Aruba to speed up user authentication

Wireless switch maker Aruba Networks has launched a new version of its ArubaOS software, and a plan to move to 802.11n fast Wi-Fi with the help of Ruckus Wireless.

As well as the new OS, designed for faster authentication of large numbers of users, Aruba has announced a partnership with Juniper -- the largest enterprise switch vendor with no wireless LAN solution of its own -- and the Ruckus announcement could put it ahead of others on moves to faster Wi-Fi. The new OS version is a free upgrade to existing customers with a support contract.

"On campuses, the user density is going up dramatically -- and authentication is the next bottleneck," said Keerti Melkote, vice president of marketing at Aruba. "You can run an EAP protocol for a few users, and the performance is OK, but when you have ten thousand users on a campus, the computation overhead is significant."

While some users ease the problem with a bank of proxy authentication servers, Aruba's centralized cryptography allows it to absorb the triple-A (authentication, authorization and accounting) traffic into the wireless controller, said Melkote: "We terminate the EAP protocol in hardware, and get predictable connection time and roaming times." The new version of the product can handle 1000 authentication transactions per second, he said.

The system can also "pool" VLANs, so that users can roam the office without needing to change to a different VLAN. "Standard VLAN practices break down when users are mobile," said Melkote. "Specific locations can get densely populated, or have peak usage. "With a pool, every VLAN is available at every access point."

Aruba's controllers are also able to handle bigger WLANs - a master controller can now handle 700 controllers, instead of 64.

Aruba has given its branch-office controller the ability to cache authentications in the form of cookies, so users can still access local LAN resources when the WAN link goes down without losing authentication on the LAN. The system uses the RFP 3579 standard so user names are not sent in the clear, he added.

Melkote also promised auto-configuration for Aruba's branch-office wireless LAN controller, which can now be shipped and installed without local IT support. This is but perhaps not such a big deal, as rival Trapeze announced this feature some eighteen months ago in its MXR-2 branch product.

For the smallest part of the corporate wireless LAN, Aruba has halved the price of the remote access point it sells for telecommuters, from $250 to $125. "If you buy 256 of them, the price goes down to around $50," said Melkote.

Aruba's partnership with Juniper involves reference selling, rather than either selling the other's kit (perhaps just as well since Aruba CEO Dominic Orr is scathing about the way reseller deals erode margins in an interview with Techworld). "Juniper's main focus is the enterprise market, and the federal government market," said Melkote. Aruba's certification to the US federal FIPS 140-2 implementation of the 802.11i security standard is helpful there, he said.

Aruba believes it will have "the first centrally managed enterprise 802.11n solution," a claim that sure to get challenged, since no-one can really deliver 802.11n until the standard is ratified next year. Its partner, Ruckus has not delivered MIMO or draft 802.11n before, but its seven-antenna system adds range and reliability to the 802.11g standard, and is familiar from the blue flashing lights of Netgear's popular first generation of RangeMax products.

Ruckus plans to "extend" its BeamFlex technology to 802.11n (presumably adding its antenna to 802.11n silicon from Atheros, Marvell, Broadcom or Airgo. "If they can do to 802.11n what they

This story, "Aruba to speed up user authentication" was originally published by Techworld.com.

What’s wrong? The new clean desk test
Join the discussion
Be the first to comment on this article. Our Commenting Policies