Tom,
Let me state up front that I'm a big CBA (as you call it) proponent and
that we use the Aruba product line at Emory.
I agree with your advantage 3 points listed (roaming, fast hand-off &
automagic radio control), but there are others you missed.
1) Single ingress point for wireless traffic to your wired network (at
the controller) - this gives you a single place to create VLANs/subnets
for different SSIDs or groups of users. I can add a new SSID to support
a specific group (guest users, for example) and create one VLAN/subnet
at the controller for that group - all wireless traffic is tunneled back
to the controller by the AP. With fat APs I'd have to create VLANs or
VLAN instances at each AP where I want presence for that SSID.
2) Built-in firewall/Role-based Access Control (at least on the Aruba
products and some others). With the single point of ingress, I can
treat the wireless traffic as untrusted and control access based on user
(or machine) authentication. Even if the CBA you choose doesn't have
built -in firewalling, you can still use the single ingress point as a
location to place a firewall/wireless gateway to control traffic.
3) Built-in WIDS/WIPS (again, depending on the manufacturer) - The
ability to have tightly coupled APs monitoring your airspace for rogue
APs, ad-hoc nets, wireless attacks, etc. without having to deploy an
overlay wireless monitoring network can add a lot of value. A really
cool aspect to this is location tracking - physically finding a rogue AP
or client that is causing problems.
4) Ease of deployment & management - AP configurations are handled
automatically. My APs DHCP for an IP address, and get their config from
the controller, and are up and running my wireless networks. At Emory,
we deployed all of our Residence Halls (over 50 buildings and 450 APs)
in less than 4 months with a minimal staff (myself and a couple of part
timers doing surveying, design, & AP configuration, and 5 teams of
contractors pulling cable). AP configuration involved setting a
location code - all other configuration came from the controller and was
managed as groups of APs.
We used AMP for managing our Colubris APs before we chose Aruba, and did
not have the control or ease of management that our tightly coupled CBA
solution offers.
There are other advantages, these are just a few off the top of my head.
Ok, time to get off my soap box :-)
>>-> Stan Brooks - CWNA/CWSP
Emory University
Network Communications Division
404.727.0226
[EMAIL PROTECTED]
AIM: WLANstan Yahoo!: WLANstan MSN: [EMAIL PROTECTED]
-------- Original Message --------
From: Zeller, Tom S
Date: 6/23/2006 9:43 AM
I would be interested in other opinions on the following analysis of
this issue:
1. Using AirWave’s AMP management platform has almost eliminated the
management advantage of the controller-based architecture (CBA).
AMP monitors, reports, and updates Fat APs just fine. Also, some
CBAs don’t yet have a single management platform for multiple
controllers.
2. CBA is considerably more expensive, in the 1.5 – 2.0 x range
compared to Fat APs
3. The other advantages of CBA boil down to the following. If others
I’d like to hear. And if these are fictitious, also of interest:
1. Roaming, theoretically across an entire campus, without
requiring a single vlan
2. Significantly faster handoff between APs due to 802.1x keys
on the controller, important for voice support.
3. Automagic dense AP deployment from radio feedback to and
adjustments from controller (or Meru’s approach).
Obviously I’m considering sticking with Fat APs for another few years
and allowing the CBA products to mature, but I ain’t got no religion
here, and would welcome success/horror stories from large scale CBA
deployments.
Tom Zeller
Indiana University
[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>
812-855-6214
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
