Array OS

Network edge intelligence

Conventional Wi-Fi networks use thin APs connected to a centralized controller. These thin APs are dependent on the controller to make authentication, policy, RF, and sometimes packet processing decisions for them. The dependency of APs on the controller creates a single point of failure – if the controller fails, the entire wireless network connected to that controller goes out.

With ArrayOS functioning independently on each Array, the Arrays themselves make all controlling decisions at the edge of the network. With each Array operating autonomously, there is no single point of failure in the network. Additionally, the ArrayOS monitors all Array functions locally and can apply policy and RF design decisions immediately and efficiently instead of being dependent on communication back to a central control point.

 

Application Control

Identifying network traffic at the application level provides greater granularity in efficiently provisioning network resources. Critical applications need appropriate prioritization while recreational applications such as social media and gaming may need to be throttled or blocked. The ability to control traffic at the network edge before it impacts the core network expands the scope and scalability of more traditional centralized solutions.

Xirrus offers application visibility and policy enforcement, called Xirrus Application Control, at the wireless edge using Layer 7 Deep Packet Inspection (DPI) technology. Unlike many other DPI implementations, Application Control goes far beyond simple port, protocol, and regex-based classification schemes to provide comprehensive and accurate application awareness.

 

Bonjour Director

The Bring Your Own Device (BYOD) trend has introduced many devices such as the iPad, iPhone, iPod Touch, and AppleTV into many organizations for the first time. Wi-Fi has become a critical part of delivering a quality Apple experience. Xirrus along with our Bonjour Director enhances Apple services such as AirPrint, AirPlay to work properly over an enterprise network. Apple’s AirPrint and AirPlay technology leverages the network protocol mDNS, which is typically prevented by standard networking equipment from traveling over different network boundaries. A teacher in a lecture hall or classroom looking to project a presentation on her iPad connected to a Wi-Fi network maybe prevented from connecting to an AppleTV which is connected to a wired network. Even worst, an iPad looking to print a document will be prevented from linking to an AirPrint printer which is on a separate network.

Our Bonjour Director offers forwarding services to help bridge AirPlay and AirPrint traffic between VLANS and across subnet boundaries. This is often the only way Apple devices on different networks or subnets will be able to connect with one another. Beyond forwarding traffic, the Xirrus Arrays can also filter unwanted Apple mDNS traffic from flooding all networks thus improving network performance. The Xirrus Array can forward AirPrint and AirPlay traffic but also filter unwanted traffic from broadcasting across subnets.

Radio optimization

The multi-radio and directional antenna design of our Wireless Arrays provide significantly greater control of RF design and management compared to traditional APs. All radio resources can be individually controlled for band selection (2.4GHz or 5GHz), transmit power, and channel allocation. Control can be done either automatically or manually.

Each radio within the Wireless Array can be set to operate in either 2.4GHz or 5GHz, allowing the design to match client types today and adapt in the future as needed. This contrasts to thin APs which are fixed in design with one radio in 2.4GHz, one in 5GHz, and no flexibility to change based on client requirements.

Xirrus supports Auto Channel per Array, providing an automatic means of allocating Wi-Fi channels between radios across all Arrays in a deployment. Proper channel design is essential to ensure best system performance since interference from Wi-Fi or non-Wi-Fi systems on a given channel of operation will degrade user experience. Auto Channel scans the RF environment on a radio-by-radio basis, coordinated among all Arrays in the network, to determine the best channel of operation per radio.

 

For transmit power control, each Array supports Auto Cell – an automatic, self-tuning mechanism that balances cell size between Arrays. It ensures sufficient coverage while limiting the RF energy that would extend beyond the organizational boundary between Arrays. This helps to minimize potential interference with neighboring networks and allows for automatic detection and coverage expansion to compensate for gaps caused by system interruptions. In addition, Array radios provide ultra low power setting options for handling very high density deployments when Arrays are placed in very close proximity to each other.

Resource assurance

The distributed design of the Array provides a level of processing power and intelligence not available in traditional thin AP designs where much of the resources reside in a centralized controller. By placing these resources at the network edge, the Array can apply proactive and pre-emptive monitoring of operational resources to detect and respond to issues when they occur.

Station Assurance continuously monitors wireless client behavior for potential issues. If a client is detected encountering connectivity or performance issues, a notification is logged enabling the network administrator to respond to the issue proactively before the end-user complains. Among the elements monitored are authentication failures, packet error rates, packet retry rates, data rates, signal strength, and signal to noise ratio.

Radio Assurance executes local testing of Array radio resources and self-healing to ensure wireless service availability. The monitor radio periodically functions as a wireless client and connects to each of the user servicing radios in the Array. If a problem is detected, multiple options for action may be taken, including logging a notification or resetting the radio itself.

Network Assurance actively monitors the status of key network elements, including the Gateway, RADIUS servers, NTP servers, SNMP trap hosts, and DNS servers. If any of these elements are unreachable, a notification is logged via syslog. The Array can be optionally configured to disassociated users proactively if network resources are not available so that clients do not remain connected wirelessly but with no network service.

Device optimization

The multi-radio architecture of the Array provides a high level of flexibility in allocating Wi-Fi users and devices among system resources to optimize overall performance. As wireless is a shared communications medium, clients on a given radio resource affect the performance of others using the same resource.

In the Array, Wi-Fi devices are identified by type upon connecting to the network (e.g. laptop, tablet, smartphone, gaming device). This information is then used to map the device to specific resources as desired.

Dedicated radios and wireless networks (SSIDs) can be assigned to devices that need high bandwidth or are operating in a specific mode, for example a keynote speaker at a convention with thousands of other wireless users in the audience. As another example, a collection of legacy scanners operating at slow 802.11b speeds can be dedicated to specific radio resources. These users would otherwise slow down the operation of faster 802.11g or 802.11n clients if they functioned on the same radios.

At a higher level, Station Load Balancing automatically distributes Wi-Fi devices across the multiple radios in an Array to optimize performance. Evenly distributed client load distribution ensures the best quality of experience for each user. By distributing the client there is better utilization of Array radio resources by ensuring more radios are servicing clients and not idle.

Simpler wireless

All Xirrus Wireless Arrays and APs support automated activation and provisioning out of the box. Upon initial power up, the units automatically connect to Xirrus' online Mobilize cloud service. The Array/AP will be discovered, activated, its license programmed, software upgraded (if necessary), and initial configuration downloaded – all automatically. This enables very fast and easy turn up of new equipment, especially in remote or multi-site locations where non-technical personnel may be installing the equipment.

More reliable wireless

One of the biggest advantages of the Array architecture is the resiliency the solution provides to the wireless network. With dedicated hardware and software resources, each Array operates independently without the need for a centralized controller. Only network management, via the Xirrus Management System (XMS), is centralized on a Xirrus network however it is not required for operation.

With traditional enterprise wireless solutions, controller failure will bring down the entire wireless system connected to it creating a single point of failure. While redundant or n+1 resiliency can be implemented with these solutions, it comes at a steep price. With a Xirrus Array network, failure of one Array will impact only its service area, ensuring a much more reliable network without adding cost.

Better RF control

Through superior RF management, ArrayOS creates a more stable environment for Wi-Fi clients and enables higher performing wireless networks. Auto Channel and Auto Cell functions automatically create optimal RF coverage and configuration for maximum Wi-Fi performance without painstaking RF planning. Software configurable Wi-Fi band selection per modular AP allows wireless spectrum to be flexibly set to match the capabilities of clients in the network. And with independent transmit power control per radio, wireless signal level can be controlled for proper coverage on a sector by sector basis. In very high density deployments that require Arrays to be placed in close proximity to each other, ultra low power settings enable increased user density support operating in the 2.4GHz band.

Altogether, much greater control of the RF environment is available in a Xirrus Array network compared to traditional solutions. This control provides the ability to optimize performance in challenging wireless environments, in particular where a high density of users exist such as schools, stadiums, and conference centers.

 

High Performance Apple Device Support

Wi-Fi has become a critical part of delivering a quality Apple experience. Xirrus along with our Bonjour Director enhances Apple services such as AirPrint, AirPlay to work properly over an enterprise network. Our Bonjour Director offers forwarding services to help bridge Bonjour traffic between VLANS and across subnet boundaries. Beyond forwarding traffic, the Xirrus Arrays can also filter unwanted Apple mDNS traffic to limit flooding all networks thus improving network performance.

Proactive issue identification and resolution

With Resource Assurance Management, ArrayOS proactively monitors resources across the entire wireless network – including clients, network elements, and its own operation. This functionality is built into every Array and can function with or without centralized management. The distributed intelligence of the Array architecture enables this proactive and pre-emptive problem notification and resolution allowing Network Administrators to focus on other issues.

Optimized resource allocation

With multiple radios available in each Array, network resources can be more optimally allocated to meet particular deployment requirements and adapted as requirements change. Xirrus Arrays identify the type of device connecting to the network (e.g. laptop, tablet, smartphone, gaming device). Based on device type, specific policies can be applied such as bandwidth restrictions, application types, and time restrictions. By controlling the traffic for each device, the network administrator can ensure that no one device is hoarding the bandwidth and that only the proper network resources are being used. Resources can also be allocated based on device performance ensuring the performance of faster device types (e.g. 802.11n) are not negatively impacted by slower devices types (e.g. 802.11b).

Model specifications

Feature	Specifications
RF Management	In-band per IAP Spectrum Analysis Dynamic Channel Configuration Dynamic Cell Size Configuration Monitor radio for threat assessment and mitigation Wired and Wireless Packet Captures (including all 802.11 headers) Radio Assurance for radio self test and healing RF Monitor 2.4 & 5.0Ghz Honeypot Control – Increase available 2.4 & 5.0Ghz wireless device density through management of spurious 2.4 & 5.0Ghz association traffic. Ultra Low Power Mode – Maximize wireless channel re-use and increase wireless device density through tight power controls.
High Availability	Supports Hot Stand-by Array for mission critical areas
Environmentally Friendly	Supports ability to turn off radios based on schedule configuration
Wireless Protocols	IEEE 802.11a, 802.11b, 802.11d, 802.11e, 802.11g, 802.11h, 802.11i, 802.11j, 802.11n
Wired Protocols	802.11d, 802.11i, 802.11j IEEE 802.1q - VLAN Tagging IEEE 802.1p - Layer 2 Traffic Prioritization IPv6 Control – Increase wireless device density through control of unnecessary IPv6 traffic on IPv4-only networks.
RFC Support	RFC 768 UDP RFC 791 IP RFC 2460 IPV6 (Bridging only) RFC 792 ICMP RFC 793 TCP RFC 1122 Requirements for Internet Hosts - Communication Layers RFC 1542 BOOTP RFC 2131 DHCP
Security	WPA IEEE 802.11i WPA2, RSN RFC 1321 MD5 Message-Digest Algorithm RFC 2246 TLS Protocol Version 1.0 RFC 3280 Internet X.509 PKI Certificate and CRL Profile RFC 4347 Datagram Transport Layer Security RFC 4346 TLS Protocol Version 1.1
Encryption Types	Open, WEP, TKIP-MIC: RC4 40, 104 and 128 bits SSL and TLS: RC4 128-bit and RDA 1024 and 2048 bit
Authentication	IEEE 802.1x RFC 2548 Microsoft Vendor-Specific RADIUS Attributes RFC 2716 PPP EAP-TLS RFC 2865 RADIUS Authentication RFC 2866 RADIUS Accounting RFC 2867 Tunnel Accounting RFC 2869 RADIUS Extensions	RFC 3579 RADIUS Support for EAP RFC 3748 Extensible Authentication Protocol Web Page Authentication WPR, Landing Page, Redirect Support for Internal WPR Landing Page and Authentication Support for External WPR, Landing Page and Authentication
Channel Support 2.4GHz*	1 2 3 4 5 6 7 8 9 10 11 12 13 14 *All channel selections are based upon country code selections
Channel Support 5GHz*	Uni I - Non-DFS Channels 36 40 44 48 UNI I DFS Channels 52 56 60 64 UNI II DFS Channels 100 104 108 112 116 120 124 128 132 136 140 UNI III Non-DFS Channels 149 153 157 161 165 *All channel selections are based upon country code selections
Management Interfaces	Command Line Interface Web Interface (http / https) Xirrus Management System (XMS)
Management	SNMP v1, v2c, v3 RFC 854 Telnet RFC 1155 Management Information for TCP/IP Based Internets RFC 1156 MIB RFC 1157 SNMP RFC 1213 SNMP MIB II RFC 1350 TFTP RFC 1643 Ethernet MIB RFC 2030 Simple Network Time Protocol SNTP RFC 2616 HTTP 1.1 RFC 3636 Definitions of Managed Objects for IEEE Xirrus Private MIBs Integration with Splunk for accurate search and analysis of intra-organizational IT events Netflow Export v9 and IPFIX compatibility allows for IP traffic statistics collection	RFC 2665 Definitions of Managed Objects for the Ethernet Like Interface Types RFC 2674 Definitions of Managed Objects for Bridges with Traffic Classes, Multicast Filtering and Virtual LAN Extensions RFC 2819 Remote Network Monitoring Management Information Base RFC 2863 The Interface Group MIB RFC 3164 BSD Syslog Protocol RFC 3414 User-based Security Model (USM) for version 3 of the Simple Network Management Protocol (SNMPv3) RFC 3418 Management Information Base (MIB) for the Simple Network Management Protocol (SNMP)
Carrier Applications	Passport Certification

Part Number	Description
AOS-APPCON	ArrayOS Application Control module for 1 Modular Access Point

Click here for ordering information.