Tech Brief |

Enterprise Enterprise Fixed-Mobile Convergence (eFMC): Joint Solution by Agito Networks Inc. & Aruba Networks Inc.

- Gokul Rajagopalan

Executive Summary:

The gaining popularity of and the integration of Wi-Fi capabilities into these phones raises the question of why not consolidate multiple services into a single hardware device. This is the goal of enterprise Fixed- Mobile Convergence (eFMC) technology. The primary value of an eFMC solution is that it allows dual-mode (Wi-Fi & cellular) capable smart-phones to assume a single identity irrespective of their mode of connectivity and seamlessly maintain calls during transitions from one mode to another.

Aruba Networks (NASDAQ - ARUN) is a leading provider of secure enterprise mobility solutions. Aruba’s offerings include Campus WLAN solutions based on the 802.11 a/b/g/n standards and Branch Office solutions for secure SOHO deployments. Agito Networks is a leading provider of enterprise Fixed-Mobile Convergence (eFMC) solutions.

Aruba Networks and Agito Networks have conducted a series of interoperability tests to demonstrate the viability and benefits of this joint solution. VoWLAN call-quality and roaming were the focus of the interoperability exercise. The joint solution is agnostic to the cellular carrier and technology that the phone is subscribed to.

The Agito Networks eFMC solution consists of the RoamAnywhere™ Mobility Router (RAMR) deployed in the core VoIP network and the RoamAnywhere Dialer (RAD) client installed on recommended dual-mode phones. The solution has been verified to interoperate well with Aruba Networks WLAN infrastructure. Best results were observed with the E71 dual-mode handsets.

The tests were performed on an Aruba production network deployed for capacity. Aruba recommends an AP every 2500-3000 sq. ft. for voice. APs were based on the legacy 802.11a/b/g and new 802.11n standards. Enterprise grade 802.1X authentication with AES encryption was tested in addition to the less complex static-WEP and WPA2- PSK mechanisms. The tests used Windows Mobile-based HTC Touch Diamond, -based Nokia E-series phones (E71, E63, and E51) and RIM’s BlackBerry Bold 9000 dual-mode phones.

• The key performance criteria examined were stationary phone call-quality, AP-AP roaming and Wi-Fi – cellular roaming. • Call quality was judged based on subjective voice quality and specific parameters were monitored using 802.11-based packet sniffing tools. • Agito RAMR logs were also evaluated to verify Route Point triggers (for Wi-Fi to cellular handoff) were being used in the appropriate locations.

1 Enterprise Fixed-Mobile Convergence (eFMC) Aruba Networks

Aruba also offers a unique virtual branch office solution for remote teleworkers. Using RemoteAPs – the RAP2 or RAP5, the solution allows extension of the enterprise edge to a user across any layer-3 wide area network with the data secured using IPSec. The intermediate connectivity model is transparent to the VoWLAN client. This test campaign also verified that the Agito eFMC solution works seamlessly on an Aruba RemoteAP backhauled over a standard residential DSL connection.

Aruba Solution Components for eFMC Policy Enforcement Firewall (requires Aruba PEF license) Aruba’s ICSA-certified PEF implements per-user, role-based access controls to track specific application flows between a Wi-Fi client and the network. This allows per-user security and per-session QoS prioritization over the air and over the wire. Aruba’s Voice Services Module, (integrated into the PEF module starting ArubaOS 3.4.1), gives the power to identify Session Initiation Protocol (SIP) call signaling messages. The controller uses deep-packet inspection to identify the ports used for voice traffic and provide prioritization to voice traffic to ensure good call quality. Aruba’s VSM also can delay ARM scanning while voice calls are active.

Adaptive Radio Management (included in ArubaOS) ARM automatically optimizes the RF environment in the enterprise. This includes ensuring adequate capacity (through appropriate channel assignment on all AP radios), ensuring adequate coverage (by appropriate transmit power assignment for all AP radios), periodically scanning the RF environment and intelligent interference rejection and avoidance. ARM also reduces congestion by separating dual-band data clients from the mostly 2.4 GHz- capable voice handsets using band-steering and other measures.

Aruba’s controller communicates with the Agito RAMR to push ARM channel / power updates using standard SNMP. The RAMR uses this information to automatically adjust the Route Points which define handover locations between Wi-Fi and Cellular networks.

Virtual Branch Networking (requires Aruba RemoteAP license): Aruba’s Virtual Branch Networking technology extends the same level of network access and seamless connectivity that a user enjoys in the enterprise, to remote locations. This mode of access requires no more than a residential DSL connection and a remote-AP (RAP). The RAP builds a secure IPSec tunnel back to the network core. VoWLAN handsets can associate to this SSID and register with their SIP infrastructure, just like they would when associated to a campus AP. Zero-touch provisioning ensures ease of use for the user with minimal network administrator intervention.

Aruba Networks Enterprise Fixed-Mobile Convergence (eFMC) 2

Agito Deployment Topologies:

Campus

Remote or Home Office For remote or home offices, it is recommended to deploy the Aruba RAP-5WN or Aruba RAP-2WG access points as show below since these will provide enterprise-grade performance and encryption of the voice and data traffic between the remote location and enterprise office across the internet. The RAP-5WN and RAP2WG automatically establish a VPN connection between the remote location and enterprise Aruba Controller to extend the enterprise WLAN to remote locations for data and voice applications to provide coverage and reduced costs for mobiles.

3 Enterprise Fixed-Mobile Convergence (eFMC) Aruba Networks

The Agito RoamAnywhere Mobility Router integrates with the enterprise IP PBX utilizing SIP lines (one per mobile device) and SIP trunks. Two corporate access numbers (or DID’s) are allocated and routed from the voice gateway to the Agito RAMR to enable enterprise dialing from the cellular network as well as handover between the Wi-Fi and Cellular networks.

The dual-mode smartphones register over the Aruba Wi-Fi network using the SIP protocol to the Agito RAMR that registers on behalf of the to the IP PBX. With Agito’s architecture, there is separation of control- and data-plane signaling such that only the SIP call signaling is routed through the RAMR while the voice/RTP packets flow directly between the smartphones, desk phones and voice gateway ensuring low delay and jitter through the QoS-enabled network.

At each entry/exit door of the enterprise, the Agito fingerprinting process is performed once by an administrator to define a “Route Point” that is the location where proactive handover is initiated to ensure sub-100ms handover. For devices that do not support detection of Route Points, the RSSI-based thresholds are utilized for handover initiation.

Infrastructure Platforms tested

Aruba Networks Enterprise Fixed-Mobile Convergence (eFMC) 4

Tests and Observations

Stationary phone tests: All handsets tested had satisfactory call-quality for stationary calls. The Aruba infrastructure identifies and follows SIP-signaling messages and assigns appropriate prioritization to the related RTP packets. If the phones are capable of RTCP reporting, the Aruba mobility controller can also report call quality as an R-Value. The main factors that influence voice quality are handset support for WMM, WMM Power-Save and end-to-end QoS on the infrastructure.

Wi-Fi roaming: The phone’s WLAN capabilities working along with the Aruba system determines the efficiency of roaming between WLAN access points. The key differences lie in handset support for features such as Opportunistic Key Caching and the handset driver’s RSSI and packet-error rate thresholds for roaming. For example, the and the have different RSSI thresholds for roaming and as a result the E71 roams earlier than the E51. Consequently, Aruba recommends the Nokia E71, E63 or BlackBerry smartphones for optimized roaming in Agito Networks and Aruba Networks joint deployments.

Wi-Fi- Cellular roaming: Agito manages Wi-Fi-Cellular roaming using a combination of real-time and pre-configured metrics. In real-time, the RAD client periodically scans the RF environment to gauge the availability and health of Wi-Fi and cell-tower coverage and compares it with the current mode. If the client foresees significantly better call quality on the other mode, for example when a user enters a building and Wi-Fi signal levels exceed a pre-determined threshold, it initiates the hand-over. However, certain areas such as building exits may be known dead-zones or fade zones for Wi-Fi for various reasons. Agito allows the administrator to create RF Route Points (created by the administrator through the process of Fingerprinting using the RoamAnywhere Calibration software) of such locations and then uses these Route Points to make pre-emptive handovers to avoid degradation in call quality and proactively initiate a seamless call transfer. Agito’s RAMR gets periodic updates from the Aruba Mobility Controller on the changes to AP channel and transmit power which is used by Agito to dynamically adjust these Route Points based on the RF changes. Hand-outs (hand-offs from Wi-Fi to Cell) may involve short delays depending on cellular call-setup time whereas hand-ins (Cell to Wi-Fi) are almost instantaneous. Successful hand-outs and hand-ins with minimal to no quality degradation were verified by Aruba and Agito engineers.

5 Enterprise Fixed-Mobile Convergence (eFMC) Aruba Networks

Recommendations

Handsets: The Nokia E71 produced the best audio quality and roam-performance of all handsets tested. The and the BlackBerry Bold 9000 are comparable to the E71. The Nokia E51 had poorer Wi-Fi roaming characteristics. Comparatively, the HTC Touch Diamond is not recommended for use at this time due to poorer measured roaming and battery life performance.

Over time this application note will be updated as the following supported handsets (and newly released devices) are tested. These devices are supported by Agito and expected to work but have not been qualified with the joint solution at this time. - BlackBerry Curve 8900 - Samsung Epix - BlackBerry Curve 8520 - Nokia E71x - Samsung Omnia - Nokia N96

Salient Configuration Notes Adaptive Radio Management (ARM): Aruba recommends use of the following ARM features: • Single-band assignment; • VoIP-Aware Scan; • Legacy Station Workaround (for 11n-capable networks); • Min-tx-power 6; • Max-tx-power 15.

SNMP Integration: The RAMR receives ARM updates as SNMP traps from the Aruba controller. It uses this information to update its information base for changes to AP channel and transmit power. For this, the Aruba controller should be configured with the Agito RAMR as an SNMP v2c Trap receiver so that the ARM updates can by reported to the Agito system.

Additionally, the steps outlined in the section titled “Integrating WLAN Controllers with the Mobility Router” of the Agito RoamAnywhere Administrator’s Guide should be followed in order to configure the credentials (IP and SNMP community string) of the Aruba controller so that AP channel/power/location can be automatically retrieved by the Agito RAMR.

Aruba Networks Enterprise Fixed-Mobile Convergence (eFMC) 6

SSID/Security: Aruba recommends use of a dedicated SSID for voice handsets. The key settings for the SSID include limiting PHY rates to the range from 6 to 24 Mbps. WPA2-AES or lesser secure methods of authentication/encryption may be used, while use of the strongest authentication and encryption method supported by the voice device is Aruba’s recommendation for enterprise deployments. The ‘voice’ role which is preconfigured with Aruba’s PEF may be used to identify and tag SIP call flows for prioritization. WMM and WMM-UAPSD support must be enabled for handsets that support both. Maximum retries should be set to 4 and maximum transmit failures should be limited to 20 since voice packets are delay-sensitive and must be discarded when their transmission exceeds these limits. The DSCP mapping defined for the SSID must match with the DSCP settings for the wired back-end infrastructure. 802.11k support may be enabled if the handset supports this newer standard. In order to facilitate fingerprinting, the voice SSID should not be hidden.

RF Fingerprinting: Best results were observed when Route Points were created just on the inside of every building exit. Aruba and Agito recommend the setting of route points in this manner as a deployment best practice. Please refer to the Agito Networks Calibration User Guide for the steps required to perform the calibration of fingerprints.

References

For best-practice design of a Voice over WLAN network, please refer to the following documents on the Aruba website (http://www.arubanetworks.com/technology/design_guides.php): • Campus Wireless Networks Validated Reference Design v3.3 • Virtual Branch Networks Validated Reference Design v3.0RN • Optimizing Aruba WLANs for Roaming Devices v3.3 Detailed configuration instructions can be found in the ArubaOS User Guide available on the Aruba support portal https://support.arubanetworks.com.

For configuration of the Agito RoamAnywhere solution, please refer to the RoamAnywhere Mobility Router Administrator’s Guide on the Agito Networks support website – http://www.agitonetworks.com/support/

7 Enterprise Fixed-Mobile Convergence (eFMC) Aruba Networks

About Aruba Networks, Inc.

People move. Networks must follow. Aruba securely delivers networks to users, wherever they work or roam, using a combination of award-winning solutions:

• Adaptive 802.11n Wi-Fi networks optimize themselves to ensure that users are always within reach of mission-critical information. Rightsizing expensive wired LANs by replacing them with high-speed 802.11n Wi-Fi reduces both capital and operating expenses;

• Identity-based security assigns access policies to users, enforcing those policies whenever and wherever a network is accessed;

• Remote networking solutions for branch offices, fixed telecommuters, and satellite facilities ensures uninterrupted remote access to applications;

• Multi-vendor network management provides a single point of control while managing both legacy and new wireless networks from Aruba and its competitors.

The cost, convenience, and security benefits of our secure mobility solutions are fundamentally changing how and where we work. Listed on the NASDAQ and Russell 2000® Index, Aruba is based in Sunnyvale, California, and has operations throughout the Americas, Europe, Middle East, and Asia Pacific regions. To learn more, visit Aruba at http://www.arubanetworks.com. For real- time news updates follow Aruba on Twitter at http://twitter.com/ArubaNetworks.

© 2009 Aruba Networks, Inc. AirWave®, Aruba Networks®, Aruba Mobility Management System®, Bluescanner, For Wireless That Works®, Mobile Edge Architecture, People Move. Networks Must Follow., RFProtect, Green Island, The All-Wireless Workplace is Now Open for Business, and The Mobile Edge Company® are trademarks of Aruba Networks, Inc. All rights reserved. All other trademarks are the property of their respective owners.

Aruba Networks Enterprise Fixed-Mobile Convergence (eFMC) 8