Upload
gwendolyn-hopkins
View
221
Download
3
Tags:
Embed Size (px)
Citation preview
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved
Get your network ready for Apple
Observations from Aruba Networks
•March 2012
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved2
Who Is Aruba?
Leading provider of secure mobility
Aruba MOVEArchitecture
Industry’s most secure WLAN
Easiest BYOD & Guest Access
Zero-touch remote networking
Leader in Gartner MQ
~ $500M in annual revenue
HQ: Sunnyvale, CA
NASDAQ: ARUN
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved3
Issues facing Apple-centric networks
• Device density (Aruba Experience)• Spectrum optimization• Roaming issues• Service issues (Bonjour)• Device management issues
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved4
Density problem
• Airtime is precious. It must be preserved• iPad connect rate is 150mbps best-case• Divided by 30 users = 5mbps per channel. Real-world usage will
halve this number. Implies 1 channel per class• Other devices are even worse (53mbps)
• 2.4 Ghz band with 3 channels will not scale in a typical school• Clean 5Ghz is mandatory, provides 22ch• Clients should be LoS to the AP to keep speeds up• Keep randoms off the classroom AP (Guest, etc)
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved5
5Ghz spectrum is the key
• Design for 5Ghz and 802.11ac• Use Band-steering or selective SSID deployment• Keep power low. HT20 channel-plan instead of
HT40 in dense areas• Airtime fairness prevents starvation
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved6
Roaming issues
• Sticky-clients: slow to roam• Clients at a lower rate waste airtime for everyone• Marginal link quality is frustrating• Trim lower MCS rates to encourage roaming• Monitor for low rates and associations to distant APs
• Coverage Models don’t work in HD (1-1) classrooms
• Newer versions of iOS (5+) fix many WiFi issues
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved7
What is Apple Bonjour
Bonjour/mDNSBonjour is a discovery and communications
method that lets Apple devices communicate
over LAN/WLAN
Bonjour
Screen mirror from an iPhone, iPad, MacBook
to an AppleTV Personal use by
students in dorms Discovery based on
location by all users Shared use among
execs in meeting rooms
Print from an iPhone or iPad with a Bonjour
enabled printer Personal use by execs
in offices Discovery based on
location by all users Shared use based on
user role within the org
Most Popular Apps
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved8
Challenges with Apple Bonjour / mDNS
2. Limited WiFi performance• Multicast use lowest 802.11 rates• L3 forwarding increases Wi-Fi waste• Announcements eat airtime
3. Prone to end user errors• Services do not require authorization• Easy to pick the wrong service• No directory services
1. Designed for home• Operates in a single broadcast domain
and is not VLAN friendly• Devices are not visible across network
boundaries• Pre-Shared Key (PSK) for Wi-Fi security
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved9
Access Network Issues
• The access layer is being call upon to provide more than just connectivity.
• Your network vendor should be helping you address the issues that come with 1-to-1 and BYOD initiatives
• Minimize device-touch with onboarding• Direct visibility into how the network is performing• Wired/Wireless Convergence (Gartner does not distinguish)• Flexibility+options in how the Access Layer is deployed• Intelligent Access control (AAA)• Address technology-specific issues such as Apple Bonjour
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved10
Onboarding
• How are you going to configure hundreds of iPads?
• First things first: Get it on the network without a phone call• Leverage the Apple API for configuration? Certificates?• Minimize confusion over SSIDs. Enrollment vs Secured• PIN enforcement, other settings above/beyond?
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved11
Onboarding iPad Example
• Student connects with AD credentials• Credentials are validated, but district policy says device is
required to register• Student registers at portal• Certificates generated and pushed down• Network configuration pushed down
• Device is now functional using unique credentials instead of AD credentials
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved12
Visibility
• BOTH real-time and historical signal quality• Username/Device type/• Infrastructure health• Device association history• Location services?
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved13
Remote Mode• AP enabled with IPSec VPN
connect to a central controller
Branch Mode• Instant branch network with IPSec
VPN to a central controller
Campus Mode• Integrates with high performance
controller
Flexible Access Layer Architecture
Same AP, multiple modes of operation
Instant• APs form instant campus network
without controllers
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved14
Wired/Wireless convergence
• Smart AAA
• Consistent user experience regardless of connection
• Common areas• Staff devices• Multi-vendor support
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved15
Aruba AirGroup
Context Based AccessOnly the necessary services are made visible to mobile devices – per user, per role, per location.
Centralized Registration of ServicesSimple registration of shared and local services by IT. End users self-register their own personal service.
Zero Touch InstallNo gateways or multicast VLANs. No additional SSIDs, VLANs, MAC filters. No multicast routing configuration.
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved16
Aruba AirGroupPersonal, Shared, Local Plug-n-Play Services
AppleTV in the meeting room
Printer in CFO’s office
AppleTV in the
classroom
Printer in the copy room
Super’s iPad
Laptop in close proximity
Teacher Macbook
iPhone in close promixity
Personal AirGroup “Super”
Local AirGroup “Apple TVs”
Shared AirGroup “Teachers”
Local AirGroup “Printers”
Aruba Access Network
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved
Thank You