Recently I had the opportunity to visit the Enterasys Wireless Centre of Excellence in Thornhill, ON and take a tour of their WLAN solution compliments of @mikeleibovitz. I haven't really had a chance to do my own independent lab testing yet, but the visit itself was pretty interesting. Here are a few of the interesting points I was able to take away without actually doing any hands-on lab work:
OneFabric = Interesting
The wireless solution fits pretty well into the Enterasys OneFabric concept. Administrators can easily manage wired and wireless users from a single NMS administration console. By adding in the Mobile Identity and Access Manager (IAM), which is the Enterasys response to BYOD, you've got a pretty comprehensive mobility solution.
Pro - You don't need wall-to-wall Enterasys. They have tried to remain standards based (ie. RFC 3576) so most enterprise solutions should fit nicely into this type of setup. Obviously, the solution is more fully-functional if you do happen to run all Enterasys however.
Con - From what I saw, there are a lot of different boxes involved. You've got a box for NMS, a box for Mobile IAM, a controller, and possibly something that I've missed. I'm not sure if these are all easy to deploy or if the deployment can go south fairly quickly.
As stated above, this is the Enterasys response to BYOD. It is essentially a RADIUS proxy on steroids that is able to make use of additional contextual information to provide role-based access to wired and wireless devices. I was pretty impressed with the number of reportable attributes visible to Mobile IAM (something like 50 if my notes are right). This gives the solution a lot of choices when making contextual decisions regarding authorization.
Pro - Contextual awareness for wired and wireless devices, all controlled from a single management interface.
Con - It's still a RADIUS proxy which means it doesn't have the ability to create and manage credentials like Aruba's ClearPass solution does. Instead, it relies on existing backend RADIUS or LDAP to a somewhat larger extent.
Palo Alto Integration
Back in December of 2011, I created a video demonstration of Amigopod sharing username data with a Palo Alto Networks (PAN) firewall. It looks like Enterasys has built that functionality into their NMS product and have started expanding on that integration. For example, an administrator can see information regarding top application usage matched to users right from the NMS console, in real-time, and take action on that information immediately. I'm not sure how much more I'm allowed to share, so I'll just say that, if successful, Enterasys and PAN will have a much more robust, two-way integration with one another than mere username sharing. Very cool.
I'll close out my take-aways with a bullet list of random stuff that doesn't warrant a full write-up (at least not until I can actually test the gear out):
- No additional feature licensing on the controllers. Sweet!
- They offer a lifetime warranty on both the controller and the access points.
- The controllers have HA licensing and capacity built-in. So, if you by a box that supports 128 APs, it can, and will, actually support 256 APs in an HA failover situation.
- The newer 3x3:3 tri-radio access points will require 802.3at (The dual-radio 3x3:3 APs will use 802.3af.). I'm not sure if this is going to be an issue for them or not. Personally, I think the explosion of mobile phones and tablets makes 3x3:3 less important, but to each his own.
This is just a brief, high-level overview of what was discussed during my visit and should not be interpreted as a personal endorsement. Once I get my hands on some gear I hope to do a more technical write-up on some of the other topics discussed, such as: spectrum analysis capabilities, over-the-air packet capture, and other wireless networking table-stakes.
Overall, the solution and concept presented looked pretty promising. The integration between wired and wireless networks is, on the surface, impressive. I must admit, I hadn't really spent a lot of time looking at Enterasys in the past and I think it's their past lack of marketing initiative that has made them fall off people's radars. It'll be interesting to watch and see if Enterasys can become more visible in this highly-competive market.
Disclosure: I currently work for an Enterasys partner. That being said, I don't have any hands-on experience with Enterasys gear (wired or wireless).