Security has become one of the greatest concerns for every company alike. The industry is moving towards a fast paced and customer-oriented network infrastructure which automatically increases the vulnerabilities a network is exposed to. As the industry today is driven by the customer and network administrator’s visibility and needs for their network infrastructure, security tops the charts when it comes to the major requirement. Let’s face it, everyone wants a robust and secure solution.
So, what are some of the major questions raised for any network by a customer when we talk about visibility and security.
Application visibility: How accurately can the system identify specific applications?
Flow tracking: Can the system accurately report on the specifics of a particular traffic flow?
Encrypted traffic visibility: Can the system identify threats in encrypted traffic without need to decrypt the traffic?
Miercom conducted an independent competitive analysis of leading wireless infrastructure packages – Wireless Controllers and their corresponding Access Points. Cisco Catalyst 9800 was competing against the latest offerings from HPE-Aruba, Ruckus Networks and Huawei Technologies. Cisco Catalyst 9800 Wireless Controller offers a blend of Cisco network leadership with Cisco RF innovation. Catalyst 9800 Wireless Controller is built on top of Cisco’s RF excellence & wireless innovations along with Cisco IOS XE-a modern, programmable and modular operating system which satisfies the requirements for next generation Wireless controller which is robust and secure. Miercom also reviewed aspects of security offered by different vendors. When comparing these products and the features they offer, they did take into consideration other, often optional, security-oriented packages that the vendor offers, which would run on servers elsewhere in the user’s network, typically in a secure, central data center.
When we look at different Vendors for Application identification, Cisco was consistently accurate. It could identify apps including Jabber, Netflix, Dropbox, and YouTube without a single glitch. Cisco was able to dive deeper into data packets with its DPI (Deep Packet Inspection). Only Cisco correctly identified WebEx as a separate audio-video application and CNN Live Video with Akamai as the actual video source, offering more granular control. Aruba was able to identify many applications too like Jabber, Netflix, Dropbox, and YouTube – as well as specific web sites but some applications like WebEx were incorrectly identified too. On the other hand, Ruckus had incorrect identification on many applications. Ruckus offers no DPI and application identification was hit or miss. Huawei has its own limitations when it comes to application identification and DPI.
Another security-based test Miercom conducted was to see whether the system could accurately track and report flows (e.g. large file movements). Cisco excelled in flow tracking as well. Applications were detected immediately with the accurate amount of data passed for that application. Contrarily, Aruba reported application activity long after transmission began and showed considerably less data transmitted than actually sent. Also, Ruckus reported application activity long after transmission began and the User Interface showed much less data transmitted than actually sent. On the other hand, Huawei seems to report application activity accurately, unless monitoring is started after the transfer already began which leads to delayed reporting of application activity.
Cisco is way ahead in the competition in terms of Encrypted Threat Analytics. Cisco Wireless Controller also successfully detected malware, trojans inside encrypted traffic. All the other vendors do not support detection of threats from encrypted traffic.
Cisco stands out as the only vendor which satisfies all visibility and security requirements. Cisco Effectively detected threats in encrypted traffic. Additionally, Cisco outperformed its competitors in tests for flow-tracking accuracy, application identification, multi-level segmentation and threat detection with encrypted traffic which clearly makes Cisco the winner of the security race.
Miercom is an independent third-party testing and certification company. Please download complete Miercom report here.
... View more
In today’s world where business needs to be up and available 24X7, one of the major challenges faced by a lot of companies is the seamless uptime of their network infrastructure. Any company’s primary focus is always on keeping its infrastructure ready for the customer round the clock without any service interruptions. This is where High availability comes into play. “High availability” implies that immediate and ongoing access is offered all of the time. It is necessary to provide a true next-gen Wireless solution where the network is prepared for planned or unplanned events and has zero downtime.
Cisco has in its latest offering ‘The Catalyst 9800 Series of Wireless Controllers’ which is by far the best product in the industry, a one stop high availability solution which includes system uptime during both planned downtime like bug fixes, system software upgrades, on-boarding new AP model hardware, software feature upgrades as well as unexpected failure of the wireless controller or network connectivity, without any service interruptions.
Miercom was engaged in conducting an independent competitive analysis of leading wireless infrastructure packages – Wireless Controllers and their corresponding Access Points. Cisco Catalyst 9800 was collated with the latest offerings from HPE-Aruba, Ruckus Networks and Huawei Technologies.
In terms of High availability, Miercom verified and reported that in Cisco’s Catalyst 9800 offering, bug patches (SMU-Software Maintenance Update) can be installed live on Wireless Controller or AP while the wireless infrastructure is still in production environment; there is no impact on wireless service availability or system operation. In the case of Aruba and Ruckus, patching of Access points or wireless controllers is not supported. Rather, bug patches have to be applied as a whole system upgrade, which necessarily involves down time. Also, Bug fixes can be installed on Huawei wireless controllers without down time.
Similar to bug fixes, software changes and/or reconfigurations are applied to activate new features. One such feature enhancement is updating the application signature database. Cisco handles feature enhancements smoothly without down time or interruption to system operation as compared to other vendors. Aruba has “service modules” for applications, which allow for enhancements to be applied and configured with no disruption or downtime. Ruckus and Huawei require a full system upgrade to support feature enhancements. It is a disruptive process, as it involves a wireless controller reboot.
Onboarding a new AP model is an essential part of a wireless network as newer Wi-Fi standards like Wi-Fi 6 offers greater speeds and features. On boarding new AP hardware often requires an entire system software upgrade disrupting services and impacting users. Cisco outperforms its competition on this front as well by Installing new AP device pack on the existing wireless controller software seamlessly. Aruba requires a system reboot to support new AP model hardware. Ruckus, on the other hand offers separate AP images which are de-coupled from the wireless controller software, so a new AP can be added without disrupting wireless service. But all AP images are not available for the latest wireless controller software.
Installation of a new system software release in a system upgrade is a little bit complicated. To do this without interrupting availability, a secondary standby system is usually first upgraded, then control is shifted from the primary to the standby. The other controller becomes upgraded. With Cisco’s intelligent RRM based rolling AP upgrade, the entire system was upgraded with new software with zero downtime and with automated operation. Aruba requires a second high-level Mobility Master package for the same process, which adds more touchpoints and cost. But the other two vendors have a very disruptive way of doing system upgrades which requires downtime.
When it comes to an unplanned event like controller failover, Cisco can do better than most of the vendors out there. In the event of Active controller failure, the Standby assumes control as the Active within sub-second, with no interruption to AP, clients and services. All the other vendors fail to achieve the same level of uninterrupted transition.
Cisco Sustained high-availability when other vendors couldn’t and claims victory overall. The catalyst 9800 proves that it offers a complete package of features and capabilities when it comes to High availability. For more details click here to download comprehensive Miercom report
... View more