Tuesday, October 16, 2012

Are You There RingMaster? It's Me Juniper. #WFD3 #Trapeze

DSC05680
Wireless Field Day #3 also visited Juniper to hear about their advancements since the Trapeze acquisition in 2010. The group of Juniper representatives were Tina Herrera, Bruce Alexander, Phal Nanda and Tim McCarthy.

Bruce Alexander has been in Wi-Fi since wireless began, and he gave us the overview on Juniper WLAN Architecture, describing the Local and Central Switching design of Juniper's wireless gear. He says that when you locally switch and have 802.11ac access points that you don't have to replace your controllers because the data doesn't hit the controller.



Juniper's wireless design uses virtualized controller clustering (resilient, non-stop enterprise connectivity). Their spectrum analysis is done with the standard access points and they can support scanning the spectrum and supporting clients through software licensing. The list price cost for an AP supporting spectrum analysis is $105 per access point, and you can move licenses in an ad-hoc fashion among the access points you've got deployed to support troubleshooting efforts.

Access point lineup WLA321 - single radio 802.11n 2X2
WLA322 - dual radio 802.11n 2X2
WLA522 - dual radio 2X2 MIMO 
WLA532 - dual radio 3X3 MIMO Maximum Performance
WLA621 - dual radio outdoors 3X3 heated NEMA enclosure

Controller lineup WLC2 - 4 (hardware licensed)
WLC8 - 12 (hardware licensed)
WLC800 - 16 - 128 (software licensed)
WLC880 - 16 - 256 (software licensed) remote AP with encryption to remote AP and IPV6
WLC2800 - 64 - 512 (software licensed) has 10GB interfaces


Juniper's Wireless LAN Management RingMaster Tool Suite (WLM-RMTS) is software if your'e managing up to 1000 access points and it is hardware if your'e managing 250 access points to 5,000 access points.

SmartPass allows for self provisioning of client devices, guest access and radius accounting. Juniper's centralized management allows for up to 32 controllers and 16,000 access points. It allows for continued service without rebooting the controller when the controller software is updated.


Jay Pochop (leads the hardware design team) did a fantastic job of taking us through the different Juniper access point and antenna designs, explaining they use Qualcomm chipsets and their goal is to be the best performing access point in that hardware category. Their two main points of focus are on the RF amplification and the antenna design.

Jay opened up the WLA532 and told us how the antennas are different from one another in the access point. The nulls in the antennas line up with the lobes from the other antennas in order to not have overlapping nulls. Juniper went one step further and tuned every antenna in the access point individually. If the two signals are polarized differently, 15-30db of isolation between two signals that are polarized differently. The horizontal polarity of the access points antenna is 66% and 33% are vertical in the six antenna layout. Juniper spent a long time to develop short vertically polarized antennas for their AP, then they optimized the 5GHz gain relative to the 2.4GHz antenna to be 7dBi on the 5GHz side and 3.5dBi on the 2.4GHz radio. 

Juniper deviated from the original reference design to get higher efficiency on the 2.4GHz radio. They use discreet power amplifiers to achieve higher receive gain on the antennas and have the same receive sensitivity. Juniper's hardware manufacturing return rate targets are .1 percent per year. They've shipped 10k APs out and haven't gotten any back yet due to hardware problems.
DSC05706
The installation brackets for Trapeze access points are easily moved and installed plastic brackets. Installation times are quoted as a 60 second install per AP once cabling is in and installed. The Trapeze plenum mount kit mounts access points directly above suspended ceiling metal (possibly not such a good idea due to the metal grid-work being directly under the access point).

The Trapeze access point naming convention is
300 performance level
500 performance level
600 outdoor

The 2nd number is the number of spatial streams, and the third number is the number of radios.

The Trapeze access points draw very little inline power, the overall power consumption for the 532 is less than 10w for a fully powered access point.



Bruce Alexander then demonstrated the automatic client load balancing and band steering capable with the Juniper controllers. He described Primary Seed and Secondary Seed controllers (the connectivity is much like stacked switches). When joining access points to controllers, you can mix types of access points on controllers and you don't have to assign primary secondary or tertiary controllers. The primary/secondary assignment happens automatically and the access points don't have to be in the same subnet.

If your access points are configured for local switching, if controller fails - calls or videos will continue, if not locally switching the roam is 300ms or less.

High availability licensing for controllers, each can be licensed for 128 APs and the other controller in the cluster can take those APs providing there's enough overhead on the controller to take the APs. Only license what you need, but you'd still need to have extra licenses on each controller.

Code upgrade on controllers can be done without reloading the controllers. The code on the APs are done to ones that are not serving clients, the other APs will have their power turned down to force clients to roam then the AP code will be upgraded.
You can schedule the whole upgrade cycle from RingMaster for a given time, you can't piecemeal the upgrade to just do the controllers and then the APs later.

Each client maintains two connections to two controllers so when the controller drops a few video artifacts will be seen, but the video call does not drop.


TIm McCarthy demonstrated RingMaster (version 8.0) as an RF planning tool to do predictive site surveys. RingMaster can understand wall properties as defined within AutoCad, it can place the APs, set the channels in a multi-floor planning mode.

Some of the features of RingMaster are:

  • Push configurations to controllers
  • Monitoring/reporting of users by user, radio, AP, WLC, SSID
  • 30 day history
  • WIDS/WIPS integration
  • Location aware
  • Search by location
  • Roaming history
  • Geo Fencing

The list pricing for RingMaster starts at $895 and the licensing is variable per number of APs.
You can model sources of interference into your predictive planning, and it's a Java based application, no web UI at this time.


Tim McCarthy then demonstrated Guest access and BYOD with the Trapeze SmartPass (stand alone application) solution. Smart pass is capable of guest provisioning, BYOD, self registration, the end user's credentials are sent via SMS. SmartPass integrates with SMS providers like Clickatel. SmartPass comes licensed to support 50 user accounts for $1400 list price. If you have setup a policy to block YouTube, the video feed doesn't show, but you do see the "spinny circle of death". 

My takeaway from Juniper's presentation on where they are now with Trapeze: From what I can tell, they've done a lot of work with the antennas of their access point line, but the UI for the RingMaster is still Java based. Back in 2004 I did a bake-off between Cisco and Trapeze for the hospital where I was working. Even then I hated the Java interface for managing Trapeze access points. I avoid Java UIs at all costs because Java has wronged me far too many times to trust it again. I thought Jay Pochop did a great job explaining the hardware advancements Juniper has made since the Trapeze acquisition. He was very informative about all aspects of their antenna design and where Juniper tweaked the reference standard specifications. I have not personally run into a Trapeze deployment in recent years, so I cannot speak to the functionality of new Trapeze access points or the RingMaster management platform. It was interesting to get a refresher on the current state of Trapeze Networks now that they're part of Juniper.

Juniper was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a Juniper t-shirt. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Thursday, October 11, 2012

Meraki Dashboard, Now With Real Customer Data #WFD3

DSC05548
Sanjit Biswas CEO of Meraki began the presentation at Wireless Field Day 3. Since the last Wireless Field Day in January of 2012, the company has doubled their number of employees, and has added thousands of new customers. 




The Meraki MR product line features Meraki NAC (since 2011), has a 3x3 radio. Depending on the access point model, it is possible to have device based group policies for iPad and Android devices. PCI compliance reporting, SMS login for guest access and Air marshal WIPS enforcement is all possible.

The Meraki MX Cloud Management Security Appliance product line establishes an auto VPN, supports application control, link bonding failover, high performance multi-gigabit firewalls, content filtering anti malware, as well as WAN optimization.

The Meraki MS switch line supports virtual 1g/10g stacking, VoIP prioritization, 802.1x port security and Layer 7 visibility.

The Meraki SM Systems Manager is their Mobile Device Management tool, which is available as a free download. It supports management of Macs, PCs and mobile devices via the cloud. In short, Meraki wants to have a single unified access layer to manage wired and wireless network components.

Meraki also now has a 2 day certification course covering wireless, switching, MDM and firewalls.


Ben Calderon VP of Hardware and Operations described Meraki's three phases of building and testing their products. Many technology partners are creating chipsets that Meraki uses:

  • Applied Micro
  • Skyworks
  • Qualcomm
  • Microsemi
  • Freescale
  • Broadcom
  • Bitesse
  • Integrated Device Technology
The radio design of a Meraki access points sometimes may include a filter for dual concurrent operation to negate spurious emissions. During early testing with the MR24 access point, it was discovered through testing that a firmware work-around was required to adjust settings to optimize band edge performance of the access point.


Per Ben, the MR24 PIFA antennas give you the best transmit efficiency. The form and function are determined through SLA models, machined models and hard tooling. The fit and finish includes a durable enclosure which goes through reliability testing. It is a UL2043 smoke tested, plenum rated enclosure (the plenum rated plastic is the most expensive piece in the AP construction!) The MR24 is drop and vibration tested to ensure reliability of the shipping units. The MR24 is IP67 certified (operates after 1m water submersion) and the aluminum housing is undercoated before it is painted.

Kiren Sekar VP of Marketing described how there have been 2 firmware upgrades since the last WFD (optimize for low-power clients, software controller RF enables ongoing tuning, scale capacity of new and early model 802.11n APs) One of Meraki's customers is Stanford, and they are seeing 9k clients a month, 65% YoY increase in wireless client counts. Meraki has built their own DHCP server on the AP itself (highly scalable) The Meraki MS product line has the highest growth of any new product in the company's history. Meraki is seeing customers adopting Meraki's switches as a result of wireless upgrade projects (deployed at the access layer).


Pablo Estrada and Todd Nightingale demoed a large customer deployment, showing actual customer data (with the permission of the customer) to give us a tour of the Meraki wired and wireless dashboard, the cloud DB search, client fingerprinting, L7 traffic analysis, multi-site cloud management, and real-time cloud tools

The internal operations group within Meraki are the only group of people who can access a customer's data. They have the ability to put an AP into Air Marshal mode, which would also be called 'sniffer mode'. You can set the scan schedule, and set off-channel scans. Rogues can be contained if they're detected on the LAN. There are a few concurrent algorithms running to determine on LAN rogues, not one single method in place. Policies can be set to contain an SSID that is not part of your WLAN deployment (SSID copying). Works across non Meraki switches as well.

Retail deployments are the biggest Air Marshal adopters. Nespresso stores (Nestle) wanted to provide mobile POS, give employees iPads to access inventory, ERP systems as well as guest access. The Nespresso stores deployed Meraki wireless along with switches and security appliances and WAN optimization. They were able to roll out the new hardware/infrastructure in a two month timeline.

All Meraki developers have Nexus 7 tablets to experience the wireless connectivity in the same way as the typical end users. Meraki has built in policies for whitelisted and blocked applications, there are group policies can be assigned per device type

Backpack is a Meraki app to add files to the end user devices as employees are on boarded. Employee handbooks etc are pushed to employees' (or students') devices. The data is stored in an app on the device. The Meraki app works on iOS and the Android platform.

Meraki has Applebee's (Apple American Group - the 2nd largest franchise operator of any restaurant model [20,000 employees]) 300 locations use Meraki gear for guest access. (Meraki had the customer's permission to show their data for WFD presentation). 

In the Meraki dashboard, when you hover over a group name, it shows the throughput graph for just that location without clicking anything. Most of this customer's restaurants have one access point, but you can quickly dive into AP data. It is possible to block the upgrading of iPhone software to save on bandwidth at customer sites.

Peer-to-peer, dropbox, other online backup services are blocked by a L7 firewall built into the AP at Applebee's restaurants. Wifi is used as a local advertising splash screen to provide discounts, coupons or information about special events. Configuration settings from source networks can be pushed out to selective other customer networks. The Meraki management can turn off/on Wi-Fi to match restaurant open/close times.

Next (High-end clothing retailer in the UK) is currently deploying Meraki to 500 + locations.

I saw Meraki present at Wireless Field Day 2, and then I was impressed by their dashboard interface. This time they presented, I was impressed by the level of information that could be easily obtained about the current user traffic. It was very interesting seeing them drill down into a live network - with the customer's permission - to show off what managing a diverse deployment of Meraki access points looks like from the customer's point of view. I still think that the Meraki dashboard is a very slick interface which shows a lot of useful content without requiring a lot of training to figure out which menu tab the information is hiding under.

Meraki was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a gift bag containing a t-shirt, pen, water bottle and a Meraki MR16 access point. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.


Monday, October 8, 2012

Tanaza Cloud Management of Diverse Wireless Hardware Platforms #WFD3

DSC05520
Kelley Seaman introduced Tanaza at Wireless Field Day 3, then the founder of Tanaza Sebastiano Bertani explained his software solution to the problem of having to manage multiple consumer grade access points in either a centralized or distributed deployment. Tanaza is a vendor agnostic cloud management for 'good enough' wireless. They will soon be growing from supporting mid-tier to enterprise class access points. In Q4 2014 Tanaza will begin supporting switching hardware.

 


There are options for managing access points with Tanaza. Some access points can use their original firmware, others will run Tanaza firmware instead. The access point/software connects to the Tanaza engine (engine.tanaza.com), and from here will have a configuration pushed or it, or configuration information from the AP can be retrieved.

The Tanaza backend UI (
https://ajax.tanaza.com) sends information through ajax requests to the Tanaza web interface (https://cloud.tanaza.com). The user front-end accesses static resources (css, javascript, images, html).


Tanaza requires a Tanaza host per subnet. The Tanaza agent is available for Windows and Mac and there is no need for VPNs, public IPs or DynDNS. 
The Tanaza agent is written in C and is based on the OpenWrt code. I'm most familiar with using dd-wrt (a variant of OpenWrt) to tweak the Linksys WRT54G access point to perform better than the code it shipped with.



I was not familiar with Tanaza prior to attending Wireless Field Day 3. It was very interesting to hear their solution presented, since it is something I wouldn't otherwise have encountered. I can see where Tanaza could be used to manage a diverse deployment of off the shelf access points and do so by using a single web interface. Tanaza is a slick solution to overcome the problem of how to manage the different wireless hardware you'd find in small shops (restaurants, laundromats, schools).


Tanaza was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.