WiNG 5.7 is finally out and available on Support portal. Here’s a brief summary of main features and comments about them.
New product support. Because of the timing overlap some of the products released around 5.6 release were not actually supported by 5.6.x and were supported by special 5.5.x instead. Now everything is back to normal with 5.7. These include the NX7500 controller which is to replace the good old RFS7000 and the new awesome AP75xx series.
- NX7500. This is basically a scaled-down version of NX95xx series, but with its own interesting features like LCD display, 10GE interface support, options for RAID HDDs or dual power supplies (including DC version). Overall, the idea is to fill is the spot for the aged RFS7000. Spec sheet here.
- AP7502 with its wall-plate form-factor and built-in Ethernet switch is clearly an 802.11ac inheritor to AP6511. One interesting addition is integrated BLE beacon. No longer you need to pay for add-on modules or extra licenses, as with other vendors. It also enjoys chipset, CPU and RAM upgrade, albeit it’s not as powerful as the two other APs in the AP75xx series, which may limit support for the advanced features (that most likely will never be used with this AP anyway 🙂 )
- AP7522 and AP7532 feature the new-generation 802.11ac hardware platform, difference being AP7522 is 2×2:2 MIMO, whereas AP7532 is 3×3:3. Both support more features than our 1st generation AP82xx series, and no less features that the previously premium AP71xx series, but at a much lower price, so it’s a no-brainer to me. They also feature lots of CPU and RAM so should be able to cope with future additions to the feature set. There are internal and external antenna models and external ones are specced from -20C!
- WiNG Express Manager. Imagine this, but on controller, with NX7500E (physical) and VX9000E (virtual) controllers. Nice UI, simple to deploy, limited feature set. Nuff said.
New default admin password. Due to re-branding effort the old password is no longer good, so be sure to check the release notes for the new one! This one, albeit not very creative, should better stand the test of time 🙂
DNS-based security enhancements. WiNG 5.7 sports a number of features related to DNS security.
- Hostnames instead of IP addresses in IP ACLs. My personal favourite! And clever too, honours multiple IP interfaces with individual NSes, record ageing, DNS load balancing, wildcards and partial matches, etc.
- OpenDNS integration. Basically, a mechanism that allows controller to seamlessly integrate into OpenDNS infrastructure if you happen to use them with an enterprise account. If you’ve never hear of OpenDNS – it’s a cloud-based DNS service that offers additional security: when user tries to go to a “bad” URL (marked as “bad” by OpenDNS reputational service or the admin) – they will be shown a parking page with a warning instead. Basically, a way to pay someone else to manage your firewall rules in the “Essential Internet Security” part (plus more, of course). There’s a free OpenDNS option as well, so you might give it a try at home.
- Web content filtering – this is a “bigger” and more functional version of the above, but now the engine runs not in the OpenDNS cloud, but on the controller itself. So, essentially this is an application-layer HTTP firewall. It also allows you more knobs and controls to play with, but now comes at a price (annual subscription). As part of this subscription you get connectivity to a cloud website (URL) reputation database that is constantly updated (hence the need for subscription). Compared to OpenDNS, you have to pay in both cases, but in one case as much as possible is in the cloud, and in the other – on WiNG infrastructure, so you get to choose which one fits the requirements best.
Roaming assist. This feature addresses the “sticky client” problem. Aruba has been talking a lot about this recently when they have launched ClientMatch. However, as usual, there’s triumph of Marketing over Engineering is here, as can be seen by this video. (Watch both of them, the Aruba vs Cisco marketing wars are hilarious). Do not expect this (or any similar) feature to ensure silk-smooth roaming for clients that don’t know how to behave in the first place. What it does instead is this:
- When client “sticks” to the AP somewhere on the fringes, what happens to the datarates? They drop. What happens to retransmits? They increase. How does this all affect airtime utilization? It grows drastically. Is this good airtime or wasted airtime? Wasted.What happens to the other “good” clients in the vicinity? They suffer as well.
- So what Roaming Assist and other related features does is it force-disconnects client (traffic disruption is surely to follow) so it can reconnect to a better AP and stop wasting [air]time for everyone around them = optimizing network capacity in general.
- Because of the disruptive nature of this feature there are of course lots of knobs and controls to play with to ensure it works when needed and doesn’t kick those VoIP phones in the middle of the voice call (NB: if you have “sticky” VoIP phones – you have a much bigger problem! 🙂).
Captive portal enhancements. There is now bandwidth-based vouched support with throttling that works arcoss multiple connects disconnects (“I give you a voucher for 200MB at 10Mbps, which you may consume in multiple sessions. Once you consume all 200MB your speed drops to 512K”. The wired captive portal implementation (yes, we have it) is also catching up in features, albeit not as functional as its wireless counterpart. Don’t ask me why they’re not the same.
Other enhancements include: PPTP VPN support over NAT, AP steering and LDAP enhancements, bugfixes, etc. Reading release notes is recommended, as always. Hidden bonus: there is also an interesting thing called “AnyAP” Profile hidden well in the UI. It does exactly what you think – a universal profile for any AP type (instead of having to create multiple) .I was told it’s not fully tested yet, but you are welcome to give it a try. Just remember that whatever is hidden is not supported. Hope it will pop up in later 5.7.x releases as a fully supported feature, as it is just about time, IMHO.
Have you tried 5.7 or any of the new APs already? Write your experiences and questions below!