MSS is the embodiment of the highly distributed Smart Mobile architecture. It is the operating system which runs on all Trapeze Networks Mobility Exchange controllers and Mobility Point access points (APs) to enable secure, reliable mobility across wireless networks of any size both indoors and outdoors. Coupled with the RingMaster Management suite, MSS provides the network operator and users with unparalleled wireless performance, security, reliability and management.

MSS is also highly portable. It designed to deliver all the security and network intelligence needed for large enterprise deployments, on a wide range of OEM and ODM controllers and access point hardware. That’s why networking companies such as Nortel Networks, 3Com, NEC, Enterasys and D-Link have licensed Trapeze technology to power their WLAN solutions.

Smart Mobile Architecture

The basic function of any wireless LAN operating system is to provide secure connectivity, roaming, radio power control and standard management functions. MSS offers all of these basic services and much more.

Trapeze’s Smart Mobile architecture delivers measurable operational advantages over other WLAN systems. It breaks many of the scalability, mobility and reliability limitations that constrain wireless LANs which depend on a centralized controller architecture or single-channel RF solutions. The hybrid centralized/distributed architecture improves performance and scalability, by leveraging the additive processing power of each AP. This has profound implications for real-world reliability and roaming efficacy, providing a level of system reliability that cannot be matched by any other vendor’s current architecture.

Reliability has become a crucial element in modern WLAN deployments with missioncritical business requirements. Only Trapeze can deliver NonStop application availability – nothing less than uninterrupted connections even under catastrophic network failures.

Secure Seamless Mobility

MSS is designed for easy wireless integration within an existing wired network AAA security framework, requiring no changes to the existing LAN topology or configuration. It supports the highest levels of security for both voice and data including IEEE 802.11i, WPA/WPA2 and AES encryption and has been validated to meet the Federal Information Processing Standard (FIPS) 140-2 level 2 certification. It also provides comprehensive in-built Wireless Intrusion Prevention and Wireless Intrusion Detection features to detect and mitigate rogue APs, DoS attacks and other common attack types.

Unlike WLAN systems that rely entirely on centralized controllers for security policy enforcement, Trapeze’s security/authentication model is administered centrally and enforced in a distributed fashion. Up to 64 controllers of any size can work together to form a single Mobility Domain®. Users can roam from AP to AP, even across different controllers, within that domain without ever needing to re-authenticate.

As clients join the network, their session level security credentials (keys) are propagated through secure tunnels to other controllers in the Mobility Domain. Thus when a client roams to an AP on a different controller, it is immediately recognized, and there is no need to query a “home controller” for security keys. This superior roaming model eliminates session timeouts and re-authentication, thereby enabling seamless mobility enterprise-wide, even between indoor and outdoor areas. This patented approach delivers the benefits of 802.11i “fast roaming” in a network-wide manner and is not limited to “fast roaming” only between APs on the same controller. MSS even supports RFC 3576 to allow dynamic authorization of access privileges for all sessions. Together with SmartPass this provides best-in-class access control.

Global Identity-Based Networking

Trapeze Network Domains are a superset of Mobility Domains designed to gives users the same services and privileges based on their identity, no matter where they connect. Just as a Mobility Domains offers seamless roaming at a campus level, a Network Domain interconnects and distributes Mobility Domains across wide geographic regions enabling the same secure mobility and consistent service profiles.

Applying identity-based networking globally, benefits anyone that frequently works at different sites e.g. Doctors who serve many hospitals within a hospital system, teachers across a school district, even IT across multiple campuses. Whatever the experience (QoS, bandwidth and access rights) a user has at one site, it can be replicated in another similar site, without the user or IT staff needing to do anything new.

Optimized Traffic Flows

MSS also enables Smart Mobile’s intelligent switching, which combines both centralized and distributed data forwarding based on the requirements of the underlying application. The result is optimized traffic flows, radically reduced latency, and massive scalability. With the scalability and performance advantages of distributed switching, Smart Mobile WLANs can support the most demanding wireless applications, including voice over WLAN for thousands of users, Real-Time Location Services and 802.11n, all without the need for expensive WLAN controller upgrades.

Even with 802.11n, wireless bandwidth is a scarce commodity, even more so in mesh and bridging applications in which Wi-Fi is the backhaul transport. For these reasons, MSS implements stateful firewall capabilities at the AP - not at the controller, where it is too late - to avoid propagating broadcast or multicast traffic, such as ARPs, unnecessarily. Similarly, deep packet inspection also makes it possible to distinguish different traffic types such as SIP, so it can be given appropriate QoS and bandwidth profiles automatically. Trapeze was the very first vendor to be SpectralinkVIEW certified and MSS supports all the standards (WMM, CAC etc) necessary for reliable, secure, high quality voice services using all manner of Wi-Fi handsets, smart phones, PDAs and more.

Dynamic Load Optimization

Regardless how forwarding is handled— centralized or distributed—MSS optimizes per user bandwidth availability and performance, by dynamically balancing traffic. With other vendors systems, as users enter a building, their always-on mobile devices such as “smart phones” and PDAs associate with the AP offering the strongest signal at the point of entry, and remain forever locked to that AP’s “home controller”. This causes AP congestion, wastes bandwidth and increases round-trip latency as users roam away from the AP. MSS eliminates these problems by automatically balancing clients across APs as they connect, and continuously adjusting AP loading as users move around.

Another common problem is that most wireless clients default to 802.11b or 802.11g, oftentimes resulting in congestion on the 2.4Ghz band while the 5Ghz band is virtually unused. Trapeze Band Steering guides clients to use the 5Ghz band whenever possible, preserving 2.4 Ghz for clients that really need it. This not only increases usable capacity up to 40%, but also improves the experience for all 2.4 Ghz connected clients.

NonStop Session Availability

Typically, WLAN controllers are configured individually and operate independently of one another, while APs are hard-mapped to each controller. But if a controller goes offline, so do its APs. Even if APs are dual homed to another controller, they must drop all sessions, before reconnecting to a “hot standby” controller.

Trapeze MSS avoids these service interruptions altogether, thanks to controller virtualization technology, similar to that used in server farms. Instead of treating each WLAN controller as a discrete device, multiple controllers are configured as a group, only once, and treated as virtual pool of capacity, acting together as a single Virtual Controller Cluster - all in service at the same time. There is no need for expensive “hot standby” devices.

In a controller down scenario – any event that takes the controller out of service - this manyto- many redundancy allows the APs previously assigned to the offline controller to be redistributed among other controllers in the cluster, instantaneously. Without losing a single active session - not even voice calls. What’s more, it takes less than 20% of the time of other vendor solutions to configure a fully redundant WLAN with hitless failover. This unique NonStop Wireless capability enables instant capacity scaling or unscheduled in-service upgrades with zero downtime.

Because APs are distributed evenly across the pool of controllers in the Virtual Controller Cluster it is possible to utilize all AP licenses without waste. This is more cost effective than the traditional hot standby redundancy approach that requires an idle controller to be maxed-out with licenses which may never get used.

Resiliency is also imperative in mesh scenarios where un-tethered APs depend on other APs in the mesh in order to reach the wired network. Obstructions and power outages are a common cause of AP down time, especially in outdoor applications. To address this MSS also provides fully redundant self-healing Mesh services as well as point-to-point and point-to-multipoint bridging services for both indoor and outdoor APs.