PRESENTERS

PAUL LEWIS

MARIA GOGGIN

Managing Mobility

What is Mobility?

Mo

bili

ty Smart Devices

Wireless

Homeworking

From Portability to Mobility

• Portabilitye.g. Homeworking

A laptop and VPN client provide

portability. Users were mobile but

their content was not.

“True mobility means the user and

the applications they use

are not tied to a specific device”

Applications ...

Any device

Anywhere

Anytime

Factors Driving Change

Business Efficiency

People

Technology60% of

employees

believe

they don’t

need to be

in the

office to

be

productive

67% employees would

choose a lower paying

job with more work

flexibility

Smartphones

289M in 2010 will increase

to 1B in 2013*

Tablets

54.8M in 2011 will increase

to 300M in 2013*

The Perfect Storm

20% of workers telecommute

1B+ worldwide mobile workers in 2011

One third of workers will be mobile by 2013

Smartphone adoption

growing 50%+ annually

IT consumerisation: Now a reality

1.3 billion networked

mobile devices entering the

workplace

Mobile

Individuals

Mobile

Technology

Do you allow employees to use their own devices to access data and certain applications?

Source: Quocirca

The data sharing paradox – Sept 2011

Really?!

Not just more applications, but ones that are more and more demanding on the network

Where are IT in the „Storm?‟

“IT Needs to Lead, Not Just Tolerate,the New Way of Working”Yankee Group 2011

Corporate Owned, Controlled and Secured

Current –Tolerated

•Employee Owned

•Partially Secure

Regain Control?

Paul Lewis, Network Consultant

Specialist in Wireless LAN

10 years experience in Enterprise deployment

Agenda

• Considerations for building Enterprise-class WLAN

• Considerations for securing remote access regardless of

connection

• Considerations for developing application infrastructures

for the “any connection, any device” world

Wireless LAN – The Big Picture

• WLAN traffic levels will increase at an accelerating rate

• This traffic will largely originate with devices with no Ethernet port

Wireless LAN – The Big Picture

• The new generation of devices are:

Powerful

Truly usable on the move

Affordable

Have no wired connection

Fashionable

• Users will demand the flexibility and performance that

WLAN provides

• Enterprise-class WLAN provides connectivity with control.

IT must exercise that control.

Building an Effective Wireless LAN

IT Requirement

Security Connectivity Ease of Management

Connectivity

Considerations

Build one physical Wireless LAN

The latest 802.11n technology must be supported

Support must be in both 2.4 GHz and 5 GHz, simultaneously

Make it available throughout your premises

Provide high density coverage

Access Points should be Gigabit-attached

Power over Ethernet is required (min. 802.3af)

Interactive communications (e.g. VoWLAN) require special

consideration in coverage & QoS

Connectivity

More Considerations…

Consider traffic flows carefully when selecting

deployment models

Consider small offices and home offices as prime

locations for extending the control offered by your

Corporate WLAN

Consider WiFi capability when assessing client devices

Test / pilot clients in your environment

To wire or not to wire?

• How much will wireless connectivity

replace wires?

Fixed wired connectivity recommended

for fixed locations (e.g. desktop PCs)

Wired connectivity is essential for the

WLAN APs.

Logical Connectivity

Connectivity - Approaches

Build multiple logical WLANs over the common physical

infrastructure - SSIDs : VLANs : subnets

Exercise context awareness and control

Who is connecting?

From what device?

What applications are being used?

Handle traffic appropriately to each blend of variables

Suitability for the application is key

Device Fingerprinting

User & Device Aware Architecture

Distinguish user on IT

issued laptop vs.

same user on

personal device

Apply per User and

per Device Access

Control

Identify Device types with Model and OS as they connect – e.g. iOS, Android,

Windows, RIM

Device Context for Role Based Access

Secure Access

Security Considerations

Security measures should be

as transparent as possible to users

Use RADIUS as a central authority for authentication

Integrate with Active Directory

Use Digital Certificates as credentials for network and

clients (EAP-TLS)

Avoid username & password-only solutions

Avoid consumer systems using pre-shared keys

Secure Access

Secure Guest Access

Differentiate between types of Guests

E.g. Internal / external

Use Captive Portal for authentication (browser login)

Include appropriate disclaimers (e.g. lack of encryption)

Consider splash page as a medium for client interaction

Consider appropriate traffic control (web filter / proxy)

Avoid pre-shared key authentication / encryption

Ease of Management

Ease of Management

A single point of centralised monitoring and management

for the WLAN, across the enterprise, is essential

Use of WLAN means specific software for it‟s management

Visual view of coverage

Bespoke Intrusion Prevention for WLAN

Rogue AP detection and localisation

Status, performance and security monitoring

Personnel, expertise and policy

'Modern' - Secure Remote Access

Security - Approach

Consider virtues of clientless and client-based solutions

Clientless portability

Portability

Low cost

Client-based control

Platform support

Management overhead

Increased Cost

Hybrid (downloadable „client‟)

Security Follows User

Broad Mobile Support

• Fixed and semi-fixed platforms

• Mobile platforms

Persistent Connectivity

• Always-on connectivity

• Optimal gateway selection

• Automatic hotspot negotiation

• Seamless connection hand-offs

Next-Gen Unified Security

• User/device identity

• Posture validation

• Integrated web security for always-on security (hybrid)

• Clientless and desktop virtualization

Corporate

Office

Mobile

User

Home

Office

Secure,

Consistent

Access

Voice, Video, Apps, Data

Wired

Cellular/

Wi-Fi

Wi-Fi

Mobile Applications Strategy

Develop a strategy for mobilising applications

Where is data held?

Presentation method at the client

Infrastructure which glues the two together

Consider the relative benefits of App-based and browser-driven approaches

Choose development platforms and publish them widely within your organisation

Review and update them regularly

Conclusion

Be proactive about mobility and regaining control

Make application access central to your strategy

Enterprise-class WLAN allows you to extend control

Contact Details & Additional Resource

Maria GogginHead of Marketing

mariagoggin@networksfirst.com

Paul LewisNetwork Consultant

paullewis@networksfirst.com

How to Guide on Network Management for the 21st Century available at:

http://www.networksfirst.com/How-to-Guide.aspx