CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 1
NETWORK DESIGN FUNDAMENTALS
Presented by Andy Logan Feb 2012
2 2 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Validated Reference Designs (VRD)
http://www.arubanetworks.com/vrd
3 3 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
The WLAN Lifecycle
• Requirements Definition • Site Surveys
• Network Design • RF Design • Security Design • QoS Design
• Staging & Provisioning • Installation & Validation
• Administration • Monitoring • Troubleshooting
CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 4 4 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Define
5 5 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Understand Mobility Requirements
Virtual Desktops
Collaboration
Multimedia Mobile Devices
6 6 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Site Surveys
7 7 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
AP Coverage
8 8 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
5 GHz Coverage in a 2.4 GHz Plan
9 9 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Mounting APs
Ceiling
Wall
10 10 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Virtual Survey Tools
Outdoor 3D Planner VisualRF Plan
CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 11 11 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Design
12 12 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Aruba Controller vs. Aruba Instant
Aruba Campus Solution Aruba Instant Relative cost $$$ $ Scalability Thousands of APs
Hundreds of thousands of users/ devices
16 APs 256 users/ devices
Policy management Centralized policy store Autonomous WLAN Can centralize policies via AirWave
User security Context-aware security by role, device, location
User based
Mobility Voice ready Layer 3 Voice ready single subnet
Provisioning and software upgrades
Controller Virtual Controller, cloud-based image server, or AirWave
Onsite IT required? Yes, at installation and periodically during operations
No
Operations management
AirWave AirWave
13 13 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
AP Decision Tree
14 14 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
SSID Design
Most common SSID design for enterprise organizations includes 2-3 different SSIDs – Employee users – strong authentication and encryption suite – Application – devices not capable of strong authentication
and encryption levels – Guest access – will not run any encryption; requires
authentication
15 15 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Role-Based Security Architecture
Corporate Services
Guest
Data
Voice
Signage
PoS
Virtual AP 1 SSID: Corp
Virtual AP 2 SSID: GUEST
DMZ
ClearPass Guest Access
Captive Portal
Role-Based Access Control
Access Rights
Secure Tunnel To DMZ
SSID-Based Access Control PoS
Data
Voice
Signage
Guest
RADIUS LDAP AD
16 16 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Continuous RF monitoring of wireless devices, activity and configuration across all 802.11 channels
Discover Complete 802.11 Spectrum Monitoring
Automatic classification of threats and non-threats is critical to RF security
Classify Policy-Based Threat Prioritization
Automated containment to block any rogue or intruder
Automated logging and report distribution ensures compliance with wireless security policies and regulations
Alert and Audit Automated Compliance Reporting
Contain Automated Threat Mitigation
Wireless Threat Protection Framework
17 17 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Quality of Service (QoS)
CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 18 18 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Deploy
19 19 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Mobility Controller Deployment
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 20
Wired + Wireless Access
Dynamic Policies Authentication Policy Definition Point • Simplified Access Provisioning • Eliminate policy definition on
mobility switch & controller • Users authenticate against
ClearPass Policy Manager
• Authentication result returns role via RADIUS
• Associated role’s policy dynamic pushed to switch / controller
• Single portal for policy definition – wired or wireless
• Role and policy association definition
• Supports Heterogeneous Networks
• Single Policy definition - Wired + Wireless
• Simplifies provisioning • Enables Heterogeneity • Role based Access • BYOD - wired & wireless
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 21
Mobility Controllers
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 22
Access Points
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 23
Mobility Access Switch
24 24 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Instant Deployment
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 25
Instant Access Points
26 26 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Remote Access
27 27 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Wired or Wireless Backhaul
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 28
Branch Office
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved 29
Aruba VIA
CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 30 30 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Operate
31 31 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Monitoring
32 32 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Troubleshooting
33 33 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Client Diagnostics
34 34 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
Network Diagnostics
35 35 CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved
The WLAN Lifecycle
• Requirements Definition • Site Surveys
• Network Design • RF Design • Security Design • QoS Design
• Staging & Provisioning • Installation & Validation
• Administration • Monitoring • Troubleshooting
CONFIDENTIAL © Copyright 2012. Aruba Networks, Inc. All rights reserved 36 36
Coming Up: Tech Playground 12pm – 1:30pm