Embed Size (px)
Citation preview
BYOD and Beyondaccess solution
HP Solutions Series
John Faulkner
HP Press | www.hppress.com
About this bookFocusing on the business challenges and opportunities presented by BYOD,
Access solution of open, standards-based solutions. Discover how this solution helps businesses of all sizes improve the user experience, strengthen security, and simplify management, while reducing capital investments and operating expenses.
This book is designed for IT department network directors or specialists who are seeking solutions to their organization’s unique networking issues in responding to the challenges of technological trends, including BYOD, cloud computing, virtualization, mobility, and rich media collaboration for a truly
About HPHP creates new possibilities for technology to have a meaningful impact on people, businesses, governments, and society. As the world’s largest technology company, HP brings together a portfolio that spans printing, personal computing, software, services, and IT infrastructure to solve customer problems. More information about HP (NYSE: HPQ) is available at www.hp.com.
HP Solution Series
BYOD and Beyond:Implementing a unified access solution
HP Press
660 4th Street, #802
San Francisco, CA 94107
BYOD and Beyond: Implementing a unified access solution
© 2013 Hewlett-Packard Development Company, L.P.
Published by:
HP Press 660 4th Street, #802 San Francisco, CA 94107
All rights reserved. No part of this book may be reproduced or transmitted in any form or by any means, electronic or mechanical, including photocopying, recording, or by any information storage and retrieval system, without written permission from the publisher, except for the inclusion of brief quotations in a review.
Warning and disclaimer
This book is designed to provide information about HP Unified Wired and Wireless Access. Every effort has been made to make this book as complete and as accurate as possible, but no warranty or fitness is implied.
The information is provided on an “as is” basis. The author, HP Press, and Hewlett-Packard Development Company, L.P., shall have neither liability nor responsibility to any person or entity with respect to any loss or damages arising from the information contained in this book or from the use of the discs or programs that may accompany it.
The opinions expressed in this book belong to the author and are not necessarily those of Hewlett-Packard Development Company, L.P.
Readers should be aware that Internet websites offered as citations and/or sources for further information may have changed or disappeared between the time this is written and when it is read.
Trademark and acknowledgments
All terms mentioned in this book that are known to be trademarks or service marks have been appropriately capitalized. HP Press or Hewlett Packard Inc. cannot attest to the accuracy of this information. Use of a term in this book should not be regarded as affecting the validity of any trademark or service mark.
Feedback informationAt HP Press, our goal is to create in-depth technical books of the best quality
and value. Each book is crafted with care and precision, undergoing rigorous
development that involves the expertise of members from the professional
technical community.
Readers’ feedback is a continuation of the process. If you have any com-
ments regarding how we could improve the quality of this book, or other-
wise alter it to better suit your needs, you can contact us through email at
[email protected]. Please make sure to include the book title in
your message.
We appreciate your feedback.
HP HEADQUARTERS
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA
94304-1185
USA
Phone: (+1) 650-857-1501
Fax: (+1) 650-857-5518
HP, COMPAQ and any other product or service name or slogan or logo contained in the HP Press publications or web site are trademarks of HP and its suppliers or licensors and may not be copied, imitated, or used, in whole or in part, without the prior written permission of HP or the applicable trademark holder. Ownership of all such trademarks and the goodwill associated therewith remains with HP or the applicable trademark holder.
Without limiting the generality of the foregoing:
a. Microsoft, Windows and Windows Vista are either US registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries; and
b. Celeron, Celeron Inside, Centrino, Centrino Inside, Core Inside, Intel, Intel Logo, Intel Atom, Intel Atom Inside, Intel Core, Intel Core Inside, Intel Inside Logo, Intel Viiv, Intel vPro, Itanium, Itanium Inside, Pentium, Pentium Inside, ViiV Inside, vPro Inside, Xeon, and Xeon Inside are trademarks of Intel Corporation in the U.S. and other countries.
iv
Contents
Chapter 1 Business opportunities versus networking challenges .......................................................1
Consumerization driving BYOD .......................................................... 2
Video driving UC&C .............................................................................. 3
Technological challenges to BYOD and UC&C solutions ................. 4Consumer devices, video, and voice ............................................4Legacy systems ...............................................................................5BYOD ..................................................................................................5
Beyond the technical challenges ....................................................... 6UC&C and rich media .......................................................................7
IT factors driving unified access ........................................................ 7
Vendors moving beyond physical connections ............................... 9
Gartner Magic Quadrant: HP a leader ............................................. 11
The HP solution.................................................................................. 12
Chapter 2 The HP Unified Wired and Wireless Access solution ...................................................................... 15
Evaluating your current infrastructure .......................................... 16Architectural considerations .......................................................16Four top considerations ...............................................................16
Changing the rules of user access ................................................... 18
The HP three-phase approach ......................................................... 18Phase 1: Unify wired and wireless networks ............................19Phase 2: Optimize for wireless connectivity .............................20Phase 3: Accelerate—provide wireless as the key form of
connectivity ................................................................................21
Unifying the campus edge with integrated functionality ........... 23
v
Chapter 3 Building a better network with HP ....................... 27
HP Unified Wired and Wireless Access ............................................ 27
HP wired switches for Unified Wired and Wireless Access ........... 29
HP WLAN access points and controllers for unified access ......... 33
Features and benefits of HP Intelligent Management Center ..... 36
Chapter 4 HP unified access meets the challenge ............ 41
Key unified access features: BYOD .................................................. 42
Key unified access features: UC&C .................................................. 43
Key unified access features: rich media ......................................... 45
Chapter 5 Expert resources and next steps ............................ 49
HP expertise ....................................................................................... 49
HP ExpertOne career certifications for IT professionals ............. 50
More resources .................................................................................. 52
Chapter 1
Business opportunities versus networking challenges
In this chapter
99 What are the technological challenges to implementing rich-media, bring-
your-own-device (BYOD), and unified communications and collaboration
(UC&C) solutions which can also be virtualized?
99 What is the best way to unify a wired and wireless LAN (WLAN) edge?
99 What are the business requirements for implementing BYOD and UC&C policies
and procedures?
99 How do industry analysts position the HP solution for unified wired and
wireless access?
99 What is the HP solution for BYOD and UC&C challenges?
“The rise of ‘bring your own device’ programs is the single most radical
shift in the economics of client computing for business since PCs invaded the
workplace,” 1 writes analyst David Willis for Gartner, Inc. Whether you are con-
templating the creation of a BYOD program or currently trying to establish
one, you already know that Mr. Willis is not overstating the obvious. There
are not only new device types coming online but also rich-media applications
that integrate voice, instant messaging, video, and email with enterprise
software. This adds a new dimension of integration so that employees can
communicate in real time and increases emerging technologies, such as vir-
tualization, which need specific security and compliance requirements. And,
2 Chapter 1: Business opportunities versus networking challenges
although the trend has far-reaching implications not only for companies but
also for the global workforce, the solutions cannot be revolutionary but must
be evolutionary.
In this chapter, we examine the factors that are driving companies like yours
to implement BYOD and UC&C initiatives. The success of those initiatives is
dependent on the consolidation and simplification of the network. We also
explore business requirements for BYOD and UC&C initiatives and the reasons
HP is positioned as a leader. And we take a conceptual look at HP Networking
solutions.
Consumerization driving BYOD
Several consumer factors have shaped the acceptance of personal devices in
business environments:
9z Approximately half of U.S. adults own a smartphone, with rates higher
among more educated and well-off individuals.2
9z The endpoint commodities, such as smartphones, tablets, and laptops,
used by consumers compared to business users are converging. In the
mid-1990s, devices used by business were very different from their con-
sumer counterparts. Today, however, consumer smartphones and tablets
often surpass the requirements of the business user.
9z With significantly improved network performance, personal devices can
use powerful software that is in the cloud.
9z Consumers not only have more demanding computing devices but they
are also upgrading faster than in the past.
Consequently, companies can keep up with mobile technology innovation more
effectively by catering to consumer devices rather than by adopting technol-
ogy at the slower traditional pace of business. BYOD programs can improve
employee satisfaction, which can be critical to attracting and retaining tal-
ented staff. Many Gartner clients report that satisfaction with IT improves
substantially among users who opt in to companies’ BYOD programs.3 Plus,
consumer buyers can take advantage of device and domestic-service costs
that typically are on par with the deals that companies can leverage for their
employees. As this parity creates an impact on commodities and services,
the only difference between consumer and enterprise endpoints is the soft-
ware—an area that IT can affect and, in many ways, control.
3BYOD and Beyond
Figure 1-1 Working environment requiring unified access solution
Video driving UC&C
Like the BYOD movement, several factors have shaped the business video-
based communications that drive UC&C strategies, such as:
9z Simplified and more effective usage of the increasingly broad range of
communications and collaboration options, such as VoIP phones, for
example.
9z Improved responsiveness of individuals and groups to events like video-
based webinars.
9z Increased integration of communication functionality and tools, such as
Microsoft Lync with applications like Microsoft Office.
Some types of rich-media communications are more prevalent, such as web-
casts and video conferencing, and some are new, such as troubleshooting
manufacturing processes, creating transparency of government processes,
and surveillance. Others include customer and employee training, as well as
digital signage.
4 Chapter 1: Business opportunities versus networking challenges
These UC&C methods can be divided into two categories—live streaming
(such as one-to-many webcasts, one-to-one video conferencing, many-to-
one video collaboration, or many-to-one surveillance) and on-demand video
(training, downloading, movies, and digital signage). The demands on the
network are different for each one: real-time streaming is very susceptible to
network delays, and on-demand video is more resilient due to local buffering.
Rich communications over the network require an infrastructure that deliv-
ers low latency and high resiliency and that ensures end-to-end traffic pri-
oritization. The solution stack involves functionality from infrastructure to
application layers. The network layer supports functionality, such as wired
and wireless connectivity, QoS, virtualization, and optimization. The session
layer provides video-call initiation, user registration, and interoperability; the
application layer provides access to video application and integration with
other UC&C applications. Security and manageability span across each layer.
Technological challenges to BYOD and UC&C solutions
IT is straining to adapt to the challenge of providing secure connectivity for:
9z Users who are on the move.
9z Devices that talk to one another without human intervention.
9z Workers’ reliance on real-time, interactive, and cloud-based applications
and services.
Consumer devices, video, and voice
Campus and branch networks must adapt to the latest WLAN mobility require-
ments for the new digital lifestyle driven by the consumerization of IT. A 2012
Gartner survey of CIOs at Gartner Summit events in the United States and
Europe indicated that by 2014, 80 percent of the global workforce might be
eligible to participate in BYOD programs.4
As video gains popularity for everyday collaboration, the rise of IP voice and
video is requiring campus networks to have higher levels of performance and
availability. To deliver the high-quality experience users expect from voice
and video (which is driven by consumerization), the campus network must
scale significantly to accommodate increased bandwidth, users, and services.
5BYOD and Beyond
Legacy systems
Most enterprise networks were designed before the widespread adoption of
mobility. Distributed applications and video, PCs, servers, and other comput-
ers were stationary. Applications were client/server, and user connectivity and
network design were rigidly defined. Advanced threats—growing in sophisti-
cation and persistence every day—are bombarding corporate networks and
endpoints. Using legacy three-tier architectures to provide secure access to
workers who often access enterprise resources over both secured and unse-
cured wired, wireless, and remote connections is too complex and costly.
As employees’ personally owned smartphones, tablets, and laptops gain
access to the heart of corporate applications, resources, and data, the swift
uptake of BYOD programs heightens the challenge. The velocity of transition-
ing to these new requirements makes the divide wider between wired and
wireless on the campus and branch networks. Readily apparent to network
administrators, “swivel-chair” management is the norm as IT juggles mul-
tiple disjointed tools in an attempt to control the entirety of the enterprise
network.
BYOD
A BYOD strategy is often for a large minority of professional employees and
part-time workers, but it is also being considered for the majority of contrac-
tors, interns, consultants, and other workers not directly employed by the
enterprise. With a BYOD program, users are permitted certain access rights to
enterprise applications and information on personally owned devices, subject
to users accepting enterprise security and management policies. Users select
and purchase devices, although IT might provide a list of acceptable devices
for purchase. In turn, IT provides partial or full support for device access,
applications, and data. In each case, support might be limited. Each organi-
zation decides whether to provide full, partial, or no reimbursement for the
device or service plan.
IT’s best strategy to deal with the rise of BYOD is to address it with a combi-
nation of policy, software, infrastructure controls, and education in the near
term and with application management and appropriate cloud services in the
longer term. BYOD impacts corporate risk, infrastructure and software costs,
customer service levels, and TCO. It typically requires delivery mechanisms
6 Chapter 1: Business opportunities versus networking challenges
(app stores, file-sharing systems, and desktop virtualization) and significant
technology protections, including authentication, network access control
(NAC), mobile device management (MDM) and mobile application manage-
ment, encryption, and content protections. It often forces companies to adopt
thinner-client architectures, multiplatform mobile-application development
environments and frameworks, and HTML5 for mobile applications.
Companies might decide for various reasons not to have a BYOD program. In today’s business world, however, it is as important to declare that personal devices are not acceptable endpoints to access company data as a policy as it is to develop a BYOD program. Otherwise, employees might assume that BYOD is an acceptable practice, and this assumption can unnecessarily complicate employee expectations and relationships.
Beyond the technical challenges
Although the technical challenges are most critical to the success of BYOD
initiatives, several administrative tasks are also fundamental to effectively
implementing and sustaining BYOD policies, including:
9z Organization-specific BYOD policies that are developed in conjunction
with Legal and HR.
9z Guidelines for who is eligible (and who is not).
9z New employee agreements for support, risk, and responsibility.
9z Adjustments to service levels.
9z Service-desk training.
9z Funding and reimbursement strategies.
9z Employee education.
9z IT specifications on acceptable devices.
The approach to BYOD policies typically requires customization by country. It can also have tax implications for both employee and employer.
7BYOD and Beyond
UC&C and rich media
Effective communication tools are critical for the success of businesses. With
the adoption of new technologies, business communications are constantly
changing. Not too long ago, new tools emerged, such as email, instant mes-
saging, collaboration applications, and thin clients. Presence has now become
an integral part of the repertoire of communication tools. As a result, legacy
telephony systems are migrating to VoIP systems to reduce operational costs
and to simplify integration with other UC&C tools.
Now, visual communication is in the vanguard, and businesses are deciding
how to make use of video. Video communication can be used to resolve cus-
tomers’ issues quickly, train employees and customers, and help executive
management teams communicate corporate priorities with an entire organi-
zation simultaneously. IP cameras are deployed in process manufacturing to
troubleshoot issues with production lines and for surveillance at public ven-
ues, like malls and stadiums. Frost & Sullivan research shows that 76 percent
of companies use some version of video conferencing today, and 38 percent
use it extensively throughout their organizations.5
Legacy networks were designed to handle data communications. The con-
vergence of data, voice, video, and collaboration tools is pushing legacy net-
works to a breaking point. The impact of enabling video is immediately felt
on the network, so careful consideration must be given to designing optimal
networks with capabilities to support rich-media communications.
IT factors driving unified access
In addition to the demand for BYOD and UC&C solutions, limited IT resources
and reduced IT budgets are dictating what IT purchases and deploys at the
edge of the network. As businesses adjust the size of their infrastructures for
efficiency, the number of switching ports at the network edge continues to
decrease. And, according to a 2012 Gartner survey, 76 percent of enterprises
have only one employee dedicated to making these changes.6 As a result,
these changes are driving the evolutionary emergence of a unified access
layer that provides both wired and wireless connectivity.
8 Chapter 1: Business opportunities versus networking challenges
Gartner Report: Impact of WLANs and reduced complexity at the edge
According to Gartner research,7 WLANs will address the new connectivity requirements, and enterprises will re-evaluate how wired ports are used, elimi-nating unneeded ports. IT organizations will reduce the complexity and costs of provisioning and managing network components by eliminating the need for duplicate network applications and consoles. The following is excerpted from that report.
Impact: Wireless LANs will address new connectivity requirements, and enterprises will rightsize the edge of the network by re-evaluating how wired ports are used and eliminate unneeded ports.
IT organizations continue to scrutinize network designs. At the edge of the network this includes understanding how many users are actually connecting to the wired ports that are currently deployed within the enterprise. Standard network tools will report to IT managers the number of times the network is accessed and how active network ports have been for a defined period of time. These reports will help enterprise eliminate unused ports without affecting ser-vice to end users. Users are bringing more devices to the enterprise for connec-tivity, and these new devices are seeking wireless connectivity, so rightsizing the current usage of existing ports will decrease the number of switch ports that need to be refreshed, as well as the savings associated with the mainte-nance and requirements for additional upstream ports.
Impact: IT organizations will reduce the complexity and costs of provision-ing and managing network components by eliminating the need for dupli-cate network applications and consoles.
As switching companies continue to integrate wireless products into a unified access layer solution, enterprises are looking for the tools needed to provi-sion, manage, secure and maintain all components with the access layer of the network to be consolidated. It is no longer acceptable to have two different network management applications or differing guest access applications, espe-cially if the solution is being provided by the same vendor. Unifying network ser-vice applications reduces complexity by providing a single display and reduces costs associated with redundant solutions.
9BYOD and Beyond
Impact: Network service application innovation is being delivered by WLAN vendors, and enterprises will purchase this new function across the edge of the network to both wired and wireless clients.
Innovative leadership functionality for network service applications in recent years has been led by wireless vendors. The adoption of 802.1X for client security across the network was enhanced when the industry felt that wire-less networks were unsecure. Guest access has moved from a media access control (MAC) access control list (ACL) with a single captive portal experience to certificate-based and Web-based authentication methods that provide a front end to multiple captive portals that allow IT organizations to define the end-user experience with much more granularity. The ability to integrate con-text-aware variables such as location, as well as time and date, provide even more granularity for enterprises to control where and when users access the network.
Vendors moving beyond physical connections
More frequently, vendors are providing network services and applications
beyond the physical connection, including:
9z Role-provisioning and guest-access administration for wired and
wireless guests.
9z Firewalls.
9z Policy enforcement.
9z Network management integrated with system management that is aware
of wired components and is WLAN-vendor independent.
9z Onboarding and NAC, including authentication and authorization services.
9z WLAN forensics.
9z Intrusion protection for wired LANs and WLANs.
9z Voice services that enhance the application, including integrating with
unified communications services.
9z Video services that enhance the application.
9z Location-based services, context-oriented services, and asset
management.
10 Chapter 1: Business opportunities versus networking challenges
As vendors continue to expand their functionality, they provide additional
information to enterprises, enabling clients to maximize the productivity and
ROI of all access-layer connectivity.
Unified access business requirements for BYOD and UC&C programs
To establish BYOD and UC&C programs, several business requirements must be met:
9z Secure network access for end users, regardless of device types, that is, consistent security and policy enforcement for all wired and wire-less devices.
9z Provide seamless performance for enterprisewide applications across the wired and wireless network so that video and rich media run smoothly with wireless near-gigabit speeds.
9z Accelerate productivity across the organization (rich-media access from any wired or wireless device).
9z Reduce the complexity and the costs of provisioning and managing network components (integrated network management tools with full network and application visibility).
9z Purchase devices and software that are based on industry standards.
HP Networking is placed in the Leaders section* of the Gartner Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.8
*Gartner does not endorse any vendor, product, or service depicted in its research publications and does not advise technology users to select only those vendors with the highest ratings. Gartner research publications consist of the opinions of Gartner’s research organization and should not be construed as statements of fact. Gartner disclaims all warranties, expressed or implied, with respect to this research, including any warranties of merchantability or fitness for a particular purpose.
11BYOD and Beyond
Gartner Magic Quadrant: HP a leader
Gartner evaluation criteria
To place vendors in the Magic Quadrant for the Wired and Wireless LAN Access Infrastructure arena, Gartner based its in-depth analysis on a wide variety of criteria, from the effectiveness of the products to the health of the organiza-tion, as well as presales, marketing, operations, and completeness of vision.
Ability to execute
9z Product/service
9z Overall viability (business unit, financial, strategy, or organization)
9z Sales execution/pricing
9z Market responsiveness and track record
9z Market execution
9z Customer experience
9z Operations
Completeness of vision
9z Market understanding
9z Market strategy
9z Sales strategy
9z Offering (product) strategy
9z Business model
9z Vertical/industry strategy
9z Innovation
9z Geographic strategy
According to the research analysts at Gartner, “Connectivity at the edge of
the enterprise network is more than just a wired or wireless LAN infrastruc-
ture. Enterprises must choose infrastructure vendors that support network
services, including security and management, and can integrate wired and
wireless networking products.”9
12 Chapter 1: Business opportunities versus networking challenges
To help its clients find the right vendor for their wired and wireless infra-
structures, Gartner has developed its Magic Quadrant for Wired and Wireless
LAN Infrastructure by evaluating vendors that supply such products with a
comprehensive set of criteria (see sidebar, “Gartner evaluation criteria”). The
quadrant’s four sections are labeled Challengers, Niche Players, Leaders, and
Visionaries.
The HP solution
HP integrates functionality to unify access at the network edge. The HP solu-
tion includes a comprehensive portfolio of campus access technologies so
that businesses can deliver high-performance, reliable network services to
growing numbers of mobile users, with many benefits, including:
9z High-performance wireless to support today’s and tomorrow’s mobile
devices.
9z Optimal wireless and high-speed wired connectivity.
9z HP Intelligent Management Center (IMC) role-based access and central-
ized policy enforcement for consistent wired and wireless security.
9z Energy efficiency for greater savings.
9z Greater visibility into network and application performance with HP IMC
single-pane-of-glass management.
9z Simplified architecture with enterprise-class reliability.
9z Global reach of HP sales channel, plus service and support.
13BYOD and Beyond
Key takeaways
With the HP Unified Wired and Wireless Access solution, IT can unify wired and wire-
less LANs to deliver consistent user experience, integrated security, and single-
pane-of-glass management.
99 End-device security and management, along with reliable network perfor-
mance for wired and wireless connectivity, optimized power, and clear visibil-
ity, are the key technological challenges faced by IT today.
99 Secure access, smooth enterprise-application delivery, worker satisfaction,
reduced complexity, and industry standards are key requirements for a uni-
fied access solution.
99 The HP Networking portfolio of solutions that provide wired and wireless
access, plus network management—all based on industry standards—is the
key reason behind HP leadership in the Gartner Magic Quadrant. The HP sales
channel and service and support provide global reach and access to opportu-
nities that few companies can match.
99 Campus networks can be unified with the HP Unified Wired and Wireless
Access solution to improve the user experience, strengthen security, and sim-
plify management. By integrating wired and wireless networks at the edge,
you can more effectively enforce security and manage the network as a cohe-
sive integrated system.
In the following chapters, we look at the details of the unified wired and wire-
less access solutions, specific HP technologies, their benefits and features,
and how these products and services meet the connectivity challenges of your
enterprise. We also outline next steps and describe how to take advantage of
key HP services to unify your enterprise’s wired and wireless connectivity.
14 Chapter 1: Business opportunities versus networking challenges
References
1 Willis, David. “Bring Your Own Device: New Opportunities, New Challenges.” Gartner, Inc. August 16, 2012. www.gartner.com/id=2125515
2 Smith, Aaron. “Nearly half of Americans adults are smartphone owners.” Pew Internet, Pew Charitable Trust, March 1, 2012. www.pewinternet.org/Reports/2012/Smartphone-Update-2012/Findings.aspx
3 Willis, David. “Bring Your Own Device: New Opportunities, New Challenges.” Gartner, Inc. August 16, 2012. www.gartner.com/id=2125515
4 Disabato, Michael. “Creating a Bring Your Own Device (BYOD) Policy.” Gartner, Inc. April 13, 2012. www.gartner.com/id=1983515
5 “Best Practices for Successful Video Collaboration—Services Make All the Difference.” Frost & Sullivan. July 2010. https://h30406.www3.hp.com/campaigns/2011/promo/1B01ZS/pdf/FrostSullivanVideoCollaboration_PREVIEW.pdf
6 Zimmerman, Tim, and Mark Fabbi. “Unified Access Layer Forces Changes to Infrastructure Thinking at the Edge of the Network.” Gartner, Inc. March 20, 2012. www.gartner.com/id=1955717
7 Ibid.
8 Zimmerman, Tim, and Mark Fabbi. “Magic Quadrant for the Wired and Wireless LAN Access Infrastructure.” Gartner, Inc. June 13, 2012. www.gartner.com/id=2048215
9 Ibid.
Chapter 2
The HP Unified Wired and Wireless Access solution
In this chapter
99 What issues should you consider before planning a unified access solution?
99 What is the HP approach to implementing a unified access solution?
99 What is the current HP Unified Wired and Wireless Access solution?
99 What key features are critical to deploying a unified access solution?
Now that your company has decided to implement a BYOD program, you
have been tasked with addressing the technical issues. Your legacy IT infra-
structure is struggling to keep up with current needs, and now you need to
ensure network performance for bandwidth-intensive applications, simplify
deployment and management, and maintain security with limited resources.
The preferred way for your users to connect to wireless is through a WLAN
rather than through lower-speed 3G or 4G networks.
Your employees and contractors around the globe need access to applications
from anywhere at any time to stay productive, which means applications
must be delivered flawlessly from a virtual data center to a virtual workplace,
around the clock. Before we look at the HP three-phase approach to unify-
ing your network access, consider the four top issues for evaluating a unified
wired and wireless access solution that can help you design a road map for
success.
16 Chapter 2: The HP Unified Wired and Wireless Access solution
Evaluating your current infrastructure
Start your road map for a unified network by assessing and evaluating your
existing network infrastructure and how your organization wants to grow
the network based on which applications need to be accessed by which users
and from which locations. Next, estimate the traffic load that wireless users
and new mobile applications will impose upon the wired and wireless infra-
structure. Then, identify potential bottlenecks that might require capacity
upgrades.
Architectural considerations
When unifying wired and wireless, there are also architectural considerations.
You need to provide unified network access as part of a networking solution
that leverages common hardware and software. Then, you must also pro-
vide consistent and correlated wired and wireless services, such as network
management and policy enforcement, as well as a scalable network core to
optimize end-to-end application performance. When implemented correctly,
mobility appears as just another integrated service of an enterprise network-
ing solution, like routing and security.
Four top considerations
Before we describe the HP Unified Wired and Wireless Access solution, we
take a look at the four top considerations to implementing a unified wired and
wireless network:
9z Level of integration—Consider the level of integration between wired
and wireless in a solution. Without the correct level of hardware integra-
tion, it is difficult for a solution to provide meaningful TCO reduction. For
wired network devices, consider either integrated chassis-based solu-
tions to lower acquisition costs, reduced rack space, and redundancy
for always-on unified network access, or stackable switches that allow
for growth over time. For wireless solutions, consider the latest genera-
tion of 802.11 technology for increased throughput, performance, and
reliability.
17BYOD and Beyond
9z Comprehensive, unified network management—It is no longer accept-
able to have multiple network management applications or differing
guest access and BYOD solutions. A common, intuitive, and automated
solution for provisioning, monitoring, troubleshooting, and reporting
that is based on combined and correlated wired and wireless network
information is essential. This reduces software complexity, maintenance
costs, and unplanned downtime by eliminating the need for redundant
network management applications. In other words, unified management
should improve operational and administrative efficiency, along with
problem resolution. As a result, your IT staff has more time to focus on
strategic initiatives.
9z Integrated security—Role-based access and centralized policy enforce-
ment ensure that security and policies are assigned and applied consis-
tently for wired and wireless network access. Also, consider solutions
with integrated BYOD support to provide network access control, policy
enforcement, and quarantining for employee-owned devices, ensuring
the security and regulatory compliance of your network infrastructure.
9z Open standards—A unified access layer that is based on industry stan-
dards ensures a level of compatibility with installed endpoints and sys-
tems, and it simplifies support and integration of applications in your
network. A survey from Information Week Analytics on its Network
Computing website confirms that IT buyers favor products built to indus-
try standards over those with the latest innovation.1 The report also
notes “a general wariness of proprietary features, where many cutting-
edge capabilities are in flux—either the standards aren’t complete or are
yet to be widely adopted.” (For more information, see also the HP article,
“Top 4 Considerations for Unified Wired and Wireless Access Solutions”
by Martine Velkeniers at h30507.www3.hp.com/t5/HP-Networking/
Top-4-considerations-for-Unified-Wired-and-Wireless-Access/
ba-p/128941.)
18 Chapter 2: The HP Unified Wired and Wireless Access solution
Changing the rules of user access
At HP, we are changing the rules of networking with HP FlexNetwork architec-
ture, a component of proven HP Converged Infrastructure (for more informa-
tion about HP Converged Infrastructure or HP FlexNetwork architecture, go to
h17007.www1.hp.com/us/en/converged-infrastructure/). With FlexNetwork
architecture (see Figure 2-1), networks can be open, scalable, secure, agile,
and consistent from the data center, where applications are generated, to the
campus and branch, where users consume them.
Figure 2-1 The HP FlexNetwork architecture
With HP FlexCampus, an integral part of HP FlexNetwork architecture, you can
unify wired and WLAN campus networks to deliver consistent user experience,
integrated security, and single-pane-of-glass management. The solution seam-
lessly connects servers, storage, applications, and end users across a high-
performance network with one management platform to give you a simplified
architecture, improved security, agile service delivery, and reduced IT costs.
The HP three-phase approach
The HP vision is an evolutionary three-phase approach to unifying network
access that protects your existing investments and minimizes disruption
along the way. In the first phase, you begin by unifying your existing wired
network with your wireless network. In the second phase, you optimize the
campus network for wireless connectivity. And, in the third phase, you accel-
erate by establishing wireless as the key form of connectivity, offering wired
as needed (see Figure 2-2).
19BYOD and Beyond
Figure 2-2 HP three-phase approach to unifying access
Phase 1: Unify wired and wireless networks
In the first phase, you unify access to wired and wireless networks to bring
together these once-disparate networks in a seamless fashion. Unifying
access improves the user experience and lowers capital and operational
expenses. HP provides the flexibility to choose networking solutions that fit
your company’s business needs. We offer a broad portfolio of wired switches
and wireless LANs, and we continue to evolve our switches and mobility
solutions.
HP offers the following to unify the wired and wireless LAN access layer
components:
Integrated and dedicated wireless controllers—Seamless integration of
WLAN controllers with HP fixed and modular switching platforms is an option
from HP. These integrated controllers unify hardware to provide the neces-
sary high availability and redundancy with one device to manage. Another
option is dedicated mobility controllers, which are also available for custom-
ers with multivendor wireless networks.
20 Chapter 2: The HP Unified Wired and Wireless Access solution
Unified management and BYOD—HP Intelligent Management Center, or IMC,
provides network monitoring and security for wired and wireless networks.
HP IMC gives IT a single-pane-of-glass management application for the cam-
pus network and for data center and branch office networks.
The HP Unified Wired and Wireless Access solution leverages technologies in
HP IMC and the network infrastructure to protect company-issued and per-
sonally owned mobile devices. Your administrators can specify the network
access rules, policies, and endpoint health posture requirements to meet
your organization’s policies and industry-compliance requirements. IT can
also manage BYOD devices across the full cycle, including device onboard-
ing, provisioning, and monitoring, from the same tool. Network security and
performance policies for BYOD and company-owned mobile devices can be
dynamically provisioned based on user, device, location, and endpoint secu-
rity health.
Unified features—Because all HP products are based on industry standards,
IT can deploy consistent features and access policies for all devices—no mat-
ter what type of device it is. Features, such as 802.11x, sFlow, and QoS, can
be set once and pushed to all devices to provide consistency across the net-
work. Also, with features such as Power Over Ethernet (PoE), management
policies can be set to turn off devices at certain times during the day to help
with energy efficiency.
Phase 2: Optimize for wireless connectivity
After implementing unified wired and wireless access in Phase 1 with the cur-
rent HP tools, you can further optimize the WLAN on your campus networks.
It is a new opportunity to rebalance your networks to make the WLAN ubiqui-
tous. You can also reduce redundant access where and when it makes sense
to further reduce capital and operational expenditures through HP Virtual
Application Networks.
In addition, HP RF optimization features and HP Wi-Fi Clear Connect software
are important in further optimizing the performance of your wireless campus
network. HP Wi-Fi Clear Connect automatically monitors and tunes the per-
formance of your WLAN and adjusts to the changing RF conditions present
in your environment. These capabilities make it easier for you to deliver the
seamless Wi-Fi experience that your workers expect today.
21BYOD and Beyond
Figure 2-3 HP Virtual Application Networks with HP FlexNetwork
architecture
Phase 3: Accelerate—provide wireless as the key form of connectivity
In the third phase, you establish wireless as the key form of connectivity and
wired availability as needed. During this phase, your IT can move to an all-
wireless network. You can also deploy Virtual Application Networks auto-
mation and administration with SLA monitoring, global policy management,
highly granular access-based threat management, and agile provisioning.
HP Virtual Application Networks delivers large-scale performance, resil-
iency, and security, as well as improved wireless capacity through RF innova-
tion, such as multiuser multiple input and multiple output (MIMO) and smart
antenna technology, along with advanced network management tools. In
addition, Virtual Application Networks provides a seamless interface to the
suite of HP Business Process Management tools for dynamic problem reso-
lution, advanced analytics and client self-provisioning, distributed QoS and
application support, and per-port intrusion prevention with acceleration.
22 Chapter 2: The HP Unified Wired and Wireless Access solution
Figure 2-4 HP Virtual Application Networks
Administrators use templates to characterize application-delivery require-
ments to ensure optimal application performance and reliability. Different
virtual networks can be designed to fit the needs of your various ten-
ants, applications, and services. Policy templates specify a broad range of
parameters, from QoS to security to bandwidth requirements. Polices are
enforced consistently, even in global networks. The foundation of the Virtual
Application Networks solution is HP IMC, which provides the tools to design,
create, and manage these virtual networks. Ultimately, your administrators
can quickly and efficiently design network connectivity and instantly connect
new services, applications, and users to your network. Another key advance
is that IT can manage the network with policies rather than with CLI scripts.
23BYOD and Beyond
Unifying the campus edge with integrated functionality
The HP Unified Wired and Wireless Access solution gives your IT the platform
it needs to capture today’s rich-media, BYOD, UC&C, and converged-infra-
structure transformations to enable business innovations. Selecting products
from the comprehensive HP portfolio of campus access technologies, your
business can deliver reliable high-performance network services to mobile
users and rich-media applications. With guest and BYOD access, high-speed
performance, consistent policy enforcement, and single-pane-of-glass man-
agement, HP unified access solutions deliver a clear advantage over stand-
alone wired or wireless LAN solutions.
High-performance wireless—HP offers a portfolio of high-performance
wireless solutions, including dual 802.11n 450 Mb/s access points (APs) with
three-stream technology. Also, HP MultiService Mobility (MSM) access points,
RF optimization features, and wireless controllers deliver the wired-like per-
formance needed to support today’s mobile workers.
Optimal wireless connectivity—Enterprises and solution providers can use
HP RF Planner to accurately model WLAN coverage by factoring in variables,
such as physical features, building materials, and WLAN equipment char-
acteristics. With RF Planner, your network architects can optimize 802.11n
networks for today’s dense mobile environments. RF Planner also facilitates
deployment by assessing security risks and generating equipment lists.
As organizations add WLAN capacity to meet workers’ mobility needs, they
typically deploy more PoE. PoE gives organizations greater flexibility in
deployment and eliminates the need to run additional wires to power wire-
less access points or IP phones, IP surveillance cameras, and other devices.
HP supports 802.3af PoE and IEEE 802.3at PoE+ in a broad selection of HP
switches.
Unified security and policy—In a world where users are constantly on the
move, you can unify access control with HP products to strengthen your secu-
rity. Permissions are associated with a user’s identity, so the appropriate
security policies are applied—regardless where the user goes. IT has a con-
sistent method to provide guest and BYOD access, user authentication, policy
enforcement, and user management, whether users connect over wired or
24 Chapter 2: The HP Unified Wired and Wireless Access solution
wireless networks. Unifying access control also reduces the number of net-
work tools. And it reduces the complexity and cost of the network application
services needed to provision, manage, and authenticate users across one or
multiple enterprises.
Today, with the HP Unified Wired and Wireless Access solution, you can deploy
hardware platforms on the access layer with integrated functionality that
deliver unified wired and wireless LAN connectivity, including guest access,
single-pane-of-glass management, and reliable security and policy enforce-
ment. With this integration, you can deliver a consistent user experience while
minimizing capital and operational expenditures.
Energy efficiency for greater savings—With HP solutions, you can optimize
power for your campus networks and thus deliver additional savings. Multiple
HP switches support Energy-Efficient Ethernet (EEE). Also known as IEEE
802.1az, EEE optimizes switches’ power usage by reducing power to switch
ports when they are not transmitting or receiving.
In addition, multiple HP switches conserve power through power-manage-
ment techniques implemented in the highly integrated HP ProVision applica-
tion-specific integrated circuits (ASICs), including voltage islands and variable
clocking, which reduce the chip’s power consumption.
Greater visibility into network performance—HP products support sFlow,
which provides clear visibility to the usage and active routes of both wired
and wireless connections. Integrated support for sFlow across HP Networking
portfolio means higher performance and a more cost-effective solution. Using
HP sFlow, your administrators have insight into metrics, such as top talkers,
top applications, and network connections, on wired and wireless networks.
Network monitoring and troubleshooting is simplified with a unified access
layer, and support for sFlow is essential for gaining visibility to the unified
network.
Single-pane-of-glass management—HP IMC delivers unified and consistent
management for all network components, including wired and wireless net-
works, and delivers single-pane-of-glass management. In addition, access
control, application performance management, and management of Virtual
Application Networks on the campus are modular features that can be added
to IMC, further extending its rich capabilities.
25BYOD and Beyond
Role-based access and centralized policy enforcement—Identity-based
access ensures that the appropriate security and policies are applied consis-
tently, whether the user connects through a wired or wireless LAN. Advanced
QoS provides your users with the optimal experience, even when using time-
sensitive voice, video, and other rich-media applications. With HP IMC, you
can enforce the controls you need, while giving users the freedom to use the
mobile devices they want.
Enterprise-class reliability and lifetime warranty—All HP Networking
switches that are part of the HP Unified Wired and Wireless Access solution
are backed by the HP lifetime warranty with next-business-day advance
replacement. There is no charge for software updates and phone support.
This lifetime warranty from HP with free, normal-business-hours phone sup-
port drastically reduces your TCO. While most businesses pay close attention
to the availability and reliability of their core networks, campus networks are
often considered to be less critical. However, mobility makes the resiliency
of the campus network more important than ever before. If a wired switch
fails, the attached access points can lose connectivity, potentially cutting off
network services to hundreds of users. HP access switches are prepared to
meet high levels of reliability, and they are designed with redundant and hot-
swappable power supplies, modules, and fans to ensure continuous network
operations.
26 Chapter 2: The HP Unified Wired and Wireless Access solution
Key takeaways
Before you begin planning for a unified network, there are several issues to take into
consideration. After you understand these issues, you can use the HP three-phase
approach to implement your strategy without disrupting your company’s network.
Using HP Networking products, you can implement your BYOD and UC&C policies
while planning for future needs.
99 Ensure high performance for bandwidth-intensive applications, simplify
deployment and management, and maintain security with limited resources.
99 Use an evolutionary—not revolutionary—approach to move from a mostly
wired solution to a high-speed, secure, mixed wired and wireless solution. Use
the HP three-phase approach to bring legacy networks into unified networks.
99 Deliver a unified solution to campus networks to improve the user experience,
strengthen security, and simplify management with an HP Unified Wired and
Wireless Access solution.
99 Capture today’s rich-media, BYOD, UC&C, and converged-infrastructure capa-
bilities to enable business innovations at the edge of the network with the HP
Unified Wired and Wireless Access solution.
In Chapter 3: Building a better network with HP, we take a look at current HP
wired, wireless, and management features and benefits that can help you
build and optimize your network for unified wired and wireless access.
Reference
1 Mullins, Robert. “Network Buyers Survey: Standards Trump Features.” January 11, 2012. www.networkcomputing.com/next-gen-network-tech-center/network-buyers-survey-standards-trump-f/232400059
Chapter 3
Building a better network with HP
In this chapter
99 Which three key product components make HP Unified Wired and Wireless
Access possible?
99 What is required of wired devices to access a unified network?
99 What is required of wireless devices to access a unified network?
99 What should network management software be able to do for a unified access
network?
HP Unified Wired and Wireless Access
With the comprehensive HP Networking portfolio of campus access
technologies, businesses can deliver reliable high-performance network ser-
vices to the growing numbers of mobile users.
28 Chapter 3: Building a better network with HP
Figure 3-1 Features of the HP Networking portfolio at work
With guest and BYOD access, consistent policy enforcement, and single-pane-
of-glass management, HP Unified Wired and Wireless Access solutions deliver
many benefits, including:
9z Single-pane-of-glass management with HP Intelligent Management
Center, or IMC, which simplifies network management and delivers reli-
able security for wired and wireless networks.
9z Unified access and policy control associated with a user’s identity, which
provides consistent guest and BYOD access, user authentication, policy
enforcement, and user management across wired or wireless networks.
9z Integrated 802.11n WLAN controller modules for HP modular switching
platforms, which save you real-estate space and provide redundancy for
always-on network access.
9z Dedicated mobility controllers, which are available to deliver flexibility
and choice.
9z EEE, IMC power-saving policies, and other power-saving features, which
help decrease your total energy costs.
29BYOD and Beyond
HP wired switches for Unified Wired and Wireless Access
When legacy networks are pushed to the limit, they become fragile, vulner-
able, difficult to manage, and expensive to operate. Businesses with networks
at this breaking point risk missing the next wave of opportunities, such as
BYOD and UC&C. HP offers a variety of switches that help meet the needs of
various network environments. These switches provide connectivity, perfor-
mance, scalability, security, and energy efficiency, and they all can be man-
aged through single-pane-of-glass management software.
Industry standards—All HP switches are built on industry standards. You
benefit from the open, standards-based approach that provides your busi-
ness scalability, security, agility, and a consistent user experience. With HP
FlexNetwork architecture, you can build a modular, heterogeneous network
with interoperable multivendor components to extend wireless and wired net-
works that are integrated, secure, and easier to manage. The HP FlexNetwork
architecture is a solution that adapts to your business conditions and gives
you a new way to connect and condense architecture with single-pane-of-
glass management.
1 GbE and 10 GbE—With switches that provide 1 GbE access and 10 GbE
uplinks, you can minimize network bottlenecks, which are often the result of
employees straining the capabilities of the network with bandwidth-intensive
applications, such as streaming video. HP has designed several switch series
to alleviate this problem with 1 GbE connections to client devices and up to 10
GbE to the core.
Layer 2 and Layer 3 functionality—HP access switches have the resiliency,
scalability, and Layer 2 and Layer 3 functionality needed to support migration
from the traditional three-tier networking model to a consolidated two-tier
model that is based on one collapsed tier for Layer 2 and Layer 3 distribu-
tion and access switching. The benefits of a single layer of aggregation in the
wiring closet include reduced switch count, simplified traffic flow patterns,
elimination of potential Layer 2 loops, as well as STP scalability issues and
improved overall reliability.
30 Chapter 3: Building a better network with HP
Figure 3-2 HP optimized core and access layers
Power Over Ethernet—PoE provides convenience, cost savings, and in some
cases, solutions that are very difficult to conveniently provide any other way.
For example, clients can be placed wherever they are needed without requir-
ing power in proximity—they need only the wired Ethernet connection. The
most obvious client type that can take advantage of this is the wireless AP,
which can be situated for best radio-signal characteristics or hidden overhead
in the ceiling without having to pull power to that spot.
Another key benefit of PoE is cost savings. Getting power to areas that are not
typically served by power can greatly reduce installation cost. Power circuits
require electricians and breaker boxes, and providing power in the Ethernet
cable avoids these issues. Moving the client, if necessary, is also much easier.
Also, PoE enables solutions that are not otherwise available. For example,
building infrastructure, such as network-controlled door locks or security
cameras, are difficult to implement without PoE power. Many of these solu-
tions cannot fulfill the flexibility of location without PoE.
QoS and bandwidth management—Advanced QoS features in HP switches
ensure that your employees have the optimal experience, even when using
time-sensitive voice, video, and other rich-media applications. Also, HP sFlow
provides clear visibility into the usage and active routes of both wired and
wireless connections, and integrated support for HP sFlow across the HP
Networking portfolio means higher performance and a more cost-effective
solution. HP sFlow gives administrators insight into metrics, such as top talk-
31BYOD and Beyond
ers, top applications, and network connections, on wired and wireless net-
works. Network monitoring and troubleshooting are simplified with a unified
access layer, and support for sFlow provides essential visibility into the uni-
fied network.
High availability built in—Some HP access switches have redundant hard-
ware components, such as power supplies and fans. These components can
be hot-swapped when they fail without affecting network traffic. If one of the
modules fails, advanced chassis switches offer redundant fabric and manage-
ment modules that provide nonstop switching and routing. Advanced fea-
tures, such as In-Service Software Upgrade (ISSU), are typically deployed in
the network distribution and core devices to minimize downtime.
Energy Efficiency Ethernet—EEE is a physical-layer standard that reduces
network power consumption by disabling transmit logic when there are idle
periods. The key benefit of EEE is realized when port traffic is underutilized.
EEE works out of the box and does not require any management software
that needs additional overhead or monitoring. When two EEE devices are con-
nected, you immediately start realizing the energy savings.
Depending on traffic patterns and idle periods, power savings can be fairly
substantial because PHY power consumption is second only to packet-pro-
cessing silicon. And because EEE is an inter-network (versus an internal)
power-saving mechanism, power savings are achieved on both the receiver
and the transmitter switch. The periods of power-saving enablement are con-
trolled by a standard link protocol negotiated on both sides of a link. Thus,
the energy savings are in real time and can be realized across the connected
network devices.
Security—Identity-based access ensures that the appropriate security and
policies are applied consistently, whether users connect through a wired or
wireless LAN. Advanced QoS ensures that your users have the optimal expe-
rience, even when using time-sensitive voice, video, and other rich-media
applications. With our access switches, you can enforce the controls you need
while giving users the freedom to use the devices they want. Many HP switch
products fully support 802.1x access control as well as Mac-Address Failure
Redirect (MAFR), which enables Simple Network Access Control (SNAC), a sim-
pler way to support BYOD. Devices are authenticated and authorized before
accessing the network, reducing vulnerabilities and security breaches.
32 Chapter 3: Building a better network with HP
Stacking and modular functionality—HP offers a variety of modular and
fixed-port, stackable switches to meet your networking requirements.
Modular switches often provide maximum flexibility and investment protec-
tion, and they offer an array of interface modules that are typically cycled
through upgrades at least three times over a period of seven to ten years.
Modular switches usually offer much better backplane performance than a
stack of switches, and they normally have better power utilization on a per-
port basis than a stack. Because the switch management is isolated from the
I/O modules, an I/O failure has no impact on either the switch performance or
the other ports on the chassis.
With the HP set of switch virtualization technologies, your enterprise can dra-
matically simplify the design and operations of your campus fixed-port net-
works. HP stacking technologies essentially flatten campus networks, helping
to eliminate the need for a dedicated aggregation layer, and provide direct,
higher capacity connections between your users and network resources. Your
enterprise can overcome the limitations of legacy design and inefficient pro-
tocols by delivering new levels of network performance and resiliency.
HP switch virtualization technologies extend the performance and scalability
benefits of modular, chassis-based switches to both modular and stackable
switches. You no longer need to compromise enterprise capabilities for the
convenience and cost of a stackable switch. These HP switch virtualization
technologies, including HP Intelligent Resilient Framework, or IRF, and HP
Mesh, are included in a variety of HP campus switches.
UC&C application integration—Voice services that enhance applications
can be integrated in a switch as part of your company’s unified communica-
tions services. The HP AllianceOne Partner Program is focused on enabling
you to deliver secure, best-in-class networking solutions for your enterprise.
HP AllianceOne gives you the confidence that the joint solution works and is
supported—while providing the right application choice. This confidence is
provided through selected channel partners, HP support, and HP AllianceOne
Networking solution certifications. You can rely on HP Networking channel
partners who are qualified in both HP and alliance partners’ products to pro-
vide support services for the combined solution.
33BYOD and Beyond
HP WLAN access points and controllers for unified access
By the end of the decade, an estimated 50 billion devices will connect to wire-
less networks.1 For worker and machine-to-machine transactions, WLAN will
emerge as the preferred method of network connectivity. One day very soon,
a wired-only network will be the exception.
Yet, many enterprises have found that their existing WLAN deployments
deliver a substandard user experience compared to wired networks. Distance
limitations of legacy WLAN implementations hinder true mobility, and perfor-
mance of those networks inhibits video delivery. In addition, securing a WLAN
often requires a separate platform, which drives up complexity and cost and
potentially impacts performance.
Nonblocking optimized architecture—HP MultiService Mobility (MSM) APs
and MSM wireless controllers deliver the wired-like performance needed to
support your mobile workers who rely heavily on smartphones, tablets, and
laptops. The optimized HP WLAN architecture supports flexible traffic distri-
bution models and combines centralized management and control with intel-
ligent access points at the edge of the network for unparalleled scalability,
performance, and ease of deployment. The highly extensible WLAN architec-
ture and product family (which includes HP MSM 802.11n APs and HP control-
lers) enable optimal performance with low impact on the wired backbone, no
single point of failure, and cost-effective scalability.
MSM APs—HP dual-radio three spatial-stream 802.11n APs give you near-
gigabit client access and support twice the number of users compared to two
spatial-stream access points. Sitting at the wired-wireless boundary, these
intelligent APs can apply policies and forward packets directly between cli-
ents and servers or can forward traffic to a centralized WLAN controller for
handling so that your network planners have greater choice and flexibility as
they roll out and expand wireless infrastructure.
The APs also leverage RF optimization features, such as beam-forming and
band-steering, to optimize client performance and to move 5 GHz–capable
clients to the less-congested 5 GHz spectrum. This leaves the 2.4 GHz for
clients that are not 802.11n capable, which increases your overall network
capacity. Your IT administrators can also use channel bonding in the 5 GHz
spectrum to double effective throughput for high-bandwidth applications and
BYOD traffic.
34 Chapter 3: Building a better network with HP
HP WLAN controllers—You can meet the needs of any size organization, from small offices to large enterprise campuses. HP controllers provide
refined user control and management, comprehensive RF management and
security, fast roaming, strong QoS and IPv4/IPv6 features, and powerful
WLAN access-control capability. The controllers support both central-ized and distributed forwarding to deliver flexible deployment options that optimize traffic flow, reduce latency, and increase WLAN scalability. HP
large-enterprise controllers provide resiliency and high availability with 1+1
fast backup and N+1 and N+N redundancy options. HP 1+1 redundancy option
supports subsecond failover to ensure continuity of services in large enter-
prise networks.
Working together with HP APs, the HP WLAN controllers can be deployed on
Layer 2 or Layer 3 networks without affecting existing configurations. HP
WLAN controllers can be integrated with existing fixed and modular switching
platforms. The HP portfolio also includes dedicated mobility controllers for
overlay deployments. HP integrated controller modules for midmarket and
enterprise switching platforms unify hardware to provide the necessary high
availability and redundancy with one device to manage.
Self-optimizing WLAN performance—With the HP unified access solution,
your WLAN is self-healing, so you do not need to worry about users encoun-
tering dead spots or unpredictable performance when there is RF interfer-
ence or if an AP or radio fails. HP Wi-Fi Clear Connect software automatically
adjusts to changing RF conditions and delivers reliable Wi-Fi service to your
users.
HP Wi-Fi Clear Connect uses advanced Radio Resource Management (RRM)
to optimize WLAN performance and reliability, mitigate interference, detect
wireless threats, and simplify management. RRM automatically assigns and
tunes the transmit power levels and RF channels on APs to optimize the
system-wide performance and reliability of your WLAN. RRM takes place in
the background. Each AP scans all its available radio channels to monitor and
identify RF interference from non–Wi-Fi sources. If an AP detects persistent
interference, it chooses the best alternative channel after verifying that the
interference is not present on the alternative channel. Scanning happens
quickly so that it does not impact the AP’s ability to service clients.
35BYOD and Beyond
For example, if an AP detects interference from a microwave oven on Channel
1, it automatically changes its clients to Channel 11 (see Figure 3-3). The AP
minimizes disruptions as Wi-Fi devices are moved to the new channel, so
users’ IP voice and application sessions continue without pause.
Figure 3-3 Automatic interference mitigation
Wi-Fi Clear Connect further helps you improve your users’ Wi-Fi experience by
using dynamic client load balancing and airtime fairness. Dynamic client load
balancing is especially important in dense environments, such as classrooms
or conference rooms, as well as for supporting BYOD initiatives. With dynamic
client load balancing, the software determines the client load of its neighbor-
ing APs or the average number of clients per radio per band that the AP sup-
ports. It then balances the client load among APs by adjusting the transmit
power to move the clients gracefully to a less-crowded AP, which gives users
greater performance and a better experience.
Specifically, airtime fairness enhances the user experience for 802.11n
devices. In a mixed network where 802.11a/b/g clients transmit at lower
speeds than 802.11n devices, the performance of the faster 802.11n laptops,
tablets, and smartphones can suffer. But with airtime fairness built in to the
HP WLAN system, all Wi-Fi clients are ensured equal transmit time over the
air. This way, one client cannot dominate the bandwidth, none of the Wi-Fi
devices starve, and the older, slower Wi-Fi devices do not hold up the faster
802.11n laptops, tablets, and smartphones. Airtime fairness is also aware of
the underlying QoS policies, ensuring that voice and other high-priority traffic
is never delayed by low-priority traffic.
36 Chapter 3: Building a better network with HP
HP Wi-Fi Clear Connect safeguards the WLAN against wireless threats with
an integrated wireless intrusion detection system (WIDS). The WIDS detects
common threats, including denial-of-service attacks, as well as unauthor-
ized APs and clients. Wireless threat detection is built in (no additional license
fees), and with it, your administrators can deploy APs as dedicated sensors or
in a hybrid mode that provides both sensor functionality and client services.
HP RF Planner—With the HP RF Planner, you can model WLAN coverage accu-
rately by factoring in variables, such as physical features, building materi-
als, and WLAN equipment characteristics. Using this software, your network
architects can ensure that your 802.11n network is optimized for the dense
mobile environments that support today’s mobile workers and tablets.
Features and benefits of HP Intelligent Management Center
Using different toolsets—one for your wired network, one for your wireless—
can be challenging to your efforts to manage your network, not to mention
troubleshooting the root cause of issues affecting either one. Instead of turn-
ing to a myriad of network management tools, your IT staff can use HP IMC
for single-pane-of-glass management across wired and wireless devices and
other multivendor network infrastructures that require in-depth control and
management of virtual environments. You can easily find and rectify issues
with the HP IMC deep visibility and management of both networks. HP IMC
delivers unified and consistent management for all network components,
including wireless and wired networks. The single IMC console manages more
than 6,000 devices from 220 manufacturers, plus the complete HP portfolio.
HP IMC provides full-fault, configuration, accounting, performance, and
security (FCAPS) management and scales easily from small to very large
deployments. It is a modular platform that deepens the breadth and depth
of network management functions and other network services when needed.
By consolidating what traditionally is deployed as a variety of separate tools,
IMC simplifies operations and management and boosts network availability
through improved mean time to repair (also known as MTTR) through a single
place for monitoring and remediation.
37BYOD and Beyond
HP IMC network access control—HP IMC uses role-based access and cen-
tralized policy enforcement, that is, identity-based access ensures that the
appropriate security and policies are applied consistently to users and their
devices regardless of whether they connect through a wired or wireless
LAN. The access-control solution of HP IMC consists of three components
that are integrated seamlessly in the IMC base platform and provides NAC,
policy enforcement, and quarantining to ensure the security of the network
infrastructure:
9z HP IMC User Access Manager (UAM) module is the first component of
the NAC solution. IMC UAM extends management to wired, wireless, and
remote network devices and enables the integration, correlation, and
collaboration of user- and network-device management on one platform.
By providing authentication and authorization for devices accessing the
network, IMC UAM helps reduce vulnerabilities and security breaches. For
granular, consistent policy enforcement across users and devices, IMC
UAM also identifies devices through fingerprinting.
9z The second component, IMC Endpoint Admission Defense (EAD) service
module, provides security policy management and enforcement for
ensuring that end-user devices comply with established security poli-
cies. With IMC EAD software, which works in conjunction with HP IMC UAM,
administrators can control endpoint admission based on each device’s
identity and posture. If an endpoint is not compliant with the established
policies, access to the network can be isolated or blocked for remedia-
tion. Also, for ongoing protection, IMC EAD software continually monitors
each endpoint’s traffic, installed software running processes, and registry
changes.
9z The third component, IMC iNode client, is an agent that is installed on
the end-user computer. The IMC iNode client works in conjunction with
both IMC UAM and EAD to provide access, authorization, security man-
agement, and enforcement. The IMC iNode client works with the IMC UAM
service module to ensure that the access policies defined in IMC UAM
for access, authorization, and authentication are both supported and
enforced at the endpoint. The IMC iNode client works with the IMC EAD
service module to ensure that the security policies defined in IMC EAD are
enforced and, when necessary, actions are taken to quarantine endpoints
and to support users in resolving security policy violations. In essence,
38 Chapter 3: Building a better network with HP
IMC UAM and EAD service modules, along with endpoint control through
the IMC iNode client, consolidate NAC functions for you in one integrated
platform.
9z HP IMC user monitoring—IMC also gives your network administrators vis-
ibility into user behavior with the IMC User Behavior Analyzer (UBA) mod-
ule. With the UBA module, your administrators can audit user behavior for
website access, including information on specific URLs. Administrators
can also audit user activity by email sender or receiver addresses, data-
base access and operations, file transfers, and FTP access. When used
in conjunction with the IMC UAM service module, IMC UBA also provides
user-behavior auditing by user name and IP address. IMC UBA visibility is
the result of analyzing data from many sources, including NAT (network
address translation) records, NetStream, NetFlow, and sFlow records,
and DIG probe logs.
HP IMC UBA gives your administrators control of filtering, data aggregation,
and application identification and definitions. As with other IMC features, with
UBA your administrators can manage auditing tasks, including saving task
configurations for future use. UBA provides summarized audit reporting that
can query, sort, and group audit results by many fields, as well as saving audit
results to a file for downloading.
HP IMC QoS Manager
The HP IMC QoS Manager (QoSM) component enhances visibility and control
over QoS configurations on network devices. It provides real-time network
detection of QoS configurations, so you can unify management of QoS poli-
cies. With QoSM, your administrators can organize traffic into different classes
based on the configured matching criteria—such as IP protocol type, among
others—to provide differentiated services. The software gives you insight
into committed access rate (CAR), generic traffic shaping (GTS), priority mark-
ing, queue scheduling, and congestion avoidance so that IT staff can more
effectively control and allocate network resources.
39BYOD and Beyond
With a rich set of QoS device and configuration management functions, IMC
assists your administrators to focus on QoS service planning and the most
economical and effective use of network resources, ignoring differences in the
QoS configurations of multiple devices. HP IMC QoSM provides real-time net-
work detection of QoS configurations because it identifies QoS network-wide
configurations, enabling unified management of QoS policies.
Key takeaways
You can implement an evolutionary plan to unify your wired and wireless access
connections with HP Networking products at your own pace without replacing your
entire legacy network. With HP switches, you can scale your network when you need
to expand capabilities for connectivity, performance, security, and energy efficiency.
With HP IMC, you can consolidate network control with its single-pane-of-glass
management software.
99 The HP Unified Wired and Wireless Access solution comprises three key com-
ponents: HP IMC, HP Wired Switches, and HP WLAN APs and controllers.
99 The HP Wired Switches portfolio is a complete line of products providing
superior reliability, scalability, and performance, as well as comprehensive
features that help reduce complexity and maximize IT ROI.
99 The HP Networking portfolio offers intelligent wireless solutions that provide
planning guidance, access, management, and security.
99 The HP IMC is a comprehensive platform that enables the efficient implemen-
tation of network management. Its modular design makes it possible to inte-
grate traditionally separate management tools.
In Chapter 4: HP unified access meets the challenge, we look at how these HP
products meet your requirements for a complete unified access solution.
References
1 “More Than 50 Billion Connected Devices,” Ericcson. February 2011. www.ericsson.com/res/docs/whitepapers/wp-50-billions.pdf
Chapter 4
HP unified access meets the challenge
In this chapter
99 Which key HP products are available to control user access and to manage
your identity-based policies for BYOD and UC&C initiatives?
99 How do HP unified access and HP AllianceOne partnerships provide the net-
work speed for rich-media communications and simplify network design?
99 How do you use HP unified access to integrate third-party applications, such
as Microsoft Lync, to provide survivable services (for example, external phone
calls) while sustaining internal peer-to-peer communications when the data
center cannot be reached?
Your business is deploying new technologies and applications to gain a
competitive advantage. With your company’s expanding mobility require-
ments, now is the time to plan how to unify your wired and wireless access
for your new BYOD and UC&C initiatives. But you might be apprehensive about
adding complexity to your IT infrastructure, so you might try to acquire appli-
cations from your existing networking vendor. However, these are rarely best-
in-class. With HP Networking products and services, you can plan a migration
path to suit your business needs, your budget, and your own timeline.
The open, standards-based HP FlexNetwork architecture strategy incorpo-
rates applications from a variety of vendors, so you can choose the appli-
cations that best meet your needs, whether that means integrating WLAN
controllers in access switches or leveraging dedicated mobility controllers.
With a high-performance HP WLAN solution that integrates products from
42 Chapter 4: HP unified access meets the challenge
an extensive switching, routing, and security portfolio, you can meet your
company’s demand for an evolving mix of wired and wireless network ser-
vices while lowering capital and operational expenses. And, through the HP
AllianceOne partner program, the applications you choose go through a rigor-
ous certification process to ensure that all components are effective. We take
a look at how the HP Unified Wired and Wireless Access solution can help you
accomplish this.
Key unified access features: BYOD
An HP BYOD solution based on HP IMC delivers complete visibility from the
data center to the network edge. IMC goes beyond BYOD requirements by
delivering converged management across various networks—physical and
virtual, wired and wireless—and applies the appropriate security policies to
your users and their devices (personal or company owned).
Traditionally separate management tools, network services, policy manage-
ment, and user and traffic monitoring are integrated in the HP IMC modular
design so that you can manage and secure your wired and wireless infrastruc-
ture easily from one central location. Because of the HP IMC modular design,
deploying your BYOD solution is less complicated and easier to use. The mod-
ular design gives you the flexibility to add functionality as needed without the
need to deploy separate management tools.
For granular network and application access, HP IMC manages user access and
identity-based policies so that your IT managers can resolve complex security
challenges associated with BYOD policies. Your IT administrators can establish
and enforce granular and consistent network access policies for wired, wire-
less, and VPN users to protect your IT assets, mitigate risks, optimize network
availability, and monitor regulatory compliance. HP IMC provides a compre-
hensive BYOD solution that supports wired and wireless device onboarding,
provisioning, and monitoring.
43BYOD and Beyond
Figure 4-1 HP BYOD solution
Key unified access features: UC&C
To effectively communicate and collaborate on projects with employees,
vendors, and partners, sophisticated tools are essential for your businesses
to stay ahead of the competition. However, the bandwidth needed for tools
employing voice, video, and desktop-sharing can place a heavy burden on
already overtaxed legacy networks. Using HP FlexNetwork architecture and
UC&C methods and devices, users can easily implement and use third-party,
best-in-class UC&C tools.
The low-latency and QoS requirements of UC&C solutions are well served
with the comprehensive HP Networking portfolio. To achieve the necessary
call and video quality for UC&C initiatives, Microsoft and HP have partnered to
produce a complete UC&C solution. In addition, the partnership has developed
HP 4110 and 4120 Lync-certified IP phones and the HP Survivable Branch
Communications zl Module, which ensures continuous service for your Lync
VoIP calls by routing traffic to the PSTN (public switch telephone network) if
your WAN is down.
44 Chapter 4: HP unified access meets the challenge
The HP-Microsoft alliance delivers UC&C benefits
During the 25 years of the successful HP-Microsoft partnership, our engineers have worked together to deliver integrated products that solve real business challenges. For example, throughout the HP and Microsoft alliance, HP remains the number one infrastructure provider, and Microsoft is the number one oper-ating system–applications provider. Together, HP and Microsoft are satisfying the UC&C requirements of millions of customers worldwide.
When you leverage the power of HP and Microsoft by deploying or adding Lync voice and HP infrastructure to your UC&C environment, you can:
9z Reduce infrastructure cost and complexity—HP Converged Infrastructure is an open, standards-based architecture that can be integrated with your legacy infrastructure to intelligently and dynam-ically evolve to an advanced flexible architecture for overall improve-ment of services, ease of use, and scalability.
9z Leverage existing Microsoft application and infrastructure invest-ments—Seamlessly integrate Lync voice with Microsoft Office, SharePoint Server, and Exchange Server. Create a consistent user experience companywide while reducing communications costs.
9z Increase efficiency and worker productivity—Support a mobile or distributed workforce without adding IT resources. Launch telecom-muting, work-from-home, and green initiatives to support virtual teams across geographies or regions.
9z Enhance communications—The tested and validated Lync solution from HP and Microsoft increases communication reliability so that your teams can better serve customers, retain a competitive edge, and differentiate your business from the competition.
These solutions, developed by the HP-Microsoft partnership, are aligned with the HP Unified Wired and Wireless Access solution to give you full scalability, manageability, and supportability, plus access to your entire network.
45BYOD and Beyond
Figure 4-2 HP UC&C solution
Key unified access features: rich media
Video is compelling because of the richness of the information it can deliver.
Video conferencing is used to improve collaboration of distributed teams, pro-
vide training, and help executive management teams align the organization
with corporate priorities. Legacy networks, however, were designed to handle
data communications. The convergence of data, voice, video, and collabora-
tion tools is pushing the legacy networks to a breaking point. Voice and video
place huge demands on the network and are one of the primary drivers of
change at the network edge. Support for PoE and PoE Plus, QoS, NAC /802.1X,
resiliency, and survivability are required.
When you add video capabilities, the demand has an immediate impact on the
network. Careful consideration must be given to designing optimal networks
with capabilities to support rich-media communications. Because the HP
Unified Wired and Wireless Access solution is based on open standards, your
IT team has the freedom to choose the proven solution for your business. The
HP Unified Wired and Wireless Access solution can help your IT department
securely deploy and centrally orchestrate a video-optimized solution starting
from the access layer.
46 Chapter 4: HP unified access meets the challenge
Benefits of HP Unified Wired and Wireless Access solution for rich media
9z Low latency network—The HP solution simplifies the network. Organizations can move to an optimized network, reducing latency and improving users’ video experiences. This approach delivers supe-rior end-to-end 802.1p/q–based QoS and a network bandwidth opti-mized for video with delivery at near-gigabit WLAN speeds.
9z Improved WAN connectivity—HP offers enhanced WAN from our HP AllianceOne partner Riverbed to accelerate access to rich-media con-tent through our modular wired-switch solutions. With this solution, you can implement prepositioning and video-on-demand caching (HTTP or HTTPS), split-stream technology, and multicast and unicast support. Improved WAN connectivity means regulated video streams, both in applications and social-based media.
9z Video application delivery—With FlexNetwork architecture, you can use video on demand and other video services—all integrated in one module. With the virtualization technology built in the module, HP solutions can simplify deployment and reduce the number of devices. Also, HP was the first networking vendor to bring EEE-compliant switches to the market. These switches consume less power than the industry average, contributing to lower TCO. Our switches support PoE/PoE+ features to power up remote video-surveillance cameras.
9z Interoperability—HP and our AllianceOne partners offer a variety of solutions to enhance and support your video applications. We have video gateways for visual collaboration (H.324, SIP), and our switches support Link Layer Discovery Protocol-Media Endpoint Discovery and autodiscovery features.
47BYOD and Beyond
Figure 4-3 Solution architecture for rich-media communications and
collaboration
Key takeaways
The HP Networking portfolio offers several products that can deliver the business
requirements for implementing BYOD and UC&C initiatives. Through partnership
with major vendors, such as Microsoft, HP delivers products that improve productiv-
ity across your enterprise.
99 The key HP products for controlling user access and managing your identity-
based policies for BYOD and UC&C initiatives are in the wired, wireless, and
network management portfolios, which provide choice and flexibility.
99 With Unified Wired and Wireless Access solution, your IT staff can provide
employees customized workplace applications and tools, which can help
them collaborate and communicate with video communications cost-effec-
tively. Third-party applications, such as Microsoft Lync, are integrated in the
HP portfolio to provide survivable services (for example, external phone calls)
while sustaining internal peer-to-peer communications when the data center
cannot be reached.
In Chapter 5: Expert resources and next steps, we explore the HP experts
and services that are available to help you instigate an HP Unified Wired and
Wireless Access solution. We also take a look at the HP ExpertOne career
certification program for IT professionals.
Chapter 5
Expert resources and next steps
In this chapter
99 Which HP services are available to help you plan and implement an HP Unified
Wired and Wireless Access solution?
99 Which HP program can help you train your employees as HP-certified experts?
Now that you understand the key components of HP Networking and how
they can be configured to implement a unified access solution for your cam-
pus, there are some first steps you can take toward evolving your network
and implementing your own BYOD and UC&C initiatives. Consult with the net-
working experts at HP. For long-range planning, you can also train your own
experts through the HP ExpertOne certification program.
HP expertise
HP offers consulting, outsourcing, and support services to help your enter-
prise plan, deploy, and operate your network infrastructure for better
results. HP can identify opportunities for automation and can integrate vari-
ous aspects of the HP Networking portfolio in your business processes for
increased business efficiency with new business models to help you redefine
your marketplace.
50 Chapter 5: Expert resources and next steps
The HP life-cycle approach to your unified-access solution begins with expert
consultations and their assessments to help you develop your strategy. This
approach includes architecture planning and design through solution imple-
mentation and global support, and then outsourcing, if desired. Regardless of
the products you choose, HP services and solutions deliver business value at
every phase. The HP approach is also collaborative and modular, so you can
implement the HP Networking components that address your most pressing
needs first and then add future capabilities according to a flexible timeline.
HP ExpertOne career certifications for IT professionals
Join the HP ExpertOne community of 500,000 IT professionals and gain
access to other HP experts that are working around the globe. HP offers edu-
cation services that are focused on the management of change to foster per-
vasive user adoption and learning solutions. The HP ExpertOne certification
program offers excellent training and the appropriate certifications across a
wide range of solutions—from all-in-one PCs to cloud computing. Choose the
HP learning options that work for you and your employees, including HP Press
publications and instructor-led or web-based training.
HP Networking certification topics include:
9z Cloud
9z Converged Infrastructure
9z Wireless networks
9z Network security
9z Virtualization
9z TippingPoint Security
51BYOD & Beyond
Refer to Table 5-1 for more information on ExpertOne certifications and HP
Networking services and training.
Table 5-1 HP ExpertOne certification programs and HP Networking services
Service or program Web address
HP ExpertOne www.hp.com/certification
HP ExpertOne networking career certification
www.hp.com/networking/expertone
HP Networking services www.hp.com/networking/services
HP Networking training www.hp.com/networking/training
HP Press publications www.hppress.com
52 Chapter 5: Expert resources and next steps
More resources
Go to the HP Networking website (www.hp.com/networking) to find a wealth
of information about HP Networking solutions and products. Resources
include white papers, videos, blogs, press releases, brochures, case studies,
fact sheets, and solution briefs. For more information on specific technologies
related to BYOD and on wired and wireless access solutions, see Table 5-2.
Table 5-2 More HP Networking resources
HP webpage Web address
Mobility www.hp.com/networking/mobility
Bring Your Own Device (BYOD), a Holistic Approach
www.hp.com/networking/byod
HP Unified Wired and Wireless Access
www.hp.com/networking/unified-access
Rich-media communications www.hp.com/networking/richmedia
Unified communications www.hp.com/networking/uc
HP Virtual Application Networks www.hp.com/networking/van
Data Center Interconnect (DCI) www.hp.com/networking/dci
Dynamic Virtual Private Network (DVPN)
www.hp.com/networking/dvpn
OpenFlow: Enabling technology for software-defined networking
www.hp.com/networking/openflow
AcknowledgmentsAt HP Press, our goal is to create in-depth technical books of the best quality
and value. Each book is crafted with care and precision, undergoing rigorous
development that involves the expertise of members from the professional
technical community. We would like to acknowledge the team of experts who
helped bring this book to market.
Author: John Faulkner
HP Press Program Manager: Michael Bishop
HP Contributors:
Rebecca Humphress
Martine Velkeniers
Kevin Secino
Gladys Alegre-Kimura
Steve Brar
Kowshik Bhat
Publisher: HP Press
We want to hear from you. Send email to [email protected]
HP HEADQUARTERS
Hewlett-Packard Company
3000 Hanover Street
Palo Alto, CA
94304-1185
USA
Phone: (+1) 650-857-1501
Fax: (+1) 650-857-5518
