Thursday, March 21, 2013

Geek Day is next week in SF! (March 27th - 28th)

Anyone in San Francisco next week?

I'll be at the World Wide Technology's (WWT) Geek Day event next week, deep in the heart of San Francisco!

Not registered yet? It's FREE!

Go get yourself a badge and come by and pick my brain about all things wireless!
"Geek Day is a technology tradeshow featuring live, working demonstrations from the industry's best-of-breed collaboration, wireless, mobility, security, datacenter and virtualization solution providers. 
The two-day agenda features the Geek Lab, where solution providers conduct on-demand demonstrations, and an agenda of breakout sessions where WWT and the Geek Day Sponsors provide deep dive product and solution information sessions."

Hyatt Regency San Francisco
5 Embarcadero Center
San Francisco, CA 94111

Tuesday, March 19, 2013

Cisco: 802.11ac Client Cards, Location Analytics and Snapdragons! #WFD4


Brian Hart (Strategic Initiatives Group) and Mark Denny gave us the 802.11ac update. We had a show and tell with the 802.11ac module (looks just like the monitor module. We also were shown two 802.11ac clients. A Linksys 1x1 802.11ac USB wireless adapter and a Netgear USB adapter.

Cisco Update on 802.11ac with Mark Denny and Brian Hart from Stephen Foskett on Vimeo.

The adoption timeline for CY2012 is consumer devices will be available from Linksys/Netgear in Q2. The first 802.11ac laptops will start shipping in Q4 2012. For CY2013, Wave 1 Q2 and 802.11ac mobile devices Q3 For CY2014, Wave 2 Q1, Client proliferation in Q2 and 802.11ac wave 2 starts to roll out in Q4 of 2014.

Multi User MIMO and the 4th spatial stream will be the big news items as 802.11ac progresses.

Jeevan Patil presented an overview on the 3850 Unified Access switch and the 5760 controller. The breakdown of the Cisco tagline "One Policy, One Management, One Network" is as follows:

Cisco Converged Access & Wireless Controller 5760 with Jeevan Patil from Stephen Foskett on Vimeo.

One policy = ISE
One Management = Prime
One Network = 5760 & 3850

These controllers are not replacing all the other controllers in the portfolio, these platforms allow for more options in designing a robust wireless infrastructure. The 3850 can support 1- 50 aps per switch/stack for directly connected APs, 2k clients per stack and a 40Gbps aggregate uplink capacity per switch. Converged access mode is where the access points terminate the data plane on the switch. This creates a single point of policy enforcement. The encrypted wireless user data can be acted upon as the data reaches the switch port instead of needing the encrypted data to get back to a centralized controller before you can apply QoS or utilize Application Visibility Control on the wireless data.

Controller licensing is moving to a Right TO Use (RTU) trust based model and RTU licensing is built into the universal images. There is a single CLI to turn on any license level, the customer agrees to the EULA and you can move licenses between 3850s and 3850s /and/ 3850s to 5760s /and/ 5760s to 5760s.

The connected mobile experiences was covered by Jagdish Girimaji and Mir Alami

Cisco Connected Mobile Experiences with Jagdish Girimaji from Stephen Foskett on Vimeo.

The goal of the connected mobile experience is to detect presence, connect customers and engage them. With the MSE & 7.4 code, retailers can get visibility into where the customers are within their stores and venues. Cisco recently purchased a company called ThinkSmart Technologies and is beginning to integrate location analytics into the MSE. It is possible to track non-associated clients if their Wi-Fi is turned on, yes - the client does not need to be associated to be detected and tracked. If a customer has downloaded a retailers application and have it installed on their smart phone, the Cisco infrastructure can automatically associate the client to the retailer's guest wireless network without the end user interacting with the app at all. The customer example is for Target stores, and the app can be made to automatically launch when the smartphone is detected as having the app installed and being in the proximity of the wireless network. Cisco has done a considerable amount of work with Qualcomm to embed the Mobility Services Application Protocol (MSAP) into the firmware at the silicon level (mostly Android devices). The new Android devices with the Snapdragon silicon in them will be able to take advantage of automatically discovering services (pre-association).

Pinpointing user locations is not currently possible, so stores will be divided into multiple zones. The accuracy they spec is 5m accuracy. In the next 6-9 months there may be improvements in that level of accuracy. The notification to the end user is done over the 3G or 4G prior to the user being associated to the 802.11 wireless network.

This level of tracking capability spurned a lively conversation about the security ramifications of having your wireless auto connect without you interacting with the application at all. The authorization to associate will probably be buried in the EULA of the app when you download it. Some users may take issue with their MAC address being detected and targeted for data pushes to the device. The Seattle Airport and Copenhagen airports have taken part in a study to determine how many devices pass through the airport at any given time. 

Mir Alami went over the infrastructure features of the Location Services Topology and explained how the users associate/authenticate and are interacted with via the MSE/custom built app. He walked through a demonstration of how the application would work and possibly send coupons/maps or other information to the targeted customer. The custom application does not have to be running and you do not need to be logged into the guest wifi to get this information push.

Monday, March 18, 2013

Aruba: VisualRF, AppRF and AirWave (Getting better all the time) #WFD4


Keerti Melkote presented the history of Aruba and told us they celebrated their 11 year birthday on February 14th! Aruba sees opportunity for innovation around client location awareness and utilizing software defined networking architectures in a campus environment. IPV6 will continue to be more and more important and will impact network designs in the future.

Aruba AirWave: Monitoring the Health of a Wi-Fi Network from Stephen Foskett on Vimeo.

Rob Gin (Aruba's AirWave expert) and Sujatha Mandava (Product Manager for AirWave) gave us a login to AirWave and we spent some time digging around viewing our client statistics and network utilization information. I made a few screen captures of views I found interesting. I could focus on a single client to see the information on client link, can focus/unfocus the display to show the access point information for just that single client device. The help desk view in AirWave does not allow you to adjust the thresholds per device types for alerts, but the Admin view will let you make those adjustments. Airwave tracks upstream devices and can determine which switch a controller is connected to in order to view wired/wireless data. They use the bridge forwarding table or CDP to gather information from switches. They can take anything in MIB2 to correlate information on the upstream device. The RF Performance views can start from the client perspective. The charts begin with information on clients with low SNR values. RF attenuation will be recalculated based upon the access points data that they can detect from one another. The colored lines to the clients from the access point shows the frequency (2.4 or 5GHz) that the clients that are connected on. The "Simulate failure" button shows the RF coverage without that single access point. You will be able to export client session reports to CSV and get them emailed to you in version 7.7 code.

VisualRF does location calculations on its own, unlike Cisco's MSE which is used to perform location tracking calculations. AirWave/Visual RF can take location information from Prime and use that information to place clients on the floor plan. Autoprovisioning of access points can be done for a defined region and calculated based on coverage needs (voice/data rates/signal strength). AirWave can be configured for specific triggers to alert on given events: Hard Drive space, RF utilization etc. The administrator can drag and drop the rules (from the Rules page in Airwave) to prioritize them on the fly (like mobile ACLs). Access point OUI information can be used to filter out rogues by a single vendor (like 2WIRE SSIDS). Airwave is capable of storing data for up to 5 years. Airwave is priced on device count. Access points, switches and controllers count as one device count.

AppRF in version 7.7 will provide information to AirWave (similar to Cisco's AVC) will show the top 3 destinations of client traffic, top trends for top 3 applications and uses NetFlow-like information.

Aruba Controllerless Wi-Fi from Stephen Foskett on Vimeo.

One of the access points at a remote site would have an https connection to AirWave for reporting on RF statistics. The number of possible users per controllerless group depends on vlan sizing. Aruba no longer recommend lots of access points in the branch managed by a controller in the data center and for the home offices, Aruba is still recommend having a controller at HQ managing the remote home users.

Aruba makes use of software managed AP purposing, instant APs, RAPs etc. The access point function is determined by the software that has been loaded onto the access point.

Ozer presented the evolution of the controller/controllerless architectures. There are many reasons why you would choose a controller based solution vs a controllerless solution. 

Questions to ask your wireless vendor about their architecture options:

Can your controllers perform:
  • Centralized encryption and policy enforcement?
  • Local and centralized switching at the same time?

Can your controllerless APs:
  • Self configure from the cloud
  • Work without extra management software

Can i move from controllerless to controllers?
  • With the same APs?
  • Without going to the ceiling?

Can I mix and match architectures?

Scott Calzia (Product Manager of Aruba's Campus Controller product line) reviewed the features/functions of the 7200 series controller. It's the 3rd generation controller platform. There are 3 models of controllers: 7210, 7220, 7240. Each has four 1/10GB interfaces. The pair of dual media ports, can be used for interface connectivity, OOB or HA. Each has hot swappable load sharing redundant power supplies and field replaceable fan trays. There is an optional expansion slot *currently not in use*.

The highest end controller can support the following:

2000,000 firewall sessions
2048 APs, 32k devices 40GB
8 cores cpu, four cpus each.
SSD 8GB SD RAM 8GB EOS Flash memory
The controller hardware available now scales to support 4x the number of access points than it did previously.
The controller can support up to 40GB of encrypted throughput.

Balajee Krishnamurthy (Aruba TME) described AppRF as able to define policy decisions based upon applications detected on the wireless network. AppRF can identify applications based on ports and urls being used/accessed. deep packet inspection is possible and there are heuristics for lync, bittorrent, skype. AppRF can monitors the call setup and sync to differentiate Lync voice from Lync data (XML API). Lync voice/video over the air is prioritized, reporting in the Firewall dashboard doesn't have the differentiation to show the different data streams in Lync.

David Munro and Neil Kulkarni covered the Aruba Instant / controllerless solution.
The activate as a service is free for Instant AP deployments via If you have a virtual controller at remote location, additional instant aps discover virtual controller and download image and config from airwave management mode at the data center

Juniper: Virtual Controller = Physical Controller (100% Software Feature Parity!) #WFD4


Jonathan Davidson opened up WFD4 at Juniper and explained that Juniper tends to focus on the near future 6-9 month futures when defining their market strategies. Their 'single pane of glass' management vision is operationally focused instead of task focused.

Juniper is hiring/expanding their wireless staff to aggressively pursue the wlan marketplace. They have development centers in the US and India - and they're having difficulty filling wireless positions with qualified employees. 

The JunosV App Engine (announced last fall) runs on their MX portfolio that allows any app at any time to be put on the best selling routing portfolio. (The JunosV App Engine requires the addition of the AS-MLC line card in a MX Series 3D router, or implementation of a VSE Series Virtual Services Engine appliance along with a MX Series 3D Router.)

Jonathan Davidson and Tamir Hardof Introduce the Juniper Session at WFD4 from Stephen Foskett on Vimeo.

Juniper is continuing to invest in the Pulse product line. Pulse is transitioning from an MDM tool to a security feature to secure the endpoint.

Building Mission Critical Wi Fi Networks with Juniper from Stephen Foskett on Vimeo.

Bruce Alexander filled us in on the advancements in the wireless product line. The 532e now has three external antenna connectors (it has been out for a few months). The new Juniper controller (WLC880) supports up to 32 access points.

SmartPass Connect is now on the Juniper price list and is shipping. SmartPass Connect has been integrated into the Juniper portfolio and is no longer a bolt-on addition. New devices are on boarded easily with a captive portal and authentication is redirected to the SmartPass Connect server. The SmartPass server pushes a small software supplicant to the new mobile device in order to accept credentials and pass this information to the AD/LDAP server. Certificates and configurations are pushed to the clients and then the software that was originally installed is removed once the authentication/association is completed. The SmartPass connect certificate is pushed to the client and is SCEP-like, but is not SCEP. A Microsoft infrastructure and SCEP certificates are a bit problematic due to permissions set within Active Directory.

Juniper's access points and controllers all do local switching. The data flow from the access point doesn't go all the way back to the controller. Juniper has customers with over 4500 locally switched access points. Up to 32 controllers can be managed in a cluster and each controller can control up to 512 access points per controller. The locally switched factor does not affect the number of APs that can be managed. Juniper is attempting to integrate wired and wireless. Juniper is using IF map to integrate information from the client into the management platform.

Juniper Unified Management: Introducing Network Director from Stephen Foskett on Vimeo.

Tim McCarthy, Bruce Alexander and Rajesh Patil covered the features/functions/future of the Junos Space Network Director.

The Junos Space Network Director is the successor to RingMaster. It will be launched soon in a phased delivery. The first release of the software will not have feature parity with the current RingMaster software version. Junos Space Network Director will eventually be virtualized in the same way as all the other Juniper applications and the data engine will display data in HTML5, not flash or java. The initial release does not have the RF planning/floor plan heat map or location tracking functionality at first ship of 1.0 of Junos Space Network Director. When discovering clients, it's not possible to search via wildcards, but you can enter an IP range. The licensing for wireless devices is per access point and for wired devices is per device for wired switches. JSND can support up to 2000 devices and 15,000 access points.

Juniper Network Director Demo from Stephen Foskett on Vimeo.

The network can be viewed by the logical or physical connectivity. Device upgrades can be done per building as a result. The version first shipping has about 60% of the features needed to configure your wireless infrastructure when compared to the functionality currently present in RingMaster. When updating software versions on managed devices, hardware images are manually uploaded to the Junos Space Network Director by browsing to the file on your local machine instead of downloading from Juniper's website.

Juniper High Density Testing from Stephen Foskett on Vimeo.

Tim McCarthy presented how Juniper field tests its wireless hardware. In order to perform wireless client testing, Juniper utilizes a testing facility which seats 3000 people. Testing devices are connected to AC power during testing, and the devices are set to be 'always on'. Juniper engineers can book the testing facility for two weeks at a time, testing setup takes one day, teardown is half a day and they use 300 wireless client devices during testing. During the wireless testing, SmartPass Connect is used to quicken the device on-boarding/configuration.

Future Wi-Fi Innovations from Juniper from Stephen Foskett on Vimeo.

Daniel Wade then jumped into talking about the WLC 100 (supports 32 access points and 800 wireless users). The WLC 100 has a USB console port, storage port for convenience purposes. It is intended as a replacement for the WLC 2 and WLC 8 products. The WLC 100 is fanless in design and the red ports are PoE+ (at power) ports.

The Juniper virtual controller has 100% of the software features of a physical controller. Juniper developers have been using the virtual controller for feature testing for at least ten years. The software for vWLCs was developed on their desktop machines so there is not loss in feature parity, and does not require a ton of memory as a result. Utilizing a virtual controller allows developers to scale the data plane independent of the control plane. There will be a direct download from the Juniper website for the Juniper virtual controller. It can be run on an esxi server and will support up to 256 access points and 6,000 clients. VM requirements for a high end scale (256 APs/6k clients) have not been defined yet. For a low end deployment 256Mb of DRAM should be allocated to the VM. Scaling up, the high end wlc ships with 1GB of DRAM.

Steve Grau closed out the Juniper session by presenting an overview of 802.11ac and Bonjour services. Juniper does not currently have an 802.11ac capable access point, but per Bruce their controllers are 802.11ac ready because most of their customers are already doing locally switched wireless networks rather than tunneling everything back to a centralized controller. Their controllers will only need their firmware upgraded to support 802.11ac access points.

Juniper wireless networks still have issues with sending Bonjour messages across VLANs, what services you see should be based on where you are (building specific), but there isn't a timeframe for feature support to overcome the problems with Bonjour.