ARUBA WIRELESS NETWORKS UNVEILS MAJOR WI-FI BREAKTHROUGHS

New Wi-Fi Switch Technology Lets Corporations “Lock the Air,” Enable Mobile Firewalls and Build Self-Calibrating, Self-Healing Wireless Networks

SAN JOSE, California – January 21, 2003 – Backed by Matrix Partners and Sequoia Capital, a new wireless networking startup, Aruba Wireless Networks, today revealed major advancements in Wi-Fi switching technology. These advancements let corporations, for the first time, lock the air against intruders, enable high-speed mobile firewalls that follow users, and construct self-calibrating Wi-Fi networks. The world’s first public demonstration of the new Wi-Fi technology was held last week in New York City (see related release).

At the heart of Aruba’s invention is patent-pending hardware and software technologies that solve mobility, security and deployment problems preventing the wide-scale adoption of Wi-Fi by corporations. Aruba has integrated the technologies into a new Wi-Fi system, to be delivered later this year, that acts as an intelligent, centralized switching system for wireless services within a corporation.

Back to the Future

“The evolution of wireless LANs is nearly identical to traditional wired networks before hubs and switches,” said Gemma Paulo, senior analyst at Cahners Instat. “Back then, there was no real way to centralize management or troubleshoot networks. The introduction of intelligent hubs and switches led to a new switched architecture that catalyzed the industry. We are now at that same inflection point in the wireless world.”

Aruba’s new Wi-Fi switching system is the first to combine wireless network access and sophisticated air monitoring with high-speed Gigabit Ethernet switching and higher-layer packet processing technologies. In contrast to multi-switch and appliance alternatives, Aruba’s WLAN switching system provides a centralized control point for thousands of wireless users. With it, corporations can radically simplify and reduce the cost to deploy, manage and upgrade wireless LANs.

“This is the Wi-Fi system that enterprise customers have wanted,” said Merv Andrade, Aruba’s director of Security and Technology, a key contributor to the IEEE 802.11i security task group and former technical lead of Cisco’s Wireless LAN Business Unit. “Our technology not only interoperates with current Cisco wireless and other heterogeneous environments but adds significant value in critical areas such as securing airspace, centralized control and self-calibration of 802.11 networks.”

Wireless Intrusion Prevention Locks the Air, Prevents Rogue Access Points

Rogue access points present a particularly nasty challenge to corporate security as they can be plugged into any point in the wired network and end up compromising the security of the entire wired network. With Aruba’s wireless intrusion prevention, enterprises not only detect rogue access points but also prevent users from connecting to them. By constantly monitoring and locking the air around the clock, corporations can now automate their current manual rogue detection process while proactively protecting the security of its wireless LAN environment.

“Today’s WLAN architecture is inherently insecure at multiple levels with no real comprehensive security solution available,” said Keerti Melkote, co-founder of Aruba Wireless Networks. Pankaj Manglik, co-founder of Aruba Wireless Networks added, “Wireless security is a multi-faceted problem that requires a holistic approach that protects the network, the traffic and the air space together. We’re delivering all of this protection within a single system that centralizes control and simplifies upgrades.”

Mobile Firewalls Protect the Wireless User, Make Security Upgradeable

In addition to protecting the air, Aruba’s switching system creates a private switched connection per user over the air. Unlike today’s shared access points that effectively create a party line over the air, Aruba’s switch isolates individual users’ traffic and authenticates users over their individual switched connections using standard schemes such as 802.1X. Once authenticated, the switch applies unique per-user stateful firewall policies to ensure that the user has access only to resources that they are authorized for in the network.

“Security is a process, not a product,” said Roger Pruitt, assistant vice president of Network Services for MFS Financial in Boston. “Aruba is making it much easier to evolve wireless security now, even as standards evolve, with a centralized deployment model.”

In contrast to conventional corporate Internet firewalls that apply stateful policies to aggregated traffic on the WAN connection to the Internet, mobile firewalls apply stateful policies on a per-user basis, move with the user and operate at very high speeds since they are applied at the LAN edge. Mobile firewalls also integrate standards based encryption methods such as IPSEC and IEEE’s recently approved Wi-Fi Protected Access (WPA) scheme within the WLAN switch so corporations can ensure that users’ traffic is encrypted securely.

With the WEP (Wired Equivalency Privacy) protocol badly broken, corporations have chosen to use IPSEC-based virtual private network (VPN) technologies to ensure privacy, but have run into scalability issues due to the limited horsepower of the VPN concentrators. In addition, current VPN solutions are not optimized for mobile access as the VPN sessions die when users move through the network.

And while IPSEC and WPA address many of the problems inherent to WEP, corporations are still faced with a migration challenge of moving to newer security methods as they evolve. Migration to new security schemes with current distributed access point architectures result in high operational and maintenance costs and a painful upgrade process that often results in wholesale replacement of individual access points. With Aruba’s centralized WLAN switch architecture, corporations can eliminate these costs and streamline upgrades without having to touch access points.

Aruba’s WLAN switch’s built-in hardware encryption engine scales to the high speeds needed on a LAN while keeping these encrypted tunnels alive as users move across the network. Since it is standards based, this solution also eliminates the need to use proprietary VPN solutions and makes the administrative job of the IT manager much easier.

Self-Calibrating Wireless LANs Make Plug and Play Wi-Fi Now Possible

Today, deploying wireless LANs is a static, time-consuming and operationally expensive process. Before installing Wi-Fi networks, companies must hire personnel to conduct extensive site surveys to determine how and where to best deploy wireless LAN equipment. Once deployed, companies have no means by which capacity can be dynamically added or load shifted as users move around or failures occur. Aruba’s new Wi-Fi technology now enables companies to automate these processes.

With Aruba’s new Wi-Fi technology, sophisticated deployment and coverage maps based on pre-defined inputs can be generated with automated site survey capabilities integrated within Aruba’s switching system. Aruba’s technology also lets companies add capacity on-the-fly as coverage areas are overloaded. The technology detects failed or overloaded access areas and dynamically reconfigures the network to compensate so there is no loss of Wi-Fi coverage. This automatic distribution and balancing of traffic loads across the Wi-Fi network ensures that adequate network performance and reliability is achieved for all users.

-30-