Whitepaper - Revolution Wi-Fi

devices, such as Apple iOS 6.0 (and later), to roam within the 50 ms performance goal ... Figure 2 - Apple iPad Fast Transition across an Enterprise WLAN.
1MB Sizes 12 Downloads 62 Views
Wi-Fi Alliance™ Voice-Enterprise Certification: Standardized Fast Secure Roaming

Whitepaper

Revolution Wi-Fi Wi-Fi Roaming: The Intersection of Performance and Security One of the most important aspects of building a successful enterprise wireless LAN is enabling transparent user mobility across the network. The proliferation of portable and mobile devices has untethered office workers from traditional desktop computing. Modern employees require application access from diverse locations throughout the workplace, as well as seamless connectivity while on the move. To enable this new mobile workforce, wireless networks require high performance and low-latency roaming to support real-time multimedia applications such as voice and video, vertical industry solutions such as high-speed mobile devices in manufacturing and distribution, automated warehousing, robotics, and medical instrumentation, to name only a few. Organizations also require strong security to protect sensitive information and comply with various industry regulations such as HIPPA, PCI, Sarbanes-Oxley, and FERPA. Modern wireless networks provide robust security by requiring authentication of users and devices prior to allowing role-based network access and subsequently securing communications with strong encryption methods. However, the balance between mobility and security has caused an unpleasant trade-off for organizations due to the time-consuming processes that strong security methods require. On one hand, high performance mobility can be provided when relatively weak security is implemented with an Open or WPA2-Personal WLAN, but this leaves sensitive corporate data at higher risk of exposure. On the other hand, much stronger security can be implemented with WPA2-Enterprise, lowering the exposure risk of sensitive corporate data, but resulting in poor mobility performance due to the time-consuming 802.1X authentication process. Thus, the introduction of more secure WiFi networks solved one problem (security) but created another (roaming performance). Strong security based on WPA2-Enterprise incorporates 802.1X authentication and dynamic encryption keying. It is typical for an 802.1X authentication through RADIUS to take hundreds of milliseconds when RADIUS server is located on the local LAN (100-700 ms), or significantly longer (> 1 sec) if the server is located across a high-latency WAN circuit. This can introduce packet loss and degraded performance for real-time applications, and result in dropped application sessions that require user intervention to reestablish the connection. For instance, typical voice over IP sessions transmit frames at regular 20 ms intervals and conversation quality becomes noticeably degraded to the end-user when the delay exceeds 100 ms. This can lead to an unsatisfactory user experience, application performance issues, inadequate support for real-time business processes, and hesitation by business managers to rely on wireless networks for mission-critical operations. The industry needed a high performance, yet secure, solution to this mobility problem. The answer lies with fast secure roaming, whereby initial network access requires full authentication through the 802.1X process, with subsequent access only requiring verification of the initial authentication event. Vendors initially responded with pre-standard fast secure roaming solutions such as Opportunistic Key Caching (OKC) and Cisco Centralized Key Management (CCKM) to fill the gap. However, lack of coordination among infrastructure vendors led to multiple competing methods and has resulted in fragmented client device support throughout the industry. The introduction of the Voice-Enterprise certification program by the Wi-Fi Alliance™ in May 2012 brings a standards-based fast roaming method based on the IEEE 802.11r amendment to market, which serves to align infrastructure and client manufacturers on a common implementation method and provides the benefits of low-latency roaming performance while maintaining strong security with WPA2-Enterpri