ArubaOS 6.0, which powers the vendor's controllers, is part of a trend by wireless LAN vendors to add features intended to improve Wi-Fi signal quality, reduce interference, and strengthen manageability and security.
The new version of ArubaOS now adds:
* Support for the encrypted signal protocols used in BlackBerry Mobile Voice System for VoIP calls over Wi-Fi.
* An embedded spectrum analyzer, built into the Atheros Wi-Fi chipset with controller-based reporting and analysis, can find and identify non-Wi-Fi radio sources.
* Code that can run more precise RF scans to identify threats from rogue Wi-Fi devices, and then trap them by luring them to connect to fake access point.
The company added support for BlackBerry MVS in April 2010, and now becomes part of ArubaOS 6.0. Aruba's embedded firewall can now recognize the encrypted MVS traffic and give it priority over Wi-Fi connections, an important step in minimizing latency problems for voice and video traffic.
The new spectrum analyzer incorporated on the Wi-Fi chip in Aruba 802.11n access points lets the controller extract a wider array of spectrum data and analyze it. The change lets IT monitor for non-Wi-Fi radios that could affect wireless performance or pose a threat to the corporate WLAN.
The access points have to be set to what Aruba calls "monitor mode" to generate his data. In the future, they will be able to act as either dedicated RF monitors or as standard data access points that can also pass RF information on to the controller, according to Ozer Dandurmacioglu, Aruba's manager of product marketing.
The Aruba wireless intrusion prevention system now incorporates software from Aruba's Network Chemistry acquisition. Dubbed "TotalWatch," this code sifts the RF spectrum in 5 MHz channels. That's important because without this granularity, an attacking Wi-Fi device only shows up "white noise" in a standard 20 MHz Wi-Fi channel: the more precise TotalWatch can identify the specific threat, according to Dandurmacioglu.
TotalWatch also now monitors the 4.9GHz frequency, which is set aside for dedicated public safety Wi-Fi applications.
A related technology more efficiently blocks the rogue devices once they've been detected. Traditionally, intrusion-prevention systems have sent out continuously de-authentication frames to the attacker, forcing it to disconnect from the access point. But this consumes a lot of both bandwidth and airtime, according to Aruba. The new version of ArubaOS now can create a fake access point to which the attacker connects.
But then the network simply doesn't respond to the requests being made by the attacker's Wi-Fi adapter. While the human behind the attacks intervenes to puzzle out what's wrong, the controller is alerting the IT department, and tracking down the attacker's location.
ArubaOS 6.0 will ship on all future controller models and is available now for free download by current customers from the Aruba Web site. Controller and access point pricing is unchanged.
Aruba is also releasing three documents, drawn from working with its enterprise customers, on Wi-Fi best practices in three areas: a reference design for creating high-density networks in spaces like auditoriums; a white paper on deploying Apple iPad tablets on enterprise Wi-Fi networks; and a third-party test report on the performance of Aruba's RF management features in high-density Wi-Fi networks.
John Cox covers wireless networking and mobile computing for Network World.
Blog RSS feed: http://www.networkworld.com/community/blog/2989/feed
Read more about anti-malware in Network World's Anti-malware section.
Join the CIO Australia group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.