When the IT department of the Las Vegas McCarran International Airport, the seventh largest destination airport in the United States, decided to provide the largest free public and private airport-wide wireless fidelity (Wi-Fi) service in the country, the security, scalability and control of the network were paramount concerns.
The scope and importance of the wireless network applications to be used by both the public and airport personnel were immense. The network would have to provide service from anywhere in the airport to the over 36 million travelers passing through McCarran each year -- and growing monthly by double digits.
But more important, McCarran viewed their Wi-Fi network as a strategic tool to help increase the efficiency of the airport, improve the experience of travelers within the airport and ultimately help to lower travel rates. Considered on of the most technologically sophisticated airports in the country, McCarran’s plans includes supporting a wide range of innovative new applications, such wireless dispatching of wheel chairs, wireless fastrack boarding, wireless-enabled flight information display systems and wireless reservation kiosks. In addition, the new wireless network would have to support airport productivity and operational applications. And finally, the airport also plans to offer airline carriers customized wireless services tailored to their specific needs.
The airport had already installed first generation wireless LAN (WLAN) access points (APs) in some of their conference rooms. But the IT department quickly realized that as a distributed solution it would scale poorly and would be costly. Numerous and expensive fat access points and switches for each wiring closet would be required. Because McCarran will have diverse public as well as private users and applications, there will also be greater contention, interference and security issues that the system would need to solve.
As a result of the size and potential complexity of the deployment, McCarran then focused on three main requirements for choosing an airport-wide wireless system:
1. Centralized security and management
2. Fast and easy scalability
3. Affordability, in terms of total cost of ownership and value
After carefully considering all the issues and requirements, the airport chose the centralized WLAN switching and security system from Aruba Wireless Networks. By using Aruba’s centralized system, McCarran realizes greater economies of scale because the system:
1. centralizes all security and RF controls,
2. provides the most advanced wireless security available today, and
3. requires less equipment and configuration time than alternative solutions.
“Aruba’s centralized system is an order of magnitude better solution than alternatives in terms of their advanced security, ease of management and scalability, and overall value,” said Gerard Hughes, IT director at McCarran International Airport.
“The system lets us easily and securely partition our RF environment so we can provide each carrier or vendor with their own virtual wireless network along with the requisite services and security they desire. Other airports have service providers that charge people to get online. We don’t because our system gives us the flexibility and controls to realize ROI in other ways such as providing service to companies doing business within the airport.”
Hughes also added that, unlike other airports, McCarran is able to provide free service because it owns and operates its own airport-wide telecommunications infrastructure.
“As for contention, Aruba provides an elegant solution. For instance, Aruba’s APs automatically search for channels with less interference. If they find one, they alter the central controller and make the change. And because the APs are low-cost thin APs, I can deploy lots of them everywhere, so a smaller number of users are contending for access to any given AP,” said Hughes.
McCarran has deployed both single and dual radio Aruba 802.11a/b/g access points (APs) throughout the airport. The network is centrally managed by an Aruba 5000 modular wireless LAN switching system in the main terminal along with the Aruba 2400 switch for distributed management. Both switches are equipped with Aruba’s ArubaOS VPN and intrusion prevention software modules. These modules provide McCarran with a statefull policy engine that can be used to enforce strict security and access controls for each user and the ability to automatically detect and eliminate rogue APs, wireless interference sources, ad-hoc networks and to block a variety of wireless intrusions and attacks.
Sunday, 3 June 2007
McCarran Airport Takes Off To Aruba with Nation’s Largest Free Wi-Fi Deployment
When the IT department of the Las Vegas McCarran International Airport, the seventh largest destination airport in the United States, decided to provide the largest free public and private airport-wide wireless fidelity (Wi-Fi) service in the country, the security, scalability and control of the network were paramount concerns.
The scope and importance of the wireless network applications to be used by both the public and airport personnel were immense. The network would have to provide service from anywhere in the airport to the over 36 million travelers passing through McCarran each year -- and growing monthly by double digits.
But more important, McCarran viewed their Wi-Fi network as a strategic tool to help increase the efficiency of the airport, improve the experience of travelers within the airport and ultimately help to lower travel rates. Considered on of the most technologically sophisticated airports in the country, McCarran’s plans includes supporting a wide range of innovative new applications, such wireless dispatching of wheel chairs, wireless fastrack boarding, wireless-enabled flight information display systems and wireless reservation kiosks. In addition, the new wireless network would have to support airport productivity and operational applications. And finally, the airport also plans to offer airline carriers customized wireless services tailored to their specific needs.
The airport had already installed first generation wireless LAN (WLAN) access points (APs) in some of their conference rooms. But the IT department quickly realized that as a distributed solution it would scale poorly and would be costly. Numerous and expensive fat access points and switches for each wiring closet would be required. Because McCarran will have diverse public as well as private users and applications, there will also be greater contention, interference and security issues that the system would need to solve.
As a result of the size and potential complexity of the deployment, McCarran then focused on three main requirements for choosing an airport-wide wireless system:
1. Centralized security and management
2. Fast and easy scalability
3. Affordability, in terms of total cost of ownership and value
After carefully considering all the issues and requirements, the airport chose the centralized WLAN switching and security system from Aruba Wireless Networks. By using Aruba’s centralized system, McCarran realizes greater economies of scale because the system:
1. centralizes all security and RF controls,
2. provides the most advanced wireless security available today, and
3. requires less equipment and configuration time than alternative solutions.
“Aruba’s centralized system is an order of magnitude better solution than alternatives in terms of their advanced security, ease of management and scalability, and overall value,” said Gerard Hughes, IT director at McCarran International Airport.
“The system lets us easily and securely partition our RF environment so we can provide each carrier or vendor with their own virtual wireless network along with the requisite services and security they desire. Other airports have service providers that charge people to get online. We don’t because our system gives us the flexibility and controls to realize ROI in other ways such as providing service to companies doing business within the airport.”
Hughes also added that, unlike other airports, McCarran is able to provide free service because it owns and operates its own airport-wide telecommunications infrastructure.
“As for contention, Aruba provides an elegant solution. For instance, Aruba’s APs automatically search for channels with less interference. If they find one, they alter the central controller and make the change. And because the APs are low-cost thin APs, I can deploy lots of them everywhere, so a smaller number of users are contending for access to any given AP,” said Hughes.
McCarran has deployed both single and dual radio Aruba 802.11a/b/g access points (APs) throughout the airport. The network is centrally managed by an Aruba 5000 modular wireless LAN switching system in the main terminal along with the Aruba 2400 switch for distributed management. Both switches are equipped with Aruba’s ArubaOS VPN and intrusion prevention software modules. These modules provide McCarran with a statefull policy engine that can be used to enforce strict security and access controls for each user and the ability to automatically detect and eliminate rogue APs, wireless interference sources, ad-hoc networks and to block a variety of wireless intrusions and attacks.
The scope and importance of the wireless network applications to be used by both the public and airport personnel were immense. The network would have to provide service from anywhere in the airport to the over 36 million travelers passing through McCarran each year -- and growing monthly by double digits.
But more important, McCarran viewed their Wi-Fi network as a strategic tool to help increase the efficiency of the airport, improve the experience of travelers within the airport and ultimately help to lower travel rates. Considered on of the most technologically sophisticated airports in the country, McCarran’s plans includes supporting a wide range of innovative new applications, such wireless dispatching of wheel chairs, wireless fastrack boarding, wireless-enabled flight information display systems and wireless reservation kiosks. In addition, the new wireless network would have to support airport productivity and operational applications. And finally, the airport also plans to offer airline carriers customized wireless services tailored to their specific needs.
The airport had already installed first generation wireless LAN (WLAN) access points (APs) in some of their conference rooms. But the IT department quickly realized that as a distributed solution it would scale poorly and would be costly. Numerous and expensive fat access points and switches for each wiring closet would be required. Because McCarran will have diverse public as well as private users and applications, there will also be greater contention, interference and security issues that the system would need to solve.
As a result of the size and potential complexity of the deployment, McCarran then focused on three main requirements for choosing an airport-wide wireless system:
1. Centralized security and management
2. Fast and easy scalability
3. Affordability, in terms of total cost of ownership and value
After carefully considering all the issues and requirements, the airport chose the centralized WLAN switching and security system from Aruba Wireless Networks. By using Aruba’s centralized system, McCarran realizes greater economies of scale because the system:
1. centralizes all security and RF controls,
2. provides the most advanced wireless security available today, and
3. requires less equipment and configuration time than alternative solutions.
“Aruba’s centralized system is an order of magnitude better solution than alternatives in terms of their advanced security, ease of management and scalability, and overall value,” said Gerard Hughes, IT director at McCarran International Airport.
“The system lets us easily and securely partition our RF environment so we can provide each carrier or vendor with their own virtual wireless network along with the requisite services and security they desire. Other airports have service providers that charge people to get online. We don’t because our system gives us the flexibility and controls to realize ROI in other ways such as providing service to companies doing business within the airport.”
Hughes also added that, unlike other airports, McCarran is able to provide free service because it owns and operates its own airport-wide telecommunications infrastructure.
“As for contention, Aruba provides an elegant solution. For instance, Aruba’s APs automatically search for channels with less interference. If they find one, they alter the central controller and make the change. And because the APs are low-cost thin APs, I can deploy lots of them everywhere, so a smaller number of users are contending for access to any given AP,” said Hughes.
McCarran has deployed both single and dual radio Aruba 802.11a/b/g access points (APs) throughout the airport. The network is centrally managed by an Aruba 5000 modular wireless LAN switching system in the main terminal along with the Aruba 2400 switch for distributed management. Both switches are equipped with Aruba’s ArubaOS VPN and intrusion prevention software modules. These modules provide McCarran with a statefull policy engine that can be used to enforce strict security and access controls for each user and the ability to automatically detect and eliminate rogue APs, wireless interference sources, ad-hoc networks and to block a variety of wireless intrusions and attacks.
McCarran Airport Takes Off To Aruba with Nation’s Largest Free Wi-Fi Deployment
When the IT department of the Las Vegas McCarran International Airport, the seventh largest destination airport in the United States, decided to provide the largest free public and private airport-wide wireless fidelity (Wi-Fi) service in the country, the security, scalability and control of the network were paramount concerns.
The scope and importance of the wireless network applications to be used by both the public and airport personnel were immense. The network would have to provide service from anywhere in the airport to the over 36 million travelers passing through McCarran each year -- and growing monthly by double digits.
But more important, McCarran viewed their Wi-Fi network as a strategic tool to help increase the efficiency of the airport, improve the experience of travelers within the airport and ultimately help to lower travel rates. Considered on of the most technologically sophisticated airports in the country, McCarran’s plans includes supporting a wide range of innovative new applications, such wireless dispatching of wheel chairs, wireless fastrack boarding, wireless-enabled flight information display systems and wireless reservation kiosks. In addition, the new wireless network would have to support airport productivity and operational applications. And finally, the airport also plans to offer airline carriers customized wireless services tailored to their specific needs.
The airport had already installed first generation wireless LAN (WLAN) access points (APs) in some of their conference rooms. But the IT department quickly realized that as a distributed solution it would scale poorly and would be costly. Numerous and expensive fat access points and switches for each wiring closet would be required. Because McCarran will have diverse public as well as private users and applications, there will also be greater contention, interference and security issues that the system would need to solve.
As a result of the size and potential complexity of the deployment, McCarran then focused on three main requirements for choosing an airport-wide wireless system:
1. Centralized security and management
2. Fast and easy scalability
3. Affordability, in terms of total cost of ownership and value
After carefully considering all the issues and requirements, the airport chose the centralized WLAN switching and security system from Aruba Wireless Networks. By using Aruba’s centralized system, McCarran realizes greater economies of scale because the system:
1. centralizes all security and RF controls,
2. provides the most advanced wireless security available today, and
3. requires less equipment and configuration time than alternative solutions.
“Aruba’s centralized system is an order of magnitude better solution than alternatives in terms of their advanced security, ease of management and scalability, and overall value,” said Gerard Hughes, IT director at McCarran International Airport.
“The system lets us easily and securely partition our RF environment so we can provide each carrier or vendor with their own virtual wireless network along with the requisite services and security they desire. Other airports have service providers that charge people to get online. We don’t because our system gives us the flexibility and controls to realize ROI in other ways such as providing service to companies doing business within the airport.”
Hughes also added that, unlike other airports, McCarran is able to provide free service because it owns and operates its own airport-wide telecommunications infrastructure.
“As for contention, Aruba provides an elegant solution. For instance, Aruba’s APs automatically search for channels with less interference. If they find one, they alter the central controller and make the change. And because the APs are low-cost thin APs, I can deploy lots of them everywhere, so a smaller number of users are contending for access to any given AP,” said Hughes.
McCarran has deployed both single and dual radio Aruba 802.11a/b/g access points (APs) throughout the airport. The network is centrally managed by an Aruba 5000 modular wireless LAN switching system in the main terminal along with the Aruba 2400 switch for distributed management. Both switches are equipped with Aruba’s ArubaOS VPN and intrusion prevention software modules. These modules provide McCarran with a statefull policy engine that can be used to enforce strict security and access controls for each user and the ability to automatically detect and eliminate rogue APs, wireless interference sources, ad-hoc networks and to block a variety of wireless intrusions and attacks.
The scope and importance of the wireless network applications to be used by both the public and airport personnel were immense. The network would have to provide service from anywhere in the airport to the over 36 million travelers passing through McCarran each year -- and growing monthly by double digits.
But more important, McCarran viewed their Wi-Fi network as a strategic tool to help increase the efficiency of the airport, improve the experience of travelers within the airport and ultimately help to lower travel rates. Considered on of the most technologically sophisticated airports in the country, McCarran’s plans includes supporting a wide range of innovative new applications, such wireless dispatching of wheel chairs, wireless fastrack boarding, wireless-enabled flight information display systems and wireless reservation kiosks. In addition, the new wireless network would have to support airport productivity and operational applications. And finally, the airport also plans to offer airline carriers customized wireless services tailored to their specific needs.
The airport had already installed first generation wireless LAN (WLAN) access points (APs) in some of their conference rooms. But the IT department quickly realized that as a distributed solution it would scale poorly and would be costly. Numerous and expensive fat access points and switches for each wiring closet would be required. Because McCarran will have diverse public as well as private users and applications, there will also be greater contention, interference and security issues that the system would need to solve.
As a result of the size and potential complexity of the deployment, McCarran then focused on three main requirements for choosing an airport-wide wireless system:
1. Centralized security and management
2. Fast and easy scalability
3. Affordability, in terms of total cost of ownership and value
After carefully considering all the issues and requirements, the airport chose the centralized WLAN switching and security system from Aruba Wireless Networks. By using Aruba’s centralized system, McCarran realizes greater economies of scale because the system:
1. centralizes all security and RF controls,
2. provides the most advanced wireless security available today, and
3. requires less equipment and configuration time than alternative solutions.
“Aruba’s centralized system is an order of magnitude better solution than alternatives in terms of their advanced security, ease of management and scalability, and overall value,” said Gerard Hughes, IT director at McCarran International Airport.
“The system lets us easily and securely partition our RF environment so we can provide each carrier or vendor with their own virtual wireless network along with the requisite services and security they desire. Other airports have service providers that charge people to get online. We don’t because our system gives us the flexibility and controls to realize ROI in other ways such as providing service to companies doing business within the airport.”
Hughes also added that, unlike other airports, McCarran is able to provide free service because it owns and operates its own airport-wide telecommunications infrastructure.
“As for contention, Aruba provides an elegant solution. For instance, Aruba’s APs automatically search for channels with less interference. If they find one, they alter the central controller and make the change. And because the APs are low-cost thin APs, I can deploy lots of them everywhere, so a smaller number of users are contending for access to any given AP,” said Hughes.
McCarran has deployed both single and dual radio Aruba 802.11a/b/g access points (APs) throughout the airport. The network is centrally managed by an Aruba 5000 modular wireless LAN switching system in the main terminal along with the Aruba 2400 switch for distributed management. Both switches are equipped with Aruba’s ArubaOS VPN and intrusion prevention software modules. These modules provide McCarran with a statefull policy engine that can be used to enforce strict security and access controls for each user and the ability to automatically detect and eliminate rogue APs, wireless interference sources, ad-hoc networks and to block a variety of wireless intrusions and attacks.
Monday, 28 May 2007
Dartmouth Goes to Aruba to Build Nation’s Largest University Wi-Fi Network
With hundreds of Cisco 350 802.11b access points (APs) installed throughout its campus, Dartmouth College was struggling to keep up. Managing and upgrading these APs had become unbearable. Meanwhile voice, video, 802.11a and 802.1X were all on the Wi-Fi horizon. But Dartmouth had no way to easily get to where it wanted to go. Enter Aruba Networks.
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
The Aruba system gives us complete flexibility to implement 802.1X, for
example, for any and every port on the network from a central point without
having to upgrade the entire wired network.
David Bourque: Network Engineering, Dartmouth College
Dartmouth Goes to Aruba to Build Nation’s Largest University Wi-Fi Network
With hundreds of Cisco 350 802.11b access points (APs) installed throughout its campus, Dartmouth College was struggling to keep up. Managing and upgrading these APs had become unbearable. Meanwhile voice, video, 802.11a and 802.1X were all on the Wi-Fi horizon. But Dartmouth had no way to easily get to where it wanted to go. Enter Aruba Networks.
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
The Aruba system gives us complete flexibility to implement 802.1X, for
example, for any and every port on the network from a central point without
having to upgrade the entire wired network.
David Bourque: Network Engineering, Dartmouth College
Dartmouth Goes to Aruba to Build Nation’s Largest University Wi-Fi Network
With hundreds of Cisco 350 802.11b access points (APs) installed throughout its campus, Dartmouth College was struggling to keep up. Managing and upgrading these APs had become unbearable. Meanwhile voice, video, 802.11a and 802.1X were all on the Wi-Fi horizon. But Dartmouth had no way to easily get to where it wanted to go. Enter Aruba Networks.
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
Dartmouth’s legacy wireless network has provided open 802.11b access across 1.8 square miles of campus populated by over 200 buildings. It must support over 6,000 students and 2,500 faculty. All entering freshman receive a preconfigured, standard-issue laptop enabled for 802.11a/b/g Wi-Fi. Approximately 70 percent of Dartmouth’s users are Windows based. The remaining 30 percent use Macintosh clients.
Among Dartmouth’s biggest concerns with its legacy Wi-Fi network were management, scalability and performance. The college is currently migrating to dual-band 802.11a+b/g infrastructure, adding another 1,000 access points to deliver video and handle a large number of concurrent VoIP calls. Dartmouth is also implementing a unified wired and wireless security model system wide.
With over 550 Cisco 350 802.11b APs, Dartmouth was overwhelmed with operational management issues. “Each AP had to be individually configured with user names, passwords, firmware updates, etc.,” said David Bourque, network engineer at Dartmouth College. “WLSE helped by automating some of these processes, but wasn’t an easy interface to use. We were getting lots of false positives and negatives.”
According to Bourque, after configuring APs using Cisco’s WLSE, acknowledgements were sent to confirm AP configurations. But Dartmouth found many of the acknowledged AP configurations weren’t correct. This caused concerns about migrating to a new security scheme using the existing infrastructure, especially when the college was tripling the number of APs. “Cisco’s WLSE along with the new WLSM could solve some of these problems, but it was still too expensive to implement on a large scale, was disjointed and lacked all the features we found in the Aruba system.”
To deliver superior performance, scalability and coverage, Dartmouth constructed a wireless network densely populated with Aruba APs. A single Aruba 5000 wireless LAN (WLAN) switch supports hundreds of APs, thousands of users and gigabits of encrypted throughput.
“We wanted small cell sizes for higher data rates so users’ wireless experience matched the wire,” said Bourque. “Aruba’s system is built for this ’cellular-like’ model where the WLAN switch actually controls the transmit power, channel assignment and personality of each AP based on what service we need to provide. Cisco focused on larger cells and extending the RF signal around campus.”
Dartmouth is examining and implementing a variety of security options, from Webbased authentication to 802.1X and VPNs to PKI. Their requirements are for a system that can support all authentication methods simultaneously without having to deploy and distribute equipment throughout its network. “The Aruba system gives us complete flexibility to implement 802.1X, for example, for any and every port on the network from a central point,” said Bourque. “We can now virtualize 802.1X for the entire network and deliver universal authentication on any port without having to touch each closet switch or disrupting current network operations.”
Automated radio management was another key issue because Dartmouth’s existing wireless environment didn’t support RF management, and therefore required a discrete system of sensors or manual RF fingerprinting. “No amount of human planning could account for the real RF environment and the constantly changing propagation of RF signals in our buildings,” said Bourque. Aruba’s automated radio management (ARM) technology is used to optimize channel assignments, avoid interference and ensure pervasive Wi-Fi coverage.
Dartmouth is using the wireless network for voice and video applications as well as data. For voice, Dartmouth is deploying 75 Cisco 7920 VoIP phones for faculty and staff, 800 Cisco IP Communicator soft phones and 125 Vocera badges. About 4,000 to 7,000 phone lines have been converted to VoIP. Faculty and staff use the Vocera badges to quickly locate colleagues on campus, as well as to help others outside Dartmouth locate them. When calling a Vocera phone number, voice recognition is used by the system to pinpoint the target badge in order to route the call over 802.11b to the right Vocera IP badge. The Aruba system uniquely identifies, classifies and prioritizes voice traffic, such as SIP or H.323, over data traffic. Dartmouth broadcasts separate SSIDs for each traffic type, using Aruba’s integrated stateful firewall to apply security policies for each.
For video distribution, Video Furnace servers are used to convert cable TV channels into MPEG video streams that can be multicast to laptops using client software agents. When a student signs up for access to a channel, the user is added to an IGMP multicast group for that channel. Because each computer needs 400K to 2Mbps to screen video content, efficient use of bandwidth is essential. Any given Aruba AP (802.11a) supports four or more simultaneous MPEG data streams. “Dense deployment of Aruba APs gives us the performance, coverage and scale that make this project even possible.”
The Aruba system gives us complete flexibility to implement 802.1X, for
example, for any and every port on the network from a central point without
having to upgrade the entire wired network.
David Bourque: Network Engineering, Dartmouth College
Aruba Networks Teams with Juniper Networks to Deliver Secure Enterprise Mobility Solutions
McCarran International Airport Selects Aruba and Juniper to Secure its Mobile Network
Aruba Networks, the Mobile Edge Company, today announced it has joined the Juniper Networks, Inc. (Nasdaq: JNPR) J-Partner Solutions Alliances program, enabling joint customers to extend their investment in Juniper's security products across their mobile workforces. The joint collaboration ensures that Aruba mobility controllers are pre-tested for interoperability with Juniper's firewall/VPN devices and AAA/802.1X solutions to save enterprises the operational costs of integrating multiple systems. The two companies have already signed their first customer, McCarran International Airport (LAS) in Las Vegas.
"Given the growing complexity of today's enterprise networks, infrastructure vendors not only need to deliver functionality, but the integration that enables IT to bring together the best possible products to fulfill their unique objectives," said Dave Passmore, research director for leading industry analyst firm Burton Group. "Closed single-vendor systems can promise integration, but leave the enterprise with too much dependence on a single infrastructure vendor."
McCarran ranks as the fifth busiest airport in the United States, based on passenger traffic. In 2005, it decided to provide free, open Wi-Fi access throughout the airport, and needed to ensure its solution would provide network protection from the thousands of guest users who would be logging on every day. McCarran selected the Aruba and Juniper solution to provide a secure WLAN infrastructure for its mobile workforce and guest users.
"Network security was paramount and we're pleased to see the solutions from Aruba and Juniper interoperate seamlessly and securely out of the box," said Gerard Hughes, technical services manager for the Clark County Department of Aviation, which manages network and telecommunications at McCarran. "To have best-of-breed security and WLAN solutions that don't require complex configuration is an important contrast to the proprietary security solutions being touted by many vendors and a testament to how standards-based interoperability can be made to work well."
The key beneficiaries of the joint effort are:
Mobile Enterprises that require secure, standards-based access to networks and resources: With 802.11i now established as the proven security standard for a wireless LAN deployment, Aruba and Juniper deliver a secure standards-based enterprise WLAN solution. Aruba mobility controllers interoperate with Juniper Steel-Belted Radius Server and with Odyssey 802.1X Access Clients to create the joint solution.
Distributed Enterprises that have mission-critical wireless networks in branches: Wireless is quickly becoming the primary connectivity method for enterprise branch offices where multiple mission-critical applications including data, voice, barcode scanning, inventory management, active RFID and asset tracking need to be supported. The Aruba 200 series mobility controller is purpose-built for such deployments and controls up to six access points and can be deployed as the sole network services device for a retail outlet by setting up a secure IPSEC VPN tunnel to any Juniper firewall/VPN device.
Government Organizations: The Department of Defense's directive 8100.2 requires Layer 2 encryption for wireless deployments and Aruba and Juniper can deliver a complete FIPS 140-2 validated 802.11i solution today. Additionally, xSec, a FIPS 140-2 validated security protocol provides 802.1X and AES encryption as an interim step to enable 802.11i class security for wired and legacy wireless clients.
Healthcare and Educational Institutions that need to provide open access (i.e., no encryption) for unmanaged wireless clients: Enterprises can protect information assets and defend against malware, worms or viruses entering the open access wireless infrastructure by ensuring that all unsecured traffic passes through Juniper's deep packet inspection firewall capabilities.
Aruba's collaboration with Juniper is another example of how Aruba's Mobile Edge architecture and open standards extend the capabilities of its secure mobility systems, facilitating interoperability with open solutions throughout the enterprise network.
The joint solution from Aruba and Juniper Networks is available now.
Aruba Networks, the Mobile Edge Company, today announced it has joined the Juniper Networks, Inc. (Nasdaq: JNPR) J-Partner Solutions Alliances program, enabling joint customers to extend their investment in Juniper's security products across their mobile workforces. The joint collaboration ensures that Aruba mobility controllers are pre-tested for interoperability with Juniper's firewall/VPN devices and AAA/802.1X solutions to save enterprises the operational costs of integrating multiple systems. The two companies have already signed their first customer, McCarran International Airport (LAS) in Las Vegas.
"Given the growing complexity of today's enterprise networks, infrastructure vendors not only need to deliver functionality, but the integration that enables IT to bring together the best possible products to fulfill their unique objectives," said Dave Passmore, research director for leading industry analyst firm Burton Group. "Closed single-vendor systems can promise integration, but leave the enterprise with too much dependence on a single infrastructure vendor."
McCarran ranks as the fifth busiest airport in the United States, based on passenger traffic. In 2005, it decided to provide free, open Wi-Fi access throughout the airport, and needed to ensure its solution would provide network protection from the thousands of guest users who would be logging on every day. McCarran selected the Aruba and Juniper solution to provide a secure WLAN infrastructure for its mobile workforce and guest users.
"Network security was paramount and we're pleased to see the solutions from Aruba and Juniper interoperate seamlessly and securely out of the box," said Gerard Hughes, technical services manager for the Clark County Department of Aviation, which manages network and telecommunications at McCarran. "To have best-of-breed security and WLAN solutions that don't require complex configuration is an important contrast to the proprietary security solutions being touted by many vendors and a testament to how standards-based interoperability can be made to work well."
The key beneficiaries of the joint effort are:
Mobile Enterprises that require secure, standards-based access to networks and resources: With 802.11i now established as the proven security standard for a wireless LAN deployment, Aruba and Juniper deliver a secure standards-based enterprise WLAN solution. Aruba mobility controllers interoperate with Juniper Steel-Belted Radius Server and with Odyssey 802.1X Access Clients to create the joint solution.
Distributed Enterprises that have mission-critical wireless networks in branches: Wireless is quickly becoming the primary connectivity method for enterprise branch offices where multiple mission-critical applications including data, voice, barcode scanning, inventory management, active RFID and asset tracking need to be supported. The Aruba 200 series mobility controller is purpose-built for such deployments and controls up to six access points and can be deployed as the sole network services device for a retail outlet by setting up a secure IPSEC VPN tunnel to any Juniper firewall/VPN device.
Government Organizations: The Department of Defense's directive 8100.2 requires Layer 2 encryption for wireless deployments and Aruba and Juniper can deliver a complete FIPS 140-2 validated 802.11i solution today. Additionally, xSec, a FIPS 140-2 validated security protocol provides 802.1X and AES encryption as an interim step to enable 802.11i class security for wired and legacy wireless clients.
Healthcare and Educational Institutions that need to provide open access (i.e., no encryption) for unmanaged wireless clients: Enterprises can protect information assets and defend against malware, worms or viruses entering the open access wireless infrastructure by ensuring that all unsecured traffic passes through Juniper's deep packet inspection firewall capabilities.
Aruba's collaboration with Juniper is another example of how Aruba's Mobile Edge architecture and open standards extend the capabilities of its secure mobility systems, facilitating interoperability with open solutions throughout the enterprise network.
The joint solution from Aruba and Juniper Networks is available now.
Subscribe to:
Posts (Atom)