Byod 021413 Bookmarked Final

8/12/2019 Byod 021413 Bookmarked Final

1/62

BYOD and Beyond

access solution

HP Solutions Series

John Faulkner


2/62

HP Press | www.hppress.com

About this bookFocusing on the business challenges and opportunities presented by BYOD,

Access solution of open, standards-based solutions. Discover how thissolution helps businesses of all sizes improve the user experience, strengthensecurity, and simplify management, while reducing capital investments andoperating expenses.

This book is designed for IT department network directors or specialists whoare seeking solutions to their organizations unique networking issues inresponding to the challenges of technological trends, including BYOD, cloudcomputing, virtualization, mobility, and rich media collaboration for a truly

About HPHP creates new possibilities for technology to have a meaningful impacton people, businesses, governments, and society. As the worlds largesttechnology company, HP brings together a portfolio that spans printing,personal computing, software, services, and IT infrastructure to solvecustomer problems. More information about HP (NYSE: HPQ) is available atwww.hp.com .


3/62

HP Solution Series

BYOD and Beyond:Implementing a uni edaccess solution

HP Press660 4th Street, #802San Francisco, CA 94107


4/62

BYOD and Beyond: Implementing a unified access solution

2013 Hewlett-Packard Development Company, L.P.

Published by:

HP Press660 4th Street, #802San Francisco, CA 94107

All rights reserved. No part of this book may be reproduced or transmitted in any form or by anymeans, electronic or mechanical, including photocopying, recording, or by any information storageand retrieval system, without written permission from the publisher, except for the inclusion ofbrief quotations in a review.

Warning and disclaimer

This book is designed to provide information about HP Uni ed Wired and Wireless Access. Everye ort has been made to make this book as complete and as accurate as possible, but no warrantyor tness is implied.

The information is provided on an as is basis. The author, HP Press, and Hewlett-PackardDevelopment Company, L.P., shall have neither liability nor responsibility to any person or entitywith respect to any loss or damages arising from the information contained in this book or fromthe use of the discs or programs that may accompany it.

The opinions expressed in this book belong to the author and are not necessarily those ofHewlett-Packard Development Company, L.P.

Readers should be aware that Internet websites o ered as citations and/or sources for furtherinformation may have changed or disappeared between the time this is written and when it isread.

Trademark and acknowledgments

All terms mentioned in this book that are known to be trademarks or service marks have beenappropriately capitalized. HP Press or Hewlett Packard Inc. cannot attest to the accuracy of thisinformation. Use of a term in this book should not be regarded as a ecting the validity of anytrademark or service mark.


5/62

Feedback information

At HP Press, our goal is to create in-depth technical books of the best qualityand value. Each book is crafted with care and precision, undergoing rigorousdevelopment that involves the expertise of members from the professionaltechnical community.

Readers feedback is a continuation of the process. If you have any com-ments regarding how we could improve the quality of this book, or other-wise alter it to better suit your needs, you can contact us through email [email protected] . Please make sure to include the book title inyour message.

We appreciate your feedback.

HP HEADQUARTERSHewlett-Packard Company3000 Hanover StreetPalo Alto, CA94304-1185USA

Phone: (+1) 650-857-1501Fax: (+1) 650-857-5518

HP, COMPAQ and any other product or service name or slogan or logo contained in the HP Presspublications or web site are trademarks of HP and its suppliers or licensors and may not be copied,imitated, or used, in whole or in part, without the prior written permission of HP or the applicabletrademark holder. Ownership of all such trademarks and the goodwill associated therewithremains with HP or the applicable trademark holder.

Without limiting the generality of the foregoing:

a. Microsoft, Windows and Windows Vista are either US registered trademarks or trademarks ofMicrosoft Corporation in the United States and/or other countries; and

b. Celeron, Celeron Inside, Centrino, Centrino Inside, Core Inside, Intel, Intel Logo, Intel Atom,Intel Atom Inside, Intel Core, Intel Core Inside, Intel Inside Logo, Intel Viiv, Intel vPro, Itanium,Itanium Inside, Pentium, Pentium Inside, ViiV Inside, vPro Inside, Xeon, and Xeon Inside aretrademarks of Intel Corporation in the U.S. and other countries.
mailto:feedback%40hppressbooks.com?subject=mailto:feedback%40hppressbooks.com?subject=


6/62

iv

Contents

Chapter 1 Business opportunities versusnetworking challenges ....................................................... 1Consumerization driving BYOD .......................................................... 2

Video driving UC&C.............................................................................. 3

Technological challenges to BYOD and UC&C solutions ................. 4Consumer devices, video, and voice ............................................ 4Legacy systems ............................................................................... 5BYOD .................................................................................................. 5

Beyond the technical challenges ....................................................... 6UC&C and rich media....................................................................... 7

IT factors driving unified access ........................................................ 7Vendors moving beyond physical connections ............................... 9

Gartner Magic Quadrant: HP a leader ............................................. 11

The HP solution .................................................................................. 12

Chapter 2 The HP Unified Wired and Wireless

Access solution ...................................................................... 15

Evaluating your current infrastructure .......................................... 16Architectural considerations ....................................................... 16Four top considerations ............................................................... 16

Changing the rules of user access ................................................... 18

The HP three-phase approach ......................................................... 18Phase 1: Unify wired and wireless networks ............................ 19Phase 2: Optimize for wireless connectivity ............................. 20Phase 3: Accelerateprovide wireless as the key form of

connectivity ................................................................................ 21Unifying the campus edge with integrated functionality ........... 23


7/62

v

Chapter 3 Building a better network with HP ....................... 27HP Unified Wired and Wireless Access ............................................ 27

HP wired switches for Unified Wired and Wireless Access ........... 29

HP WLAN access points and controllers for unified access ......... 33

Features and benefits of HP Intelligent Management Center ..... 36

Chapter 4 HP unified access meets the challenge ............ 41Key unified access features: BYOD .................................................. 42

Key unified access features: UC&C .................................................. 43Key unified access features: rich media ......................................... 45

Chapter 5 Expert resources and next steps ............................ 49HP expertise ....................................................................................... 49

HP ExpertOne career certifications for IT professionals ............. 50

More resources .................................................................................. 52


8/62


9/62

Chapter 1

Business opportunitiesversus networkingchallenges

In this chapter

9 What are the technological challenges to implementing rich-media, bring-your-own-device (BYOD), and uni ed communications and collaboration(UC&C) solutions which can also be virtualized?

9 What is the best way to unify a wired and wireless LAN (WLAN) edge? 9 What are the business requirements for implementing BYOD and UC&C policies

and procedures?

9 How do industry analysts position the HP solution for uni ed wired andwireless access?

9 What is the HP solution for BYOD and UC&C challenges?

T he rise of bring your own device programs is the single most radicalshift in the economics of client computing for business since PCs invaded theworkplace, 1 writes analyst David Willis for Gartner, Inc. Whether you are con-templating the creation of a BYOD program or currently trying to establishone, you already know that Mr. Willis is not overstating the obvious. Thereare not only new device types coming online but also rich-media applicationsthat integrate voice, instant messaging, video, and email with enterprisesoftware. This adds a new dimension of integration so that employees cancommunicate in real time and increases emerging technologies, such as vir-tualization, which need speci c security and compliance requirements. And,


10/62

2 Chapter 1: Business opportunities versus networking challenges

although the trend has far-reaching implications not only for companies butalso for the global workforce, the solutions cannot be revolutionary but must

be evolutionary .In this chapter, we examine the factors that are driving companies like yoursto implement BYOD and UC&C initiatives. The success of those initiatives isdependent on the consolidation and simpli cation of the network. We alsoexplore business requirements for BYOD and UC&C initiatives and the reasonsHP is positioned as a leader. And we take a conceptual look at HP Networkingsolutions.

Consumerization driving BYODSeveral consumer factors have shaped the acceptance of personal devices inbusiness environments:

z Approximately half of U.S. adults own a smartphone, with rates higheramong more educated and well-o individuals. 2

z The endpoint commodities, such as smartphones, tablets, and laptops,used by consumers compared to business users are converging. In themid-1990s, devices used by business were very di erent from their con -sumer counterparts. Today, however, consumer smartphones and tabletsoften surpass the requirements of the business user.

z With signi cantly improved network performance, personal devices canuse powerful software that is in the cloud.

z Consumers not only have more demanding computing devices but theyare also upgrading faster than in the past.

Consequently, companies can keep up with mobile technology innovation moree ectively by catering to consumer devices rather than by adopting technol -ogy at the slower traditional pace of business. BYOD programs can improveemployee satisfaction, which can be critical to attracting and retaining tal-ented sta . Many Gartner clients report that satisfaction with IT improvessubstantially among users who opt in to companies BYOD programs. 3 Plus,consumer buyers can take advantage of device and domestic-service coststhat typically are on par with the deals that companies can leverage for theiremployees. As this parity creates an impact on commodities and services,the only di erence between consumer and enterprise endpoints is the soft -warean area that IT can a ect and, in many ways, control.


11/62

3BYOD and Beyond

Figure 1-1 Working environment requiring uni ed access solution

Video driving UC&CLike the BYOD movement, several factors have shaped the business video-based communications that drive UC&C strategies, such as:

z Simpli ed and more e ective usage of the increasingly broad range ofcommunications and collaboration options, such as VoIP phones, forexample.

z Improved responsiveness of individuals and groups to events like video-based webinars.

z Increased integration of communication functionality and tools, such asMicrosoft Lync with applications like Microsoft O ce.

Some types of rich-media communications are more prevalent, such as web-casts and video conferencing, and some are new, such as troubleshootingmanufacturing processes, creating transparency of government processes,and surveillance. Others include customer and employee training, as well asdigital signage.


12/62


These UC&C methods can be divided into two categorieslive streaming(such as one-to-many webcasts, one-to-one video conferencing, many-to-

one video collaboration, or many-to-one surveillance) and on-demand video(training, downloading, movies, and digital signage). The demands on thenetwork are di erent for each one: real-time streaming is very susceptible tonetwork delays, and on-demand video is more resilient due to local bu ering.

Rich communications over the network require an infrastructure that deliv-ers low latency and high resiliency and that ensures end-to-end tra c pri -oritization. The solution stack involves functionality from infrastructure toapplication layers. The network layer supports functionality, such as wiredand wireless connectivity, QoS, virtualization, and optimization. The sessionlayer provides video-call initiation, user registration, and interoperability; theapplication layer provides access to video application and integration withother UC&C applications. Security and manageability span across each layer.

Technological challenges to BYOD and UC&C

solutionsIT is straining to adapt to the challenge of providing secure connectivity for:

z Users who are on the move.

z Devices that talk to one another without human intervention.

z Workers reliance on real-time, interactive, and cloud-based applicationsand services.

Consumer devices, video, and voice

Campus and branch networks must adapt to the latest WLAN mobility require-ments for the new digital lifestyle driven by the consumerization of IT. A 2012Gartner survey of CIOs at Gartner Summit events in the United States andEurope indicated that by 2014, 80 percent of the global workforce might be

eligible to participate in BYOD programs. 4

As video gains popularity for everyday collaboration, the rise of IP voice andvideo is requiring campus networks to have higher levels of performance andavailability. To deliver the high-quality experience users expect from voiceand video (which is driven by consumerization), the campus network mustscale signi cantly to accommodate increased bandwidth, users, and services.


13/62

5BYOD and Beyond

Legacy systems

Most enterprise networks were designed before the widespread adoption ofmobility. Distributed applications and video, PCs, servers, and other comput-ers were stationary. Applications were client/server, and user connectivity andnetwork design were rigidly de ned. Advanced threatsgrowing in sophisti -cation and persistence every dayare bombarding corporate networks andendpoints. Using legacy three-tier architectures to provide secure access toworkers who often access enterprise resources over both secured and unse-cured wired, wireless, and remote connections is too complex and costly.

As employees personally owned smartphones, tablets, and laptops gainaccess to the heart of corporate applications, resources, and data, the swiftuptake of BYOD programs heightens the challenge. The velocity of transition-ing to these new requirements makes the divide wider between wired andwireless on the campus and branch networks. Readily apparent to networkadministrators, swivel-chair management is the norm as IT juggles mul-tiple disjointed tools in an attempt to control the entirety of the enterprisenetwork.

BYOD

A BYOD strategy is often for a large minority of professional employees andpart-time workers, but it is also being considered for the majority of contrac-tors, interns, consultants, and other workers not directly employed by theenterprise. With a BYOD program, users are permitted certain access rights to

enterprise applications and information on personally owned devices, subjectto users accepting enterprise security and management policies. Users selectand purchase devices, although IT might provide a list of acceptable devicesfor purchase. In turn, IT provides partial or full support for device access,applications, and data. In each case, support might be limited. Each organi-zation decides whether to provide full, partial, or no reimbursement for thedevice or service plan.

ITs best strategy to deal with the rise of BYOD is to address it with a combi-nation of policy, software, infrastructure controls, and education in the nearterm and with application management and appropriate cloud services in thelonger term. BYOD impacts corporate risk, infrastructure and software costs,customer service levels, and TCO. It typically requires delivery mechanisms


14/62


(app stores, le-sharing systems, and desktop virtualization) and signi canttechnology protections, including authentication, network access control

(NAC), mobile device management (MDM) and mobile application manage-ment, encryption, and content protections. It often forces companies to adoptthinner-client architectures, multiplatform mobile-application developmentenvironments and frameworks, and HTML5 for mobile applications.

Companies might decide for various reasons not to have a BYOD program. Intodays business world, however, it is as important to declare that personaldevices are not acceptable endpoints to access company data as a policy as it

is to develop a BYOD program. Otherwise, employees might assume that BYODis an acceptable practice, and this assumption can unnecessarily complicateemployee expectations and relationships.

Beyond the technical challengesAlthough the technical challenges are most critical to the success of BYOD

initiatives, several administrative tasks are also fundamental to e ectivelyimplementing and sustaining BYOD policies, including:

z Organization-speci c BYOD policies that are developed in conjunctionwith Legal and HR.

z Guidelines for who is eligible (and who is not).

z New employee agreements for support, risk, and responsibility.

z Adjustments to service levels.

z Service-desk training.

z Funding and reimbursement strategies.

z Employee education.

z IT speci cations on acceptable devices.

The approach to BYOD policies typically requires customization by country. It canalso have tax implications for both employee and employer.


15/62

7BYOD and Beyond

UC&C and rich media

E ective communication tools are critical for the success of businesses. Withthe adoption of new technologies, business communications are constantlychanging. Not too long ago, new tools emerged, such as email, instant mes-saging, collaboration applications, and thin clients. Presence has now becomean integral part of the repertoire of communication tools. As a result, legacytelephony systems are migrating to VoIP systems to reduce operational costsand to simplify integration with other UC&C tools.

Now, visual communication is in the vanguard, and businesses are deciding

how to make use of video. Video communication can be used to resolve cus-tomers issues quickly, train employees and customers, and help executivemanagement teams communicate corporate priorities with an entire organi-zation simultaneously. IP cameras are deployed in process manufacturing totroubleshoot issues with production lines and for surveillance at public ven-ues, like malls and stadiums. Frost & Sullivan research shows that 76 percentof companies use some version of video conferencing today, and 38 percentuse it extensively throughout their organizations. 5

Legacy networks were designed to handle data communications. The con-vergence of data, voice, video, and collaboration tools is pushing legacy net-works to a breaking point. The impact of enabling video is immediately felton the network, so careful consideration must be given to designing optimalnetworks with capabilities to support rich-media communications.

IT factors driving unified accessIn addition to the demand for BYOD and UC&C solutions, limited IT resourcesand reduced IT budgets are dictating what IT purchases and deploys at theedge of the network. As businesses adjust the size of their infrastructures fore ciency, the number of switching ports at the network edge continues todecrease. And, according to a 2012 Gartner survey, 76 percent of enterpriseshave only one employee dedicated to making these changes. 6 As a result,

these changes are driving the evolutionary emergence of a uni ed accesslayer that provides both wired and wireless connectivity.


16/62


Gartner Report: Impact of WLANs and reduced complexity at the edge

According to Gartner research, 7 WLANs will address the new connectivity

requirements, and enterprises will re-evaluate how wired ports are used, elimi-nating unneeded ports. IT organizations will reduce the complexity and costs ofprovisioning and managing network components by eliminating the need forduplicate network applications and consoles. The following is excerpted fromthat report.

Impact: Wireless LANs will address new connectivity requirements, andenterprises will rightsize the edge of the network by re-evaluating howwired ports are used and eliminate unneeded ports.

IT organizations continue to scrutinize network designs. At the edge of thenetwork this includes understanding how many users are actually connectingto the wired ports that are currently deployed within the enterprise. Standardnetwork tools will report to IT managers the number of times the network isaccessed and how active network ports have been for a de ned period of time.These reports will help enterprise eliminate unused ports without a ecting ser -vice to end users. Users are bringing more devices to the enterprise for connec-tivity, and these new devices are seeking wireless connectivity, so rightsizingthe current usage of existing ports will decrease the number of switch ports

that need to be refreshed, as well as the savings associated with the mainte-nance and requirements for additional upstream ports.

Impact: IT organizations will reduce the complexity and costs of provisioning and managing network components by eliminating the need for dupli- cate network applications and consoles.

As switching companies continue to integrate wireless products into a uni edaccess layer solution, enterprises are looking for the tools needed to provi-sion, manage, secure and maintain all components with the access layer of

the network to be consolidated. It is no longer acceptable to have two di erentnetwork management applications or di ering guest access applications, espe -cially if the solution is being provided by the same vendor. Unifying network ser-vice applications reduces complexity by providing a single display and reducescosts associated with redundant solutions.


17/62

9BYOD and Beyond

Impact: Network service application innovation is being delivered by WLANvendors, and enterprises will purchase this new function across the edge ofthe network to both wired and wireless clients.

Innovative leadership functionality for network service applications in recentyears has been led by wireless vendors. The adoption of 802.1X for clientsecurity across the network was enhanced when the industry felt that wire-less networks were unsecure. Guest access has moved from a media accesscontrol (MAC) access control list (ACL) with a single captive portal experienceto certi cate-based and Web-based authentication methods that provide afront end to multiple captive portals that allow IT organizations to de ne theend-user experience with much more granularity. The ability to integrate con-

text-aware variables such as location, as well as time and date, provide evenmore granularity for enterprises to control where and when users access thenetwork.

Vendors moving beyond physical connectionsMore frequently, vendors are providing network services and applications

beyond the physical connection, including:z Role-provisioning and guest-access administration for wired and

wireless guests.

z Firewalls.

z Policy enforcement.

z Network management integrated with system management that is aware

of wired components and is WLAN-vendor independent.

z Onboarding and NAC, including authentication and authorization services.

z WLAN forensics.

z Intrusion protection for wired LANs and WLANs.

z Voice services that enhance the application, including integrating withuni ed communications services.

z Video services that enhance the application.

z Location-based services, context-oriented services, and assetmanagement.


18/62


As vendors continue to expand their functionality, they provide additionalinformation to enterprises, enabling clients to maximize the productivity and

ROI of all access-layer connectivity.

Unified access business requirements for BYOD and UC&C programs

To establish BYOD and UC&C programs, several business requirements must bemet:

z Secure network access for end users, regardless of device types, thatis, consistent security and policy enforcement for all wired and wire-less devices.

z Provide seamless performance for enterprisewide applications acrossthe wired and wireless network so that video and rich media runsmoothly with wireless near-gigabit speeds.

z Accelerate productivity across the organization (rich-media accessfrom any wired or wireless device).

z Reduce the complexity and the costs of provisioning and managingnetwork components (integrated network management tools with

full network and application visibility). z Purchase devices and software that are based on industry standards.

HP Networking is placed in the Leaders section* of the Gartner Magic Quadrantfor the Wired and Wireless LAN Access Infrastructure. 8

*Gartner does not endorse any vendor, product, or service depicted in its researchpublications and does not advise technology users to select only those vendorswith the highest ratings. Gartner research publications consist of the opinions of

Gartners research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to thisresearch, including any warranties of merchantability or tness for a particularpurpose.


19/62

11BYOD and Beyond

Gartner Magic Quadrant: HP a leader

Gartner evaluation criteria

To place vendors in the Magic Quadrant for the Wired and Wireless LAN AccessInfrastructure arena, Gartner based its in-depth analysis on a wide variety ofcriteria, from the e ectiveness of the products to the health of the organiza -tion, as well as presales, marketing, operations, and completeness of vision.

Ability to execute

z Product/service z Overall viability (business unit, nancial, strategy, or organization)

z Sales execution/pricing

z Market responsiveness and track record

z Market execution

z Customer experience

z Operations

Completeness of vision

z Market understanding

z Market strategy

z Sales strategy

z O ering (product) strategy z Business model

z Vertical/industry strategy

z Innovation

z Geographic strategy

According to the research analysts at Gartner, Connectivity at the edge ofthe enterprise network is more than just a wired or wireless LAN infrastruc-ture. Enterprises must choose infrastructure vendors that support networkservices, including security and management, and can integrate wired andwireless networking products. 9


20/62


To help its clients nd the right vendor for their wired and wireless infra -structures, Gartner has developed its Magic Quadrant for Wired and Wireless

LAN Infrastructure by evaluating vendors that supply such products with acomprehensive set of criteria (see sidebar, Gartner evaluation criteria). Thequadrants four sections are labeled Challengers, Niche Players, Leaders, andVisionaries.

The HP solutionHP integrates functionality to unify access at the network edge. The HP solu-tion includes a comprehensive portfolio of campus access technologies sothat businesses can deliver high-performance, reliable network services togrowing numbers of mobile users, with many bene ts, including:

z High-performance wireless to support todays and tomorrows mobiledevices.

z Optimal wireless and high-speed wired connectivity.

z HP Intelligent Management Center (IMC) role-based access and central-ized policy enforcement for consistent wired and wireless security.

z Energy e ciency for greater savings.

z Greater visibility into network and application performance with HP IMCsingle-pane-of-glass management.

z Simpli ed architecture with enterprise-class reliability.

z Global reach of HP sales channel, plus service and support.


21/62

13BYOD and Beyond

Key takeaways

With the HP Uni ed Wired and Wireless Access solution, IT can unify wired and wire -less LANs to deliver consistent user experience, integrated security, and single-pane-of-glass management.

9 End-device security and management, along with reliable network perfor-mance for wired and wireless connectivity, optimized power, and clear visibil-ity, are the key technological challenges faced by IT today.

9 Secure access, smooth enterprise-application delivery, worker satisfaction,

reduced complexity, and industry standards are key requirements for a uni-ed access solution.

9 The HP Networking portfolio of solutions that provide wired and wirelessaccess, plus network managementall based on industry standardsis thekey reason behind HP leadership in the Gartner Magic Quadrant. The HP saleschannel and service and support provide global reach and access to opportu-nities that few companies can match.

9 Campus networks can be uni ed with the HP Uni ed Wired and WirelessAccess solution to improve the user experience, strengthen security, and sim-plify management. By integrating wired and wireless networks at the edge,you can more e ectively enforce security and manage the network as a cohe -sive integrated system.

In the following chapters, we look at the details of the uni ed wired and wire -less access solutions, speci c HP technologies, their bene ts and features,

and how these products and services meet the connectivity challenges of yourenterprise. We also outline next steps and describe how to take advantage ofkey HP services to unify your enterprises wired and wireless connectivity.


22/62


References

1 Willis, David. Bring Your Own Device: New Opportunities, New Challenges. Gartner,

Inc. August 16, 2012. www.gartner.com/id=2125515 2 Smith, Aaron. Nearly half of Americans adults are smartphone owners. Pew

Internet, Pew Charitable Trust, March 1, 2012. www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspx

3 Willis, David. Bring Your Own Device: New Opportunities, New Challenges. Gartner,Inc. August 16, 2012. www.gartner.com/id=2125515

4 Disabato, Michael. Creating a Bring Your Own Device (BYOD) Policy. Gartner, Inc.April 13, 2012. www.gartner.com/id=1983515

5 Best Practices for Successful Video CollaborationServices Make All the Di erence.Frost & Sullivan. July 2010. https://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdf

6 Zimmerman, Tim, and Mark Fabbi. Uni ed Access Layer Forces Changes toInfrastructure Thinking at the Edge of the Network. Gartner, Inc. March 20, 2012.www.gartner.com/id=1955717

7 Ibid.

8 Zimmerman, Tim, and Mark Fabbi. Magic Quadrant for the Wired and Wireless LANAccess Infrastructure. Gartner, Inc. June 13, 2012. www.gartner.com/id=2048215

9 Ibid.
http://www.gartner.com/id=2125515http://www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspxhttp://www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspxhttp://www.gartner.com/id=2125515http://www.gartner.com/id=1983515https://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdfhttps://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdfhttp://www.gartner.com/id=1955717http://www.gartner.com/id=2048215http://www.gartner.com/id=2048215http://www.gartner.com/id=1955717https://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdfhttps://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdfhttp://www.gartner.com/id=1983515http://www.gartner.com/id=2125515http://www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspxhttp://www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspxhttp://www.gartner.com/id=2125515


23/62

Chapter 2

The HP Unified Wired andWireless Access solution

In this chapter

9 What issues should you consider before planning a uni ed access solution? 9 What is the HP approach to implementing a uni ed access solution? 9 What is the current HP Uni ed Wired and Wireless Access solution? 9 What key features are critical to deploying a uni ed access solution?

Now that your company has decided to implement a BYOD program, youhave been tasked with addressing the technical issues. Your legacy IT infra-structure is struggling to keep up with current needs, and now you need toensure network performance for bandwidth-intensive applications, simplifydeployment and management, and maintain security with limited resources.The preferred way for your users to connect to wireless is through a WLANrather than through lower-speed 3G or 4G networks.

Your employees and contractors around the globe need access to applicationsfrom anywhere at any time to stay productive, which means applicationsmust be delivered awlessly from a virtual data center to a virtual workplace,around the clock. Before we look at the HP three-phase approach to unify-ing your network access, consider the four top issues for evaluating a uni ed

wired and wireless access solution that can help you design a road map forsuccess.


24/62

16 Chapter 2: The HP Unified Wired and Wireless Access solution

Evaluating your current infrastructureStart your road map for a uni ed network by assessing and evaluating yourexisting network infrastructure and how your organization wants to growthe network based on which applications need to be accessed by which usersand from which locations. Next, estimate the tra c load that wireless usersand new mobile applications will impose upon the wired and wireless infra-structure. Then, identify potential bottlenecks that might require capacityupgrades.

Architectural considerations

When unifying wired and wireless, there are also architectural considerations.You need to provide uni ed network access as part of a networking solutionthat leverages common hardware and software. Then, you must also pro-vide consistent and correlated wired and wireless services, such as networkmanagement and policy enforcement, as well as a scalable network core tooptimize end-to-end application performance. When implemented correctly,mobility appears as just another integrated service of an enterprise network-ing solution, like routing and security.

Four top considerations

Before we describe the HP Uni ed Wired and Wireless Access solution, wetake a look at the four top considerations to implementing a uni ed wired and

wireless network:

z Level of integration Consider the level of integration between wiredand wireless in a solution. Without the correct level of hardware integra-tion, it is di cult for a solution to provide meaningful TCO reduction. Forwired network devices, consider either integrated chassis-based solu-tions to lower acquisition costs, reduced rack space, and redundancyfor always-on uni ed network access, or stackable switches that allow

for growth over time. For wireless solutions, consider the latest genera-tion of 802.11 technology for increased throughput, performance, andreliability.


25/62

17BYOD and Beyond

z Comprehensive, uni ed network management It is no longer accept-able to have multiple network management applications or di ering

guest access and BYOD solutions. A common, intuitive, and automatedsolution for provisioning, monitoring, troubleshooting, and reportingthat is based on combined and correlated wired and wireless networkinformation is essential. This reduces software complexity, maintenancecosts, and unplanned downtime by eliminating the need for redundantnetwork management applications. In other words, uni ed managementshould improve operational and administrative e ciency, along withproblem resolution. As a result, your IT sta has more time to focus on

strategic initiatives.

z Integrated security Role-based access and centralized policy enforce-ment ensure that security and policies are assigned and applied consis-tently for wired and wireless network access. Also, consider solutionswith integrated BYOD support to provide network access control, policyenforcement, and quarantining for employee-owned devices, ensuringthe security and regulatory compliance of your network infrastructure.

z Open standards A uni ed access layer that is based on industry stan -dards ensures a level of compatibility with installed endpoints and sys-tems, and it simpli es support and integration of applications in yournetwork. A survey from Information Week Analytics on its NetworkComputing website con rms that IT buyers favor products built to indus -try standards over those with the latest innovation. 1 The report alsonotes a general wariness of proprietary features, where many cutting-edge capabilities are in uxeither the standards arent complete or areyet to be widely adopted. (For more information, see also the HP article,Top 4 Considerations for Uni ed Wired and Wireless Access Solutionsby Martine Velkeniers at h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941 .)
http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941http://localhost/var/www/apps/conversion/tmp/scratch_1/h30507.www3.hp.com/t5/HP-Networking/Top-4-considerations-for-Unified-Wired-and-Wireless-Access/ba-p/128941


26/62


Changing the rules of user accessAt HP, we are changing the rules of networking with HP FlexNetwork architec-ture, a component of proven HP Converged Infrastructure (for more informa-tion about HP Converged Infrastructure or HP FlexNetwork architecture, go toh17007.www1.hp.com/us/en/converged-infrastructure/ ). With FlexNetworkarchitecture (see Figure 2-1), networks can be open, scalable, secure, agile,and consistent from the data center, where applications are generated, to thecampus and branch, where users consume them.

Figure 2-1 The HP FlexNetwork architecture

With HP FlexCampus, an integral part of HP FlexNetwork architecture, you canunify wired and WLAN campus networks to deliver consistent user experience,integrated security, and single-pane-of-glass management. The solution seam-

lessly connects servers, storage, applications, and end users across a high-performance network with one management platform to give you a simpli edarchitecture, improved security, agile service delivery, and reduced IT costs.

The HP three-phase approachThe HP vision is an evolutionary three-phase approach to unifying network

access that protects your existing investments and minimizes disruptionalong the way. In the rst phase, you begin by unifying your existing wirednetwork with your wireless network. In the second phase, you optimize thecampus network for wireless connectivity. And, in the third phase, you accel-erate by establishing wireless as the key form of connectivity, o ering wiredas needed (see Figure 2-2).
http://localhost/var/www/apps/conversion/tmp/scratch_1/h17007.www1.hp.com/us/en/converged-infrastructure/http://localhost/var/www/apps/conversion/tmp/scratch_1/h17007.www1.hp.com/us/en/converged-infrastructure/


27/62

19BYOD and Beyond

Figure 2-2 HP three-phase approach to unifying access

Phase 1: Unify wired and wireless networks

In the rst phase, you unify access to wired and wireless networks to bringtogether these once-disparate networks in a seamless fashion. Unifyingaccess improves the user experience and lowers capital and operational

expenses. HP provides the exibility to choose networking solutions that tyour companys business needs. We o er a broad portfolio of wired switchesand wireless LANs, and we continue to evolve our switches and mobilitysolutions.

HP o ers the following to unify the wired and wireless LAN access layercomponents:

Integrated and dedicated wireless controllers Seamless integration of

WLAN controllers with HP xed and modular switching platforms is an optionfrom HP. These integrated controllers unify hardware to provide the neces-sary high availability and redundancy with one device to manage. Anotheroption is dedicated mobility controllers, which are also available for custom-ers with multivendor wireless networks.


28/62


Uni ed management and BYOD HP Intelligent Management Center, or IMC,provides network monitoring and security for wired and wireless networks.

HP IMC gives IT a single-pane-of-glass management application for the cam-pus network and for data center and branch o ce networks.

The HP Uni ed Wired and Wireless Access solution leverages technologies inHP IMC and the network infrastructure to protect company-issued and per-sonally owned mobile devices. Your administrators can specify the networkaccess rules, policies, and endpoint health posture requirements to meetyour organizations policies and industry-compliance requirements. IT canalso manage BYOD devices across the full cycle, including device onboard-ing, provisioning, and monitoring, from the same tool. Network security andperformance policies for BYOD and company-owned mobile devices can bedynamically provisioned based on user, device, location, and endpoint secu-rity health.

Uni ed features Because all HP products are based on industry standards,IT can deploy consistent features and access policies for all devicesno mat-ter what type of device it is. Features, such as 802.11x, sFlow, and QoS, canbe set once and pushed to all devices to provide consistency across the net-work. Also, with features such as Power Over Ethernet (PoE), managementpolicies can be set to turn o devices at certain times during the day to helpwith energy e ciency.

Phase 2: Optimize for wireless connectivity

After implementing uni ed wired and wireless access in Phase 1 with the cur -rent HP tools, you can further optimize the WLAN on your campus networks.It is a new opportunity to rebalance your networks to make the WLAN ubiqui-tous. You can also reduce redundant access where and when it makes senseto further reduce capital and operational expenditures through HP VirtualApplication Networks.

In addition, HP RF optimization features and HP Wi-Fi Clear Connect software

are important in further optimizing the performance of your wireless campusnetwork. HP Wi-Fi Clear Connect automatically monitors and tunes the per-formance of your WLAN and adjusts to the changing RF conditions presentin your environment. These capabilities make it easier for you to deliver theseamless Wi-Fi experience that your workers expect today.


29/62

21BYOD and Beyond

Figure 2-3 HP Virtual Application Networks with HP FlexNetworkarchitecture

Phase 3: Accelerateprovide wireless as the key form ofconnectivity

In the third phase, you establish wireless as the key form of connectivity andwired availability as needed. During this phase, your IT can move to an all-wireless network. You can also deploy Virtual Application Networks auto-mation and administration with SLA monitoring, global policy management,highly granular access-based threat management, and agile provisioning.

HP Virtual Application Networks delivers large-scale performance, resil-iency, and security, as well as improved wireless capacity through RF innova-tion, such as multiuser multiple input and multiple output (MIMO) and smart

antenna technology, along with advanced network management tools. Inaddition, Virtual Application Networks provides a seamless interface to thesuite of HP Business Process Management tools for dynamic problem reso-lution, advanced analytics and client self-provisioning, distributed QoS andapplication support, and per-port intrusion prevention with acceleration.


30/62


Figure 2-4 HP Virtual Application Networks

Administrators use templates to characterize application-delivery require-ments to ensure optimal application performance and reliability. Di erentvirtual networks can be designed to t the needs of your various ten -ants, applications, and services. Policy templates specify a broad range ofparameters, from QoS to security to bandwidth requirements. Polices areenforced consistently, even in global networks. The foundation of the VirtualApplication Networks solution is HP IMC, which provides the tools to design,create, and manage these virtual networks. Ultimately, your administratorscan quickly and e ciently design network connectivity and instantly connectnew services, applications, and users to your network. Another key advanceis that IT can manage the network with policies rather than with CLI scripts.


31/62

23BYOD and Beyond

Unifying the campus edge with integratedfunctionality

The HP Uni ed Wired and Wireless Access solution gives your IT the platformit needs to capture todays rich-media, BYOD, UC&C, and converged-infra -structure transformations to enable business innovations. Selecting productsfrom the comprehensive HP portfolio of campus access technologies, yourbusiness can deliver reliable high-performance network services to mobileusers and rich-media applications. With guest and BYOD access, high-speedperformance, consistent policy enforcement, and single-pane-of-glass man-

agement, HP uni ed access solutions deliver a clear advantage over stand-alone wired or wireless LAN solutions.

High-performance wireless HP o ers a portfolio of high-performancewireless solutions, including dual 802.11n 450 Mb/s access points (APs) withthree-stream technology. Also, HP MultiService Mobility (MSM) access points,RF optimization features, and wireless controllers deliver the wired-like per-formance needed to support todays mobile workers.

Optimal wireless connectivity Enterprises and solution providers can useHP RF Planner to accurately model WLAN coverage by factoring in variables,such as physical features, building materials, and WLAN equipment char-acteristics. With RF Planner, your network architects can optimize 802.11nnetworks for todays dense mobile environments. RF Planner also facilitatesdeployment by assessing security risks and generating equipment lists.

As organizations add WLAN capacity to meet workers mobility needs, they

typically deploy more PoE. PoE gives organizations greater exibility indeployment and eliminates the need to run additional wires to power wire-less access points or IP phones, IP surveillance cameras, and other devices.HP supports 802.3af PoE and IEEE 802.3at PoE+ in a broad selection of HPswitches.

Uni ed security and policy In a world where users are constantly on themove, you can unify access control with HP products to strengthen your secu-

rity. Permissions are associated with a users identity, so the appropriatesecurity policies are appliedregardless where the user goes. IT has a con-sistent method to provide guest and BYOD access, user authentication, policyenforcement, and user management, whether users connect over wired or


32/62


wireless networks. Unifying access control also reduces the number of net-work tools. And it reduces the complexity and cost of the network application

services needed to provision, manage, and authenticate users across one ormultiple enterprises.

Today, with the HP Uni ed Wired and Wireless Access solution, you can deployhardware platforms on the access layer with integrated functionality thatdeliver uni ed wired and wireless LAN connectivity, including guest access,single-pane-of-glass management, and reliable security and policy enforce-ment. With this integration, you can deliver a consistent user experience whileminimizing capital and operational expenditures.

Energy e ciency for greater savings With HP solutions, you can optimizepower for your campus networks and thus deliver additional savings. MultipleHP switches support Energy-E cient Ethernet (EEE). Also known as IEEE802.1az, EEE optimizes switches power usage by reducing power to switchports when they are not transmitting or receiving.

In addition, multiple HP switches conserve power through power-manage-

ment techniques implemented in the highly integrated HP ProVision applica-tion-speci c integrated circuits (ASICs), including voltage islands and variableclocking, which reduce the chips power consumption.

Greater visibility into network performance HP products support sFlow,which provides clear visibility to the usage and active routes of both wiredand wireless connections. Integrated support for sFlow across HP Networkingportfolio means higher performance and a more cost-e ective solution. UsingHP sFlow, your administrators have insight into metrics, such as top talkers,top applications, and network connections, on wired and wireless networks.Network monitoring and troubleshooting is simpli ed with a uni ed accesslayer, and support for sFlow is essential for gaining visibility to the uni ednetwork.

Single-pane-of-glass management HP IMC delivers uni ed and consistentmanagement for all network components, including wired and wireless net-works, and delivers single-pane-of-glass management. In addition, accesscontrol, application performance management, and management of VirtualApplication Networks on the campus are modular features that can be addedto IMC, further extending its rich capabilities.


33/62

25BYOD and Beyond

Role-based access and centralized policy enforcement Identity-basedaccess ensures that the appropriate security and policies are applied consis-

tently, whether the user connects through a wired or wireless LAN. AdvancedQoS provides your users with the optimal experience, even when using time-sensitive voice, video, and other rich-media applications. With HP IMC, youcan enforce the controls you need, while giving users the freedom to use themobile devices they want.

Enterprise-class reliability and lifetime warranty All HP Networkingswitches that are part of the HP Uni ed Wired and Wireless Access solutionare backed by the HP lifetime warranty with next-business-day advancereplacement. There is no charge for software updates and phone support.This lifetime warranty from HP with free, normal-business-hours phone sup-port drastically reduces your TCO. While most businesses pay close attentionto the availability and reliability of their core networks, campus networks areoften considered to be less critical. However, mobility makes the resiliencyof the campus network more important than ever before. If a wired switchfails, the attached access points can lose connectivity, potentially cutting o

network services to hundreds of users. HP access switches are prepared tomeet high levels of reliability, and they are designed with redundant and hot-swappable power supplies, modules, and fans to ensure continuous networkoperations.


34/62


Key takeaways

Before you begin planning for a uni ed network, there are several issues to take intoconsideration. After you understand these issues, you can use the HP three-phaseapproach to implement your strategy without disrupting your companys network.Using HP Networking products, you can implement your BYOD and UC&C policieswhile planning for future needs.

9 Ensure high performance for bandwidth-intensive applications, simplifydeployment and management, and maintain security with limited resources.

9Use an evolutionary not revolutionary approach to move from a mostlywired solution to a high-speed, secure, mixed wired and wireless solution. Usethe HP three-phase approach to bring legacy networks into uni ed networks.

9 Deliver a uni ed solution to campus networks to improve the user experience,strengthen security, and simplify management with an HP Uni ed Wired andWireless Access solution.

9 Capture todays rich-media, BYOD, UC&C, and converged-infrastructure capa -bilities to enable business innovations at the edge of the network with the HPUni ed Wired and Wireless Access solution.

In Chapter 3: Building a better network with HP, we take a look at current HPwired, wireless, and management features and bene ts that can help youbuild and optimize your network for uni ed wired and wireless access.

Reference

1 Mullins, Robert. Network Buyers Survey: Standards Trump Features. January11, 2012. www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/23240005 9
http://www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/23240005http://www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/23240005http://www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/23240005http://www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/23240005


35/62

Chapter 3

Building a better networkwith HP

In this chapter

9 Which three key product components make HP Uni ed Wired and WirelessAccess possible?

9 What is required of wired devices to access a uni ed network? 9 What is required of wireless devices to access a uni ed network?

9 What should network management software be able to do for a uni ed accessnetwork?

HP Unified Wired and Wireless Access

With the comprehensive HP Networking portfolio of campus accesstechnologies, businesses can deliver reliable high-performance network ser-vices to the growing numbers of mobile users.


36/62

28 Chapter 3: Building a better network with HP

Figure 3-1 Features of the HP Networking portfolio at work

With guest and BYOD access, consistent policy enforcement, and single-pane-of-glass management, HP Uni ed Wired and Wireless Access solutions delivermany bene ts, including:

z Single-pane-of-glass management with HP Intelligent ManagementCenter, or IMC, which simpli es network management and delivers reli -able security for wired and wireless networks.

z Uni ed access and policy control associated with a users identity, whichprovides consistent guest and BYOD access, user authentication, policyenforcement, and user management across wired or wireless networks.

z Integrated 802.11n WLAN controller modules for HP modular switchingplatforms, which save you real-estate space and provide redundancy foralways-on network access.

z Dedicated mobility controllers, which are available to deliver exibilityand choice.

z EEE, IMC power-saving policies, and other power-saving features, whichhelp decrease your total energy costs.


37/62

29BYOD and Beyond

HP wired switches for Unified Wired and WirelessAccess

When legacy networks are pushed to the limit, they become fragile, vulner-able, di cult to manage, and expensive to operate. Businesses with networksat this breaking point risk missing the next wave of opportunities, such asBYOD and UC&C. HP o ers a variety of switches that help meet the needs ofvarious network environments. These switches provide connectivity, perfor-mance, scalability, security, and energy e ciency, and they all can be man -aged through single-pane-of-glass management software.

Industry standards All HP switches are built on industry standards. Youbene t from the open, standards-based approach that provides your busi -ness scalability, security, agility, and a consistent user experience. With HPFlexNetwork architecture, you can build a modular, heterogeneous networkwith interoperable multivendor components to extend wireless and wired net -works that are integrated, secure, and easier to manage. The HP FlexNetworkarchitecture is a solution that adapts to your business conditions and gives

you a new way to connect and condense architecture with single-pane-of-glass management.

1 GbE and 10 GbE With switches that provide 1 GbE access and 10 GbEuplinks, you can minimize network bottlenecks, which are often the result ofemployees straining the capabilities of the network with bandwidth-intensiveapplications, such as streaming video. HP has designed several switch seriesto alleviate this problem with 1 GbE connections to client devices and up to 10

GbE to the core.Layer 2 and Layer 3 functionality HP access switches have the resiliency,scalability, and Layer 2 and Layer 3 functionality needed to support migrationfrom the traditional three-tier networking model to a consolidated two-tiermodel that is based on one collapsed tier for Layer 2 and Layer 3 distribu-tion and access switching. The bene ts of a single layer of aggregation in thewiring closet include reduced switch count, simpli ed tra c ow patterns,elimination of potential Layer 2 loops, as well as STP scalability issues andimproved overall reliability.


38/62


Figure 3-2 HP optimized core and access layers

Power Over Ethernet PoE provides convenience, cost savings, and in somecases, solutions that are very di cult to conveniently provide any other way.

For example, clients can be placed wherever they are needed without requir -ing power in proximitythey need only the wired Ethernet connection. Themost obvious client type that can take advantage of this is the wireless AP,which can be situated for best radio-signal characteristics or hidden overheadin the ceiling without having to pull power to that spot.

Another key bene t of PoE is cost savings. Getting power to areas that are nottypically served by power can greatly reduce installation cost. Power circuits

require electricians and breaker boxes, and providing power in the Ethernetcable avoids these issues. Moving the client, if necessary, is also much easier.Also, PoE enables solutions that are not otherwise available. For example,building infrastructure, such as network-controlled door locks or securitycameras, are di cult to implement without PoE power. Many of these solu -tions cannot ful ll the exibility of location without PoE.

QoS and bandwidth management Advanced QoS features in HP switchesensure that your employees have the optimal experience, even when usingtime-sensitive voice, video, and other rich-media applications. Also, HP sFlowprovides clear visibility into the usage and active routes of both wired andwireless connections, and integrated support for HP sFlow across the HPNetworking portfolio means higher performance and a more cost-e ectivesolution. HP sFlow gives administrators insight into metrics, such as top talk-


39/62

31BYOD and Beyond

ers, top applications, and network connections, on wired and wireless net-works. Network monitoring and troubleshooting are simpli ed with a uni ed

access layer, and support for sFlow provides essential visibility into the uni-ed network.

High availability built in Some HP access switches have redundant hard-ware components, such as power supplies and fans. These components canbe hot-swapped when they fail without a ecting network tra c. If one of themodules fails, advanced chassis switches o er redundant fabric and manage -ment modules that provide nonstop switching and routing. Advanced fea-tures, such as In-Service Software Upgrade (ISSU), are typically deployed inthe network distribution and core devices to minimize downtime.

Energy Efciency Ethernet EEE is a physical-layer standard that reducesnetwork power consumption by disabling transmit logic when there are idleperiods. The key bene t of EEE is realized when port tra c is underutilized.EEE works out of the box and does not require any management softwarethat needs additional overhead or monitoring. When two EEE devices are con-nected, you immediately start realizing the energy savings.

Depending on tra c patterns and idle periods, power savings can be fairlysubstantial because PHY power consumption is second only to packet-pro-cessing silicon. And because EEE is an inter-network (versus an internal)power-saving mechanism, power savings are achieved on both the receiverand the transmitter switch. The periods of power-saving enablement are con-trolled by a standard link protocol negotiated on both sides of a link. Thus,the energy savings are in real time and can be realized across the connected

network devices.

Security Identity-based access ensures that the appropriate security andpolicies are applied consistently, whether users connect through a wired orwireless LAN. Advanced QoS ensures that your users have the optimal expe -rience, even when using time-sensitive voice, video, and other rich-mediaapplications. With our access switches, you can enforce the controls you needwhile giving users the freedom to use the devices they want. Many HP switch

products fully support 802.1x access control as well as Mac-Address FailureRedirect (MAFR), which enables Simple Network Access Control (SNAC), a sim-pler way to support BYOD. Devices are authenticated and authorized beforeaccessing the network, reducing vulnerabilities and security breaches.


40/62


Stacking and modular functionality HP o ers a variety of modular andxed-port, stackable switches to meet your networking requirements.

Modular switches often provide maximum exibility and investment protec -tion, and they o er an array of interface modules that are typically cycledthrough upgrades at least three times over a period of seven to ten years.Modular switches usually o er much better backplane performance than astack of switches, and they normally have better power utilization on a per-port basis than a stack. Because the switch management is isolated from theI/O modules, an I/O failure has no impact on either the switch performance orthe other ports on the chassis.

With the HP set of switch virtualization technologies, your enterprise can dra-matically simplify the design and operations of your campus xed-port net -works. HP stacking technologies essentially atten campus networks, helpingto eliminate the need for a dedicated aggregation layer, and provide direct,higher capacity connections between your users and network resources. Yourenterprise can overcome the limitations of legacy design and ine cient pro -tocols by delivering new levels of network performance and resiliency.

HP switch virtualization technologies extend the performance and scalabilitybene ts of modular, chassis-based switches to both modular and stackableswitches. You no longer need to compromise enterprise capabilities for theconvenience and cost of a stackable switch. These HP switch virtualizationtechnologies, including HP Intelligent Resilient Framework, or IRF, and HPMesh, are included in a variety of HP campus switches.

UC&C application integration Voice services that enhance applications

can be integrated in a switch as part of your companys uni ed communica -tions services. The HP AllianceOne Partner Program is focused on enablingyou to deliver secure, best-in-class networking solutions for your enterprise.HP AllianceOne gives you the con dence that the joint solution works and issupportedwhile providing the right application choice. This con dence isprovided through selected channel partners, HP support, and HP AllianceOneNetworking solution certi cations. You can rely on HP Networking channelpartners who are quali ed in both HP and alliance partners products to pro -vide support services for the combined solution.


41/62

33BYOD and Beyond

HP WLAN access points and controllers for unifiedaccess

By the end of the decade, an estimated 50 billion devices will connect to wire-less networks. 1 For worker and machine-to-machine transactions, WLAN willemerge as the preferred method of network connectivity. One day very soon,a wired-only network will be the exception.

Yet, many enterprises have found that their existing WLAN deploymentsdeliver a substandard user experience compared to wired networks. Distancelimitations of legacy WLAN implementations hinder true mobility, and perfor-mance of those networks inhibits video delivery. In addition, securing a WLANoften requires a separate platform, which drives up complexity and cost andpotentially impacts performance.

Nonblocking optimized architecture HP MultiService Mobility (MSM) APsand MSM wireless controllers deliver the wired-like performance needed tosupport your mobile workers who rely heavily on smartphones, tablets, andlaptops. The optimized HP WLAN architecture supports exible tra c distri -bution models and combines centralized management and control with intel-ligent access points at the edge of the network for unparalleled scalability,performance, and ease of deployment. The highly extensible WLAN architec -ture and product family (which includes HP MSM 802.11n APs and HP control-lers) enable optimal performance with low impact on the wired backbone, nosingle point of failure, and cost-e ective scalability.

MSM APsHP dual-radio three spatial-stream 802.11n APs give you near-

gigabit client access and support twice the number of users compared to twospatial-stream access points. Sitting at the wired-wireless boundary, theseintelligent APs can apply policies and forward packets directly between cli-ents and servers or can forward tra c to a centralized WLAN controller forhandling so that your network planners have greater choice and exibility asthey roll out and expand wireless infrastructure.

The APs also leverage RF optimization features, such as beam-forming and

band-steering, to optimize client performance and to move 5 GHzcapableclients to the less-congested 5 GHz spectrum. This leaves the 2.4 GHz forclients that are not 802.11n capable, which increases your overall networkcapacity. Your IT administrators can also use channel bonding in the 5 GHzspectrum to double e ective throughput for high-bandwidth applications andBYOD tra c.


42/62


HP WLAN controllers You can meet the needs of any size organization,from small o ces to large enterprise campuses. HP controllers provide

re ned user control and management, comprehensive RF management andsecurity, fast roaming, strong QoS and IPv4/IPv6 features, and powerfulWLAN access-control capability. The controllers support both central-ized and distributed forwarding to deliver exible deployment optionsthat optimize tra c ow, reduce latency, and increase WLAN scalability. HPlarge-enterprise controllers provide resiliency and high availability with 1+1fast backup and N+1 and N+N redundancy options. HP 1+1 redundancy optionsupports subsecond failover to ensure continuity of services in large enter-

prise networks.

Working together with HP APs, the HP WLAN controllers can be deployed onLayer 2 or Layer 3 networks without a ecting existing con gurations. HPWLAN controllers can be integrated with existing xed and modular switchingplatforms. The HP portfolio also includes dedicated mobility controllers foroverlay deployments. HP integrated controller modules for midmarket andenterprise switching platforms unify hardware to provide the necessary high

availability and redundancy with one device to manage.Self-optimizing WLAN performance With the HP uni ed access solution,your WLAN is self-healing, so you do not need to worry about users encoun-tering dead spots or unpredictable performance when there is RF interfer-ence or if an AP or radio fails. HP Wi-Fi Clear Connect software automaticallyadjusts to changing RF conditions and delivers reliable Wi-Fi service to yourusers.

HP Wi-Fi Clear Connect uses advanced Radio Resource Management (RRM)to optimize WLAN performance and reliability, mitigate interference, detectwireless threats, and simplify management. RRM automatically assigns andtunes the transmit power levels and RF channels on APs to optimize thesystem-wide performance and reliability of your WLAN. RRM takes place inthe background. Each AP scans all its available radio channels to monitor andidentify RF interference from nonWi-Fi sources. If an AP detects persistentinterference, it chooses the best alternative channel after verifying that theinterference is not present on the alternative channel. Scanning happensquickly so that it does not impact the APs ability to service clients.


43/62

35BYOD and Beyond

For example, if an AP detects interference from a microwave oven on Channel1, it automatically changes its clients to Channel 11 (see Figure 3-3). The AP

minimizes disruptions as Wi-Fi devices are moved to the new channel, sousers IP voice and application sessions continue without pause.

Figure 3-3 Automatic interference mitigation

Wi-Fi Clear Connect further helps you improve your users Wi-Fi experience byusing dynamic client load balancing and airtime fairness . Dynamic client loadbalancing is especially important in dense environments, such as classroomsor conference rooms, as well as for supporting BYOD initiatives. With dynamicclient load balancing, the software determines the client load of its neighbor-ing APs or the average number of clients per radio per band that the AP sup-ports. It then balances the client load among APs by adjusting the transmit

power to move the clients gracefully to a less-crowded AP, which gives usersgreater performance and a better experience.

Speci cally, airtime fairness enhances the user experience for 802.11ndevices. In a mixed network where 802.11a/b/g clients transmit at lowerspeeds than 802.11n devices, the performance of the faster 802.11n laptops,tablets, and smartphones can su er. But with airtime fairness built in to theHP WLAN system, all Wi-Fi clients are ensured equal transmit time over the

air. This way, one client cannot dominate the bandwidth, none of the Wi-Fidevices starve, and the older, slower Wi-Fi devices do not hold up the faster802.11n laptops, tablets, and smartphones. Airtime fairness is also aware ofthe underlying QoS policies, ensuring that voice and other high-priority tra cis never delayed by low-priority tra c.


44/62


HP Wi-Fi Clear Connect safeguards the WLAN against wireless threats withan integrated wireless intrusion detection system (WIDS). The WIDS detects

common threats, including denial-of-service attacks, as well as unauthor-ized APs and clients. Wireless threat detection is built in (no additional licensefees), and with it, your administrators can deploy APs as dedicated sensors orin a hybrid mode that provides both sensor functionality and client services.

HP RF Planner With the HP RF Planner, you can model WLAN coverage accu-rately by factoring in variables, such as physical features, building materi-als, and WLAN equipment characteristics. Using this software, your networkarchitects can ensure that your 802.11n network is optimized for the densemobile environments that support todays mobile workers and tablets.

Features and benefits of HP Intelligent ManagementCenter

Using di erent toolsetsone for your wired network, one for your wireless

can be challenging to your e orts to manage your network, not to mentiontroubleshooting the root cause of issues a ecting either one. Instead of turn -ing to a myriad of network management tools, your IT sta can use HP IMCfor single-pane-of-glass management across wired and wireless devices andother multivendor network infrastructures that require in-depth control andmanagement of virtual environments. You can easily nd and rectify issueswith the HP IMC deep visibility and management of both networks. HP IMCdelivers uni ed and consistent management for all network components,

including wireless and wired networks. The single IMC console manages morethan 6,000 devices from 220 manufacturers, plus the complete HP portfolio.

HP IMC provides full-fault, con guration, accounting, performance, andsecurity (FCAPS) management and scales easily from small to very largedeployments. It is a modular platform that deepens the breadth and depthof network management functions and other network services when needed.By consolidating what traditionally is deployed as a variety of separate tools,

IMC simpli es operations and management and boosts network availabilitythrough improved mean time to repair (also known as MTTR) through a singleplace for monitoring and remediation.


45/62

37BYOD and Beyond

HP IMC network access control HP IMC uses role-based access and cen-tralized policy enforcement, that is, identity-based access ensures that the

appropriate security and policies are applied consistently to users and theirdevices regardless of whether they connect through a wired or wirelessLAN. The access-control solution of HP IMC consists of three componentsthat are integrated seamlessly in the IMC base platform and provides NAC,policy enforcement, and quarantining to ensure the security of the networkinfrastructure:

z HP IMC User Access Manager (UAM) module is the rst component ofthe NAC solution. IMC UAM extends management to wired, wireless, andremote network devices and enables the integration, correlation, andcollaboration of user- and network-device management on one platform.By providing authentication and authorization for devices accessing thenetwork, IMC UAM helps reduce vulnerabilities and security breaches. Forgranular, consistent policy enforcement across users and devices, IMCUAM also identi es devices through ngerprinting.

z The second component, IMC Endpoint Admission Defense (EAD) servicemodule, provides security policy management and enforcement forensuring that end-user devices comply with established security poli-cies. With IMC EAD software, which works in conjunction with HP IMC UAM,administrators can control endpoint admission based on each devicesidentity and posture. If an endpoint is not compliant with the establishedpolicies, access to the network can be isolated or blocked for remedia-tion. Also, for ongoing protection, IMC EAD software continually monitorseach endpoints tra c, installed software running processes, and registrychanges.

z The third component, IMC iNode client, is an agent that is installed onthe end-user computer. The IMC iNode client works in conjunction withboth IMC UAM and EAD to provide access, authorization, security man-agement, and enforcement. The IMC iNode client works with the IMC UAMservice module to ensure that the access policies de ned in IMC UAMfor access, authorization, and authentication are both supported andenforced at the endpoint. The IMC iNode client works with the IMC EADservice module to ensure that the security policies de ned in IMC EAD areenforced and, when necessary, actions are taken to quarantine endpointsand to support users in resolving security policy violations. In essence,


46/62


IMC UAM and EAD service modules, along with endpoint control throughthe IMC iNode client, consolidate NAC functions for you in one integrated

platform. z HP IMC user monitoring IMC also gives your network administrators vis-

ibility into user behavior with the IMC User Behavior Analyzer (UBA) mod-ule. With the UBA module, your administrators can audit user behavior forwebsite access, including information on speci c URLs. Administratorscan also audit user activity by email sender or receiver addresses, data-base access and operations, le transfers, and FTP access. When usedin conjunction with the IMC UAM service module, IMC UBA also providesuser-behavior auditing by user name and IP address. IMC UBA visibility isthe result of analyzing data from many sources, including NAT (networkaddress translation) records, NetStream, NetFlow, and sFlow records,and DIG probe logs.

HP IMC UBA gives your administrators control of ltering, data aggregation,and application identi cation and de nitions. As with other IMC features, withUBA your administrators can manage auditing tasks, including saving taskcon gurations for future use. UBA provides summarized audit reporting thatcan query, sort, and group audit results by many elds, as well as saving auditresults to a le for downloading.

HP IMC QoS Manager

The HP IMC QoS Manager (QoSM) component enhances visibility and controlover QoS con gurations on network devices. It provides real-time networkdetection of QoS con gurations, so you can unify management of QoS poli -cies. With QoSM, your administrators can organize tra c into di erent classesbased on the con gured matching criteriasuch as IP protocol type, amongothersto provide di erentiated services. The software gives you insightinto committed access rate (CAR), generic tra c shaping (GTS), priority mark -ing, queue scheduling, and congestion avoidance so that IT sta can moree ectively control and allocate network resources .


47/62

39BYOD and Beyond

With a rich set of QoS device and con guration management functions, IMCassists your administrators to focus on QoS service planning and the most

economical and e ective use of network resources, ignoring di erences in theQoS con gurations of multiple devices. HP IMC QoSM provides real-time net -work detection of QoS con gurations because it identi es QoS network-widecon gurations, enabling uni ed management of QoS policies.

Key takeaways

You can implement an evolutionary plan to unify your wired and wireless accessconnections with HP Networking products at your own pace without replacing yourentire legacy network. With HP switches, you can scale your network when you needto expand capabilities for connectivity, performance, security, and energy e ciency.With HP IMC, you can consolidate network control with its single-pane-of-glassmanagement software.

9 The HP Uni ed Wired and Wireless Access solution comprises three key com -ponents: HP IMC, HP Wired Switches, and HP WLAN APs and controllers.

9 The HP Wired Switches portfolio is a complete line of products providingsuperior reliability, scalability, and performance, as well as comprehensivefeatures that help reduce complexity and maximize IT ROI.

9 The HP Networking portfolio o ers intelligent wireless solutions that provideplanning guidance, access, management, and security.

9 The HP IMC is a comprehensive platform that enables the e cient implemen -tation of network management. Its modular design makes it possible to inte-grate traditionally separate management tools.

In Chapter 4: HP uni ed access meets the challenge, we look at how these HPproducts meet your requirements for a complete uni ed access solution.

References

1 More Than 50 Billion Connected Devices, Ericcson. February 2011. www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdf
http://www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdfhttp://www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdfhttp://www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdfhttp://www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdf


48/62


49/62

Chapter 4

HP unified access meets thechallenge

In this chapter

9 Which key HP products are available to control user access and to manageyour identity-based policies for BYOD and UC&C initiatives?

9 How do HP uni ed access and HP AllianceOne partnerships provide the net -work speed for rich-media communications and simplify network design?

9How do you use HP uni ed access to integrate third-party applications, suchas Microsoft Lync, to provide survivable services (for example, external phonecalls) while sustaining internal peer-to-peer communications when the datacenter cannot be reached?

Your business is deploying new technologies and applications to gain acompetitive advantage. With your companys expanding mobility require -ments, now is the time to plan how to unify your wired and wireless accessfor your new BYOD and UC&C initiatives. But you might be apprehensive aboutadding complexity to your IT infrastructure, so you might try to acquire appli -cations from your existing networking vendor. However, these are rarely best-in-class. With HP Networking products and services, you can plan a migrationpath to suit your business needs, your budget, and your own timeline.

The open, standards-based HP FlexNetwork architecture strategy incorpo -rates applications from a variety of vendors, so you can choose the appli -cations that best meet your needs, whether that means integrating WLANcontrollers in access switches or leveraging dedicated mobility controllers.With a high-performance HP WLAN solution that integrates products from


50/62

42 Chapter 4: HP unified access meets the challenge

an extensive switching, routing, and security portfolio, you can meet yourcompanys demand for an evolving mix of wired and wireless network ser -

vices while lowering capital and operational expenses. And, through the HPAllianceOne partner program, the applications you choose go through a rigor -ous certi cation process to ensure that all components are e ective. We takea look at how the HP Uni ed Wired and Wireless Access solution can help youaccomplish this.

Key unified access features: BYODAn HP BYOD solution based on HP IMC delivers complete visibility from thedata center to the network edge. IMC goes beyond BYOD requirements bydelivering converged management across various networksphysical andvirtual, wired and wirelessand applies the appropriate security policies toyour users and their devices (personal or company owned).

Traditionally separate management tools, network services, policy manage -ment, and user and tra c monitoring are integrated in the HP IMC modulardesign so that you can manage and secure your wired and wireless infrastruc-ture easily from one central location. Because of the HP IMC modular design,deploying your BYOD solution is less complicated and easier to use. The mod -ular design gives you the exibility to add functionality as needed without theneed to deploy separate management tools.

For granular network and application access, HP IMC manages user access andidentity-based policies so that your IT managers can resolve complex security

challenges associated with BYOD policies. Your IT administrators can establishand enforce granular and consistent network access policies for wired, wire -less, and VPN users to protect your IT assets, mitigate risks, optimize networkavailability, and monitor regulatory compliance. HP IMC provides a compre -hensive BYOD solution that supports wired and wireless device onboarding,provisioning, and monitoring.


51/62

43BYOD and Beyond

Figure 4-1 HP BYOD solution

Key unified access features: UC&C

To e ectively communicate and collaborate on projects with employees,vendors, and partners, sophisticated tools are essential for your businessesto stay ahead of the competition. However, the bandwidth needed for toolsemploying voice, video, a

Documents

Byod 021413 Bookmarked Final