The Digital Edge

Showing all posts tagged airheads:

The Rise of the Machine Learning Solutions

Published by Shaun Neal

Permalink



Heading into Aruba Atmosphere this year I was most excited to see Aruba’s new Niara solution in action and learn more about this product as it solves a very real need in every network. Inherently any network policy grants some sort of access to the network and users are free to work within the confines of that policy. Even using 802.1X-based authentication and dynamically provisioned VLANs, access roles, downloadable ACLs, etc. isn’t necessarily enough. Niara solves for these issues in an appealing way and lessens the workloads for SecOps teams.

Case #1: Stolen Credentials
A known valid user can operate within their policy, but what happens if they are compromised either through social engineering, weak passwords, poor password management, etc.? Niara builds a profile of what is typical behavior of a specific user, if their patterns change this will be identified by the system. Perhaps the user starts attempting to access new areas or is visiting new websites—by a change in behavior, it is possible to identify a need for a change in policy, alert the SecOps team, or eventually automate remediation or lockdown of the user. Comparing to a baseline as well as other similar users gives Niara a frame of reference for the user under evaluation.

Case #2: Malware and Viruses
Both malware and viruses are capable of changing the behavior of network attached clients, while numerous tools already exist to help combat these Niara could serve as a welcome tool to identify and isolate infected clients or in a perfect world learn about how a Day Zero Attack might attempt to compromise the network and automatically harden the network in anticipation of this attack. The combination of these capabilities along with Aruba’s open APIs using Aruba’s Exchange offers some very interesting possibilities by enabling the collection of data from ecosystem partners with a greater speciality in the malware and virus arena. Imagine a world in which your firewall vendor has detected a new type of malware, shares that data with Aruba ClearPass and Niara via APIs, syslog, SIEM, or other similar routes and then the network automatically reacts to prevent the spread of that malware at the same time you are being notified.

Case #3: Software Bugs/Anomalous Behavior
If an application is updated and begins to operate differently on the network, Niara can identify this and enable teams to understand the new behavior. New behaviors deemed as risky can be mitigated against and feedback can be provided to the company’s development team. A specific example of this was provided at the conference in a popular file share company who’s update generated unwanted traffic on the network. Niara’s machine learning was able to identify and allow this undesirable behavior to be stopped.

Aruba, a Hewlett Packard Enterprise Company opens the door to a world of possibilities with the addition of machine learning and extends those capabilities elegantly through their open architecture in Aruba Exchange. I would anticipate that this field of machine learning is going to explode in the networking world as IT teams are facing increasingly difficult security challenges and are being asked to do more with less people and less resources. Automation of detection and defense should be able to solve 75-80% of the issues out there, enabling IT to focus on the most challenging and highest value problems out there.

, , , , , , , , , , , , , ,

Investing in Others

Published by Shaun Neal

Permalink


February is an exciting month this year as there are two of my favorite conferences held back to back weeks—Wireless LAN Pros Conference in Phoenix, AZ and then Aruba Atmosphere in Nashville, TN. This year I have opted to present at the WLPC conference on the WLAN Engineer’s role in Digital Disruption and was invited to participate in the Tech Field Day live panel for Atmosphere. I have allocated a portion of my weekends in preparing for these events to ensure that I do my best and that the group benefits from the time that I have been allocated. Despite this being my third year doing these events, I am always amazed how much I learn from preparing to teach others. My goals for these two events for this year are the following:

Keeping it Simple
We have a varied demographic at these events, so one of my goals is to explain the content in a simple way without “dumbing it down". I’ve found this to be a great source of my own personal learning as I need to ensure that I fully understand the topic first to do so without destroying what it is that I am trying to get across.

Share Perspective
Everyone that attends these events comes from a different background and has their own life experiences that contribute to their value base and their viewpoints. I strive to share my perspective in my presentations and when I have the opportunity to field questions or discuss the content, learn from others perspectives.

Challenge Others
My first presentations were the result of Keith Parsons challenging people to step up and share. There are guys who present on some amazing technical material and it can be intimidating, however real world experience is what these conferences are all about and sharing experiences either through a presentation, through the questions that get asked, or even social discussions at the bar are welcome.

I look forward to the discussions ahead and both sharing with and learning from the other attendees.

, , , , , , , ,

Designing Wireless Networks for Clinical Communications

Published by Shaun Neal

Permalink

Healthcare presents one of the most challenging wireless environments in today's networking world. The unique blend of critical network applications and expectation of high speed ubiquitous wireless access for everyone is challenge enough and then numerous devices are layered on top. Clinical communications are critical to providing a high quality of care and has become an especially challenging environment to plan for. This post is intended to offer some guidance in designing these networks.

The Emergence of the Smartphone as a Clinical Communications Tool

Smartphones are joining the healthcare scene at increasing rates, companies such as Voalte, Mobile Heartbeat, PatientSafe and Vocera are bringing new features and functionality to market and are transforming communications at the point of care. These devices are typically either Apple iPhones or the Motorola MC40, however plenty of other variations exist. Each of these phones have numerous differences in how they behave. This differences vary from when they roam to how they handle packet loss, etc.

Access Point Transmit Power

In preparing to design for a clinical communications network a desired endpoint should be known. In almost all cases, Smartphones tend to have lower transmit power than what most admins are used to. As a result, we are designing wireless networks with transmit power of 10-12dBm rather than 14-17dBm as many legacy networks were built. This reduction in access point transmit power drives up the number of access points required to cover a facility by 25-50% depending on construction.

Data Rates

Disable lower data rates to reduce network overhead and functional cell size.

Access Point Placement

Fast roaming is critical to the performance of Voice over WiFi and for Smartphones this typically means leveraging 802.11r and 802.11k. Understanding how these protocols work and their impact on roaming is essential for success of any network being designed to support clinical communications. As a wireless engineer tasked with this design, the goal is to create small, clearly delineated cells with enough overlap to facilitate the roaming behavior of these mobile devices. If designed poorly, 802.11k can be a detriment to device roaming. Some general guidelines to follow:

  • Access points should be mounted in patient rooms and out of hallways whenever possible
  • Leverage interior service rooms to cover longer hallways--clean storage, food prep, case management offices, etc.
  • If you must place an AP in a hallway
    • consider planning to use short cross unit hallways rather than the long hallways wherever possible
    • consider using alcoves to your advantage to reduce the spread of the RF signal
  • Leverage known RF obstructions to help create clean roaming conditions that favor 802.11k
  • Overlap may need to be as much as 20% due to roaming algorithms in the smartphones
  • Pay attention to the location of patient bathrooms, facilities where these rooms are in the front of the patient room (near hallway) offer far more challenges than those where it is in the back of the room
  • Stagger APs between floors such that they are not vertically stacked on each other

Voice SSID

Configure for a single band whenever possible - you'll find that some vendors are still only comfortable with 2.4GHz. From experience this can work, but is not without issues either. As a general rule, I recommend using AppRF to view the applications using the SSID and prioritize them properly. Smartphones are always talking via multiple apps on multiple ports and this should be accounted for.

All Apps Are Not Created Equal

Certain mobile communications apps are simply not ready for the demands of a healthcare environment. Take the time to understand exactly how these apps are being used, on multiple occasions I've seen perceived "dropped" calls as an app issue rather than anything to do with the wireless network itself.

Test, Test, Test

This is still a relatively new application for Voice over WiFi and it will require effort to get it right. Extensive testing is typically needed to get these deployments 100% dialed in. Tuning from AP placements to transmit power tweaks should be expected to some degree.
, , , , , , , ,

© 2025 The Digital Edge.


Theme inspired by Fabthemes | Powered by Postach.io

Shaun Neal

Shaun Neal

Technical blog sharing my thoughts on the state of the industry, especially as it pertains to location-enabling wireless, security and the Internet of Things. Posts and opinions here are my own and do not necessarily reflect those of my employer.

Latest Posts

Tag Cloud