HOLDING ON TO YOUR BANDWIDTH USING APPLICATION CONTROL TO PRIORITIZE YOUR ORGANIZATION'S WIRELESS USAGE Perry Correll, Xirrus, Principal Technologist 1
WI-FI USAGE HAS EVOLVED 2
WI-FI - NO, IT S NOT ALL THE SAME! 3
NOW IT HAS TO BE EVERYWHERE? 4
DENSITY MAKES IT EVEN WORSE 5
APPLICATION USAGE HAS EXPLODED 6
MOST NETWORKS ARE NOT PREPARED! Instagram video becomes #1 traffic on Internet on day 1 of release Netflix And YouTube Account For 50% Of All North American Fixed Network Data Real-Time Entertainment responsible for over 67% of peak downstream traffic Traffic from mobile devices will exceed that from wired devices by 2016 7
THE PROBLEM: EXPLODING TRAFFIC LOADS Wireless will inevitably congest it is shared! Office: Users running Salesforce, someone starts downloading 200MB file School: 30 laptops fire up to start class, plus iphones running ios updates Hotel: 8PM at night, guests running Facetime, email, streaming videos Convention: 1000 s of users with tablets, smartphones, laptops, Airport: Large airplane disembarks and 100 s start syncing their emails Some apps must be prioritized over wireless to work acceptably Business/mission-critical applications such as CRM, ERP, collaboration, etc. Bandwidth/latency sensitive applications such as video and voice Some apps must be de-prioritized to limit impact on others File sharing BitTorrent, Apple Update, Dropbox, Social media Facebook, Pinterest, Friendster, 8
ARE YOU READY? 80% of newly installed WLANs will be obsolete or re-engineered in the next 3-5 years due to lack of proper planning Tim Zimmerman 9
BYOD MAKES THE PROBLEM WAY WORSE UNKNOWN WHAT DEVICE? HOW MANY DEVICES? WHAT APPLICATIONS? FREQUENCY OF USE? 10
THE SITUATION IT is no longer in control - Proliferation of user-owned devices and applications on the network Wireless becoming the primary network - Needs to perform like the wired network it is replacing Wireless usage is exploding - Pervasive and invasive traffic from backups, upgrades, cloud-based apps, social networking, etc. BYOD and cloudbased services are driving significant changes in IT Resulting in Unpredictable user experience based on unpredictable wireless network usage Increased security risk from unknown apps, unknown files, and P2P sharing Comprehensive application awareness to gain control of unpredictable wireless usage Ability to control usage at the network edge where it is needed most Requiring 11
THE SOLUTION APP CONTROL BENEFITS Predictable performance for your critical applications Reduce your help desk tickets 12
APPLICATION CONTROL IN ACTION Corporate Approved App Plugins Application Control Packet Logic Policy Engine Surgical pattern matching Conversation semantics Deep protocol dissection Heuristic behavioral analysis Future flow awareness Flow association Statistical packet inspection Outlook Xirrus Wireless Array BYOD Traffic Shaped Email RADIUS AD/LDAP Guest Blocked Blocked Applica>ons Internet XMS Console 13
APPLICATION VISIBILITY EXAMPLE 14
APPLICATION CONTROL - KEY BENEFITS Performance Improved user experience Improved visibility Superior scalability Reduced network costs Security Reduced application risk Reduced liability risk Superior resiliency Prioritize critical over best effort applications at the network edge for optimal performance throughout the network Identify bandwidth-hogging apps and analyze usage trends over time Distributed intelligence for limitless growth DPI compute power added by Array, not in a stair step fashion with centralized appliance Control Internet WAN uplink network traffic by dropping or throttling at the network edge Block risky or out-of-policy applications from accessing the network Block P2P applications (e.g. Bittorrent, MPAA) which introduce liability concerns Distributed functionality in each Array means no single point of failure for applying application control policies 15
USE CASE EXAMPLES #1 Higher Education Control app usage by location, e.g. disallow Bittorrent in classroom but allow in dorms Differentiate and prioritize critical, educational, and recreational application usage Network planning and analytics for upgrades and expansions Management of Internet uplink usage Primary/Secondary Education Block inappropriate/non-approved applications during school hours Prioritize learning applications, e.g. Blackboard or OpenClass, over web traffic Provide level of protection for students with visibility into what they are doing in the network Network planning and analytics for upgrades and expansions Management of Internet uplink usage Event Venues Traffic shaping of bandwidth hogging applications to manage costs of Internet uplink pipe Segregating event business, facility, and attendee traffic Profiling of attendee application usage for marketing reasons Monitoring individuals for over usage or malicious activities 16
USE CASE EXAMPLES #2 Healthcare Prioritize mission critical applications, e.g. Epic or Vocera over BYOD/ guest traffic Profile wireless network usage of key applications to ensure adequate resources are available Block unwanted traffic at the network edge without traversing the core Track over usage or malicious activities General Enterprise Prioritize key business apps, e.g. SAP, Oracle and Salesforce over Hulu and icloud Monitor appropriate usage of corporate network resources Monitor cloud-based applications to ensure adequate access is available Restrict app usage by time of day, e.g. no Facebook during business hours Block certain applications on BYOD devices entirely, e.g. streaming applications 17
APPLICATION CONTROL CASE STUDY Scot Hollingsworth Technical Supervisor Rankin County, Mississippi School District. When we first enabled Applica>on Control, it was a revelatory experience for us to see what was actually running on our wireless network. With Applica,on Control at the edge of the network, we have been able to improve student a=en,on to coursework by limi,ng access to social media games and applica,ons during school hours. Further, we have been able to preserve network bandwidth for blackboard- type e- learning streaming video applica,ons by blocking non- relevant internet- sourced streaming videos, such as sports broadcasts. The granular ability to do this at the edge of the network not at the gateway or the firewall has proven to be invaluable to our wireless deployment." 18
SOLUTION DIFFERENTIATION Edge vs Core Solutions Distributed platform not restricted by the scalability limitations of a centralized system No potential single point of failure or choke point created by centralized appliance Policies enforced at the edge where they are needed, not in the core where it is too late 19
COMMON OBJECTIONS TO APP CONTROL I don t have any need to prioritize applications on my network. Application Control is needed on ALL wireless networks the rest of the industry is saying this as well. Prioritization will help your wireless network run better period. And if you have yet to allow BYOD, the 3-4X traffic increase will certainly show the need for it. I run Content Filtering (e.g. Websense) so why do I need App Control? These products filter traffic over the WAN but do not prevent congestion in the LAN. Heavy P2P can run on the internal network, such as gaming, itunes sharing, file sharing apps, etc. between users. The best place to control applications is at the access layer. I do not want or need block traffic on my network we allow all traffic. Right, most customers don t. But the most important use of App Control is traffic shaping to ensure high priority applications perform acceptably, even when the network is under heavy load. App Control ensures the network responds predictably under all conditions. App Control sounds complex. How do I know what settings to use? App Control includes visibility and control capabilities. Visibility indicates application mix to help identify potential issues. Control enables policies such as rate limiting, QoS, and blocking by app types. These policies can easily be created from 1 location. 20
LIVE DEMO 21
XIRRUS AT A GLANCE Xirrus provides Wi-Fi networking gear to the Fortune 500,000 First AP Netwave (1994) Recognized for Product Innovation, we are deployed in over 4000 networks and serve the most demanding customers worldwide. 22
XIRRUS APPLICATION CONTROL Distributed application control DPI engine operating directly on each Xirrus Wireless Array at the network edge Network processor-based platform provides sufficient compute power for high performance Comprehensive application visibility Applications classified at Layer 7 and tracked per client, VLAN, and Array 1300+ of the most used business and recreational applications in 15 categories: Collaboration, Games, Remote Access, VPN, Database, Mail, Networking, Monitoring, Social, Web, File Transfer, Messaging, Proxy, Streaming, Xirrus Granular policy management Application context added to user, device, and OS policy engine attributes Ability to Block, Permit, Prioritize, Throttle, Time of day Access, Apply policies associated to a specific application or category per client: Firewall policies to control application usage QoS policies for wireless (WMM) and wired (DSCP) traffic Rate limiting policies for throttling applications Routing of application traffic to designated VLANs and/or physical ports 23
WIRELESS ACCESS PORTFOLIO XR-500 XR-600 XR-2000 XR-4000 XR-6000 AP AP Modular Array Modular Array Modular Array AP AP 11n 2x2 11n 2x2/3x3, 11ac 2x2/3x3 11n 2x2 / 3x3, 11ac upgradable 11n 2x2 / 3x3, 11ac upgradable 11n 2x2 / 3x3, 11ac upgradable 11n 2x2 External Antennas 11n 2x2 External Antennas 2 Radios 2 Radios 2 or 4 Radios 4 or 8 Radios 8 or 16 Radios 2 Radios 4 Radios Common Feature Set Integrated Controller Application Control Zero Touch Provisioning On-Premise or Cloud Management 24
THANK YOU INFO@XIRRUS.COM Perry Correll, Xirrus, Principal Technologist 25