BRKEWN-2012 Deploying MSE

BRKEWN-2012 Deploying MSE
Deploying MSE - Connected Mobile
Experiences, Adaptive WiPS
BRKEWN-2012
Will Blake
Consulting Systems Engineer
Agenda
 Technology Overview
 WIPS
 Connected Mobile Experiences
– CMX Engage
– CMX Analytics
 Design and Planning
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
3
Technology Overview
4
Context-Aware Architecture
Context-Aware Applications
Asset Visibility
Network Visibility
Business
Process
Mobility Services Engine
Si
Telemetry
Application and
Management
Cisco Prime Infrastructure
Si
Cisco Catalyst
Switches
Cisco MSE Context Aware Service
• Provides contextual information of wired
and wireless IP enabled devices
Cisco Aironet
Access Point
Network
Cisco Wireless
LAN Controller
• Contextual information provided through
SOAP/XML/REST API
Active
RFID Tags
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Wireless
network devices
Cisco Public
Wired network
devices
Tag and
Devices
Chokepoint/
Location Services Topology
Cisco Prime Infrastructure
Management Station (Client
Browser)
Third Party
Server
SOAP/XML over
HTTP/HTTPS
Location API via
SOAP/XML/REST over
HTTPS
CMX Engage
& Analytics
Wireless Clients
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
6
Context-Aware Services (CAS) Use Cases
Network
Visibility &
Control
Enhanced
WLAN Security
CleanAir
Asset
Management
Telemetry
Worker Safety/
Workflow
CUP
Medianet
Medianet
NETWORK VISIBILITY SOLUTIONS
BRKEWN-2012
ASSET VISIBILITY SOLUTIONS
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
WIPS
8
Wireless Security Threats
On-Wire Attacks
Ad-hoc Wireless Bridge
Over-the-Air Attacks
Reconnaissance
Evil Twin/Honeypot AP
Hacker
Hacker’s AP
Hacker
Client-to-client backdoor access
Connection to malicious AP
Seeking network vulnerabilities
Rogue Access Points
Denial of Service
Cracking Tools
Cisco wIPS Detects These Attacks
Hacker
Hacker
DENIAL OF
SERVICE
Backdoor network access
Bluetooth
Service disruption
Sniffing and eavesdropping
Non-802.11 Attacks
Cisco Spectrum
Intelligence
Backdoor access
Service disruption
Detects
These
Attacks
Video Cameras
RF-JAMMERS
Microwave
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
RADAR
9
Cisco wIPS Review
 Detecting extensive DoS attacks and security penetration – Base wIPS + Adaptive wIPS
 Locating Rogue APs, attackers and victims with new rogue zone of impact.
 Manual or fixed auto containment policy for rogue AP/client with updated auto-immune features.
 New signature-based attacks allowing auto containment and enhanced blacklisting
 Comprehensive wired rogue detection algorithm using Auto SPT, RLDP or Rogue Detector AP
WLC
Cisco Prime
Locating, Tracking and
Tracing Rogue APs
MSE
SNMP / Auto SPT
Magic Packet
Open/Wired/NATed
Rogue AP
BRKEWN-2012
RLDP
or Rogue Detector
© 2014 Cisco and/or its affiliates. All rights reserved.
Encrypted / Wired / +/- 1 or 2 and OUI
Based Ethernet MAC Rogue AP
Cisco Public
10
Network Visibility
PI
 Single view showing
clients, rogues, tags,
interferer, etc.
 Enhanced with clear
icon indicators.
 Location data can be
tracked historically.
Rogue AP
Tags
BRKEWN-2012
Rogue Client
© 2014 Cisco and/or its affiliates. All rights reserved.
Guest
Interferer
Cisco Public
WIPS Attacker
11
Network Visibility
PI
• Context Aware Services enable PI to show aWIPS and Interferer’s location.
Map – Air Quality View
Zone of Impact
Interferer Details
CleanAir AP / WSSI
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
12
ClearAir with and without MSE
Rogue Mitigation
Track and Trace Rogues
CleanAir Without CleanAir
MSE
With MSE
Yes
Yes
No
Yes
Security Penetration and Denial of Service Attack Mitigation
Detect Interferers
Classify Interferers
Mitigate Interferers
Maintain Air Quality
Detect Layer 1 Exploits
No
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Yes
Systemwide Interferer Details and Event Correlation
No
Yes
Zone of Impact and Interferer Notification
No
Yes
Track and Trace Interferers and Layer 1 Exploits
No
Yes
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Wireless Security & Spectrum Intelligence Module




Leverages the AP 3600/3700 and their modular radio design
Future-proof AP investments with flexibility to add new functions now and later
Self contained 2.4 and 5 GHz XOR radio, with integrated antennas
Always-on, complete spectrum visibility for security and interference scanning all channels in both bands
 Offloads all monitoring and security services from the data serving radios to the
security monitor module:
–
–
–
–
CleanAir Technology
wIPS
Rogue Detection
Radio Resource Management
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
14
wIPS Deployment Modes
Enhanced
Local Mode
Data, wIPS & CleanAir AP
Monitor Mode AP
AP3600 with
WSSI Module
Monitor Mode
with wIPS
Data Serving
Data, Monitor with wIPS
+
Data Serving with wIPS & CleanAir
“On Channel” coverage
wIPS & CleanAir “All Channel” coverage
Best Effort “Off Channel” wIPS coverage
Data Serving “On Channel” coverage
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
15
On-Channel vs. Off-Channel
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
16
Adaptive WIPS
Features
Serving Wireless data clients
CleanAir Spectrum Intelligence for
troubleshooting & forensics
Dedicated Ethernet network
connectionBRKEWN-2012
required
Best
ELM (1:1)
Monitor Mode
AP
(1:5 or better)
WSSI
(2:5 or better)
Y
N
Y
• On-channel wIPS
monitoring
• Best effort off
channel wIPS
monitoring
wIPS Security Scanning
Feature off-load for improved AP
throughput
Better
Good
• On-channel RF
visibility
• Full spectrum (all
channels) wIPS
monitoring
•
No impact to data
serving clients
• Full spectrum (all
channels) RF
visibility
N
N
N
Y
© 2014 Cisco and/or its affiliates. All rights reserved.
• On-channel & Full
spectrum (all channels)
wIPS monitoring
• No impact to data
serving clients
• On-channel
• Full spectrum (all
channels) RF visibility
Y
N
Cisco Public
Advanced WIPS 7.5 Features
1.
Auto MAC learning and client validation
Cisco WIPS can now automatically contain an employee device’s which is
connected to unapproved rogue AP. MSE will auto learn the mac addresses
of clients and can validate the clients without any pre-configuration.
2.
aWIPS Signatures
Three new aWIPS signatures were added in 7.5 release
1. AirDrop Session
detected
2. DHCP Starvation Attack detected
3.
WiFi Protected
Setup Pin brute force
3.
aWIPS Auto Containment
aWIPS auto containment action is added for 10 aWIPS alarms which can be
configured from PI.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Advanced WIPS 7.5 Features
4.
aWIPS Alarm Consolidation
A way to focus on the most important security alarms amongst the hundreds of alarms
generated.
Alarm consolidation combines all the alarms generated by the same event
and displays only one alarm to the user.
5.
Global Forensics
A troubleshooting feature which allows a user to capture and examine the packets
received by the AP.
This can be used for debugging if a valid attack is not being
detected and for identifying new attacks.
6.
New wIPS UI
An easier way of configuring and deploying wIPS. In 7.5 we have
introduced new wIPS workflows for deploying wIPS (including Rogue and aWIPS) in
PI 1.4. We have also refreshed the security dashboard.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
19
wIPS Forensics
 Available in data capture files as .pcap format:
Example of capture file
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
20
Advanced WIPS 7.6 Features
1.
wIPS MSE powered features
Detection of Soft AP, Good Guy Gone Bad (A valid client turning into Rogue AP).
2. aWIPS Signatures
– 27 new signatures added,
– 110 total signatures supported by Cisco wIPS.
3. Enhanced Rogue Reporting and Visualisation
Customer can now drill down into detected rogues to look at details of the valid clients
associated with rogues , association times, rogue rule classification and authentication
information.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Licencing
 Monitor Mode
– L-WIPS-MM-1AP
– L-WIPS-MM-100AP
– L-WIPS-MM-1000AP
Supports 1 Monitor Mode Access Point
Supports 100 Monitor Mode Access Points
Supports 1000 Monitor Mode Access Points
 Enhanced Local Mode
– L-WIPS-ELM-1AP
– L-WIPS-ELM-100AP
– L-WIPS-ELM-1000AP
Supports 1 Enhanced Local Mode Access Point
Supports 100 Enhanced Local Mode Access Point
Supports 1000 Enhanced Local Mode Access Point
 Maximum on 10,000 MM/ELM access points per MSE (depending on MSE
resources)
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
22
Connected Mobile Experiences
23
Introducing Connected Mobile Experiences (CMX)
Leverages the Ability to Detect and Locate Devices
in an Indoor Environment in Order to Provide:
Enhanced
Customer
Engagement
Context-aware
Marketing
Opportunities
CMX ENGAGE
On-premise
Customer
Visibility
CMX
ANALYTICS
Improved Business Outcomes
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Connected Mobile Experiences
Key Elements
DETECT
CONNECT
ENGAGE
GUEST PRESENCE
GUEST ACCESS
GUEST EXPERIENCE
Mobile device and characteristics
detected before they enter the venue
Seamless and secure Wi-Fi connectivity
Preferences, profile, device and roaming
credentials identified
Highly-relevant content and services
based on user attributes and realtime location
LOCATION ANALYTICS
InsightsBRKEWN-2012
into customer online and
onsite behaviour, traffic paths, dwell
times, location density etc.
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
How CMX Works
Access Points
Controller
MSE
DEVICE-BASED DISCOVERY
LOCATION DATA
ANALYTICS DATA
Depending on Application Layer
APPLICATION DATA
Mobile Application Server
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Analytics UI
26
CMX Solution Architecture
CONNEXIENT
POINTINSIDE
BOLDSTREET
SAP
PHUNWARE
App / Map
Others
SoLoMo
SIMPLI.FI
SHOPKICK
JOINGO
AMOBEE
AD / Offers
BOINGO
SINGLE DIGITS
Guest
BROADHOP
RETAILNEXT
NOMI
EUCLID
3r PARTY APPS
CMX Billboard
CMX Connect
CMX Analytics
CISCO APPS
Analytics
API
REAL-TIME
NOTIFICATION
SOAP/XML
REST
SDK
ADVANCED
WIPS
CLEANAIR
ANALYTICS
ENGINE
MOBILITY SERVICES
LOCATION
ENGINE
MOBILITY SERVICES LAYER (MSE PLATFORM)
UNIFIED ACCESS LAYER
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
27
DETECT
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
CONNECT
Cisco Public
28
Qualcomm Indoor Positioning Solution
 Device-based Engagement —802.11u / MSAP
Devices with the new Qualcomm
chipset discover services without having
to download a venue specific application
BRKEWN-2012
Enables organisations to
automatically show local services
to in-range mobile users
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
29
CMX Visitor Connect
Functional Highlights
 A simple, flexible and easy to use captive portal to quickly on-board guests on
to Wi-Fi (B2C)
 Highly customisable & Location sensitive
 Highly customisable splash flow and splash pages
 Based on Web pass-through methodology
 Portal to allow user registration with dynamic input fields
 Portal that facilitates the user login with social networks, i.e., FB, LN and G+
using OAuth
 Available in MSE release 7.6
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Setup
1) Configure controllers with Web pass-through WLANs
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Setup
2) Setup CMX Visitor Connect on CMX Dashboard
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Setup
3) Assign POI/Location where Web Portal will be served
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Final Portal
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Logon via Social Media
TERMS AND CONDITIONS;
REGISTRATION
BRKEWN-2012
CUSTOM LANDING
PAGE/VIDEO
© 2014 Cisco and/or its affiliates. All rights reserved.
SIMPLIFIED SOCIAL
LOGIN
Cisco Public
Guest Demographic Visibility
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Engagement Services
ENGAGE
Engaging with Customers via Different Media
APP
DEVICE
BROWSER
• Personalise in-venue
• Devices with the new
• Engage customers/visitors
customer experience by
making app contextually
aware
• Auto-prompt app when in
range
• REST API enables
integration of location
information in apps
Qualcomm chipset will
automatically discover
services without having to
download a venue specific
application
• Greater accuracy with
frequent probing
when they are browsing on
their mobile in the venue
• Can be customised with
context-sensitive banners
and services
38
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Browser Engage
Icon or banner
appears on every
page viewed on
the browser
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
39
Browser Engage
Click the icon,
menu appears
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
40
Application Engage
3G
• Pre-Authentication:
Network Services
Discovery on
the Device
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Application Engage
Local Services
• Service
Discovery PreAuthentication
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Application Engage
Local Services
Download App
• Seamless
Handoff from
3G/4G to Wi-Fi
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Application Engage
50%
• Application
Downloaded
BRKEWN-2012
DOWNLOAD
COMPLETE
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Application Engage
Campus Map
Registration
Bus Schedules
Records
Event Calendar
Featured
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Search
Map
Dining Hall
Social
Cisco Public
Application Engage
• Navigation
Integrated into
Student App
Campus Map
Registration
Bus Schedules
Records
Event Calendar
Featured
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Search
Map
Diningi Hall
Social
Cisco Public
Application Engage
Welcome
Campus Map
Would you like help
finding a facility?
• Example:
Personalised
Tour Guide
Yes, please search for:
Lab216b
Search
No, Thanks
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Application Engage
Welcome
Would you like help
finding a facility?
• Example:
Turn-by-Turn
Navigation
based on
Location
BRKEWN-2012
Campus Map
Yes, please search for:
Lab216b
Search
No, Thanks
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
MSE APIs
 The MSE has always had interfaces
to enable apps – be it SOAP/XML or
notification for location triggers
 SOAP/XML is a strong framework for
enterprise apps
 For mobile apps, REST is becoming
the dominant API model
 REST is simple, flexible and fast; our
customers and app partners are
increasingly standardising on REST
 REST API support introduced as part
of the 7.5 release
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
49
CMX Analytics
50
Copenhagen Airport
Improving business operations through real-time analytics
• Location Analytics
Security Personnel
Check-In Personnel
Customs Personnel
Traffic Flow
Advertising Placement
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
51
Location Data Usage Before 7.4 Release
 The MSE collects and maintains device location data obtained from
Wi-Fi enabled devices such as smartphones, tablets and laptops as
they pass through the Cisco Wi-Fi network, saving it “as is” in the
database
— The basic data is of the form, <MacAddress, time, coordinates, attribute1...
attributen>
 In previous versions of the Cisco Wi-Fi network architecture, this data
was simply retrieved by an API call from the Cisco Prime Infrastructure
and used to display device location information to the user via the GUI
or in a simple report
• In 7.4 the Advanced Location Analytics engine has been directly
integrated into the Mobility Services Engine
— Analytics GUI is served directly from the MSE platform
— Shares the same database while using a separate table space
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
52
Location Data Usage in Current 7.4 and Above
 Location Analytics information in the MSE database to create
knowledge for:
—Dwell times
—Paths Taken
• Choice of direction
• Routes taken
 Location data converts device movement and behavioural patterns into
actionable Business Intelligence
 Can be a shop, mall, airport, city centre, or any location that has a
network of wireless access points enabling devices moving within that
space to be located.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
53
The Analysis Process
 Full data analysis is comprised of six individual processes:
— Data cleaning
— Tagging
— Filtering
— Parameter estimation
— Behaviour mining
 MSE can correlate very large amounts of data to be analysed.
 Analysed data is summarised and visualised on screen or in report format.
 Visual results available in both 2D or 3D formats simplify and improve user
understanding of data
— For example, in a multi-story environment where paths and dwell times must take
vertical movement into account
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
54
Visualising the Data
 Both 2D and 3D views are available, with 3D as the default
– 3D building representation requires using a browser that supports WebGL
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Cisco Analytics Architecture
Reports
MSE Location Analytics Architecture for Release 7.4+
MSE DB
Location
Data
Data
Mediation
WLC
Location
Data
Graphical User
Interface
Reporting
Device/
Path
DB
Results
Database
Location Analytics
Engine
Mobility Services Engine
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
JBoss Application
Server
Cisco Public
Automatic conversion of
data to results on: dwell,
device no., movement,
frequency
56
Enabling the Analysis Engine
 The Location Analytics engine is installed on the MSE during the 7.4 software
installation process
 Must be enabled for use via the PI before the Web interface is accessible.
— Requires an Advanced Location Services license for the PI which is managing the
MSE
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
57
Network Preparation
 Enable CMX licensing
– L-AD-LS-1AP
– L-AD-LS-100AP
– L-AD-LS-1000AP
Support for 1 AP
Support for 100 AP’s
Support for 1000 AP’s
 Define floor plans and coverage areas in the PI
 A coverage area in the MSE correlates to a zone for the purpose of analysis
— A zone is a user defined space with a name and can be used for reporting or path
description purposes
— Zones can be overlapping and need not cover all the building
For example: If a customer wants to analyse user behaviour within a specific area of a location,
such as an individual store within a larger mall complex, then a coverage area defining that
store must be defined in the PI.
 Synchronise with the MSE
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
58
CMX Analytics – 7.6 New Features
 Real path definition feature available to network admin providing more
meaningful path representations.
 New aggregated database model. Raw data is retrieved, processed, and stored
in a separate table, then used by CMX Analytics for report generation. This
speeds up the data analysis process by eliminating the need to perform
this activity on raw data. This improves scale. Reports will take 1/3 time
that it took in 7.5 vs 7.6.
 API to retrieve/save navigation path and/or modify existing navigation paths
defined in UI.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Dashboard
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Analytics Visualisation
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Realistic Path Display
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Reports
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Design and Planning
64
WiFi Based Location Calculation Basics
A WIFI device seen by one AP could
be located on anywhere in this circle
When a device is seen by two AP
then location must be in this line
Accuracy highest
when a device is
seen by at least 4
Access points
When a device is seen by four AP
then location must be at this point.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Location Readiness
 A point on a floor map is
location-ready if:
– min. of 4 AP’s are deployed
– min. of 3 AP’s are within 20
metres (~70 feet)
– At least 1 AP placed in each of at
least 3 surrounding quadrants.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
66
Designing Location Services – Access Point Deployment
Considerations
 Proper placement and density of access points is critical in achieving the quoted location
tracking performance
o Original design may have been based on coverage model
o Location Accuracy may require a different AP-deployment model
 Access Point Density recommendations
o
o
o
o
Use smaller, overlapping cells (lower data rates disabled)
For wireless data only deployments: 10% AP cell overlap
For wireless data + voice deployments: 20% cell overlap
AP density [Cell radius] 10m – 15m (AP’s 15 - 22m apart)
(Typically about one access point every 230 – 460 sq.m)
For accurate
locations start with
data
+voice over WiFi
as design baseline
 Antennas should be oriented horizontally (vs. vertically)
 Antenna diversity should be enabled
 AP/Antenna height should be 3 – 6 metres
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Client Device Behaviour





Location tracking based on Probe RSSI
Implication -> client probe timing needs to be considered
Different client/OS combinations behave differently
Smartphone v RFID tag
Probe RSSI v Data RSSI
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
68
Location Based Services Architecture
Cloud-based
application
 Wi-Fi AP measures and reports RSSI (Receive
Signal Strength Indicator) to WLC (ie 5-300
(SOAP/XML/REST)
seconds depending on endpoint)
Intra/
Internet
 WLC (unified/Flexconnect) aggregates and
Mobility Services Engine (MSE) w/
periodically reports them to MSE via NMSP
Location Analytics
SOAP/
(ie 2 seconds, configurable)
XML/REST
NMSP
 MSE applies advanced positioning algorithms
LAN or
Cisco Prime
(ie API real time, Analytics ever 15 mins)
WAN
Infrastructure
• Determine location (RF
Wireless LAN Controller
unified or FlexConnect
fingerprinting/modelling)
• Location notifications (to outside app.
Server)
Wi-Fi Access Point
(AP)
Wi-Fi Access Point
• Statistical processing for CMX Analytics
(AP)
• Displaying all devices on a map in Cisco
Prime
Wi-Fi Client
Wi-Fi Client
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Location Accuracy/Currency Examples
 Accuracy: function of AP density & AP height
 Currency: function of AP density and client type (client probes network at
different rate)
Application
Venue type
AP density
Avg. Accuracy
Currency
Presence
Mall, airport
…
10+K Sq ft
929 Sq m
29.5ft
9m
N/A
Proximity
Retail …
<2.5K Sq ft
<232 Sq m
16.4ft
5m
~30s
Asset-tracking
Enterprise,
mall …
5K Sq ft
464 Sq m
22.96ft
7m
>> 1min
Mobility-tracking
Mall, airport
…
<2.5K Sq ft
<232 Sq m
16.4ft
5m
~30s
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
70
Designing Location Services –
Best Practices
 Based on accuracy and environment type (office vs. indoor high-ceiling), the density of
APs (average cell-radius) can be determined and maintain average cell-radius
throughout the service area on each floor.
 Plan for location (e.g. using the PI planning tool)
o
o
o
o
o
Design for good coverage first (RSSI of >= -85dBm on all channels clients support)
Design for good cell-edge delineation (i.e. ensure client roams between adjacent cells)
Each client should be within convex-hull of 3+ APs (i.e 4) on the same floor
Place perimeter AP’s first then place interior AP’s to minimise coverage gaps
Staggered AP deployment (not in a straight line) [esp. in long narrow coverage areas like
hallways, corridors, tunnels, etc.]
 Use location rails, exclusion regions, and inclusion regions to constrain the location
prediction to valid areas of the map with the PI Map editor.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
AP Placement –
Best Practice
Poor AP placement and
coverage for location – linear
AP placement
Wi-Fi
device
Proper AP placement and
coverage for location –
staggered AP placement with
perimeter coverage
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Wi-Fi
device
Cisco Public
72
Designing Location Services –
Best Practices
 Characterise the RF environment either using the pre-canned RF Fingerprinting models
(preferred) or via RF calibration (measurement) followed by a location accuracy
assessment.
 Four default pre-packaged RF models are provided with PI:
o
o
o
o
Cubes & walled offices
Drywall office only
Outdoor open space
Indoor high ceiling
 If the provided default RF models do not sufficiently characterise the floor layout, custom
calibration models can be created using PI and applied to the floor to better represent the
RF characteristics of a given environment.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Coverage Gaps – Voice and Location
 Local mode AP placement and
density may be sufficient for
data/voice applications
 Use Monitor AP’s to fill in coverage
gaps
 Monitor mode Aps (TOMM here or
“Tracking Optimised Monitor Mode”)
can be used also to do Wireless IPS
and CleanAir
Tracking Optimised Monitor Mode APs
TOMM
Local
TOMM
Wi-Fi
device
Local
TOMM
Local
 Note: 2.4 GHz only, designed
specifically to be used in conjunction
with RFID tags
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
74
Location Accuracy Tool (Prime)
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Installation Tips
76
Services Mix
 Services on the Same MSE
•
•
•
•
Context Aware Services and CMX Analytics can and should be run on the same MSE.
wIPS should be run on a separate MSE without any additional services.
Mobile Concierge Service client device dependencies/mobile App Enablement
CMX Dashboard should be run on a separate MSE (if using the 3355, low end, or
standard vMSE) unless using high end MSE. For best performance it is
recommended to host CMX dashboard on a separate MSE.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Plan Zones in Advance
 Zones (Inclusion/Exclusion) = areas of interest
– A zone is a user defined space with a name and can be used for reporting or path
description purposes; zones can be overlapping and need not cover all the building
– Although there is not a limit to the number of zones that you may include, choose them
carefully.
– Definition of zones allows for more granular reporting.
 Coverage Areas
– Additionally drawing accurate coverage areas on maps in Prime provides more
granularity when reports are generated.
– For instance, in the case of a none standard floor layout (not square or rectangular) it
is desirable to define the outlines of the floor so that areas on the map that have no
coverage are omitted.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Don’t forget to enable History Parameters
 In Prime/MSE insure to check that history parameters is selected
– Without this box checked CMX Analytics will not save data for reports generation.
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Enable Services From Prime
 MSE with CAS and CMX Analytics Enabled
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Connected Mobile Experiences Software
Requirements
Platform
Wireless LAN Controller
BRKEWN-2012
Minimum Software
Version
7.2
Access Point
7.2
Cisco Prime
Infrastructure
Mobility Services Engine
1.4
© 2014 Cisco and/or its affiliates. All rights reserved.
7.4
Cisco Public
81
Cisco MSE 3355 Appliance
 Tracking performance ~900 movements per
second, up to 25,000 elements
 IBM x3550M3 Platform / 1RU Form Factor
 2 CPUs (Quad Core) – Intel Nehalem 2GHz,
4Mb cache
CAS/CMX Limit (AP)
WIPS Limit (AP)
2500
5,000
 16G RAM
 4 x 146GB Hot-swappable 6 Gbps SAS
drives/10k RPM / HW RAID (1+0)
 Up to 20 MSEs / Prime Infrastructure
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
82
MSE Virtual Appliance
• Require activation license + CAS /
WIPS license
• Virtual appliance will be distributed
as OVA image (Low and Generic)
• Only SASU required for support
• Supported on ESX/ESXi 4.x and
ESXi 5.x
Level
Low
Server
Reference
Physical Cores /
RAM
Cisco UCS C250 M2 2 at 2.93GHz or better (2x
rack mount server
Intel Xeon X5570)/ 6GB
Disk (min)
CAS/CMX (AP)
WIPS (AP)
Minimum 500GB, 900 IOPS with a
bandwidth of 3000 Kbytes/sec
200
2,000
Med/Standard
Cisco UCS C250 M2 8 at 2.93GHz or better (2x Minimum 500GB, 1100 IOPS with
rack mount server
Intel Xeon X5570)/ 16GB a bandwidth of 4000 Kbytes/sec
2,500
5,000
High
16 at 2.13GHz or better
Cisco UCS® C460
Minimum 500GB, 1600 IOPS with
(2x Intel Xeon E7-L8867)/
M2 rack mount server
a bandwidth of 6000 Kbytes/sec
20GB
5,000
10,000
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
83
General Architecture Considerations
Co-located
Partly Distributed
Fully Distributed
Location
application
In-house E.g. corporate HQ Server
Cloud based
Cloud based
MSE
MSE+WLC per site e.g. campus
MSE+WLC per DC e.g. retail HQ
MSE per DC e.g. Regional HQ
WLC
MSE+WLC per site e.g. unified WLC
MSE+WLC per DC
e.g. FlexConnect WLC
Unified WLC per site e.g. property/venue
Bandwidth
considerations
Low
Medium
High
In-house/IT
location application
(e.g. corporate HQ)
WAN/
Intranet
GigE LAN
GigE LAN
e.g. FlexConnect WLC
e.g. Unified WLC
GigE LAN
MSE per data centre
(e.g. Regional HQ)
MSE+WLC per data centre
(e.g. Retail HQ)
MSE+WLC per site
(e.g. Campus)
BRKEWN-2012
Internet
Internet
Intranet
Flexible
MSE
deployment
options
Cloud-based
location application
Cloud-based
location application
Unified WLC per site
(e.g. property/event)
WAN/
LAN
© 2014 Cisco and/or its affiliates. All rights reserved.
GigE LAN
Cisco Public
84
MSE High Availability
 Managed by PI using the
MSE VIP
 Network L2 or direct
connected
 Supports 1:1 configuration
 HA for all services supported;
Failover times < 1 min
 Supports automatic & manual
failover / failback
 Physical to physical & virtual
to virtual HA supported
BRKEWN-2012
WLC1
WLC2
PI
3rd Party
Primary MSE
© 2014 Cisco and/or its affiliates. All rights reserved.
Secondary
MSE
Cisco Public
85
Location Services Calculator
 Calculates MSE BW and TPS
due to location tracking &
location altering (LT & LA)
— Based on rate at which client
roams between APs and
— Rate at which client
enters/exits user defined
zones.
— Above rates are estimated
based on network topology
(e.g. client, AP density) Venue
type (e.g. retaixql, office) and
building dimensions (floor
size, number of floors …)
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
86
Location Services Calculator
 Inputs:
–
–
–
–
–
–
client types,
network nodes in volume
(# clients, # AP, # WLC) or density
(sq.ft/client, sq.ft/AP),
venue type and building parameters
(sq.ft/floor, # floors).
 Outputs:
–
–
–
–
–
–
–
–
NMSP Bandwidth per WLC (bps)
NMSP Bandwidth per MSE (Mbps)
SOAP/XML Bandwidth per client (bps) [due to both LT and LA activity]
SOAP/XML Bandwidth per MSE (Mbps) [due to both LT and LA
activity]
MSE Transactions per MSE (TPS) [due to both LT and LA activity]
Accuracy (ft)
Currency in distance (ft) and time (s)
Incremental Location Analytics storage (GB)
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
87
Location Services Calculator – BW, TPS, Storage,
Currency and Accuracy
Samsung Tab (small)
Samsung Tab (large)
Samsung Phone
Intel Phone
Apple iOS
Intel Laptop
Generic (mix)
Office
Retail
Client
Access Point
Controller
Physical
aspects
Bandwidth
Transactions
Storage
Currency
Accuracy
BRKEWN-2012
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
88
Q&A
Complete Your Online Session Evaluation
Give us your feedback and receive a
Cisco Live 2014 Polo Shirt!
Complete your Overall Event Survey and 5 Session
Evaluations.
 Directly from your mobile device on the Cisco Live
Mobile App
 By visiting the Cisco Live Mobile Site
www.ciscoliveaustralia.com/mobile
 Visit any Cisco Live Internet Station located
throughout the venue
Polo Shirts can be collected in the World of Solutions
on Friday 21 March 12:00pm - 2:00pm
BRKEWN-2012
Learn online with Cisco Live!
Visit us online after the conference for full access
to session videos and presentations.
www.CiscoLiveAPAC.com
© 2014 Cisco and/or its affiliates. All rights reserved.
Cisco Public
Was this manual useful for you? yes no
Thank you for your participation!

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project

Download PDF

advertisement