How Cloud WiFi solves today´s challenges Nov 2017 carlos@mojonetworks.com

Mojo Networks Founded in 2003 focused on WIPS 1st Cloud Designed for Enterprise Veterans of the WiFi Industry HQ in Silicon Valley, Engineering in India ***To be used if prospect has no prior experience of Mojo or has not yet met the sales team*** At Mojo Networks we have a long history of working with both Cloud and Wireless technologies We began with a pure security platform, aimed to accurately and reliably identify wireless threats on the wire and in the air in order to automatically neutralize them Our cloud was purpose-built to manage autonomous sensors that scan 24/7 Needed to scale for data processing Needed to scale for distributed environments Needed to ensure sensors could operate at 100% capacity without a direct connection to the cloud (Controller-free architecture) We evolved to provide a combined solution of access and security, providing both core services through a “Dual-mode” access point that could both scan and provide access at the same time Our cloud needed to grow to take in the increased data required to manage active users, optimize networks, distribute WiFi policies across large distributed environments We needed to provide enhanced monitoring and reporting capabilities to make sense of this new data, and compartmentalize it so each user could quickly access the data he or she truly cared about Today we employ a unified approach to WiFi, where intelligent, autonomous access points connect to a purpose-built cloud architecture designed to scale networks to near infinite levels The cloud provides a unified approach to wireless networks, offering a complete suite of applications and tools needed throughout the entire enterprise WiFi workflow Access points are fully capable of finding the cloud, keeping their configurations up to date, and automatically optimizing networks to keep them performing at optimal levels This combination allows us to act quickly to support customer and industry needs, Cloud updates for new features and security New applications built using our fully-featured, web-based API We can ensure that the integrity of the cloud, and by extension our customers’ data, is completely secure from external attacks The efficiencies created for our cloud operations teams, in addition to the efficiencies created for you within your team and their WiFi related tasks, means we can deliver significant savings Over 50% reduction in total CapEx expenditures A move to OpEx spending that covers cloud services, updates, support and maintenance 2003 2008 2012 2015 2016 2017 Wireless Security Cloud WiFi Engagement Analytics Tri-Radio Access Points Cognitive WiFi

History of WiFi – What is missing today? IoT Management Management BYOD Control Desktops / Laptops Designed for need Control Data Mobility Management Control Data Data Your WiFi needs to support this shift Overtime WiFi has evolved in response to the growing number of wifi devices More devices means a greater appetite for capacity More devices adds complexity and unpredictability into the network Major challenges were first addressed at the hardware level but soon were met by management software as hardware started to commoditize Today’s challenge goes beyond the physical constraints of current WiFi architectures Today’s challenge concerns the ability to store and make sense of the massive amount of data coming from your network so that you can automate WiFi Cloud Wi-Fi First Gen WiFi Fat-APs Controllers 2001 2008 2013 2017 802.11a/b/g 54 Mbps 802.11n 450 Mbps 802.11ac Wave 1 1.3 Gbps 802.11ac Wave 2 3.5 Gbps

Benefits of Cloud vs. Controllers PoC Fast No need for onsite presence 1st Deployment Replicate PoC Easy integration with existing systems Inherent High Availability Growth No compromises Unlimited scalability Optimal for all sizes Support Engineer online in minutes Collaborative troubleshooting Proactive monitoring Automated SW upgrades Future No HW dependencies for next-gen APs Unlimited CPU and Storage for new features

AP hardware is commoditized

State of Enterprise WiFi AP H/W AP S/W Management Chipset Device driver CPU RAM Flash Eth USB Antenna Antenna WiFi industry needs to “open up” like the datacenter (OCP) and networking (SDN/NFV) industries

Vision: Open Access Point Benefit to WiFi vendors: Provide customers more H/W choices. Leverage economies of scale in manufacturing, distribution and stocking Mojo Networks just joined Open Compute Project in Feb 2017 Network OS ONIE bootloader Open AP H/W

Tri-Radio APs Improved Troubleshooting Application Performance Complete spectrum analysis and over-the-air packet capture increases effectiveness Application Performance No impact on voice and video applications by persistent third radio scans Multifunction Radio 2x2 11ac Radio Resource Management Persistent scans feed more and better information to support RRM functions Dedicated WIPS Security Free to perform automatic over-the-air prevention without impacting access clients Access Radios 2.4 & 5GHz

The need for Dedicated Scanning Scan – 100ms Access Point Dedicated scanning is becoming a major requirement to support modern high-bandwidth applications Background scanning disrupts these applications when running Background scanning is often disabled automatically or entirely RRM and RF optimization suffers without constant off-channel data 2.4GHz 5GHz Number of Channels 14 36 Time to complete one full scan using background scanning 2 minutes, 21.6 seconds 6 minutes, 3.6 seconds dedicated scanning 1.4 seconds 3.6 seconds

Mojo 802.11ac Access Point Family W-68 O-90 C-120 C-130 C-100 C-110 2x2:2 MIMO 802.11ac Wave 1 3x3:3 MIMO 4x4:4 MU-MIMO 802.11ac Wave 2 Tri-Radio 2x2:2 MU-MIMO 802.11ac Wave 2 5x Ethernet Ports 2x Gigabit pass through 1x Ethernet Port 2x Ethernet Ports 1 x Ethernet Ports Wall mount, 4x switch ports Best for dormitories, hotels, apartment buildings Internal and external antenna options Best for stadiums, outdoor spaces, weather-affected environments Built on latest Qualcomm chipset Best for high density, enterprise, classroom and auditoriums Only 2x2 third radio for dedicated WIPS/RF Low cost Wave-2 Best for medium dense, SMB, Retail, K12 Schools Best for medium dense, SMB, Retail, K12 Schools, Enterprise *Scheduled for Summer 2016 release

Cognitive WiFi: A new Cloud WiFi Architecture

Challenge #1 – WAN failures

Mojo cloud architecture 1. Management Plane - Centralized 3b. Data tunnel 3a. Local data breakout Virtual Tunnel Aggregator 3. Data Plane - Flexible 2. Control Plane - Distributed

WiFi Control Functions done entirely by APs Radio Resource Management Firewall QoS Auto channel selection Dynamic Channel Selection Load Balancing Band Steering Smart Steering 3rd Radio Stateful Firewall Application Firewall (~1400 Signatures from Procera) Role Based Access Control Integration with Google MAC Auth WMM to DSCP / 802.1P Wired to Wireless Marking Voice / Video Prioritization (Skype, Hangout, GoToMeeting etc.) Per user bandwidth Traffic Optimization Data Path Security Broadcast Multicast Control Proxy ARP Min Data Rate Min Broadcast Rate IGMP Proxy Local Bridging Traffic Tunneling (EoGRE) Flexible Mixed mode AP classification Client Calssification Thread detection Thread Protection High Level Marketing Points Highly Scalable Architecture (Scalability) 100 thousands of devices Zettabytes of Data for Analysis Unlimited resources (CPU, RAM, Disk) Unified Platform (Manageability) Web access from anywhere on any device Simplified Zero Touch AP Central Monitoring and Troubleshooting Access, Security, Engagement, Analytics Designed to be Highly Available, Redundant, Fault Tolerant (Reduced Complexity) Zero IT Involvement Uses Amazon Web Services Interfaces Mojo One – Single Sign On Access to all services, apps, portals Granular control over what is seen and permissions User base authentication Two-factor authentication Federated login using SAML Key based auth for API access Allows Admins to manage users’ accounts Mojo Launchpad – Single Sign On for one, secure interface to all Services, Apps, and Tools User management Entitlement MSP views CPP - Customer Provisioning Portal Provisions services for new customers Manages customer entitlements Services APIs for integration to Salesforce (or other CRM) Rule based – new account in SFDC triggers customer provisioning. Customer data stored in centralized customer database Redirector Receives new device setup request and looks it up in the customer database by device ID Responds to device with its service instance info Device must be provisioned (Device ID in customer database). Done via: SFDC integration Mojo Launchpad – self service Services MWM - Mojo Wireless Manager – Mojo device management and monitoring Multi-Tenet Super-Tenet – multiple service instances aggregated under a unified view to manage very large customers (>5000 APs) MGM - Mojo Guest Manager – Guest management and analytics Packets – Graphical packet analyzer Cloud hosted Easy to capture and troubleshoot remotely Simple online collaboration ??? Each service can have multiple instances ??? Different Service for different functionality. Each has own API Applications Nano – Simple mobile UI for MWM Canvas – Easy to use Guest portal design platform All mobile friendly Interact with multiple services at the same time New apps easily created using service APIs Nagios - Monitors Applications

Challenge #2 – Scalability

Complexity doesn’t grow with AP number APs only sync state with RF neighbors RF Neighbor Table AP1 AP2, AP7, AP8 AP7 AP1, AP2, AP3, AP6, AP8, AP9, AP10, AP11 AP1 AP2 AP3 AP4 When AP1 sends client state information, only AP2, AP7 and AP8 update their client table When AP7 sends client state information, only its RF neighbors update their client table AP8 AP7 AP6 AP5 Complexity doesn’t grow with AP number AP9 AP10 AP11 AP12 AP16 AP15 AP14 AP13

Challenge #3 – Integration with other systems

Mojo API: Integrate with any other system Cloud systems speak a new language Built upon a RESTful architecture that interacts with all modern web languages Fully exposed to allow both POST and GET capabilities Enables the complete workflow of WiFi access, security and engagement Key management handled by customer directly, able to hold specific permissions like a user account Sean

Integration with Google for Education Mojo Cloud Wi-Fi Google for Education Enforce student and faculty privileges Complement existing PSK or 802.1x security Control which devices can connect to your Wi-Fi Use existing official Google accounts for authentication

Mojo Canvas – built-in Portal editor Arial 32 pts Mojo Canvas – built-in Portal editor Execute the below API call : URL : https://cdn-test.dt.airtightnw.com/api/v1.14/campaigns/2?access_token=du1e7sr4636bnm3dode5rffqk5Method : PUT Request Body: { "status":"published", "active_splash_page_id":2, "active_landing_page_id":1 } Mojo Canvas Mojo Canvas is a web-hosted, interactive design app that lets you create modern splash and landing pages for guest networks that engage with your guests before and after they connect to your WiFi network. With Canvas you’ll be able to: Create beautiful and stunning splash pages without the need for any web design skills, Support cool new ways for your guests to connect such as through social media, custom web forms and much more Develop cool new ways to communicate with your guests after they connect, using SMS, ad insertion and much more

Automation: Mojo Nano Let the end-user configure his WiFi Custom mobile experience that simplifies WiFi deployment Exposes key configuration steps while automating additional configurations and template creation in the background Connects all major cloud services behind one simplified interface Sean Jump back

Why Mojo? Future A fully programmable WiFi is the best answer to your future challenges

Integration with On-Premise systems Cloud Integration Point (CIP) is an AP in a special mode, used for Cloud to LAN communications Solves the issue of reaching on-prem systems like Syslog, SIEM, Controllers, etc.. Wireless LAN Controller Enterprise Security Management UDP 3852 OpenVPN Firewall C-120 CIP Mojo Cloud On-Premise Network

Challenge #4 – Troubleshooting WiFi issues is not easy

Mojo cloud architecture 1. Management Plane - Centralized 4. Cognition Plane – Artificial Intelligence 3b. Data tunnel 3a. Local data breakout Virtual Tunnel Aggregator 3. Data Plane - Flexible 2. Control Plane - Distributed

Wi-Fi almost always gets blamed! But more often than not, it is not the direct cause of end-user issues.

Client Journey Association Authentication Network Application - Association limit - Capability mismatch - Unauthorized client - … - Incorrect PSK - RADIUS auth failure - RADIUS server not responding - EAPOL failure - Fast roaming failure - DHCP failure - DNS failure - Portal failure - Application failure - WAN failure

Mojo Aware – WiFi management made easy WiFi is to blame NOT to blame

Baselining for automated anomaly detection Benchmarks “normal” behavior of your WiFi network, including overall WiFi client experience as well as individual KPIs such as retry rate, data rate, latency, etc. Detects anomalies and compare baselines across APs, clients, or sites 18 Mar 9:30am – 9:45am Baseline: 2.2% Total Clients: 33 Clients Affected: 6 (18.2%) Association Failures: 0 (0.0%) Authentication Failures: 5 (15.2%) Network Failures: 1 (3.0%)

Auto Packet Trace APs buffer latest packets for each connection In the event of a failure, packet trace is stored in the Cloud Auto packet captures inline and in real time, stored in the context of specific client failures Visual packet trace analysis and auto diagnosis simplifies debugging. View Packet Trace

Mojo Packets The best RF troubleshooting tool in the market Remotely capture traces in real time from any Mojo access point Color coded data points and visualization filters makes troubleshooting easy and very fast Add, share, download, or delete traces from the cloud library Mojo Packets is a cloud based tool that represents RF traces graphically Allows to quickly spot events and problems referenced with a timeline graph. Zoom in and mouse over data points frame by frame, or second by second.

Client Emulation with 3rd radio Turn multi-function tri-radio APs into WiFi clients Proactively test your network’s readiness Validate user-reported WiFi issues

Challenge #5 – Wireless Security

Wireless Security Wi-Fi is the most vulnerable layer in Enterprise Security Wi-Fi threats not addressed by other security infrastructure in the enterprise Main threads are: Unlicensed spectrum Commoditization Hotspots are Open SSIDs It´s a shared medium Management frames are sent in the clear Anyone can spoof management frames Sophisticated pentest tools available Elevator Pitch for this slide (Not more than 30 seconds) Mojo AirTight is the industry’s best WIPS system. It’s patented Marker Packet Technology provides 3 unique benefits:- # 1 - Real time detection and automatic prevention of all types of wireless threats even when the Mojo AP loses connectivity to the cloud. # 2 - It locks down your corporate Wi-Fi devices (for K-12 change this to student devices) by ensuring they stay connected to the corporate Wi-Fi network # 3 - It provides peace of mind with minimal false alarms Details Mojo Network’s patented Marker Packet technology

All frames prior to WPA2 key negotiation are sent IN THE CLEAR, 802.11 Management Frames Beacons: I am here All frames prior to WPA2 key negotiation are sent IN THE CLEAR, so the can be heard, copied, spoofed and replayed Probe Request Are you there? Probe Response Yes, I am here Authentication Request Can we be friends? Authentication Response Yes, we can Association Request Lets be friends AssociationResponse Ok, but let´s keep it private WPA2 key negotiation Data Forwarding Deauthentication

Wireless Security: Attacks towards clients Elevator Pitch for this slide (Not more than 30 seconds) Mojo AirTight is the industry’s best WIPS system. It’s patented Marker Packet Technology provides 3 unique benefits:- # 1 - Real time detection and automatic prevention of all types of wireless threats even when the Mojo AP loses connectivity to the cloud. # 2 - It locks down your corporate Wi-Fi devices (for K-12 change this to student devices) by ensuring they stay connected to the corporate Wi-Fi network # 3 - It provides peace of mind with minimal false alarms Details Mojo Network’s patented Marker Packet technology Mojo secures your WLAN and your Clients

Automated Policy Enforcement AP classification Policy Client Classification GO Authorized APs Authorized Clients STOP Rogue Aps (On Network) Rogue Clients STOP Neighborhood APs Neighborhood Clients IGNORE Allows Blue and Grey Paths Automatically Blocks Red Paths

Karma attack responds to probes on OPEN SSIDs saved in your device New tools to easily hook your clients Mojo keeps your clients on your network Probe request Probe response Assoc request Assoc response Karma attack responds to probes on OPEN SSIDs saved in your device

Mojo Networks is IoT-ready Monitoring capacity raised by 4x to 2000 active devices per AP/sensor Behavioral based, alert avoidance, automated zero day protection No false positives/negatives

Summary #1 – Cloud WiFi with distributed Control Plane on APs - No WAN dependency, control plane is local #2 – Scales to any number of APs Each AP is part of an RF neighborhood #3 – Integration with other systems Open APIs offer unlimited possibilities #4 –Cognitive WiFi Artificial Intelligence helps you fix WiFi issues 3rd radio allows for Client Emulation and Auto-Packet capture #5 –Best WIPS in the industry Keep your authorized clients in your network    

Cloud-WiFi is here to stay.