solution guide DLNA, AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS

Similar documents
Solving the Sticky Client Problem in Wireless LANs SOLVING THE STICKY CLIENT PROBLEM IN WIRELESS LANS. Aruba Networks AP-135 and Cisco AP3602i

ARUBA NETWORKS DESIGNS AND DELIVERS MOBILITY-DEFINED NETWORKS THAT EMPOWER A NEW GENERATION OF TECH-SAVVY USERS

Aruba-Certified Design Expert (ACDX) Study Guide

QUALITY OF SERVICE FOR CLOUD-BASED MOBILE APPS: Aruba Networks AP-135 and Cisco AP3602i

Mobilize to Rightsize Your Network

Design and Implementation Guide. Apple iphone Compatibility

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

ClearPass: Understanding BYOD and today s evolving network access security requirements

Amigopod URL Persistence Tech Note

WHITE PAPER COMBATANT COMMAND (COCOM) NEXT-GENERATION SECURITY ARCHITECTURE USING NSA SUITE B

The Extreme Networks Solution for Apple Bonjour Traffic Management A SOLUTION WHITE PAPER

A Closer Look at Wireless Intrusion Detection: How to Benefit from a Hybrid Deployment Model

ARUBA RAP-3 REMOTE ACCESS POINT

THE CLEARPASS ACCESS MANAGEMENT SYSTEM

Help Desk Guide. Enterprise Troubleshooting WLAN Issues with AirWave Wireless Management Suite

THE ARUBA ADAPTIVE TRUST DEFENSE FOR SECURE ENTERPRISE MOBILITY

The ArubaOS Spectrum Analyzer Module

The Aruba MOVE Architecture: Integrating Access Management, Network Infrastructure and Mobility Applications

Aruba Remote Access Point (RAP) Networks. Version 8

Palo Alto Networks User-ID Services. Unified Visitor Management

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

tech note Palo Alto Networks Next- Generation Firewall and

White paper. Tunneled Internet Gateway

Classified Networking

Integrating Wired IDS with Wi-Fi Using Open-Source IDS to Complement a Wireless IDS/IPS Deployment

ipad Deployment Guide

How To Make Your Phone A Mobile Device Safe And Secure

Aruba Mobility Access Switch and Arista 7050S INTEROPERABILITY TEST RESULTS:

Meru Education-grade Solutions for Uninterrupted Learning SOLUTION BRIEF HIGHER EDUCATION

WI-FI PERFORMANCE BENCHMARK TESTING: Aruba Networks AP-225 and Cisco Aironet 3702i

ios Education Deployment Overview

Bring Your Own Design: Implemen4ng BYOD Without Going Broke or Crazy. Eric Stresen- Reuter Technical Director Ruckus Wireless

Using AirWave RAPIDS Rogue Detection to Implement Your Wireless Security and PCI Compliance Strategy

Wireless LAN Apple Bonjour Deployment Guide

White Paper. Improve Air Quality by Minimizing SSIDs: Using Role-Based Access to Increase Wi-Fi Application Performance

SDN for Wi-Fi OpenFlow-enabling the wireless LAN can bring new levels of agility

Meru MobileFLEX Architecture

Meru MobileFLEX Architecture

CLEARPASS EXCHANGE: SHARE RICH, CONTEXTUAL DATA TO BUILD A COORDINATED AND ADAPTIVE MOBILITY DEFENSE

ALCATEL-LUCENT ENTERPRISE CONVERGED NETWORK SOLUTION Deliver a consistent and quality user experience, streamline operations and reduce costs

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER

Driving Operational Efficiency: A Guide to Using AirWave Wireless Management Suite for Service Desk Troubleshooting

The most advanced policy management platform available

How To Use An Ipad Wireless Network (Wi Fi) With An Ipa (Wired) And An Ipat (Wired Wireless) Network (Wired Wired) At The Same Time

ARUBA CLEARPASS POLICY MANAGER

NETGEAR genie Apps. User Manual. 350 East Plumeria Drive San Jose, CA USA. August v1.0

Nighthawk AC1900 Smart WiFi Router Dual Band Gigabit

ARUBA INSTANT Combining enterprise-class Wi-Fi with unmatched affordability and configuration simplicity

Aruba Delivers the Optimal Wireless LAN Infrastructure for High-Quality Enterprise Voice Services

Eliminating the cost and complexity of hardware controllers with cloud-based centralized management

WHITE PAPER. Deploying Mobile Unified Communications for Avaya

Meraki Wireless Solution Comparison

Enterprise A Closer Look at Wireless Intrusion Detection:

Bring Your Own ipad to Work

Conquering today s bring-your-own-device challenges

ios Enterprise Deployment Overview

Using Wireless Mesh Networks for Video Surveillance Version: 1. Using Wireless Mesh Networks for Video Surveillance

Best practices for WiFi in K-12 schools

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Microsoft Windows Server System White Paper

The Whys and Hows of Deploying Large-Scale Campus-wide Wi-Fi Networks

White paper. A Guide to Implementing the

Guest Access with ArubaOS. Version 1.0

Aerohive Networks Inc. Free Bonjour Gateway FAQ

Enabling Apple AirPrint with Your Xerox Device Built on ConnectKey Technology. A White Paper

Apple Airport Extreme Base Station V4.0.8 Firmware: Version 5.4

PrinterOn: True Enterprise-Grade Mobile Printing Services

Conquering Today s Bring Your Own Device Challenges. A framework for successful BYOD initiatives

Addressing BYOD Challenges with ForeScout and Motorola Solutions

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

Virtuelle WLAN Controller Alcatel Lucent Wireless LAN Instant AP

On-boarding and Provisioning with Cisco Identity Services Engine

FlexMaster First Global Wi-Fi Managed Service

Aruba HybridControl Architecture for Service Providers. The advanced Wi-Fi infrastructure for managed services and cellular data offload

LabQuest 2 Networking

Boosting Business Mobility and Responsiveness with the Cisco Unified Wireless Network

Cisco TrustSec How-To Guide: Planning and Predeployment Checklists

genie app and genie mobile app

Cisco Virtual Office Express

MOBILE ENGAGEMENT SOLUTION OVERVIEW MOBILE ENGAGEMENT ACROSS ENTERPRISE WI-FI NETWORKS THE COMPLETE MOBILE ENGAGEMENT SOLUTION

WLAN solutions to manage 1:1 and BYOD in K-12

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Cisco Outdoor Wireless Network Serves Up Automatic Meter Reading

Course Syllabus. Fundamentals of Windows Server 2008 Network and Applications Infrastructure. Key Data. Audience. Prerequisites. At Course Completion

Transcription:

DLNA, AIRPLAY AND AIRPRINT ON CAMPUS NETWORKS

Table of Contents Warning and Disclaimer Introduction What is Zero Configuration Networking (zeroconf)? What is DLNA? Making DLNA and Bonjour work over WLANs How does Aruba AirGroup work? Discovering services with Aruba Mobility Access Switches Example: WLANs in higher education Deploying Aruba AirGroup Why Aruba AirGroup? About Aruba Networks, Inc. 3 3 3 4 4 4 5 6 7 7 8

Warning and Disclaimer This guide is designed to provide information about wireless networking, which includes Aruba Network products, While Aruba uses commercially reasonable efforts to ensure the accuracy of the specifications contained in this document, this Guide and information in it is provide on an as is basis. Aruba assumes no liability or responsibility for any errors or omissions. ARUBA DISCLAIMS ANY AND ALL OTHER REPRESENTATIONS AND WARRANTIES, WEATHER EXPRESS, IMPLIED, OR STATUTORY, INCLUDING WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, TITLE, NONINFRINGEMENT, ACCURACY AND QUET ENJOYMENT. IN NO EVENT SHALL THE AGGREGATE LIABILITY OF ARUBA EXCEED THE AMOUNTS ACUTALLY PAID TO ARUBA UNDER ANY APPLICABLE WRITTEN AGREEMENT OR FOR ARUBA PRODUCTS OR SERVICES PURSHASED DIRECTLY FROM ARUBA, WHICHEVER IS LESS. Aruba Networks reserves the right to change, modify, transfer, or otherwise revise this publication and the product specifications without notice. Introduction DLNA, Apple AirPlay, AirPrint and other zero-configuration (zeroconf) services based on the Bonjour protocol are essential services in campus Wi-Fi networks. DLNA and Bonjour rely on Layer 2 protocols that use multicast messages. In order to enable Bonjour and DLNA services on campus networks, IT departments must perform customization to enjoy the following capabilities: Forward DLNA and Bonjour across subnets and VLANs, especially as devices like Apple TVs and printers are often on a different subnet than user devices like laptops. Limit DLNA and Bonjour traffic over the wireless LAN (WLAN) to prevent performance issues. Multicast traffic by default goes out on all Wi-Fi access points (APs) and often at the lowest rates, taking up valuable airtime. Limit DLNA and Bonjour traffic by VLAN and service-type for security reasons. Network engineers often configure certain VLANs for administrative access and prefer to block user traffic like Bonjour on these VLANs. Similarly, DLNA Bonjour can be used for a variety of applications beyond screen-sharing and printing, some of which may need to be blocked per the organization s security policy. Limit DLNA and Bonjour traffic by ownership and location to ensure a better user experience. Campus networks can have hundreds, if not thousands of shared devices. It is likely that not all these devices are for every individual. Additionally, seeing a list of all printers and projectors and shared media appliances in a campus is confusing to an individual who is looking for an Apple TV in the classroom or a printer in the closest library. The ability to restrict DLNA and Bonjour traffic by ownership, personal or shared; and location of device addresses this very common issue. AirGroup from Aruba Networks is an integrated capability in Aruba WLANs that enables DLNA and Bonjour services like scree-sharing, media-streaming and printing on campus networks. The name AirGroup refers to a number of individual networking features that extend DLNA and Bonjour across subnets, as well as limit unnecessary DLNA and Bonjour traffic to improve Wi-Fi performance. AirGroup also improves the end-user experience by leveraging device location and ownership information to limit the printers, projectors, Google Chromecasts and Apple TVs each individual can see on their device. Capabilities within AirGroup are available through software updates on Aruba WLANs that are managed by Mobility Controllers and controllerless Aruba Instant APs. Location and ownership-based access control requires the Aruba ClearPass Access Management System. What is Zero Configuration Networking (zeroconf)? Zeroconf is a set of protocols that enable service discovery, address assignment and name resolution for desktop computers, mobile devices and network services. It is designed for flat, single-subnet IP networks such as wireless networking at home. Bonjour, Apple s trade name for its zeroconf implementation, is the most common example. It is supported by most of the Apple product line including the Mac OS X operating system, iphone, ipod Touch, ipad, Apple TV and AirPort Express. Bonjour can be installed on computers running Microsoft Windows and is supported by most new network-capable printers. Bonjour is also included within popular software programs such as Apple itunes, Safari and iphoto. 3

Bonjour uses multicast DNS (mdns) to locate devices and the services that those devices offer. Since the addresses used by the protocol are link-local multicast addresses, each query or advertisement can only be forwarded on its respective VLAN, but not across different VLANs. Bonjour can be extended across subnets by using custom router configurations that forward mdns traffic between VLANs. Another approach uses a dedicated Bonjour gateway like an Aruba Mobility Controller with AirGroup features. Aruba WLANs with ArubaOS have native mdns proxy capabilities so that no external gateway or custom router configuration is required. What is DLNA? DLNA is a trade organization that establishes interoperability guidelines for multimedia devices. It certifies communication between devices, allowing them to find and recognize each other, and share digital content. As of February 2013, there are over 18,000 device models that are DLNA-certified. DLNA leverages Universal Plug-and-Play (UPnP) to allow devices to discover each other on the network and then communicate and share media. UPnP relies on standardsbased networking technologies for addressing, discovery, and control. It uses the Simple Services Discovery Protocol (SSDP) to discover services on a Layer 2 network, just as Bonjour uses mdns for the same. Making DLNA and Bonjour work over WLANs In large universities and enterprise networks, it is common for DLNA- and Bonjour-capable devices to connect to the network across VLANs. As a result, user devices such as an Samsung tablet on VLAN 30 will not be able to discover the LCD television that resides on another VLAN. When a router is enabled to propagate all the mdns traffic between VLANs across wired and wireless networks, the network is flooded with mdns traffic that consumes valuable wireless airtime. Network administrators are faced with a difficult choice between propagating mdns traffic across VLANs and risking a significant reduction in wireless performance or blocking mdns traffic to prevent connectivity for DLNA- and Bonjour-capable devices and services. As mentioned before, Aruba AirGroup adds mdns proxy capabilities to campus WLANs so that DLNA and Bonjour messages can be forwarded across subnets or VLANs. To prevent excessive multicast traffic over the WLAN, AirGroup includes multicast optimization algorithms that forward Bonjour messages to targeted user devices, instead of all devices on all APs. IT can additionally specify which DNLA and Bonjour services are not allowed on specific VLANs and what services are allowed on others. AirGroup also enables location, time-of-day and ownership based access control of DLNA and Bonjour traffic. With Aruba ClearPass, users and IT can self-register personal and shared devices, respectively. Using registration information, Aruba ClearPass automatically creates an AirGroup that associates individuals to their personal devices and user groups to their shared devices. These ownership and location associations are then available to Aruba WLANs and Aruba Mobility Controllers acting as DLNA and Bonjour gateways to make forwarding and blocking decisions. As a result, IT departments can deliver a personal network experience where only the teacher in a classroom can have access to the classroom LCD television and a person on the second floor of a building can only see the printer on the same floor. How does Aruba AirGroup work? AirGroup integrated in a Mobility Controller. Full AirGroup capabilities are available as a feature of Aruba Wi-Fi solution where Wi-Fi data is centralized with a Mobility Controller. Aruba ClearPass adds ownership, time-of-day, and locationbased traffic control. This option is ideal for campus networks. AirGroup integrated in Aruba Instant. Like the integrated Mobility Controller option, full AirGroup capabilities are available as a feature in Aruba WLANs where Wi-Fi data is distributed among Aruba Instant APs. Aruba ClearPass adds ownership, time-of-day, and location based traffic control. This option is ideal for K-12 networks and does not require a Mobility Controller. 4

AirGroup Domains. AirGroup domains allow two devices, such as an ipad and an Apple TV, to discover each other, even when they terminate on different Mobility Controllers or Instant AP clusters. Mobility Controllers can be configured as members of an AirGroup domain so that information about Apple TVs and Chromecasts can be shared between Mobility Controllers. Similarly, two or more Aruba Instant clusters can be configured as members of an AirGroup domain so users on one Instant cluster can discover services on another Instant cluster. Once it is set up, AirGroup in an Aruba WLAN with Aruba ClearPass works as follows: 1. An end user is authorized by the network administrator to register a service such as AirPlay to Apple TV or DLNA to Google Chromecast using the Aruba ClearPass device registration interface. The end user logs into ClearPass using corporate network credentials and gets access to a web registration portal. After registration, this restricts the use of this service to mobile devices logged onto the network under that user s identity. Discovering services with Aruba Mobility Access Switches If a shared wired service, such as a printer, is connected to an Aruba S1500, S2500, or S3500 Mobility Access Switch, a centralized Aruba Mobility Controller automatically correlates the APs connected to that switch with shared mdns services. In this case, there is no need to make the service VLANs visible to the Mobility Controller in Layer 2. When a Mobility Access Switch is managed by an Aruba Mobility Controller, it collects discovery information for all downstream devices. This allows a Mobility Controller to discover devices on VLANs that appear at the switch but not at the Mobility Controller. Furthermore, Aruba Mobility Controllers can estimate the physical location of mobile devices associated with an AP under its control. The Mobility Access Switch also offers estimated locations of wired devices directly connected to it. This eliminates the need for an administrator to place the wired device delivering the services, such as an Apple TV, on a floor plan. When a Mobility Access Switch is deployed standalone and not managed by an Aruba Mobility Controller, it will then perform the Aruba Group service discovery tasks. 2. Aruba Mobility Controllers and Aruba Instant continuously maintain state information for all mdns services by running service discovery in Layer 2. Aruba Mobility Controllers and Aruba Instant query Aruba ClearPass to map access privileges of a particular mobile device to available services. 3. Aruba Mobility Controllers and Aruba Instant respond back to the query listing made by a mobile device based on contextual data user role, device type and location. 5

Example: WLANs in higher education The example below shows a higher education environment with shared, local and personal services that are available to mobile devices. With Aruba AirGroup, context-based policies determine which services are visible to end user mobile devices. AirWave ClearPass Policy Manager Mobility Controller Core, distribution, & access layers VLAN 400 VLAN 500 tv Campus-PSK VLAN: 100-104 Campus-802.1x VLAN: 200-204 Guest VLAN: 999 Guest VLAN: 999 Campus-802.1x VLAN: 200-204 Campus-PSK VLAN: 100-104 tv User X Role: Faculty Guest User X Role: Faculty User A Role: Student User B Role: Student User Y Role: Faculty Figure 1 6

Sample policies for Aruba AirGroup in a higher education environment Faculty Student Visitor mdns services User X s ipad User B s MacBook Windows laptop Apple TV in the lab, registered to user role Faculty 3 7 7 Apple TV in the dorm room, registered to User B 7 3 7 Apple TV in a lecture hall accessible to faculty 3 7 7 Printer located in a lab accessible to faculty and students 3 3 7 Deploying Aruba AirGroup Aruba AirGroup can be deployed with Aruba ClearPass (recommended for large WLANs) or optionally without ClearPass in smaller networks. The network administrator and end user experience in each case is outlined below. 1. Small network deployment A. < five user VLANs B. Dozens of mdns-capable devices C. Hundreds of DLNA- and Bonjour-capable clients D. Aruba Mobility Controller Network administrator experience Deploy ArubaOS with Aruba AirGroup feature. Administrator defines network access policies and user roles. End-user experience User connects to the WLAN. User is automatically assigned a role based on authentication credentials. DLNA- and Bonjour-capable devices and services allowed for that role are accessible by the user. 2. Large university or enterprise network A. Dozens of user VLANs B. Hundreds of mdns-capable devices C. Thousands of DLNA- and Bonjour-capable clients D. Aruba Mobility Controller E. Aruba ClearPass Policy Manager F. Aruba S1500, S2500, or S3500 Mobility Access Switch (optional) Network administrator experience Deploy ArubaOS with Aruba AirGroup feature. Administrator defines network access policies and user roles. Administrator can use the ClearPass registration page to identify shared services and map them to physical locations based on the AP name or AP group name. End-user experience User connects to the WLAN using a mobile device. User is automatically assigned an administratordefined role based on authentication credentials. Users, such as students in dorm rooms, are asked to register personal devices like Apple TVs and gaming consoles. Why Aruba AirGroup? Aruba WLANs with AirGroup technology enable contextaware access to DLNA, Apple Bonjour and other shared devices without constraining WLAN performance. Only AirGroup delivers: 1. Context-aware access control using Aruba Mobility Controllers. A user s role in an organization (e.g. marketing), the user s devices (e.g. Samsung Galaxy tablet), time-of-day (e.g. 5:30 p.m. on Tuesday) and the user s location (e.g. conference room) are taken into account before shared services are made available. 2. Self-registration of services using the Aruba ClearPass Policy Manager. Users and IT administrators can register devices that support media-sharing while policies define user- and location-based access privileges. 3. Zero-touch installation of services. AirGroup requires no wired or wireless network configuration changes. No additional SSIDs, VLANs, IP subnets, IP routing and configuration MAC filters are required. 7

About Aruba Networks, Inc. Aruba Networks is a leading provider of next-generation network access solutions for the mobile enterprise. The company designs and delivers Mobility-Defined Networks that empower IT departments and #GenMobile, a new generation of techsavvy users who rely on their mobile devices for every aspect of work and personal communication. To create a mobility experience that #GenMobile and IT can rely upon, Aruba Mobility-Defined Networks automate infrastructure-wide performance optimization and trigger security actions that used to require manual IT intervention. The results are dramatically improved productivity and lower operational costs. Listed on the NASDAQ and Russell 2000 Index, Aruba is based in Sunnyvale, California, and has operations throughout the Americas, Europe, Middle East, Africa and Asia Pacific regions. To learn more, visit Aruba at www.arubanetworks.com. For real-time news updates follow Aruba on Twitter and Facebook, and for the latest technical discussions on mobility and Aruba products visit Airheads Social at http://community.arubanetworks.com. 1344 Crossman Ave Sunnyvale, CA 94089 1.866.55.ARUBA T: 1.408.227.4500 FAX: 1.408.227.4550 info@arubanetworks.com www.arubanetworks.com 2014 Aruba Networks, Inc. Aruba Networks, Aruba The Mobile Edge Company (stylized), Aruba Mobilty Management System, People Move. Networks Must Follow., Mobile Edge Architecture, RFProtect, Green Island, ETIPS, ClientMatch, Bluescanner and The All Wireless Workspace Is Open For Business are all Marks of Aruba Networks, Inc. in the United States and certain other countries. The preceding list may not necessarily be complete and the absence of any mark from this list does not mean that it is not an Aruba Networks, Inc. mark. All rights reserved. Aruba Networks, Inc. reserves the right to change, modify, transfer, or otherwise revise this publication and the product specifications without notice. While Aruba Networks, Inc. uses commercially reasonable efforts to ensure the accuracy of the specifications contained in this document, Aruba Networks, Inc. will assume no responsibility for any errors or omissions. SG_AirGroup_041414 8

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information