Aruba Networks Logo

Aruba Networks announces affects of the Heartbleed bug.

 

 

 

 

 

Aruba Networks have announced that certain Operating Systems (OS) platforms are to be made end of life. A two-step procedure, starting on the 1st November 2014, development of the OS 6.1.X software will end, and the platform will become end-of-life on May 1st 2015.

On 30th November 2014 the development of OS 6.2.X will also cease and the platform will become end-of-life on May 31st 2015.

To find out more, please use the hyper link below:

http://www.arubanetworks.com/support-services/end-of-life-products/#ArubaOSSoftware

What this means for you, the consumer, currently running and using these OS platforms on your controllers:

Once the development of the above operating systems has lapsed, and if an issue is found within your current deployment, Aruba Networks will be unable to offer support. It is possible that an investigation will take place on order to identify any bugs in order to mitigate reoccurring issues in future releases of OS codes.

Ensign recommends that existing Aruba Networks customers should upgrade their Operating Systems to a later version. If necessary, Ensign can recommend a version of code to suit your current deployment if required; you can contact us here info@ensign-net.co.uk.

Based on the above information, if you have upgraded recently to 6.3.1.3 you should be made aware of the following vulnerability…

Aruba Networks recently announced that the OpenSSL 1.0.1 library (Heartbleed) vulnerability had affected some OS versions across Aruba Controller OS and the Aruba ClearPass Management System.

To summarise:

There is a very serious vulnerability that has been discovered in the OpenSSL 1.0.1 library. This vulnerability can allow an external attacker to extract segments of memory from a remote system without leaving any traces. This memory could contain vital security information, including private keys. These keys, in turn, could be used to mount a man-in-the-middle attack.

AFFECTED OS VERSIONS: Aruba OS 6.3.x, 6.4.xClearPass 6.1.x, 6.2.x, 6.3.x

Previous versions of these products used an earlier version of OpenSSL that is not considered to be vulnerable. No other Aruba Networks products, including AirWave, Instant, run these compromised versions of OpenSSL. Aruba Central, Aruba Networks’cloud-based Wi-Fi offering, has been upgraded to the latest, safe, version of OpenSSL on April 7 after the attack was first published.

Justin Pender

School Hallway

High densities of Wi-Fi users is a core concern for schools, colleges and universities. 

 

 

 

 

 

 

 

High client densities, hundreds of concurrent users, seamless roaming and airtight security; these are just a handful of challenges and considerations for schools and other educational establishments to tackle when planning a modern school wireless deployment.

Increased demands for universal wireless access within schools, colleges and universities, is being driven by innovations in digital learning, mass student mobile device adoption and 1:1 computing initiatives. This surge in critical Wi-Fi usage has put a strain on traditional networks, many of which were simply not built to cope with the sheer numbers of devices and their data hungry voice and video applications.

However, akin to many facets of modern life, the technology has the potential to revolutionise the way we work; and in education this is certainly true from both sides of the teacher’s desk. For school boards and IT departments, manoeuvring through the minefield of technical considerations – not to mention the countless vendor solutions, each one claiming to be the bee’s knees – could present a complicated, confusing and somewhat thankless task.

With this in mind, we thought it would make a timely – and with any luck, helpful – post to highlight what we believe to be the three core drivers for better school Wi-Fi (Part 1) and their associated technologies (Part 2).

Number 1: Network Capacity

We have noticed that many wireless vendors and resellers are focused primarily on the coverage of school and education environments, with little mention of the capacity required to provide the consistent quality-of-service needed to cope. Although network coverage is by no means unimportant – and should in all cases, be a given – the high-density of concurrent users within schools, colleges and universities requires a particular focus on the capacity networks to function effectively under the considerable workload. Making the commitment to e-learning means that educational establishments must be efficient in their application of wireless devices; network downtime or slow connectivity will instantly and significantly reduce its potential advantages whilst simultaneously stomping on any ROI.

Many of today’s mobile users will typically carry 2 or 3 mobile devices, most of which will not have an Ethernet port. This makes wireless connection the default method of network access and can create major headaches for IT administrators who wish to achieve continuous network performance whilst benefiting from the provision of BYOD incentives.

Balancing the load on access points, providing the right amount of bandwidth to the right people and the right devices, and eliminating sticky-clients as users roam around the campus have become top priorities.

Number 2: Network Access control & Management

Controlling who is permitted to gain access to the school network, and exactly what level of access they are allowed, can make network management significantly more efficient.

By defining groups of users, such as teachers, students, admin and guests, managing school-issued devices and personal devices is made far simpler, and allowing access to the network becomes altogether less fraught.Using the existing Windows Active Directory structure to ensure full AAA (Authentication, Authorisation and Accounting/Auditing) makes good sense as most originations will already have these structures in place, allowing for granular policies to be deployed.

Number 3: Network Security & Duty-of-Care

Both network security and duty-of-care compliance are major concerns for schools who are providing their students with advanced Wi-Fi access and Internet roaming. The myriad of threats from potential inside attacks – as a result of unsecure student or teacher-owned devices – rogues applications and outside sources, requires a more sophisticated approach to network security.

Creating a balance between levels of access and network security is one of the most prominent challenges facing school wireless LAN and digital learning adoption today. Again, the need to segment not only users but different classes of device into different groups with different security profiles is crucial.

As technology advances and users become more IT savvy, the chances of accidental or malicious network compromise is increasingly likely, and in an educational setting where children across a breadth of ages are gaining networks access, providing deep granular inspection of traffic flows has never been more important.

Keep and eye-out for part 2 of this entry in which we’ll look at the technology associated with improvements to school Wi-Fi.

Gregg Meade

Gartner 2014 NGFW Magic Quadrant

Palo Alto Networks confirm leadership status.

Palo Alto Networks have been positioned as ‘Leaders’ in the 2014 Gartner Magic Quadrant for Enterprise Firewalls. This latest success consolidates their progress within the network security sector, marking three consecutive years at the top.

Palo Alto Networks’ consistent innovation, strong product design and traction within the NGFW space has left many of their main competitors struggling to close an ever-widening gap, with only Checkpoint Software keeping them company in the ‘Leaders’ category once again.

Quadrant Specifications

Gartner specifies that purpose-built appliances earning magic quadrant inclusion must be able to support single-enterprise firewall deployments and large and/or complex deployments, including branch offices and multi-tiered demilitarised zones (DMZs). In addition, there is an increasing desire to add virtualised options to enterprise firewall portfolios.

Market Opportunities

Dual domination of the enterprise market by Palo Alto Networks and Checkpoint is invariably down to their focus and drive towards solving enterprise-specific security issues; a trend which looks set to continue as a significant proportion of businesses are not currently employing Next-Generation firewalls.

“Less than 20% of Internet connections today are secured using NGFWs. By year-end 2014, this will rise to 35% of the installed base, with 70% of new purchases being NGFWs.” Gartner.

With nearly three quarters of new enterprise firewall purchases likely to be of the Next-Generation variety, these latest Gartner stats will surely be music to the ears of the Palo Alto Networks, whose ability to simultaneously out-innovate and displace their competitors bodes well for further growth.

Cisco-Sourcefire

However, it is worth mentioning that the pathway to market monopolisation (if that is in fact the ultimate goal for Palo…) is certainly not void of a few fairly sizeable pot-holes. Besides Checkpoint’s ‘ability to execute’, Cisco’s acquisition of Sourcefire in 2013 was a bold move which unsettled the balance at the top of the Next-Generation security tree; and their recent release of the Cisco-Sourcefire security solution portfolio will undoubtedly rustle more than a few branches.

Claiming to be ‘the most advanced threat protection in the industry’, and boasting the ‘first Next-Generation firewall to include industry-leading IPS’, Cisco’s play for a place on the podium should not be underestimated.

Innovation

Flying the flag for innovation has, so far, been the most effective strategic weapon for Palo Alto Networks. Breaking new ground with respect to technology, as well as unrelenting new product releases and improvements, shows a fervent commitment to solving real industry security problems – something which, if continued, should see the California-based company bolster their industry ascent as well as their exponential upward curve on the ‘vision’ axis of Gartner’s Quadrant.

Industry acquisitions will also play their part, as with the Cisco-Sourcefire union, Palo Alto Networks’ addition of Morta Security, a successful threat intelligence company, and Cyvera, an Israeli cyber-security outfit, have increased their ability to offer leading-edge enterprise threat protection and application enablement.

More Information

If you have any questions regarding Next-Generation firewalls, Palo Alto Networks, or Cisco firewalls, then please contact Ensign; we’d be happy to hear from you. info@ensign-net.co.uk.

Gregg Meade

Palo Alto PA-4000

The Palo Alto Next-Generation Firewall provides a comprehensive solution to secure school Wi-Fi deployment. 

Founded in 1906, with a desire to advance the study of theatre as an academic discipline, London’s Central School of Speech and Drama (CSSD) has evolved to become one of the most renowned and illustrious educational institutions in the country. Its alumni includes the likes of Lord Laurence Olivier and Dame Judi Dench, and the school has even received “Royal” status from Her Majesty the Queen in recognition of its world class facilities and contribution to the arts.

Ensign Communications were first approached by CSSD in 2009 after the school had been experiencing performance issues with their existing network. As is being observed by many educational facilities, the school’s IT had witnessed a tremendous rise in the popularity and accessibility of mobile devices amongst students and staff members alike; a trend that can put conventional networks under a great deal of strain.

Acutely aware of the educational advantages to be had from offering high-performance wireless within an already rich teaching environment (not least as the often expansive acting ‘spaces’ do not lend themselves to Ethernet wired networking), the school required Ensign to re-configure the current wireless LAN in order to achieve higher levels of performance and resilience.

High-Density School Networking

Among many challenges for Ensign was the sheer number of devices; with around 500 students and 50-some staff members, all with at least one device (often more), the new network would have to be resilient enough to cope. High volumes of traffic, particularly during recreational periods, was not the sole concern; Ensign’s network design would also need to be configured and optimised to deal with the high-bandwidth usage from video streaming and instant messaging that is characteristic of many school and educational Wi-Fi environments.

An important security consideration for CSSD was the requirement to segment the network into two, allowing distinctively different levels of access to staff, IT administrators and students. By splitting the roles and access rights in this way, the school would be able to isolate their business-critical data from that of their students and guests, and in doing so could mitigate the risk of cyber-attacks.

Security Focused

Once finalised, the school could boast a secure and professionally-structured enterprise network, which was not only highly resilient and secure but had the potential for increased performance, providing the building blocks for advanced network services and the expansion of the existing services offered to students.

In a dynamic wireless environment, such as CSSD, where the majority of end users are young and tech-savvy, keeping pace with their ever-changing needs and requirements, whilst maintaining a high performance and above all, secure, wireless network becomes a top priority.

Evolving Threat Landscapes

Visibility of enterprise networks has, in recent years, proven to be a core concern of many IT managers within academic establishments, as well as across many other sectors. The transformation of the threat landscape, as malware and hackers grow more sophisticated, has led to a demand for a new generation of network security solution that can safeguard against such onslaughts.

As Gold Partners of Palo Alto Networks, market leaders in Next Generation threat prevention, Ensign could provide CSSD with the type of advanced solution that they required.

Jim Lucking, Technical Architect at Ensign, said: “Understanding CSSD’s strict requirements for security and visibility was of great importance, especially due to the large amount of users the school has connecting to the network daily.

“With the ever changing way in which applications and users interact, and the evasiveness of modern malware, the market leading Palo Alto Next Generation Firewall was the obvious choice. The product provides the power, granularity and flexibility the School required to maintain the security and integrity of their network infrastructure and data resources, whilst being easy to manage with its intuitive interface.”

The Solution

The Palo Alto Firewall is built upon three main pillars that make it the market leading Next Generation Firewall; Application-ID (App-ID), Content-ID, and User-ID.

App-ID is an innovative technology used to recognise, categorise and control traffic at the Application Layer, so rather than relying on ports and protocols – which can easily be bypassed by modern applications – the control of trusted and untrusted programs can be maintained to ensure that unknown traffic is not finding its way in (and crucially) out of the network.

* Recognising applications alone is not enough, providing further granularity and control of the application’s sub functions, which Palo Alto NGFWs can do, maintains usability whilst providing the required security.

Content-ID technology enables the ability to recognise the nature of modern malware and provides the mechanisms to protect systems from the threats they can cause, however they are delivered, whilst working in conjunction with App-ID.

User-ID is all about identifying the user as opposed to the IP address, linking into the existing database structures in Windows Active Directory, or by the use of client probing and guest portal authentication, to provide better visibility in dynamic client environments.

Proof-of-Concept and Beyond

To showcase the capabilities of the Palo Alto firewall, Ensign ran a proof-of-concept with the school, a process which yields an in-depth AVR (Application, Visibility and Risk) report. The extensive report provided the schools’ network managers with a detailed view of the types of traffic that were traversing their network, the applications being used and their relative security risk. Armed with this level of information, CSSD’s IT administrators saw the potential for more effective policy enforcement, not to mention granular levels of visibility.

Opting for the PA-500 Next-Generation firewall, a unit capable of handling up to 64,000 simultaneous user sessions and up to 7,500 new sessions every second, CSSD now had the assurance that the Palo Alto could filter and control the school’s thriving network traffic.

Wayne Burgess, Systems and Network Administrator at the Central School of Speech and Drama, said of the Next-Generation Firewall solution:

“Since the installation of our Palo Alto firewall it has not only simplified but significantly improved our network security. We have a large number of student and staff personal devices which consist of Apple, Android, Windows and Blackberry, controlling what our students and staff can access is pivotal for both network performance and their on-going protection.”

We have been amazed at the level of visibility it the Palo Alto allows; we can now take a granular look into how exactly our network is being used and by who, ensuring that threats are dealt with promptly and efficiently.”

Gregg Meade, Digital Marketer @ Ensign Communications Ltd.

Heartbleed security concern

The “Heartbleed” bug has caused mass internet security concerns.

 

 

 

 

 

 

 

 

A critical vulnerability in OpenSSL (OpenSSL Private Key Disclosure Vulnerability) was recently disclosed, affecting servers running OpenSSL 1.0.1 through 1.0.1f.  This vulnerability allows arbitrary memory readout, which effectively exposes primary key material, allowing hackers to read confidential encrypted data, and compromises the integrity of the secure channel.

Over the past day there has been some significant mass media coverage of the software flaw, alerting the public to the potential vulnerabilities of over half a million websites, including Yahoo and some major banks.

However, as echoed by this Guardian article, we would urge web-users not to rush into changing all of their passwords; doing so could increase the risks posed by the bug, which has been ominously dubbed “Heartbleed”.

Distribution Centre wireless mesh crane camera solution

Our client is one of the largest and most recognisable high street retailers in the UK. Operating out of multiple high streets and out-of-town locations, they supply a wide range of products from footwear and fashion, to sporting goods and equipment.

At their 100,000 sq ft purpose-built distribution centre, our client implemented an automated material handling system to manage the large picking and put-away operation. With each isle of the enormous structure spanning 120 metres, the arrival of boxed goods to the distribution Centre sees them shuttled to a pre-programmed location via a network of robotic cranes. The solution is not only time and space saving, but the automation improves efficiency and eliminates many of the errors associated with more traditional warehouse systems.

With the cranes in operational 24 hours a day, 7 days a week and moving at high speed over considerable distances, regular maintenance work is generated as a result. To assist in these maintenance activities, it was decided that the installation of wireless IP CCTV cameras upon the cranes would provide enhanced monitoring of their performance when in use whilst increasing productivity for the engineering staff on site by minimising downtime during service and repair operations.

Deployment Challenges

Ensign was tasked with finding a solution to the distribution centre’s support staff requirement for crane-and-box visibility, whilst causing minimal disruption to the already fully-operational site. Our technical architects and engineers were required to design and deploy a solution that would assimilate with the existing structure, circumnavigating areas of RF interference and installation difficulties caused by the extensive racking and the time-critical 24×7 operations.

Our Aruba Mesh Solution

The solution comprised of two key components; an IP CCTV camera, which would be mounted onto each crane, providing the visibility required; and a wireless mesh network topology, built using the Aruba AP104 access points and existing 3600 series Wireless LAN Controllers, to support them.

By minimising the installation work required, the wireless mesh network offered a more cost-effective deployment solution. Not only this, modern Wi-Fi mesh is far less susceptible to RF interference and provides a higher level of throughput for a better performing network.

To achieve the best possible coverage to all 16 of the crane mounted cameras, the Aruba 104 access point on each crane was configured as a mesh AP and mesh portal APs were then installed to the perimeter of the automated area to provide the connectivity to the wired network. The IP CCTV camera on each crane was then connected to the mesh AP via its Ethernet interface.

Matt Harte, Technical Sales Account Manager at Ensign, said: “we opted for an Aruba wireless mesh network as it was the best solution for achieving coverage for streaming video across this large densely racked area.

“In this instance, wireless mesh was faster to deploy, provided superior connectivity for the cameras and was cheaper than a conventional Wireless LAN deployment as much of the costs associated with conventional wireless LAN, such as site surveys and the extensive cabling work, was reduced.”

Since installing the wireless mesh camera solution, Ensign’s client has been able to closely monitor the performance of the cranes in real time, whilst minimising downtime for service operations.

School WiFi debate

Many still consider WiFi signals to pose significant health risks.

Debates surrounding the potential risks of WiFi and mobile device radiation (from cell phones and tablets, etc) have been a mainstay within particular public discourses for what seems like an eternity.

This is expedited by a steady stream of new ‘evidence’ which claims to support anti-WiFi sentiment, particularly in relation to schools, colleges and other educational facilities – websites such as safeinschool.org and ssita.org.uk, are testament to this.

There is little doubt that certain levels of exposure to certain strengths of radio signal can indeed be harmful to humans. However, as we posted previously in our blog about Electromagnetic Hypersensitivity (EHS), many studies into the potential risks of radio waves from sources such as; WiFi signals, mobile phone radiation, telephone and TV masts (the latter of these widely considered to be the most menacing), have all proven to be inconclusive.

What is important to remember here is that when testing the potential risks of WiFi radiation, there are many variables to consider, all of which make a clear, unarguable, conclusion somewhat difficult to ascertain. WiFi network design and configuration are by no means what one might term as being standardised, with each deployment having its own particular set of characteristics.

These often environmental or situational characteristics are at the hands of the installer to overcome, and it is at this stage where any likely risks should be mitigated.

Our take?

To preface the following comments, it should be noted that coming from a position of obvious bias – a factor which we are mindful not to neglect – the opinions expressed here are supported by many years of industry experience and expertise.

Given the relatively low radio transmitter powers associated with WiFi deployments, the degree to which users are to exposed should certainly be considered safe. However, to ensure the most risk-free school WiFi application, the network configuration should always be a core concern.

Typically, a typical UK wireless access point should not radiate at a power level which exceeds 100 MW EIRP (Effective Isotropic Radiated Power) or, to put it another way, 1/10th of 1 watt – this standard is regulated and enforced by OFCOM under EU Legislation.

This being said, many can and do radiate at levels above this standard, having been installed incorrectly. Using larger, higher-gain, antennas – a tactic often wrongly employed in an attempt to provide the maximum wireless coverage per access point – can reduce deployment costs to the detriment of acceptable levels of radio signal strength. This installation method can often lead to poorly sited wireless access points and antennas that are running at a power level greater than the standard 100 MW EIRP, or 1/10th of 1 watt. To give these figures some perspective, the commonly accepted output for similar radio devices deployed in the USA can be up to 20 times the UK regulatory allowance.

Minimise any potential WiFi risk

Whilst Ensign do not believe there are any health risks related to wireless networking, we do believe in strictly adhering to industry best practices in order to minimise any potential risks that may be present – however small they may be.

The professional approach to WiFi and wireless network design should be such that lower access point, and client, transmitter powers are used whilst still providing the coverage, flexibility and mobility which have come to be expected from contemporary wireless networks.

WiFi Risks – More information

If you are considering a WiFi solution for you school, college or university and have an questions or concerns, please contact us on 01929 556 553, or email info@ensign-net.co.uk.

The World’s Fastest Next Generation Firewall

 

Palo Alto Networks, the global leaders in Next Generation Firewall security, have this week released the world’s fastest, most powerful, layer-7 firewall to date. In a bold attempt to outstrip the competition, the PA-7050 boasts unprecedented throughput speeds whist retaining the definitive Palo Alto feature-set (App-ID, User-ID, Content-ID and so on).

New strains of cyber-attack have led to significant firewall advancements in recent years, malicious threats veiled as common applications are increasingly more difficult to detect and have spurred-on a revolution in firewall design. Palo Alto have been at the forefront of this riposte, developing application-specific, Next Generation, firewalls which enable granular security policy enforcement within mission-critical enterprise environments.

Security & Network Performance

Technology advancements continue to raise important considerations for enterprise networking. As the amount of data increases, alongside the number of portable devices, staying on top of network security is an ever-evolving challenge.

Not only must enterprise networks maintain the high levels of security required to deal with today’s menacing cyber-threat landscape, but also be proactive in ensuring that the safeguarding of wireless networks does not lead to throttled speeds and with that, continued workforce productivity.

The PA-7050

Keeping pace with accelerating internet speeds as well as growing data demands is key to what the PA-7050 can offer, and looks to be the defining factor in differentiating the product from other  Next Generation Firewalls on the market. Boasting firewall throughput of up to 120 Gbps, the PA-7050 runs the standard PAN-OS operating system and achieves full threat prevention whilst providing high-speed network capabilities.

Having improved both the hardware and software on the PA-7050, Palo Alto Networks claim to have produced their most scalable, flexible and user-friendly firewall yet. Featuring a new chassis design, incorporating eight slots (six of which are for processing and the remaining two for special functions), the monster unit is capable of hosting 24 Million sessions and 750 Thousand connections per second. However, Irrespective of its multi-blade design, the PA-7050 can be operated as a single device, as well as offering support on a per-chassis basis.

More Information

Find out more about the Palo AltoPA-7050 or the other Next Generation Firewalls in the Palo range by calling Ensign on 01929 556 553, or emailing info@ensign-net.co.uk.

Marina WiFi at Berthon Boats

Aruba Instant Mesh solution provides seamless WiFi at Lymington Marina.

More than just a marina, Berthon’s prestigious Lymington site offers some of the most advanced boat building, repair and maintenance facilities in the country. A business with a rich history, Berthon has undergone many changes over the course of the last century, including major development of the shipyard and pontoons.

Brian and Dominic May, who took ownership of the marina in 1990, have set a trend for continuous improvement, having made significant investments over the past two decades. Boasting a newly refurbished marina building, which houses the ever-growing sales team, Berthon management began to consider new ways to modernise.

Increased User Expectations

As is commonly the case within the hospitality, leisu

re and travel sectors, high-speed and complimentary Wi-Fi is no longer an occasional luxury and has quickly come to be expected, particularly among younger visitors. Not only would a refreshed Wi-Fi solution add yet another dimension to the Berthon customer experience, but also maintain Lymington’s edge in the highly competitive marina sector.

Keen to address the shortcomings of the existing legacy wireless network, Berthon required a solution which would be consistent with their ethos of quality that is so integral to the way they operate. Nick Hopwood, Marina Manager at Berthon, said: “When setting the parameters of the new Wi-Fi solution, we were mindful that ‘free’ should not be a precursor for poor performance; we wanted to provide the best marina Wi-Fi in the industry.”

Once complete, the Wi-Fi solution would have to provide high-speed access to the many berth holders at the marina, many of whom are successful business owners and professionals. As well as being a complimentary service, it was also a high priority for the wireless network to facilitate remote office work and connectivity, such as video conferencing and instant messaging, without any performance degradation.

The characteristics of marina Wi-Fi, alongside the connectivity demands of Berthon’s high-flying clientele, would require robust levels of coverage as the final solution would need to work seamlessly both above and below the decks of the berthed vessels.

Selecting Ensign

Berthon required a networking partner who could not only carry out the work to the highest of standards, but who could also provide and test a number of designs in order to guarantee the best-possible Wi-Fi solution was achieved. Not only this, having experienced poor performing wireless in the past, Berthon were keen to deploy industry-leading hardware which would withstand both the often harsh outdoor conditions as well as the usage demands of their growing customer base.

With many years of experience within challenging Wi-Fi environments, and with the added advantage of being local to Lymington Marina, Ensign Communications were considered the best fit for the project.

The Solution

Through careful consideration, consultation and planning, and after testing a number of possible designs, Ensign’s team of network architects proposed an Aruba Networks Instant Mesh Solution.  The Aruba Mesh would provide coverage across the entire marina, with 12 Aruba IAP-104 access points strategically placed along the dockside and spread across the five pontoons.

As a high level of network resilience was one of Berthon’s core requirements, the mesh was configured with four points of entry. Positioning the access points in this way would provide a failsafe in the event of any network issues, allowing the mesh to automatically reform and thus eliminating potential downtime and unsatisfactory end-user experiences.

The Aruba IAP-104s feature dual band 802.11n radios, making them the ideal component for the marina mesh solution, as well as eliminating the need for a wireless controller. This cost effective, yet powerful, design would allow Berthon’s end-users to access the network via both the 2.4 GHz and 5 GHz bands ensuring robust coverage within the high-density client environment.

Challenges

Among the many challenges facing Ensign’s engineers were the twice-daily tidal swells, which cause the marina’s pontoons to fluctuate in height by as much as 3 meters. The Aruba kit was mounted high upon the pilings of the pontoons, allowing each access point an excellent view of the surrounding craft and ensuring dependable levels of Wi-Fi performance.

The many crafts berthed at the marina come in a variety of shapes and sizes, ranging from smaller 25 ft sailing boats to much larger 70 ft cruisers, and are also constructed from an array of, potentially RF resistant, materials. In order to provision for all boat designs, Ensign’s engineers extensively tested the wireless signal penetration through those with fibreglass, steel, and even concrete hulls.

Lastly, taking into consideration the often harsh weather conditions and constant exposure to salt water spray, it was imperative that the access points and mounting gear were weather resistant. Each IAP-104 access point was mounted within a protective IP65 rated enclosure and heavily galvanised mounts were used to secure them.

Post-Deployment

Since ‘going-live’ with the marina Wi-Fi solution, employees at the Berthon Marina have experienced a great deal of positive feedback from their end-users, who are now able to walk seamlessly between access points with no loss of Wi-Fi service.

Although originally built with business owners and virtual private networking (VPN) in mind, the network has undergone something of an evolution to predominantly serve more leisure-driven pursuits. The networks’ high speeds and capacity allows Berthon’s customers to efficiently stream and download content from the Internet; a clear sign of the solution’s performance.

From an administrative perspective, the Aruba Mesh network has revolutionised the way in which the network is managed. Having opted for the hosted Aruba Airwave network management platform, Berthon are able to conveniently monitor the performance and health of their network on-site. The hosted Aruba Airwave software allows visibility into who exactly is accessing the Berthon network using nothing more than a standard web browser, where they are accessing it, the type of device they are using, and even the amount of bandwidth.

“Having this degree of visibility allows me an insight into the types of traffic we are getting and what times they are accessing our network”, explained Nick Hopwood.

Our users are split into two groups, visitors and berth holders, so employing the Aruba Airwave management suite allows me to allocate portions of airtime effectively.”

Aside from the benefits of added visibility, the Aruba Airwave solution also hands Berthon crucial insight into the wellbeing of the wireless mesh solution. Alerting on-site administrators to any issues affecting performance, the management tool is helping Berthon to achieve unprecedented levels of network uptime.

Future Plans

Happy with the results of the deployment, Nick Hopwood said: “With regards to any future plans, the Ensign solution is currently meeting all of Berthon’s requirements.

“Our users are happy with the service and we at Berthon have been impressed with the level of coverage to berth holders and visitors. We are seeing an increase in returning customers, which is perhaps the greatest indication that the Wi-Fi solution is performing beyond what was expected at its inception.”

More Information – To find out more about Ensign’s Marina Wi-Fi solutions, call us on 01929 556 553 or email info@ensign-net.co.uk. 

Aruba Partners UK

Ensign retain Aruba Platinum Partner status in 2014

Ensign retain Aruba Networks Platinum Partner Status for 2014

Ensign has been confirmed as an Aruba Networks Platinum Partner for yet another year.

Aruba’s PartnerEdge Program is designed to create a professional community of ‘best-in-class’ wireless LAN and enterprise mobility solutions providers from around the world. According to Aruba Networks’ criteria for Platinum status, all partners should share a forward-looking vision of secure mobility, a commitment to customer service, and a focus on device interoperability.

As a Platinum Partner, Ensign is able to offer its customers a wide range of resources and discounts to ensure that their business needs are met beyond expectation. Ensign have been partnered with Aruba Networks since 2008, with successful deployments across a number of industry sectors including education, retail, warehousing and logistics and hospitality.

Aruba Networks is a global leader within the Enterprise Wireless LAN market place with a portfolio of innovative, leading-edge products and services aimed at simplifying business networking whilst maximising profits.

Recently placed within the ‘leaders’ space of Gartner’s Magic quadrant for wireless LAN, as well as for progression within enterprise Network Access Control and Guest Access technology, Aruba can currently boast a rapidly expanding global customer base of over 30,000 businesses.

Will South, Technical Director at Ensign, said: “We are proud of our on-going professional partnership with Aruba. Their continued growth and technical evolution allows Ensign to offer our customers the best wireless LAN and mobility solutions on the market at maximum value”.

Follow the links to find out more about Ensign and Aruba Networks.

%d bloggers like this: