Home

Akibia Spotlight

Check Point's Powerful SSL-VPN Capabilities Enhanced

Nokia Enhances Security Portfolio with IP390

Secure & Accelerate Your Business with Blue Coat

Your Reputation Precedes You: The Future of E-Mail Reputation Systems

Scaling Protection: The Network Now Plays a Roll in LAN Security

Compliance, NAC, VoIP & Others Require Next-Generation Network Infrastructure

The RSA Security PCI Solution

Solving the Entitlement Reporting Challenge

Case Study: Paragon Biomedical Secures Clinical Data via TippingPoint IPS

Achieving Compliance Nirvana

Voice on the Mobile Edge

Better Visibility for More Efficient Compliance

Best in Class HIPS Solutions for Best Practice Endpoint Security

Akibia News

Akibia Partners

Contact Akibia

 

 

Voice on the Mobile Edge
By Peter Thornycroft, PRODUCT MANAGER - ARUBA NETWORKS

 

The fixed edge of the enterprise network is giving way to a new 'mobile edge' - a new way of connecting users to information. The mobile edge transcends the enterprise network perimeter, appearing wherever the user needs access to information - on the campus, in a regional or branch office, at retail outlets, at home and on the road.

On the mobile edge, voice is a critical service. Combining VoIP and mobility in a voice-over-Wi-Fi (VoFi) service provides all the mobility benefits of cellular with the cost savings of VoIP. However, new voice-over- Wi-Fi phones require full roaming capabilities and stress the mobile edge as never before. This is because VoFi phones are always switched on, require continuous connection to the network and can tolerate only the shortest gaps in service during handoff.

In addition, current VoFi handsets bring new security challenges to WLANs for two primary reasons. First, they require secure, fast handoffs, two often opposing goals. Second, currently available handsets have limited authentication functionality, requiring the network to adapt to their shortcomings. Thus a WLAN supporting voice services offers more opportunity for hackers than a data-only WLAN.

The mobile edge architecture offers unique features for supporting converged services. It centralizes both security and mobility, enabling the fastest handoffs between access points and other networks, and the most secure treatment of voice traffic.

The mobile edge also provides intelligent controls for reliable and secure delivery of voice, data, and video services to the mobile workforce. These controls include:

  • Call admission control to limit the number of voice calls on a single access point.
  • Bandwidth control to limit the amount of bandwidth lower priority devices can use.
  • Quality of service to ensure that high-priority traffic such as voice receives preferred treatment in the network.
  • Stateful inspection of voice flows to ensure the voice network does not make the data network vulnerable to attack.
  • Flexible authentication methods to allow less secure handsets network access without jeopardizing overall network security.
  • End-to-end encryption to ensure confidentiality over the air and across the wire.
  • Seamless roaming and voice-aware RF management to prevent loss of voice quality.

Voice is a very attractive service to offer on the mobile edge, as it enables VoFi handsets similar to cellphones, but as extensions on the enterprise IP PBX, without the usage fees of cell phones. However, voice service stresses conventional WLANs in several ways.

Aruba Networks' mobile edge architecture is uniquely suited for voice service. It offers the strongest possible security, as it is identity-based, applying role-based policy to each flow based on the device and user. This makes it possible to restrict network access for less capable devices that are more easily exploited by intruders. Because Aruba's mobility controller has both the security and the QoS context of each user, it can use these contexts to follow handovers from AP to AP through the network, maintaining control of security and QoS while enabling seamless mobility with fast handoffs.