Enabling AirPrint & AirPlay on Your Network

50 %
50 %
Information about Enabling AirPrint & AirPlay on Your Network
Technology

Published on March 20, 2014

Author: AirheadsSocial

Source: slideshare.net

Description

Airheads Conference 2014

Enabling AirPrint and AirPlay on your Network March, 2014

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Agenda • Zeroconf Networking and Challenges • Aruba Technology Solution • Design, Build & Run • AirGroup in Distributed Networks • Scaling, Troubleshooting and Best Practices • New AirGroup Enhancements • Q & A

3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Zeroconf Networking and Challenges

4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Zeroconf: Overview • What is Zero Configuration Networking? • Apple Bonjour • Description of Protocols – IP Address Auto configuration – Multicast DNS (name resolution without DNS) – Service Discovery • DLNA/UPnP – Digital Living Network Alliance – Universal Plug and Play – Simple Services Discovery Protocol (SSDP)

5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf mDNS • Used by Apple’s Bonjour implementation of Zeroconf • Absence of a DNS Server – Perform DNS queries via IP Multicast – Does not require any changes to the DNS Protocol (messages, resource record types, etc.) • Multicast DNS Queries – Uses the destination address 224.0.0.251 – Destination port: UDP 5353 – When a machine receives a response to a query, other machines on the network receive the response too and can add it to their own caches for future use.

6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf SSDP • Used by DLNA’s UPnP – Based on HTTPU – Uses HTTP NOTIFY and M-SEARCH messages • SSDP queries – Uses the destination address 239.255.255.250 – Destination port: UDP 1900 • UPnP servers, renderers and control points Overview Function UPnP Bonjour Discovery protocol SSDP mDNS To advertise services HTTP NOTIFY mDNS response To find services HTTP M-SEARCH mDNS query

7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Bonjour in the Enterprise? L2/L3 Aruba Mobility Controller SSID 2 (VLAN 10) SSID 1 (VLAN 20) Does not work across VLANs Increased channel utilization with multicast traffic No filtering of services

8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Technology Solution

9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Bonjour in the Enterprise with AirGroup L2/L3 Aruba Mobility Controller SSID 2 (VLAN 10) SSID 1 (VLAN 20) Bonjour across VLANs Reduced channel utilization Services can be filtered

10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enabling Bonjour across VLANs 1. Everybody sees everything • Enabling Bonjour across VLANs has opened up the Pandora's box 2. Lack of Security • Why would my personal device be visible to others? • How do I assign a device to be a common resource? • Why do I get need to know about a printer that is across the campus? AirGroup Benefits: • Context aware access control • Personalized AirGroup experience • Ease of installation

11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Aruba Mobility Controller/Instant Intercepts queries and builds cache table Acts as a ‘proxy’ for user requests, unicasts response VLAN Bridging Traffic optimization over the air Allow/Block services globally

12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Value Add with CPPM Registration portal for end users to register their personal devices (Apple TVs, Printers) Registration portal for network administrators to register shared devices (conference room Apple TVs, Printers) Define a “personal AirGroup” by specifying a list of users to share devices with. Define role and location attributes for shared devices. Time fencing for shared devices ClearPass

13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Putting the pieces together.. AirGroup Solution Architecture Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Mobility Access Switch Instant 11n Access Point Campus 11n Access Points Mobility Access Switch Mobility Controller

14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 1: Interactive K12 Classroom with AirGroup Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Teacher Students 1. Teachers share content using the Apple TV 2. Students can share & collaborate using the Apple TV 3. Users outside this classroom cannot use this Apple TV

15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 2: Restricted Access University Classroom with AirGroup Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Teacher Students 1.Only Professors share content using the Apple TV 2. Students cannot use this Apple TV 3. Users outside this classroom cannot use this Apple TV

16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 3: All Wireless Office Conference Room with AirGroup Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Employee Guest 1. Employee has access to the conference room Apple TV 2. Employee shares the Apple TV with guest for a limited duration 3. Guest is able to use Apple TV

17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 4: Personal Device Access in University Dorms Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Student 1Student 2 1. Only Student 1 can access his personal printer and Apple TV 2. Student 2 cannot use Student 1’s personal devices 3. Student 1 can share his devices with Student 2

18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 5: Common Device Access in a Retail Store Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Employee 2Employee 1 Shopper 1. Employees can engage with visitors using Apple TV and use print services 2. Visitors/Shoppers cannot use in-store devices

19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 6: Per-Building Access in a Campus Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Users in the building can use services within the building Campus 1 Building 1 Campus 1 Building 2 Campus 1 Building 3

20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Case 7: Per-Floor access in a Hospital Network Core / Data Center Aruba Mobility Controller Aruba ClearPass Policy Manager Other operations systems Aruba AirWave Network Manager Only doctors and nurses in ER get access to services Floor 3 – General Patient Care Floor 1 – ER Doctors, nurses & patients on level 3 get access to services

21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Design, Build & Run

22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Deployment Model • Supported AirGroup deployment models • Overlay model not supported Single controller Multiple Controllers AirGroup Domain 1 AirGroup Domain 2 IAP Multiple IAP Clusters AirGroup Domain 1 AirGroup Domain 2 AirGroup Deployment

23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Deployment Model 1. The same mobility controller that terminates all APs and provides WLAN access runs AirGroup functionality too. 2. Trunk the VLANs, where wired devices like printers are connected, to the AirGroup controller. 3. Can operate with or without Clear Pass Policy Manager.

24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Clusters and Domains

25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf User Device Registration Portal with ClearPass User logs in using the AD credentials Device View from a user/admin perspective AP Mobility Controller ClearPass (Guest & PM) CPPM helps in providing a filtered mDNS response to users and reduce noise.

26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Personal Device Registration What is the name of the Device? What is the MAC of the Device? Who else can use my “personal device”? -username Logged in as “Student 1”

27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Common Device Registration based on User Name, Role or Location Logged in as “Network Admin” Who can use the device form – “location context”? - AP name, AP mac, AP-Group Which users can see the device– “shared with”? - usernames Which user group can see the device – “user role”? - User role

28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Operation – Location Based Device Sharing AirGroup servers can be shared based on the following location attributes: 1. AP Name 2. AP Group 3. AP FQLN

29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Operation – Location Based Device Sharing 1. Based on AP Name Building Floor 1 AP2 AP1 2. Based on ARM, AP2 is an RF neighbor 1. On ClearPass registration portal, share the AirGroup printer with AP1 3. iPhone associated to AP2 can now see AirGroup printer associated to AP1

30 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Operation – Location Based Device Sharing 2. Based on AP Group Campus Building 2 Building 4 Building 3 Building 1 AP Group 1 AP Group 4 AP Group 3 AP Group 2 AirGroup services restricted to each building

31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Operation – Location Based Device Sharing 3. Based on AP FQLN FQLN = <ap-name>.<floor>.<building>.<campus> AP1 Building Floor 1 AP1 AP1 Building Floor 2 Building Floor 3 FQLN = AP1.Floor 2.1344.Aruba FQLN = AP1.Floor 3.1344.Aruba FQLN = AP1.Floor 1.1344.Aruba Apple TV associated to AP1 4. iPhone on Floor 2 is associated to AP1 on Floor 3 1. On ClearPass registration portal, share Apple TV with FQLN = AP1.Floor 2.1344.Aruba 2. Users associated to AP1 on Floor 1 can see the Apple TV 3. Users associated to AP1 on Floor 3 can see the Apple TV AP2 FQLN = AP2.Floor 2.1344.Aruba

32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Controller Configuration Require CPPM Device Registration AirGroup Enabled CPPM Server AirGroup CoA Update

33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup ClearPass Configuration.. CoA Update Port must match!

34 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ..AirGroup ClearPass Configuration ClearPass reads the controller configuration

35 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup ClearPass Configuration Controller Information used for AirGroup DeviceRegistration

36 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup in Distributed Networks

37 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Single IAP Cluster mDNS packet (AirPrint service) mDNS packet (AirPlay service) Database P1 Air Print TV1 Air Play mDNS, AirPlay service multicast query mDNS, TV1 service unicast response LAN AirPrint printer (P1) SSID: VLAN1 SSID: VLAN2 Apple TV (TV1) IAP 1 IAP 3IAP 2 Database P1 Air Print TV1 Air Play Database P1 Air Print TV1 Air Play ROLE: VLAN2 SSID: VLAN3

38 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Single IAP cluster with CPPM Server mDNS packet (AirPrint service) mDNS packet (AirPlay service) LAN AirPrint printer (P1) SSID: VLAN1 SSID: VLAN2 Username: X Servers discovered: P1 and TV1 Apple TV (TV1) IAP 1 IAP 3IAP 2 SSID: VLAN3 CPPM Policy Enforcement P1 is shared with X and Y TV1 is shared with X SSID: VLAN2 Username: Y Servers discovered: P1

39 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Multiple IAP Clusters Database sync every 2 minutes Swarm 1 Servers P1 AirPrint TV1 AirPlay Swarm 2 Servers P2 AirPrint TV2 AirPlay Swarm 1 Servers P1 AirPrint TV1 AirPlay Swarm 2 Servers P2 AirPrint TV2 AirPlay VC VC IAP 1 IAP 3IAP 2 IAP 4 IAP 6IAP 5 Router AirPrint printer (P1) SSID: VLAN1 Apple TV (TV1) SSID: VLAN3 SSID: VLAN2 AirPrint printer (P2) SSID: VLAN4 Apple TV (TV2) SSID: VLAN6 SSID: VLAN5

40 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup UI • Navigate to Settings -> Advanced settings -> AirGroup

41 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf CPPM Server Configuration AirGroup CoA port – This can’t be standard CoA port as it is used by Auth/STM server already. CoA only – This server is only to get CoA packet, this server wouldn’t be used for MAC-Authorization.

43 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Three ways to discover wired AirGroup servers: 1. Trunk all VLANs to the AirGroup controller 2. Configure a Tunneled Node between MAS and AirGroup controller. 3. Configure an L2 GRE tunnel and redirect mDNS packets across the tunnel. AirGroup on 3rd party switches: • Trunk VLANs to the AirGroup controller AirGroup on the Mobility Access Switch

44 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Scaling, Troubleshooting and Best Practices

45 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Impact of Broadcast Controls on AirGroup Two broadcast control knobs: • Broadcast-Multicast (BCMC) Optimization: VLAN specific • Broadcast-filter-all: VAP specific – When AirGroup is enabled, mDNS exceptions are automatically created to bypass above knobs. – Enabling the above controls does not affect AirGroup functionality.

46 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup Scalability Limits • AOS 6.3/6.4 Platform limits: • In an AirGroup domain, the total number of AirGroup users and servers is bound by the platform limit of the top-end controller. • Hard cap on the scaling limits • Scaling limits were defined based on CPU and memory utilization on the controller: o o (7210) # show airgroup internal-state statistics AirGroup Server and User Limits in Controllers 3200X M 3400 3600 M3 7210 7220 7240 # AirGroup servers 500 1000 2000 2000 2000 2000 2000 # AirGroup users 1500 3000 6000 6000 9000 12000 16000 mDNS Packet Rate Limits in Controllers 3200 3400 3600 M3 7210 7220 7240 mDNS packets received per second 10 10 20 20 20 25 30

47 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf How to Measure AirGroup Traffic.. • Before enabling AirGroup 1. If administrator is permitting AirGroup traffic  ! ip access-list session mdns any any udp 5353 permit ! To see ACL hits: (poc-campus-mc1) #show acl hits | include mdns 2. If administrator is denying AirGroup traffic  ! ip access-list session mdns_deny any any udp 5353 deny !  To see ACL hits: (poc-campus-mc1) #show acl hits | include mdns_deny

48 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ..How to Measure AirGroup Traffic Steps to calculate the number of mDNS packets hitting the controller: 1. Run the show acl hits command once (say at 10am) to reset the New Hits counter. Note the time. 2. Run the command again after, say 15 mins, and note the number of mDNS hits under New Hits. This gives the number of mDNS packets seen in a duration of 15 minutes. (# of mDNS packets)/(15*60) gives the rate of mDNS packets per second. 3. Repeat step2 after another 15 mins. 4. Run the test multiple times to average out the mDNS packet rate.

49 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup: Debugging and Logs • AirGroup related debugging information is available under the user, system and security debug logs. • Use the following debug levels to collect debug information for AirGroup: • logging level debugging user process mdns • logging level debugging system process mdns • logging level debugging security process mdns • Apart from the debug logs, collect the following command outputs for debugging AirGroup issues: • Show airgroup servers verbose • Show airgroup users verbose • Show airgroup cache entries • Show airgroup internal-state statistics • Collect tech-support logs from the AirGroup controller at 2 or 3 instances spaced about 5-10 minutes apart

50 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf General Best Practices.. • AirGroup in large deployments o Enabling all AirGroup services consumes a large amount of system resources o Start by enabling select AirGroup services o AirPrint, AirPlay and Chromecast services are enabled by default in AOS 6.4. For a new service to be allowed, create a custom AirGroup service. o Start by restricting AirGroup services to most important VLANs o Disable the allowall service • When deploying wired AirGroup servers, make sure that the VLANs are trunked all the way to the controller running AirGroup.

51 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf • Disable deny-inter-user firewall settings. These settings can prevent clients from communicating each other. • For large deployments, use CPPM to register the AirGroup servers with location tag for better performance. • If AirGroup is enabled on multiple controllers in a deployment that share common VLANs, configure AirGroup domains and add the controllers to the cluster. ..General Best Practices

52 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AirGroup: AP Forwarding Mode • AirGroup is supported only on tunnel and de-tunnel forwarding modes • AirGroup services may break if NATing is enabled on user VLANs

53 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf New AirGroup Enhancements

54 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf AOS 6.4 AirGroup Enhancements • AirGroup support for DLNA-based devices • Support for virtual mDNS device configuration • CPPM Integration • Ability to share AirGroup services based on logical groups • Static time fencing • UI dashboard enhancements • AirWave support • Coming soon

55

56 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Thank You #AirheadsConf

#airheadsconf presentations

Add a comment

Related presentations

Presentación que realice en el Evento Nacional de Gobierno Abierto, realizado los ...

In this presentation we will describe our experience developing with a highly dyna...

Presentation to the LITA Forum 7th November 2014 Albuquerque, NM

Un recorrido por los cambios que nos generará el wearabletech en el futuro

Um paralelo entre as novidades & mercado em Wearable Computing e Tecnologias Assis...

Microsoft finally joins the smartwatch and fitness tracker game by introducing the...

Related pages

Enabling AirPrint & AirPlay on Your Network - Airheads ...

Enabling AirPrint & AirPlay on Your Network from Airheads Community Enabling AirPrint & AirPlay on Your Network: Printing
Read more

Breakout – Enabling AirPrint & AirPlay on Your Network ...

Enabling AirPrint & AirPlay on Your Network from Airheads Community Enabling AirPrint & AirPlay on Your Network: Printing and projecting with
Read more

Airheads Vegas 2014 Breakout Video - Enabling AirPrint and ...

Airheads Vegas 2014 Breakout Video - Enabling AirPrint and AirPlay on your Network ... Network Management with Aruba AirWave - Duration: 1:22:38.
Read more

Enabling Apple AirPrint with your Xerox device built on ...

Enabling Apple ® AirPrint™ with Your Xerox ... Enabling AirPrint on Xerox ... reboot, the Network Controller (NC) ...
Read more

[SOLVED] Enabling AirPrint on a wireless guest network ...

Enabling AirPrint on a wireless guest network. ... your guest network? Airprint is ... stack that enables services like AirPrint and AirPlay.
Read more

How do you enable Airplay?? | Official Apple Support ...

You need an AirPlay-capable device enabled on your network, ... How do you enable Airplay?? ... (including the new Airprint function which it ...
Read more

About AirPrint - Apple Support

You can learn more about using your AirPrint printers from these ... You can connect an AirPrint device to your network either through ...
Read more

HP AirPrint-Compatible Wireless Printers - Hewlett Packard

... and the HP printer must be connected to the same private 802.11 wireless network. AirPrint ... Apple AirPrint: AirPrint works over your private ...
Read more