Presentation is loading. Please wait.

Presentation is loading. Please wait.

Get your network ready for Apple Observations from Aruba Networks

Published byGwendolyn Hopkins Modified over 9 years ago

Similar presentations

Presentation on theme: "Get your network ready for Apple Observations from Aruba Networks"— Presentation transcript:

1 Get your network ready for Apple Observations from Aruba Networks
March 2012 Get your network ready for Apple Observations from Aruba Networks

2 Who Is Aruba? Leading provider of secure mobility HQ: Sunnyvale, CA
Aruba MOVE Architecture NASDAQ: ARUN Industry’s most secure WLAN ~ $500M in annual revenue Easiest BYOD & Guest Access Leader in Gartner MQ Zero-touch remote networking

3 Issues facing Apple-centric networks
Device density (Aruba Experience) Spectrum optimization Roaming issues Service issues (Bonjour) Device management issues VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

4 Density problem Airtime is precious. It must be preserved
iPad connect rate is 150mbps best-case Divided by 30 users = 5mbps per channel. Real-world usage will halve this number. Implies 1 channel per class Other devices are even worse (53mbps) 2.4 Ghz band with 3 channels will not scale in a typical school Clean 5Ghz is mandatory, provides 22ch Clients should be LoS to the AP to keep speeds up Keep randoms off the classroom AP (Guest, etc) VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

5 5Ghz spectrum is the key Design for 5Ghz and 802.11ac
Use Band-steering or selective SSID deployment Keep power low. HT20 channel-plan instead of HT40 in dense areas Airtime fairness prevents starvation VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

6 Roaming issues Sticky-clients: slow to roam
Clients at a lower rate waste airtime for everyone Marginal link quality is frustrating Trim lower MCS rates to encourage roaming Monitor for low rates and associations to distant APs Coverage Models don’t work in HD (1-1) classrooms Newer versions of iOS (5+) fix many WiFi issues VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

7 What is Apple Bonjour Bonjour/mDNS
Bonjour is a discovery and communications method that lets Apple devices communicate over LAN/WLAN Bonjour Screen mirror from an iPhone, iPad, MacBook to an AppleTV Personal use by students in dorms Discovery based on location by all users Shared use among execs in meeting rooms Print from an iPhone or iPad with a Bonjour enabled printer Personal use by execs in offices Shared use based on user role within the org Most Popular Apps What is zero configuration networking? Zero configuration networking (Zeroconf) is designed to enable service discovery, address assignment and name resolution for desktop computers, mobile devices and network services. It is designed for flat, single subnet IP networks such wireless networking at home. Bonjour, Apple’s trade name for its implementation of zero configuration networking, is the most common example. It is supported by most of the Apple product line including the MacOS X operating system, iPhone, iPod Touch, iPad, AppleTV and AirPort Express. Bonjour can be installed on computers running Microsoft Windows operating system and are supported by most of the latest generation of networked printers. Bonjour is also included within popular software programs such as the Apple iTunes, Safari, iPhoto.

8 Challenges with Apple Bonjour / mDNS
1. Designed for home Operates in a single broadcast domain and is not VLAN friendly Devices are not visible across network boundaries Pre-Shared Key (PSK) for Wi-Fi security 2. Limited WiFi performance Multicast use lowest rates L3 forwarding increases Wi-Fi waste Announcements eat airtime What are the challenges in enabling plug-n-play services within large scale WLANs? 1. Lack of visibility: Designed for single VLAN. In large universities and enterprise networks, it is common for Bonjour-capable devices to connect to the network across VLANs. As a result, user devices such as an iPad on VLAN 30 will not be able to discover the Apple TV that resides on another VLAN. 2. Reduced Wi-Fi performance: Enabling service discovery across different IP networks with no control can compromise wireless network performance by generating excessive discovery traffic and generic filtering of such services. When a router is enabled to propagate all the mDNS traffic between VLANs across wired and wireless networks, the network is flooded with mDNS traffic that consumes valuable wireless airtime. Network administrators are faced with a difficult choice between either propagating mDNS traffic across VLANs and risk significant reduction in wireless performance or block mDNS traffic to prevent connectivity for Bonjour-capable devices and services. 3. End user errors: Users get access to wrong set of services by mistake, take over wrong devices for printing or streaming – hence ithout regard for the user context, this creates additional usability issues and helpdesk escalations. What if everyone calls their personal printer “My Printer” and personal AppleTV “My Apple TV”? 3. Prone to end user errors Services do not require authorization Easy to pick the wrong service No directory services

9 Access Network Issues The access layer is being call upon to provide more than just connectivity. Your network vendor should be helping you address the issues that come with 1-to-1 and BYOD initiatives Minimize device-touch with onboarding Direct visibility into how the network is performing Wired/Wireless Convergence (Gartner does not distinguish) Flexibility+options in how the Access Layer is deployed Intelligent Access control (AAA) Address technology-specific issues such as Apple Bonjour VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

10 Onboarding How are you going to configure hundreds of iPads?
First things first: Get it on the network without a phone call Leverage the Apple API for configuration? Certificates? Minimize confusion over SSIDs. Enrollment vs Secured PIN enforcement, other settings above/beyond? VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

11 Onboarding iPad Example
Student connects with AD credentials Credentials are validated, but district policy says device is required to register Student registers at portal Certificates generated and pushed down Network configuration pushed down Device is now functional using unique credentials instead of AD credentials VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

12 Visibility BOTH real-time and historical signal quality
Username/Device type/ Infrastructure health Device association history Location services? VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

13 Flexible Access Layer Architecture
Campus Mode Integrates with high performance controller Same AP, multiple modes of operation Branch Mode Instant branch network with IPSec VPN to a central controller Instant APs form instant campus network without controllers Remote Mode AP enabled with IPSec VPN connect to a central controller

14 Wired/Wireless convergence
Smart AAA Consistent user experience regardless of connection Common areas Staff devices Multi-vendor support VoIP, Printers, Laptops, Voice phones, video cameras = few apps per device

15 Aruba AirGroup Context Based Access
Only the necessary services are made visible to mobile devices – per user, per role, per location. Centralized Registration of Services Simple registration of shared and local services by IT. End users self-register their own personal service. Aerohive can only deliver shared (per role) service delivery. No personal or local services. Aerohive does not support centralized registration of services. Aerohive requires a gateway AP. Cisco does not support shared, personal, local services – just L3 forwarding of services. Cisco does not support centralized registration of services. Cisco requires specific multicast VLAN and SSID. Relies on multicast router. Why is AirGroup different than other solutions in the market? Aruba AirGroup is the only solution that enables context aware secure access to zero configuration networking, such as the Apple Bonjour, in a wireless LAN. In addition to preventing waste of valuable Wi-Fi performance during service discovery, it enables: Context based access control using Aruba Mobility Controllers where the end user’s role within the organization (eg. marketing), devices that he is using (eg. iPad), his location (eg. conference room) are all taken into account before the zero configuration services are made available to that particular user. Self registration of services using Aruba ClearPass Policy Manager where the end user or the IT administrator can register the devices that support zero configuration networking and define user and location based access privileges. Zero touch install of services as it does not require any changes within the existing wireless LAN and wired network configuration. No additional SSIDs, VLANs, IP subnets, MAC filters, etc are required. Zero Touch Install No gateways or multicast VLANs. No additional SSIDs, VLANs, MAC filters. No multicast routing configuration.

16 Aruba AirGroup Personal, Shared, Local Plug-n-Play Services
Teacher Macbook AppleTV in the meeting room Local AirGroup “Apple TVs” Laptop in close proximity Printer in CFO’s office Personal AirGroup “Super” Aruba Access Network AppleTV in the classroom Shared AirGroup “Teachers” Super’s iPad Who is AirGroup for? Aruba AirGroup is available for all Aruba customers who use Mobility Controllers and ClearPass Policy Manager in their network. It is mainly designed for: IT organizations in the general enterprise that want to make zero configuration networking available to end users at work. Use cases may include context based access to shared network resources such as an AppleTV in a conference room for projecting a mobile device screen or printers in common areas. IT organizations in education institutions that want to enable zero configuration networking in classrooms and dormotories. Use cases may include context based exclusive access to a student’s AppleTV in a dorm room (dorm rooms are student’s new home) or to an AppleTV in a classroom registered to be used only by teachers. iPhone in close promixity Printer in the copy room Local AirGroup “Printers”

17 Thank You

Download ppt "Get your network ready for Apple Observations from Aruba Networks"

Similar presentations

SEMINAR ON Wi-Fi.

SEMINAR ON Wi-Fi.
Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)

Wi-Fi Technology ARTI J JANSARI M.E.(C.S.E.):-1ST (E.C.)
Motorola Mobility Management Suite: RF Management

Motorola Mobility Management Suite: RF Management
Chapter 1: Introduction to Scaling Networks

Chapter 1: Introduction to Scaling Networks
BYOD Made Easy The Ruckus Team.

BYOD Made Easy The Ruckus Team.
Salem Health Tech Talk – iPhones, Laptops and Rogue Devices, OH MY!

Salem Health Tech Talk – iPhones, Laptops and Rogue Devices, OH MY!
Securing The Network EDGE December 2010

Securing The Network EDGE December 2010
© 2013 Aerohive Networks CONFIDENTIAL Data Connectors Honolulu Transforming Your Network into a Platform for Mobility AEROHIVE NETWORKS.

© 2013 Aerohive Networks CONFIDENTIAL Data Connectors Honolulu Transforming Your Network into a Platform for Mobility AEROHIVE NETWORKS.
Agenda Product Overview Hardware Interfaces Software Features

Agenda Product Overview Hardware Interfaces Software Features
Application Guide For Mesh AP – MAP-3120

Application Guide For Mesh AP – MAP-3120
1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.

1 © 2005 Cisco Systems, Inc. All rights reserved. CONFIDENTIAL AND PROPRIETARY INFORMATION Cisco Wireless Strategy Extending and Securing the Network Bill.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved AOS & CPPM INTEGRATION CONFIGURATION & TESTING EAP TLS & EAP PEAP by Abilash Soundararajan.
The Challenges of Mobile Connectivity Logistics & Infrastructure Track.

The Challenges of Mobile Connectivity Logistics & Infrastructure Track.
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.

CONFIDENTIAL © Copyright Aruba Networks, Inc. All rights reserved Adaptive Trust Security Policies for Today’s Enterprise Mobility Pete Ryan – ClearPass.
Understanding 802.11ac. What is 802.11ac? 802.11ac is the next generation WiFi standard 3X faster than 802.11n.

Understanding ac. What is ac? ac is the next generation WiFi standard 3X faster than n.
IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District

IPads Everywhere! Management Considerations for the Enterprise Bill Morrison Director of Technology, Rapides Parish School District
WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”

WiFi VS Cellular “Bringing Secure Payment to the Point Of Service”
©2014 Extreme Networks, Inc. All rights reserved. Extreme Networks Optimized Networks Kevin Kuenker, Solutions Architect – Central Region.

©2014 Extreme Networks, Inc. All rights reserved. Extreme Networks Optimized Networks Kevin Kuenker, Solutions Architect – Central Region.
Meraki Mobile Device Management

Meraki Mobile Device Management
All Rights Reserved © Alcatel-Lucent 2010 1 | Enterprise mobility | 2010 Laurent Bouchoucha October, 2010 Seamless mobility in a secure and controlled.

All Rights Reserved © Alcatel-Lucent | Enterprise mobility | 2010 Laurent Bouchoucha October, 2010 Seamless mobility in a secure and controlled.

Similar presentations

Ads by Google