the multiple faces of mobility and the impacts on your network
DESCRIPTION
Whether it is the "bring your own devices" trend or the challenge of providing a wireless network that meets expectations, the increasingly mobile nature of the workplace is a challenge for IT. This presentation explores key aspects of the more mobile workplace including: - Whether the modern WLAN does away with the need for a Wired LAN? - Do I need to provide Wireless LAN in my remote and/or home offices? - How do I secure the mixture of devices (including BYO) and users? - And how do I retain a control over my ICT and comms strategy in the face of the increased consumerisation of IT?TRANSCRIPT
PRESENTERS
PAUL LEWIS
MARIA GOGGIN
Managing Mobility
What is Mobility?
Mo
bili
ty Smart Devices
Wireless
Homeworking
From Portability to Mobility
• Portabilitye.g. Homeworking
A laptop and VPN client provide
portability. Users were mobile but
their content was not.
“True mobility means the user and
the applications they use
are not tied to a specific device”
Applications ...
Any device
Anywhere
Anytime
Factors Driving Change
Business Efficiency
People
Technology60% of
employees
believe
they don’t
need to be
in the
office to
be
productive
67% employees would
choose a lower paying
job with more work
flexibility
Smartphones
289M in 2010 will increase
to 1B in 2013*
Tablets
54.8M in 2011 will increase
to 300M in 2013*
The Perfect Storm
20% of workers telecommute
1B+ worldwide mobile workers in 2011
One third of workers will be mobile by 2013
Smartphone adoption
growing 50%+ annually
IT consumerisation: Now a reality
1.3 billion networked
mobile devices entering the
workplace
Mobile
Individuals
Mobile
Technology
Do you allow employees to use their own devices to access data and certain applications?
Source: Quocirca
The data sharing paradox – Sept 2011
Really?!
Not just more applications, but ones that are more and more demanding on the network
Where are IT in the „Storm?‟
“IT Needs to Lead, Not Just Tolerate,the New Way of Working”Yankee Group 2011
Corporate Owned, Controlled and Secured
Current –Tolerated
•Employee Owned
•Partially Secure
Regain Control?
Paul Lewis, Network Consultant
Specialist in Wireless LAN
10 years experience in Enterprise deployment
Agenda
• Considerations for building Enterprise-class WLAN
• Considerations for securing remote access regardless of
connection
• Considerations for developing application infrastructures
for the “any connection, any device” world
Wireless LAN – The Big Picture
• WLAN traffic levels will increase at an accelerating rate
• This traffic will largely originate with devices with no Ethernet port
Wireless LAN – The Big Picture
• The new generation of devices are:
Powerful
Truly usable on the move
Affordable
Have no wired connection
Fashionable
• Users will demand the flexibility and performance that
WLAN provides
• Enterprise-class WLAN provides connectivity with control.
IT must exercise that control.
Building an Effective Wireless LAN
IT Requirement
Security Connectivity Ease of Management
Connectivity
Considerations
Build one physical Wireless LAN
The latest 802.11n technology must be supported
Support must be in both 2.4 GHz and 5 GHz, simultaneously
Make it available throughout your premises
Provide high density coverage
Access Points should be Gigabit-attached
Power over Ethernet is required (min. 802.3af)
Interactive communications (e.g. VoWLAN) require special
consideration in coverage & QoS
Connectivity
More Considerations…
Consider traffic flows carefully when selecting
deployment models
Consider small offices and home offices as prime
locations for extending the control offered by your
Corporate WLAN
Consider WiFi capability when assessing client devices
Test / pilot clients in your environment
To wire or not to wire?
• How much will wireless connectivity
replace wires?
Fixed wired connectivity recommended
for fixed locations (e.g. desktop PCs)
Wired connectivity is essential for the
WLAN APs.
Logical Connectivity
Connectivity - Approaches
Build multiple logical WLANs over the common physical
infrastructure - SSIDs : VLANs : subnets
Exercise context awareness and control
Who is connecting?
From what device?
What applications are being used?
Handle traffic appropriately to each blend of variables
Suitability for the application is key
Device Fingerprinting
User & Device Aware Architecture
Distinguish user on IT
issued laptop vs.
same user on
personal device
Apply per User and
per Device Access
Control
Identify Device types with Model and OS as they connect – e.g. iOS, Android,
Windows, RIM
Device Context for Role Based Access
Secure Access
Security Considerations
Security measures should be
as transparent as possible to users
Use RADIUS as a central authority for authentication
Integrate with Active Directory
Use Digital Certificates as credentials for network and
clients (EAP-TLS)
Avoid username & password-only solutions
Avoid consumer systems using pre-shared keys
Secure Access
Secure Guest Access
Differentiate between types of Guests
E.g. Internal / external
Use Captive Portal for authentication (browser login)
Include appropriate disclaimers (e.g. lack of encryption)
Consider splash page as a medium for client interaction
Consider appropriate traffic control (web filter / proxy)
Avoid pre-shared key authentication / encryption
Ease of Management
Ease of Management
A single point of centralised monitoring and management
for the WLAN, across the enterprise, is essential
Use of WLAN means specific software for it‟s management
Visual view of coverage
Bespoke Intrusion Prevention for WLAN
Rogue AP detection and localisation
Status, performance and security monitoring
Personnel, expertise and policy
'Modern' - Secure Remote Access
Security - Approach
Consider virtues of clientless and client-based solutions
Clientless portability
Portability
Low cost
Client-based control
Platform support
Management overhead
Increased Cost
Hybrid (downloadable „client‟)
Security Follows User
Broad Mobile Support
• Fixed and semi-fixed platforms
• Mobile platforms
Persistent Connectivity
• Always-on connectivity
• Optimal gateway selection
• Automatic hotspot negotiation
• Seamless connection hand-offs
Next-Gen Unified Security
• User/device identity
• Posture validation
• Integrated web security for always-on security (hybrid)
• Clientless and desktop virtualization
Corporate
Office
Mobile
User
Home
Office
Secure,
Consistent
Access
Voice, Video, Apps, Data
Wired
Cellular/
Wi-Fi
Wi-Fi
Mobile Applications Strategy
Develop a strategy for mobilising applications
Where is data held?
Presentation method at the client
Infrastructure which glues the two together
Consider the relative benefits of App-based and browser-driven approaches
Choose development platforms and publish them widely within your organisation
Review and update them regularly
Conclusion
Be proactive about mobility and regaining control
Make application access central to your strategy
Enterprise-class WLAN allows you to extend control
Contact Details & Additional Resource
Maria GogginHead of Marketing
Paul LewisNetwork Consultant
How to Guide on Network Management for the 21st Century available at:
http://www.networksfirst.com/How-to-Guide.aspx