Security | News

Aruba Offers Network Service for Bringing Apple Devices into Fold

• By Dian Schaffhauser
• 03/26/12

Aruba Networks is demonstrating a new technology that enables people to go across IP subnets with their Apple devices to find and use services as easily as they can on their personal networks. It will also allow users to perform self registration of devices such as printers, Apple TVs, Wi-Fi projectors, and Wi-Fi televisions and to group them into personal, shared, and location-based service groups. The technology, named AirGroup, will surface in the company's ClearPass Policy Manager and ArubaOS mobility software. The latter will be enhanced with discovery and awareness of multicast DNS (mDNS) services such as AirPlay, AirPrint, and iTunes.

mDNS is a draft standard to provide a scheme for enabling users working in small or personal networks to have DNS-like operations without having to configure them or even have networking infrastructure present. Apple uses it in Bonjour, a service for discovering other services and devices on the same local network. A limitation of mDNS is that enabling service discovery across different IP networks can degrade network performance by producing a flood of discovery traffic with no real filtering of services.

AirGroup will give IT organizations a mechanism for delivering these services in a more structured way consistent with network access control policies. It will coordinate with Aruba's ClearPass in order to enable policy-based access to mobile devices based on user role and location. For example, a faculty member in a lecture hall would be able to pull up a presentation on an iPad connected to one network and then display it through Apple TV onto a large screen that's part of another network. At the same time, AirGroup could prevent students in that same space from gaining access to the Apple TV through their devices. Facilitating that requires filtering activities by user and crossing IP subnet borders, which Bonjour doesn't do.

AirGroup will also help users find printers in their proximity through their Apple devices.

In a statement Aruba said the key benefits of AirGroup are:

• Context-based access control, which takes the end user's role, mobile device type, and location into account before the services are made visible to his or her mobile device;
• Self-registration of services to help the end user or IT person register available services and define user- and location-based access privileges; and
• Easy installation that doesn't require any changes in the existing Aruba network infrastructure.

According to the company, the primary impetus for developing the technology came from a university customer. John Turner, director for networks and systems at Brandeis University, said his campus has 2,000 access points and serves about 6,000 clients running 10,000 unique devices. There's an expectation, he said in a video, "that the network will be there. If we do our job best, nobody knows we exist, nobody knows the hard work we put into it."

The biggest barrier his IT team is facing, he noted, is getting technology on campus to work as easily for users as it does in their homes. "The most common thing we hear today is, 'When I'm at home, it just works.' And they just want it to be like that now. So our challenge is to continue to grow to make those devices work like they do at home, to ensure that that edge ecosystem with wired and wireless devices is seamlessly connected."

AirGroup will help the university to support those "invisible" connections. "Imagine 50 students with 150 wireless devices and 25 Apple TV receivers, all within range of each other," Turner said. "Ensuring that each user gets what they want, and only what they want can be complicated. Aruba's AirGroup solution allows us to turn these services on for our users, individually or as groups, based on their role, device, and location, giving them a personal network experience without overwhelming the network."

More information is available at community.arubanetworks.com and in a technical whitepaper from the company.