Wednesday, December 12, 2012

Sniffapalooza Lisbon 2012 #SniffaLisbon [wrap up]

I can proudly say that I'm a two time Sniffapalooza veteran! I spent a week in Lisbon with the lovely group that joined Karen Adams and Karen Dubin on their Sniffa-dventure in Lisbon.

DSC05785 (Medium)
The trip getting there was an epic misadventure in late planes, missed connections and spending the day in the Madrid airport waiting for the next flight to Lisbon. Don't get me wrong, the Madrid airport is gorgeous, but when you've been awake for ages and ages - you need to keep moving so you don't pass out, not wait around six hours til the next flight to Lisbon departs.

DSC05800 (Medium)

Our plane finally landed about two hours before we were scheduled to have dinner and a Fado show at Cafe Luso. Thank goodness for tour buses. I know I didn't have the energy to walk the mere 1.4 miles from the hotel to the Bairro Alto that night. Cafe Luso was a bit touristy at times, but the Fado performers were talented singers and I enjoyed myself even though I was quite tired from a full day's travel.

DSC05924 (Medium)

Our first full day of Sniffapalooza in Lisbon took us to see the Castelo de Sesimbra before we made the trek to the Jose Maria da Fonseca Winery for a wine tasting of their Periquita 2010 Moscatel. After the drive back to the hotel, we met up with Roja Dove and Andrew Wright for Roja's special presentation of his perfume line for our group.

Roja's presentation was thoroughly entertaining! I recorded the audio of his presentation and uploaded it to Soundcloud. It was interesting to hear the ideas behind all of the perfume creations in his collection. After he described each scent, we were presented with the perfume blotter strip for that scent. My favorite was Unspoken but I resisted the temptation to order a bottle on the spot. I'm sure I'll end up tracking some of it down. It smelled fantastic!

DSC06255 (Medium)

Tuesday was jam packed with trips to Praca Marques de Pombal, the Belém Tower, Padrao dos Descobrimentos, the Jeronimos Monastery, Pasteis de Belém, the Jardim Botanico Tropical and finally, the Museu Aquario Vasco da Gama. I shot some video of our tour guide José Soares giving us the history on the Jeronimos Monastery as well as the jellyfish in the water by Belém Tower, the gigantic rooster from the botanical garden & the creepy about-to-be-born fish in the aquarium.

DSC06335 (Medium)

Wednesday we took a long bus ride up through Cascais, Sintras and stopped at the Castelo dos Mouros. The views were phenomenal, and so was the weather!
DSC06448 (Medium)

Thursday morning Luis Pereira brought us to Lavadouro das Francesinhas (
a neighborhood laundry) which has been in operation for over a hundred years. Here he explained to us his ideas behind the laundry cleaning/fragrance product line he's launched called Aldeia da Roupa Branca (Village of White Linen). The history of the Portuguese neighborhood laundry was immortalized in the 1938 film of the same name. It was quite an experience to be immersed in the sights and sounds of a laundry in Lisbon. I shot some video of the light reflecting onto the roof of the structure while the washer people talked in the background.

DSC06519 (Medium)
We also made a trip to Barbearia Campos - reportedly the oldest operating barber shop in Europe. They recently celebrated their 125th anniversary! Several of the men in the group took part in getting an old fashioned straight-razor shave. From there we walked over to Sushifashion where we were treated to a wonderful luncheon! After lunch we trekked down into the basement of Sushifashion to the MOOD boutique for some after lunch shopping. Just a few short blocks away, we stopped in at Skinlife to hear from owners Dennis and Patrick about their new venture as owners of a niche beauty boutique in Chiado. Our final shopping destination was A Vida Portuguesa. This shop was stocked with goods and gifts created entirely in Portugal. It was really exciting to know that everything in the store was made in Portugal (and they ship internationally!)


Luis was kind enough to give everyone in the Sniffapalooza group a gift bag with perfumes, soaps, and a bottle of his own laundry/fabric perfume! It was a wonderful surprise!

For our final full day in Lisbon, we went to the Ajuda Palace, took a ride on historic Trolley #28, did a walking tour of the Alfalma neighborhood and visited the Museu Nacional do Azulejo.

I had a fantastic time in Lisbon! Thanks to the Karens for putting together such a great trip! A little birdie tells me the next Sniffapalooza will be in Zurich. 'm totally looking forward to THAT!

Wednesday, November 7, 2012

Sniffapalooza Lisbon 2012! #SniffaLisbon

Soon I will be on another Sniffapalooza adventure! You probably have no idea what I'm talking about, and that's ok. I'll be tweeting with the hashtag #SniffaLisbon, so you can follow the madness (or not).
Sniffapalooza is an event-based group of fragrance aficionados that originated in New York City and now unites perfume passionatas from around the world. What started as a small group of women getting together to shop and share their enthusiasm for fragrance, has grown into a phenomenon that has attained international recognition through TIME Magazine, Allure,, CBS MarketWatch, The Wall Street Journal, The New York Times, Women's Wear Daily, Glamour, Brigitte (Germany), WWD BeautyBiz, and many others.
(It's kind of like Tech Field Day, but think perfume not technology)

The two ladies behind Sniffapalooza Karen Adams and Karen Dubin (with travel arrangements made by Kathy Wachter from Travel Exchange) have organized an excursion to Lisbon, Portugal!

We'll be staying at the Hotel Mundial for eight days and our itinerary looks something like this:

We'll be visiting niche perfume boutiques, as well as hearing presentations from Portugal-based fragrance companies. The first Sniffapalooza trip I took was to Barcelona last year, and it was fantastic! I'll be taking tons of photos (analog and digital) and smelling so many wonderful things (those are harder to capture).

Monday, November 5, 2012

The Hotspot, the Throughput and the Gateway #Cisco #WFD3


Sujit Ghosh (TME Manager) set the stage and introduced us to Bob Friday CTO in WNBU. He outlined the topics that would be covered as:
  • Hotspot 2.0
  • 802.11ac,
  • Bonjour Gateway
  • Cisco's Application Visibility and Control (AVC).
Bob Friday kicked off the discussion of Hotspot 2.0 by stating that interoperability is the key word going forward. There are a great many startup companies working to enable information sharing seamlessly. 

Detect, Connect, Engage: bringing enterprise security into the public Wi-Fi space for the first time. 
The Samsung Galaxy was one of the first devices certified on the same day that the Wi-Fi Alliance made Hotspot 2.0 certification available. He mentioned that he is meeting more with marketing personnel at companies rather than the engineering staff. The momentum is to monetize access to the Internet as well as enabling advanced features of a Wi-Fi experience. 3G offload is all about optimizing the connectivity experience of the end users. The Services Notification framework in the iPhone allow you to configure how and when you would like to be notified of events. This also allows venues to interact with your mobile device to send you relevant information about things you would be aligned with your interests. In the enterprise space it is about making workforces more efficient. Streamlining work flows to cut out lost time waiting can be very meaningful to the bottom line financials.

Mark Denny and Damodar Banodkar gave us an overview of the 802.11ac specification as well as a demonstration of the throughput possibilities. 

The 802.11ac module for the 3600 series Access Point is the same form factor as the monitor module that is currently available. They're not waiting for the first clients to ship, they're working with the chip vendors to do client testing as soon as the chips are manufactured. Wave 1 of 802.11ac is 3x3:3, will be available in Q1 of 2013. Speeds capable with 802.11ac clients and the 802.11ac module in a 3600 are 1.3Gbps PHY, 80MHz, 256QAM with optional explicit beam forming support as per the 802.11ac standard. The 3600 AP with the 802.11ac module will require enhanced PoE, 802.3at PoE+, Local power or a PWR-INJ4. The module has it's own independent 5GHz radio, it will utilize the ac module just for ac capable clients. If the main radio in the AP is using 40MHz bonded channels, the 802.11ac module will us 80MHz bonded channels. If the retries counters begin to increase, the 802.11ac module with downgrade to using 802.11n rates. At that point, the internal radio will take over from the module to serve clients.

The initial form factor restricts the use of the module inside a NEMA enclosure since the antennas are integrated into the module itself. There are no external antenna options at this time, but Cisco is giving thought to this option.

Performance metrics for explicit beam-forming will be available by the end of the year, Cisco is waiting on 802.11ac client devices. The MAC throughput is calculated assuming a MAC efficeincy of 70% the defined PHY capability (194 Mbps - 845 Mbps then 2.25 Gbps). Utilizing wider channels are part of the Wave 2 timeline, coming in 2014.
The biggest use cases of 802.11ac will be medical imaging files, offloading of 2.4GHz, collaborative classrooms with HD video as well as High Density "build it and they will come" use cases. There is no information yet on roaming from 802.11ac to 802.11n and what does that do to speeds/distances. This is something that will need to be tested as more 802.11ac client become available. The plan is to use all three radios concurrently and use a channel plan accordingly. The live demonstration of the 802.11ac module and an 802.11ac client (Broadcom chipset) was very interesting to see. No one has ever seen a live demonstration of the data throughput that will be possible as 802.11ac wireless becomes widely available. The client connected at speeds varying 700Mbps to 1.3Gbps, depending on the interference present in the environment. The AP and the client were operating on channel 36, utilizing an 80MHz wide spectrum. Using the Ixia throughput testing software, speeds of 550Mbps were achievable in a real world conference room setting. Duty cycle utilization was upwards of 80% when the 550Mbps speeds were obtained. When asked if there were any further questions, Rocky summed it up best.

Jeevan Patil, 
Damodar Banodkar and Sudhir Jain presented on Cisco's Bonjour Gateway solution. The K-12 and Higher Ed are pushing the need for a Bonjour Gateway, due to the prevalence of Apple devices used in the classroom as learning tools, and as the students bring their iDevices from home to the dorm rooms.

The Bonjour protocol sends multicast packets which advertise and discover services offered by other client devices. It is Apple's service discovery protocol. Some customers want Apple to solve the problem of how to corral the Bonjour service on a network, but the majority of wireless vendors are taking it upon themselves to offer solutions to make the Bonjour protocol behave better in large enterprise networks. Bonjour services do no cross VLAN boundaries without assistance from the wireless infrastructure. 

The Cisco Wireless LAN Controller (WLC) caches Bonjour services on the controller, then the client can be on VLAN X and ask what services are available on VLAN Y. No Bonjour services available may be available on VLAN X, but the WLC can tell the client that AirPlay is available on VLAN Y. With VLAN override configured on the WLC, you can have AirPlay on a single VLAN and enable mDNS Global Snooping on the WLC and configure query status for the service name. This can be set on per VLAN or per interface. The WLC can disallow or allow AirPlay, AirPrint, File Sharing or the App Store.

By snooping Bonjour the WLC can optimize delivery of multicast information. Multicast responses are unicasted to the the clients requesting the service. This implementation is more efficient and does not burden the network with multicast traffic. Only the users that have the device permissions will receive the multicast information based on the locally cached information in the WLC. WLC traffic statistics show there is 80% less multicast traffic generated for four access points when mDNS snooping is enabled on a WLC. The multicast request goes all the way to the AppleTV to check for permissions. The response is unicasted back to the original requesting client.

Cisco was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a OGIO duffle bag containing a Cisco 3602 Series Access Point. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Friday, November 2, 2012

Multicast and Stadiums and ClearPass, Oh My! #Aruba #WFD3

Our visit to Aruba started off with the delegates gathered in the Aruba proof of concept (POC) lab where Paul Curto gave us the overview on Aruba's BYOD and mobile app solution. Aruba presented us with live demonstrations of multicast video streaming and BYOD solutions for multiple types of devices as well as high density deployments in stadium environments. I had to re-watch the video playback to take notes on the presentation after the fact since we didn't have access to our laptops while we were seated in the POC lab.

The roaming behavior of mobile devices tends to be more sticky, but there are some variances in devices. Mobile apps that are multimedia heavy and latency sensitive are Microsoft Lync, Citrix XenDesktop or Apple Facetime. Apps that are primarily data and bandwidth hungry are Dropbox, and Apple iCloud. For example, Dropbox uses 75% of the available upload bandwidth and will download at the fastest speed available.

The top 5 requirements for mobile devices according to Aruba:

  • Need to allow for any device
  • Need to ensure network security
  • Need to maximize airtime for each device
  • Need to clear the air from unnecessary traffic (ie. converting multicast to unicast)
  • Need to deliver QoS to the individual mobile apps

Not all iPads are created equal:

  • iPad1 26Mbps up, 36Mbps down
  • iPad2 35Mbps up, 40Mbps down
  • iPad3 46Mbps up, 46Mbps down

Aruba's testing team had difficulty sustaining the 65Mbps link rate with the iPad 1 and 2 unless a large file transfer was in place. The iPad 3 Wi-Fi chipset seems to be more optimized for throughput than for range. The testing was performed with the local power connected. Per Gregor, he's seen a lot of difference in testing with the power not connected and most users will run their devices without power applied directly. Your mileage may vary.

Examples of use case policies that Aruba can apply to client devices are: upload/download bandwidth limits, blacklisting and log per policy violations, time of day restrictions, two factor authentication, and redirecting to security services.

Cell size reduction limits the receive sensitivity of the access point to other access points on the same channel to reduce co-channel interference. SSID based airtime allocation can distribute the use of airtime across SSIDs based on a percentage value. The dynamic rate adaption continues to use the higher data rates for 802.11 retries in cases where the client has a high SNR value, rather than ratcheting down the connection to a lower data rate for client retries.

To optimize the use of airtime, Aruba recommends using Proxy ARP (ARP responses are sent at 802.11n rates and only from one AP), Multicast Rate Optimization (multicast sent at lowest rate of association) and Traffic Filtering (filter out selected multicast, broadcast and peer-to-peer traffic flows).

Bala Krishnamurthy (Senior TME) presented us with a demonstration of Wi-Fi Video stream scaling using typical BYOD devices, including the use of typical cloud and UCC applications (, WebEx and Lync).

Aruba does multicast to unicast conversion in two different ways. One is Dynamic Multicast Optimization (DMO) where the conversion happens at the controller and the other is Distributed Dynamic Multicast Optimization (DDMO) where the conversion happens at the access point level. The reason for these two different options is for their customers that require centralized encryption they can use DMO, and customers that do not require that can use DDMO. They demonstrated a multicast stream to 40 devices connected to one access point, one SSID broadcasted on the 5GHz frequency, streaming a 5MBps video without pixellation or video artifacts. During the video stream to the laptops, several of the delegates noticed video artifacts occurring intermittently on a few of the client devices, and is not known what codec was used for the video that was streaming. Preferred access can be configured to allow faster clients to use more of the airtime available.

Chuck Lukaszewski (Sr. Director of Outdoor Solution Engineering) gave us the run down on Ultra-High Density Connected Stadiums. The Aruba Validated Reference Design (VRD) document for High-Density Networks can be found here.

The common technical requirements for an Ultra-High Density Stadium deployment are:

  • Uncontrolled mix of device types, OSes, driver levels and radio types
  • Multiple devices per person
  • Per-user bandwidth needs can easily exceed what is allowed by Vendor and RF physics
  • Simultaneous data plane spikes during events
  • Inrush/outrush demand increases load on network control plane, address space 
  • Power save behavior also loads control plane
  • Most devices limited to 1x1:1 HT20 operation (limits clients connections to 65mbps)
  • Customer traffic needs to be separate from operational or other vendor traffic
  • Offload needs to happen in a transparent way
  • Wi-Fi networks need to be optimized to support video and other high bandwidth/latency sensitive applications

The common misconception is that you just need to add more APs to support the high density client load. The number of RF channels available determines the capacity of users that can be supported. A 3 to 1 ratio of associated to concurrent users is recommended in high density deployments. One complete RF solution is recommended for the stadium so that there is not contention between the parallel networks. 

There are three basic ways you can cover a stadium with RF. Overhead coverage, wall installations or under-floor installations. Aruba has a new VRD for outdoor MIMO designs with an appendix specific for stadium use cases. Now with deploying picocells you need to be more concerned with the radius of the interference source relative to the client device. When mounting APs under concrete, the older concrete stadiums is easier to send signal through due to the lack of moisture still retained within the concrete structure. One should enable multicast rate optimization, IGMP snooping, Dynamic Multicast Optimized for video and eliminate low legacy data rates to reduce rate adaptation. IPV6 has not been a requirement for any of the stadium deployments that Aruba has done to date.

Cell Size Reduction (CSR) is a new feature available in Aruba code where the receive sensitivity of the AP can be adjusted to reject the interference from co-channel sources outside the high-density coverage area. CSR can also provide some immunity to adjacent channel interference (ACI) sources within the same auditorium or high-density environment. It is also referred to as the "ear muff" feature. In a high density deployment you should not use bonded channels because a lot of devices are not capable of using bonded channels and you can get more throughput from an un-bonded RF environment. The antennas that were used at Turner Field in Atlanta. Indoor arenas are more difficult to put high-density RF into than open stadiums, and the AP that is recommended for stadiums is the AP 135.

Carlos Gomez gave us the rundown on how Aruba has progressed since Wireless Field Day 2. Then he demonstrated Profile using the Aruba corporate network. He went over Clear Pass and explained that it is multi-vendor and completely interoperable with other vendor solutions, not just 802.1x compliant. ClearPass can also deal with headless devices such as printers, cameras and VoIP telephones. 

Policy Definition Point (PDP)
To start finding devices on the network, you simply put DHCP helper IP addresses into the ClearPass Policy Manager to start finding devices. You can also use CDP, LLP and SNMP to discover devices. The device fingerprinting database is currently not editable, but you can forward information to Aruba in order to help update the database. The discoverable devices can be profiled on any vendor's technology, even when connected via VPN.

ClearPass has built in certificate authority, full context search (username, serial number etc) within the certificate. ClearPass can also support being an intermediate Certificate Authority.

The endpoint table can be fed information from an MDM provider to begin to build a policy derivation security workflow (this was released with the 6.0 ClearPass update). Aruba is working with many different MDM vendors, since the list of  MDM solution providers is still developing.

ClearPass has built in authorization capabilities with AD/LDAP, can configure Wi-Fi profiles, VPN, proxy, and Active-Sync configurations. The guest and visitor registration can be fully branded with information pertinent to the customer's deployment. It can support 25,000 clients on a single appliance. All (ClearPass Policy Manager) CPPMs are fully active in a single cluster, there is no need for dedicated nodes or separate personas. There can be up to 1M endpoints in a full ClearPass cluster.

Bala Krishnamurthy then demonstrated the features of the ClearPass (CP) AirGroup functionality.

AirGroup allows service discovery over L3 boundaries, can implement traffic optimization, and can restrict access control. AirPlay sends mDNS multicast announcement information at the lowest supported RF data rates, which is often a sub-optimal configuration.  AirGroup has added an mDNS proxy to the Aruba controller (code version 6.1.5), restricting access to the mDNS service requires a role based ACL on the controller (does not require ClearPass). AirGroup makes it possible to share the Apple TV with up to 10 users or you can assign the Apple TV to a group.

Controller CLI commands to obtain AirGroup information:

  • show airgroup service
  • show airgroup users
Currently the APs that are getting information about AirGroups is applied through the CPPM, perhaps in future it will be a template from AirWave.

Peter Lane (Sr. Product Manager) and Bala Krishnamurthy (Technical Marketing Engineer) discussed Aruba's Spectrum Analysis and 802.11ac 
Per Peter, spectrum analysis is 'viewed differently' by Aruba, they think that your network by default should be attempting to work around sources of interference. All of their APs support Adaptive Radio Management. Aruba supports dedicated spectrum monitors and hybrid spectrum monitors (105/135). They will be adding spectrum analysis to the RAP3 AP, but the Instant AP already supports spectrum support (will be shipping as Instant 3.1). Monitor mode APs will show client devices detected (unlike the cisco remote spectrum sensor when in spec mode).

The red chart made it look like the RF was really bad when the RF wasn't bad in the room. Aruba is looking at how busy the radio is from the radio driver level, and interference is any time the radio is busy and can't send or receive. They are not looking at data flows or the amount of data, just the RF.

Hybrid mode has a harder time identifying frequency hoppers since the AP is set to a specific channel. Aruba can currently classify 13 or 14 types of devices but they see the interference information is more important than identifying the actual device. The dedicated spectrum monitor AP does IDS and rogue detection, the dedicated AirMonitor mode scans based on threats. If there is activity it scans for offenders in the area where threats are detected.  AirMonitor APs can also scan the 4.9 frequency and can also do containment if desired. Configuring all APs to support hybrid spectrum is recommended. All spectrum analysis information is per radio. The AP can serve clients on the 2.4GHz radio and if interference is seen it can switch over to 5GHz and serve clients there and do full monitoring on the 2.4GHz frequency. This may be disruptive to clients that only support 2.4GHz if there are not enough APs in the vicinity to support the roaming needed by the client.

The location of sources of interference can be displayed in AirWave once maps have been added, scaled and APs placed onto the floor plan. RF health reports can be run to show the 10 worst APs according to their noise floor. The Aruba APs use ARM every 10 sec for slightly under 100ms to check the other channels for rogue devices. The APs are looking for wifi interference, not non-wifi interference. Phase 1 of 802.11ac devices must support 80MHz wide channels, be 3 stream products and support 256QAM. The addition of the 144 channel opens up one more band in the 5GHz for channel bonding.

Aruba was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Tuesday, October 16, 2012

Are You There RingMaster? It's Me Juniper. #WFD3 #Trapeze

Wireless Field Day #3 also visited Juniper to hear about their advancements since the Trapeze acquisition in 2010. The group of Juniper representatives were Tina Herrera, Bruce Alexander, Phal Nanda and Tim McCarthy.

Bruce Alexander has been in Wi-Fi since wireless began, and he gave us the overview on Juniper WLAN Architecture, describing the Local and Central Switching design of Juniper's wireless gear. He says that when you locally switch and have 802.11ac access points that you don't have to replace your controllers because the data doesn't hit the controller.

Juniper's wireless design uses virtualized controller clustering (resilient, non-stop enterprise connectivity). Their spectrum analysis is done with the standard access points and they can support scanning the spectrum and supporting clients through software licensing. The list price cost for an AP supporting spectrum analysis is $105 per access point, and you can move licenses in an ad-hoc fashion among the access points you've got deployed to support troubleshooting efforts.

Access point lineup WLA321 - single radio 802.11n 2X2
WLA322 - dual radio 802.11n 2X2
WLA522 - dual radio 2X2 MIMO 
WLA532 - dual radio 3X3 MIMO Maximum Performance
WLA621 - dual radio outdoors 3X3 heated NEMA enclosure

Controller lineup WLC2 - 4 (hardware licensed)
WLC8 - 12 (hardware licensed)
WLC800 - 16 - 128 (software licensed)
WLC880 - 16 - 256 (software licensed) remote AP with encryption to remote AP and IPV6
WLC2800 - 64 - 512 (software licensed) has 10GB interfaces

Juniper's Wireless LAN Management RingMaster Tool Suite (WLM-RMTS) is software if your'e managing up to 1000 access points and it is hardware if your'e managing 250 access points to 5,000 access points.

SmartPass allows for self provisioning of client devices, guest access and radius accounting. Juniper's centralized management allows for up to 32 controllers and 16,000 access points. It allows for continued service without rebooting the controller when the controller software is updated.

Jay Pochop (leads the hardware design team) did a fantastic job of taking us through the different Juniper access point and antenna designs, explaining they use Qualcomm chipsets and their goal is to be the best performing access point in that hardware category. Their two main points of focus are on the RF amplification and the antenna design.

Jay opened up the WLA532 and told us how the antennas are different from one another in the access point. The nulls in the antennas line up with the lobes from the other antennas in order to not have overlapping nulls. Juniper went one step further and tuned every antenna in the access point individually. If the two signals are polarized differently, 15-30db of isolation between two signals that are polarized differently. The horizontal polarity of the access points antenna is 66% and 33% are vertical in the six antenna layout. Juniper spent a long time to develop short vertically polarized antennas for their AP, then they optimized the 5GHz gain relative to the 2.4GHz antenna to be 7dBi on the 5GHz side and 3.5dBi on the 2.4GHz radio. 

Juniper deviated from the original reference design to get higher efficiency on the 2.4GHz radio. They use discreet power amplifiers to achieve higher receive gain on the antennas and have the same receive sensitivity. Juniper's hardware manufacturing return rate targets are .1 percent per year. They've shipped 10k APs out and haven't gotten any back yet due to hardware problems.
The installation brackets for Trapeze access points are easily moved and installed plastic brackets. Installation times are quoted as a 60 second install per AP once cabling is in and installed. The Trapeze plenum mount kit mounts access points directly above suspended ceiling metal (possibly not such a good idea due to the metal grid-work being directly under the access point).

The Trapeze access point naming convention is
300 performance level
500 performance level
600 outdoor

The 2nd number is the number of spatial streams, and the third number is the number of radios.

The Trapeze access points draw very little inline power, the overall power consumption for the 532 is less than 10w for a fully powered access point.

Bruce Alexander then demonstrated the automatic client load balancing and band steering capable with the Juniper controllers. He described Primary Seed and Secondary Seed controllers (the connectivity is much like stacked switches). When joining access points to controllers, you can mix types of access points on controllers and you don't have to assign primary secondary or tertiary controllers. The primary/secondary assignment happens automatically and the access points don't have to be in the same subnet.

If your access points are configured for local switching, if controller fails - calls or videos will continue, if not locally switching the roam is 300ms or less.

High availability licensing for controllers, each can be licensed for 128 APs and the other controller in the cluster can take those APs providing there's enough overhead on the controller to take the APs. Only license what you need, but you'd still need to have extra licenses on each controller.

Code upgrade on controllers can be done without reloading the controllers. The code on the APs are done to ones that are not serving clients, the other APs will have their power turned down to force clients to roam then the AP code will be upgraded.
You can schedule the whole upgrade cycle from RingMaster for a given time, you can't piecemeal the upgrade to just do the controllers and then the APs later.

Each client maintains two connections to two controllers so when the controller drops a few video artifacts will be seen, but the video call does not drop.

TIm McCarthy demonstrated RingMaster (version 8.0) as an RF planning tool to do predictive site surveys. RingMaster can understand wall properties as defined within AutoCad, it can place the APs, set the channels in a multi-floor planning mode.

Some of the features of RingMaster are:

  • Push configurations to controllers
  • Monitoring/reporting of users by user, radio, AP, WLC, SSID
  • 30 day history
  • WIDS/WIPS integration
  • Location aware
  • Search by location
  • Roaming history
  • Geo Fencing

The list pricing for RingMaster starts at $895 and the licensing is variable per number of APs.
You can model sources of interference into your predictive planning, and it's a Java based application, no web UI at this time.

Tim McCarthy then demonstrated Guest access and BYOD with the Trapeze SmartPass (stand alone application) solution. Smart pass is capable of guest provisioning, BYOD, self registration, the end user's credentials are sent via SMS. SmartPass integrates with SMS providers like Clickatel. SmartPass comes licensed to support 50 user accounts for $1400 list price. If you have setup a policy to block YouTube, the video feed doesn't show, but you do see the "spinny circle of death". 

My takeaway from Juniper's presentation on where they are now with Trapeze: From what I can tell, they've done a lot of work with the antennas of their access point line, but the UI for the RingMaster is still Java based. Back in 2004 I did a bake-off between Cisco and Trapeze for the hospital where I was working. Even then I hated the Java interface for managing Trapeze access points. I avoid Java UIs at all costs because Java has wronged me far too many times to trust it again. I thought Jay Pochop did a great job explaining the hardware advancements Juniper has made since the Trapeze acquisition. He was very informative about all aspects of their antenna design and where Juniper tweaked the reference standard specifications. I have not personally run into a Trapeze deployment in recent years, so I cannot speak to the functionality of new Trapeze access points or the RingMaster management platform. It was interesting to get a refresher on the current state of Trapeze Networks now that they're part of Juniper.

Juniper was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a Juniper t-shirt. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Thursday, October 11, 2012

Meraki Dashboard, Now With Real Customer Data #WFD3

Sanjit Biswas CEO of Meraki began the presentation at Wireless Field Day 3. Since the last Wireless Field Day in January of 2012, the company has doubled their number of employees, and has added thousands of new customers. 

The Meraki MR product line features Meraki NAC (since 2011), has a 3x3 radio. Depending on the access point model, it is possible to have device based group policies for iPad and Android devices. PCI compliance reporting, SMS login for guest access and Air marshal WIPS enforcement is all possible.

The Meraki MX Cloud Management Security Appliance product line establishes an auto VPN, supports application control, link bonding failover, high performance multi-gigabit firewalls, content filtering anti malware, as well as WAN optimization.

The Meraki MS switch line supports virtual 1g/10g stacking, VoIP prioritization, 802.1x port security and Layer 7 visibility.

The Meraki SM Systems Manager is their Mobile Device Management tool, which is available as a free download. It supports management of Macs, PCs and mobile devices via the cloud. In short, Meraki wants to have a single unified access layer to manage wired and wireless network components.

Meraki also now has a 2 day certification course covering wireless, switching, MDM and firewalls.

Ben Calderon VP of Hardware and Operations described Meraki's three phases of building and testing their products. Many technology partners are creating chipsets that Meraki uses:

  • Applied Micro
  • Skyworks
  • Qualcomm
  • Microsemi
  • Freescale
  • Broadcom
  • Bitesse
  • Integrated Device Technology
The radio design of a Meraki access points sometimes may include a filter for dual concurrent operation to negate spurious emissions. During early testing with the MR24 access point, it was discovered through testing that a firmware work-around was required to adjust settings to optimize band edge performance of the access point.

Per Ben, the MR24 PIFA antennas give you the best transmit efficiency. The form and function are determined through SLA models, machined models and hard tooling. The fit and finish includes a durable enclosure which goes through reliability testing. It is a UL2043 smoke tested, plenum rated enclosure (the plenum rated plastic is the most expensive piece in the AP construction!) The MR24 is drop and vibration tested to ensure reliability of the shipping units. The MR24 is IP67 certified (operates after 1m water submersion) and the aluminum housing is undercoated before it is painted.

Kiren Sekar VP of Marketing described how there have been 2 firmware upgrades since the last WFD (optimize for low-power clients, software controller RF enables ongoing tuning, scale capacity of new and early model 802.11n APs) One of Meraki's customers is Stanford, and they are seeing 9k clients a month, 65% YoY increase in wireless client counts. Meraki has built their own DHCP server on the AP itself (highly scalable) The Meraki MS product line has the highest growth of any new product in the company's history. Meraki is seeing customers adopting Meraki's switches as a result of wireless upgrade projects (deployed at the access layer).

Pablo Estrada and Todd Nightingale demoed a large customer deployment, showing actual customer data (with the permission of the customer) to give us a tour of the Meraki wired and wireless dashboard, the cloud DB search, client fingerprinting, L7 traffic analysis, multi-site cloud management, and real-time cloud tools

The internal operations group within Meraki are the only group of people who can access a customer's data. They have the ability to put an AP into Air Marshal mode, which would also be called 'sniffer mode'. You can set the scan schedule, and set off-channel scans. Rogues can be contained if they're detected on the LAN. There are a few concurrent algorithms running to determine on LAN rogues, not one single method in place. Policies can be set to contain an SSID that is not part of your WLAN deployment (SSID copying). Works across non Meraki switches as well.

Retail deployments are the biggest Air Marshal adopters. Nespresso stores (Nestle) wanted to provide mobile POS, give employees iPads to access inventory, ERP systems as well as guest access. The Nespresso stores deployed Meraki wireless along with switches and security appliances and WAN optimization. They were able to roll out the new hardware/infrastructure in a two month timeline.

All Meraki developers have Nexus 7 tablets to experience the wireless connectivity in the same way as the typical end users. Meraki has built in policies for whitelisted and blocked applications, there are group policies can be assigned per device type

Backpack is a Meraki app to add files to the end user devices as employees are on boarded. Employee handbooks etc are pushed to employees' (or students') devices. The data is stored in an app on the device. The Meraki app works on iOS and the Android platform.

Meraki has Applebee's (Apple American Group - the 2nd largest franchise operator of any restaurant model [20,000 employees]) 300 locations use Meraki gear for guest access. (Meraki had the customer's permission to show their data for WFD presentation). 

In the Meraki dashboard, when you hover over a group name, it shows the throughput graph for just that location without clicking anything. Most of this customer's restaurants have one access point, but you can quickly dive into AP data. It is possible to block the upgrading of iPhone software to save on bandwidth at customer sites.

Peer-to-peer, dropbox, other online backup services are blocked by a L7 firewall built into the AP at Applebee's restaurants. Wifi is used as a local advertising splash screen to provide discounts, coupons or information about special events. Configuration settings from source networks can be pushed out to selective other customer networks. The Meraki management can turn off/on Wi-Fi to match restaurant open/close times.

Next (High-end clothing retailer in the UK) is currently deploying Meraki to 500 + locations.

I saw Meraki present at Wireless Field Day 2, and then I was impressed by their dashboard interface. This time they presented, I was impressed by the level of information that could be easily obtained about the current user traffic. It was very interesting seeing them drill down into a live network - with the customer's permission - to show off what managing a diverse deployment of Meraki access points looks like from the customer's point of view. I still think that the Meraki dashboard is a very slick interface which shows a lot of useful content without requiring a lot of training to figure out which menu tab the information is hiding under.

Meraki was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a gift bag containing a t-shirt, pen, water bottle and a Meraki MR16 access point. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Monday, October 8, 2012

Tanaza Cloud Management of Diverse Wireless Hardware Platforms #WFD3

Kelley Seaman introduced Tanaza at Wireless Field Day 3, then the founder of Tanaza Sebastiano Bertani explained his software solution to the problem of having to manage multiple consumer grade access points in either a centralized or distributed deployment. Tanaza is a vendor agnostic cloud management for 'good enough' wireless. They will soon be growing from supporting mid-tier to enterprise class access points. In Q4 2014 Tanaza will begin supporting switching hardware.


There are options for managing access points with Tanaza. Some access points can use their original firmware, others will run Tanaza firmware instead. The access point/software connects to the Tanaza engine (, and from here will have a configuration pushed or it, or configuration information from the AP can be retrieved.

The Tanaza backend UI ( sends information through ajax requests to the Tanaza web interface ( The user front-end accesses static resources (css, javascript, images, html).

Tanaza requires a Tanaza host per subnet. The Tanaza agent is available for Windows and Mac and there is no need for VPNs, public IPs or DynDNS. 
The Tanaza agent is written in C and is based on the OpenWrt code. I'm most familiar with using dd-wrt (a variant of OpenWrt) to tweak the Linksys WRT54G access point to perform better than the code it shipped with.

I was not familiar with Tanaza prior to attending Wireless Field Day 3. It was very interesting to hear their solution presented, since it is something I wouldn't otherwise have encountered. I can see where Tanaza could be used to manage a diverse deployment of off the shelf access points and do so by using a single web interface. Tanaza is a slick solution to overcome the problem of how to manage the different wireless hardware you'd find in small shops (restaurants, laundromats, schools).

Tanaza was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.

Monday, September 17, 2012

Ruckus at Wireless Field Day 3

Ruckus Wireless newly designed stadium antenna
Ruckus was a presenter at Wireless Field Day 3. In Steve Martin's presentation he explained how Ruckus puts their effort into redesigning the entire RF integrated circuitry of reference designed wireless silicon chips/antennas to get the lowest noise floor and have the best receive sensitivity of any access points in the wireless business. 

He says that through this redesign process, Ruckus access points/antennas will have a 3 to 6 dB better difference than their competitors. Most of this antenna redesign is done by their 25 person design team in house, most of whom reside in the US.

They take and adapt reference design, create their own versions, get the new designs fabricated then they go through extensive testing. Typically new antenna designs go through this re-design/testing process at least three times (six month + process).

Ruckus has more low level source code control access to the Atheros chip set, and as a result Ruckus has a preference in modifying Atheros reference wireless chipsets.

Manufacturing for the Ruckus product line is done in Malaysia and China, and stringent quality control is ensured by building their own manufacturing test setups. The final product testing before its shipped to the end user is done as a separate step to ensure repeatable quality of their products. Periodically they sample 10 or 20 of a given model out of finished goods, bring them back to engineering & re-run them through the engineering verification testing.

Niv Hanigal presented after Steve Martin, and he explained that Ruckus also has a large presence with Carrier/Service Providers to offload cellular connectivity to Wi-Fi. Today's fixed line carrier cable operators don't have licensed spectrum, they only have Wi-Fi as an offload option. The carriers have been  losing subscribers, experiencing more customer churn, and they needed to invest in an option to enable more features for their customers. This is how Ruckus came to provide the ability to do 802.11u offloading from a carrier to local Wi-Fi. There are two phones already certified for 802.11u but the make and model are currently unknown. The only thing we know is that it is not an iPhone. Reasons for difficulty in getting 802.11u client devices to test with are mostly around the adoption cycle of replacing devices. The lifecycle of a typical cellphone is just over two years. As part of the testbed for 802.11u, Passpoint 2.0 is trying to address online signup process difficulty and enable the operator control side for the Wi-Fi devices.

The SmartCell gateway takes the Wi-Fi connection and makes it look like any other cellular connection. The northbound connections most common are GDP ? It acts as if it is part of the cellular network.

Bill Kish CTO Ruckus Wireless then went over how Ruckus makes advancements in antenna design by adapting the degrees of freedom that the chipsets provide for them. Their antenna testing uses throughput based metrics. This is traffic that is normally generated by the access point is used for throughput modeling, the access point does not need to go off channel during this procedure. They use the 802.11h channel change notification to announce to clients that the channel has changed on the access point. Keep in mind that client devices that support/understand channel change announcements are Broadcom and Atheros chipsets.

If ChannelFly is running on multiple Ruckus access points at the same time, d
istributed optimization technique (simulated annealing) is how the group of APs do not disrupt each others' ChannelFly algorithm. There is a period of 'burn-in' where the access points may interfere with one another while the proper operating channels are being determined by the ChannelFly algorithm.

Victor Shtrom told us more about the multiple spatial stream access points Ruckus has in their porfolio. Ruckus has 3x3 and 4x4 spatial stream capable antennas for outdoor point to point links, but without multi-path you won't get multiple spatial streams out of the access points. Multi-path is almost required to actually get multiple streams. The antennas' signals must look very different from one another if you're using more than 2x2 antennas. The antennas chosen to use with an outdoor 3x3 spatial stream access point would  need to have different multi-path profiles to make full use of the spatial stream capabilities of the access point.

Ruckus was a sponsor of Wireless Field Day 3. As such, they were responsible for covering a portion of my travel and lodging expenses while attending Wireless Field Day 3. In addition, they provided me with a desk name plate made from antenna sector chips (silk screened with my name), a  ZoneDirector 1100 controller and a 7321 access point (I think that's the right model of AP - they're shipping it so I don't have it just yet). They did not ask for, nor where they promised any kind of consideration in the writing of this review/analysis.  The opinions and analysis provided within are my own and any errors or omissions are mine and mine alone.