Bringing the Best Value to Enterprise Networks

WLAN Services

Sales Training Presentation

April, 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Why Alcatel-Lucent Complete communication solutions provider Market leadership in key data, voice, video and fixed mobile convergence technologies
turnkey solutions
over 500,000 customers Presence in over 130 countries

data/IP

voice

broadband

satellite

outsourcing

optical

submarine

#1 in broadband, switching, optics, satellite, telecom,

2 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

What Can Alcatel-Lucent Enterprise Solutions Do For You?

Build the IP Communications House
Open software solutions business telephony business applications contact center collaboration unified communication mobility

Communications Applications

Voice over IP

VoIP

IP softphone IPTouch phones OmniPCX Enterprise OmniPCX Office

IP Network Infrastructure

High

availability infrastructure LAN WLAN WAN security

3 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

How Do We Approach IP Networking?

Provide the Best Value for Enterprise Networks To provide our customers with the industry's best value in highly available, secure and easy to manage network solutions

Manageability

simple ideal second source common edge / core, chassis / stack superior management solutions

Availability

designed for convergence cost-optimized for redundancy smarter availability and QoS

Security

pervasive security on every port

user-centric user profiles mobile concurrent security and mobility

4 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Enterprise WLAN
A Business Solution

April, 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Enterprise WLAN
The Business Benefits

Mobility
enterprise-wide WLAN guest access

Location tracking
users equipment assets

internal WLAN hotspots

remote / branch office access small office, home office access

security

Converged communication services

converged mobile devices

fixed / mobile convergence

6 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Enterprise WLAN
Requirements / Challenges

Deployment
no disruption of existing network RF engineering new infrastructure network redesign and upgrades

Security
authentication and encryption identity-based security and guest access rogues, ad-hoc networks, hacks and attacks firewalling

Management
design and configuration monitoring troubleshooting growth

Availability
coverage reliability mobility performance

Convergence
QoS security load balancing voice-aware

7 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Addressing the Management Challenges

Planning, Deploying and Managing Simplest RF planning tool Zero-touch AP deployment model Adaptive radio management Real-time coverage maps Centralized configuration and monitoring Integrated packet capture for easy troubleshooting Integrated location tracking

8 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Addressing the Availability Challenges

Reliability, Coverage and Mobility VRRP-based redundancy requires no AP provisioning APs automatically become aware of redundant topology when deployed across L3 boundary

Split-second VRRP Failover

HotStandby

Modular architecture for scalability

Remote office connectivity with site-to-site VPN Home office connectivity with remote AP Mobile office connectivity with client VPN
Built-in Site-tosite IPSec VPN

Data Center

Internet
Branch Office
Remote AP with IPSec VPN

Regional Office

Auto-awareness of Redundant topology (No priming needed)

Home Office
Public Hotspot
OAW Client

9 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Addressing the Security Challenges

Authentication, Authorization and Control

Integrated stateful firewall Role-based access control Built-in client integrity Centralized 802.11i security Built-in AAA services L1-L7 wireless IPS Rogue detection services Quarantine Manager
Built-in Rogue Detection & Containment Direct Interface to Microsoft Active Directory

Active Directory

Wireless Controller

Rights, QoS, VLAN

Centralized Encryption Keys

Wired L2 / L3 Transport

Access Point
SSID: CORP SSID: GUEST SSID: VOICE

Rogue AP
Scan & Quarantine Un-trusted Users Employees

Voice

Guest

10 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Addressing Enterprise Applications

Convergence Services to Meet the Needs of Business

QoS for application-aware traffic management Security to protect the network, users, and remote clients Load-balancing automatically distributes clients across multiple APs Application-aware design allows better management of time sensitive applications (voice)

11 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Adding VoIP is Easy with OmniAccess Wireless

Bi-directional QoS on wired and wireless network

Voice flow classification ensures QoS for converged devices with single SSID for voice and data Call admission control ensures QoS in the wireless environment Secure devices that support only MAC auth against spoofing

1 Protocol-aware voice
flow classification and security Wired

2 802.1p or DSCP
prioritized voice packets

Data Packets

3 Call admission control

distributes call volume between access points Wireless

Converged voice and data packet stream with WMM tags

Single ESSID for Voice & Data

RF management 5 channel scanningstops when voice clients are present

12 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

The Complete Wireless Solution

Integrates All Wireless Services for Ease of Use

WLAN controller
802.1x AAA server

802.11i encryption
WLAN management Location appliance Role-based firewall site-to-site VPN NAC appliance
13 | Enterprise Networks | March 2007 All Rights Reserved Alcatel-Lucent-Lucent 2007

all in the OmniAccess Wireless Controller

Alcatel-Lucent WLAN Offering

Complete Solution for the Enterprise
Campus

OmniAccess 6000

128, 256, 512 access points Integrated firewall, IDS / IPS Centralized encryption
Building / floor

OmniAccess 4324 4308

16, 48 access points Integrated firewall, IDS / IPS Centralized encryption

Floor / remote office

OmniAccess 4304 4302

4, 6 access points Integrated firewall, IDS / IPS Centralized encryption

Access points

Software modules Client Integrity Advanced AAA Policy Enforcement Firewall External Services Interface Wireless Intrusion Protection (WIP) Remote AP licenses

OmniAccess Access points

Adaptive personality Rogue AP detection / containment Support for VoWLAN Indoor / outdoor APs Multiple antenna options
All Rights Reserved Alcatel-Lucent-Lucent 2007

802.11a 802.11b/g Dual 802.11a and b/g

14 | Enterprise Networks | March 2007

Alcatel-Lucents WLAN Solution

Headquarters

Regional Headquarters
Branch Office Small/Home Office

April, 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless
Deployment Options
OAW-AP70

OAW-4324 OAW-AP70 OAW-4308 or OAW-4304

OAW-6000 HEADQUARTERS

OAW-AP61
BRANCH OFFICE

WAN
OAW-AP61

OAW-AP70 OAW-4324 SMALL / HOME OFFICE

OAW-AP70

REGIONAL HEADQUARTER
16 | Enterprise Networks | March 2007 All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless
4300 / 6000 Portfolio Number of APs *
Branch / SMB Regional HQ Large Branch Medium - Large HQ OAW-6000-512

512

256
OAW-6000-256

128 48
OAW-4308 OAW-4324

Pay as you grow capability

OAW-6000-48/126

16
OAW-4302

6
200 Mbps 400 Mbps 1 Gbps 3.6 Gbps

Performance
(Mbps of encrypted traffic throughput)

7.2 Gbps

* 802.11n AP count will be different

17 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Access Points

Indoor Access Point Portfolio

OAW-AP70

OAW-AP65 OAW-AP60/61 Advanced dual band deployments - Efficient RF coverage - External antenna support - In or out ceiling installation - PoE or external AC powered - Dual Ethernet ports - USB port for extensions (e.g. Spectrum Analyzer)

OAW-AP41

Cost-effective single band deployments - Simple RF environments - Out of ceiling installation - PoE powered

Single band deployments - Efficient RF coverage - In or out ceiling installation - PoE or external AC powered

Dual band deployments - Efficient RF coverage - In or out ceiling installation - PoE or external AC powered

18 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Access Points

Outdoor and Bridging Solutions Supported applications
802.11a and/or b/g AP

AP-80P/MB/SB

Versions
OAW-AP80P outdoor thin AP OAW-AP80SB outdoor point to point bridge fat AP OAW-AP80MB outdoor point to multi-point bridge fat AP

Designed for:
extreme, all-weather deployment
AP-80SB

AP-80MB

AP-80SB

HOST SITE
Layer 2/3 networks

AP-80SB

AP-80SB

REMOTE SITE

AP-80SB

WDS 802.11a or b/g

AP-80MB and SB

AP-80SB

19 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

Base Feature Set

OMNI VISTA MOBILITY MANAGER OmniAccess WLAN switch base software Alcatel-Lucents standard WLAN software provides unprecedented control over the entire wireless environment, offering intelligent / centralized WLAN switching and advanced services

Advanced services (included in Base Software) WLAN switching and RF management Policy management Adaptive Radio resource Management (ARM) Authentication choices Association choices User services Mobility Intrusion detection Feature management
All Rights Reserved Alcatel-Lucent-Lucent 2007

20 | Enterprise Networks | March 2007

OmniAccess Wireless Features and Services

Additional Hardware and Software Modules

OMNI VISTA MOBILITY MANAGER OmniVista Mobility Manager

Centralized visibility of the mobile edge

Switch level modules

Policy Enforcement Firewall module

VPN Server module Wireless Intrusion Protection (WIP) module Client Integrity module External Services Interface module xSec Remote AP licenses

21 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Alcatel-Lucent OmniVista Mobility Manager

Centralized Visibility of the Mobile Edge

OmniVista Mobility Manager

centralized, real-time view of mobile edge networks troubleshooting from a network operations center stores historical data for custom reporting facilitates network planning provides best-of-breed integration with API locates any Wi-Fi device, anywhere on the mobile edge
Regional Office

Data Center

LAN / WAN INTERNET

Headquarters Home Office

Branch Office

22 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

Policy Enforcement Firewall Module

Policy Enforcement Firewall module

user and group policy enforcement through an integrated, ICSA-certified stateful firewall

security policies can be centrally defined and enforced on a per-user or per-group basis
policies are enforced dynamically, following users as they move and taking into account a variety of metrics such as:
user location time-of-day device type authentication method

Key benefits role based services for user / group class of service differentiation, bandwidth contracts firewall permit/deny/drop/log (ICSA certified to version 4.1 corporate standard) QoS - priority traffic queues, Wi-Fi voice prioritization

23 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

VPN Server Module

VPN Server module

integration support for a variety of VPN implementations
eliminates need for discrete, external VPN concentrators

hardware acceleration provides LAN-speed VPN connectivity both client termination as well as site-to-site VPNs are supported supported VPN protocols include:
L2TP/IPSec IPSec/XAUTH PPTP

Key benefits complete client VPN services - PPTP, L2TP/IPSec site-to-site VPN services - IPSec NAT-T transport mode tunnels between OmniAccess WLAN switches or third-party VPN concentrators

24 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

Wireless Intrusion Protection Module

Wireless Intrusion Protection module

patented classification technology that identifies and protects against vulnerabilities and malicious attacks
rogue APs ad-hoc networks client and AP impersonation denial of service attacks man-in-the-middle attacks

Key benefits detection of: - network probing and DoS attacks, impersonation and man-in-the-middle attacks - unauthorized devices (ad-hoc networks,Windows bridging, wireless bridges) prevention of: - clients roaming to unauthorized APs - attempted intrusion

25 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

Client Integrity Module

Client Integrity module

advanced network admission control for wireless clients automatically detects, quarantines and repairs infected or mis-configured devices before network access is granted simple, browser-based application
does not require the installation of an agent on each device

Key benefits embedded Sygate On Demand agent support for host integrity policy enforcement user quarantine - client session role change (quarantine) with Sygate Note: requires that the Policy Enforcement Firewall module is installed

26 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

External Services Interface Module

External Services Interface module

standards-based extensibility allows an OmniAccess WLAN switch to communicate with external service devices support advanced interaction with authentication, authorization, and accounting (AAA) services infrastructure

Key benefits choice of AAA server for authentication XML API for captive portal (external captive portal server support) content inspection with external appliance, Fortinet integration Note: requires that the Policy Enforcement Firewall module is installed

27 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

xSec Module

xSec module
termination of highly secure xSec client sessions link-layer 256-bit AES-CBC encryption with complete header obscuration for highly sensitive environments enables encryption of trunk ports between mobility controllers based on the same strong encryption standard

Key benefits client/server xSec: termination of AES layer 2 xSec secure VPN sessions point/point xSec: termination of AES layer 2 xSec secure VPN switch port session

28 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

OmniAccess Wireless Features and Services

Remote AP License Module

Remote AP module
securely extend corporate wireless functionality to any location with an Internet connection remote APs allow seamless, corporatelike WLAN connectivity
remote office home anywhere a mobile worker chooses to work

Key benefits remote access point - termination of remotely deployed APs using IPSec transport local bridging - termination of data traffic at the remote AP survivability - pre-shared key for backup WLAN encryption during WAN failure

29 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Completing the Solution

Benefits of Alcatel-Lucents Enterprise Portfolio End-to-end, highly available, consistent solution complete set of switching solutions sharing common feature set thus enabling the perfect fit for any need superior availability for better voice services Smart PoE for every need PoE flavors for all switching needs dynamic power allocation allowing maximized efficiency Enhanced security unique support of 802.1x authentication not recognition but authentication Best in class support for VoWLAN roaming, handover, QoS, security Single management platform wired, wireless and voice management on the same server same GUI and look and feel across applications

30 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

Summary: The Alcatel-Lucent solution

Delivering business benefits mobility location tracking converged communication services by meeting the Wireless LAN challenges Easy to deploy Easy to secure Easy to manage Easy to scale Best-in-class functionality for lowest TCO

management
security availability convergence services

Easy to add voice

31 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007

www.Alcatel-Lucent.com U&ME

Authorized Distributor in Viet Nam

32 | Enterprise Networks | March 2007

All Rights Reserved Alcatel-Lucent-Lucent 2007