Event-based forensics on wireless LANs

E(z)RF Network Manager 2.0, the first wireless LAN management system to record every client-network wireless protocol interaction, rather than merely gathering aggregate statistics, has been introduced by Meru Networks. The product represents a fundamentally new approach to WLAN management, using continuous event recording, data mining and a knowledge-based inference engine to reduce troubleshooting time – and user downtime – from days to minutes.

With knowledge of every past RF event, the system allows network managers to “rewind” the WLAN, recreating past event sequences to quickly pinpoint the causes of client problems – even long after those problems have occurred. The system also automatically correlates across all recorded events to make highly accurate inferences about problems that may not yet have even been reported.

Highly scalable to accommodate growing enterprise requirements, it allows management of up to 25,000 access points and hundreds of controllers across multiple geographic regions. From a single console, users can rapidly drill down and view activity details at each level of the infrastructure: controllers, access points (APs) and individual wireless client devices.

E(z)RF 2.0 continuously monitors the state of every client and the wireless infrastructure, capturing and storing all key over-the-air events and client state transitions, to greatly simplify the job of managing wireless LANs:

• E(z)RF Network Manager 2.0 records every state change a client undergoes (e.g., connection, authentication, station handoff, DHCP events, IP address discovery) and stores that information for later mining. By capturing client-network interactions in the order in which they occurred – rather than just periodic or aggregated statistics – the system maintains all client information that can be used to help recreate the historical state of the network at any time.
• A proactive knowledge-based inference engine automatically correlates information across all recorded events and generates inferences about potential client and infrastructure issues, enabling proactive identification of those issues – often before they are reported by users. The inference engine currently can identify more than 100 relevant event patterns indicating possible problems, and can be enhanced to understand new patterns as they develop.
• Starting from a high-level “Trend Dashboard” showing aggregate global trends for the entire WLAN – including key over-the-air metrics such as high noise or packet loss for both radios and clients – network managers can drill down through the infrastructure, from controller to APs and finally to individual clients, to see usage trends and full event histories. Help-desk personnel can replay exact sequences of events by entering the client MAC address and the time period during which a problem occurred. APs and client devices can be located on WLAN “heat maps,” visually recreating past RF state.

E(z)RF Network Manager 2.0 is available immediately. Software supporting 50 APs is priced at $4,995, and requires a Meru SA1000 Service Appliance priced at $6,995. A visualization package providing network-wide heatmaps is available as an add-on option, priced at $4,995 for 50 APs.