250 likes | 602 Views
Aruba Wireless Grid. RF sniffers. Intranet Firewall. Wireless manager. Wireless IDS. VPN concentrator. Objections to WLANs. Before WLAN deployment. After WLAN deployment. Security risks Systems designed for connectivity, not security Eavesdropping RF threats High TCO
E N D
RF sniffers Intranet Firewall Wireless manager Wireless IDS VPN concentrator Objections to WLANs Before WLAN deployment After WLAN deployment • Security risks • Systems designed for connectivity, not security • Eavesdropping • RF threats • High TCO • New network infrastructure • High cost of deployment • Complex management and troubleshooting Internet Previous generation WLAN architectures are prohibitively complex and expensive
Public Hotspot (Internet) Bridging Rouge AP Unauthorized Wifi Hacker Neighbor Hotspot Delaying WLANs Not Right Strategy • WLANs are already in your building • Unauthorized access points • Open access points within range • Proliferation of devices with Wifi • Personal Wifi devices • Peer-to-peer Wifi communications • Opportunity cost of delaying WLAN • Expensive adds, moves and changes • Port consolidation • Improved workflow • VoIP over Wifi Corporate (no WLAN) Wired LAN Corporate (no WLAN) Neighbor
Solving The Security Problem Solve the whole problem! WLAN Security
Centralized WLAN Switch Management Policy Mobility Forwarding Encryption Authentication “Thin” Access Points 802.11a/b/g Antennas Centralized Architecture “Fat” Access Points
Management Location Policy Diagnostics Mobility Calibration Forwarding Enforcement Encryption Monitoring APs are gaining weight with new services and added capacity Authentication Media Access 802.11b Radio 802.11a radio 802.11n radio Architectural Evolution Centralized WLAN Systems “Fat” Access Points “Thin” Access Points
a a a a a a a “However, when the rogue containment feature was enabled, we found it reduced performance by as much as 34 percent.” - On Time-slicing RF Services L January 5, 2004 Management L Policy Time Sliced RF Services m m m m m m L Mobility f Forwarding L d d d d L Encryption f s s s s s f Authentication Wireless Grid • Multi-service wireless infrastructure • Higher performance & better coverage • Uses existing structured cabling for cost Diagnostics WLAN Switches Grid Controllers Location Fingerprinting Security Monitoring RF Service Access Radios Antennas “Thin” APs Grid Points Wireless Services Grid
Complete WLAN Security Trusted user, Trusted host Trusted user, Un-trusted host Virtual AP 1 SSID: CORP VPN RADIUS Un-trusted user Firewall Captive Portal Guest user Virtual AP 2 SSID: GUEST 802.1x Layer 2/Layer 3 Infrastructure CaptivePortal Firewall DHCPPool Thin Access Point Default VLAN Central WLAN System Authentication Encryption Policy Enforcement Firewall, VPN RF Security
Eliminating Rogue APs Patented classification technology is the key! Locate the rogue AP Rogue AP Air Monitors
Solving The TCO Problem • Lower deployment costs • Eliminate upgrade & re-configuration of Layer 2/3 infrastructure • Lower management costs • Deploy Intelligent RF management • Deploy integrated solution to scale with your needs
What Does Wireless Really Cost? REQUIREMENT COST COST Traditional AP Deployment Wi-Fi Grid Deployment Site survey ($1K/10 APs) $100 n/a Installation • Pulling power (or providing PoE) $500/minimum n/a • Pulling Cat5 cable $250/minimum n/a Configuration and reconfiguration $200 $25 Ongoing support • Break/fix $250 $50 • Troubleshooting (per incident) $200$50 TOTALS $1500 $125 Average Cost of Installing a single AP indicated by our customers
Reducing Deployment Costs Real-Time Site Surveying Streamlines Wi-Fi Deployment • Cost optimized (coverage) • Throughput optimized • Failover optimized Floor dimensions: 500 by 500 Floor height: 12 feet Number of users: 1500 Users per AP: 10 Connection rate: 5 Mbps Redundancy factor: 20% RESULT: 3-D model of AP/AM placement
Real-Time Visualization • Place the APs on a floor plan and see the results in real time • Reduce labor costs by eliminating manual walkabouts • Real-time views on • Signal-to-Noise Ratio (SNR) • Interference • Coverage at specific data rates • Views of cross floor RF leakage
Self-Calibrating Wi-Fi Real-time calibration measures the indoor propagation to determine the actual channel and transmit power of each AP
Self-Healing Wi-Fi • WLAN switch automatically reconfigures AP to extend coverage to compensate • Plug and Play APs download original settings x
You want to stop rouges without effecting your neighbor's wireless network and want to everything about your own Access Points Managing Clients and Access Points Users move with Wifi and you want to know where the user is connected and which AP they are connected to for troubleshooting
Multi-point triangulation for accuracy within 3 ft • Real-time location service tracks radio source as it moves • New grid points get orders from central switch for turning on location services as user moves The device/user is located Real-time Location Tracking RSSI = X RSSI = Z RSSI = Y
3 4 5 DATA CENTER Configure RADIUS every time you add an AP ACCESS DISTRIBUTION CORE Upgrade IOS for 802.1x fast roaming Upgrade IOS for inter-VLAN mobility FLOOR 2 EMPLOYEE EMPLOYEE 2 8 2 4 8 1 6 6 4 1 6 GUEST GUEST 5 6 4 3 4 2 Standby 2 FLOOR 1 6 EMPLOYEE EMPLOYEE 5 4 2 6 4 2 5 7 3 1 3 7 1 GUEST GUEST 5 3 3 3 5 5 1 1 1 6 2 New blades for firewalling and VPNs Add new hardware for AP and RF management Add wireless VLANs everywhere VLANs Six things they don’t tell you DATA CENTER ACCESS DISTRIBUTION CORE FLOOR 2 FLOOR 1
Enterprise VoWLAN Benefits • Eliminate expensive adds, moves and changes associated with legacy voice equipment • More secure and better coverage than cellular voice • Minimal interference for certain sensitive areas such as hospitals Unique to Aruba • Stateful Voice Flow Classification • Advanced call admission control • Bandwidth contracts applied on a per device or per user basis • Lowest latency intra-switch handoffs
Starting at $6K Complete Wireless Integration LAN-speed Firewall $20K Wireless Gateway Appliance $9K WirelessIntrusionDetection $20K Distributed Wireless Sniffers $10K RFManagement $10K $30K VPNs $100K
Aruba Wireless Grid Products Modular WLAN Switches Standalone WLAN Switches Access Points WLAN Software • Aruba 2400 • 48 GPs • 24 Port WLAN Switch • AirOS • AirOS • RF Director (WebUI) • WLAN Services • WIP • Client VPN • Remote AP • Firewall • Advanced AAA • Aruba 5100 • 3.6 Gbps Capacity • 256 GPs • AirOS • Line Card Options • Aruba AP 60/61 • Single radio • 802.11a/b/g • Aruba 800 • 16 GPs • 8 port WLAN Switch • AirOS • Aruba AP 70 • Dual radio • Dual Ethernet • 802.11a/b/g • Aruba 5000 • 1.8 Gbps • 128 GPs • AirOS • Line Card Options • Aruba 804 • 4 GPs • 8 port WLAN Switch • AirOS
Summary • Eliminating security risk is a key reason to deploy WLANs • Wireless Grids have solved WLAN security and TCO issues • Aruba Wireless Grid provides… • Holistic security • Fast ROI • Best performance