The other day, I was sitting with some very smart Cisco people talking about the exciting new developments they’re working on. Very cool stuff, indeed. Somehow the subject of multivendor support came up. We all knew that, yes, Cisco does that. But we also agreed that, unfortunately not everyone else knows it.

We, no doubt, bear some of the blame because we don’t spend a lot of time talking about Cisco support for multivendor networks. Sure, no vendor wants to promote competing devices. But that’s not what we’re talking about here. We’re talking about working with and managing devices from other vendors. And we do that. Quite well in fact. Our management tools, including Prime Infrastructure, can discover all the devices on the network, including those from third parties. We can poll the devices to get high-level information such availability, basic device inventory, and top-NN reports for CPU, memory and interface utilization. And we can receive standard RFC compliant SNMP traps.

The real power comes from what we can do with Cisco devices. We’re able to get highly detailed data about our devices and apply intelligence—that’s the smart part—to turn that data into real network benefits such as RF interference mitigation, local services discovery, Cisco knowledge-based best practices, and other performance enhancements. And because we offer a complete, end-to-end portfolio, we can get that information and apply it to more points along the data path. Very powerful stuff.

So why don’t we make a bigger deal about it?

We don’t emphasize multivendor device support because the decision to focus on a single-vendor or multivendor should depend on the customer’s needs, not our marketing. If the customer has a legacy network or is integrating a legacy network from acquired companies or locations, it might make sense to support that existing infrastructure—regardless of vendor. And if that’s what the customer needs, we’ll do that. However, this is rarely the case. Why? Because this approach is really about maintaining the status quo. And if a customer sees their network as the platform for conducting business, maintaining the status quo is never good enough.

Check back in a few weeks and I’ll explain why a more unified network is generally a better choice than multivendor.

So here I am, at a customer event in San Francisco, at an outdoor restaurant (yes, I’m cold).  Today we’ve been talking a lot about mobility – mobile devices (around 3 per person here today), how to extend access to corporate resources to employees or students or patients wherever they connect, how to manage BYOD.  No one is questioning whether this needs to happen, we have all moved on to HOW to make it happen, how to manage it, how to make it easy for users.

I’ve brought along my personal iPhone on 4G that I also use for work, and I’ve logged in to Cisco Jabber to stay connected while away from my laptop.  I’m just wondering if my manager has answered a couple of key questions for me when my phone buzzes in my pocket.  She is IM’ing on Jabber.  Where is she?  Well, you wouldn’t know it, but she is on a flight from San Francisco to New York.  Her company-owned laptop is connected using in-flight Wi-Fi, and she’s using WebEx Connect on her laptop.

What’s it called when a mirror reflects a mirror with infinite reflections, or a person holds a picture of themselves holding a picture?  That’s what this is — we are doing the same thing that we’re talking about.  We are working outside on the ground using 4G, and inside in the air using Wi-Fi, talking about mobility.  We are linked to corporate email and UC (Unified Communications) tools, and using AnyConnect VPN to access more sensitive information, regardless who owns the device, or whether it’s Windows or iOS or Andriod, or which access network or physical location.  In the sky or earth-bound city walker – we’re connected.  And talking about it.

What’s the most outlandish connection you’ve had? Any mobility Escher moments of your own?  Share with us on Twitter or Facebook.

802.11ac: The Fifth Generation of Wi-Fi Technology

In the last few months, there have been a lot of written on the emerging 802.11ac standard. This next generation of Wi-Fi promises to be very exciting since 802.11ac will address some critical pain points faced by users of 802.11n today – more bandwidth and more simultaneous users.  To help explain the technology, we put together a new Fundamentals video.  You’ll learn about new features such as:

• Operating in the 5GHz band
• Wider channels (80MHz & 160MHz) which means more capacity in the band
• Increased modulation with 256 QAM (Quadrature Amplitude Modulation), providing a significant increase in throughput over 802.11n which has 64 QAM
• Downlink Multi-User MIMO which allows an AP to transmit to multiple clients simultaneously
• Up to 8 Spatial streams which doubles the number of spatial streams used in 802.11n

Read More »

Tags: 802.11n, byod, mobility, mu-mimo, wlan

Until now, it’s been assumed that enterprise IT leaders probably view the current BYOD (“Bring Your Own Device”) movement with about the same enthusiasm as a farmer awaiting the next locust invasion.

A recent survey from the Cisco Internet Business Solutions Group (IBSG), however, indicates that BYOD may no longer be a “four-letter word” in enterprise IT departments. In fact, the study of 600 U.S. enterprise IT leaders—all from companies of 1,000 or more employees—shows that, if anything, BYOD now has a predominantly positive reputation in U.S. enterprise IT circles. Read More »

Tags: Bring your Own Device (BYOD), Cisco, devices, Horizons, IBSG, IT, leaders, mobile, mobility, research, security, support, survey

As I flew home from Interop Vegas the other night – quick side note: the event was great, check out an overview and a few fun TechWiseTV Videos: Keynote from Padma Warrior , Managing Beyond BYOD, Is Your Network Ready for Cloud? -  I realized that my kindle was not accessible, my laptop was dead and I’d already read the in-flight magazine. Given the close quarters of the commuter plane, I decided it would be okay to peek at what my neighbor was reading. As I glanced over, he turned to an article with a headline that screamed “It could happen to you!!” I then noticed it was a combat handgun magazine and decided I would give him some space.

With no reading materials, I started thinking about all of the situations that we as individuals and as organizations get into that feel secure, but which can actually be quite threatening. Those are the situations that make having insurance worthwhile. When it comes to security on the wireless network, nobody expects hackers and rogue attacks to infiltrate their network, but all of the smart network managers prepare for it anyway.

Read More »

Tags: aWIPS, mobility, mse, rogue detection, security, WIPS, wireless, wireless attacks, wireless security

By Peter Gaspar, Consulting Systems Engineer, Service Provider Mobility, Emerging Theater

It’s not new news that when it comes to network access, Wi-Fi technology is a cost-effective complement to macro radio access. Industry blogs continuously feature analysis about the economic advantages of using Wi-Fi as a small cell technology. No surprise, then, that many mobile operators have completed or are working seriously on plans to integrate this technology into their mobile ecosystems.

But when it comes to details, things start to get confusing. Terms like policy and charging, lawful intercept, mobility and SIM authentication start to pop up. The Third Generation Partnership Project (3GPP) has incorporated Wi-Fi (non-3GPP IP Access) as part of the LTE architecture, created the terminology and studied the Read More »

Tags: architecture, data offload, mobile, Service Provider, wi-fi, wifi

Navigating the BYOD onboarding process

I am not a car person. When asked to describe a vehicle, I start with color and the number of doors. Then I stop talking. However, for a short time, I worked for a luxury autos website. I could pick out a Maybach on the streets of Manhattan, I knew when Tesla was launching a new model and I could tell you which James Bond movie featured a vehicle other than an Aston Martin.

Now that I spend my days thinking about wireless networking and mobility, I’ve realized that my perception of Vegas has completely changed as well. Plans used to revolve around restaurants, craps tables and night clubs. Now, as I get ready to head to Interop Las Vegas 2012, I find myself wondering about the network. With thousands of participants simultaneously trying to gain connectivity with all of their mobile devices, I think about mitigating network interference, being prepared for high density and maintaining security for the participants and vendors at the event.

If you’re headed to Interop and these are things you wonder about as your network is growing, here is a heads up on the demos and speaking sessions that you cannot afford to miss.

Go Beyond BYOD with Cisco Demos Drop by our Interop Cisco booth (#1127)

Check out our Insider’s Guide to Interop for a list of great events covering Borderless Networks – everything from BYOD, to WAN Optimization and Cloud Connectivity! Thanks to Lauren for the great scheduler!

And if you were wondering, my car is a goldish, tan, four-door. And (just for fun) these are 007′s cars… not quite the same thing. Maybe one day!

Tags: AP 3600, byod, cleanair technology, demo, high density, Interop 2012, mobility, wireless

Tweet with peers and experts Tuesday, May 1 at 10 a.m. PST, about increasing mobile devices on your network and how you’re managing. #ciscowifi (what is a Tweetchat?)

When you live in the Bay Area, few things are consistent. With so many innovators in our midst, technology, culture and food are always evolving. The one thing we can count on is traffic. From Silicon Valley to the Golden Gate Bridge, there is nothing more predictable or aggravating. Which is why we treasure the ability to work from home, keep our hours flexible and leave our cars at home whenever possible. With bridge construction planned for the weekend, I knew I’d be relying on my bike to get around San Francisco without the frustration of getting stuck, waiting for space and looking for parking.

Similar, but slightly more technical, is preparing your network for high density as the influx of tablets and smart phones starts to crowd the network and affect performance. In both cases, the ideal scenario is to understand that there will be roadblocks, but to plan accordingly to maintain steady movement and efficiency. Our recent Mobility Tech Deep Dive Webinar “Understanding the Challenges and Solutions of Increasingly Crowded Networks” discussed the challenges organizations are facing and how they can plan for and avoid these challenges. Read my previous blog for a short introduction to the main points of that webinar.

Read More »

With all that has recently been written about BYOD, it’s clear that enterprise IT managers need to consider performance requirements on the wireless access point. With more clients accessing the network, the performance demands in terms of coverage and client density will increase. Furthermore, consumer devices such as smartphones and tablets may have difficulty connecting to an AP compared to a laptop. This could be attributed to the fact that most of these devices either do not support 802.11n or they support legacy 802.11g/a. If the devices support 802.11n is sometimes limited to 1x1 MIMO. An access point that has superior performance will be needed to address the growing needs of these new clients.

Read More »

Tags: 802.11n, byod, cleanair, ClientLink, wi-fi, wlan

As anyone who attended Cisco’s recent “BYOD without Compromise” Webinar noticed, the BYOD phenomenon is changing company priorities, and is bringing up a lot of questions about the solutions available to scale, secure and operate a successful  network. Replay the Webinar

Join us for our upcoming #ciscowifi TweetChat during which you’ll be able to engage in a real time BYOD discussion on Twitter with Cisco Technical Experts. What is a TweetChat?

April 17, 10-11am PST: TweetChat Topic: BYOD and Cisco ISE – use #ciscowifi.

First, I’ve put together just a few details based on the most popular questions posed during the recent webinar about Cisco’s approach to BYOD. And at the end of this post, I’ve also listed upcoming events for even more in depth technical discussions on a variety of BYOD topics.

Enhanced Identity Services Engine (ISE):

Cisco ISE is a context-aware, identity-based platform that gathers real-time information from the network, users, and devices. This enables IT to offer mobile business freedom with policy for when, where and how users may access the network..

ISE integrates with Prime Network Control System and supports BYOD with any 11n Wireless Access Point (even if you’re running your network in FlexConnect -- aka HREAP- mode)

In addition to managing on-boarding, Cisco ISE has full guest lifecycle management.  It also allows IT to deny access to devices for a variety of reasons; such as who you are, what device it is, if you are running the latest OS or anti-malware or how you are accessing  the network..

Posture -- Posture is the component of ISE platform responsible for enforcement of corporate security policies governing access to its enterprise network.  For example, for non-corp owned devices, you can decide what is the minimal requirements based on the device type/OS etc. Setting this up ahead of time will avoid security issues with non-supported devices

ISE also provides real-time endpoint scans based on policy to gain more relevant insight. These automated features result in a better user experience and more secure devices.  Cisco ISE uniquely leverages the network. It is essentially the brains for secure access and provides the policy to the network infrastructure (it is woven into the switches, routers, etc.)

New Prime Infrastructure:

Prime is a single package that provides complete infrastructure – wired and wireless, and mobility lifecycle management– configuration, monitoring, troubleshooting, remediation, and reporting.  This solution includes:  Prime Network Control System (NCS) for converged wired/wireless monitoring and troubleshooting, plus wireless lifecycle management, with new branch network management functionality; and Prime LAN Management Solution, for wired lifecycle management and Borderless Network services management.

Mobile Device Management (MDM):

To protect data on mobile devices and ensure compliance, Cisco is integrating with multiple Mobile Device Management vendors.  This gives IT greater visibility into the endpoint as well control over endpoint access based on the compliance of these devices to company policy (such as requiring pin lock or disallowing jailbroken devices), and the ability to do remote data wipes on lost or stolen mobile devices. If you don’t have a supported vendor, we will not be able to get as rich detail about the status of that device, however, you still get the full wired/wireless policy.

Current MDM third party vendors: Zenprise, Good, Airwatch, MobileIron

Device Operating Systems:

Wondering about which OS is preferred on your mobile device?

Cisco offers broad mobile device OS support in Cisco AnyConnect VPN software, including IOS, Android, and Windows Mobile.

Virtualization:

When it comes to virtualization, Cisco has created the Cisco Virtualization Experience Infrastructure (VXI), an end-to-end systems approach that delivers the next generation virtual workspace by unifying virtual desktops, voice, and video. Check out the link for more information on VXI, VXI with Citrix, VXI with VMware, Virtualization Services and validated Design Guides http://www.cisco.com/web/solutions/trends/virtualization/index.html

This is just a drop in the bucket. To get even more information on taking your organization beyond BYOD, don’t miss our upcoming technical deep dive webinars and in person events that speak directly to managing your growing network while you’re doing your best with limited resources.  You can also check out Cisco’s BYOD solution, Prime and ISE:

• BYOD:  www.cisco.com/go/byod.
• Cisco ISE: www.cisco.com/go/ise
• Cisco Prime: www.cisco.com/go/prime
• FAQ: BYOD Security: Secure BYOD QA

Upcoming Events

• Cisco BYOD Solution Days:
• April 12, Mobility Tech Deep Dive: Enhancing your network with Cisco Mobility Innovations
• April 25, Addressing BYOD Management Challenges with Cisco Prime.
• April 26, Prepare for High Density (as BYOD begins to crowd your network)
• May 17, Understand IPv6 for Mobility (Can your network support IPv6 for the deluge of new devices?)

Tags: byod, cisco prime, ISE, mobility, policy, security, wifi

Come watch a special edition TechWiseTV, featuring Ike, to learn how Cisco takes you Beyond BYOD. Take the BYOD challenge for a chance to win a trip to the London Olympics or other fun mobility gadgets.

Today’s enterprise mobility requirements go beyond simply connecting mobile devices. It’s about securing any access, simply managing the complexities while scaling efficiently, and ensuring an optimal user experience while easing the IT burden. Gallant Ike does all of this and more with Cisco Enterprise Mobility Solutions.

To participate, here is what you do:

• Visit http://www.cisco.com/go/challenge
• Watch the 20-minute video featuring TechWise’s Jimmy Ray Purser and Robb Boyd with IKE
• Take the Challenge!  Test your knowledge and answer 10 questions. You just may win!

Good luck!

Tags: byod, BYOD challenge, cisc wlan, cisco challenge, enterprise mobility, enterprise networks, Ike, mobility, networking, Networks, TechWiseTV, wi-fi, wifi, wireless lan controllers, wireless lans, wlan, WLC

With more than seven billion souls set to tote 10 billion mobile-connected devices by 2016, mobility has not just arrived, it’s taken over our schools, businesses and personal lives.

Just ask Mitch Davis, the CIO of Bowdoin College, a private liberal arts college in Maine. Before BYOD ever became a global IT trend, according to Mitch, the vast majority of college students were already bringing their personal devices into the campus environment.

These co-eds expected Bowdoin to fully embrace personal mobility, and, upon graduation, these same post-grads expect that their employers will do the same (this year’s Connected World Technology Report findings back this up, with more than 40 percent of recent college graduates/Gen Y employees choosing BYOD flexibility over higher pay).

Bottom line, the rules of the game are changing, and companies must move beyond basic BYOD connectivity to meet employee demands today and tomorrow. To help companies meet these demands, we’ve introduced a comprehensive approach that unifies policy, supports a better user experience and simplifies management to deliver an uncompromised user experience in any workspace. After all, Cisco wants to empower IT managers to allow employees to have their devices and use them too. That means delivering:

1. A unified security policy across the whole organization – wired, wireless, VPN and now MDM – helping companies set and enforce policies;
2. An uncompromised user experience over the entire wired/wireless network, across any type of device; and,
3. Simplified operations and network management to understand application performance from a user’s perspective, accelerating troubleshooting and lowering operating costs.

Like Ray-Ban aviators, BYOD is here to stay. And done the right way, BYOD demands a comprehensive approach to allow current and future employees to work how they want, when and where they want, and on the devices they want – while still allowing IT the control and visibility to sleep at night.

Learn more about our announcement and new technologies here.

By the way, whether you’re a college student or have been working for 30 years, you’re eligible to take the BYOD Challenge and win a trip to 2012 London Olympics – good luck!

Tags: access point, beyond byod, bring your own device, Bring your Own Device (BYOD), byod, CIO, enterprise mobility, MDM, Mobile Device Management, mobile devices, network management, vpn, wi-fi, wifi, wireless access points, wireless LAN, wlan

Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.

Let’s review the some of typical components of the enterprise wireless security model.

What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method.  802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world.  802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.

What is EAP?

EAP  (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.

What is 802.11i?

Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA  as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i  introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.

Read More »

Tags: 802.11, 802.11i, 802.1x, AAA server, access point, access points, EAP, EAP-FAST, EAP-TLS, engineer, engineers, PEAP, wi-fi, wifi, wireless, wireless controller, wireless LAN, wlan, WLC

Missed the first two parts of our guest series with Andrew vonNagy, Technical Architect of a Fortune 50 Retail organization and CCIE Wireless #28298? Read Part 1 and Part 2 to get the full picture.

Trend 4: Expanding Branch Office Services
In order to remain competitive, retail organizations must deliver better customer service in their physical stores. This is accomplished by migrating away from traditional lean-branch operational models focused on cost reduction to a more sophisticated service-rich operational model within the store. Deploying integrated and context-aware services into the store for both sales associate and customer use will translate into a better shopping experience, return visits, and brand loyalty.

New services such as robust wireless telephony solutions can enable better availability and improve responsiveness of sales associates for customer assistance by tying service desks to every associate in real-time, as well as provide push-to-talk integration for integrated in-store communications. Digital video services over wireless enable increased security by providing real-time video feeds to in-store security personnel, and can enable videoconferencing for merchandise planning and collaboration with headquarters staff. Location based services allow retailers to provide relevant services to customers, such as targeted promotions that appeal to today’s cost-conscious consumer or in-store navigation (wayfinding) to improve the customer shopping experience. Location services will also require the Wi-Fi network to be deeply integrated with back-end marketing systems, making it more integral to core retail business operation.

Read More »

Earlier this week, we kicked off  special customer guest blog series with Andrew vonNagy, author of the blog Revolution Wi-Fi, and active on Twitter @revolutionwifi. Join us today as Andrew explores the next two major retail trends changing the Wi-Fi industry, and catch up with the first part if you missed it.

Trend 2: Empowering Sales Associates
Given the increasingly connected and smart shopper, consumers now have more product information than in-store sales associates in many cases. Yet sales staff are key to providing a great consumer experience in-store. Retailers need to empower sales associates with the depth of product information that consumers have, and to provide additional tools that facilitate existing and new services offered by the retailer.

Historically, only a fraction of retail sales associates have been provided with mobile devices, and those devices have enabled only a limited set of capabilities such as stocking, inventory management and product availability. One reason for this is the high cost of ruggedized mobile devices for use in retail. A typical high-speed scanner PDA can cost well over $1,200 each. In order to provide every sales associate with more information to help consumers, retailers are adopting lower-cost, feature-rich, smart mobile devices that provide more robust capabilities than specialized scanners. Mobile platforms built by Apple, Android, and third-party manufacturers are enabling this shift, along with a retail IT focus on enabling business processes in a more flexible, consistent, and re-usable fashion.

Read More »

Tags: 802.11n, digital signage, iPad, iphone, mobile devices, mobile pos, retail, sales, smartphone, tablet, wi-fi, wifi, wireless, wireless LAN