WPA with AES, IPsec, …. • 802.1x supporting EAP-TLS, EAP-TTLS, EAP-PEAP • 802.11i ready (AES in HW, SW upgradeable) • IPSec VPN termination (HW acceleration)
Real time radio management (1/2) • Air Director dynamically adapts to real conditions • Performance Optimization • Dynamic Channel Assignment (DCA) • Real-time Load Balancing • Traffic acceleration and prioritization • Coverage Optimization • Coverage Hole detection and avoidance • Transmit Power Control • Key to efficient deployment and maintenance • Self tuning WLAN network: easy to deploy, no need for recurring site surveys in the dynamic RF environment • Results available to user via management application
RF channel “1” RF channel “2” RF channel “3” Real-time RF Management 2/2 Dynamic Channel Assignment
The 1st WLAN system with Integrated Location Tracking • ACS uses advanced RF fingerprinting for 10 meter accuracy • AP localization • Client localization • E911 location services • Precision: up to 3meters • Intrusion Protection w/o location tracking is like hammering a nail in the dark • Locate source of interference • Locate rogue and ad-hoc devices • Locate source of attacks (e.g., MiM, DoS, dictionary)
X X High Availability OmniAccess 4102 AP Resiliency: Coverage Hole detection and avoidance Primary Secondary OmniAccess 4102 / 4012 / 4024 OmniAccess 1200 Appliance Resiliency: Primary and Secondary
High performances Seamless handover: Roaming anywhere on the network Enterprise Server Or IP-PBX Router Subnet B Subnet A From AP to AP On different switches Across Subnets From AP to AP On different switches Within Same Subnet From AP to AP On same switch Within Same Subnet
X OmniAccess 4102 / 4012 / 4024 X OmniAccess 1200 The path to converged mobility • Integration of voice and data on the same infrastructure is key for both wired and wireless • For voice support OmniAccess offers • Wireless and wire line QoS (policies, 802.1p/DSCP marking) • SVP support, 802.11e ready • Roaming/handover performances (L3, <100ms) • Availability of the network (RF mgt and redundancy)
Campus roamer (50% desk, 50% mobile within the enterprise) Emergency access Access to role specific apps Support functions, maintenance, security Instant accessibility time sensitive information sales force automation Travelling workers (20% desk, 80% off-site) Sales, consultant Day extenders (80% desk, 20% off-site) Executives Knowledge worker Information and communication access VoWLAN: different tools for different needs • Alcatel Dedicated voice terminals • Alcatel Unified Communications for PCs, PDAs • Future: integration of new generation dual mode phones • Combination of all of those devices make a solution for enterprise : different tools for different needs Employee types Needs Tools Profiles
Mobile IP Touch: Alcatel VoWLAN Telephone • 802.11b only • H323 protocol • Text messaging support via OAI • Push to talk • Vibrator • Integrated TFTP client • DHCP or static IP addressing • Wireless security: WEP 40 & 128 bits • Mobile IPTouch 600 • Designed for high-use and industrial environments • Exclusive push-to-talk functionality • Unmatched durability • Loud environment ringer and speaker • Display: backlit dot matrix with icons • Weight: 170 g • Dimensions: 150 x 56 x 25,4 mm • Battery capacity: 4 hours talk, 80 hours standby • Mobile IPTouch 300 • Designed for general enterprise applications • Smallest and lightest wireless VoIP handset available • Display: backlit dot matrix with icons • Weight: 120 g • Dimensions: 140 x 51 x 24,5 mm • Battery capacity: 4 hours talk, 80 hours standby
Voice performances • Mobility: • seamless handover (<100ms) • Traffic • Voice traffic capacity =14 simultaneous voice sessions • QoS • WLAN data QoS • Rule in Voice WLAN definition • Gold, Silver, Bronze • WLAN Voice QoS • Support of Spectralink SVP protocol • 802.11e future support • Wireline QoS – 802.1p/DSCP marking/enforcement
Voice architecture: SVP server OmniAccess WLAN switch Alcatel Omni PCX SVP Server • Dedicated network appliance • Manages voice prioritization on the wireless network • Supports up to 120 simultaneous calls • Multiple SVP Servers can be used for large installations Alcatel VoWLAN phones
Adding IP Telephony to VoWiFi • Alcatel PBX (OXE R6.0) services are accessible through Menu key Call forward Select • During a conversation: • Inquiry call • Transfer • 3 Party conference • Broker call • From idle state: • Last number redial • Immediate forward • Immediate forward on busy • Forward on no reply • Forward on busy or no reply • Forward cancel • -…
Alcatel OmniAccess main differentiators • Cost effective • 20% advantage over distributed products (dual band) • Infrastructure designed for voice • Voice traffic capacity =14 simultaneous communications per AP • Seamless hand-over (time < 100ms) • Security • Rogue AP detection, location and containment • VPN termination and pass-through capability • New functionalities • Real time intelligent radio and interference management • Location tracking 10m => 3m • Compatible with 3rd party APs • Services transparent for the client
AP AP Op. fiber REAP OmniAccess global architecture with OXE DECT Digital Analog WLAN PC IP - Phone HD OmniPCX Enterprise PTSN PTSN Wireless Server: Switch mode (A4400 & OXE HW) rd 1 specific WLAN for 3 party AP: - AP SVP server - OmniAccess Management Wireless Server: Appliance Mode ACS IP Network IP Network AP Switched NWK Switched NWK Access router AP AP Data server
Roadmap WLAN Future evolutions • Infrastructure • Integration mgt • SMB wireless infra offer • Voice Terminals • Industrial solution • Increase level of communications services • Application integration • Instant messaging /presence OmniAccess data Launch OmniAccess voice+data Launching OXE R6.0 Beta for OA voice+data Q1 2004 Q3 2004 Q1 2005 VoWLAN add- on on OXO R3.1
WLAN competitive positioning - versus Cisco • Cisco SWAN key missing features • No real RF planning tool (APs need to be deployed before the coverage/channel assignment can be assessed by WLSE). • Channel assignment determined by AP. Depends on boot sequence and cannot be dynamic (WLSE needs to be prompted by the user to re-compute a channel assignment) • Very crude location services: nearest AP only • No rogue AP containment • No integrated VPN termination capability • No network-wide MAC filtering (user “black-listing”) • Pricing
Security Management Mobility Management Service Continuity Radio Freq. Management Planning and Design Intelligent WLAN System Wlan Control System (ACS) Software Wireless AOS WLAN Appliance & Switch 802.11a/b/g Access Points
Security Management • Challenges • Stealing Bandwidth - someone uses what you pay for • Eavesdropping - someone listens to what you ‘say’ • Stolen data - someone takes away your property • Modification & Insertion - someone alters your communication • Impersonation / hijacking - someone claims … it’s you • DoS attacks - someone wants to destroy
Secure mobility : not a paradox anymore • Alcatel Wireless Security Management : Users • Based on a robust 802.1X AAA (authorization, authentication and accounting) engine • A multi level approach • Layer-1 : • number of attempts • Layer-2 : • Simple ACLs filtering • 802.1x dynamic keys with EAP • WPA (Wi-Fi protected access) with AES, TKIP or WEP • Layer-3 • VPN (terminated and pass-through) • IPSec (terminated and pass-through) with IKE and DH groups, and DES, 3DES or AES encryption. Aso includes industry-standard authentication MD5 or SHA-1
Dealing with illegal APs • Alcatel Wireless Security Management : intrusion/isolation • Built-in detection, tagging, monitoring and containment capabilities • Tag rogue APs as unknown until they are eliminated or acknowledged. • Then acknowledge rogue APs. When outside the LAN and not compromising LAN or WLAN security. • …or accept rogue APs. When do not compromise LAN or WLAN security. • … or tag rogue APs as contained Discourage clients from associating by having APs transmit de-authenticate and disassociate messages to all rogue AP clients.
Main Office OmniAccess 4102 Appliance LAN Router Ethernet Switch Ethernet Switch 3rd party AP Omniaccess 1200 AP In Layer 3 Mode OmniAccess 1200 AP In Layer 2 Mode Generic network design : Local Edge • APs can encapsulate LWAPP in IP to allow communication with the switch/appliance across IP subnets
Main Office OmniSR HQ Switch/Router Remote Office OA512 Office Switch/Router WAN Link (E1, FR, ...) OmniAccess 4102 Appliance LAN Router OmniAccess 1200 REAP Ethernet Switch Ethernet Switch 3rd party AP Omniaccess 1200 AP In Layer 3 Mode OmniAccess 1200 AP In Layer 2 Mode Generic network design : Remote Edge • The first ‘thin’AP designed to work across WAN links
Radio Frequency Management (1/2) • Automatic Hardware Detection and Configuration • Detects insertion of new APs into a network, and pushes configuration information out to these devices. • Dynamic Channel Assignment • Assigns (and reassigns) radio channels based on load, interference and radio location. Ensures consistent and reliable user performance as network conditions change. • Transmit Power Control • Adjusts transmit power to each individual APs to ensure minimal overlap between access points and to provide self-healing characteristics in case of radio failure
Radio Frequency Management (2/2) • Dynamic Load Balancing • As new clients associate, balances traffic load across available APs. Ensures that all available network resources are utilized and distributed evenly across large groups of users • Can be used to route traffic around "sick" APs • Algorithms provide up to 10 times more capacity than typical wireless networks, dynamically adapting to radio topographies as they change. • Coverage Hole Detection and Correction • Examines client signal strength and locates coverage holes. • Then holes are filled through dynamic transmit power control.
Mobility Management • Alcatel Wireless supports seamless client roaming • For Same and Inter Wless Switch or Appliance (Layer 2)…. • Roaming is fully transparent to the client • … also Inter IP-Subnet (Layer 3) Roaming… • Session is sustained via a tunnel between the Wless Switches and Appliances • … and of course, Voice Over IP Telephone Roaming • Average handover latency around 50ms • No need for re-authentication, or other IP complex mobility mechanisms • Possibility to maintain roaming within areas via ‘Wless mobility groups’
Service continuity : Physical View OmniSwitch 7700 Authentication Server OmniSwitch6648 OmniAccess 4102 OmniAccess 1200 OmniAccess 4012 OmniSwitch6648 OmniAccess 1200 OmniAccess 1200
Service continuity : Logical View OmniSwitch 7700 Authentication Server OmniSwitch6648 OmniAccess 4102 OmniAccess 1200 OmniAccess 4012 OmniSwitch6648 OmniAccess 1200 OmniAccess 1200
Service continuity : Logical View OmniSwitch 7700 Authentication Server OmniSwitch6648 OmniAccess 4102 OmniAccess 1200 OmniAccess 4012 OmniSwitch6648 OmniAccess 1200 OmniAccess 1200
OmniAccess 40xx Wlan Switch • Compact design • 12 or 24 10/100 Mbps-TX Ethernet ports in 1 RU • 1000Base-SX (fiber) one or two port module or 1000Base-T (copper) (optional) • On-board IPSec VPN termination capability using Enhanced Security Module crypto processor (optional) • Power over Ethernet • Configurable Distribution System Ports (10/100s or GigE) • 10/100 Mbps-TX Ethernet Service Port (outbound management) • 9 pin Serial Connector for Console Port • 10/100 Mbps-TX Ethernet Data Ports; auto sensing • ESM - Enhanced Security Module: • Sustains up to 1 Gbps throughput with layer 2 and Layer 3 encryption enabled. • Supports high-speed, processor-intensive encryption, such as IPSec and 3DES
OmniAccess 41xx Wlan Appliance • Compact design conserves wiring closet space • Supports up to 36 APs • OA4101 1 x 1000Base-SX (fiber) port module • OA41022 x 1000Base-SX (fiber) two port module • On-board VPN capability using Enhanced Security Module crypto processor (optional) • 10/100 Mbps-TX Ethernet Service Port (outbound management) • 9 pin Serial Connector for Console Port • ESM - Enhanced Security Module: • Sustains up to 1 Gbps throughput with layer 2 and Layer 3 encryption enabled. • Supports high-speed, processor-intensive encryption, such as IPSec and 3DES
OmniAccess 1200 Access Points • Different models to cover various needs • OA-1200-BG-EXT • One 802.11b/g radio and four high-gain internal antennas, one 5 GHz external antenna adapter, and two 2.4 GHz external antenna adapters. • OA-1200-BG-INT • One 802.11b/g radio, four high-gain internal antennas, and no external antenna adapters. • OA-1200-ABG-EXT • One 802.11a and one 802.11b/g radio and four high-gain internal antennas, one 5 GHz external antenna adapter, and two 2.4 GHz external antenna adapters. • OA-1200-ABG-INT • One 802.11a and one 802.11b/g radio, four high-gain internal antennas, and no external antenna adapters. • OA-1200-ABG-EXT-RE • Remote Edge Access Point (REAP) with one 802.11a and one 802.11b/g radio and four high-gain internal antennas, one 5 GHz external antenna adapter, and two 2.4 GHz external antenna adapters.
WLAN Systems Management WLAN Planning (RF prediction/site survey) Intelligent RF Management Wireless Protection System (WPS) Locating Tracking Monitoring Fully-featured EMS system Wireless Network-wide FCAPS Centralized visibility into clients Troubleshooting, alarms, upgrades, etc. Advanced policy engine Point and click policy assignments (layers 1-3) Network-wide visibility Flexible access options CLI, HTTP, HTTPS, SNMPv1,v2 and v3 Detailed GUI, including accurate heat maps Integrates with OV2500 and external management tools Alcatel OmniVista Air Control SystemWLAN Systems Mgmt; Element Mgmt; Policy Mgmt