Date post: | 24-May-2015 |
Category: |
Documents |
Upload: | parkerpearson |
View: | 711 times |
Download: | 2 times |
RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
The Ghost of BYOD Future
Frank RoysRegional Sales ManagerRuckus WirelessHotel RoanokeDecember 6, 2012
2 | Meeting Name
About UsFounded 2004, Sunnyvale, CAInnovation Carrier class Smart Wi-FiCustomers 15,000+ Unique CustomersEmployees 700 in 20 countriesR&D Centers Sunnyvale, China, Taiwan,
India, IsraelCapitalization (NYSE:RKUS) $102 million2012 Financials $150K in 3 Qtrs, ProfitablePatents 55 granted (80 pending)Units shipped 10 million and countingMarkets Carrier/enterprise infrastructure
RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
Bring Your Own DesignSIMPLIFYING BYOD WITH RUCKUS
4 | Meeting Name
What is BYOD?
▪ Bring Your Own Device
▪ Recognition by enterprise companies that their employees would rather use computing tools of their own choice than your well-intended computing platform
▪ Allows you to leverage employee’s natural propensity for a specific kind of computing device – highly subjective
▪ Introduces risks in terms of proprietary information loss, indemnification, replacement of broken devices and inappropriate use.
▪ Requires your IT department to be flexible and to mitigate risk to an acceptable level.
5 | Meeting Name
The Realities of BYOD
% %
% %
6 | Meeting Name
What Enterprises REALLY Want
Simple onboarding
Automated enforcement of user/device policies
Visibility of who and what is on the WLAN
Extension of wired security to WLAN
More capacity to deal with flood of devices
Leverage existing infrastructure
123456
7 | Meeting Name
Two Problems
▪ New devices driving BYOD adoption = very poor Wi-Fi clients
▪ Need help mitigating new risks introduced by BYOD
We can address both problems
8 | Meeting Name
New Devices Driving BYOD
▪ Much more affordable in scarce money budgets
▪ People LOVE them
▪ Tech refresh every birthday and Christmas
▪ Inherently more secure
▪ Apple iOS, Android OS
▪ Tougher, harder to damage
▪ Easier to Find
▪ “Find Me” Apps
▪ Millions of Apps
9 | Meeting Name
What’s Driving Enterprise-class Wireless Adoption?
2/3rds of all USBuyers are optingFor SmartphonesAnd Touch-screenTablets (iPads, Kindles and Galaxies)
10 | Meeting Name
Who’s “Winning”?
11 | Meeting Name
BUT - the Market-Driving Devices are the WORST Wi-Fi clients!
Single polarity antenna
Low Power 10mw radiosSave Battery Power
12 | Meeting Name
What Happens When Connectivity is Unreliable?
▪ In Schools: ▪ Takes too long to get everyone on▪ Disconnects = loss of attention▪ Loss of attention = blown lesson plans
▪ In Healthcare▪ Can’t use laptops on carts everywhere▪ Takes longer to retrieve electronic records▪ Frustrates doctors, patients and staff
▪ In Government▪ Poor guest access experience▪ Web-based applications time out▪ Can’t maintain SLA for sustainability
▪ In Utilities and Manufacturing▪ Severe impact on productivity▪ Slows distribution and delivery▪ Over-spend adding superfluous AP’s
13 | Meeting Name
Two Options to Fix Small Device Issues
▪ More graphical management
▪ Local or outsourced in a “Cloud”
▪ Let someone else try dealing with crappy wi-fi
▪ Spend more on management than on AP’s
▪ 2X number of AP’s to solve orientation
▪ Focus on Better Connectivity▪ Can hear weak radio devices at a distance
▪ With a solution for device orientation
▪ No loss of high quality management
14 | Meeting Name
Introducing ZoneFlex 7982
▪ Industry’s first 3x3:3 dual-band AP with dynamic antenna and chip-based beamforming (TxBF)
▪ Advanced features▪ Adaptive Polarization Diversity▪ Spectrum Analysis *
▪ Up to 500 clients per radio (512 total) *▪ Highest performing in the industry▪ Up to 900 Mbps
▪ Sleek and sophisticated design secures to T-bar rails, walls and ceilings
▪ Plenum-rated▪ Powered by standard 802.3af +
Highest Performing Access Point for the Enterprise
15 | Meeting Name
Inside the 7982 Over 3000 unique antenna patterns
Dual radios 3x3:3
(900 Mbps)
Integrated T-bar mount
Routing channel for cables
Hidden cables
Secured with Kensington Lock
Release mechanism
protected with security
screw
Two 10/100/1000 Ethernet ports with
802.2af PoE
Vertical and horizontal polarity
Integrated key holes for wall or
ceiling mount
16 | Meeting Name
Extending Performance at RangeAdaptive Antennas and Transmit Beamforming Working Together
3dB 6dB 9dB
S I G N A L T OINTEFERENCEPLUS NOISE (SINR)
IMPROVEMENT
> 9dBOFINTEFERENCEM I T I G A T I O N
15dB OF>
17 | Meeting Name
Adaptive Polarization Diversity▪ Better reception (PD-MRC) for weak and
hard to “hear” devices
▪ Better transmission to devices constantly changing their orientation
Device orientation accounts for up to 5x performance differential among products
VERTICALPOLARIZATION
HORIZONTALPOLARIZATION
18 | Meeting Name
Current Software
Wireless and Network Transmit Beamforming plus Antenna-based Beamforming DHCP Relay Proxy ARP and ARP Broadcast filter (per SSID for ZD tunnel & at AP) 512 Client support on (7982, 7762-AC, 7782) Passpoint™ (802.11u/Hotspot 2.0) WMM-AC 802.1x/MAC by-pass Dynamic VLANs (Ethernet ports) Device Policy Enforcement Customizable Channel Range Control Increased Encrypted LWAPP Tunnel Throughput on ZD 5000
Management Performance Monitoring with RF Pollution TACACS+ ZD/AP/FM admin auth & role support Increased reporting granularity (30 days @ 15 minute interval) High Availability
19 | Meeting Name
High Network Availability
▪ Single ZoneDirector Failure
▪ no data or state loss in the virtual machine
▪ All state preserved (storage, memory, networking)
▪ No new clients can be added but existing clients stay connected
▪ No need for additional operating system and software licenses.
▪ AP-level high availability
▪ Self-healing
▪ Automatic Load Balancing
▪ Automatic Band-Steering
▪ In N+1 Networks with 2 ZoneDirectors
▪ Automatic re-establishment of fault tolerance after HW failure
20 | Meeting Name
How Can I Lower Risk??SIMPLIFYING BYOD WITH RUCKUS
21 | Meeting Name
Don’t Reinvent the Wheel
FIREWALLS CONTENT FILTERS
AAA/AD/LDAP SERVERS
ACLs / VLANS
22 | Meeting Name
Defining the SSID Structure
▪ DOMAIN SSID▪ Enterprise-owned / managed devices with access to all resources:
printers, applications, files shares
▪ Guest Visitor SSID▪ Users who are not in the OUI with access only to the internet
▪ Staff and Student BYOD SSID▪ Non-enterprise-owned / managed devices needing Internet access
and specified school resources, VLAN and content filtering applied
▪ Provisioning SSID▪ Hotspot with a walled garden attribute, redirecting all users to
an activation page
23 | Meeting Name
Staff automatically placed on VLAN X, rate limited at 5 Mbps
User does NOT have account and is denied
DOMAIN
Automating Role-Based Access
STAFF
INVITED GUESTS
STRANGERS
Automatically placed on VLAN Y, rate limited at 1 Mbps
Administrator automatically placed on VLAN W, no rate limits
Allowed on via a Guest Pass, accepting terms and conditions automatically placed on VLAN Z, rate limited at 1 Mbps
GUEST
24 | Meeting Name
How to BYOD with Ruckus
Unknown device associates with provisioning SSID
User challenged to authenticate
ZD queries LDAP (AAA domain)
User placed into requisite role based on security group membership, VLAN dynamically assigned
Unique dynamic PSK automatically generated, bound with device and pushed to client
Policies applied per role and VLAN membership
123456
25 | Meeting Name
What it Looks LikeWHAT HAPPENS WHEN?
Internet
Guest
New BYOD Devices Provisioned BYOD Guest
UserDatabase
StudentResources
StaffResources
GuestResources
Student SSID
Student
Staff SSIDGuest SSID
(hotspot)Onboarding SSID
1. Users connect to a provisioning SSID and are re-directed to an onboarding portal.
2. Users enter domain credentials which are verified against a user database.
3. The user’s role assignment and permissions are automatically determined based on authentcaion.
4. Using Zero-IT, the device is auto-provisioned with a dynamic pre-shared key and dynamically assigned to the requisite WLAN.
5. Devices re-connect on a secure WLAN, receiving network permissions according to their role. Staff
26 | Meeting Name
SIMPLIFYING BYOD WITH RUCKUS
Key Technologies
27 | Meeting Name
Zero IT Automates Onboarding▪ Requirement:
automatic, secure authentication androaming
▪ Enabled by SSID and authorization protocol configuration
▪ Easy-to-use Ruckus approach to push configuration
▪ Uses mobile OS auto-detect and -authenticate features, not a separate connection manager app
Invitation BrandedLanding
Page
‘One-Click’Configuration
AutomaticAuthentication Enabled
28 | Meeting Name
WLAN profile configureddevice, and on the WLAN based on allowed by role.
D-PSK Automates Security/Config
LDAP sends user security
group information to ZD
ZD applies role, generates D-PSK
pushes dissolvable PROV file to device
29 | Meeting Name
▪ Visibility “Who’s device is this?”
▪ Self-registration▪ Automatically registers and maintains
client info on WLAN and Wired interfaces▪ Operating System▪ Operating System Hostname
▪ Control by device type▪ Permit/allow ▪ Assign to VLAN▪ Rate limit (Down/Up)
▪ Management▪ WLAN controller or standalone▪ WLAN dashboard▪ Client monitor▪ Client details
Client Fingerprinting Hostname: dstiff’s iPhone MAC: 50:ea:d6:7c:30:e4
30 | Meeting Name
Device Specific Policy Enforcement (9.5)▪ Segregates trusted and untrusted devices
on single SSID
▪ Simplified access rules per device
Windows Windows Mobile
Mac OS iOS
Linux Android
VoIP Gaming
Printers
▪ Control network access per device
▪ Permit/Deny
▪ Assign to VLAN
▪ Rate Limit (Down/Up)
Device Type Access VLAN Rate LimitDL|UL
Gaming Deny - -
Windows, Mac OS, Linux Permit 20 -
iOS, Windows Mobile, Android Permit 10 4 Mb | 1 Mb
✖
VLAN 20 VLAN 10
Device Policy Access Control
31 | Meeting Name
BYOD How-To Guide & Videos
http://www.theruckusroom.net/
Step by Step guide to configuring Ruckus BYOD
32 | Meeting Name
25% 28%
303%
Ruc
kus
GROWTH OF TOP 3 WLAN LEADERS
Cisco 46%
Aruba 16%
Other 26%
Ruckus 12%
HP
Aru
ba
Unit shipment growth1Q11 to 1Q12
WORLDWIDE ENTERPRISE WLAN MARKET SHAREUnit shipments, 1Q12
SOURCE:
Fast and Fierce
33 | Meeting Name
Taking Market Share
51.7%16.7%
26.5%
6%
Top 3 WW WLAN Market Share Leaders
Cisco
Others
Aruba
Ruckus
2010 WLAN Coordinated Access Points by Revenue
Cisco 46%
Aruba 16%
Other 26%
Ruckus 12%
WORLDWIDE ENTERPRISE WLAN MARKET SHAREUnit shipments, 1Q 2012
Cisco lost 5.7% MS in a market growing 36% CAGR
Ruckus has DOUBLED its market share
34 | Meeting Name
Trusting 802.11 Like You Do 802.3
802.11Ruckus Attributes
Unified Comms & SIP Router (Mobility)
Wired Core and Edge Switches
Streaming VideoFor
Education Market
Mobile Device Management
802.11 A/B/G/N Emerging 802.11AC
Situational Awareness
and Healthcare
Apps
35 | Meeting Name
Starter Kit PromoStarter Kit Promo
Check out this amazing wireless technology!
No charge – no obligationGREATCONNECTION!
36 | Meeting Name
A Dickens of a Special: 3 Free Evaluation Kits
▪ ZoneDirector 1106 (6 AP licenses)
▪ Two ZoneFlex 7982 Access Points
▪ Free site survey
▪ A Ruckus Dog!!
Parker Pearson - [email protected]