HiPath Wireless Technical Presentation HWCSv4 HWMv2

HiPath Wireless
Market Introduction
Version 4.0 Update
for Consulting and Engineering
August 2006
Copyright © Siemens AG 2006. All rights reserved.
HiPath Wireless
Driving Value with Open Mobility Solutions
Presentation Contents
 Introduction
 Architectural Features
 Operational Control Features
 Solutions Enablement Features
 Conclusion
Page 2 August 2006 Copyright © Siemens AG 2006. All rights reserved. HiPath Wireless
HiPath Wireless
Driving Value with Converged Mobility Solutions
HiPath Wireless drives value through superior Converged Mobility Solutions

while maintaining control over network operations and costs
Converged
Mobility Converged
Mobile
Solutions
Enterprise
Product
Foundation
Operational Flexible Solutions
Control Architecture Enablement
HiPath Wireless Key Differentiators
HiPath Wireless unique differentiators lie in three key areas:
Unequaled Operational Flexible, Open Exceptional Solutions

• Industry-leading integrated • A highly flexible • Open partner ecosystem

WLAN security architecture that can that offers existing high-
accommodate many value Converged Mobility
• Most TCO-effective,
different application Solutions and fast
efficient management
solutions on a single integration of new ones
architecture
• A complete voice portfolio
• Minimal changes needed and robust multimedia
to the physical network features to accelerate the
integration of voice & data
HiPath Wireless
Converged Mobility Solutions Portfolio
Converged Mobility Applications
HiPath Wireless Management Suite
HiPath Wireless Controllers
HiPath Wireless APs and Sensors
Converged Clients & Devices
HiPath Wireless Access Point
AP 2610 & AP 2620

 “Fit AP” model that efficiently shares processing load with
Controller
 Dual radio 802.11a + b/g
 External and Internal Antenna versions
RF Features
 Wi-Fi Certified
 Multi-SSID (16 per AP) with individual suppression
 Load balancing and auto-failover
Plug and Play installation
 Auto discovery of Controller
 Centralized configuration deployment
Enterprise Class Access Point
 10/100bT with PoE (802.3af)
 Wall, ceiling, and plenum (UL 2043) mounting
SCALANCE W788-2RR: True Industrial-grade WLAN
 Expands enterprise WLAN functionality to harsh industrial and outdoor

environments
 Dual-radio 802.11 a + b/g access point
 Runs HiPath Wireless Access Point software for complete device
management integration in mixed carpeted/concrete environments
 I-Safe compliant
 Industrial certification for:
 ATEX (ex area)
 EMC
 UL
 FM
 Rugged housing:
 IP65 protection against dust and water
 Chemically resistant and flame-retardant
 Halogen and Silicon-free
 Safe operating temperature range: -20 to 60°C
HiPath Wireless Controller
Multiple Hardware
Platforms
C1000 Controller
 75-200 APs
 4096 Users Each Controller Model runs consistent
 2x Gig Ethernet Ports HiPath Wireless Convergence SW
 Redundant PSU
 Integrated HiPath Wireless Assistant web-
C100 Controller based management interface
 31-75 APs  Full Layer 3 Routing
 2048 Users  Static
 4x Fast Ethernet Ports  OSPF
 Redundant PSU  Mobile User Services
C10 Controller  AAA Services
 30 or fewer APs  DHCP Services
 512 Users  Mobility Management (Client-
 4x Fast Ethernet Ports independent) Roaming
HiPath Wireless Management Suite
HiPath Wireless Manager

Multiple Controller network management:
 Reporting, monitoring, and statistics
 Graphical network topology
HiPath Wireless Assistant

Controller-based integrated web management:
 Access Point deployment & configuration Advanced Services
 VNS user segmentation and policy HiGuard Module
 Network Statistics  Sophisticated wireless intrusion prevention
 Graphical location-based services
 Intuitive management dashboard & reports
HiGuard Reporting Module

 Assesses network compliance with
industry or regulatory specifications
 Intuitive reports facilitate conformance
AP Management
Controller Management
Sensor Management
 Centralized multi-Controller management

platform for large wireless networks:
 Comprehensive global network view provided
by hierarchical map
 Charts, statistics, and reports for network
trend analysis
 Detailed event logs and alerts make it easy to
zoom in and troubleshoot issues
 Advanced Services modules available to
enhance WLAN capabilities:
 HiGuard – Wireless IPS and location
 HiGuard Reporting – Compliance tool
 Open APIs provide opportunity for further
solution integration
HiGuard and HiGuard Reporting
 Resolves unique “open air” challenges of

managing wireless LANs
 HiPath Wireless Manger HiGuard provides
the following advanced services:
 State-of-the-art wireless intrusion detection
and prevention capabilities
 Visual mapping and location capabilities
 Performance optimization
 Comprehensive dashboard leading to
advanced charts, reports, and statistics
 HiGuard Reporting delivers automated
compliance assessments:
 Pre-defined regulatory reports (Sarbanes-
Oxley, HIPAA, etc.)
 Ability to create customized reports
HiPath Wireless Client Portfolio
Wireless Telephones
and Softphones
optiPoint WL2 optiPoint WL1 optiPocket optiClient130

professional professional
optiPoint WL2 professional WiFi Phone

 Features:
 802.11b / g, SIP and CorNet IP Protocol Support
 Color Display (128 x 128), USB Port
 LDAP Dialing, Voice Recognition Dialing and Built-In
Headset Jack and Speakerphone
 Embedded Linux Operating System
 Open Standards Based:
 WPA2/802.11i, WPA, WEP (64 / 128 bit), VPN, CCX, LEAP
HiPath Wireless Services – Making WLAN even easier!
Professional Services Lifecycle Services

 802.11 RF site survey  Remote monitoring, diagnostics,
 Network assessment reporting
 Hardware/software installation,
 Applications assessment
maintenance, fixes, spare parts
 Systems integration/design
 Moves, Adds, Changes (MACs)
 Security planning
 Training
Consult Design Build Support Manage Educate
 Network management  Asset management

 Security management  Service/Help Desk
 Multi-Vendor Support  24/7 Remote Monitoring
Managed Services
HiPath Wireless
Architectural Features
Converged
Mobile
Enterprise
Operational
Control &
Effectiveness
HiPath Wireless Network Topology
HiPath Wireless Manager HiPath Wireless Access Points

• Multi-controller full network management • Plug & Play anywhere on an IP Network
• Intuitive dashboard plus detailed trend • Communicates to WLAN Controller via IP
analysis and problem diagnosis
• Sophisticated wireless intrusion prevention
• Graphical location services
Segment A Segment B
(Real Time (Factory)
Data)
IP Network
IP Network
IP Network
VoIP RADIUS
Platform Server
Segment C Segment D
(Guest (Voice)
Access)
WAN
HiPath Wireless Controller and

Convergence Software
• Routes IP Traffic to and from Mobile Users
• Comprehensive Policy Management and Mobile Units
User Segmentation via VNS • IP Addresses are from virtual IP subnet
• Centralization of Moves/Adds/Changes defined in the Controller
• Includes VoWLAN phones and soft clients
• Fast Secure Roaming
HiPath Wireless Architecture
Enabling WLAN Mobile Convergence
IP Network Mobile Session Management

 Full Layer 3 solution
 Centralizes intelligence
anywhere in the network
 Converged voice & data
VLAN-based WLAN Appliance

VLAN
 Centralizes intelligence with pre-
Network configured VLANs
 Provides Layer 2 services
Wireless LAN Switch

 Centralizes intelligence
100m from the edge
 Provides Layer 2 services
Access Points
 Intelligence at edge
 Layer 2 bridge
Split MAC versus HiPath Fit AP
Split Mac
 Splits MAC function with controller
(encryption, QoS, RF
management)
 Not scalable to medium-large
networks
Fit AP
IP Network
 Decentralizes dynamic decision
making (encryption, QoS, RF
management)
 Centralizes management and
control
HiPath Wireless
Flexible, Non-disruptive Network Integration
Independent Wireless Domain

 Best solutions for unique wireless
challenges
Integrated Wired Network Services
Application Migration
 Seamless handoff when wireless client
touches wired network (or vice versa)
for services and management
Intelligent Traffic Management
 Optimal use of RF spectrum for peak
performance, intelligent routing and
switching in wireline network
HiPath Wireless
IEEE Standard Tracking
 802.11a/b/g: certified 802.11k: pre-standard work done, but

full implementation not ready until
 802.11i (WPA): certified
standard ratification
 802.11i (WPA2): certified
802.11m: planned
 802.11e (WMM): certified
802.11n: planned
 802.11d: certified
802.11r (Fast Roaming): planned
 802.11h: supported in V4
802.11s (Mesh Networking): WDS
 802.11j (extensions for Japan): with ST planned
supported 802.11v/u (Radio Management
enhancements): planned
CAPWAP Tunneling Protocol (CTP)
Access Point
HiPath Wireless
Controller (HWC)
Traffic is tunneled from Access Points to the Controller via CTP

 Enables centralized WLAN management to stretch anywhere via IP
 Ability to encapsulate and forward management traffic and/or user traffic
Multiple Modes for Maximum Deployment Flexibility
Campus – Coordinated Mode VNS Groups: Employee Voice Consultant Branch Guest
• Central Management
• Central Traffic Forwarding
• Full Redundancy
Building – Coordinated Mode
• • Central Management
1000s of APs
• • Central Traffic Management
DRM
• 100s APs
L3
Internet
Public Access – Any Mode

Network • Central Management
• Central and Local
Traffic Management
Remote Office – Branch Mode • Outdoor AP
• Central Management
• Local Traffic Forwarding WAN L2 or L3
• Few APs
L2 Small Office – Standalone Mode
• Local Management
• Local Traffic Management
• Few APs
L2 or L3
Deployment Scenarios
HQ & Campus
Characteristics
Existing L2 switch
 Typical Controllers: HW
C
 C100 – 1536 users
 C1000 – 4096 users Router Med-Large
Building/Campus
 Multiple Controllers can Existing L2 switch
be combined to serve
thousands of users
 HWCs load balance
Router
with high availability
 Controllers can be WAN
deployed centralized or Network
distributed VoIP
Call Server
 Works with multiple

router hops
SME
Characteristics
Small
 Typically HWC: C10 Office/Department
 WAN router optional

 Controller at small office does not need an Existing L2
HQ Controller unless seamless inter-site switches
roaming required
WAN
VoIP Router
Call Server
WAN
Network
One VPN Solution, One Logical Network!
VPN
VPN for Remote Users
Gateway
DMZ
Internet
 Single logical network

 No VLANs required (no leakage or
configuration issues)
 Separate physical networks Controllers
 Single VPN Gateway

 Remote User & Wireless Clients
 No Client Issues
Access
 Same PKI infrastructure Points
 WLAN Wireless Security as required

 WPA2 can be used on wireless link
3rd Party AP Integration
 3rd Party APs must reside

separate LAN segments
with the Controller as the
default gateway RADIUS
 Controller implements IP Network
policy on user traffic that

traverses through it
 3rd Party AP segment is
defined as a special LAN Segments
“VNS” with its own IP

address space
3rd Party APs 3rd Party APs
Branch Support
Limitations in Large Distributed Environments
Second Generation WLAN (Fat AP) Third Generation WLAN (Thin AP)
Headquarters Office Headquarters Office
Software-based
Management
Appliance Controller
Management
Traffic
Internet Internet
Branch Office 1 Branch Office 2 Branch Office 1 Branch Office 2
Mini-Controller Mini-Controller
 Introduced management server to  Introduced “branch controllers” to

handle some distributed functionality keep WLAN traffic local
 However, customers seeking full 3G  However, this adds management
functionality require separate WLANs complexity and is costly
HiPath Wireless Branch Support
Traffic Segmentation for Peak Performance
 HiPath Wireless Access Points can dynamically decide if traffic should

remain local or be routed to the Controller
 Traffic segmentation policy defined at the Controller
 Sensitive real-time applications enjoy optimal performance
Headquarters
Local
Central
Internet
Branch Location
HiPath Wireless
Operational Control Features
Converged
Mobile
Enterprise
Operational
Control &
Effectiveness
HiPath Wireless Meets Your Operational Needs
Maintenance & Configuration Security

 Centralized management  Encryption & authentication support
 User segmentation and policy management  Wireless IDS/IPS
 User adds/changes/deletes
 Software upgrades Performance
 Ability to define & optimize traffic flow
Monitoring  Support for multi-site deployments
 Visual network map and location services  Visual RF coverage mapping
 Support for standard management  Voice optimization and QoS
protocols
 Verbose charts, statistics, and reports Interoperability
 Troubleshooting tools  Standards support & certification
Deployment
 Site Planning However, above all else:
 Easy device installation “Customers have moved from asking if the
technology works and interoperates to asking how
Availability
 Controller & AP redundancy wireless LAN can benefit their company and how it
 Dynamic RF management can be deployed and managed in a secure and
cost-effective fashion.”
Scalability
Source: US WLAN Equipment 2005-2009 Forecast by Vertical Market, IDC 2005
 Controller Capacity
Maintenance & Configuration
 Web-based centralized management interface that resides on the

Controller and administers all associated Access Points
 Primary configuration interface for HiPath Wireless networks
 Access Point deployment
 Virtual Network Services (VNS) segmentation
 Dynamic RF Management
 Accounting, reports, alerts, and statistics
Virtual Network Services (VNS)
 VNS groups can segment  Network privacy maintained

users, devices, or applications  Each VNS has a discrete IP address space
 Each VNS tied to an SSID  Network filters ensure that VNS groups are
 Each Controller supports up to kept separate
50 VNS groups  Users can only see authorized resources
 Logical layer 3 segmentation (eg. Guest web access)
eliminates complicated
configuration of VLANs VNS Segmentation
VoIP Voice Staf
Server Users f
Dat
Secure a
Network Internal
Network
Guests
Internet Captive
Portal
VNS Management – Unique & Discrete Policy Control
 Each VNS is configured with

distinct settings:
 IP networking parameters
 Session timeout values
 Network resource Access
 Security policy
 QoS Settings
 Multicast settings
 Local or centralized traffic
forwarding
 802.11 RF settings
 Assign SSID and suppression
 Applicable APs and radios
VNS Management – Flexible Traffic Forwarding
 Each VNS can be configured to bridge traffic locally at the AP instead of

through the Controller (default)
 Management information (statistics, logs, etc.) and authentication traffic
are still forwarded centrally
VNS Management – Security Settings
Separate security options can be defined

for each VNS group:
 Authentication
 Captive Portal
 Internal or external server
 MAC-based Authentication
 RADIUS, 802.1X
 Tested interoperability with leading
RADIUS vendors (Funk, Microsoft)
 Privacy (Encryption)
 64, 104 & 128 bit WEP
 WPA-PSK with AES
 WPA with TKIP
 WPA2 with AES (802.11i)
VNS Management – QoS Prioritization
QoS can be enabled or disabled on a

per-VNS basis
 Six QoS options available:
1. Best Effort
2. WMM priority
3. Pre-WMM priority
4. Pre-WMM and WMM priority
5. Voice VNS without WMM
6. Voice VNS with WMM
 QoS policy is enforced by VNS
 Ensures high-priority user groups
and/or real-time applications get
the performance they need
VNS Management - Filtering
 VNS groups can only see specified

resources
 VNS groups are logically discrete
and not viewable by other VNS
groups
 Filter characteristics:
 2048 filters per HWC
 Default filters for pre and post
authenticated sessions
 Users can be assigned to
individual filters based on
authorization response
Access Point Software Upgrades
Centralized distribution of AP software updates minimizes ongoing

maintenance costs
 Retrieve AP images
 Manage up to 10 different AP
image versions
 Upgrade behavior defined for
each AP:
 Controlled Upgrades push a
specific software version to a
single AP or group of APs
 Default AP image is loaded
each time the AP boots
Client (Mobile Unit) Management
Individual users can be identified to allow administrators to take

immediate action:
 Disconnect at AP
 Effective to force re-
authentication
 Blacklist
 MAC Addresses not allowed to
associate with any AP
 Import and export functions
 Up to 768 blacklist members per
Controller
Monitoring
HiPath Wireless Assistant Reports
Monitoring
Management Logging
 AP and Controller information is

gathered into log files
 5 different configurable priority levels
 Log information can be directed to
multiple locations:
 Local Controller log file
 External Syslog server
 Up to 3 Syslog Reporting servers
simultaneously
 Traces can be set up for
troubleshooting
Monitoring
RADIUS Accounting
 Accounting information configured per VNS and sent as Call Detail

Records (CDRs) or RADIUS Accounting
 Either stored locally on Controller or
externally to up to 3 RADIUS Accounting
servers
 Accounting Data
 User Information
 Userid
 Mac Address
 VSAs
 Usage Information
 Session Time
 Bytes/Packets Exchanged
 Terminate reason
Deployment
Plug & Play AP Installation
 Plug & Play installation via automatic Controller discovery makes WLAN
deployment faster and easier
AP Discovery AP Registration
 Acquire IP address  Authenticate
 Acquire Controller IP address(es) Then  Get Configuration
 Provision via Controller configuration  Be Managed
 Provide WLAN user service
DHCP DNS
Deployment
Plug & Play AP Installation – Discovery Options
Dynamic Discovery
 Enables more than one way for APs to discover HWC
 Enterprise can leverage infrastructure or apply preference
1.SLP – for highest reliability
2.DNS – for simplest automated discovery
3.SLP Multicast – for L2 only network
 All discovery mechanisms enabled
 Continuously attempts all mechanisms until connected to a Controller
Static Discovery AP Discovery Order:
 APs can be manually configured with an IP 1. Static
2. SLP
address and Controller IP address(es) to 3. DNS
expedite discovery and registration 4. SLP Multicast
 Remaining deployment information pushed
from the Controller upon boot
High Availability
End-to-End WLAN Resiliency
Session continuity
 Survival through Access Point and network
outages
Redundant Controllers
 Ensure against controller outage
 Redundant power supplies
 Run in load sharing mode
Survives network failures

 Multiple interface support on controller
 Full functioning router
High Availability
Load Sharing Controller Failover
 Controllers are paired for redundancy and must continually provide

Access Point information to its paired Controller
 Each Controller monitors for Controller and/or network failure
 Once failure is detected, Controller will accept AP connections from its
availability partner
 AP capacity limit can be doubled in this circumstance
 APs are re-associated with primary Controller via management interface
once functionality is restored
 Advantages over N+1 redundancy configurations:
 Unlike N+1 redundancy configurations, both primary and backup Controllers
are always actively servicing users
 Requires the minimum amount of hardware (less than or equal to N+1)
High Availability
Load Sharing Controller Failover – The AP’s Role
 Access Points learn address of failover Controller during discovery

 Keep alive mechanism to detect failure is built in to AP-Controller
communications (CTP):
 Polling times are configurable AP 3 AP4
AP2
AP1
 Re-discovers to “secondary”
Controller after failure
 AP is assigned to a VNS pre-
configured by administrator
VNS A
X
HWC 1 - Primary HWC 2 - Secondary
VNS A’
VNS B VNS B’
VNS C
High Availability
Dynamic Radio Management (DRM)
 Dynamic optimization of RF power and channel selection performed

cooperatively by Access Points
 Centralized Controller-based configuration
 Managed RF signal co-existence with friendly neighbouring networks
 High availability and performance
through automatic Access Point fault
tolerance and client load-balancing
High Availability
DRM Coverage Types
Shaped Coverage OFF

Management
Power
Data Power
Shaped Coverage ON
Management
Power
Data Power
Security
Comprehensive Integrated WLAN Security
HiPath Wireless lets enterprises

Frame Level Session Level
achieve the benefits of WLAN
Security Security without the security risks:
(802.11i/WPA2) (802.1X)  802.11i / WPA2 standard support
for Authentication and Data
Data Authentication Confidentiality
Confidentiality And Access
and Integrity Control  Proactive Intrusion Detection and
Prevention via HiPath Wireless
Manager HiGuard
 Captive Portal and Guest
Intrusion
Detection and
Services
Prevention  Seamless integration with wired
RF Level network VPN and authentication
Security infrastructure
(Wireless IPS)
Security
HiPath Wireless Full Range of Security Options
HiPath Wireless features an array of security features to meet your

company’s specific needs
RF-Level Multi-tasking APs “Dedicated IDS” HWM HiGuard Sensors

Options scan network & Rogue Detection • Threat Auto-classification
provide access APs • Continuous Scanning
• Simultaneous attack
prevention & detection
• Visual location and mapping
Frame-Level WEP WPA WPA2 (802.11i)

Options  CRC-32 (RC4)  TKIP (RC4)  CCMP (AES) Encryption
Encryption Encryption  802.1X Authentication
 Pre-shared Key  802.1X
Authentication Authentication
Degree of Security
Security
802.1x and EAP Authentication
 802.1x security protocols are tunneled to the Controller

 802.1x defines Extensible Authentication Protocol over LAN (EAPoL)
EAP (TLS, TTLS, PEAP, SIM, FAST)
EAPoL
RADIUS
Access Point HiPath Controller RADIUS
 The Controller terminates EAPoL and forwards EAP messages in RADIUS

messages
 Clients exchange EAP messages directly with the RADIUS server
Security
Importance of Wireless IDS/IPS
 Most enterprise WLAN vendors have Denial of

Service
standardized on 802.11i (WPA2) Attack
WLAN security
Ad Hoc
Mis-Configured AP
 However, industry standards focus
on securing packets and validating AP MAC
Spoofing
users, but ignore securing the air etw
ork
rprise N
Ente
 No industry standard exists for Rogue AP Unauthorized
Association
Honeypot
securing the RF level

 Wireless Intrusion Detection and
Prevention (IDS/IPS) complements
Mis-association
frame-level mechanisms for hbo
ring
Neig work
complete WLAN security Exploits & Attacks Net
 Unauthorized Access
 Denial of Service (DoS)
 Man in the Middle
 IP Spoofing
 Hijacking
Security
Integrated AP Rogue Detection
 Scan Task
 Selected HiPath Wireless APs scan
Scan Task
the RF space at pre-defined intervals
for Rogue APs and Ad Hoc networks
 RFDC
 Collects the raw scanned information RFDC
from each scanning HiPath AP
Analysis
 Forwards it to the Analysis Engine Engine
 Analysis engine
 Analyzes all information centrally
 Reports and events can be viewed
from HiPath Wireless Assistant
HiPath SNMP Server
 SNMP alerts and traps can be sent Wireless (Unicenter, Tivoli,
Assistant Openview)
Security
Integrated AP Rogue Detection - Mitigator
 Rogue AP detection information found

in the Mitigator section of HiPath
Wireless Assistant
 Scan Groups define rogue detection
parameters
 Designate scanning APs and intervals
 Configure channels and dwell time
 Reports provide:
 Summary threat page
 Detailed information on each threat
 Detecting APs
 Type of threat
 Friendly AP incorporation
 Detected APs can be added to the
Friendly list
 Ability to manually add friendly APs
 3rd Party APs automatically added
Security
WebJail Quarantine
Security Actions:
 Ability to quarantine and redirect  Blacklist an IP address
 Dynamic policy management  Change VNS (to/from quarantine VNS)
Partner Ecosystem API  Controller disassociates and
 Provides dynamic feedback on WLAN automatically moves user to
and user states for customized user quarantine VNS
redirection  Dynamic traffic filtering
Remedial Server:
• Check Point Zone Labs Quarantined
• Bradford Approved
• Tipping Point
• API link for customization
Network
Secure
Network
Internet Approved
Group B
Scalability
Multi-Controller Mobility
 In a multi-Controller environment, Controllers are defined as either a “VN

Manager” or a “VN Agent”
 VN Manager is responsible for managing the distribution of client session
information to all VN Agents
 VN Agents associated with a VN Manager, creating a “Mobility Domain”
 VN Agents only communicate with the VN Manager
 If a VN Agent fails, VN Manager will clean up the session information
VN Manager
VN Management
Messages
VN Agent VN Agent
Centralized Multi-Controller Management
 Comprehensive global network view provided by hierarchical map

 Network auto-detection:
 Installed Controllers and associated APs
 Mobility zones
 Availability pairs
 Click on a Controller to
automatically launch
for configuration changes
Comprehensive Monitoring Tools
 Consolidated charts, statistics, and

reports for network trend analysis
 Detailed information kept on every
associated user and device for easy
problem isolation
 Alerts can be set for:
 Specific events (eg. device failures)
 Surpassed thresholds
 Associated Clients
 Aggregate Bandwidth (%, Mbps)
 Tunnel Traffic (bytes)
 Busiest Devices
 RADIUS Requests/Failures
HiPath Wireless Manager HiGuard
Architecture
HiPath Wireless Manager HiGuard:

2. Builds a model of the network
3rd Party
3. Directs real-time sensing of the network Management

Tools
4. Analyzes sensing results via heuristics

1. Forwards results to core RF
Real-timeMonitoring
Real-time Monitoring
management services: HiPath
Wireless
 Intrusion Prevention (IPS) Controllers Intrusion
Intrusion
Prevention
Prevention
Modeling
ModelingInterface
 Location Services HWMA
HWMA
Analysis Location Network
Network
Analysis Location
 Performance Optimization Engine
Engine Services
Services
Monitoring
Monitoring
Interface
3rd Party andControl
and Control
 Network Monitoring and
Planning
Tools
Performance
Performance
Control Optimization
Optimization
PolicyManager
Policy Manager
Superior Wireless Intrusion Prevention (IPS)
 HWM HiGuard deploys sensors to continually scan the RF space to

detect and defend against threats the standards (e.g. 802.11i) don’t touch
 HiPath Wireless Manager HiGuard automatically:
 Identifies and classifies potential threats, enabling administrators to find and
remove them from the network
 Identifies friendly neighboring devices and users to allow co-existence
without compromising network resources
 Proven best in class performance among both standalone and integrated
IDS/IPS solutions
 100% success vs 65%-75% from competitors (Tolly Group, 2006)
 Visual representations of the RF coverage area and wireless devices
make threat removal especially easy
NOTE: Defending the air space surrounding

network should be a requirement even if there is
no wireless LAN support
Location Services
 Locate any device on the network (3m

accuracy):
 By distance from sensors or by visual map
 Temporarily activate additional APs as
sensors for greater accuracy
 Use for security, asset tracking, etc. or open
interface into 3rd party apps
Visualized Performance Optimization
 Multiple views available:

 Coverage view by radio
and AP
 Link Speed view
 Sensor IPS and IDS
coverage
 Real-time visualization
enables optimal device
placement to maximize
performance and
protection
Monitoring and Reporting
 Intuitive management dashboard provides

summary evaluations at a glance
 All views and reports can be launched from
here (charts, graphs, logs, reports, etc.)
 Automated compliance reporting (with HiGuard
Reporting module)
HiPath Wireless Manager HiGuard Reporting
Automated Compliance Reports
 Audits conducted at defined intervals based on event history and

compared with regulatory compliance specifications
 Available pre-defined reports:
 DoD Directive 8100.2
 Gramm-Leach-Bliley
 Sarbanes-Oxley
 HIPAA
 Custom report tool enables
definition of test criteria
specific to your own
company or industry
HiPath Wireless
Solutions Enablement Features
Converged
Mobile
Enterprise

HiPath Wireless Meets Your Solutions Needs
Solution Integration Voice-over-WLAN and Multimedia

 Partner solutions portfolio  H.323 and SIP support
 Integration APIs  VoWLAN client interoperability
 Certification program  Optimized voice performance and power-
saving
 802.11e/WMM support
“Operational and security  Multicast support
discussions will be augmented by
Location-based Services
the emergence of new applications  Location accuracy
and product functions that increase  Network Visualization
the value and ease the steps  Coordination with LBS applications
required to take advantage of  Support for active RFID technology
network portability and mobility in the  Visual network map and location services
enterprise.” Guest Networking
 Ability to segregate guest users
Source: US WLAN Equipment 2005-2009 Forecast by Vertical Market,
IDC 2005  Transparent, secure authentication
 Accounting and billing
Enabling Mobility Solutions
 HiPath Wireless makes it faster and easier to deliver complete converged

mobility solutions that enhance your business processes
 Converged Mobility Solutions deliver optimal performance &
functionality through:
 A portfolio of existing partner solutions HiPath Wireless Partners:
 A solution certification program for

customers and system integrators
 Open APIs for custom development:
 Location coordinates
 Presence information
 Call control information
Voice-over-WLAN (VoWLAN)
Secure Fast Roaming
 HiPath Wireless method: Pre-Authentication with Key Caching

 Highest security
 Fast secure L3 roaming (< 40ms controller to controller)
Description Pro Con
WPA2 pre-authentication  Eliminates the latency  Requires handset

and Key Caching (HiPath contribution of 802.1x support for WPA2
Secure Fast Roaming) authentication  Extra authentication
 Maintains a high level of overhead due to
voice security pre-authentication
Key Sharing  Eliminates the latency  Reduces the overall
contribution of 802.1x security by sharing
authentication PMK’s across the
network.
Secure Fast Roaming
 WPA2 client simultaneously establishes Pairwise Master Key (PMK) with

primary AP and pre-establishes PMKs with neighboring APs
 This forces the client to re-authenticate prior to roaming
 The Controller allows WPA2 to pre-authenticate
 When roaming, the WLAN client is already pre-authenticated by controller
and is allowed to roam seamlessly
PMK established
with primary AP
WPAv2 client
PMK
established
with
neighboring
AP
Quality of Service: 802.11e / WMM
 Enabled per VNS/SSID WMM Priority Marking

 4 priority queues per radio Priority Description
 Recommended when voice and (3=highest)
data traffic share same SSID AC_VO 3 Voice
 Prioritizes voice traffic AC_VI 2 Video
AC_PR 1 Prioritized
 Adaptive (end-to-end) QoS: non-RT Data
 CTP IP packet automatically AC_DA 0 Data
configured to DSCP matching
WMM marking
 The HiPath Wireless Portfolio is
Wi-Fi Multimedia (WMM) certified
Quality of Service: Adaptive QoS
 HiPath Wireless maintains IP QoS prioritization between the wired and

wireless networks
 IP TOS field (DiffServ/Precedence) copied to CTP header
 Entire 8 bits are copied
 Client IP QoS maintained within CTP
 Adapts seamlessly to existing wired QoS policies
11100000
0 7
11100000
0 7
IP TOS 11100000
0 7
Subnet B
Subnet y Subnet A
Subnet x
Voice
Gateway 10000000
0 7
VNS Subnet C 10000000

10000000
0 7
0 7
End-to-end Voice Quality of Service (QoS)
 High Quality Voice  End to end QoS

 R-value >78 for 12 concurrent calls  802.11e / WMM
 Turbo Voice queue  DiffServ
 Legacy QoS  Adaptive QoS
 SpectraLink SVP (VIEW certified)  Call Admission Control
 Prioritization by SSID  TSPEC (client and AP)
 Battery Life  Load Balancing
 optiPoint WL2 power optimization  QBSS Load, Neighbor reports
 UAPSD WMM
IP TOS/Prec/DSCP IP TOS/Prec/DSCP IP TOS/Prec/DSCP
LAN QoS
Traffic Shaper
Subnet B
Subnet y Subnet A
Subnet x
VoIP Subnet C
Gateway
Enhanced Roaming with QBSS Load IE
Least Busy
AP 1 QBSS AP 2 QBSS
LOAD LOAD
2.4G available 3 MBps iated est 2.4G available 8 MBps

s oc equ bandwidth
bandwidth Bea
co As o
R
be load
)
(SSI n & Pr r
P SS
5G available 20 MBps D, … ob n & , QB 5G available 12 MBps
, QB e Requ a c o bandwidth
bandwidth SS l e
oad st Be ID, …
) (SS
Be (SS
ac ID
on , …
ted
& ,Q
i a
Pr B
o c
ob SS
s
As
e
Re loa
qu d)
es
t
AP 4 QBSS
LOAD
2.4G available 2 MBps AP 3 QBSS
bandwidth LOAD
5G available 7 MBps 2.4G available 4 MBps

bandwidth bandwidth
5G available 15 MBps
bandwidth
AP Channel Report
 Siemens proprietary IE provides details of all configured channels per

radio/SSID for the entire wireless network
 As a result, the client has less channels to scan
 Reduces roaming time
 Increases battery life
est
R equ port
be re
VNS-SSID Voice: Beacon
& Prob & Pro hannel
(SSID, e co n c 1 )
1
…, APc Request Bea D, …, A
P
1,6,
Channels 1,6,11 hannelr
eport (SS
I
1,6,11)
B
(S eaco
SID n
,… &P
, A rob
Pc e
ha Re
nn qu
e e
1,6 lrep st
,11 ort
)
Call Admission Control (CAC)
 Client device requests a TSPEC (ADDTS)

from the Access Point ADDTS
 AP responds with success or failure

(accept or deny)
Utilization (Util)
 AP responds based on CAC rules:
100%
 If Util < MAXNew
Deny
 Accept 80% = MAXRoam
Allow
 If MAXNew < Util < MAXRoam
Roaming
 Accept only established calls that are 60% = MAXNew
roaming
 If Util > MAXRoam
Allow
 Deny New Calls
 If denied, client attempts association
with the next best AP based on QBSS
Load IE 0%
Balancing WLAN Security & Voice Performance
Security High-Performance Voice
Some suggest compromise:

Voice and data segregated by VLANs Use of less robust but more efficient
to maintain data WLAN security security (eg. WEP) ensures high quality
This does not work because: voice
Voice network is still vulnerable This does not work because:
Limited application convergence The security problem is not solved
To achieve Secure WLAN & VoWLAN today:

Encryption: WPA2 & WPA2-PSK QoS: 802.11e (WMM)
Authentication: 802.1x or PSK AP reports for better roaming and load
Roaming: 802.1x w/ pre-auth balancing decisions (eg. QBSS load IE)
WIDS/WIPS: prevent credential Optimized end-to-end VoIP network with
compromises minimal packet loss and jitter
Further enhancements coming:

802.11r – next generation secure fast roaming
CAC: WMM TSPEC
Power save: U-APSD
802.11k: better roaming decisions
802.11u: advanced CAC (eg. e911)
Dual-mode VoWLAN – Public Network Roaming
Cellular communication
Consistent feature set & UI
Public Mobile
Network
Mobility HiPath
Appliance 8000
Hand-over softswitch LAN
Control Enterprise
IP Network
HiPath
Wireless
Network
ONE mailbox & ONE directory
ONE number service
Mobile on-/off-site Enterprise on-site

HiPath WLAN Controller & HiPath Integration
Large Enterprise / Campus Small Enterprise / Building

HiPath
HiPath HiPath
Access Points
WLAN WLAN optiClient
Handset handset
HiPath
Access
PSTN Points
optiClient
optional
HiPath 3000 HiPath WLAN

Controller
Corporate
Branch Office
WAN
All-in-One Solution:
- HiPath 1/3K
- Access Router
- LAN-Switch
- WLAN Controller HiPath HiPath optiClient
Access WLAN
HiPath 3-8K Points handset
Communication
Platforms PSTN
(incl GWs) HiPath
WLAN Controller
HiPath Wireless Guest Networking Solutions
 Providing WLAN access to guests gives businesses:

 An additional revenue stream
 Increased customer satisfaction
 Higher competitiveness and productivity for visiting employees or partners
 Guest services over HiPath Wireless leverage existing infrastructure
while maintaining corporate network security and performance
 VNS defining unique security, performance, and network access
 Partnership with Garderos delivers a
complete Guest Services solution, including:
 User registration
 Authentication
 Accounting
 Billing
HiPath Wireless Location Service Solutions
 Location-based Services (LBS) let

companies: “A new class of enterprise
application that… use[s] the
 Track staff across campuses
mobile and ubiquitous nature of
 Find key equipment or inventory the WLAN to support business
 Efficiently deploy mobile resources processes in ways a wired
network cannot.
 LBS boosts resource productivity and
availability, and minimizes the costs of In essence, the network
theft or loss becomes a source of business
data instead of a mere conduit.”
 HiPath Wireless Manager HiGuard can
locate any device on the network to Source: US WLAN Equipment 2005-2009 Forecast Update, IDC 2005
within 3 meters, and represent it on a

floor plan
Location Partners:
 Partnerships help to deliver real-time
location services and can use RFID
tags to track anything
HiPath Wireless Healthcare Solutions
One infrastructure for all solutions
Keyand
VoWLAN HiPath WirelessKey Features:
HiPath Wireless Features:
Key HiPath and Wireless Features:

Nurse VNS-segregated
Call patient
 VNS services
segregation guest
of high-priority
 Segregation medical staff vital sign
networking from medical from
Monitor patients and
traffic staff
with and
QoSresources
Key
 Captive Portal – All guest HiPath
visitors is Wireless
via
traffic directed Features:
VNS Alerting
 Access Points bridge monitoring traffic
to a login page (internal Excellent
 Strict
or forWPA2 QoS
external) and fastauthentication
(802.11i) secure roaming and
locally highest performance & reliability, RFID Services
Ability
Key HiPath
 encryptionto segregate
Wireless
comply voice
with Features:
traffic from
industry regulations
while forwarding other traffic centrally
VoWLAN Solution Components: mission-critical
HiPath Wireless dataCACvia VNS
to ensure that alerts
 HiMed receive uninterrupted priority access
Partners
Siemens
Siemens Solution Components:
Draeger Solution
WinView Components:
 HiPath QoS 2000
 HiPath
Siemens IP Communications
Solution Components: Platforms
Partners
 Garderos  optiPoint
 DACS WL2
Benefits: Alerting
professional
Server phone and
Mobile Data Partners: optiPoint
optiClient
 Secure soft
WL2phone
real-time professional
access phone
to centralized
 Draeger Infinity One Net
Access  HiPath
patient IP for
data Communications Platforms in
medical staff everywhere
Benefits:
Partners:
 Additional revenueBenefits:
streamthe hospital and in branches
Mobile
 Improved patient service Vocera
 Elimination of paper files and separate,
 Centralized monitoring and remote control Monitoring
SpectraLink
Benefits: data transfer into IT system
 error-prone
from Draeger MultiView WorkStations
 Staff receive alerts immediately
 Fast emergency response
Hotspot for
Benefits:
Patients and
 Always reachable and able to communicate
Visitors
Multimedia
Real-time Application Optimization
Challenges: Dräger Real-time Optimization

Local traffic bridging and
 Monitoring and alerting must multicast support enabled Dräger Dräger
Monitor
Centralized management Infinity
be responsive and resilient OneNe
VoIP t Segregate
 End-to-end QoS is needed Hospital Server
LAN
d Dräger
Network
 Atypical network applications

Hospital
HiPath Wireless Ensures: Voice
Staf WLAN
f
Users Dat
 WLAN multicast support for a
real-time monitoring via Dräger
Infinity OneNet, etc.
 Fit APs can locally bridge HiPath Wireless is the industry’s only
specific applications for Dräger-certified WLAN, and delivers the
dedicated high performance most optimized solution for real-time
 Interoperability with HiPath healthcare applications with unique
QoS 2000 for end-to-end QoS multicast and traffic bridging support
RFID Application Scenarios in Healthcare
Access and inventory of

 HiPath Wireless Manager HiGuardpharmaceutical
can locatecabinets
any device
on the network
Tissue sample toand
and Medical Records other medical
within 3 meters, and represent it on a floor plan
Tracking and
product
identification of
identification
 Tight integration with RFID-based vendors provides
pharmaceutical Real-time hospitals with
inventories patient
complete real-time location services location
systems Access to
Access and inventory of
parking areas
Location Partners: pharmaceutical cabinets
and Medical Records
Tissue sample and
other medical
Tracking and
identification of product
pharmaceutical identification
Real-time
inventories patient
location
systems Access to
parking areas
RFID wristbands Asset &

identify patients equipment
RFID wristbands Asset &
tracking
equipment
Accurate
identify patients identification of
tracking
medications for Accurate
safety identification
check of
medications for safety check
HiPath Wireless Manufacturing Solutions
One infrastructure for all solutions
Mobility for Bar Coding and

Outdoor & Harsh Inventory
Environments
VoWLAN
Data Entry
Location
Services
HiPath Wireless Manufacturing Solutions
Network Topology
Office Space
Shop Floor
HiPath Wireless
Access Points Induststrial WLAN
HiPath
Wireless Controller
HiPath
QoS2000
HiPath
QoS2000 W788 -1PRO
optiClient W788 -1PRO
W744-1PRO
W744-1PRO
Industrie IE/PB Link
Ethernet PN IO
Company ET200S PN
WAN PROFIBUS
ET200X IO-Devices
HiPath 3-8K
HiPath
Wireless PSTN
Controllers
HiPath Wireless Manufacturing Differentiators:
SCALANCE W Industrial-grade WLAN Integration
Challenges: SCALANCE W Integration
 Overcome harsh climate and Centralized management

of all Access Points
interference issues
Corporate Office Plant Floor
 Centralized management of
dispersed infrastructure
 Unified WLAN across
carpeted office and plant floor
 Use of enterprise applications
Users can seamlessly move between the
SCALANCE W Delivers: office and the plant floor
 Highly rugged housing and

Integration of the SCALANCE W Access
industry certifications
Point extends WLAN access and the
 Full management and feature unique Converged Mobility Solutions to
integration with centralized harsh manufacturing environments
HiPath Wireless Portfolio
Conclusion
Driving Value with Converged Mobility Solutions
 HiPath Wireless drives value through superior Converged Mobility

Solutions while maintaining control over network operations and costs
 A strong foundation for the Converged Mobile Enterprise:
 Flexible, open architecture
 Highly secure and easy to manage
 A suite of network-aware converged applications supported by a robust
partner program
 Converged mobility solutions are able to build on the initial WLAN
foundation to continually drive value as enterprise needs evolve
 HiPath Wireless can help your organization develop into a more
competitive, adaptive, and flexible Converged Mobile Enterprise
Why Choose HiPath Wireless?
Complete Enterprise Communications Solutions

 Global leader in converged IP voice communications
 Platforms, client devices, applications, professional services
 Long-standing leadership in wireless and radio communications
Investment Protection
 Scalable, ‘future proof’ design based on industry standards
 Architected and ready for voice/data convergence
 Vendor commitment and viability
Trusted Provider
 Proven leadership in innovation
 Worldwide enterprise communications revenue of over $3.5 billion
 Global presence
BACKUP
What’s so Different?
Technology
Fit AP Fit AP Split MAC Fat AP

(coordinated) (branch)
Termination of PHY AP AP AP AP
Termination of MAC AP AP Controller AP
Termination of management protocols Controller Controller Controller AP
Optimal Deployment Overlay Branch Wiring Closet Branch
Coordinated
Split MAC AP
Mode
Fit AP
Stand-
Alone
Mode
Fat AP
What’s so Different?
Technology
Function Fit AP Split MAC Fat AP
802.11 management protocol (RADIUS, 802.1x, Controller Controller AP

SNMP, etc.)
Probe, Authentication and Association Messages AP Controller AP
Frame Translation (802.11 to 802.3) AP Controller AP
Encryption AP Controller AP
Dynamic RF Management Operation (DRM) AP Controller External SW
QoS (802.11) AP AP AP
QoS (802.3/IP reassignment) AP Controller AP
Bridging AP (branch Controller AP
mode)
Controller
(coordinated)
L2 Roaming AP (branch) Controller AP
Controller
(coordinated)
L3 Roaming Controller Controller External SW
AP Discovery in Detail
Multiple Discovery Approaches
 First try Static config  Method that is successful
 If fail – then try DHCP Option 78 & SLP remembered upon next
 If fail – then try Domain Name Service reboot/restart
 If fail – then try Layer 2 Multicast (SLP)  Failure = unsuccessful after N
 If all fail, then repeat process retries and M seconds between
indefinitely. retries. N and M are configurable
from GUI
DHCP DNS
DHCP Multicast
DNS
Distinct Roles for VoWLAN and DECT
Mobile Mobile Mobile

Voice Voice & Data Data
HiPath Cordless - DECT does not provide
Preferred Solution for wireless data
voice only: - DECT and WLAN
- DECT does not provide
DECT - Cost effective parallel to be
wireless data
- High quality considered
- Mature, proven for substantial existing
technology DECT installations
HiPath Wireless HiPath Wireless
Converged WLAN for Leading-edge WLAN
voice and data solution for enterprise-
- Deploy WLAN if later
- Fast secure roaming wide deployment
WLAN expansion to wireless
- Premium voice quality - Security
data is planned
(QoS) - Scalability
- WLAN phones and - Manageability
soft clients - Virtual WLANs, Hosting
Quality of Service: SVP Support (WL1)
End-to-End QoS w/ SVP support (SpectraLink Voice Priority)

• SVP “Backoff”
• SVP PDU prioritized
Works with any other VoWLAN solution
Adaptive QoS on wired LAN
Prioritized SSID required, unless WMM client
Subnet B
Subnet A
Subnet y
Subnet x
Voice Subnet C
Gateway
VNS= “Enterprise VoWLAN” VNS
SSID= “VoWLAN” VNS= “Enterprise Data”
VNS #1
SVP= enabled SSID= “Employee”
SVP= disabled
VoWLAN Solution with optiPoint WL1 professional
Deployment Model
All devices must sit on the same

LAN segment
• Phones cannot roam across subnets
without dropping calls
• Gateways and Servers cannot
support a set IP address change
during call
Multicast required for registration

and “Push-to-Talk”
• Requires infrastructure enabled with
Support over
a single multicast
segment
HiPath Wireless Proposition with a WL1 Solution
Deployment Model
Intranet
APs can be deployed across router

hops
• Solution can now scale to support a
larger network with APs on multiple
subnets
• Phones don’t have to exist on a single
subnet
• Phones don’t need to support subnet
roaming
Works without multicast being
enabled on the infrastructure
WL1 Solution
SpectraLink Radio Protocol (SRP)

• SpectraLink’s proprietary IP protocol for providing communication between their voice sets and
their gateway products
• Phone and Gateway do IGMP version 1 – Group Membership Report
• UDP & IP multicast to SPECTRALINK.MCAST.NET group (IP group address 224.0.1.116) for
discovery and registration
• SRP Unicast (IP port 119) for voice (like RTP) and other signaling
Access Points
HiPath Wireless SpectraLink
SpectraLink Controller NetLink Gateway
NetLink e340/i640
HiPath Controller Support

 SpectraLink’s multicast was designed not to work over router hops (i.e. TTL set to 1)
 HiPath Controller treats this as a special case and will forward these packets to ensure delivery
to devices and gateways
WL1 Solution
SpectraLink Voice Priority (SVP) is the de facto standard for offering QoS
for voice services on 802.11 today
• SVP was defined in the absence of any 802.11 QoS mechanisms

• It is defined as a specific mechanism to allow prioritization of packets from an
AP to a SpectraLink device
• It requires SRP packets to be queued in front of all other packets
• Sets the 802.11 contention backoff period to 0 for those packets
Access Point Support of SVP
• Based on our implementation of WMM (WiFi Multimedia)

• SRP packets are placed in the high priority queue (AC3) according to WMM
rules
• AC3 defines specific backoff mechanisms to support high quality voice
Glossary of Terms
3PAP Third Party AP
AAA Authentication, Authorization, Accounting

AES Advanced Encryption Standard
AP Access Point
BSSID Basic Service Set Identifier
CAPWAP Control and Provisioning of Wireless Access Points
CCX Cisco Compatible Extensions
CDR Call Detail Record
CLI Command Line Interface
CTP CAPWAP Tunnelling Protocol
DECT Digital Enhanced Cordless Telecommunications
DHCP Dynamic Host Configuration Protocol
DRM Dynamic RF Management
DSCP Differentiated Services Code Point
EAP Extensible Authentication Protocol
Glossary of Terms
HWC HiPath Wireless Controller

ICMP Internet Control Message Protocol (Ping, etc.)
IGMP Internet Group Management Protocol (Multicast)
IPSec IP Security (VPN)
LEAP Lightweight EAP
MAC Media Access Control (Layer 2)
MOS Mean Opinion Score (Voice quality standard)
MU Mobile User
NAPT Network Address Port Translation
OSPF Open Shortest Path First (Dynamic routing protocol)
PBX Private Branch Exchange
PKI Public Key Infrastructure (Digital Certificates)
PMK Pairwise Master Key
PoE Power over Ethernet
PSK Pre-shared Key
Glossary of Terms
PSTN Public Switched Telephone Network

PSU Power Supply Unit
QoS Quality of Service
RADIUS Remote Authentication Dial In User Service
RF Radio Frequency
RU Replaceable Unit
SIP Session Initiation Protocol
SLP Service Location Protocol
SNMP Simple Network Management Protocol
SRP SpectraLink Radio Protocol
SSID Service Set Identifier (Wireless Network Name)
SVP SpectraLink Voice Priority
TKIP Temporal Key Integrity Protocol
TOS Type of Service
VLAN Virtual LAN
Glossary of Terms
VNS Virtual Network Services
VoIP Voice over IP
VoWLAN Voice over Wireless LAN
VPN Virtual Private Network
VSA Vendor Specific Attribute
WEP Wired Equivalent Privacy
WMM Wi-Fi Multimedia
WPA/ Wi-Fi Protected Access

WPA2

HiPath Wireless Technical Presentation HWCSv4 HWMv2

Transféré par

Informations du document

Description originale:

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

HiPath Wireless Technical Presentation HWCSv4 HWMv2

Transféré par

Droits d'auteur :

Formats disponibles

HiPath Wireless

 Operational Control Features

 Solutions Enablement Features

HiPath Wireless drives value through superior Converged Mobility Solutions

HiPath Wireless unique differentiators lie in three key areas:

Unequaled Operational Flexible, Open Exceptional Solutions

• Industry-leading integrated • A highly flexible • Open partner ecosystem

Converged Mobility Applications

HiPath Wireless Management Suite

HiPath Wireless Controllers

HiPath Wireless APs and Sensors

Converged Clients & Devices

AP 2610 & AP 2620

 Expands enterprise WLAN functionality to harsh industrial and outdoor

HiPath Wireless Manager

HiPath Wireless Assistant

HiGuard Reporting Module

 Centralized multi-Controller management

 Resolves unique “open air” challenges of

optiPoint WL2 optiPoint WL1 optiPocket optiClient130

optiPoint WL2 professional WiFi Phone

Professional Services Lifecycle Services

Consult Design Build Support Manage Educate

 Network management  Asset management

HiPath Wireless Manager HiPath Wireless Access Points

HiPath Wireless Controller and

IP Network Mobile Session Management

VLAN-based WLAN Appliance

Wireless LAN Switch

Independent Wireless Domain

 802.11a/b/g: certified 802.11k: pre-standard work done, but

Traffic is tunneled from Access Points to the Controller via CTP

Public Access – Any Mode

 Multiple Controllers can Existing L2 switch

 Works with multiple

 WAN router optional

 Single logical network

 Single VPN Gateway

 WLAN Wireless Security as required

 3rd Party APs must reside

 Controller implements IP Network

policy on user traffic that

“VNS” with its own IP

 Introduced management server to  Introduced “branch controllers” to

 HiPath Wireless Access Points can dynamically decide if traffic should

Maintenance & Configuration Security

 Web-based centralized management interface that resides on the

 VNS groups can segment  Network privacy maintained

 Each VNS is configured with

 Each VNS can be configured to bridge traffic locally at the AP instead of

Separate security options can be defined

QoS can be enabled or disabled on a

 VNS groups can only see specified

Centralized distribution of AP software updates minimizes ongoing

Individual users can be identified to allow administrators to take

 AP and Controller information is

 Accounting information configured per VNS and sent as Call Detail

Survives network failures

 Controllers are paired for redundancy and must continually provide

 Access Points learn address of failover Controller during discovery

 Dynamic optimization of RF power and channel selection performed

Shaped Coverage OFF

HiPath Wireless lets enterprises