tag:blogger.com,1999:blog-23764971959790859182024-03-13T07:52:55.586-07:00Aruba Networks Green Island News BlogAruba Networks' Green Island News discusses mobility solutions for distributed enterprises including the impact on sustainability and carbon footprint, 802.11n Wi-Fi applications and technology, teleworker solutions, and network management.Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comBlogger41125tag:blogger.com,1999:blog-2376497195979085918.post-60162541123441377002011-07-07T17:24:00.000-07:002011-07-07T17:28:12.035-07:00New Aruba blog site<!--[if gte mso 9]><xml> <o:documentproperties> <o:author>Jim</o:Author> <o:version>14.00</o:Version> </o:DocumentProperties> </xml><![endif]--><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:trackmoves/> <w:trackformatting/> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:donotpromoteqf/> <w:lidthemeother>EN-US</w:LidThemeOther> <w:lidthemeasian>X-NONE</w:LidThemeAsian> <w:lidthemecomplexscript>X-NONE</w:LidThemeComplexScript> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:splitpgbreakandparamark/> <w:enableopentypekerning/> <w:dontflipmirrorindents/> <w:overridetablestylehps/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> <m:mathpr> <m:mathfont val="Cambria Math"> <m:brkbin val="before"> <m:brkbinsub val="--"> <m:smallfrac val="off"> <m:dispdef/> <m:lmargin val="0"> <m:rmargin val="0"> <m:defjc val="centerGroup"> <m:wrapindent val="1440"> <m:intlim val="subSup"> <m:narylim val="undOvr"> </m:mathPr></w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" defunhidewhenused="true" defsemihidden="true" defqformat="false" defpriority="99" latentstylecount="267"> <w:lsdexception locked="false" priority="0" semihidden="false" unhidewhenused="false" qformat="true" name="Normal"> <w:lsdexception locked="false" priority="9" semihidden="false" unhidewhenused="false" qformat="true" name="heading 1"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 2"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 3"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 4"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 5"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 6"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 7"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 8"> <w:lsdexception locked="false" priority="9" qformat="true" name="heading 9"> <w:lsdexception locked="false" priority="39" name="toc 1"> <w:lsdexception locked="false" priority="39" name="toc 2"> <w:lsdexception locked="false" priority="39" name="toc 3"> <w:lsdexception locked="false" priority="39" name="toc 4"> <w:lsdexception locked="false" priority="39" name="toc 5"> <w:lsdexception locked="false" priority="39" name="toc 6"> <w:lsdexception locked="false" priority="39" name="toc 7"> <w:lsdexception locked="false" priority="39" name="toc 8"> <w:lsdexception locked="false" priority="39" name="toc 9"> <w:lsdexception locked="false" priority="35" qformat="true" name="caption"> <w:lsdexception locked="false" priority="10" semihidden="false" unhidewhenused="false" qformat="true" name="Title"> <w:lsdexception locked="false" priority="1" name="Default Paragraph Font"> <w:lsdexception locked="false" priority="11" semihidden="false" unhidewhenused="false" qformat="true" name="Subtitle"> <w:lsdexception locked="false" priority="22" semihidden="false" unhidewhenused="false" qformat="true" name="Strong"> <w:lsdexception locked="false" priority="20" semihidden="false" unhidewhenused="false" qformat="true" name="Emphasis"> <w:lsdexception locked="false" priority="59" semihidden="false" unhidewhenused="false" name="Table Grid"> <w:lsdexception locked="false" unhidewhenused="false" name="Placeholder Text"> <w:lsdexception locked="false" priority="1" semihidden="false" unhidewhenused="false" qformat="true" name="No Spacing"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 1"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 1"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 1"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 1"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 1"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 1"> <w:lsdexception locked="false" unhidewhenused="false" name="Revision"> <w:lsdexception locked="false" priority="34" semihidden="false" unhidewhenused="false" qformat="true" name="List Paragraph"> <w:lsdexception locked="false" priority="29" semihidden="false" unhidewhenused="false" qformat="true" name="Quote"> <w:lsdexception locked="false" priority="30" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Quote"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 1"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 1"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 1"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 1"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 1"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 1"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 1"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 1"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 2"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 2"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 2"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 2"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 2"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 2"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 2"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 2"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 2"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 2"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 2"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 2"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 2"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 2"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 3"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 3"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 3"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 3"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 3"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 3"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 3"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 3"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 3"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 3"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 3"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 3"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 3"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 3"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 4"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 4"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 4"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 4"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 4"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 4"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 4"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 4"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 4"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 4"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 4"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 4"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 4"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 4"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 5"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 5"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 5"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 5"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 5"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 5"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 5"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 5"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 5"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 5"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 5"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 5"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 5"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 5"> <w:lsdexception locked="false" priority="60" semihidden="false" unhidewhenused="false" name="Light Shading Accent 6"> <w:lsdexception locked="false" priority="61" semihidden="false" unhidewhenused="false" name="Light List Accent 6"> <w:lsdexception locked="false" priority="62" semihidden="false" unhidewhenused="false" name="Light Grid Accent 6"> <w:lsdexception locked="false" priority="63" semihidden="false" unhidewhenused="false" name="Medium Shading 1 Accent 6"> <w:lsdexception locked="false" priority="64" semihidden="false" unhidewhenused="false" name="Medium Shading 2 Accent 6"> <w:lsdexception locked="false" priority="65" semihidden="false" unhidewhenused="false" name="Medium List 1 Accent 6"> <w:lsdexception locked="false" priority="66" semihidden="false" unhidewhenused="false" name="Medium List 2 Accent 6"> <w:lsdexception locked="false" priority="67" semihidden="false" unhidewhenused="false" name="Medium Grid 1 Accent 6"> <w:lsdexception locked="false" priority="68" semihidden="false" unhidewhenused="false" name="Medium Grid 2 Accent 6"> <w:lsdexception locked="false" priority="69" semihidden="false" unhidewhenused="false" name="Medium Grid 3 Accent 6"> <w:lsdexception locked="false" priority="70" semihidden="false" unhidewhenused="false" name="Dark List Accent 6"> <w:lsdexception locked="false" priority="71" semihidden="false" unhidewhenused="false" name="Colorful Shading Accent 6"> <w:lsdexception locked="false" priority="72" semihidden="false" unhidewhenused="false" name="Colorful List Accent 6"> <w:lsdexception locked="false" priority="73" semihidden="false" unhidewhenused="false" name="Colorful Grid Accent 6"> <w:lsdexception locked="false" priority="19" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Emphasis"> <w:lsdexception locked="false" priority="21" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Emphasis"> <w:lsdexception locked="false" priority="31" semihidden="false" unhidewhenused="false" qformat="true" name="Subtle Reference"> <w:lsdexception locked="false" priority="32" semihidden="false" unhidewhenused="false" qformat="true" name="Intense Reference"> <w:lsdexception locked="false" priority="33" semihidden="false" unhidewhenused="false" qformat="true" name="Book Title"> <w:lsdexception locked="false" priority="37" name="Bibliography"> <w:lsdexception locked="false" priority="39" qformat="true" name="TOC Heading"> </w:LatentStyles> </xml><![endif]--><span style="font-family:"Calibri","sans-serif"; mso-fareast-mso-fareast-theme-font:minor-latin;mso-ansi-language: EN-US;mso-fareast-language:EN-US;mso-bidi-language:AR-SAfont-family:Calibri;font-size:11.0pt;" ><a href="http://www.arubanetworks.com/company/communities/"><span style="font-family: arial;font-size:100%;" >Aruba has launched a new blogger community - check it out at http://www.arubanetworks.com/company/communities/</span><br /></a></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-3068916623961718792010-07-27T16:20:00.000-07:002010-07-27T17:07:25.900-07:00Why SCADA Networks Are Vulnerable To Attack - Part 4: Controlling What You Use<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/TE9tcgXcW4I/AAAAAAAAAJM/N6Ifose2yYI/s1600/Lock.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/TE9tcgXcW4I/AAAAAAAAAJM/N6Ifose2yYI/s320/Lock.jpg" alt="" id="BLOGGER_PHOTO_ID_5498734006534691714" border="0" /></a><span style="font-family:arial;">Security <span class="blsp-spelling-error" id="SPELLING_ERROR_0">doesn</span>’t happen by accident – it must be built into or added to a network. Some of the key security building blocks for wired and wireless networks include encryption, authentication, intrusion detection, controlled access to network resources, and wireless airtime and bandwidth control. </span> <span style="font-family:arial;"><br /><br />Sensor and control networks are typically missing most of these building blocks. Designed to optimize response time, the short packets cannot easily accommodate the larger packet sizes associated with high security encryption.<br /><br />Some controls networks, <span class="blsp-spelling-error" id="SPELLING_ERROR_1">LONWORKS</span>® for example, include an authentication mechanism, but in practice it is infrequently implemented because its use complicates key management in multi-vendor networks. Intrusion detection, for wired or wireless control networks, is typically not available, nor is firewalling or endpoint compliance – certainly not at the sensor/actuator level, and sometimes not even at the controller level.<br /><br /></span><span style="font-family:arial;">Quick fixes to address these limitations are not easily incorporated because the protocols employed are often embedded inside microprocessors that lack the processing power and memory to support the necessary security algorithms, buffers, and certificates.<br /><br />Fortunately most control networks today interface with an <span class="blsp-spelling-error" id="SPELLING_ERROR_2">IP</span>-based network for management, monitoring, and/or control. And it is at this interface that you can click the ruby slippers and apply proven security techniques like policy-enforcement firewalling to </span><span style="font-family:arial;">prevent the control network from launching Denial-of-Service (<span class="blsp-spelling-error" id="SPELLING_ERROR_3">DoS</span>) attacks or non-compliant devices from accessing the network</span><span style="font-family:arial;">.<br /><br /></span><span style="font-family:arial;">If the control network is <span class="blsp-spelling-error" id="SPELLING_ERROR_4">IP</span>-based then the protective measures can be applied to the control devices themselves – if not, then protection can only be applied to data traversing the interface between the sensor/actuator network and the IT systems to which it is connected, i.e., the latter can be protected against the former. Either way, greater security will be obtained than if no protective measures were applied between the control devices and the network with which it is connected. </span> <a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/SmJSkFjrsLI/AAAAAAAAACo/0ruIEhNXGp8/s1600-h/Picture3.png"><br /></a><br /><span style="font-family:arial;">The range of available security features that may be applied depends on the control network architecture, and includes:</span><br /><span style="font-family:arial;"><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/SmJTb0Y6WKI/AAAAAAAAAC4/mgJ4Lu-6Frw/s1600-h/Picture5.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 274px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/SmJTb0Y6WKI/AAAAAAAAAC4/mgJ4Lu-6Frw/s400/Picture5.png" alt="" id="BLOGGER_PHOTO_ID_5359938243909015714" border="0" /></a> <span style="font-family:arial;"><br /></span><span style="font-family:arial;">The protective measures afforded by these techniques can be applied <span class="blsp-spelling-error" id="SPELLING_ERROR_5">prophylactically</span> to reduce some or most of the control system’s vulnerabilities.<br /></span><br /><span style="font-family:arial;">With regard to cost, if <span class="blsp-spelling-error" id="SPELLING_ERROR_6">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_7">Fi</span> based sensors and actuators are used, the protective measures built into the wireless LAN infrastructure can be applied at little or no additional expense. If <span class="blsp-spelling-error" id="SPELLING_ERROR_8">IP</span>-based sensors and actuators are used, there will be some incremental expense but the devices themselves will not have to replaced because they already have the essential building blocks for higher security in place. If a non-<span class="blsp-spelling-error" id="SPELLING_ERROR_9">IP</span> based control network is used then the benefits will vary. </span> <span style="font-family:arial;"><br /><br />The table below summarizes how the security features described above can be employed to enhance the security of commonly used in control networks (features specific to wireless networks are left blank when applied to wired control networks)</span><span style="font-weight: bold;">.</span><span style="font-weight: bold;font-family:arial;" ><br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/SmJP6hXp3pI/AAAAAAAAACQ/4Lw5HGkR5mI/s1600-h/Picture4.png"><img style="margin: 0px auto 10px; display: block; text-align: center; cursor: pointer; width: 400px; height: 194px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/SmJP6hXp3pI/AAAAAAAAACQ/4Lw5HGkR5mI/s400/Picture4.png" alt="" id="BLOGGER_PHOTO_ID_5359934373332901522" border="0" /></a><span style="font-weight: bold;font-family:arial;" >Conclusion</span> <span style="font-family:arial;"><br /><br /><span class="blsp-spelling-error" id="SPELLING_ERROR_10">SCADA</span>, smart grid, and energy management systems sit at the heart of industry and commerce. </span><span style="font-family:arial;">This blog series was intended to highlight that defending these systems against attack must become a high priority because you can't use what you can’t control. </span> <span style="font-family:arial;"><br /></span><span style="font-family:arial;"> </span><span style="font-family:arial;"><br />The control networks on which these systems depend today have unintended vulnerabilities. </span><span style="font-family:arial;">These </span><span style="font-family:arial;"> vulnerabilities </span><span style="font-family:arial;">can be corrected in whole, part, or not at all depending on the architecture and technology of the underlying network</span><span style="font-family:arial;">.<br /><br />Consideration should be given to retrofitting security systems into existing IT infrastructure to address security concerns, removing control networks for which there are no corrective measures, and ensuring that any new control-related infrastructure is designed with protective measures built-in from the outset.<br /><br />For more information on security solutions that you can apply today please visit <a href="http://www.arubanetworks.com/products/aruba_os.php">Aruba's Web site</a>.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-71104989499769476872010-07-27T16:12:00.000-07:002010-07-27T17:14:17.236-07:00Why SCADA Networks Are Vulnerable To Attack - Part 3: Firewall Both Users AND Devices<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/TE9ot_48ORI/AAAAAAAAAJE/bWZrIoUzTw4/s1600/Firewall.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 240px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/TE9ot_48ORI/AAAAAAAAAJE/bWZrIoUzTw4/s320/Firewall.jpg" alt="" id="BLOGGER_PHOTO_ID_5498728809496328466" border="0" /></a><br /><span style="font-family:arial;">Following a rise in the theft of payment card data, the Payment Card Industry (PCI) standards council was created by the top card brands to combat such crime. The resulting PCI Data Security Standard (DSS) defines mandatory security guidelines for use by all merchants and service providers that store, process and transmit cardholder data. </span> <span style="font-family:arial;"><br /><br />Wireless LAN security is a core component of these requirements. DSS v1.1 permitted the use of WEP encryption. Indeed, many retailers wanted to continue using the WEP devices they had already purchased, not because of the encryption scheme but to avoid the capital outlays required to replace WEP devices with higher security equivalents.<br /><br />While WEP encryption is easily cracked, and was subsequently banned under DSS v1.2, an ingenious method was used to protect WEP devices so they could continue in service until DSS v1.2 was implemented. This solution protected the network without requiring any changes or clients added to the WEP devices. This solution holds great promise for the protection of SCADA, smart grid, and energy control systems.</span> <span style="font-family:arial;"><br /><br />Consider the humble bar code scanner. A workhorse of both point-of-sale (POS) and logistics systems, many scanners in use today rely on 802.11b/g Wi-Fi and WEP. Data from the scanners are passed via Wi-Fi to the enterprise network. If you crack WEP you therefore potentially open a back door into that network.<br /><br /></span><span style="font-family:arial;">Integrating a stateful, role-based policy enforcement firewall into the wireless network slams shut this back door. By blacklisting unauthorized devices – not based on the port through which they entered the network but rather by the user and/or type of device - unauthorized users can be denied access to the rest of the network.<br /><br />The firewall can distinguish between multiple classes of users, allowing one common network infrastructure to function as independent networks whose isolation is ensured by policy enforcement. Guest access is separate from POS which is separate from logistics, etc.</span> <span style="font-family:arial;"><br /><br />The elegance of this approach is that it can be retrofitted to existing networks – wired and wireless using a true overlay model - without any software clients or other changes to the devices being protected. It protects any devices from any manufacturers.<br /><br /></span><span style="font-family:arial;">This same segmentation and policy enforcement scheme can be applied to wired and wireless sensors as soon as their data hit the IT infrastructure. Access rights, quality-of-service, bandwidth, VLANs – almost any parameter can be controlled and actively managed by the stateful, role-based policy enforcement firewall. It is to the benefits of this approach, used in conjunction with additional security enhancements, that we’ll turn in the next posting.</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-24576423836044135892010-07-27T16:08:00.000-07:002010-07-27T16:11:12.968-07:00Why SCADA Networks Are Vulnerable To Attack - Part 2: The Weakest Link<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_NiHahXlkVgY/SkhSHuiKjvI/AAAAAAAAAA4/VsY8By55TjE/s1600-h/Control+iStock_000001540903XSmall.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 212px;" src="http://3.bp.blogspot.com/_NiHahXlkVgY/SkhSHuiKjvI/AAAAAAAAAA4/VsY8By55TjE/s320/Control+iStock_000001540903XSmall.jpg" alt="" id="BLOGGER_PHOTO_ID_5352618449833725682" border="0" /></a><span style="font-family:arial;">In the beginning, there was cabling - lots of cabling. Every sensor, actuator, and display was connected by a separate cable that grew like a hydra from a controller, the brains of a traditional control system. If a solenoid needed to be triggered in response to the activation of a limit switch then the signal traveled from the limit switch, through cabling to the controller, which processed the information and sent a command to the solenoid over yet another cable. </span> <span style="font-family:arial;"><br /><br />These direct wired systems were subsequently replaced with time or frequency division multiplex systems that allowed one common cable to be shared among multiple devices. Installation was simpler and less expensive, the controller was more complex and, as before, a central point of failure should its program fail to execute properly.</span> <span style="font-family:arial;"><br /><br />Next up were intelligent, distributed networks in which devices communicated directly with one another on a peer-to-peer basis, without the need for a central controller. Locally intelligent and able to communicate on shared communication medium with any other device on the network, these networks allowed reconfiguration of system functionality via software download over the network. Peer-to-peer communications allowed the direct exchange of information between any or all of the devices without intervention by any central device, eliminating the single point of failure issue. </span> <span style="font-family:arial;"><br /><br />Regardless of the specific architecture used, in all cases the objective of the control network was to deliver status information as quickly as possible to all devices that needed updates. The protocols we’re highly optimized for short control packets, and nary a bit was “wasted” on ancillary data or status. </span> <span style="font-family:arial;"><br /><br />The same optimization guidelines applied to the <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">microcontrollers</span></span> running the devices. To keep costs down and thereby allow the networks to be pervasively deployed down to the lowest cost sensor/actuator, processors were optimized for high throughput and processing short packets.</span> <span style="font-family:arial;"><br /><br />The popularity of <span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_1">IP</span></span> connectivity spawned the development of <span class="blsp-spelling-error" id="SPELLING_ERROR_4"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">IP</span></span>-based control networks in which Ethernet or <span class="blsp-spelling-error" id="SPELLING_ERROR_5"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">Wi</span></span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_6"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">Fi</span></span> forms a backbone for linking different sections of a control network. While controllers were the first devices to sit on an <span class="blsp-spelling-error" id="SPELLING_ERROR_7"><span class="blsp-spelling-error" id="SPELLING_ERROR_5">IP</span></span> network, increasing numbers of native <span class="blsp-spelling-error" id="SPELLING_ERROR_8"><span class="blsp-spelling-error" id="SPELLING_ERROR_6">IP</span></span> sensors and actuators are reaching the market.</span> <span style="font-family:arial;"><br /><br />Many IT departments prohibit the connection of any <span class="blsp-spelling-error" id="SPELLING_ERROR_9"><span class="blsp-spelling-error" id="SPELLING_ERROR_7">IP</span></span>-based, control-related sensor/actuator, controller, gateway to their corporate networks out of concerns about network integrity and security. IT managers are legitimately concerned that the high offered traffic of control networks, some of which run at 100% channel utilization, will overwhelm their Ethernet networks and cause unintentional denial of services. Others are concerned that control networks, the security standards of which are rarely a high priority, could become unprotected back-doors into the corporate network. </span> <span style="font-family:arial;"><br /><br />What is rarely if ever discussed is how exposed the enterprise is to unauthorized manipulation of the control devices themselves. These systems control the power at the heart of every business and institution, and it is paramount that they be protected against unauthorized manipulation. It is to this point that we’ll return in the next installment of this series.</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-69122216074530492562010-07-27T15:58:00.000-07:002010-07-27T16:06:48.390-07:00Why SCADA Networks Are Vulnerable To Attack - Part 1: Unintended Consequences<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://brightsecuritygroup.com/images/gallery/320x240/bsg-hid_proximity_card_reader.jpg%20"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 297px; height: 240px;" src="http://brightsecuritygroup.com/images/gallery/320x240/bsg-hid_proximity_card_reader.jpg" alt="" border="0" /></a><span style="font-family:arial;">This multi-part series discusses the security vulnerabilities of the sensor/actuator controls at the heart of <span class="blsp-spelling-error" id="SPELLING_ERROR_0">SCADA</span>, smart grid and energy management systems, and proposes a means of containing, if not fully addressing, the limitations of these systems.</span><br /><br />* * * * * * *<span style="font-family:arial;"><br /><br />In the 1980s the proximity access card was introduced to the building security market. Until that time, gaining access to high security facilities – including many government agencies – required one to physically insert a magnetic stripe or <span class="blsp-spelling-error" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_1">Wiegand</span></span> card into a reader.<br /><br />Proximity card readers from <span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="blsp-spelling-error" id="SPELLING_ERROR_2">Schlage</span></span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">Sielox</span></span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">Indala</span></span>, and others overcame the inconvenience of swiping a card by using radio energy to sweep the area in front of the reader. </span> <span style="font-family:arial;">Users needed only to place their wallet, purse, valise, or ID badge near a reader and the radio energy would be picked up by their proximity card.<br /><br />A tuned circuit internal to the card would resonate when within range of the reader, generating a unique radio signature that would be captured and analyzed by the access control system. If the signature matched that of a valid card already programmed into the system, access would be granted. Simple, elegant, and convenient, proximity card systems quickly grew in popularity.</span> <span style="font-family:arial;"><br /><br />Problem was, this innovative technology had profound, unintended consequences. It allowed the surreptitious identification of people with access privileges to high security facilities. One could use radio energy to sweep a crowd of people and, by virtue of their proximity card, pick out persons of interest based on their signatures generated by their proximity cards. At a time when the Cold War was steamy hot and espionage was rampant, the proximity card was a new-found tool for adversaries. </span> <span style="font-family:arial;"><br /><br />The unintended consequences of a new technology are not usually discovered until after it's in use, sometimes widespread use, by which time available remediation options might be limited or very expensive. Such is the case with <span class="blsp-spelling-error" id="SPELLING_ERROR_5">SCADA</span>, smart grid, and energy management systems, which are now front and center in the effort to better manage energy consumption and lower greenhouse gases. Unintentionally vulnerable to manipulation and unauthorized access, these systems can literally turn out the lights, stopping a utility or enterprise cold in its tracks.<br /><br />(</span><!--[if gte mso 9]><xml> <w:worddocument> <w:view>Normal</w:View> <w:zoom>0</w:Zoom> <w:punctuationkerning/> <w:validateagainstschemas/> <w:saveifxmlinvalid>false</w:SaveIfXMLInvalid> <w:ignoremixedcontent>false</w:IgnoreMixedContent> <w:alwaysshowplaceholdertext>false</w:AlwaysShowPlaceholderText> <w:compatibility> <w:breakwrappedtables/> <w:snaptogridincell/> <w:wraptextwithpunct/> <w:useasianbreakrules/> <w:dontgrowautofit/> <w:usefelayout/> </w:Compatibility> <w:browserlevel>MicrosoftInternetExplorer4</w:BrowserLevel> </w:WordDocument> </xml><![endif]--><!--[if gte mso 9]><xml> <w:latentstyles deflockedstate="false" latentstylecount="156"> </w:LatentStyles> </xml><![endif]--><style> <!-- /* Font Definitions */ @font-face {font-family:"MS Mincho"; panose-1:2 2 6 9 4 2 5 8 3 4; mso-font-alt:"MS 明朝"; mso-font-charset:128; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-1610612033 1757936891 16 0 131231 0;} @font-face {font-family:"\@MS Mincho"; panose-1:2 2 6 9 4 2 5 8 3 4; mso-font-charset:128; mso-generic-font-family:modern; mso-font-pitch:fixed; mso-font-signature:-1610612033 1757936891 16 0 131231 0;} /* Style Definitions */ p.MsoNormal, li.MsoNormal, div.MsoNormal {mso-style-parent:""; margin:0in; margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"MS Mincho";} a:link, span.MsoHyperlink {color:blue; text-decoration:underline; text-underline:single;} a:visited, span.MsoHyperlinkFollowed {color:purple; text-decoration:underline; text-underline:single;} @page Section1 {size:8.5in 11.0in; margin:1.0in 1.25in 1.0in 1.25in; mso-header-margin:.5in; mso-footer-margin:.5in; mso-paper-source:0;} div.Section1 {page:Section1;} --> </style><!--[if gte mso 10]> <style> /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-parent:""; mso-padding-alt:0in 5.4pt 0in 5.4pt; mso-para-margin:0in; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:10.0pt; font-family:"Times New Roman"; mso-fareast-font-family:"Times New Roman"; mso-ansi-language:#0400; mso-fareast-language:#0400; mso-bidi-language:#0400;} </style> <![endif]--><span style="text-decoration: underline;">Photo: www.brightsecuritygroup.com)</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-72566895730350441582010-07-15T11:56:00.000-07:002010-07-15T12:25:08.564-07:00Is there a role for Wi-Fi in offloading traffic from cellular networks?<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_NiHahXlkVgY/TD9btp__EQI/AAAAAAAAAI8/ahVE0m1Dd3s/s1600/Cell+towers.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 213px;" src="http://3.bp.blogspot.com/_NiHahXlkVgY/TD9btp__EQI/AAAAAAAAAI8/ahVE0m1Dd3s/s320/Cell+towers.jpg" alt="" id="BLOGGER_PHOTO_ID_5494210910341763330" border="0" /></a><span style="font-family: arial;">We are today witnessing a mobile device boom driven by distributed workforces that need secure anywhere-connectivity, and consumers who want always-on Internet access. <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Smartphone</span> sales grew 29% year-over-year in 2009 to surpass notebook sales (1), and dual-mode (<span class="blsp-spelling-error" id="SPELLING_ERROR_1">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_2">Fi</span>/cellular) phones and <span class="blsp-spelling-error" id="SPELLING_ERROR_3">smartphones</span> will more than double from 2008-2013 to 130.9 million units (2).</span><span style="font-family: arial;"><br /><br />One consequence of the flood of mobile devices is growing congestion on cellular data networks. Slow and dropped network connections are legion in large metropolitan areas like Beijing, New York, and San Francisco. Cellular data traffic is rising beyond sustainable network capacity, and there are no signs that it abate any time soon.</span><span style="font-family: arial;"><br /><br />This problem is compounded by the challenge carriers face in obtaining acceptable ROI from their massive infrastructure investments. Value-added services like video help a carrier’s bottom line, but the more bandwidth-hungry video booms, the greater capacity is squeezed. Sticky new services and applications needed to secure customer loyalty only add to bandwidth woes.</span><span style="font-family: arial;"><br /><br />One solution is to offload bandwidth-intensive multimedia traffic to nearby <span class="blsp-spelling-error" id="SPELLING_ERROR_4">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_5">Fi</span> networks, a process called “cellular offload.” In theory pushing traffic from overcrowded cellular networks onto high capacity, high-speed <span class="blsp-spelling-error" id="SPELLING_ERROR_6">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_7">Fi</span> networks should alleviate network congestion. The challenge for carriers is ensuring that bandwidth relief <span class="blsp-spelling-error" id="SPELLING_ERROR_8">doesn</span>’t come at the expense of the customer experience…or at the customer’s expense.</span><span style="font-family: arial;"><br /><br />Cellular offload must be simple to initiate, the quality of service on <span class="blsp-spelling-error" id="SPELLING_ERROR_9">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_10">Fi</span> must be equal to or better than that offered on cellular, and there should not be cost penalties to the user. That’s a tall order. Many a manufacturer of metropolitan mesh <span class="blsp-spelling-error" id="SPELLING_ERROR_11">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_12">Fi</span> networks that has attempted cellular offload has failed.</span><span style="font-family: arial;"><br /><br />Why? Because metro mesh networks were designed for e-mail and Web access, and not high-density, latency-sensitive data, voice, and video applications. Mesh technology is available that can handle these types of applications, Azalea Networks being a noted example, but metro mesh vendors have so fouled the market that customer resistance is high though not insurmountable.</span><span style="font-family: arial;"><br /><br />Cost penalties are another concern. Some carriers, <span class="blsp-spelling-error" id="SPELLING_ERROR_13">ATT</span> among them, are trying to convince subscribers to pay twice for cellular offloading – once for cellular data service and once for a home <span class="blsp-spelling-error" id="SPELLING_ERROR_14">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_15">Fi</span> access point to handle traffic that the cellular network can’t. Even if the economics did work for a consumer, this stop-gap crumbles the moment users step foot outside their homes. A system-wide solution – not an ad <span class="blsp-spelling-error" id="SPELLING_ERROR_16">hoc</span> one – is the only way to address the dilemma.</span><span style="font-family: arial;"><br /><br />A corollary to Parkinson’s Law says that data expands to fill all available bandwidth. So while some pundits say we’ll obtain bandwidth relief from 4G cellular (most studies say otherwise), those networks will attract applications that are even more bandwidth heavy.<br /><br />What we need a commuter lane to handle network overspill and ensure that essential and urgent cellular traffic has the bandwidth it needs. <span class="blsp-spelling-error" id="SPELLING_ERROR_17">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_18">Fi</span> networks can be that path, if constructed correctly and with the right building blocks, and can do so at a price that is affordable to implement on a vast scale.</span><span style="font-family: arial;"><br /><br />So let's stop blaming the rising popularity of Web-enabled <span class="blsp-spelling-error" id="SPELLING_ERROR_19">smartphones</span> and start focusing on using <span class="blsp-spelling-error" id="SPELLING_ERROR_20">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_21">Fi</span> to solve the problem.</span><span style="font-family: arial;"><br /><br />(1) <span class="blsp-spelling-error" id="SPELLING_ERROR_22">Dataquest</span> Insight: PC Vendors' Move Into the <span class="blsp-spelling-error" id="SPELLING_ERROR_23">Smartphone</span> Market is Not Challenge Free</span><span style="font-family: arial;"><br />(2) <span class="blsp-spelling-error" id="SPELLING_ERROR_24">Dataquest</span> Insight: Factors Driving the Worldwide Enterprise Wireless LAN Market, 2005-2013</span><br /><br /><span style=";font-family:";font-size:10pt;" ><o:p></o:p></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-2777460295742371062010-04-29T18:14:00.001-07:002010-04-30T11:25:27.111-07:00Project "CleanWallet": The Newest Way To Separate Wi-Fi Customers From Their Money<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S9oxCgc7vWI/AAAAAAAAAIs/_IJHIKP0GeI/s1600/Pickpocket.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 212px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S9oxCgc7vWI/AAAAAAAAAIs/_IJHIKP0GeI/s320/Pickpocket.jpg" alt="" id="BLOGGER_PHOTO_ID_5465735016908307810" border="0" /></a><span style="font-family:arial;">The best pickpockets create a diversion before they dip and run. They'll bump into you, drop an object nearby, or yell something to catch your attention.<br /><br />Distracted by the commotion, the extraction proceeds unnoticed. That is until you next reach for your money only to find it's gone missing. Never to be seen again.<br /><br />This week at Interop Cisco created such a diversion when it announced the availability of a new hardware-based spectrum analyzer. With features remarkably similar to Aruba's recently announced software-based spectrum analyzer - and using words so closely paired to Aruba's that a plagiarist would swoon - Cisco proclaimed that the world at last had a solution for dirty air. The secret: a new line of access points containing - drum roll, please - an embedded ASIC. Did that get your attention?<br /><br />Now for the dip. In order to get this feature you have to replace your existing access points. If you want clean air everywhere then you have to replace all of the access points in your network. Every single one. </span><span style="font-family:arial;">Brilliant! </span><br /><span style="font-family:arial;"><br />You've got to credit where credit is due. Project "CleanWallet" is really a double-dip - once for new APs and once for the 802.11n APs you only just purchased.</span><span style="font-family:arial;"> Even the Artful Dodger would be impressed.</span><br /><span style="font-family:arial;"><br />Silly sods, us. Instead of forcing customers to divvy up cash to replace their access points, our new software-based spectrum analyzer works with all Aruba 802.11n access points, including those already installed. </span><span style="font-family:arial;">Aruba's spectrum analyzer is feature rich, and includes </span><span style="font-family:arial;">Fast Fourier Analysis, spectrograms, interference classification, and programmable recording/playback.</span><br /><br /><span style="font-family:arial;">We don't require any new hardware to make spectrum analysis work, and for customers using our Wireless Intrusion Prevention Module the feature comes for free. Aruba's 802.11n access points are already significantly less expensive than Cisco's, so the entire Wi-Fi system, including spectrum analysis, is easy on your wallet.<br /></span><span style="font-family:arial;"><br />If Project "CleanWallet" isn't your thing, give us a call. We'll prove that </span><span style="font-family:arial;">you don't have to pay through the nose or sacrifice features to get clean air.</span><span style="font-family:arial;"><br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-45246308417530524312010-04-18T14:02:00.000-07:002010-04-19T15:42:52.132-07:00Innovation Shouldn't Have To Be Delivered By Forklift<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/S8t4y03X4QI/AAAAAAAAAIk/4lB0_ozmjKI/s1600/Forklift.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 240px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/S8t4y03X4QI/AAAAAAAAAIk/4lB0_ozmjKI/s320/Forklift.jpg" alt="" id="BLOGGER_PHOTO_ID_5461591787696546050" border="0" /></a><span style=";font-family:arial;font-size:100%;" >Ever notice how the latest and greatest innovation from some vendors invariably requires replacing the equipment you've already installed? Known as a "forklift" upgrade, these swap-outs benefit the vendor at the expense of the customer's time and money. </span> <span style=";font-family:arial;font-size:100%;" ><br /><br />Let's face it, forklift upgrades are driven by vendor greed. The worst offenders make no apologies for their inability and/or unwillingness to design upgradable products. It's just not in their DNA. </span><span style=";font-family:arial;font-size:100%;" >Product design recapitulates corporate philosophy, to paraphrase Haeckel.<br /><br />There are existence proofs that a forklift is not a mandatory prerogative to obtain a new feature - even one incorporating a profoundly complex new technology. Therefore a forklift-based strategy must originate in a forklift-oriented mentality.</span> <span style=";font-family:arial;font-size:100%;" ><br /><br />Case in point - spectrum analysis. </span><span style=";font-family:";" ><br /><br />Wi-Fi networks operate in environments containing electrical and radio frequency devices that can interfere with network communications. 2.4 GHz cordless phones, microwave ovens, wireless telemetry systems, and even adjacent Wi-Fi networks are all potential sources of interference.<span style=""> </span>Interference sources can be either continuous or intermittent, the latter being the most difficult to isolate.<o:p></o:p></span> <p class="MsoNormal" style=""><span style=";font-family:";" ><o:p></o:p>The task of identifying interference typically falls to a spectrum analyzer, the gold standard for isolating RF impediments. </span><span style=";font-family:arial;font-size:100%;" >S</span><span style=";font-family:arial;font-size:100%;" >pectrum analyzers help isolate packet transmission issues, over-the-air quality of service problems, and traffic congestion caused by contention with other devices operating in the same channel or band. They are an essential tool to ensure that networks run as they should.</span></p><p class="MsoNormal" style=""><span style=";font-family:";" >To be effective the analyzer needs to be in the right place at the right time. The ideal solution is a spectrum analyzer that’s built into the wireless LAN infrastructure, and can examine the spectral composition of the RF environment anywhere in the Wi-Fi network, at any time. Today vendors offer handheld spectrum analyzers as well as ones that require the addition of spectrum analysis monitors (effectively doubling the total number of access points on site for full coverage).<br /></span></p><p class="MsoNormal" style=""><span style=";font-family:";" >Rumors are that at least one vendor will be offering new access points with integrated spectrum analysis. Consistent with their company policy, however, a forklift upgrade will be required to use it.</span></p><span style=";font-family:arial;font-size:100%;" >Aruba has taken a completely different tack with spectrum analysis. Its recently introduced scientific-grade spectrum analyzer includes traditional tools such as Fast Fourier Transform (FFT), spectrograms, and interference source classification. It also includes powerful new features such as interference charts, channel quality measurement, and spectrum recording and playback.<br /><br />Uniquely, the new spectrum analyzer <span style="font-weight: bold;">works with all Aruba 802.11n access points</span>, including those already in service. That is, a customer with an existing Aruba 802.11n deployment can enable spectrum analysis on any of their existing access points without adding any new hardware. None.<br /><br />And the cost? Zero if you are already using Aruba's Wireless Intrusion Protection (WIPS) Module into which the new analyzer is integrated.<br /><br /></span><span style=";font-family:arial;font-size:100%;" >Why does Aruba introduce new features that expand the capabilities of its customers' already deployed networks? Why did it add </span><span style=";font-family:arial;font-size:100%;" >distributed forwarding without a controller in the data path? E9-1-1 call positioning? Wired switch management?<br /><br /></span><span style=";font-family:arial;font-size:100%;" >Because adding features recapitulates our corporate commitment to value, driving growth by enhancing the utility of our customers' investments. It's a mutually beneficial arrangement, and one that stands in sharp contrast to a forklift mentality.<br /><br />The next time you consider an IT vendor consider how they deliver innovative features. With a hand outstretched in partnership or reaching for your wallet.<br /><br /></span><span style=";font-family:georgia;font-size:180%;" ><span style="font-size:11pt;"></span></span><span style=";font-family:";font-size:11pt;" ><o:p></o:p></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-41960342004521591652010-04-02T09:56:00.000-07:002010-04-02T13:14:22.601-07:00Adversity Drives Innovation<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S7YkpkF6NZI/AAAAAAAAAIc/tB8MRV1HCFY/s1600/Adversity.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 213px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S7YkpkF6NZI/AAAAAAAAAIc/tB8MRV1HCFY/s320/Adversity.jpg" alt="" id="BLOGGER_PHOTO_ID_5455588295087633810" border="0" /></a><span style="font-family: arial;font-family:arial;" >Economic downturns are commonly viewed as a time of retrenching and cut-backs, but they're also times of intellectual ferment and innovation. While budget cuts and scaled back programs create adversity, there remains a job to do and customers to satisfy.<br /><br />The issue is how to accomplish this with fewer available resources. </span><span style="font-family: arial;font-family:arial;" >To do this you have to get creative, and adversity catalyzes the process. </span><span style="font-family: arial;font-family:arial;" >It is the gap between available resources and demand that drives innovation, creativity, and opportunity.<br /><br /></span><span style="font-family: arial;font-family:arial;" >In the words of J.C. Maxwell</span><span style="font-family: arial;font-family:arial;" >, “adversity motivates.” </span><span style="font-family: arial;font-family:arial;" >Maxwell’s "Benefits of Adversity</span><span style="font-family: arial;">" identifies the positive attributes of adversity:</span><span style="font-family: arial;font-family:arial;" ><br /><br />1. Adversity creates resilience;</span><span style="font-family: arial;font-family:arial;" ><br />2. Adversity develops maturity;</span><span style="font-family: arial;font-family:arial;" ><br />3. Adversity pushes the envelope of accepted performance;</span><span style="font-family: arial;font-family:arial;" ><br />4. Adversity provides greater opportunities;</span><span style="font-family: arial;font-family:arial;" ><br />5. Adversity prompts innovation;</span><span style="font-family: arial;font-family:arial;" ><br />6. Adversity recaps unexpected benefits;</span><span style="font-family: arial;font-family:arial;" ><br />7. Adversity motivates.</span><span style="font-family: arial;font-family:arial;" ><br /><br />The present downturn is no exception. IT managers face budget and headcount cuts, yet the companies for which they work cannot stop running. Leveraging investments in existing infrastructure, minimizing major new capital investments, and recouping savings from company operations are the new marching orders. If satisfying existing needs was good enough then the task at hand would be straightforward – weather the adverse economic climate by cutting as much spending and headcount as possible.</span><span style="font-family: arial;font-family:arial;" ><br /><br />But in business it isn't that simple. The end of any downturn is followed by an uptick that will require increased IT services. Cut too far today and IT won’t be able to respond tomorrow. Business will suffer - again. IT managers must therefore be cognizant of the future and look at changes and cuts with an eye towards their impact on a future recovery. </span><span style="font-family: arial;font-family:arial;" ><br /><br />This begs the question – is it possible to batten down the hatches to survive the current economic storm while laying the foundation for a future recovery? The answer is yes...but the challenge to doing so, surprisingly, is neither technological nor monetary but conceptual. </span><span style="font-family: arial;font-family:arial;" ><br /><br />Doing more with less requires a new way of thinking about problems. In the IT world it means reconsidering the value of overbuilding complex, expensive infrastructure. In this market, in this economy, the first priorities need to be streamlining costs, boosting productivity, and enhancing efficiency. </span><span style="font-family: arial;font-family:arial;" ><br /><br />A simple example will drive home the point. To lower costs, most enterprises are reducing their real estate footprints. Today 88% of employees work somewhere other than the corporate headquarters - many hotel in branch offices, work from home, or work on the road. The traditional way in which these remote users would be served is with a branch router</span><span style="font-family: arial;font-family:arial;" >. This paradigm might be </span><span style="font-family: arial;font-family:arial;" >acceptable for a large office but it's outrageously expensive for a branch of just a few people. <br /><br />The challenge is how to network a large and growing remote workforce in an environment focused on cost reduction. It is here that adversity catalyzes innovation. By standing the problem on its head and saying the real issue is how we enable mobility at low cost for a large number of users - not how we connect a branch office - new, non-traditional solutions emerge. </span><span style="font-family: arial;font-family:arial;" ><br /><br />To a router vendor every problem ends with a hardware-based solution - it is the proverbial key under the streetlight. </span><span style="font-family: arial;">Reconstituting the problem expands the area of illumination, revealing, for instance, that cloud-computing and virtualization are new options not previously considered.<br /><br />Simply reframing a question can open a completely new set of solutions. Adversity forces the process by highlighting the inadequacy of </span><span style="font-family: arial;font-family:arial;" >the “old school” way of thinking and opening the door to innovative new solutions. </span><span style="font-family: arial;">Ones </span><span style="font-family: arial;font-family:arial;" >that focus on today's needs instead of yesterday's answers.</span><span style="font-family: arial;font-family:arial;" > </span><br /><br /><span style="font-family:arial;"></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-81006338253312652132010-04-01T22:47:00.001-07:002010-04-02T08:48:45.784-07:00VBN Killed The Branch-In-A-Box<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S7WFeRkE6hI/AAAAAAAAAIU/AgNEFcWQoMs/s1600/Radio.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 320px; height: 240px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S7WFeRkE6hI/AAAAAAAAAIU/AgNEFcWQoMs/s320/Radio.jpg" alt="" id="BLOGGER_PHOTO_ID_5455413278786513426" border="0" /></a><br /><span style="font-family:arial;">In 1979 The Buggles released their debut single, '<a href="http://www.youtube.com/watch?v=iGokPQLwJhA&feature=related">Video Killed The Radio Star</a>,' a nostalgic look at radio from the perspective of the video age that killed it.</span><br /><br /><span style="font-style: italic;font-family:arial;" ></span><span style="font-family:arial;">Progress drives on, looking nostalgically in the rear view mirror from time to time, but propelled forward by the engine of our insatiable desire for something better.</span><br /><br /><span style="font-family:arial;">Tube-based table radios are nostalgic. So are rotary phones, wooden plows, and iron clad ships. Doesn't mean we want to use them anymore. They were abandoned because something better came along. Something easier to use. Faster.Less expensive.</span> <span style="font-family:arial;"><br /><br />Technology transitions happen all the time in enterprise IT, but the branch office and fixed teleworker seem to have been neglected along the way. And what an oversight it was. Today more than 85% of employees work outside of the primary corporate campus. Yet they need - but haven't had - the same access to corporate network resources and applications as someone in the home office.</span> <span style="font-family:arial;"><br /><br />The solution cobbled together by router vendors was to remotely replicate the infrastructure that's on the corporate campus. That is, assemble a stack of appliances for security, VPN, Wi-Fi, routing - and then try to integrate them to work together.</span><br /><br /><span style="font-family:arial;">Over time the separate appliances morphed into an integrated branch-in-a-box router. But experience showed that while you can morph a router from a hairball, but you can never take the hairball out of the router. From the user's point of view, the solution was little improved.</span> <span style="font-family:arial;"><br /><br />The fundamental problem is that the campus network and its branch offspring were designed assuming static users sitting behind protective firewalls. Mobility - mobile users specifically - breaks that model. You have to punch holes in firewalls, configure complex VLAN assignments for segmenting traffic and user types, install VPNs to protect roaming users. The list goes on and on. And grows more expensive, complex, and user unfriendly as it does.</span> <span style="font-family:arial;"><br /><br />Virtual Branch Networking (VBN) 1.0 was introduced in 2009 as a ground-up, mobility focused solution. VBN made it less expensive and simpler to securely connect remote users with the enterprise network at low cost and without changing the user experience.</span> <span style="font-family:arial;"><br /><br />VBN 2.0 goes one giant step farther by leveraging cloud services to do the job done by branch routers today - application acceleration, content security, remote access. Only it does so using a lower cost, more scalable solution that delivers a consistent user experience regardless of where you work: in the corporate HQ, in a branch office, from home, or on the road.</span> <span style="font-family:arial;"><br /><br />The cloud provides a massively scalable, economical way of delivering services and applications. It has changed the way we transfer data, download files, and use applications. When applied to branch networks, cloud services are the perfect tonic. They deliver essential business-critical services, without complexity, to widely distributed users at less than half the cost of the branch in-a-box router. This is one change you'll make and never, ever look back.</span> <span style="font-family:arial;"><br /><br /><span style="font-style: italic;">In my mind and in my branch,</span></span> <span style="font-style: italic;font-family:arial;" ><br />We can't rewind it bought the ranch,</span> <span style="font-style: italic;font-family:arial;" ><br />VBN killed the branch-in-a-box.</span> <span style="font-family:arial;"><br /><br />Read more about VBN 2.0 <a href="http://www.arubanetworks.com/vbn">on-line</a>.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-4922470974160534082010-03-07T08:49:00.000-08:002010-03-15T18:44:52.670-07:00The Lessons of Wi-Fi #14: Wi-Fi Should Save Money, Not Waste It<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/S5PdqVVJtWI/AAAAAAAAAH8/-ZaN7uQfW4E/s1600-h/Money+down+drain.jpg"><img style="float: left; margin: 0pt 10px 10px 0pt; cursor: pointer; width: 213px; height: 320px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/S5PdqVVJtWI/AAAAAAAAAH8/-ZaN7uQfW4E/s320/Money+down+drain.jpg" alt="" id="BLOGGER_PHOTO_ID_5445940093771167074" border="0" /></a><span style="font-family:arial;">The computer science graduate students shuffle into class, taking their assigned seats. The professor opens the lesson by asking if there are any questions about the assigned reading.<br /><br />A student raises her hand and asks, "We live in such a complex world. How could it possibly have been created in just 7 days." Without a moment's hesitation the professor looks up and responds, "Because there was no installed base – it was a new deployment."<br /><br />Retrofitting 802.11n Wi-Fi to an existing network requires consideration of a number of factors: switch capacity, cable length, cable capacity, power sources. The last item is especially important during the transition to 802.11n. Many 802.11n access points far exceed the current capability of existing </span><span style="font-family:arial;">802.3af </span><span style="font-family:arial;">Power-over-Ethernet (PoE) sources. Some require an astounding 32 Watts or more, far beyond the capabilities of 802.3af. </span><span style="font-family:arial;"><br /><br /></span><span style="font-family:arial;"></span><span style="font-family:arial;">Unless you read the fine print in product data sheets you could find yourself exceeding the power delivery capabilities of both power sources and a single Ethernet cable. </span><span style="font-family:arial;">A Wi-Fi network that was supposed to reduce the cost of IT infrastructure by doing away with unneeded wired ports and switches could instead result in a whopping big bill to replace PoE infrastructure.</span><span style="font-family:arial;"><br /></span><span style="font-family:arial;"><br /></span><span style="font-family:arial;">The Lessons of Wi-Fi #14: a Wi-Fi network should save money, not waste it. If you have to add supplemental power injectors, especially mid-span power sources, </span><span style="font-family:arial;">labor and hardware costs will soar. Power-hungry access points and high-current injectors also generate a lot of heat, so you'll incur higher recurring cooling costs. And your carbon footprint will grow.</span><br /><span style="font-family:arial;"><br /></span><span style="font-family:arial;">Aruba's 802.11n access points operate from 802.3af power sources. Always have. In fact, we were the first company to introduce an 802.3af powered 3x3 MIMO access point. The access points also feature a lifetime warranty because the company stands behind what it builds.<br /><br /></span><span style="font-family:arial;">As you consider an upgrade to 802.11n, be certain that 802.3af delivers sufficient current to power all of the radios to their full operating mode in every access point. If the data sheet says you need something other than a single 802.3af supply operating over 100m of cable to get full performance, consider yourself warned.<br /><br />So check out our range of </span><span style="font-family:arial;"><a href="http://www.arubanetworks.com/products/access_points.php">802.11n access points</a> and leave it to someone else to relearn the lessons of Wi-Fi.</span><span style="font-family:arial;"><br /><br /></span><span style="font-family:arial;"></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-63878640704714525562010-03-06T16:35:00.001-08:002010-03-08T11:00:10.564-08:00The Lessons of Wi-Fi #12: Your Wi-Fi Network Should Not Be A One Trick Pony<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S5L1HgwHi6I/AAAAAAAAAHk/hcJlNv1PQIw/s1600-h/One-Trick+Pony.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 213px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S5L1HgwHi6I/AAAAAAAAAHk/hcJlNv1PQIw/s320/One-Trick+Pony.jpg" alt="" id="BLOGGER_PHOTO_ID_5445684408843996066" border="0" /></a><span style="font-family:arial;">Time was when you left work at the office. </span><span style="font-family:arial;">Those days are long gone. Enterprises and institutions with workforces, offices, or colleagues spread </span><span style="font-family:arial;">across time zones often have time- and location-shifted working conditions.<br /><br />Users might need to work from home, on the road, or at a remote site. In all cases, a user will be most productive if the network experience - and access to applications and network resources - is the same remotely as it is at his or her desk at work.</span><br /><br /><span style="font-family:arial;">Can the wireless LAN infrastructure that's used in a campus environment pull double duty and be used by remote users, too? The stock answer from most vendors is "nary the twain shall meet" - use a campus wireless LAN at work and a remote access solution like a virtual private network (VPN) everywhere else. </span><span style="font-family:arial;"><br /><br />Since using a VPN is very different than accessing a campus network, this means that users need to be trained how and when to use the appropriate access method.</span> <span style="font-family:arial;">And that means Help Desk calls. The end user is stuck with two</span><span style="font-family:arial;"> parallel, non-intersecting networks to buy, </span><span style="font-family:arial;">maintain, and l</span><span style="font-family:arial;">earn. Ouch!</span><span style="font-family:arial;"><br /><br />The Lessons of Wi-Fi #12: your Wi-Fi network should not be a one-trick pony. One common network infrastructure should support both the campus wireless LAN and off-site users. </span><span style="font-family:arial;">And it should provide </span><span style="font-family:arial;">an identical end user experience regardless of how or where the network is accessed.</span><span style="font-family:arial;"><br /><br />Enter Aruba's Virtual Branch Networking (VBN) technology. VBN </span><span style="font-family:arial;">uses low-cost Remote Access Points (RAPs) to securely connect remote users, and their Wi-Fi and wired Ethernet devices, back to a controller in the data center. The same controller that runs the campus Wi-Fi </span><span style="font-family:arial;">network.<br /><br />Any </span><span style="font-family:arial;">standard Aruba indoor access point can be used as a RAP. That means one SKU can serve as both a campus AP or a Wi-Fi enabled remote access device for a home, branch office, or road warrior. </span><br /><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S5L1pfQ7jtI/AAAAAAAAAH0/iT43omWPbl0/s1600-h/RAP2_White.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 238px; height: 159px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S5L1pfQ7jtI/AAAAAAAAAH0/iT43omWPbl0/s320/RAP2_White.jpg" alt="" id="BLOGGER_PHOTO_ID_5445684992560303826" border="0" /></a><br /><span style="font-family:arial;">The $99 list price RAP-2 unit pictured here is small enough to fit in a shirt pocket or valise.</span> <span style="font-family:arial;">It works with any IP-based devices - laptops, iPhone, iTouch, PCs, printers, wired and wireless voice over IP phones, wireless projectors - all of which can simultaneously share a single RAP. As can multiple users. </span><span style="font-family:arial;"><br /></span><span style="font-family:arial;"><br /></span><span style="font-family:arial;">VBN features one-button installation so that a non-technical person can provision a RAP-2 by him or herself. No IT assistance, no user training required. Once commissioned the user just turns on his or her MacBook, PC, iTouch and they're instantly connected to the network...just as they would be on campus.<br /><br />Data encryption and an integrated firewall provide comprehensive network security for all RAPs, while centralized management ensures speedy diagnostics and updates right over the network.</span><br /><br /><span style="font-family:arial;">You don't have to suffer a double budget hit to get best-in-class campus Wi-Fi and secure remote access. So check out<span style="text-decoration: underline;"></span> <a href="http://www.arubanetworks.com/products/remote_access_points.php">VBN</a> and leave it to someone else to relearn the lessons of Wi-Fi.</span><span style="font-family:arial;"><span style="font-family:arial;"><br /></span></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-80807442605290206762010-03-04T21:37:00.000-08:002010-03-05T09:56:15.410-08:00The Lessons of Wi-Fi #11: Aesthetics Matter<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S5CpT90wsPI/AAAAAAAAAHU/ayCdBEny8Ro/s1600-h/Aesthetics.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 252px; height: 320px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S5CpT90wsPI/AAAAAAAAAHU/ayCdBEny8Ro/s320/Aesthetics.jpg" alt="" id="BLOGGER_PHOTO_ID_5445038109969395954" border="0" /></a><span style="font-family:arial;">If you walk around most any IT trade show, a harsh reality sinks in. While a lot of engineering goes in hardware and software design, spending is often miserly when it comes to packaging design. </span><span style="font-family:arial;"><br /><br />Consumer companies hire world-class designers - or design firms like <span class="blsp-spelling-error" id="SPELLING_ERROR_0">IDEO</span> - to create products with rakish, timeless good looks. The resulting products fit well in virtually any decor.</span><span style="font-family:arial;"><br /><br />Step into the enterprise market and things change. Evidently many enterprise vendors believe that function trumps form. Make a product function well and no one will care that it was hit with the ugly stick. Even if the products are intended for open display - on ceilings in Board Rooms, classrooms, branch offices.</span><span style="font-family:arial;"><br /><br />The Lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_2">Fi</span> #11: aesthetics matter. Businesses and institutions spend fortunes, large and small, with architects and interior designers to ensure that their facilities are attractive. Every component that goes into a building - from fire sprinkler heads to smoke detectors to wiring devices - must pass muster. How could any IT <span class="blsp-spelling-error" id="SPELLING_ERROR_3">vendo</span></span><span style="font-family:arial;">r believe</span><span style="font-family:arial;"> that the very same aesthetics standards don't also apply to IT gear. Especially publicly visible devices like <span class="blsp-spelling-error" id="SPELLING_ERROR_4">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_5">Fi</span> access points.</span><span style="font-family:arial;"><br /><br />Visit an IT trade show and you'll see shoe-box sized <span class="blsp-spelling-error" id="SPELLING_ERROR_6">APs</span>, bristling with dark, leg-like antennas. And squat <span class="blsp-spelling-error" id="SPELLING_ERROR_7">APs</span>, disk-shaped like the calling card of a digital elephant. And bulbous <span class="blsp-spelling-error" id="SPELLING_ERROR_8">APs</span> shaped like a knight's helmet.<br /><br /> In the landscape of the ceiling, camouflage is paramount: a diminutive, sleek design with neutral colors and a shape that matches other ceiling fixtures fits in best.</span><span style="font-family:arial;"> At Aruba we use world-class packaging designers to help our indoor access points blend into their surroundings. Our AP-105 Access Point is the smallest enterprise-class 802.11n AP on the market, and neutrally blends into any public environment. While its stellar performance calls attention to the product, its packaging does not.<br /></span><span style="font-family:arial;"><br />You don't have to compromise aesthetics to get best-in-class <span class="blsp-spelling-error" id="SPELLING_ERROR_9">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_10">Fi</span>. So check out the <a href="http://www.arubanetworks.com/products/access-points/ap-105.php">AP-105</a>, and leave it to someone else to relearn the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_11">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_12">Fi</span>.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-75802162016399165182010-03-03T20:53:00.000-08:002010-03-03T22:31:12.088-08:00The Lessons of Wi-Fi #10: A Bad Tool Will Never Find A Good Network<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S49ROBanfuI/AAAAAAAAAHM/o4bRC6qu8H8/s1600-h/Bent+Hammer.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 212px; height: 320px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S49ROBanfuI/AAAAAAAAAHM/o4bRC6qu8H8/s320/Bent+Hammer.jpg" alt="" id="BLOGGER_PHOTO_ID_5444659775854313186" border="0" /></a><span style="font-family:arial;">You need a new Wi-Fi network for your school. The legacy system is a patchwork of consumer Wi-Fi gear and</span><img src="file:///C:/Documents%20and%20Settings/mtennefoss/Desktop/Bent%20Hammer.jpg" alt="" /><span style="font-family:arial;"> just can't handle your multi-media, throughput, and security requirements. Moreover the old network is a bear to manage because it doesn't provide any diagnostic information about the cause of increasingly frequent network outages.<br /><br />One of the vendors you call in gives you a nifty sales pitch about their newfangled access points and even throws in a free network survey. When you ask about network management the sales person says they have a system that automatically discovers, configures, and monitors the whole wireless network, and can scale from single sites to cover the whole school district.<br /><br />"But what</span><span style="font-family:arial;"> if a problem originates in the wired network or in a mobile device? Or</span><span style="font-family:arial;"> I want to manage the wired switches? How do I handle those scenarios?" you ask. All you draw in return is a blank stare.<br /><br />The Lessons of Wi-Fi #10: to paraphrase a late13th century French proverb, mauvés hostill ne trovera ja bon network - a bad tool will never find a good network. Network management is really about optimizing operations management, about how to keep a network running 99.9999% of the time. Configuration and monitoring are only small pieces of the work that needs to be done.<br /><br />Physicians train for hundreds and hundreds of hours to properly handle emergencies. Why? Because patients rarely die waiting for routine check-ups. It's in an emergency - when the stakes are high and time is very short - when they must prove their mettle. The same is true for network management tools.<br /><br />Wireless networks don't work in isolation. Their operation depends on a wired core, closet switches, cabling, and the mobile devices with which they're associated. A fault could happen anywhere along this chain but "look" like it originated in the Wi-Fi network because that's where the problem first surfaced. A monitoring and diagnostics tool that only looks at the operation of the wireless network will stumble badly in this situation. And the consequence? Classes come to a halt, business stops, patients wait. Pretty bad.<br /><br />Aruba's AirWave 7 tool is different. It's an operations solution that integrates the management of wireless networks, wired infrastructure, and client devices into a single interface. AirWave 7 provides a single point of visibility and control for the entire network edge, including wired and wireless infrastructure as well as individual client devices. In so doing, AirWave 7 reduces the cost and complexity of network management, while improving service quality for users.<br /><br />A Mobile Device Management module gives IT managers control over mobile client devices from the same intuitive console they use to manage the network infrastructure. From a single console managers can supervise mobile devices, access points, controllers, and wired edge switches, including vital performance data, port utilization statistics and error data. By integrating monitoring of the wired and wireless infrastructure, the software facilitates faster and more accurate root-cause analysis.<br /><br />And AirWave 7 is a multi-vendor tool. </span><span style="font-family:arial;"> It works with Cisco and HP switches, among others, and supports wireless LANs made by more than 15 vendors, including Aruba, </span><span style="font-family:arial;">Cisco, HP, and Motorola. You're only out of luck if you own non-standard products or products from small niche vendors.<br /><br />If you'd like to get the whole picture on network management you've only to visit the <a href="http://www.arubanetworks.com/products/airwave_management.php">AirWave product site</a> to see what real operations management can do for you. And leave it to someone else to relearn the lessons of Wi-Fi.<br /><br /></span><span style="font-family:arial;"></span><span style="font-family:arial;"></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-30779742455813672052010-03-01T16:44:00.000-08:002010-03-01T17:11:13.206-08:00The Lessons of Wi-Fi #9: Use Analysts & Audited Financials To Validate Vendor Claims<span style="font-family:arial;"><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/Sr6XvazwERI/AAAAAAAAADw/l5qLCbVrQwY/s1600-h/iStock_000007128409XSmall+cowboy+hat.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 217px; height: 320px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/Sr6XvazwERI/AAAAAAAAADw/l5qLCbVrQwY/s320/iStock_000007128409XSmall+cowboy+hat.jpg" alt="" id="BLOGGER_PHOTO_ID_5385909045287719186" border="0" /></a><span style="font-family:arial;">A loud-talking <span class="blsp-spelling-corrected" id="SPELLING_ERROR_0"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">ranchman</span></span> applies to a banker for a loan. The banker asks a neighbor if the rancher is a good credit risk. The neighbor ponders for a moment and then replies “Big hat, no cattle.” False bravado is funny when it’s the stuff of fiction, less so in real life – especially for customers snagged by rhetorical barbs. </span> <span style="font-family:arial;"><br /><br />And yet it happens again and again. Each year the networking world is introduced to “big hat” products with features and specifications so too-good-to-be-true that we let ourselves be reeled in. Why we don’t see through the shiny veneer and ask for proof of pedigree is a wonder. But it happens all the same.</span> <span style="font-family:arial;"><br /><br />The Lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_1">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_2">Fi</span> #9: use analysts and audited financials to validate vendor claims. Neutral independent industry analysts like Burton Group, </span><span style="font-family:arial;"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">Canalys</span>, </span><span style="font-family:arial;"><span class="blsp-spelling-error" id="SPELLING_ERROR_4">Gartner</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_5">IDC</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_6">Infonetics</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_7">InfoTech</span>, and Yankee Group can quickly assess vendors' technical claims</span><span style="font-family:arial;">.<br /><br />And don't forget to check financials - audited financials - because you want your vendor to be in business should you need assistance or spare parts. If a vendor won't give up the numbers - or the numbers are substandard - then you have grounds for real concern.<br /><br />A quick example will put the discussion in context. In 2008 a “big hat” four-radio 802.11n access point was announced that claimed to deliver 1.2 <span class="blsp-spelling-error" id="SPELLING_ERROR_1"><span class="blsp-spelling-error" id="SPELLING_ERROR_8">gigabit</span></span>s-per-second of aggregate capacity. The data sheet claimed that the four radios worked in tandem, enabling users to dramatically reduce the number of access points and additional security sensors, thereby reaping savings on cabling, connection and installation costs. </span><span style="font-family:arial;"><br /><br />Still, the press ate it up. A flurry of articles expounded the virtues of delivering multiple <span class="blsp-spelling-error" id="SPELLING_ERROR_2"><span class="blsp-spelling-error" id="SPELLING_ERROR_9">HD</span></span> streams to an entire building, with perfect coverage, at almost no cost. The world would soon be saturated with multi-<span class="blsp-spelling-error" id="SPELLING_ERROR_10">adio</span> <span class="blsp-spelling-error" id="SPELLING_ERROR_3"><span class="blsp-spelling-error" id="SPELLING_ERROR_11">APs</span></span>, the unwashed masses blanketed with 802.11n. Wow, where do I sign up?</span> <span style="font-family:arial;"><br /><br />Fast forward to late 2009. The “big hat” super duper access point was no more. It simply vanished from the vendor’s Web site, its demise a secret. Was it ever built? No. But the company received undeserved publicity and that reeled in some unsuspecting customers</span>.<br /><br /><span style="font-family:arial;">To paraphrase <a href="http://www.lawineclub.com/f-store/PaulMasson.jpg">Orson Wells</a>, companies should herd no cattle before their time. Industry analysts can help you separate claims from reality. If an analyst says that a vendor can't <span class="blsp-spelling-error" id="SPELLING_ERROR_12">excute</span> well, refuses to divulge shipment numbers, and/or lacks technical vision</span><span style="font-family:arial;"> - well, your due diligence is over.<br /></span><span style="font-family:arial;"><br />The next time you see or hear about a product that appears to be too good to be true, </span><span style="font-family:arial;">separate the hats from the herds - </span><span style="font-family:arial;">kick the tires, test the features, validate the design. Those impressive features might be chimeras or, as with Aruba's AP-105 802.11 Access Point, the genuine article.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-69567747787075360252010-03-01T08:19:00.000-08:002010-03-01T08:22:06.223-08:00The Lessons of Wi-Fi #8: You Can Fund Your Wi-Fi Deployment By Rightsizing Your Wired LAN.<span style="font-family:arial;"><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/SrbxY9M-PCI/AAAAAAAAADo/OrCpr5fTEHU/s1600-h/iStock_000006711564XSmall.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 212px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/SrbxY9M-PCI/AAAAAAAAADo/OrCpr5fTEHU/s320/iStock_000006711564XSmall.jpg" alt="" id="BLOGGER_PHOTO_ID_5383755815616134178" border="0" /></a><span style="font-family:arial;">By any measure the California State University (CSU) system is enormous, encompassing 23 different campuses, nearly 450,000 students, and 48,000 faculty and staff.<br /><br />Recently the university system was faced with a massive and potentially hugely expensive wired network refresh to upgrade infrastructure that was approaching the end of its service life. At the same time, the CSU system was experiencing a surge in the demand for network access across all of its campuses. In the absence of a budget for a Wi-Fi solution, which would have allowed one wired port to be simultaneously shared among many users, the IT staff was concerned that the need for Ethernet ports and switches would double. </span> <span style="font-family:arial;"><br /><br />What would you do in this circumstance? Expand the wired network? Seek additional funds for a wireless initiative? Restrict access to the network?</span> <span style="font-family:arial;"><br /><br />Those who forget the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_4">Fi</span> are doomed to repeat them. Lesson #8: you can fund your Wi-Fi deployment by rightsizing your wired LAN.</span><span style="font-family:arial;"><br /></span><br /><span style="font-family:arial;">Cisco </span><span style="font-family:arial;">suggests that the right solution was to expand the wired network with perhaps a smattering of wireless in lecture halls. Why? In a paper titled </span><span style="font-family:arial;"><a style="font-style: italic;" href="http://bit.ly/bDyBP">True-Sizing the Network</a>, </span><span style="font-family:arial;">Cisco claims that Ethernet is future proof, more secure, and more reliable than wireless networks.</span><span style="font-family:arial;"> In fact it marginalizes Wi-Fi, relegating it to situations in which Ethernet cannot otherwise be used. </span><span style="font-family:arial;"><br /><br />The twisted “true-sizing” message short changes end users because it fails to take into consideration changes in user preferences, markets trends, and technology that have occurred in recent years:</span><span style="font-family:arial;"><br /></span><ul><li><span style="font-family:arial;">iSuppli reports that shipments of laptops surpassed desktops (38.6M vs. 38.5M) in 3 Q 08;</span></li><li><span style="font-family:arial;">Yankee Group estimates that enterprises with no Wi-Fi access will drop from 43% in 2006 to just 3% in 2012;</span></li><li><span style="font-family:arial;">Burton Group states that 802.11n marks the beginning of the end for wired Ethernet as the dominant LAN access technology in the enterprise;</span></li><li><span style="font-family:arial;">Best-in-class Wi-Fi networks sport WPA2 encryption, wireless intrusion detection, policy enforcement firewalls, and FIPS 140-2/Common Criteria/DoD validation - making them equal or more secure than most wired networks.</span></li></ul><span style="font-family:arial;">The best solutions for end users originatefrom understanding how and where they want to use the network, and then designing networks that meet those needs. </span> <span style="font-family:arial;"><br /><br />Aruba's <a href="http://bit.ly/Vq6xE">network rightsizing</a> program defines just such a process - measure wired port utilization, consolidate ports in use into fewer switches, and deploy 802.11n wireless to address mobility needs. Use Wi-Fi everywhere you can, wired networks only where you must. If savings are to be had, the rightsizing analysis process will tease them out. If not, then that will also be made clear. Either way, the network rightsizing analysis will offer insights into network and port utilization that might not be intuitively obvious.</span> <span style="font-family:arial;"><br /><br />Returning to CSU, what the IT staff decided to do was to obtain more data by measuring wired port usage. What they found surprised them: wired ports across all 23 campuses were consistently underutilized. More than half of the wired ports had passed no packets during the previous six months. </span> <span style="font-family:arial;"><br /><br />Armed with these data, the team decided to embark on a new approach. Instead of upgrading the entire wired network, something they had historically done every 4-5 years, they looked at the opportunity before them with fresh eyes.</span><br /><br /><span style="font-family:arial;">Wi-Fi was determined to be a reliable, low-cost option for delivering pervasive campus connectivity. Several campuses had already deployed some Aruba wireless LAN equipment, mostly for coverage in selected high-usage areas, and San Diego State University had built a relatively large WLAN on their campus. The Aruba WLAN had proven to be highly secure, scalable and reliable. It also allowed for a scaled-back refresh of the wired network, saving money by limiting upgrades only to the wired ports that were actually used.</span> <span style="font-family:arial;"><br /><br />CSU's IT staff created a database that included every telecommunication room, the number of ports in each room, and the number of those ports that were actively</span> <span style="font-family:arial;">used. A formula was developed to define the refresh requirements of each of the 23 campuses based on this measurement. </span> <span style="font-family:arial;"><br /><br />By applying this formula across all 23 campuses, CSU was <span style="font-weight: bold;">able to save approximately $30 million</span> by reducing the scale of the wired network refresh and enhancing network access with Aruba’s Wi-Fi solutions.</span> <span style="font-family:arial;"><br /><br />The CSU system still uses wired networks but they've been rightsized to address actual and projected utilization. Wireless network utilization has risen sharply, because users are taking advantage of the mobility afforded by the expanded 802.11n network. And CSU saved a whopping big chunk of change that can be applied to other programs and opportunities.</span> <span style="font-family:arial;"><br /><br />Network rightsizing is a proven method of assessing and adjusting your network infrastructure. The <a href="http://bit.ly/uvjbu">California State University rightsizing program</a> is a testament to the validity and value of the rightsizing model. </span> <span style="font-family:arial;"><br /><br />While the rightsizing mantra is to use wireless wherever you can, wired only where you must, the model makes no presumptions about the right mix of wired and wireless access. Proponents of “true-sizing” maintain no such neutrality. Their bias towards Ethernet marginalizes Wi-Fi, and in so doing deprives end users of the potential cost savings and mobility/efficiency gains that organizations like CSU have obtained.</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-4640088829112620392010-03-01T07:42:00.000-08:002010-03-01T08:21:43.661-08:00The Lessons of Wi-Fi #7: You Don't Need Unobtainium To Build Great Wi-Fi Products<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/StJc2r_rZKI/AAAAAAAAAEI/Vkkr_reB-3U/s1600-h/269-28-DIP.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 168px; height: 168px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/StJc2r_rZKI/AAAAAAAAAEI/Vkkr_reB-3U/s320/269-28-DIP.jpg" alt="" id="BLOGGER_PHOTO_ID_5391473798508405922" border="0" /></a><span style="font-family:arial;">Introduced in July 1979, the <a href="http://bit.ly/OySZW"><span class="blsp-spelling-error" id="SPELLING_ERROR_0">Zilog</span> Z80</a> was an 8-bit microprocessor that operated on 1, 4, 8, or 16-bit data, had a 16-bit address bus, generated its own </span><span style="font-family:arial;">RAM refresh signals, and would run programs originally designed for Intel’s 8080 CPU. The flexibility of the design made it suitable for a <span class="blsp-spelling-corrected" id="SPELLING_ERROR_1">very</span> wide range of consumer, industrial, and military applications spanning from the Tandy <span class="blsp-spelling-error" id="SPELLING_ERROR_2">TRS</span>-80 computer to programmable logic controllers to naval weapon systems. Prices fell as volumes rose, and the Z80 was one of the most popular 8-bit <span class="blsp-spelling-error" id="SPELLING_ERROR_3">CPUs</span> for many years following its original introduction.<br /></span><br /><span style="font-family:arial;">One of the wonders of semiconductor technology is that a standard part like the Z80 can find its way into so many different applications. The very same <span class="blsp-spelling-error" id="SPELLING_ERROR_4">CPUs</span>, memories, amplifiers, voltage regulators, and/or transceivers found in consumer products in your home might be found in automobiles, office equipment, factory production lines, airplanes, or ships. What differs is how the part is applied, packaged, and tested. In other words, you don't always need custom parts made of <span class="blsp-spelling-error" id="SPELLING_ERROR_5">unobtainium</span> to perform specialized tasks in demanding environments.<br /><br /></span><span style="font-family:arial;">What happened to the Z80 in the 1970s is happening today with 802.11n chip sets. Chip set vendors are designing a common set of 802.11n parts for use in enterprise, <span class="blsp-spelling-error" id="SPELLING_ERROR_6">SMB</span>, gateway, and home access point and router products. Doing so drives up the volume of sales, resulting in production economies that boost profit margins for chip vendors even as prices fall for end users.</span><br /><span style="font-family:arial;"><br />One of the largest <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_8">Fi</span> chip vendors – <span class="blsp-spelling-error" id="SPELLING_ERROR_9">Atheros</span> – sells its AR9002AP-4<span class="blsp-spelling-error" id="SPELLING_ERROR_10">XHG</span> chip set for all of the above referenced applications. The chip set features extensive component integration, a small form factor, and low overall cost. The fact that the AR9002AP-4<span class="blsp-spelling-error" id="SPELLING_ERROR_11">XHG</span> finds its way into such a diverse range of applications speaks volumes about the potential flexibility and robustness of the design. I say potential because whether the objective is realized or not depends on the implementation of the final <span class="blsp-spelling-error" id="SPELLING_ERROR_12">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_13">Fi</span> device.</span><span style="font-family:arial;"><br /><br /></span><span style="font-family:arial;">Those who forget the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_4">Fi</span> are doomed to repeat them. Lesson #7: </span><span style="font-family:arial;">you don't need unobtainium to build great Wi-Fi products.</span><br /><span style="font-family:arial;"><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/StJ-SUBy4iI/AAAAAAAAAEQ/UHo5W8aE5Mc/s1600-h/AP105_white.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 320px; height: 230px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/StJ-SUBy4iI/AAAAAAAAAEQ/UHo5W8aE5Mc/s320/AP105_white.jpg" alt="" id="BLOGGER_PHOTO_ID_5391510556994888226" border="0" /></a><span style="font-family:arial;">Just as naval weapon system vendors leveraged a common Z80 design to create very unique and rugged products, so, too, has Aruba leveraged an 802.11n chip set targeted at a broad market in the design of its unique <a href="http://bit.ly/3snnjF">AP-105 802.11n Access Point</a>. The AP-105 was tailored to demanding enterprise applications, and special care was taken in the design of the packaging, antennas, power supply, and security features to make the product both robust and exceptionally fast. A great AP, with a great standard 802.11n chip set, selling for a great price.<br /></span><span style="font-family:arial;"><br />The result is an enterprise-class 802.11n access point that has higher throughput and more features than <span class="blsp-spelling-error" id="SPELLING_ERROR_14">Cisco</span> access points, </span><span style="font-family:arial;">yet sells for roughly 40% less money. So much less that <span class="blsp-spelling-error" id="SPELLING_ERROR_15">Cisco</span> felt compelled to <span class="blsp-spelling-error" id="SPELLING_ERROR_16">pu</span></span><span style="font-family:arial;">ll apart the AP-105 to find out what makes it tick (they did the same when Aruba's high-end kick-ass AP-125 802.11n Access Point was released).<br /><br />Their conclusion? The AP-105 is <span class="blsp-spelling-error" id="SPELLING_ERROR_17">unobtainium</span>-free and therefore no better than a consumer product. You know, like that </span><span style="font-family:arial;">cell phone you rely on for emergency calls 24x7, or that <span class="blsp-spelling-error" id="SPELLING_ERROR_18">iPod</span> that has delivered faithful service every day at the gym. Comparing the reliability of the </span><span style="font-family:arial;">AP-105 to that of a consumer product is not an insult. At the end of the day, <span class="blsp-spelling-error" id="SPELLING_ERROR_19">Cisco</span> still has to explain why the AP-105 is faster, more feature rich, less expensive, and easier to install than its own run-of-the-mill, over-priced, <span class="blsp-spelling-error" id="SPELLING_ERROR_20">unobtainium</span>-based access points.</span><span style="font-family:arial;"><br /><br />So with the wind of good design at our backs, and <span class="blsp-spelling-error" id="SPELLING_ERROR_21">unobtainium</span> nowhere to be seen, the AP-105 is flying off the shelves, charting a path the Z80 followed.</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-81787852432147364762010-03-01T07:28:00.000-08:002010-03-06T16:52:43.085-08:00The Lessons of Wi-Fi #6: Sleight-Of-Hand Is No Substitute For Good Product Design<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S2zfq-MEQYI/AAAAAAAAAFA/-CZUpCiR6Os/s1600-h/Magician+black+3.JPG"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 200px; height: 176px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S2zfq-MEQYI/AAAAAAAAAFA/-CZUpCiR6Os/s200/Magician+black+3.JPG" alt="" id="BLOGGER_PHOTO_ID_5434964779670454658" border="0" /></a><span style="font-family:arial;">Would you ever strap a PC to your ceiling and run it there? Probably not. What about inside the plenum space above the ceiling? Nope.<br /><br />Accessibility aside, the ceiling and plenum are hostile environments for electronics that aren't specifically designed for the vibration, temperature extremes, and blown dust typical of these locations.</span><br /><br /><span style="font-family:arial;">If you look inside devices designed for this environment - smoke detectors, passive infrared </span><span style="font-family:arial;">sensors, quality Wi-Fi access points - what you WON'T find are vibration-sensitive connectors (like SIMM sockets), moving parts (like fans), and modular circuit boards that could wiggle loose. These devices are typically designed to have high mean time between failure (MTBF) ratings, something impossible to achieve with commercial SIMMs or fan-based power supplies.</span> <span style="font-family:arial;">It seems so intuitive...and yet.</span><span style="font-family:arial;"></span><br /><br /><span style="font-family:arial;">Those who forget the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_4">Fi</span> are doomed to repeat them. Lesson #6: sleight-of-hand is no substitute for good product design. Wi-Fi access points need to be designed from the ground-up to withstand the rigors of ceiling and outdoor mounting environments.</span><span style="font-family:arial;"><br /><br /></span><span style="font-family: arial;">Consider </span><span style="font-family:arial;">Wi-Fi arrays, which are e</span><span style="font-family:arial;">ffectively PC motherboards with a fleet of sockets, add-on modules, plug-in connectors, and memory SIMMs. They even conjured up a fan-based PC-like power supply - n</span><span style="font-family:arial;">o standard 802.3af Power-over-Ethernet here. And when it fails you've lost 4+ radios at one time. The only workaround is to double-up the number of arrays, a real budget sink. Arrays just aren't designed with </span><span style="font-family:arial;">long </span><span style="font-family:arial;">service life, energy efficiency, or network resiliency in mind. That's the reason why no leading vendors in the Wi-Fi market sell arrays.<br /><br />Aruba Wi-Fi access points have n</span><span style="font-family:arial;">o fans, no SIMM sockets</span><span style="font-family:arial;">. </span><span style="font-family:arial;">Our 802.11n access points are designed for the rigors of ceiling and plenum mounting, and run from standard 802.3af PoE. MTBF ratings are excess of 250,000 hours - more than 28 years. </span><span style="font-family:arial;">And should an access point go down, Aruba's Adaptive Radio Management adjusts the power of near-by access points to self-heal the coverage gap. Automatically.<br /><br /></span><span style="font-family:arial;">They'll provide years of reliable service and are backed by a lifetime warranty.</span><span style="font-family:arial;"> And they cost less than an array-based system. A lot less.<br /><br />So the next time you consider upgrading your wireless LAN, think about the environment in which the equipment will be used. Reliable products don't happen by magic - they happen by design.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-49494103921258311362010-02-16T20:31:00.000-08:002010-03-04T19:06:12.575-08:00The Lessons Of Wi-Fi #5: Eggs Break So Don't Put Them All In One Access Point<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S3txbK98KrI/AAAAAAAAAGw/uQlIQ57lXxs/s1600-h/EggsInABasket.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 320px; height: 213px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S3txbK98KrI/AAAAAAAAAGw/uQlIQ57lXxs/s320/EggsInABasket.jpg" alt="" id="BLOGGER_PHOTO_ID_5439065686594562738" border="0" /></a><br /><span style=";font-family:";font-size:100%;" >Let's consider an alternate ending to Lesson #4. You need wireless access across an entire floor of your building, and a Wi-Fi vendor with shiny white tasseled loafers planted on your desk says he has just the solution: a single16-radio access point that will provide coverage across the whole floor and will save you a bundle in installation costs. How can you go wrong? </span><span style=";font-family:";font-size:100%;" >Think of the cost savings: only one access point to buy, only one access point to wire.</span><br /><span style=";font-family:";font-size:100%;" ><br /></span><span style=";font-family:";font-size:100%;" >Those who forget the lessons of Wi-Fi are doomed to repeat them. Lesson #5: eggs break - don't put them all in one access point. </span><br /><span style=";font-family:";font-size:100%;" ><br />What appears alluring at first glance is really false economy. One single failure and there's nothing between you and a totally dead network - you'll have lost the entire floor<span style="color:black;">. </span></span><span style=";font-family:";font-size:100%;" ><span style=""><span style="color:black;">A</span> 16<span style="color:black;">-</span>radio access point on a single cable sounds <span style="color:black;">cool but </span>it only gives you coverage – not capacity (you'll need a lot more radios, cables, and switch ports for that. And it offers no redundancy against failures like a dead CPU or memory.</span></span><br /><br /><span style=";font-family:";font-size:100%;" >How about just throwing in a second 16-radio access poin<span style="color:black;">t for redundancy?</span> Even if you could align it to deliver the same coverage pattern, your hardware costs would be blown sky high. <span style="">And if you're using 802.11n<span style="color:black;">, you’ll further drain the bank by needing additional </span>expensive power supplies and even more cables and ports.</span></span><br /><span style=";font-family:";font-size:100%;" ><span style="color:black;"><br />With</span> a <span style="">multi<span style="color:black;">-</span>access </span></span><span style=";font-family:";font-size:100%;" ><span style="">point</span></span><span style=";font-family:";font-size:100%;" ><span style="">, multi-channel design<span style="color:black;">, any coverage gap created by the loss of a </span>single access point is mitigated by nearby access points. Load balancing handles high density scenarios while airtime fairness handles different mixes of 80211a/b/g/n clients. And using separate access points allows you to cover rooms and labs and lathe walls and metal-foil wall paper that can't be penetrated from outside - even by a single, centrally-located 16-radio array. </span><br /><br /><span style="">The question to ask<span style="color:black;"> yourself</span> is what is the cost of a failure?</span> How much will you lose if the entire office wireless network goes down for a day<span style="color:black;">? </span><span style=""> </span>Or <span style="color:black;">students can’t access the Internet</span>? Or a <span style="color:black;">trade show network stops running?</span> For most users, the cost of putting all of your eggs in one access point is too high.<br /><br />You've now discovered why no major wireless LAN vendors pack so many radios into a single access point. It's false economy because it puts your business at risk should a failure occur.</span><span style=";font-family:";font-size:100%;" ><span style="font-family:arial;"><br /><br />And as far as cost differences, </span></span><span style=";font-family:";font-size:100%;" >they've all but evaporated with Aruba's newest 802.11n access points. </span><span style="font-family:arial;">You don't need to take my word for it - <a href="http://bit.ly/aGeRda">Gartner's 2009 Wireless LAN Infrastructure Magic Quadrant</a> spells it out in black and white.</span><br /><span style=";font-family:";font-size:100%;" ><br />If you'd like to get the whole picture on Wi-Fi architecture you've only to download our free white paper, <span class="apturelink"><a href="http://www.arubanetworks.com/pdf/technology/whitepapers/wp_RFARCH.pdf">WLAN RF Architecture Primer</a></span>. And leave it to someone else to relearn the lessons of Wi-Fi.</span><span style="font-size:100%;"><br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-9217576881912628352010-02-11T15:51:00.000-08:002010-03-01T07:34:39.882-08:00The Lessons Of Wi-Fi #4: All Wi-Fi Vendors Live By The Same Rules of Physics<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://2.bp.blogspot.com/_NiHahXlkVgY/S3SZ98NwKdI/AAAAAAAAAGY/fRb61rAfa14/s1600-h/Fibbing.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 214px; height: 320px;" src="http://2.bp.blogspot.com/_NiHahXlkVgY/S3SZ98NwKdI/AAAAAAAAAGY/fRb61rAfa14/s320/Fibbing.jpg" alt="" id="BLOGGER_PHOTO_ID_5437139939557910994" border="0" /></a><span style="font-size:100%;"><span style="font-family:arial;">You've invited Wi-Fi vendors to your facility to discuss a new Wi-Fi project. You need wireless access across an entire floor of your building which includes open plan seating, conference rooms, and executive offices. This will be the primary form of network access and it needs to work. All the time.</span><span style="font-family:arial;"><br /><br />It's late afternoon. A Wi-Fi vendor sits across from you in his white suit and black shirt, the very model of semi-neo-avant garde stylin. His shiny white tasseled loafers are firmly planted on the corner of your desk. He looks you straight in the eyes and says that his access point transmits radio signals farther than anyone else's. "It uses special technology. Yes, it's expensive, but by packing sixteen super duper radios in one unit you'll save a bundle because you only need one access point to cover the entire floor." Wow! How can you go wrong?</span><span style="font-family:arial;"><br /><br />Those who forget the lessons of Wi-Fi are doomed to repeat them. Lesson #4: we all live by the same laws of physics, and no Wi-Fi vendor has yet bent them to their will.</span><span style="font-family:arial;"><br /><br />The maximum output of a radio at any given frequency is dictated by local regulatory agencies. In most countries 100 milliWatts is the upper limit of what an indoor access point is permitted to output. Regardless of vendor and irrespective of Wi-Fi chip vendor - Atheros, Broadcom, Intel, etc. There is a level playing field when it comes to building radios.</span><span style="font-family:arial;"><br /><br />What vendors can do is twiddle with antennas, using directional antennas to focus the allowed radio energy into more well defined beams. And, indeed, doing so can project radio signals longer distances.</span><span style="font-family:arial;"><br /><br />The issue is that Wi-Fi networks are bidirectional - there's something on the receiving end of those directional antennas. Low power clients like iPhones and netbooks aren't equipped with directional antennas, much less ones that are easily focused on access points. They may be able to hear distant access points but the access points may be unable to hear them - even if directional antennas are used - because they don' use high power radios.</span><span style="font-family:arial;"><br /><br />Additionally,as we learned in Lesson #3, bit rate is inversely proportional to range. In a shared medium like 802.11 where only one device transmits at any one time, lower data rates mean less available air-time for data on that entire 802.11 channel. So even if an access point and its clients can communicate, the throughput from the clients to the access point will be relatively low. Not good for voice. Not good for video. Not good for you.</span><span style="font-family:arial;"><br /><br />You don't get something for nothing, but you can find yourself with nothing from something. The Wi-Fi standards anticipated the use of multiple access points, and that's how clients are designed to work. Pushing the limits of how far a Wi-Fi signal can be made to propagate has heuristic value, but when it comes to real-world deployments it can jeopardize the functionality and reliability of your network.</span><span style="font-family:arial;"><br /><br />It's best just to tell the vendor to take his shoes off your desk and sell his wares elsewhere - you're having none of it.</span></span><span style=";font-family:arial;font-size:100%;" ><br /><br />If you'd like to get the whole picture on Wi-Fi architecture you've only to download our free white paper, <span class="aptureLink " id="apture_prvw1"><span style="background-position: right -448px;" class="aptureLinkIcon"> </span><a class="aptureLink snap_noshots" href="http://www.arubanetworks.com/pdf/technology/whitepapers/wp_RFARCH.pdf">WLAN RF Architecture Primer</a></span></span><span style="font-family:arial;"><span style=";font-family:arial;font-size:100%;" ><span style=";font-family:arial;font-size:100%;" >. And leave it to someone else to relearn the lessons of Wi-Fi.</span><br /></span><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-17609674939687939232010-02-10T21:50:00.000-08:002010-03-01T07:34:54.318-08:00The Lessons Of Wi-Fi #3: Wireless Coverage ≠ Wireless Capacity<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S3OtLkdpHiI/AAAAAAAAAGQ/_xDiC9zIlKI/s1600-h/Cheese.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 214px; height: 320px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S3OtLkdpHiI/AAAAAAAAAGQ/_xDiC9zIlKI/s320/Cheese.jpg" alt="" id="BLOGGER_PHOTO_ID_5436879589444492834" border="0" /></a><span style="font-family:arial;">You're excited - the two bids you were expecting for your new <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_1">Fi</span> network have just arrived. You rip open the envelopes and then stare in disbelief.<br /><br />The first bid - the low bid - includes fewer than 100 access points and a note stating that the access points are specially designed to operate at full power at all times so fewer are required. The second bid includes 135 access points and a note about meeting bandwidth capacity requirements and providing resiliency in the event of failure. Both vendors had the same set of plans to review, both did a walk-through of the facility. How could their bids be so different?</span><span style="font-family:arial;"><br /><br />Those who forget the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_2">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_3">Fi</span> are doomed to repeat them. Lesson #3: wireless coverage ≠ wireless capacity. Designing for coverage means providing a discernible <span class="blsp-spelling-error" id="SPELLING_ERROR_4">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_5">Fi</span> signal everywhere without regard for network speed. The access points on these networks are typically run at full output power so the signal coverage is <span class="blsp-spelling-error" id="SPELLING_ERROR_6">max'd</span> out. They're also spaced with minimal or no overlapping coverage. As a result fewer access points are required.<br /><br /></span><span style="font-family:arial;">The downsides of designing for coverage? Many. Consider these two:</span><span style="font-family:arial;"><br /></span><ul><li><span style="font-family:arial;">Bit rate: There is an inverse relationship between bit rate and range. The farther away a <span class="blsp-spelling-error" id="SPELLING_ERROR_7">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_8">Fi</span> device moves from an access point, the lower the bit rate. <span class="blsp-spelling-error" id="SPELLING_ERROR_9">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_10">Fi</span> devices operating at the fringe of the coverage area will be very slow indeed. Too slow for voice, streaming video, electronic white boarding, and many other applications;</span></li></ul><ul><li><span style="font-family:arial;">Failure happens - but this design can't deal with it. If an access point fails, nearby access points can't increase their output power to fill in the coverage gaps.<br /></span></li></ul><span style="font-family:arial;">Designing for coverage is okay if consistent network performance and resiliency are unimportant. Otherwise it should be avoided.</span> <span style="font-family:arial;"><br /><br />In networks that are designed for capacity, the required bandwidth is available throughout the coverage area. Application performance will therefore be universally uniform.<br /><br />Planning for capacity requires more access points because the distance to laptops, <span class="blsp-spelling-error" id="SPELLING_ERROR_11">iPhones</span> and other clients needs to be more limited (remember rate vs. range) for robust, high-speed operation. They're also needed to ensure adequate load balancing, a feature especially important in areas with densely packed clients such as classrooms, lecture halls, and trading floors. The benefits far, far outweigh the cost - you end up with a resilient network on which you can consistently depend for years of service.<br /><br />Some vendors play on customers' lack of familiarity with the difference between coverage and capacity. </span><span style="font-family:arial;">When it comes to reviewing bids and proposals, take note of differences in the number of access points and claims about "unique" features affecting coverage. </span><span style="font-family:arial;">If you fall for the coverage </span><br /><span style="font-family:arial;"><br /></span><span style="font-family:arial;">If you'd like to get the whole picture on <span class="blsp-spelling-error" id="SPELLING_ERROR_12">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_13">Fi</span> architecture you've only to download our free white paper, <a href="http://www.arubanetworks.com/pdf/technology/whitepapers/wp_RFARCH.pdf"><span class="blsp-spelling-error" id="SPELLING_ERROR_14">WLAN</span> RF Architecture Primer</a></span><span style="font-family:arial;">. And leave it to someone else to relearn the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_15">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_16">Fi</span>.</span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-36337521937376599742010-02-09T14:34:00.000-08:002010-03-01T07:35:08.145-08:00The Lessons Of Wi-Fi #2:Not All Wi-Fi Networks Are Standards Based<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_NiHahXlkVgY/S3Hk2bJeLhI/AAAAAAAAAGA/mfR-wKmnjuw/s1600-h/Square+peg.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 224px; height: 320px;" src="http://3.bp.blogspot.com/_NiHahXlkVgY/S3Hk2bJeLhI/AAAAAAAAAGA/mfR-wKmnjuw/s320/Square+peg.jpg" alt="" id="BLOGGER_PHOTO_ID_5436377848864452114" border="0" /></a><span style="font-family:arial;">One the reasons for creating technical standards is to ensure interoperability between devices that need to work together. In the Wi-Fi world, the 802.11 standards serve this purpose, and encompass a very extensive set of guidelines that manufacturers of infrastructure and devices must follow to create a cohesive wireless system. Why then do we </span><span style="font-family:arial;">encounter situations in which Wi-Fi infrastructure is incompatible with Wi-Fi devices?</span><span style="font-family:arial;"><br /><br />Those who forget the lessons of Wi-Fi are doomed to repeat them. Lesson #2: not all Wi-Fi networks are standards based. Some use proprietary technology that is not compatible with the way other Wi-Fi device manufacturers have designed their products.</span><span style="font-family:arial;"><br /><br />Take, for example, Glenelg Country School and Frances Xavier Warde School, both of which experienced dropped connections with wireless classroom multimedia projectors. At Raytown C-2 School District radio interference affected laptops on rolling </span><span style="font-family:arial;">computer carts, while at Prairie Cardiovascular Consultants interference was so bad that it affected both office and clinical operations. Others have reported issues with different models of PCs or Apple Macintosh computers and iPhones.</span><span style="font-family:arial;"><br /><br />What's interesting about these cases is that the problems were traced to one common source: the wireless LAN infrastructure. Once the infrastructure was upgraded - in these cases to Aruba wireless LANs - the problems went away.<br /><br />All of these sites had used a non-standard, proprietary single-channel wireless LAN architecture. There are only two companies in the industry that make such systems, and both are small niche players with shrinking market share.</span> <span style="font-family:arial;">So why would anyone buy such non-standard products in the first place?<br /></span><br /><span style="font-family:arial;">Simple - product differentiation can be very alluring. It offers the opportunity for the adventurous to tout themselves as early adopters of what they hope will be "the next big thing." Wanting to be the first to use a new Apple iPad, Alienware laptop, or Google Nexus One makes perfect sense. These products embody innovative designs that redefine their markets. But they're also designed to work with existing networking infrastructure like 802.11 Wi-Fi - that they didn't redefine.<br /><br /></span><span style="font-family:arial;">Where you run into serious trouble is deploying non-standards based infrastructure. That's akin to</span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/S3H9bWz7dRI/AAAAAAAAAGI/-shYmTxxatg/s1600-h/Secret.jpg"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 153px; height: 229px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/S3H9bWz7dRI/AAAAAAAAAGI/-shYmTxxatg/s320/Secret.jpg" alt="" id="BLOGGER_PHOTO_ID_5436404871634580754" border="0" /></a><span style="font-family:arial;"> being the first to try a 156 Volt, 76 Hz electrical system in your house. Some devices might work, but you run the very considerable risk that others will crash and burn.<br /></span><br /><span style="font-family:arial;">And that's what happened to the single channel wireless LAN </span><span style="font-family:arial;">customers. </span><span style="font-family:arial;">The reason single channel architecture hasn't caught on isn't because it's a secret waiting to be discovered. It's because there's a secret to what makes it run, and therefore interoperability is not assured.</span><span style="font-family:arial;"><br /><br />When it comes to living on the bleeding edge of technology, consider the importance of interoperability. If a new technology has to be seamlessly integrated with other existing devices - as is the case with Wi-Fi networks and devices - then using a non-standards based product is just asking for trouble.<br /><br /></span><span style="font-family:arial;">If you'd like to get the whole picture on Wi-Fi architecture you've only to download our free white paper, </span><a href="http://www.arubanetworks.com/pdf/technology/whitepapers/wp_RFARCH.pdf"><span class="aptureLink " id="apture_prvw1" style="font-family:arial;"><span style="background-position: right -448px;" class="aptureLinkIcon">WLAN RF Architecture Primer</span></span></a><span style="font-family:arial;">. And leave it to someone else to relearn the lessons of Wi-Fi.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-30472378931616601912010-02-08T22:09:00.000-08:002010-03-01T07:35:23.524-08:00The Lessons Of Wi-Fi #1: Not All Wi-Fi Networks Are Created Equal<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://1.bp.blogspot.com/_NiHahXlkVgY/S3F7EQzUwYI/AAAAAAAAAF4/JShonGLly7A/s1600-h/Static.jpg"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 321px; height: 212px;" src="http://1.bp.blogspot.com/_NiHahXlkVgY/S3F7EQzUwYI/AAAAAAAAAF4/JShonGLly7A/s320/Static.jpg" alt="" id="BLOGGER_PHOTO_ID_5436261538372829570" border="0" /></a><span style="font-family:arial;">You've invested thousands - tens of thousands - in new educational software, a fleet of new <span class="blsp-spelling-error" id="SPELLING_ERROR_0">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_1">Fi</span> enabled laptops, and even </span><span style="font-family:arial;">computer carts to chauffeur computers between classrooms. But when the students fire up the machines and try to access the shiny new instructional video you're trying to stream <span class="blsp-spelling-error" id="SPELLING_ERROR_2">wirelessly</span>, they get nothing. Nothing but static. Or jitter. Or </span><span style="font-family:arial;">dropouts.</span><span style="font-family:arial;"> What went wrong? </span><span style="font-family:arial;"><br /><br />Those who forget the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_3">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_4">Fi</span> are doomed to repeat them. Lesson #1: not all <span class="blsp-spelling-error" id="SPELLING_ERROR_5">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_6">Fi</span> networks are created equal. They all have access points, and they may even be <span class="blsp-spelling-error" id="SPELLING_ERROR_8">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_9">Fi</span> Alliance certified. But the similarity ends there.</span><span style="font-family:arial;"><br /><br />Streaming real-time video is a demanding <span class="blsp-spelling-error" id="SPELLING_ERROR_10">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_11">Fi</span> application that requires additional processing above and beyond the <span class="blsp-spelling-error" id="SPELLING_ERROR_12">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_13">Fi</span> standard. </span><span style="font-family:arial;">The main technology enablers for video over <span class="blsp-spelling-error" id="SPELLING_ERROR_14">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_15">Fi</span> are adequate bandwidth, quality of service (<span class="blsp-spelling-error" id="SPELLING_ERROR_16">QoS</span>), and <span class="blsp-spelling-error" id="SPELLING_ERROR_17">multicast</span> support.<br /><br />While 802.11n - the newest high-speed <span class="blsp-spelling-error" id="SPELLING_ERROR_18">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_19">Fi</span> technology - provides a significant bandwidth boost, </span><span style="font-family:arial;"></span><span style="font-family:arial;">RF management algorithms </span><span style="font-family:arial;">are </span><span style="font-family:arial;">important to ensure continuous, high-rate coverage. </span><span style="font-family:arial;">These algorithms must include control of the access points and the laptops (clients) - a feature provided by Aruba's Adaptive Radio Management technology - to automatically calculate the optimum channel and transmit power assignments, move clients to the most appropriate access point, and optimize the network’s use of available radio spectrum. This function is especially important for mobile clients - like <span class="blsp-spelling-error" id="SPELLING_ERROR_20">iPhones</span> - and in the presence of densely deployed clients such as you would find in classrooms and lecture halls.</span><span style="font-family:arial;"><br /><br /><span class="blsp-spelling-error" id="SPELLING_ERROR_21">QoS</span> for video uses the same mechanisms as for voice, however, the bandwidth requirements of video applications vary widely. It is therefore important that any content that requires special handling be correctly flagged. Aruba's integrated <span class="blsp-spelling-error" id="SPELLING_ERROR_22">stateful</span> firewall does just that.</span><span style="font-family:arial;"><br /><br />Since video can account for a large percentage of network bandwidth, determining when to broadcast to multiple clients - <span class="blsp-spelling-error" id="SPELLING_ERROR_23">multicast</span> streaming - is essential. Here again, Aruba incorporates technology to monitor <span class="blsp-spelling-error" id="SPELLING_ERROR_24">multicast</span> group members, and only delivers <span class="blsp-spelling-error" id="SPELLING_ERROR_25">multicast</span> streams to access points whose clients require it.</span><span style="font-family:arial;"><br /><br />If you'd like to get the whole picture on video over <span class="blsp-spelling-error" id="SPELLING_ERROR_26">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_27">Fi</span> you've only to download our free white paper, </span><a style="font-family: arial;" href="http://www.arubanetworks.com/pdf/technology/whitepapers/wp_wireless_broadband_video.pdf">I Can See Clearly Now</a><span style="font-family:arial;">. And leave it to someone else to relearn the lessons of <span class="blsp-spelling-error" id="SPELLING_ERROR_28">Wi</span>-<span class="blsp-spelling-error" id="SPELLING_ERROR_29">Fi</span>.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-36939919356272823082010-02-08T08:11:00.000-08:002010-03-01T07:33:51.916-08:00Distance Learning Has Never Been Closer<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://4.bp.blogspot.com/_NiHahXlkVgY/S3A7IfGQU5I/AAAAAAAAAFg/3NeGnqChr-w/s1600-h/Distance+learning.JPG"><img style="margin: 0pt 0pt 10px 10px; float: right; cursor: pointer; width: 320px; height: 213px;" src="http://4.bp.blogspot.com/_NiHahXlkVgY/S3A7IfGQU5I/AAAAAAAAAFg/3NeGnqChr-w/s320/Distance+learning.JPG" alt="" id="BLOGGER_PHOTO_ID_5435909767208915858" border="0" /></a><br /><span style="font-family:arial;">One of the challenges of distance learning is how to replicate the "campus experience" for remote students. Doing so encourages collaboration with other students, and improves study opportunities, </span><span style="font-family:arial;">by leveraging the same electronic learning applications, library reference materials, and server resources as campus students enjoy.<br /><br /></span><span style="font-family:arial;">It also builds school loyalty because if these services remain in place post graduation, it improves the chances of continued participation once students become alumni.</span> <span style="font-family:arial;"><br /><br />Providing secure access to your school's electronic learning resources is a challenge. Open access or password-controlled access won't protect against network attacks, password-sharing, or excessive </span><span style="font-family:arial;">bandwidth </span><span style="font-family:arial;">consumption by mischievous students. </span> <span style="font-family:arial;"><br /></span><br /><span style="font-family:arial;">A secure virtual private network (<span class="blsp-spelling-error" id="SPELLING_ERROR_0">VPN</span>) requires your IT staff to load and manage client software on every device a student might wish to use. This is an on-going burden because incompatibilities may be introduced as students upgrade operating systems or other applications on their computers.</span> <span style="font-family:arial;"><br /><br />Virtual Branching Networking (<span class="blsp-spelling-error" id="SPELLING_ERROR_1">VBN</span>) solves distance learning connectivity and security issues. Using a small, very inexpensive device called a Remote Access Point (RAP), <span class="blsp-spelling-error" id="SPELLING_ERROR_2">VBN</span> enables remote students to connect securely to your data network. </span> <span style="font-family:arial;"><span class="blsp-spelling-error" id="SPELLING_ERROR_3">RAPs</span> enable students to use any <span class="blsp-spelling-error" id="SPELLING_ERROR_4">IP</span>-based devices with an Ethernet port or W-<span class="blsp-spelling-error" id="SPELLING_ERROR_5">Fi</span> - <span class="blsp-spelling-error" id="SPELLING_ERROR_6">MacBooks</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_7">iPhones</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_8">iTouches</span>, <span class="blsp-spelling-error" id="SPELLING_ERROR_9">iPads</span>, PCs, <span class="blsp-spelling-error" id="SPELLING_ERROR_10">VoIP</span> phones, printers - without loading any software clients.<br /><br /></span><span style="font-family:arial;">A built-in firewall strictly enforces access policies set by your IT staff, and can even control how much bandwidth a student uses. All access policies are centrally managed and then pushed over the network to the <span class="blsp-spelling-error" id="SPELLING_ERROR_11">RAPs</span>. The same is true of software updates: they're pushed automatically to every RAP in the field.</span> <span style="font-family:arial;"><br /><br /></span><a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_NiHahXlkVgY/S3A8LSbTOAI/AAAAAAAAAFo/8o8aQ-IGpZo/s1600-h/rap-console.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 280px; height: 185px;" src="http://3.bp.blogspot.com/_NiHahXlkVgY/S3A8LSbTOAI/AAAAAAAAAFo/8o8aQ-IGpZo/s320/rap-console.png" alt="" id="BLOGGER_PHOTO_ID_5435910914858760194" border="0" /></a><span style="font-family:arial;">New <span class="blsp-spelling-error" id="SPELLING_ERROR_12">RAPs</span> are shipped <span class="blsp-spelling-error" id="SPELLING_ERROR_13">unconfigured</span>. To connect one to your network the student pushes a button on the front of the unit and then enters the <span class="blsp-spelling-error" id="SPELLING_ERROR_14">IP</span> address of your data center.<br /><br />A RAP controller in your data center then exchanges security certificates with the student's RAP and voila, the student is on-line. No IT staff involvement is required for this process to occur, meaning that it's possible to economically support a very large distance learning program without adding IT staff.</span> <span style="font-family:arial;"><br /><br />Since <span class="blsp-spelling-error" id="SPELLING_ERROR_15">RAPs</span> are shipped <span class="blsp-spelling-error" id="SPELLING_ERROR_16">unconfigured</span>, they can be sold or rented to students through your bookstore or by a third party with zero-touch involvement by your IT staff. If a student leaves your distance learning program, or fails to pay tuition, a simple change in the access policy will completely disable the RAP.<br /><br />Alternately, when a student graduates the RAP settings can be changed to disable distance learning and enable Internet access using your alumni site as the home page.</span> <span style="font-family:arial;"><br /><br /><span class="blsp-spelling-error" id="SPELLING_ERROR_17">VBN</span> has been field-proven in enterprise teleworker deployments around the world, and is the ideal solution for distance learning applications of any size. To find out more please visit our <a href="http://www.arubanetworks.com/solutions/remote_networking.php">Web site</a>.<br /><br /></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.comtag:blogger.com,1999:blog-2376497195979085918.post-87169581847446377312009-11-24T13:48:00.000-08:002010-03-01T07:41:12.853-08:00A Tale of Two Cities: Educause Denver and Interop New York<a onblur="try {parent.deselectBloggerImageGracefully();} catch(e) {}" href="http://3.bp.blogspot.com/_NiHahXlkVgY/Swxfk4SNaGI/AAAAAAAAAE4/djDdwM9gQhk/s1600/Picture1.png"><img style="margin: 0pt 10px 10px 0pt; float: left; cursor: pointer; width: 178px; height: 200px;" src="http://3.bp.blogspot.com/_NiHahXlkVgY/Swxfk4SNaGI/AAAAAAAAAE4/djDdwM9gQhk/s200/Picture1.png" alt="" id="BLOGGER_PHOTO_ID_5407802339753814114" border="0" /></a><br /><span style="font-family:arial;">It was the best of Wi-Fi, it was the worst of Wi-Fi, it was the age of access, it was the age of stagnation, it was the epoch of mobility, it was the epoch isolation, it was the season of enlightenment, it was the season of bewilderment, it was the spring of tranquility, it was the winter of frustration, we had everything that was promised, we had nothing but words, we were all going direct to the Internet, we were all going nowhere (and slowly at that) — in short, the Aruba 802.11n wireless LAN at Educause Denver delivered the goods, the Xirrus arrays at Interop New York....well, read on.<span style="font-family:arial;"><br /><br />The Educause 802.11n Wi-Fi network ran flawlessly and was smokin’ hot: 800 simultaneous users, 50% 802.11n clients, 50Mpbs delivered in client speed tests. </span><span style="font-family:arial;"><br /><br />If you want to know what happened in New York see Jim Frey’s <span style="font-style: italic;">Network World</span> posting, "<a href="http://www.networkworld.com/community/node/48366">Internet = InterNOT @ Interop</a>."<br /><br />If it looks like a skeet, and it flies like a skeet, and its connectivity is comparable to a skeet, then treat it like a skeet.<br /><br /></span></span>Michael Tennefosshttp://www.blogger.com/profile/16714881478157126205noreply@blogger.com