Ten billion mobile devices will populate our planet by 20161, and this proliferation in mobility is promoting the need for wireless connectivity. Many organizations are responding to this trend and providing guest Wi-Fi access, which presents many opportunities but also unknown risk. In addition, organizations are looking for ways to not only leverage Wi-Fi as a mere connectivity vehicle, but also a platform to deliver innovative user services and enhance the customer experience.
The Cisco® Mobility Services Engine (MSE) is a platform that provides a centralized and scalable way to deliver the following mobility services:
• Location Services increase visibility into the network by capturing and consolidating crucial information about RF spectrum, sources of RF interference, and devices and users on the network. Location Services also enable a rich set of real-time location services (RTLS).
• Advanced Location Services enable enterprises and service providers to deliver customized location-based mobile services to end users and use location analytics to gain insights into end-user behavior while in their venue.
• Wireless Intrusion Prevention System (WIPS) protects the network from wireless threats, rogue wireless devices, and denial-of-service (DoS) attacks to improve security and meet compliance objectives.
Product Benefits
The Cisco Mobility Services Engine with Location Services, Advanced Location Services, and WIPS provide the following industry benefits:
Table 1. Mobility Services Engine Benefits
Industry
Solution
Retail
• Improved shopping experience through mobile services
• Identification of customer trends and high-value shoppers
• Helps address PCI requirements
Healthcare
• Enhanced patient engagement through mobile services
• Equipment tracking
• Helps address HIPAA requirements
Transportation
• Planning and efficiency through passenger tracking and location analytics
• Enhanced passenger experience through augmented reality applications
Hospitality
• Improved guest experience through relevant mobile services and secure Wi-Fi
• Business efficiency and staff planning through guest location analytics
Technology Overview
Designed as an open platform, the MSE supports mobility services software in a modular fashion, with various configuration options based on network topology and the types of services required. The true value of the MSE is delivered through the various mobility services applications. Table 2 provides options of APIs, services, and platforms, and the remainder of this document will go into further detail.
Table 2. Mobility Services Overview
Feature
Benefits
APIs
• Application interface
• Mobile app API
Services
Location services
• Track and trace interferers, rogues, Wi-Fi clients, and RF tags
• Geo fencing/zone-based alerts
• Presence detection
• Systemwide interferer details
• Interferer event correlation
• Visualization of interferer zone of impact and interferer notification
Wireless intrusion prevention
• Detection and mitigation of security penetration and DoS attacks
Advanced Location Services
• Mobile concierge
• Location analytics
Platform
• Physical appliance
• Virtual appliance
Wireless Architecture Overview
Cisco MSE supports a wide variety of architectural models to support the needs of large, scalable centralized and distributed networks. Three models are presented:
• Wireless LAN controller (WLC) and MSE deployed locally: no WAN dependency
• WLC deployed locally and MSE deployed remotely: WAN dependency, 1 kbps per 50 endpoints
• WLC and MSE deployed remotely: no WAN dependency
Cisco supports existing and future software, including:
Cisco CleanAir® technology is an effective tool to monitor and manage your network's RF conditions. The Cisco MSE extends those capabilities. Table 3 provides a summary of CleanAir plus MSE offers.
Table 3. CleanAir plus MSE Offers
CleanAir Access Points
(3500, 3600) plus WLC
CleanAir Access Points plus WLC plus MSE
Rogue mitigation
Yes
Yes
Detect, classify and mitigate interferers
Yes
Yes
Maintain air quality
Yes
Yes
Detect Layer 1 exploits
Yes
Yes
Track and trace rogues
No
Yes
Security penetration and DoS attack mitigation
No
Yes
Systemwide interferer details and event correlation
MSE with RTLS provides presence detection and real-time location tracking, including track and trace of rogue devices, interferers, Wi-Fi clients, smartphones, and RFID tags.
Cisco Advanced Location Services
Enhancing customer experience and attracting and retaining customers are essential to any business, and Cisco Connected Mobile Experiences (CMX) deliver that experience using the Cisco Wi-Fi network and MSE Advanced Location Services. Cisco Advanced Location Services include location analytics and mobile concierge.
• Location analytics provide real-time location analytics alongside historical trends, enabling greater visibility into customer movements and patterns through trending data. IT can use analytics to determine network utilization, peak usage, and the number and types of devices on the network. Lines of business can better understand how customers behave while onsite by tracking Wi-Fi signals within their venue, documenting their movements throughout facilities and using this rich, context-aware data for engaging with customers better.
• Mobile concierge is a primary feature of Cisco MSE that allows engaging users through a native app on a smartphone. It also includes the mobile concierge SDK, a developer's kit that provides an easy-to-use approach to developing applications and services that use the MSE and provide content that is highly personalized for the individual and the context. The application partner ecosystem can use these APIs to provide access to applications and services developed by third parties for use with the MSE. The mobile concierge SDK allows end users to receive push notifications transparently onboarded to the Wi-Fi network and to receive personalized services.
• Mobile concierge also enables service discovery through Layer 2 Mobility Services Advertising Protocol (MSAP). This allows service discovery without associating to the network and without requiring a mobile app on the smartphone. This capability will be available on Android phones shipping in CY13 with the Snapdragon silicon from Qualcomm Atheros. Qualcomm Atheros will also deliver precise indoor location capabilities on mobile devices by interoperating with Cisco Wi-Fi infrastructure.
Table 4 provides a detailed list of the features offered with the Location Services and Advanced Location Services licenses.
Table 4. Location Services Comparison
Feature
Location Services
Advanced Location Services
Advanced spectrum
Yes
Yes
RTLS
Yes
Yes
Location analytics
No
Yes
Mobile concierge
No
Yes
Cisco WIPS
With more devices coming onto the network, organizations are faced with unknown risk as well as compliance concerns. The Cisco WIPS monitors, mitigates, and reports malicious activity on the wireless network, including rogue access points, security penetration attacks, and DoS threats. This enables you to reduce liability, protect reputation, and help make sure of regulatory compliance.
Table 5 provides a summary of WIPS functionality that comes with WLC, WLC plus MSE, and WLC plus MSE plus CleanAir.
Table 5. Cisco WIPS Comparison
Feature
Base WIPS (WLC)
Adaptive WIPS (WLC plus MSE)
Adaptive WIPS (WLC plus MSE plus CleanAir)
Rogue access point and ad hoc rogue detection, classification, location tracking, and containment
Yes
Yes
Yes
Switchport tracing and disabling
Yes
Yes
Yes
Management frame impersonation detection
Yes
Yes
Yes
Rogue containment when WAN is down
Yes
Yes
Yes
Internal and external rogue access point detection and containment times
Yes
Yes
Yes
Smartphone tethering detection and containment
Yes
Yes
Yes
Location tracking and containment for DoS attacker and nonauthorized device that is trying to associate internal access point
Yes
Yes
Yes
Wired Equivalent Privacy (WEP) cracking detection
Yes
Yes
Yes
MAC spoofing rogue's detection and containment
Yes
Yes
Yes
Auto MAC learning and Internet connection sharing (ICS) detection
Yes
Yes
Yes
Internet connection sharing (ICS) detection
Yes
Yes
Yes
Enterprise-level alarm/event correlation
Yes
Yes
Yes
Attack signature threshold customization
Yes
Yes
Yes
Off-channel rogue detection and location, integrated into infrastructure
Yes
Yes
Yes
DoS signature updates
No
Yes
Yes
Wireless intrusion signature updates
No
Yes
Yes
Attack forensics (all signatures)
No
Yes
Yes
Non-Wi-Fi transmitter detection and location
No
No
Yes
Non-Wi-Fi bridge detection and location
No
No
Yes
Non-Wi-Fi access point detection and location
No
No
Yes
Layer 1 DoS attack location and detection
No
No
Yes
For More Information
For more information about the Cisco MSE and the services it provides to the Wi-Fi network, visit http://www.cisco.com/go/mse.
