By Frank Bulk
Aruba Networks most recent announcement regarding NAC interoperability verification and a product announcement repeat a common anthem of this vendor's emphasis on security.
The three major NAC groups are Cisco, Microsoft NAP, and the Trusted Computing Group (TCG); the first two are clearly vendor driven, while the last is standards-based and enjoys broader industry support. Unable to drive a standard of its own, Aruba has not hitched itself to any single group, but has verified NAC interoperability with three technology industry heavyweights: Cisco, Juniper, and Microsoft. Working with network equipment market share leader Cisco is almost a de facto requirement, and Microsoft is Aruba's largest customer, if not most significant. This shouldn't be considered Aruba's first fore into NAC: they have partnerships with Bradford, FireEye, Fortinet, InfoExpress, Snort, and as well as Symantec (via Sygate, though this is end-of-sale).
In addition to their partnerships, Aruba has also announced a new appliance for "targeted industries". To date Aruba has built most of the products it sells, preferring to partner where necessary. Ash Chowdappa, director of mobility management system, stated in a briefing, that Aruba will wait until the NAC market shakes out before considering to develop something internally. This time around Aruba OEMed their Aruba Endpoint Compliance System (ECS) appliance from a vendor that has significant success in the higher education market.According to Chowdappa, higher education is Aruba's number one vertical, and they expect ECS to gain traction in healthcare and hospitality, markets where there are significant numbers of guest users. Aruba makes the point that many NAC vendors are targeted toward managed devices such as desktops and laptops, while ECS is able to deal with unmanaged and transient devices such as Vo-Fi phones, and the occasional Sony Wii, that may not be able to run an agent. For devices in this latter group Aruba's ECS can work in tandem with their mobility controller to implement more restrictive traffic policies leveraging Aruba's stateful firewall. And this appliance isn't restricted to just wireless products, as the appliance can take trunked wired traffic, such as guest VLANs, and enforce policy on those, too.
Aruba is making the right moves in offering its customers multiple NAC options resulting in great stickiness for their core wireless LAN products. One of the challenges that Aruba faces is that organizations may look first to their wired networking equipment vendor for a NAC product, giving Cisco a natural leg up. Aruba appears to have chosen to OEM a mature product that integrates with systems in both mediums, and with eventual implementation of 802.11n, may take a larger and larger portion of IT's mindshare and networking budget.
Thursday 13 March 2008
Aruba secures endpoints with NAC interop and product.
Frank Bulk wrote
Aruba secures endpoints with NAC interop and product.
Frank Bulk wrote
By Frank Bulk
Aruba Networks most recent announcement regarding NAC interoperability verification and a product announcement repeat a common anthem of this vendor's emphasis on security.
The three major NAC groups are Cisco, Microsoft NAP, and the Trusted Computing Group (TCG); the first two are clearly vendor driven, while the last is standards-based and enjoys broader industry support. Unable to drive a standard of its own, Aruba has not hitched itself to any single group, but has verified NAC interoperability with three technology industry heavyweights: Cisco, Juniper, and Microsoft. Working with network equipment market share leader Cisco is almost a de facto requirement, and Microsoft is Aruba's largest customer, if not most significant. This shouldn't be considered Aruba's first fore into NAC: they have partnerships with Bradford, FireEye, Fortinet, InfoExpress, Snort, and as well as Symantec (via Sygate, though this is end-of-sale).
In addition to their partnerships, Aruba has also announced a new appliance for "targeted industries". To date Aruba has built most of the products it sells, preferring to partner where necessary. Ash Chowdappa, director of mobility management system, stated in a briefing, that Aruba will wait until the NAC market shakes out before considering to develop something internally. This time around Aruba OEMed their Aruba Endpoint Compliance System (ECS) appliance from a vendor that has significant success in the higher education market.According to Chowdappa, higher education is Aruba's number one vertical, and they expect ECS to gain traction in healthcare and hospitality, markets where there are significant numbers of guest users. Aruba makes the point that many NAC vendors are targeted toward managed devices such as desktops and laptops, while ECS is able to deal with unmanaged and transient devices such as Vo-Fi phones, and the occasional Sony Wii, that may not be able to run an agent. For devices in this latter group Aruba's ECS can work in tandem with their mobility controller to implement more restrictive traffic policies leveraging Aruba's stateful firewall. And this appliance isn't restricted to just wireless products, as the appliance can take trunked wired traffic, such as guest VLANs, and enforce policy on those, too.
Aruba is making the right moves in offering its customers multiple NAC options resulting in great stickiness for their core wireless LAN products. One of the challenges that Aruba faces is that organizations may look first to their wired networking equipment vendor for a NAC product, giving Cisco a natural leg up. Aruba appears to have chosen to OEM a mature product that integrates with systems in both mediums, and with eventual implementation of 802.11n, may take a larger and larger portion of IT's mindshare and networking budget.
Aruba secures endpoints with NAC interop and product.
Frank Bulk wrote
By Frank Bulk
Aruba Networks most recent announcement regarding NAC interoperability verification and a product announcement repeat a common anthem of this vendor's emphasis on security.
The three major NAC groups are Cisco, Microsoft NAP, and the Trusted Computing Group (TCG); the first two are clearly vendor driven, while the last is standards-based and enjoys broader industry support. Unable to drive a standard of its own, Aruba has not hitched itself to any single group, but has verified NAC interoperability with three technology industry heavyweights: Cisco, Juniper, and Microsoft. Working with network equipment market share leader Cisco is almost a de facto requirement, and Microsoft is Aruba's largest customer, if not most significant. This shouldn't be considered Aruba's first fore into NAC: they have partnerships with Bradford, FireEye, Fortinet, InfoExpress, Snort, and as well as Symantec (via Sygate, though this is end-of-sale).
In addition to their partnerships, Aruba has also announced a new appliance for "targeted industries". To date Aruba has built most of the products it sells, preferring to partner where necessary. Ash Chowdappa, director of mobility management system, stated in a briefing, that Aruba will wait until the NAC market shakes out before considering to develop something internally. This time around Aruba OEMed their Aruba Endpoint Compliance System (ECS) appliance from a vendor that has significant success in the higher education market.According to Chowdappa, higher education is Aruba's number one vertical, and they expect ECS to gain traction in healthcare and hospitality, markets where there are significant numbers of guest users. Aruba makes the point that many NAC vendors are targeted toward managed devices such as desktops and laptops, while ECS is able to deal with unmanaged and transient devices such as Vo-Fi phones, and the occasional Sony Wii, that may not be able to run an agent. For devices in this latter group Aruba's ECS can work in tandem with their mobility controller to implement more restrictive traffic policies leveraging Aruba's stateful firewall. And this appliance isn't restricted to just wireless products, as the appliance can take trunked wired traffic, such as guest VLANs, and enforce policy on those, too.
Aruba is making the right moves in offering its customers multiple NAC options resulting in great stickiness for their core wireless LAN products. One of the challenges that Aruba faces is that organizations may look first to their wired networking equipment vendor for a NAC product, giving Cisco a natural leg up. Aruba appears to have chosen to OEM a mature product that integrates with systems in both mediums, and with eventual implementation of 802.11n, may take a larger and larger portion of IT's mindshare and networking budget.
Monday 3 March 2008
Checklist for Planning a Voice Over Wi-Fi Network: Security and Performance
Security
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
Checklist for Planning a Voice Over Wi-Fi Network: Security and Performance
Security
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
Checklist for Planning a Voice Over Wi-Fi Network: Security and Performance
Security
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
While Wi-Fi offers a number of different security options, many voice handsets only support a subset because of processing, cost and battery considerations. Therefore design of a WLAN for voice may entail compromising over-the-air security to accommodate available handsets. We believe the correct approach is as below: first choose a handset, then see if it can support the desired security model (the goal should be that voice and data work at the same level, e.g. WPA2/802.1x). If the handset cannot attain this level, the network designer should take steps to make sure that they can be allowed onto the network, but that special security measures prevent intruders from posing as voice clients to hack into the network, as explained below.
First, identify the desired handset or range of handsets. This is a general rule for adding voice services: start with the handset. Choice is often based on factors such as durability, aesthetics, PBX features supported, voice & data capabilities.
Now examine the security capabilities. While a few months ago many handsets were limited to WEP security, a new generation is now available and the network designer should aim for WPA/PSK as a minimum level of security. WPA2 is better, with WPA2/802.1x preferable to WPA2PSK, but performance, particularly handover performance will suffer as more sophisticated security is used. We favour Opportunistic Key Caching (OKC) with WPA2 for excellent security with fast handover.
Good security design requires a comprehensive approach, so it is important to examine other aspects of the network. Many networks use a separate VLAN to segregate voice traffic, although VLANs are not a good security tool and converged voice/data clients cannot be accommodated with this model.
Other approaches involve using firewall functionality to identify and police voice traffic, particularly when the voice handsets cannot offer the same level of authentication/encryption as Wi-Fi data clients. This is obviously Aruba’s approach, as we have an integrated, Wi-Fi aware firewall.
At Aruba, we have found that re-keying in an 802.1x network can stress a handset’s processor to the degree that it can interrupt voice calls. Therefore we now have a feature that delays re-keying till the handset is idle (not on a call). An alternative, but inferior approach is to use a longer re-keying interval for voice devices.
Handover performance
Handing over a voice call from AP to AP is a function of both the infrastructure and the client. While handover latency can be measured under laboratory conditions, there are many additional factors that affect real-life performance.
The target figure for interruptions in a voice call due to handover is 50-100 msec: at these levels the user will not notice the interruption. The state-of-the-art for lab tests is sub-20 msec.
Attention to AP spacing and RF planning as explained above will help to ensure that field experience is close to lab experience.
Security determines handover performance. Pre-shared keys allow much faster handover than 802.1x environments, although of course they are not as secure. There is not much inherent performance difference between WPA and WPA2 encryption levels, except that the latter requires more processing on the handset.
The ideal balance of security and performance today is when WPA2 is used with 802.1x and ‘opportunistic key caching’ in a centralised-controller WLAN.
802.11r is a new standard, intended to improve handover performance. In centralised WLAN architectures such as Aruba’s it offers only limited improvements, particularly if opportunistic key caching is used (see above). But 802.11r support should be on the checklist for the WLAN vendor.
Battery Life
Good battery life is an important usability consideration for voice-over-Wi-Fi installations. While much battery-saving technology depends on the handset, there are a variety of functions where the infrastructure can assist in extending battery life.
Determine desired battery life: this will depend on applications. For retail and hospital environments, where people pick up their phone in the morning or at the beginning of their shift, and return it to a charging cradle at the end of the day, a battery life of 12 hours may be adequate. This is quite easily achievable today.
However, a dual-mode cellular/Wi-Fi phone will be treated more like a cellphone, where users expect multiple days between charges. Performance is improving rapidly, but currently most dual-mode phones’ batteries will barely last for 24 hours with heavy business use. Handset vendors and WLAN infrastructure vendors, including Aruba, are innovating in this area.
U-APSD (Unscheduled, Asynchronous Power Save Delivery) is part of the 802.11e specification that the Wi-Fi Alliance is certifying as WMM-PS (Wireless MultiMedia Power Save). This offers considerable improvement in battery life over former protocols, and while few handsets support U-APSD today, any new Wi-Fi infrastructure must be U-APSD/WMM-PS capable.
ARP proxy. The key to extending battery life, particularly idle (not on-call) battery life is to reduce the LAN traffic the handset sees. The most significant type of traffic is ARP’s, and good WLANs now proxy to reduce this traffic to voice clients.
Traffic filtering. Some vendors offer features where extraneous traffic is not delivered to voice clients, thus saving the battery drain entailed in receiving and ack’ing such traffic. Many types of multicast fall into this category.
• Other features. Battery life is one of the few areas in voice-over-Wi-Fi where the standards (and drafts of future standards) are not sufficient for good performance. Therefore the customers should expect ‘proprietary’ extensions to standards in this area. Some of these require compatible clients, whereas others work with standard clients. At Aruba we have several of these, so please check with us and our competitors about the state of the standards and the state-of-the-art.
Wi-Fi Alliance Certifications
The Wi-Fi vendors and other interested parties take standards developed and published by the IEEE 802.11 committee, but most vendors today tend to develop to certifications of the Wi-Fi Alliance, a group of vendors formed to develop the market for 802.11 (and the originator of the term ‘Wi-Fi’, Wi-Fi logos, etc). Wi-Fi Alliance certifications are nearly all derived from subsets of the IEEE standards, and result in standardized tests to ensure inter-vendor interoperability. The notes above identify the most important certifications, but they are re-stated below (this is a subjective rather than a complete list: these are most relevant to voice-over-Wi-Fi infrastructure for Enterprise). In selecting a WLAN vendor, it is more practical to ask for a roadmap for these certifications rather than references to IEEE standards.
Security certifications relevant to voice to include WPA and WPA2, which are derived from 802.11i.
WMM (Wireless MultiMedia) defines over-the-air QoS from subsets of 802.11e.
WMM-PS (Wireless MultiMedia Power Save) includes U-APSD from 802.11e.
WMM-AC (Access Control) is not yet finished, but will include T-Spec signalling from 802.11e for Call Admissions Control.
‘Voice over Wi-Fi for Enterprise’ (name may change) will include parts of 802.11e, 802.11k, 802.11r and others in an attempt to ensure good performance and inter-vendor interoperability in Enterprise networks with multiple APs and other Enterprise requirements.
TROPOS NETWORKS NAMED WORLDWIDE MARKET LEADER FOR WI-FI MESH NETWORKS IN 2007
SUNNYVALE, CA -- February 26, 2008 -- Tropos® Networks, the market leader in wireless IP broadband mesh networks, today announced that in 2007 the company maintained its leadership of the Wi-Fi mesh market in sales revenue, market share and units shipped worldwide, according to the Dell ‘Oro Group’s year end market report just published.
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
TROPOS NETWORKS NAMED WORLDWIDE MARKET LEADER FOR WI-FI MESH NETWORKS IN 2007
SUNNYVALE, CA -- February 26, 2008 -- Tropos® Networks, the market leader in wireless IP broadband mesh networks, today announced that in 2007 the company maintained its leadership of the Wi-Fi mesh market in sales revenue, market share and units shipped worldwide, according to the Dell ‘Oro Group’s year end market report just published.
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
TROPOS NETWORKS NAMED WORLDWIDE MARKET LEADER FOR WI-FI MESH NETWORKS IN 2007
SUNNYVALE, CA -- February 26, 2008 -- Tropos® Networks, the market leader in wireless IP broadband mesh networks, today announced that in 2007 the company maintained its leadership of the Wi-Fi mesh market in sales revenue, market share and units shipped worldwide, according to the Dell ‘Oro Group’s year end market report just published.
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
“We have continued to build upon our market and technology leadership to address the growing and evolving demand for reliable, wireless IP broadband infrastructures that can be used for multiple applications,” said Denise Barton, director of marketing for Tropos Networks.”
“Municipalities and other organizations use our solutions to improve the efficiencies of mobile workers and reduce operational costs. Cities most often use the networks for public safety – mobile police, fire and EMS vehicles; for fixed and mobile video surveillance; for utility automation, to reduce operational costs and improve billing accuracy. Industrial deployments are increasingly popular in harsh environments such as shipping ports and open pit mines where the network is used to improve business process efficiencies and reduce operating costs.”
“Our focus and commitment to the outdoor Wi-Fi mesh market is clear which is why Tropos continues to lead in market share and sales, technology innovation and customer deployments. In 2008, we look forward to working with our customers and partners to meet the needs of this exciting and growing market worldwide,” Barton concluded.
About Tropos Networks, Inc.
Tropos® Networks is the market leader in delivering metro-scale wireless mesh network systems. The company's systems have been selected to unwire more major league cities than all competitors combined and are installed in 30 countries. The patented Tropos MetroMesh™ architecture delivers the ultimate scalability, high capacity at low cost and great user experience demanded by service providers, municipalities and network users. Tropos Networks' unique expertise includes high-performance mesh software development, mesh RF engineering, metro-scale network planning, deployment and optimization, and navigating the municipal approval process. Tropos Networks is headquartered in Sunnyvale, California. For more information, please visit www.tropos.com, call 408-331-6800 or write to info@tropos.com.
Tropos and PWRP are registered trademarks of Tropos Networks, Inc. Tropos Networks, MetroMesh, AMCE, TMCX, SABRE, CMDP and Metro-Scale Mesh Networking Defined are trademarks of Tropos Networks, Inc. All other brand or product names are trademarks or registered trademarks of their respective holder(s).
ARUBA CENTRALIZED WLAN SYSTEM RECEIVES WPA2 CERTIFICATION.
Aruba Wireless Networks (Aruba) is the first centralized wireless LAN (WLAN) systems supplier to obtain 802.11i (Wi-Fi Protected Access 2) certification from the Wi-Fi Alliance.
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
ARUBA CENTRALIZED WLAN SYSTEM RECEIVES WPA2 CERTIFICATION.
Aruba Wireless Networks (Aruba) is the first centralized wireless LAN (WLAN) systems supplier to obtain 802.11i (Wi-Fi Protected Access 2) certification from the Wi-Fi Alliance.
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
ARUBA CENTRALIZED WLAN SYSTEM RECEIVES WPA2 CERTIFICATION.
Aruba Wireless Networks (Aruba) is the first centralized wireless LAN (WLAN) systems supplier to obtain 802.11i (Wi-Fi Protected Access 2) certification from the Wi-Fi Alliance.
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
With this certification, the Aruba WLAN system offers corporate and government customers the highest level of wireless security available today. The Aruba system delivers security services through its unique wireless grid architecture -- a structured, high-performance approach to deploying mission-critical WLANs.
WPA2 is based on the Institute for Electrical and Electronics Engineers' (IEEE) 802.11i amendment to the 802.11 standard, which was ratified on July 29, 2004. WPA2 uses a more advanced encryption technique called the Advanced Encryption Standard (AES) and is backwards compatible with WPA, ensuring that organizations that have already implemented WPA can easily migrate to the new 802.11i standard.
"Aruba is commended for receiving WPA2 certification for its centralized WLAN switching system. This level of commitment to interoperability and security is a clear commitment to the evolving needs of their customers," commented Frank Hanzlik, managing director of the Wi-Fi Alliance.
"Enterprises continue to view security as a key roadblock to the pervasive deployment of Wi-Fi," said Merwyn Andrade, chief technology officer for Aruba. "The WPA2 standard and Aruba's certification are major milestones for enterprises and government organizations planning to deploy wireless. By integrating WPA2 into a centralized WLAN switching system, enterprises can now confidently enable mobile access to their existing data-center applications without sacrificing security or performance."
Centralized WPA2 Security Delivers Device-To-Datacenter Encryption
Aruba's WLAN systems uniquely centralize all 802.11i security functions, including wireless encryption, authentication and user access controls to deliver the highest levels of security for enterprise deployments. Unlike other WLAN approaches, Aruba's WLAN system performs AES encryption inside the WLAN switch rather than in access points (APs). This approach ensures that encrypted wireless traffic is carried over the wired network and immune to security threats.
"WPA2 is a great leap forward in securing the air," said Keerti Melkote, vice president of Product Management and Marketing for Aruba. "However, terminating WPA2 encryption in the access point effectively limits the benefits of WPA2 to airborne traffic alone. It is well known that the internal wired network is insecure and exposed to misuse. By terminating encryption in a centralized WLAN switch instead of the edge access point, Aruba is delivering the industry's only device-to-datacenter encryption solution based on WPA2 and protects wireless traffic from the threats in the air and in the wired network."
Centralized Encryption Enables Low-Cost Workspace Deployment of Access Points
Since all encryption is performed directly within each Aruba WLAN system, encryption keys remain completely secure thereby avoiding the latencies and insecurities associated with distributing encryption keys to each AP. In addition, centralized encryption enables enterprises to safely deploy APs in user workspace rather than in the ceiling. This can dramatically lower installation costs and improve wireless performance through the dense deployment of APs.
Because encryption is performed through a hardware-based cryptographic engine, Aruba's modular WLAN system delivers industry leading WPA2 performance. A single Aruba 5100 can process up to 3.6 Gbps of encrypted user traffic -- a key metric in determining WLAN system performance and scalability.
Pre-Authentication and Key Reuse Enables Faster Roaming
802.11i delivers strong link layer security using digital encryption keys that are generated when a client authenticates with the network. However 802.11i must be adapted to meet the stringent mobility needs of real-time communications such as voice and video.
When a user roams from one AP to another, fresh encryption keys must be renegotiated according to the 802.11i specification. This renegotiation often proves fatal for voice and other real-time communications -- taking hundreds of milliseconds, or even seconds. This results in high latencies, scalability problems and multiple points of failure.
Aruba's centralized encryption breaks new ground for 802.11i deployments by integrating all necessary components for seamless and secure mobility directly within the WLAN system. Key benefits include:
-- Improved WLAN scalability from not having to distribute and synchronize encryption keys to access points when a station roams,
-- Improved RADIUS scalability by offloading authentication for every client roaming event, and
-- Faster secure roaming via centralized key management for 802.11i
With Aruba's centralized encryption model, user encryption keys are stored in a centralized wireless system and do not get propagated to the APs. Faster handoffs and greater scalability are a natural result. In addition, since the pair-wise master key (PMK) is stored centrally and never gets propagated out of the switch, its integrity is assured for much longer periods providing better mobile security.
Distributed or hybrid approaches, where encryption is performed at the AP, must anticipate user mobility by proactively pushing encryption keys to different APs. Aruba eliminates this problem and its associated inefficiencies by centralizing the encryption, mobility state and traffic policies for each user directly within the WLAN system.
Aruba products Wi-Fi CERTIFIED for WPA2 are available immediately.
About Aruba
Aruba Wireless Networks develops and markets centralized systems that enable corporations to secure their networks from the dual threats of Wi-Fi and mobility. Aruba's solution consists of a full range of programmable security platforms designed to securely connect mobile users and mobile devices to corporate applications. Aruba is privately-held and has operations in the United States, Europe, Asia Pacific and India and employs staff around the world. Aruba has received over $59 million in three rounds of venture funding from top-tier venture firms - Matrix Partners, Sequoia Capital, Trinity Ventures and WK Technology Fund.
Aruba Wireless Networks can be found on the World Wide Web at http://www.arubanetworks.com/.
For more information, call 408/504-5487
Subscribe to:
Posts (Atom)