Optimize the Utilization and Security of Your Wireless Network with Context Awareness
PDF(272.7 KB) View with Adobe Reader on a variety of devices
Updated:May 19, 2008
By integrating contextual information into their network management applications, companies can optimize network performance, enhance security, and accelerate troubleshooting response times, ensuring end-user satisfaction while at the same time maximizing their WLAN bandwidth and quality of service (QoS). For businesses that have already deployed a Cisco
® Unified Wireless Network, Network Location Services applications based on the Cisco Context-Aware Mobility solution are a fast and cost-effective way to enhance visibility into their wireless usage. These services make it possible to dynamically fine-tune real-time capacity planning and resource allocation, to quickly locate and contain potential security threats, to track a variety of Wi-Fi clients within the facilities, and to monitor processes and identify opportunities to optimize them.
While wireless connectivity and mobile solutions bring freedom, increased productivity, and communication effectiveness to businesses, it also brings new challenges for enterprise IT departments. Users and devices move across the network and have different usage patterns over time, making network resource allocation a dynamic process. Businesses can compensate for this lack of predictability by increasing visibility into the usage and movement of people and assets. In this way, they can make monitoring, troubleshooting, and management of network performance easier, which often results in a better end-user experience, more efficient capacity planning, and appropriate resource allocation. Visibility also increases the enterprise's ability to implement and enforce uniform security policies based on location.
While advanced WLAN networks such as the Cisco Unified Wireless Network provide a high level of security and allow IT managers to contain security threats without manual intervention, it is always desirable to get to the root of the issue in addition to treating the symptoms. Once rogue devices are detected and contained, the next logical step is to physically locate and identify these devices. Location information enhances wireless LAN protection by providing network managers with the information necessary to physically locate rogue wireless LAN (WLAN) access points, devices, or users who attempt to access or attack the network.
Solution: Network Location Services
As part of the Cisco Context-Aware Mobility solution for clients (Figure 1), Network Location Services applications provide location information and tracking capability for Wi-Fi-enabled clients.
Figure 1. Cisco Context-Aware Mobility Solution
The different components of the Cisco Context-Aware Mobility solution needed for Network Location Services applications are:
• Client devices: Any Wi-Fi device that connects to the WLAN, including laptops, dual-mode phones, and wireless IP phones, can have its associated location information captured.
• Cisco Unified Wireless Network: This is the only unified wired and wireless network solution that cost-effectively addresses the wireless network security, deployment, management, and control issues that businesses face, in addition of context-aware needs.
• Mobility Services Engine (MSE): A central element of the Cisco Unified Wireless Network, the MSE platform hosts the Cisco Context-Aware Mobility solution software that captures, stores, and analyzes contextual information from any wired and wireless network connected to the Cisco Unified Wireless Network.
• Cisco Context-Aware Software for clients: The Cisco Context Aware Software runs on the Cisco Mobility Services Engine. Cisco Context-Aware Software makes it possible to capture and integrate into the business processes detailed contextual information such as location and the availability of an asset. The Mobility Services Engine for clients processes data received from Wi-Fi client and uses received signal strength indication (RSSI) technology to identify the location of mobile clients, allowing customers to continuously and seamlessly track assets as they move across the facility.
• Cisco Wireless Control System: This management tool allows IT managers to design, control, and monitor enterprise wireless networks from a centralized location, simplifying operations. It enables IT managers to visualize the layout of their wireless network and monitor ongoing WLAN performance. This includes detailed heat maps that show RF coverage on top of imported floor plans. In conjunction with the Cisco Context-Aware Mobility solution, the Cisco Wireless Control System makes the location of coverage holes, interference, or rogue devices instantly visible and provides key statistics for easy WLAN monitoring and asset utilization.
• Cisco Compatible Extensions program for client devices: In order for client devices to fully benefit from the innovative features offered by the Cisco Unified Wireless Network as they relate to security, QoS, and battery savingsin addition of the Wi-Fi standard, Cisco compatible devices are recommended.
Network Location Services Defined
Cisco Context-Aware Mobility solution, enterprises can instantly benefit from the ability to dynamically capture location information from natively Wi-Fi-enabled devices such as laptops and wireless IP or dual-mode phones on their campuses.
In addition to providing wireless connectivity for the Wi-Fi devices, access points monitor the air space to detect the presence of the wireless clients and send this information to the Cisco Wireless Control System. This information can also be sent to the Cisco Mobility Services Engine so the Cisco Context-Aware Software can use it to calculate the location of each device and store it. The Cisco Wireless Control System is a centralized management application that is especially designed for IT managers and that integrates with Cisco Context-Aware Mobility solution. It displays the location information on the same map used to monitor and manage the WLAN, as shown on Figure 2, providing a dynamic application for IT managers who want to locate interference and security threats, and need asset visibility for WLAN devices to monitor and optimize business processes.
Figure 2. Cisco Wireless Control System: Simultaneous Location Tracking for Thousands of Users, Devices, and Access Points
Real-Time RF Capacity Management and Visibility
As part of the
Cisco Context-Aware Mobility solution, the Network Location Services features available on the Wireless Control System allow IT staff to do more than just track Wi-Fi devices. These features also allow IT staff to examine usage behavior and generate location-based trend reports to accommodate changes in traffic patterns.
A variety of useful information for enhanced RF capacity management can be generated. This information can be based on location trends (where people have been and when-for example, client distribution across a floor), statistical location information (where wireless users have been and associated traffic analysis), and coverage areas (where hotspots are, using the volume of people and traffic to determine how concentrated RF resources are and how the WLAN is handling the number of clients).This enables more effective RF capacity management and resource allocation, rapid trouble resolution, and an enhanced end- user experience. For example, additional bandwidth can be provided to dense usage areas to ensure quality of service for end users at peak times.
In addition to the trend reporting capabilities, Network Location Services applications also provide a variety of planning and post deployment tools to simplify the implementation and management of wireless resources, such as the ability to identify the location of coverage holes for particular deployment scenarios, including data, voice, or enhanced context-aware services.
Enhanced Wireless Security
The Network Location Services features available on the Cisco Wireless Control System allow IT managers to quickly and accurately locate security threats such as rogue access points and devices (Figure 3). Rogue access points create potential security breaches and unsecured WLAN connections that put the entire network at risk. Most of the time rogue devices are installed by well intended employees who have Wi-Fi at home and bring consumer grade products into the enterprise to be mobile there as well. Knowing the location of rogue devices helps IT managers respond faster to security threats and unauthorized attempts to access the network. It provides enhanced WLAN security by helping ensure that legitimate client stations associate only with trusted access points. IT managers can also use features such as location-based alerting and high-resolution rogue tracking to establish a framework for location-based security-further elevating WLAN security.
Continuous monitoring of the location of Wi-Fi devices and wireless network resources as well as their historical patterns provides additional visibility into existing processes and possible new business applications and workflows that can benefit from process enhancements. For example, monitoring laptops and wireless devices and their historical usage can help IT managers optimize inventory management and more effectively plan new lease requirements.
Network Location Services applications deliver tangible benefits to enterprises running business-critical wireless LANs. The benefits include:
• Increased network visibility for real-time capacity planning, improved wireless network resource allocation, and business policy enforcement based on end-user location in the facility
• Scalability and flexibility to track thousands of Wi-Fi clients and their historical usage patterns
• Decreased total cost of ownership and simple and fast implementation reusing the existing wireless LAN infrastructure
• Centralized quick and easy browsing of all devices across different geographies, campuses, buildings, floors, and areas
• Real-time identification and location of rogue access points and devices improving network security
By providing the ability to dynamically capture the native location information of Wi-Fi-enabled devices such as laptops, wireless IP, and dual-mode phones on the premises, Network Location Services become critical applications for customers in industries such as healthcare, finance, retail, and manufacturing.
Since August 1996, U.S. healthcare providers have been required by law to comply with the Health Insurance Portability and Accountability Act (HIPAA), a national standard to protect the privacy of personal health information while allowing the flow of health information needed to provide high-quality health care. All WLAN security must assure compliance with medical information confidentiality and HIPAA regulations. Given the overwhelming concern with maintaining the security of patient information and preventing intrusions from exterior sources, healthcare organizations can benefit from deploying Network Location Services to quickly detect and contain potential security threats and protect confidential patient information. Rich historical location information provided by the Cisco Context-Aware Mobility solution can be used for audit trails and regulatory compliance.
A couple of years ago, officials at the University of Arizona began to realize that a school known for outstanding research needed to offer its students and faculty an outstanding wireless network.
"There were complaints that the University of Arizona was behind the times because they did not have a campuswide wireless network," says Michele Norin, executive director of central IT at the University of Arizona. Although various staff members had scattered some individual wireless LANs around the campus throughout the years, students were frustrated by the lack of ubiquity. The multiple WLANs also posed a security risk, because IT staff had no control over access and authentication for each network.
The deployment of a pervasive Cisco Unified Wireless Network with Network Location Services helped the university enhance their network security and quickly respond to security threats. It also helped the university identify hotspots and assign additional wireless network resources to these dense usage areas on campus.
Just as healthcare organizations are required to comply with HIPAA standards, retail organizations need to comply with the Personal Cardholder Information (PCI) data security standard. The standard requires that merchants build and maintain a secure network, including wired and wireless networks, to protect and encrypt card holder information.
Network Location Services allow merchants to protect and control sensitive credit card transactions and card holder information by offering enhanced security for their wireless networks. The applications provide enhanced visibility and an effective way to quickly identify and physically locate potential security threats from both internal and external sources, as well as provide the required audit trails for compliance.
Customers need a cost-effective, easy-to-deploy solution for tracking and managing Wi-Fi devices across a variety of business environments. They also need to enhance their business applications and meet the regulatory requirements for enhanced security and asset visibility.
Network Location Services applications, based on the Cisco Context-Aware Mobility solution, meet these needs by natively delivering accurate and scalable location information for Wi-Fi device tracking. This easy-to-deploy solution provides asset visibility for Wi-Fi-clients, enhanced capacity management, location-based business policy enforcement, and increased WLAN security for the Wi-Fi environment.