Aruba Networks News

Subscribe to Aruba Networks News feed
Technology Blog articles
Updated: 15 hours 1 min ago

Five Ways Location Services Will Reshape the Workplace This Year

Wed, 02/21/2018 - 10:00

There’s no doubt that in today’s mobile-first world, great Wi-Fi is an expectation of every employee, customer and partner who walks through your door. Innovative organizations are going beyond great connectivity and leveraging another capability inherent in enterprise-grade wireless networks – and that is location services. Employees are comfortable using location-based apps outside the office to find a good restaurant near them, hail a shared ride, or track down their keys. At Aruba, we’re seeing rapid growth of organizations using location for mobile engagement and asset tracking to bring the next level of productivity and innovation into their workplaces.


Here are five trends that we see for how mobile engagement and asset tracking will transform the workplace this year:


  1. Employee-only mobile apps. We’re seeing more companies creating internal mobile apps. With these apps, businesses are enabling their employees to access information while they are on the go. To start, these mobile apps put the corporate intranet in the palm of every employee’s hand. The next step is to use apps to take the frustration out of common tasks like finding and booking conference rooms. Turn-by-turn directions get employees to the meeting on time. Location sharing enables other employees to find them easily while on campus.
  1. A more efficient use of workspaces. People want to choose where and how they work. With a number of people out of the office on travel or in conference rooms for meetings, many employees don’t need a dedicated workspace anymore. We are seeing organizations shifting to hot desking, where the employee reserves a desk for a day or even a few hours. Often times the reservation is done with a mobile app – sometimes just by placing the mobile device on the desired desk! Based on where people are, building lighting and temperature can be automatically adjusted based on occupancy. In addition, location services are making it easier for people to find their way around a sprawling campus or can help find someone at their desk of the day.
  1. High-value asset tracking. In healthcare, we are seeing demand from hospitals that want to track assets like heart rate monitors and infusion pumps using low cost tags and a mobile app. We are also seeing strong growth of asset tracking in other sectors, too, but healthcare definitely has a larger variety of assets to track. With Bluetooth Low Energy (BLE) based tags, high-value assets can be easily tracked to ensure they’re available when and where they’re needed. Better tracking can improve employee productivity, and more timely service can improve patient satisfaction scores such as the Hospital Consumer Assessment of Healthcare Providers and Systems (HCAHPS).
  1. Location-based analytics for real estate optimization. With real estate cost being second only to employee salaries, companies everywhere are looking to better utilize the real estate they have. In a digital workplace, these decisions can be data-driven. Data from conference room booking systems, hot-desk usage, Wi-Fi usage and mobile app analytics can be used to get the most of this expensive resource. And with clear, reliable data for how and where people work, meet and eat, businesses can make sure that their workplaces fit their needs.
  1. Real-time emergency notifications. Many organizations have emergency notification systems to keep their employees informed if there’s a natural disaster like a fire or a hurricane or if there’s an active shooter on campus. Increasingly, businesses, education institutions and government agencies are adding real-time mobile app indoor location capabilities to their emergency notification procedures. Alerts can be sent to employee mobile devices and customized based on people’s locations, which makes them more useful and powerful.

While this list is not everything that we’re seeing, it’s what customers are talking about most. Expect to hear more from us about how Aruba can help in these five areas.


Learn more about Aruba’s location services.


Like this blog? Share it on social media or give it a thumbs-up using the buttons below.

The Adaptive Campus: 2018’s Top 10 Issues Examined

Tue, 02/20/2018 - 10:00

I was not surprised to see that improved student outcomes was one of the overarching themes of the EDUCAUSE 2018 Top 10 Issues, solidifying the importance of digital technology in remaking higher education. It makes sense, given that the primary mission of a higher education institution is to produce graduates. As I think back to conversations I have had over the past year with IT professionals, it should also not come as a surprise that improved decision making and institutional adaptiveness were the other two themes identified by EDUCAUSE. More now than anytime during the past 10 years, IT is being brought to the collaborative table to solve not only connectivity demands, but to help design and deliver system, tools, and information that promotes institutional and student success, and doing so in a way that isn’t guesswork, but driven by data and insights.  


What I do find hard to wrap my head around, however, is what it must feel like sitting in the CIO chair, tackling all of these issues. I am fairly confident that they must feel IT adaptiveness, the fourth overarching theme, is connected to almost all of their IT issues – that they must be agile in their response to new network demands, new instructional tools, new IoT enabled environments, new security concerns, new campus wide initiatives, new construction, new research initiatives, and so on.


My View on IT Adaptiveness

Although the official EDUCAUSE Top 10 list connects IT adaptiveness to only two issues, I’ll make a small stretch and say it goes further than that. Here is how I see this theme connected to the top 5 issues.


#1 Issue: Information Security

While utilizing student, faculty, and IoT devices can introduce benefits in enhanced instruction, efficiency, and cost-savings, they can introduce challenges for IT departments ensuring security. With the tens of thousands of devices on the network, and internal threats equally as important to detect as external threats, adopting smart and adaptive network systems that use real-time automation and machine learning for turning the network into a threat mitigation solution is more important than ever.


#2 Student Success and #5 Student-centered Institution

For the always-on connected student, it is difficult to be academically successful when connectivity challenges happen. Additionally, students expect personalized learning and living, oftentimes engaging using their phone. The expectation is that connectivity is a home-like experience – it just works. Being able to adapt the network and/or digital tools and applications quickly to meet the demands of students not only builds a student-centered institution, but also gives institutions a competitive advantage as a tech-savvy institution.


#3 Institution-wide IT Strategy and #4 Data-enabled Institutional Culture

Considering that a campus is like a city, it is no surprise that it might have distinct IT groups, each working towards their own goals. Over the past two years, there has been an increased effort to improve cross-department collaboration. With technology innovations moving toward the cloud and software, it is a prime time to look institution-wide to see where working better together makes sense. With an institution-wide IT strategy, data-driven decision making can be used as business intelligence to improve facilities, assist campus safety, reduce carbon footprint, save budget, and support student success initiatives.  



Automation is Key

Being agile and adaptable is not as hard as it used to be. Network optimization via automation is a key feature that CIOs should be looking to for help. For example, empowering IT with intelligent and simplified networking tools to gain information from the network, and understand how it is impacting user experience BEFORE there are complaints helps students be successful. Machine learning that provides insights for optimizing the network is also needed, especially with challenges related to staffing. I encourage you to look at the Aruba Higher Education page for solutions that are a great match for delivering an adaptable campus network.


Select-Service Hotels Don’t Need to Settle When It Comes to Wi-Fi

Mon, 02/19/2018 - 10:00

While most travelers don’t need a hotel with meeting space or a four-star restaurant and will happily pass on the concierge, they won’t compromise on affordable comfort and great Wi-Fi.  That sentiment is driving the popularity of select-service properties like Hilton Garden Inn, Courtyard by Marriot, and Hyatt Place.  By offering services and amenities in moderation, select-service hotels can keep operating costs down and guest satisfaction up.  That’s why select-service is such a fast-growing segment –in fact, 89% of total hotel projects under construction are in this category, according to STR US Hotel Pipeline.  


Comforts of Home and Essential Services

Guests increasingly want the comforts of home when they’re on the road – and that includes the Wi-Fi. They want great Wi-Fi from reception to the lounge and, of course, in their rooms so they can work, watch Netflix, and Skype with the kids.


Before they even book a reservation, tech-savvy travelers may check the reviews of a hotel’s Wi-Fi quality at sites like hotelwifitest.  And they’re not shy about feedback, either.  A quick search of “TripAdvisor crappy Wi-Fi” brings up 149,000 results where guests complained about bad Wi-Fi.  Whether they got it for free, paid three bucks or forked out $45, they’ll be sure to tell their friends if their experience was anything less than expected.


Additionally, hotels are exploring more ways to create a home-away-from-home experience. Mobile check-in eliminates the hassle of waiting in line at the reception desk. Guests can easily connect their mobile devices with seamless sign-on to the Wi-Fi.  And increasingly, guests are only asked to log into the Wi-Fi once across a brands’ properties.  Hoteliers are also making it easier for people to bring their own devices and stream content to the room’s big screen TV, rather than having to watch the hotel-provided channels or figure out how the remote control works. Digital is transforming the guest experience, and great Wi-Fi is the foundation of a frictionless guest experience.


Red Planet Hotels Runs on Aruba

Red Planet Hotels, a fast-growing regional hotel chain with properties in Indonesia, Japan, the Philippines and Thailand, is delivering on a promise of great service at an affordable price.  Red Planet might be a no-frills hotel, but guests still enjoy great Wi-Fi, power showers and custom-made mattresses.


“When it comes to technology, we take a pragmatic approach in that it needs to seamlessly fit into whatever experience we’re trying to deliver,” says Jai Govindani, CTO of Red Planet Hotels.  Red Planet chose Aruba for networking, not just because of great technology, but primarily because of great people. “The greatest tech in the world does no one any good if we can’t get it into our hotels,” he says. 


Watch the full video of Red Planet's Govindani.

Red Planet Hotels

Aruba Instant: Great Wi-Fi, Simplified

Red Planet is just one of many select-service hotels that has chosen Aruba. Aruba Instant is a fast, reliable and affordable wireless LAN solution.  As a controllerless Wi-Fi solution, Instant is easy to set-up and run, but it’s still loaded with enterprise-grade capabilities and security.  And to protect your investment, Aruba Instant access points come with a limited lifetime hardware warranty.


Quite simply, Aruba Instant is the easiest way to get enterprise-grade Wi-Fi up and running at a hotel.  Simply ship the APs to the property, plug them in, and they’ll automatically configure themselves using Zero-Touch Provisioning with Aruba AirWave.  There’s no need to first ship the APs and switches to a central location for configuration, and then ship them out to the sites, which saves considerable time and money.


Aruba Instant makes it easier to deliver a great guest Wi-Fi experience.  Instant automatically manages the RF to ensure that all mobile devices get the strongest Wi-Fi connection. Administrators can get detailed visibility into mobile apps so that business-critical data is prioritized, while malicious content is kept out.


Hoteliers and their solution providers can easily manage the network. An administrator can use an Instant access point or controller to manage a cluster of APs.  Or the IT staff can use Aruba AirWave to manage a multivendor wired and wireless network.  AirWave also lets administrators identify problems before there are disruptions to connectivity, app quality, or RF coverage that disrupt the user experience. With AirWave, it’s easy to understand if there are Wi-Fi issues at certain times or at certain locations, which ensures a better guest experience and cuts down on the number of service calls around network issues.   


Learn More about Aruba Networking for Hospitality


Watch the video: Jai Govindani, CTO of Red Planet Hotels, explains why he chose Aruba.


Dive into Aruba Instant.


Explore for Aruba AirWave for multivendor network management.


Discover Aruba’s hospitality solutions.


Did you like this blog? Share it on social media or give it a thumbs-up using the buttons below.


[Author bio]

Sanjay Garg is senior marketing manager of hospitality solutions at Aruba, a Hewlett Packard Enterprise company.

Mobilizing Masterpieces: Every Experience Transformed

Wed, 01/31/2018 - 11:45

As one of the 10 largest art museums in the U.S., the Museum of Fine Arts, Houston hosts nearly a million visitors annually to experience the richness of the world’s artistic creativity, from antiquities to the present, via more than 65,000 permanent works of art and countless thousands of pieces displayed during temporary exhibitions.


To do so in a modern, smartphone-enabled world we needed to go beyond seamless guest Wi-Fi connectivity. We envisioned fundamentally transforming our entire institution by deploying a high-performance wireless infrastructure with the flexibility and sophistication required for continuously evolving for years to come.


That’s how our journey to adopt a mobile first strategy in partnership with Aruba began.


Not your typical office environment


Unlike many enterprises undergoing similar shifts, museums face unique challenges for providing high-density mobile experiences due to the lack of uniform interior spaces, aesthetic constraints, ever-changing floor plans, multi-acre outdoor exhibit areas and remote locations.


In our case, we maintain two off-site properties, located in historic homes, as well as our existing two main campus buildings, which include areas designed by notable architects such as Ludwig Mies van der Rohe.


Within our existing facilities, we had previously deployed Wi-Fi primarily as a back-office system for inventory scanning. However, meeting our new goals required a complete refresh.


If that weren’t enough, we’re also dramatically redeveloping our century-old campus to construct a 164,000-square-foot building for 20th and 21st century art and a new, 85,000-square-foot home for our renowned Glassell School of Art.


When our multi-year redevelopment is fully completed in 2020, we’ll provide Wi-Fi everywhere on our main 14-acre campus and underground in two new garages totaling 190,000 square feet.


Cutting costs in half is just the start


To meet our experience and transformation goals we’re eliminating most wired ports, achieving savings of about $280,000, in favor of an Aruba high-density WLAN including AirWave and ClearPass.


But that’s hardly the most compelling aspect of our story.


Our initiative is most remarkable not for mobilizing our new facilities, where we have considerable engineering flexibility, but in our existing spaces – some of which date to the early 1900’s – where we do not.


To adapt our unique structures for Wi-Fi, our local integration partner Amsys conducted detailed site surveys. In fact, the site surveys were one of the reasons for selecting Aruba. Competing Wi-Fi vendors submitted proposals based on square footage, which was inadequate in our environment.


Next came the painstaking process of installing hardware and cabling within strict environmental and artistic constraints. For example, we needed an advanced vacuum system to prevent construction dust from contaminating our galleries and individual pieces.


We also elected to deploy while remaining open to the public. Functionally, this meant developing a comprehensive plan for systematically completing each space. Work was completed overnight, which involved removing or protecting pieces, conducting implementation tasks and restoring exhibits before we opened in the morning.


In addition to expert project management, we met weekly with affected departments. This ensured everyone knew their roles and helped them effectively execute their respective task. In turn, the departments determined how each piece would be handled and, for those pieces that remained physically in place, our installers took various precautions to ensure artwork safety.


Every experience transformed


Although Hurricane Harvey delayed our new indoor and outdoor construction by several months, high performance Wi-Fi in our existing spaces is already enabling collaborations and interactions that were impossible before.


Our 650 employees and approximately 1,000 volunteers now work throughout our facilities with the devices we provide, or on their own personal gear. The efficiency gains from no longer walking back and forth to a desk are considerable.


Further, as staff members spend more time in display spaces, they’re experiencing the passive benefits of observing or interacting with our visitors. Plus, the process of commissioning and decommissioning traveling exhibits is markedly improved by the capability to compute and communicate in place.


What’s more, we’ve now mobilized all point-of-sale purchases for admission tickets, event refreshments or gift purchases. Among other things, wireless POS enables visitors to access museum spaces using whichever entrance is most convenient for them, rather than being funneled through a specific door.


We also furnish IoT connectivity for the exhibits themselves, which is increasingly required of artwork hosts, and we are piloting other IoT options. This includes digital exhibit content labels that will ultimately supply artwork information interactively and in multiple languages from a central content repository. We’re also evaluating similar wireless labels for conference rooms, rather than wired digital signage, as a cost-effective and flexible option.


Operationally, we’re adopting various IoT technologies, including wireless security cameras, and have mobilized our maintenance crews. Capabilities such as these, and the many more we expect in the future, are improving experiences for all types of museum staff.


Safe, seamless, reliable


To manage it all, we’re leveraging ClearPass and AirWave extensively.


For Wi-Fi access, ClearPass enables us to segment network traffic to give our staff, partners and IoT devices the needed policy-based connectivity while keeping security strong. For guests, we use a ClearPass skin to harvest guest email addresses, which we provide to our marketing department weekly.


On the network management side, AirWave optimizes both our wireless and wired infrastructure. This was a critical factor in adopting Aruba’s vendor-agnostic solution, as we maintain a heterogeneous IT environment.


Becoming the cultural heart of the city


Most importantly, adopting Aruba’s Wi-Fi solution provides us with exceptional flexibility and scalability going forward. As new hardware and software innovations become available, we can deploy the latest options quickly to meet evolving demands. Plus, we can easily adapt to greater densities and fine-tune our access policies.


With a comprehensive solution in place, we’re also able to evaluate other staff, partner and guest solutions, such as mobile engagement apps and live streaming via Wi-Fi to our outdoor theater.


All these efforts add up to providing superior experiences for our internal and external constituencies which, in turn, will help us achieve our overarching goal: becoming the cultural hub of the city by reshaping and reinvigorating not only the museum experience but also the future of Houston’s civic life.


Shemon Bar-Tal has served as CTO at the Museum of Fine Arts, Houston, since 2001. He is responsible for leading the strategic long-term goals for the institution’s Information Technology department as well as the creation of the museum's long-term technology needs and directing infrastructure acquisitions to accomplish the organization's business objectives. His mission is improving guest and user experiences at the museum through innovative use of technology while containing overall IT costs.

Hot from NRF '18: Secure retail networks are critical!

Wed, 01/31/2018 - 10:00

Fresh off a torrential snow storm in the NYC area, Javits Center hosted the world’s biggest retail showcase, the Big Show! Aruba demonstrated a flurry of new location-based technologies with Aruba Tags, innovations in software-defined networking best practices, and technology partnerships with AT&T, Deloitte, Zoox, and Ziosk (those tabletop tablets you’d find in many casual restaurants).


Many conversations at NRF last year focused on AI and robotics to improve store operations – just like our HPE booth did from a networking standpoint. But this year, with rising interest in software-defined networking (SD-WAN, SDN, etc), customers focused on critical problems surrounding simplicity and deployment. Those I spoke with commonly sent their IT teams on installs for every new store their companies launch to perform some manual, in-store configuration. Even those with cloud vendors had per-site WAN configurations that proved un-scalable.


Likewise, when I delved deeper with these IT leaders around their security practices, the feedback I got was deafening. NAC (network access control) was a huge concern for them, to a degree where the challenges of deploying it outweighed the benefits it brought to the table. The conversation quickly turned into: How can I regain control over my network? What do I do about IoT? How do I streamline my IT business?


Build network security around user experience

Many variables impact branch security, but the primary risks of a breach comes from everyday users and configuration itself. Users themselves bear different degrees of risk to the network, from negligence, compromised devices, or even malicious intent, which can be challenging to analyze. By emphasizing user experience as an organic part of Aruba network architecture, Aruba provides rich insight from what we call context awareness, which can then be used streamline policies that simplify security and network configuration. With context, we can tie a user’s role in the organization (employee, guest, contractor) to a device (phone, tablet, IoT), identify application usage, and location information to permit, limit, or deny access to a certain area of the network.


This was exactly what I demo’ed at our branch pod. By assigning myself to the role of a security administrator, I had unrestricted privileges to view security camera footage and access branch network configuration through our centralized IT dashboard. Likewise, when I logged onto the network as a basic guest user, I effectively changed my role into a public user profile and lost all access to network and security equipment, and even a few Web URLs and applications. This dynamic change in policy can be applied simplistically across hundreds or thousands of locations without any additional manual provisioning.


From a configuration standpoint, this means that highly customizable rules can be applied without manual IT requirements. For example, guest users and store employees would not be able to see or communicate with store surveillance equipment because their role don’t allow them to.


Enhance your WAN with role-based policy


Once you’ve taken user experience into the software layer, you can expand role-based policy beyond WLAN and LAN to impact the WAN edge. A primary use case for roles is with policy-based routing (PBR). PBR enables IT to segment cloud, Internet, or guest traffic, and send them intelligently out to the broadband link, as opposed to overloading the private, MPLS link. This is especially useful in optimizing application performance that can be severely capped at small, remote locations, and simultaneously improve bandwidth efficiencies on private connections.


Simplify management, branch-wide


Aruba Central dashboard

NRF attendees provided some critical takeaways about how crucial simplicity and security are in everyday IT operations. With role-based network management, organizations can introduce software-defined best practices to boost network performance, automate network and endpoint security, and dramatically free up IT resources. For those of you who have yet to explore Aruba’s architectural approach, I encourage you to take a look at Aruba 360 Secure Fabric alongside Aruba Central cloud-based management. For everyone else, I hope to see at our next Atmosphere in Vegas, and of course, NRF 2019!



The 802.11 Standard and You

Wed, 01/31/2018 - 09:46


Where do the standards for Wi-Fi come from? You might already know they come for the IEEE. You've probably seen "802.11" or "IEEE 802.11" referenced at some point. The IEEE is the Institute of Electrical and Electronics Engineers. The IEEE is made up of (you guessed it) electrical and electronics engineers, but also IT professionals, computer researchers, and other people in related professions. Among other activities towards advancing technology, the IEEE has a number of committees that create a whole slew of standards. Let's look at how an idea becomes a standard. It may actually be more complex than how Bill becomes a Law (for those of you old enough to remember Schoolhouse Rock.)


For our purposes, we are going to focus on the IEEE 802 LAN/MAN Standards Committee. The "802" is the committee number assigned to the LAN/MAN standards committee. The 802 committee has Working Groups (WG) that work on specific technology areas within the overall LAN/MAN space. Each WG is assigned a number in their order of their creation, so the 11th WG of the 802nd IEEE standards committee is the 802.11 Wireless LAN Working Group. This 802.11 WG creates the 802.11 wireless standards.


You may be wondering who is in this WG that creates the standards? Since the standards will dictate how manufacturers make their devices work, the WG is made up mostly of people from the vendors. Being on the standards committee is a decent time commitment with travel involved, so it helps if your employer wants you spending time on that and can financially support it. It's obviously in the interests of the various vendors to have input into these standards, so representatives from these vendors make up the bulk of the WG members.


This much sort of explains how we get 802.11, but what about standards like 802.11ac? The process for making changes and enhancements to these standards is called an amendment. Amendments are created by a Task Group (TG) that works within the WG. Task groups are named with letters, skipping a few letters to avoid confusion (like l). When all the single letters are used up, they go back to 'aa', 'ab', 'ac', and so on.  For example, when the 802.11 WG decided they needed to create an IoT optimized version of wireless, they created Task Group ah or "TGah" to design an amendment to the 802.11 standard to provide for Sub 1GHz wireless.


So how do we go from a work group or task group to a standard? Here's the cycle from the IEEE web site: starts with project initiation. Let's use TGah as an example. For this amendment, TGah is formed. This group will discuss the goals of the standard and begin discussing and suggesting the technical changes required to achieve their stated goals. This eventually results in a series of "drafts." These are close to what the final standard will be, but not the final standard. If you've been around wireless a while, you might remember when consumer gear started coming out with "draft n" equipment. It was based on one of these pre-release versions of the 802.11n standard. Once the task group decides they are done, they will vote on whether to submit their final draft to the 802 Executive Committee, who will in turn to send it to the IEEE Revision Committee (RevCom). RevCom then approves this revision to the standard. Phew!


So, using this bit of knowledge of the process, you can actually begin to follow the status of any amendments you are particularly interested in. At the website, investigate the Task Groups menu and you will see a list of the current TG.


For example, if you go to the Task Group AX page, you'll see that they have completed their first draft of the amendment and the current timeline has the amendment being sent to RevCom in December of 2018. You can learn a lot about what's coming and what you need to prepare for by keeping an eye on the TG pages. You can learn a lot diving into their documents, too.


I find it the open process used by the IEEE useful. By keeping track of what the task groups are doing, I can stay ahead of the game on what's coming and that leaves myself and my customers in a better position to make intelligent decisions. I hope you find it useful as well!


Wi-Fi Design Mistake: Not Designing

Tue, 01/30/2018 - 14:06

How hard can it be not to install wires? Well, a lot harder than you might think. If you haven't been working with wireless very long or perhaps if you have been working with wireless for a while, but haven't really dived and how it works, you might be making invalid assumptions. Wi-Fi is it pretty robust protocol, but depending on your environment, the ability of its robustness to hide your design mistakes varies.


The biggest and most common design mistake is not actually designing the network. Radio frequencies (RF) don't always move the way you think they should. While RF does move very much like light, unlike light it has the ability to pass through solid objects to varying degrees. RF often travels much farther than you think. For example, just because all your access points are contained within a building does not mean that all of your RF is contained in the building, too. Most buildings will bleed Wi-Fi with no problem. Whether or not that is an actual issue depends on how you've configured your WLAN and on your policies/desires. For example, let's say you have a guest wireless network that is intended for your clients to use. Perhaps there are other retail or professional offices next door to your location. If your wireless has not been designed with your intended coverage area in mind, you may well be providing free Wi-Fi to the users in those offices and their clients.



An example of this is a location I managed that was surrounded by nearby apartment complexes. Network monitoring told me that even after that location closed, there was quite a bit of use. Since all of the access points were running at full power and the site had not been properly designed, I was unintentionally providing free Internet access for the residents of these apartment complexes. In fact, I later found out that several of the residents had even built directional antennas out of Pringles cans to improve their signal. I found this out after the site's design was improved and they could no longer pick up a usable signal because they came to investigate what had happened to their free Internet! The biggest change there was bringing the power levels on the APs down to a fraction of what they had been, since that was all that was needed for the small site. Design doesn't always have to complex.


New construction in commercial buildings will usually have a number of locations labeled "WAP" on the blueprint that have been placed by the architect. Note: the architect is not an RF engineer. The architect has a rule of thumb, possibly even a standard that he is following, that tells him there should be an AP for every x square feet. This rule of thumb does not take into account the construction of the building. A modern building that is constructed with steel beams, aluminum studs, lots of glass and an open ceiling plan with exposed HVAC is going to require a very different Wi-Fi design than a more residential style stick-built building. The denser the material, the more RF it will block. Usually, you end up with APs in all the wrong locations and you may even end up with far more access points than are actually required for the site.


In these situations, everything is installed and turned on and the network does not work to the satisfaction of users. Some areas will be dead spots and others will have too many APs. Money ends up being wasted because the wireless work will have to be redone. In those situations, hopefully the APs can be moved to better locations, but sometimes you may be stuck with making it work as best you can in the existing locations. In the most wasteful scenarios you may even need to turn half of the access points off completely because having too many access points is causing them to interfere with each other.


Okay, you get it. Wireless networks should be designed. How are you going to do that? Ideally, you own a wireless design tool such as Ekahau Site Survey or AirMagnet Survey Professional. However, neither of these are inexpensive tools if WLAN design is not a task that you are doing regularly. I recommend you hire a consultant who knows how to use these tools to create proper designs. These are usually a "predictive site survey," a mathematical model of the building that makes a guess as to how RF will propagate. You should also check with your VAR, because they may be able to provide design services as part of a wireless equipment purchase or at reasonable cost because you are an existing customer.


If you really want to dive into WLAN design, I suggest checking into the CWNA and CWDP certifications from CWNP. These certifications will both go a long way towards helping you learn proper WLAN design and understanding how Wi-Fi really works. That will help you recognize and solve problems thus improving the networks you are responsible for. And really, isn't that our goal?

GDPR: Control Over My Personal Data, My Fundamental Right

Tue, 01/30/2018 - 10:00

We have long acknowledged fundamental rights like freedom of speech, freedom of thought, and freedom of religion, but what of the right to protect personal data?   According to European Union’s General Data Protection Regulation (GDPR), which goes into effect on 25 May 2018, protection of natural persons in relation to the processing of personal data is also a fundamental right.


GDPR puts the right to control personal data into the hands of the person generating the data in lieu of the data collector. The implications of this Act are far ranging and very impactful for technology companies operating in or with Europe, and the expectation is that non-European countries will also adopt similar regulations.



 Under GDPR any information related to a natural person or ‘Data Subject’, which can be used to directly or indirectly identify that person, is considered personal data. Personal data encompasses one’s name, image, e-mail address, bank details, social networking posts, medical information, and computer IP address.

A Data Subject is a natural person whose personal data is processed by a controller or processor. Every Data Subject has the right to protect his or her personal data at all times, regardless of how those data are conveyed or stored.


A “Data Controller” is an entity that determines the purposes, conditions, and means of the processing personal data, and a “Data Processor” is the organization that processes the collected data on behalf of the Controller. A “Data Protection Officer” is an expert on data privacy who works independently within an organization to ensure that it is adhering to the policies and procedures set forth in the GDPR. The public authority that is established by each member state to ensure consistent monitoring of processing of personal data, equivalent sanction and cooperation between member states is known as a “Supervisory Authority.”


A “Breach” refers to the accidental or unlawful access to, destruction, or misuse of personal data.  Notification must be issued to affected individuals and organizations within 72 hours of the detection of a Breach. 


The Regulation


 If an organization did not obtain consent to process individuals’ data, or violates core of GDPR privacy concepts, then it can be fined up to 4% of annual global turnover or €20 Million, whichever is greater.




Most people do not read the legal agreements associated with installing apps or accessing Web sites, because of its opaqueness and verbosity. Instead they simply click on the “I Agree” button.  GDPR requires that consent be requested and explained in an intelligible and easily accessible form, using clear and plain language. It must also be as simple to withdraw consent as it is to grant it. 


GDPR Rights


GDPR grants users the right to access personal data including how your data are being handled, and if/how your data are being processed.  The Controller must provide a copy of this information in electronic format, as well as the personal data, free of charge. This change represents a dramatic shift in data transparency and the empowerment of users.


GDPR also grants the right to be forgotten. Today when we browse a Web site we have no control on how our actions and interest are captured, e.g., they might be sold back to us in the form of advertisements and recommendations. Also known as “Data Erasure”, the Right to be Forgotten entitles users to have the Data Controller erase his or her personal data, cease further dissemination of the data, and prevent third parties from processing the data.


Data Portability” is the  right to see all stored versions of your personal data stored and order the data to be moved to another Data Controller. GDPR includes the right to data Portability, such as moving all your digital medical records from one hospital to another. Try doing that today and you’ll understand how powerful and far reaching this right is.


Finally, GDPR provides “Pseudonymisation”, an entity can only store and process Pseudonymised data without reference to an individual unless that individual considers to allow non-anonymized data storage & processing.


Building a secure future

Technology is a double edged sword. With technologies like Big Data analytics, Machine Learning (ML), and Artificial Intelligence (AI), we run the risk of a world devoid of privacy regulations.  GDPR helps avoid such a scenario by making companies accountable for the way in which they use data about you.  With right regulation the next generation Internet will allow individuals and businesses to flourish without ambiguity. With GDPR and similar privacy regulations, emerging technologies like Blockchain, Big Data, ML, and AI can build the foundation for a secure digital future with privacy and security at its heart.


Learn More

Deepen your knowledge of GDPR.


Read my previous blogs on blockchain:

Blockchain, IoT and Emerging Blockchain Technologies

Can Blockchain Scale to Meet Enterprise Needs?


Like this blog? Share it on social media or give it a thumbs-up using the buttons below.

Onion Approach to WiFi Troubleshooting Basics - Not Mobile - Cable It

Fri, 01/26/2018 - 09:04

Vendors are coming out of the woodwork and putting WiFi radios in everything! Devices that had a tethered cable for years are now coming in with WiFI radios. Guess what, they aren't MOBILE. They are stationary devices with no chance ever moving. 


So what is the problem ?


  • Driver updates might be limited 
  • Vendor support may be next to nothing 
  • Another device to manage and support - Who will get the call when they have issues - YOU
  • Could open up security vulnerabilities 
  • Pending on application requirements might cause excessive contention 
  • Might not support 5 GHz and add to problematic 2.4 environments 
  • Might not support all the UNII channels 
  • Might have poor receive
  • Might have poor transmit power 
  • While stationary, may not be placed optimally for optimal signal strength 
  • Radio may not support your security 
  • Radio may be a poor roamer — YES stationary devices do roam from time to time


Depending on an individual deployment or a accumulative deployment, you could add thousands of non mobile devices to your WiFi network over time. This leads to unnecessary contention.


My general rule of thumb: if it can be cabled, cable it !  Of course, you need to weigh all the options and cost. Be very carful opening that pandoras box, because if you let one in more and more will come! 




Now Common Criteria Certified, ClearPass is Ideal for Highly Secure Environments

Thu, 01/25/2018 - 06:00

An increasingly digital world has created new levels of convenience and efficiency, but cyberattacks have been an unintended consequence. Mobile, cloud, and IoT are changing how people live and work, but they also significantly expand the attack surface. It’s no surprise that security teams are taking huge steps to protect their organizations against relentless—and increasingly successful—cyberattacks. Many security teams look to validated security standards to enhance their confidence in the products they deploy so they can protect their organizations in an increasingly complex and dangerous threat environment.


In more than 28 countries around the world, the gold standard for security is the Common Criteria. Governed by ISO/IEC standards bodies, the Common Criteria testing and validation program evaluates and ensures that IT products perform to high and consistent standards.


The Common Criteria is mandated for products used by US federal agencies, especially defense and intelligence, as well as critical infrastructures like power plants and dams. But increasingly, security professionals in the private sector look for products that are Common Criteria certified. Healthcare, financial services and other industries that must maintain highly secure environments are relying on the Common Criteria for independent validation that their IT products are safe and secure.


We have been at the forefront of Common Criteria certification across our product portfolio, including wireless access points, switches, mobility controllers, and remote VPN software. Now, we are proud that ClearPass Policy Manager is the first network access control (NAC) solution in the industry to be awarded Common Criteria certification under a government-approved protection profile.



In January 2018, ClearPass was awarded Common Criteria certification under both the Network Device collaborative Protection Profile (NDcPP) and the Authentication Server Extended Package. The certification was awarded by the National Information Assurance Partnership (NIAP), the US government initiative that oversees the Common Criteria program. ClearPass certification was validated through Gossamer Security Solutions, a world-renowned independent testing lab.



The Network Device collaborative Protection Profile (NDcPP) is a baseline for any network-connected device or system – in essence, if a product can connect to a network, it should meet these standards. The tests focused on security requirements covering authentication, encryption, physical security, X.509 certificate validation, known vulnerabilities, and TLS/SSL processing.  The Extended Package for Authentication Servers is an add-on for NDcPP and assesses functionality and security specific to RADIUS authentication servers.


The certification also qualifies ClearPass to participate in the US National Security Agency’s Commercial Solutions for Classified (CSfC) program. Now, US government customers deploying classified communications systems under the CSfC program may use ClearPass to authenticate a user and device access over wired, wireless and remote connections.



 Continuing our Security Leadership



ClearPass has long been known in security circles as a great NAC solution, but Aruba may be the best security company you’ve never heard of. For years, we were the only NSA-approved solution for Suite B (now known as the somewhat-longer “Commercial National Security Algorithm Suite”) wireless connectivity. Our access points and controllers have long been FIPS 140-2 and Common Criteria validated. We’re one of the only companies in our industry with a bug bounty program.  And we’re breaking new ground with IntroSpect User and Entity Behavior Analytics (UEBA), which uses machine learning to spot changes in user behavior that give security teams insights into malicious, compromised or negligent users, systems and devices, so they can cut off the threat before it does damage. 


Go Deeper

Download the ClearPass Solutions Brief. 

Learn what’s new in ClearPass Policy Manager 6.6.3 release.


Read my previous blogs:

FIPS… Common Criteria… What Does It All Mean? 

FIPS… Common Criteria… What Does It All Mean? (Part 2)


Did you like this blog? Share it on social media or give it a thumbs-up using the buttons below.