Secure Mobility
Identity-Based Networking also enables secure mobility by basing protection and access control on user identity rather than physical ports. The Trapeze Mobility System Software employs the integrated data plane shared by the Mobility Exchange and the Mobility Point to set up and tear down VLANs dynamically in real time. All existing policies, like encryption, access control lists (ACLs), class of service (CoS), quality of service (QoS) and routing, are leveraged across the wired and wireless LAN.

Unlike Trapeze’s approach, Mobile IP is far more complex, initiating IP Security (IPsec) tunnels and translating network addresses for every mobile user. Because Trapeze employs a Layer 2 solution for a Layer 2 issue—VLANs—there’s no need to alter IP addresses, vastly simplifying troubleshooting.

Trapeze also maintains multiple, separate broadcast domains. In contrast, other approaches use service set identifiers (SSIDs) to establish VLANs. SSIDs restrict the number of VLANs. Further, unless each SSID is replicated at every access point (AP), users will be unable to connect to the network. In effect, every VLAN must run everywhere, requiring switches and routers to be extensively reconfigured.

Just because users can roam doesn’t mean they should. IT can employ RingMaster to define mobility profiles that specify where users (and visitors) can and can’t go. RingMaster and Identity-Based Networking make authorization even more granular, thanks to user-based ACLs. IT might grant visitors Internet access but prevent them from reaching internal resources. RingMaster defines mobility profiles based on user, group or domain.

Further, Trapeze prevents rogue attacks. Only authenticated users can use the network; all wireless exchanges are encrypted. Trapeze also simplifies rogue detection. Rather than forcing IT administrators to perform hit-or-miss manual radio frequency (RF) checks, Trapeze performs RF sweeps and maps RF topology and user locations. In addition, RingMaster sweeps all channels rather than just listening for beacons, since hackers can easily turn off beaconing during attacks.

Identity-Based Networking also aids helpdesks: When wired users open trouble tickets, they’re typically asked for their network port number. WLANs don’t have network ports, and there’s no way for users to know which Mobility Point they’re assigned to. But all tech support has to do is ask “What’s your user name?” That’s all RingMaster needs to locate users, display their roaming history and show where they were authenticated and how much bandwidth they’ve consumed.

Intelligent Planning and Management
Trapeze eliminates manual pre-deployment site surveys with RingMaster. It automates virtual site surveys, capacity and RF planning and what-if scenarios offline.

RingMaster

It’s simple. IT first imports floor plans in standard file types, such as AutoCAD, JPEGs and GIFs. RingMaster’s wizard then prompts for more information, like office size, which is used to establish coverage. It also asks how many users are in a group and how much bandwidth their applications need. Once the design is approved, RingMaster generates work orders and complete installation plans.

When IT is ready to roll, RingMaster automatically pushes all configurations to the Mobility Exchanges and Mobility Points—with a single click of a mouse. Post-deployment, it verifies RF coverage, maps network topology and automatically distributes traffic to optimize performance. Running standalone or integrated into Hewlett-Packard’s OpenView management framework, RingMaster monitors systemwide faults and events and collects and graphs performance stats.

With RF, it’s critical to consider how building layouts and physical objects will affect signal loss. Walls, windows and cubicles absorb RF signals at different rates. Different walls actually exhibit different signal loss. To keep calculations precise, RingMaster includes a library of attenuation factors.

RingMaster Screenshot

RingMaster centralizes configuration by maintaining one systemwide image of all Mobility Exchanges and Mobility Points, which it uses to assign power levels and RF channels. If a new Mobility Point is added, RingMaster automatically recalculates channel assignments and power levels. It also superimposes the actual RF topology onto the original design in real time, speeding troubleshooting.

Trapeze also supports third-party APs; storing IP addresses; and recording RF assignments to optimize channel allocations for nearby Mobility Points. Sanctioned third-party APs are excluded from rogue lists.

Finally, RingMaster detects congestion by mapping users associated with a specific Mobility Point. If traffic is too high, it automatically shifts them to less utilized Mobility Points.

Page 1      Page 2      Page 3