Presentation is loading. Please wait.

Presentation is loading. Please wait.

QoS and Security Decisions in WiFi Telephony Jonathan Zarkower Director – Product Management The Intelligent Wireless Networking Choice.

Similar presentations


Presentation on theme: "QoS and Security Decisions in WiFi Telephony Jonathan Zarkower Director – Product Management The Intelligent Wireless Networking Choice."— Presentation transcript:

1

2 QoS and Security Decisions in WiFi Telephony Jonathan Zarkower Director – Product Management The Intelligent Wireless Networking Choice

3 Agenda  Setting a Framework  Next Generation Requirements/Architectures  Summary  Q&A

4 Setting a Framework

5 WLAN Adoption Trends  Pervasive clients  Strong, standards based foundation; adequate security broadly available  Business cases established  Management model and tools exist  Large-scale deployment successes  Interoperability enforced (WiFi) Early Adopters 1998-2000 Large-Scale Adoption 2001-2004  Limited client availability  Standards emerging; proprietary implementations  Technology push vs. business pull  Trials, pilots, “islands” of limited deployment  Interoperability and scalability not proven out  Multi-purposed “smart” clients  Next Gen Standards;.11n,.11k,,TR-59, etc.  WLAN-based Triple Play; QoS enabled  Wholesaling, client Auto- provisioning, Managed WLAN Services  “WiFi Everywhere” MultiService Generation 2005+ Over the Next Two Years, WLANs will represent the emerging point of convergence for other leading technology sectors including Security, VoIP and RFID

6 Fourth Generation WLANs

7 Typical Multi-Service WLAN System  Access devices integrate with wireline network and deliver core WLAN services  Controller/Switch enables enhanced WLAN services  Centralized management system provides scalability WLAN Management Central Site/Campus VLAN Switch/Router Controller/Switch Access Points AAA, VPN, DHCP Servers LAN/WAN Backbone Remote Sites Secure WLAN Gateway

8 A View of Current WLAN Services Multi-Service Operating System Public & Guest Access Secure Data Voice Multi- Media Mobile Business Apps WLAN Services Networking Functions Multi- Layer Security WLAN RF Wireline/ Wireless Integration End-To-End Management Network QoS Multi-Service OS can deliver multiple WLAN services per network Separate SSID/BSSID per service ensures client interoperability Each service tunable for optimum application performance Multiple Instances of any service provides flexibility

9 Key System Service Features Secure Data  Layer 2 (802.1x, WPA, WEP, MAC auth)  Layer 3 (complete VPN security, IP filtering)  Integrates with corporate AAA database Voice  Flexible handset support  Service-Aware soft-phone support (SIP, H.323)  Fast hand-off/roaming, extended battery life Multimedia  802.11e EDCA and Service-Aware QoS  Wireline QoS integration (802.1p, TOS/DiffServ) Mobile Business Apps  Configurable QoS and security policies for specialized client devices Public and Guest Access  “Zero-config” client ease-of-use  Multiple security and QoS profiles  Support for major back-end billing services

10 Secure Data Services Layer 3 IP address filtering limits destination addresses VPN termination, aggregation, or filtering Stateful Firewall provides session-aware security Layer 2 Traffic segregation and VLAN mapping per SSID 802.1x authentication leverages existing AAA db Layer 2 Isolation provides security at the client level SSID=Employee Security=VPN LAN/WAN WLAN Gateway Data Center AAA VPN Server

11 Toll-Quality Voice  Broad QoS support for VoWLAN handsets  SpectraLink, 802.11e, Vocera, SIP and H.323 soft phones  Transparent client subnet roaming support  Traffic segregation and IP filters reinforce security  Support for 3 rd party power- save modes Employee Server VoIP Gateway SSID=VOICE Security= WEP IP Filter=VoIP G/W QoS=P1 Router Data Center Subnet “A”Subnet “B” Seamless Subnet Roaming

12 Multimedia  802.11e EDCA QoS protocol support  Four classes of service enable rich multimedia applications  Service-Aware QoS for non- protocol client devices  Enables legacy devices to access QoS  Mapping to wired network QoS policies  802.1p and TOS/DiffServ integration Switch/Router Video Server SSID=VIDEO Security=Open Filter=Video server QoS=P2 SSID=Multimedia Security=WPA QoS=802.11e SurveillanceVideo Conference Internet

13 Mobile Business Applications  Configurable security policy  MAC authentication and IP filters provide strong security for weak client devices  Separate SSID/BSSID per service  Ensures compatibility with 3 rd party devices  Configurable Power Save signaling  Configurable QoS policy  Enables applications to be prioritized  Per AP flexibility enables tuning per RF footprint Barcode scanners Asset Tracking Tablet Computer Specialized Client Devices Any client device, user category, application type

14 Public/Guest Internet Access  “Zero configuration” user interface  Adapt to client PC configuration (IP add., web proxy, etc.)  Web redirect and authentication simplifies login  Adaptive NAT TM ensures user access to VPN applications  Flexible AAA support  Interoperates with 3 rd party billing services  Supports variety of business models (scratch card, credit card, etc)  Usage or elapsed time session accounting  Rich access control features  Captive portal support enables private content delivery  Web proxy redirect and black list support controls user destinations  Configurable bandwidth management limits access to Internet bandwidth per user, or per service

15 Centralized WLAN System Management  Optimizes total cost of ownership  Centrally managed WLAN device and security policies  Auto discovery, configuration and firmware management  Group policies simplify network operation  Scalable to manage 1000’s of devices and users  Must work with distributed campus and branch topologies  3 rd party NMS integration  Centralized WLAN Monitoring  Comprehensive Rogue AP detection  Performance and troubleshooting tools  Multi-vendor AP management  Ease of migration from legacy to next generation

16 Management Tools Reduce TCO  Ease of Deployment Tools  Automatic channel selection  Auto Power  Ongoing RF optimization to ensure consistent client performance  Strong Network Operations Tools  Packet capture Remote debug tool to work with standard protocol analyzers  Client data rate matrix Quickly identify client performance problems and optimize RF coverage  Client authentication trace Identifies complex association and authentication problems with plain English messages  Syslog Provides real-time information to network operators  SNMP Standards-based Fault Management, Configuration, Accounting, Provisioning, Security

17 Next Generation Requirements/Architecture

18 Next Gen WLAN Requirements  Scalability – Single architecture fits centralized and distributed organizations, large and small facilities  “WLAN adoption will accelerate over the next two years, with more than 50% of organizations deploying WLAN by 2006”…Meta Group  High performance – >100 Mbps client bandwidth with QoS for multimedia applications  802.11n (MIMO), VoWLAN QoS  Reduced cost – TCO competitive with wired Ethernet  Installation, operation and equipment costs  Rich services – Business mobility applications, plus access to wired network services  NAC, location-based applications, RFID

19 Current WLAN Architectures  Layer 2 security  Strong access control and privacy  Seamless roaming with security  Ease of deployment and operation  Centralized management  Automatic RF configuration  Scale  Sq ft “sweet spot” doesn’t fit very small or large facilities  Performance  10 VoWLAN session limit  Fork-lift upgrade for 802.11n  Cost  $1.10 per sq ft. AdvantagesChallenges

20 Fourth Generation Architecture  Distributed intelligence increases performance and scalability  X more voice sessions  10x larger networks  50% better QoS (jitter and latency)  Data processing at WLAN edge reduces cost by ½  $0.5 per sq ft  Separate WLAN control and management appliances provide smooth upgrade to 802.11n  Distributed processing increases service reliability LAN DataPlane ControlPlane ManagementPlane Client packet Forwarded Client access & QoS control, roaming WLAN RF & system mgt. Switch/Controller NMS Access Points

21 Summary  Voice is one of many services being added to WLAN  Unique requirements exist for WLAN voice, as well as other services  WLAN leverages existing wired LAN QoS for end to end toll quality voice  Current architectures provide benefits, add challenges  Fourth Generation approach answers the challenges

22 Thank You! Questions?


Download ppt "QoS and Security Decisions in WiFi Telephony Jonathan Zarkower Director – Product Management The Intelligent Wireless Networking Choice."

Similar presentations


Ads by Google