Lee H. Badman

Network Computing Blogger

Upcoming Events

Where the Cloud Touches Down: Simplifying Data Center Infrastructure Management

Thursday, July 25, 2013
10:00 AM PT/1:00 PM ET

In most data centers, DCIM rests on a shaky foundation of manual record keeping and scattered documentation. OpManager replaces data center documentation with a single repository for data, QRCodes for asset tracking, accurate 3D mapping of asset locations, and a configuration management database (CMDB). In this webcast, sponsored by ManageEngine, you will see how a real-world datacenter mapping stored in racktables gets imported into OpManager, which then provides a 3D visualization of where assets actually are. You'll also see how the QR Code generator helps you make the link between real assets and the monitoring world, and how the layered CMDB provides a single point of view for all your configuration data.

Register Now!

A Network Computing Webinar:
SDN First Steps

Thursday, August 8, 2013
11:00 AM PT / 2:00 PM ET

This webinar will help attendees understand the overall concept of SDN and its benefits, describe the different conceptual approaches to SDN, and examine the various technologies, both proprietary and open source, that are emerging. It will also help users decide whether SDN makes sense in their environment, and outline the first steps IT can take for testing SDN technologies.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

See more from this blogger

Xirrus Adds Application Control To WLAN Arrays

Companies struggle to control what goes in and comes out of corporate networks. The Web exacerbates that challenge because it can be a source for malware, productivity-killing sites and other problems. A variety of tools are available to help companies sort wanted from unwanted, and now a wireless provider is getting in on the act.

Today Xirrus announced Application Control, a new capability for its XR Series wireless arrays. The company says Application Control will identify applications on the wireless network and let administrators set a variety of policies, including blocking applications outright, prioritizing bandwidth for specific applications and limiting bandwidth for other applications.

More Insights


More >>

White Papers

More >>


More >>

This isn't a new idea, at least at in the DMZ, where traffic-shaping products and next-generation firewalls from vendors such as Palo Alto Networks can perform the same functions.

However, Xirrus said it's the first vendor to bring this technology into wireless arrays. Competitors including Meraki and Aerohive market similar functionality in their wireless offerings. When pressed on this point, Xirrus explained the competitive differences in its approach.

While access points from other vendors may do some degree of application classification and control, Xirrus says its latest arrays are purpose-built with between two and six processor cores for deep packet inspection (DPI). The company claims that this provides capabilities that go far beyond what can be achieved with single-processor APs. It has licensed a DPI engine from a third party, though Xirrus declined to reveal the provider. The company says the DPI engine allows its arrays to precisely identify applications, which will give administrators very granular control, such as the ability to block the use of Farmville within Facebook while still allowing users to access the social networking site.

I don't buy Xirrus' claim of "first to market" for distributed traffic control after having used competitors' products, but I will reserve judgment on whether Xirrus is better at application classification and control than other WLAN vendors until I have a chance to try for myself or see a valid comparative review.

That said, there is merit to Xirrus' approach. Regardless of whose logo is on the access point or array, the distributed nature of wireless networking offers new paradigms for the likes of traffic shaping and control. As a past or current customer of Packeteer, Allot and Palo Alto Networks, I've seen my share of issues with bringing an enterprise's worth of data to a central resource to pick it apart and enforce policy on it. When the central magic fails, the effect is embarrassing and disruptive. But if that same detailed classification can be distributed, things get interesting.

In my own environment, I have more than 3,500 access points. Though my APs can't do DPI, I can envision the power of the enforcement construct if they could. Instead of traffic from 15,000 wireless client devices needing to come back to the core to be analyzed, each AP would share the duty, resulting in far less traffic getting deeper into the network as unwanted applications are discarded or throttled.

The loss of any one AP would really not degrade my overall traffic control strategy by much, as AP topology includes robust self-healing. And as long as the classification and control functions were as centrally manageable as a core-located appliance, I would really favor the distributed model.

I can't say whether Xirrus' Application Control feature will entice new customers, but the premise behind it is a good idea that will no doubt gain traction in the WLAN space. Xirrus says Application Control will be available in December.

Related Reading

Network Computing encourages readers to engage in spirited, healthy debate, including taking us to task. However, Network Computing moderates all comments posted to our site, and reserves the right to modify or remove any content that it determines to be derogatory, offensive, inflammatory, vulgar, irrelevant/off-topic, racist or obvious marketing/SPAM. Network Computing further reserves the right to disable the profile of any commenter participating in said activities.

Disqus Tips To upload an avatar photo, first complete your Disqus profile. | Please read our commenting policy.
Vendor Comparisons
Network Computing’s Vendor Comparisons provide extensive details on products and services, including downloadable feature matrices. Our categories include:

Research and Reports

Network Computing: April 2013

TechWeb Careers