Thoughts on the HP acquisition of Aruba Networks

Twitter has been abuzz since last week with the leaked news, now official, that HP has entered an agreement to acquire Aruba Networks. As such there are plenty of people both for and against this in the WLAN community. I wanted to put some immediate thoughts up here on this transaction;

  • First congratulations to Aruba, I’m happy for all my friends there who have worked hard over the years to build a great company.
  • As much as can be read from this from press announcements, it seems like Dom & Keerti will be heading up what will be the new subsidiary of HP which seems to be a combination of the HP Networking division and Aruba.
  • There has been much consternation online about HP’s previous missteps acquiring companies and that it could ‘ruin’ Aruba. I understand the worry, but I believe it to be overstated. We don’t really know how things will turn out and knowing what strong leaders Dom & Keerti are and the smart way they have got to where they are in the industry, I don’t believe for a second they would let things go badly for Aruba without a fight.
  • Having HP, a _much_ larger company, giving Aruba backing, plus that HP’s switching is fairly well regarded in a lot of customers, gives Aruba some serious ammo to go after Cisco, the market leader. It could also turn out that it gives Aruba capital it needs to expand into area’s of the market they have not played a lot in as well. Expansion of a company is always limited by the amount of capital it has available.
  • The flip side of this is that HP could overwhelm Aruba. I know a few good people currently working in HP and I know that they have been working hard to change some of the negative perceptions HP has. This is a smart move by HP as they are not only buying a good company, but also a lot of goodwill Aruba has built already.
  • This also marks for the WLAN industry in general that we are moving from a phase of rapid growth and startup like mentality to one of more established businesses that are dominant forces in IT. It’s actually a good thing that WLANs have become so central to doing business and no longer are just a ‘nice to have’.
  • Like all changes, there will be people who won’t like it and will move on just because of the uncertainty. I hope my friends at Aruba will see the great opportunity this gives them and will stay on to help grow the future there. I know some of the leadership may be looking to just move on to new ventures and I can understand that.

As others have mentioned, this could be the start of some major buyouts in the industry. Aerohive, Ruckus, Meru and others all could be targets for others to gain an advantage. This is a big one for sure, but I wouldn’t be surprised to see some other moves by HP’s competitors to gain a team of smart WLAN guys. As a WLAN professional I am looking forward to more exciting things to come!

Dating, Identity and IoT

As I lie in bed some nights, I sometimes am awake with a gazillion ideas revolving around in my brain. One of the things that jumped out at me the other night was how online dating was similar to the Internet of Things (IoT). Bear with me a bit while I explain what I mean. Online dating has changed a lot since it first surfaced in the late 1990’s and has now become almost the de facto goto for those looking for a relationship. Well apart from bars, they are still doing very well as meeting up places. The problem a lot of people have is one of identity with online dating. How to know that person who’s picture you are looking at is the person for you? To fix this information asymmetry most dating sites require you to fill out in some level of detail identifying information about yourself that others can use to assess if they wish to begin a relationship with you.

In the early days of the Internet, we used simple mechanisms to identify people. Passwords worked fine for most people to represent who they are and most importantly if they were allowed access to data. As time has gone on, the limitations of passwords have become apparent. Especially with multiple different places on the Internet holding differing levels of information about us. Dating sites have this issue also, not only in that they need to regulate who can alter the data they have that describes an individual, but also how to verify that the information about that individual is correct, so that potential relationships can establish a level of trust. As more and more people use dating sites, it’s getting much harder to have that verification happen. If we think about how we as human beings establish trust in another individual, it’s built on a series of relationships that we have, both in that we ‘get to know’ someone through our observations over time but also in that we talk to others who know that individual in order to get some third party information about them. Of course I’m oversimplifying a bit here, but my point is that we use many different pieces of information to build a matrix of trust and we judge how much we trust that person based on how we assess and verify that information about them.

So now we have this mass of new devices coming along in the Internet of Things. As they will be so integrated into our everyday lives and performing many individual functions for us how do we verify them even on a very simple level of ‘that one belongs to me, the other one doesn’t’ and then trust it to perform it’s function. I think the only realistic way of doing this without having to remember a huge number of different passwords is for us to build a matrix of trust based on relationships but have this be performed by our devices in an automated way. Let me describe a simple example. How does your intelligent door lock know that you are the owner of this house and it should unlock the door to let you in? First it sees you drove up in a car that it is able to communicate with to verify that you are the owner of that car, based on the car having previously verified you. Next it communicates with your phone and compares your fingerprint you used to access the phone. Finally it uses a small camera to do facial recognition to images previously captured of you to provide a third data point. Each one of these exchanges of data is also verified by using cryptographic communication to also validate the relationship of each device to each other.

So we see that in a similar way to online dating, the IoT needs to establish relationships to be able to verify trust. As more and more data points are added, it becomes possible for our devices to establish higher levels of trust based on the quality of the information and the relationships involved. Identity then and the relationships formed by being able to trust someone’s identity becomes a key enabler of the IoT. We are starting to see this with devices such as smartphones beginning to use fingerprint readers but this is about more than the simple test of ‘is this the correct fingerprint’. What is being built here is a way for our machines to identify us individually using the same methods that we ourselves as humans use to establish trust. In a way I find it comforting that this is so, as it shows that one of the most human behaviors we have, that of relating to each other, applies equally in how we build our machines.

Guest Portal Use Cases

Guest portals are a common occurrence in the WLAN industry. They have been used for many different types of access scenarios with some criticizing their use as getting in the way of people wanting fast and free access to the internet. In this blog I want to contribute to this discussion with the proposition that due to the many different ways captive portals are used, there is some merit both from a business and security point of view for their use.

Starting with looking at WLAN access from a high level, there are several main business uses that are incorporated in designing user access. The most obvious first use case is your standard business user in a corporate network. This is the same user that we have been designing access for through most of the life of wireless technologies. Usually, due to security concerns, most corporations providing WLAN access use strong encryption and authentication methods to control access. There are, however, other types of users in a business environment. Some examples are outside vendors, visitors, subcontractors, temporary workers and most recently corporate employees bringing their personal mobile devices to work. The challenge for corporations providing access for these types of scenarios is that users outside of the traditional controlled access scenario are exploding and that puts pressure on the WLAN infrastructure which must be upgraded to keep up with demand. Until now, most corporations have used captive portals to control access so that only users sanctioned by the business have access to the WLAN.

Another group that has made heavy use of captive portals is large public venues such as stadiums, conference venues, airports, etc. This is distinct from smaller public venues such as coffee shops, restaurants, hotels or even airplanes. The challenge for large public providers is that in many cases the use of captive portals annoys the users and many will resort to alternatives such as MiFis to get around onerous signup forms and costly access plans. Security is less of a concern here than in corporate use cases but there are still concerns around users using the public venue’s access to download illegal content or perform active attacks on other users. Captive portals are often a mechanism here to provide users with notifications that their access is being monitored and that specific acceptable uses of the access are required to be met. The other side of this for large venues is that it costs a lot to maintain the public infrastructure for this access. With this in mind many large airports, for example, began by charging users for access. This has lead to it being common in large airports for users to use their mobile device for access rather than pay the associated fees. It has become apparent in recent years that many large venues have backed away from these fees and begun to see providing Wi-Fi as much more of a general infrastructure cost than something that end users should be charged for. The last challenge to using captive portals for large venues is one of scalability. Having 60,000 users streaming the last replay of a goal they just watched is challenging for the infrastructure to handle and requires a great deal of planning to achieve. I suspect many large venues will look to sponsorship as a way of meeting these costs so that free access becomes part of the experience of attending the game. This is where alternatives such as Hotspot 2.0 could make access for users easier and more secure than utilizing a captive portal as well as more scalable from an infrastructure perspective.

The smaller public venues, especially hotels, have long seen WLAN access as an additional revenue stream to help their overall business model. By charging users for access and using captive portals to collect the fees these businesses have been able to offset drops in revenue from the decline in hotel video rental, room phone charges and the cost of maintaining a high speed network to access the internet. Some business, particularly cafes and lower level business hotels, have begun to provide free access as an incentive for guests to stay but this is most often also accompanied by a terms of use captive portal and the need to obtain an access code. It will be a challenge for the smaller public providers to encourage users to actually use their WLAN, or stay longer in their cafe, with the increase in mobile devices and alternative access methods while finding a way of offsetting the cost to the business of providing that access at an acceptable level for many users. Many users detest captive portals for preventing them being easily able to access the internet and having to sign up multiple times with the different devices they carry. Viewing internet access as a utility provided as a cost of doing business has some value, however it can also be problematic as open access can invite users doing harmful acts that can incur additional costs above simply providing access. A recent report outlined many of these issues for hotels and pointed out that in higher end hotels (which more commonly charge for access) it’s often thought that Wi-Fi is something that has additional costs beyond the base room price as guests expect constant reliable connections beyond what the lower level business hotel’s ‘free’ service offers. Captive portals here are used to control access to the premium levels of service, with some hotels moving to a tiered model where you can get a slower access speed for free with the room price and the ability to pay for higher speed as needed. I believe this model is ripe for disruption where access is made easy for users and tiered connection speeds are still able to be paid for, adding the revenue used to maintain the service. I haven’t seen a compelling business yet offering this service, however.

The final group to look at is people providing location based access services. Although RTLS has been used for a number of years in hospitals and other situations requiring tracking of assets, there was not a huge use case for captive portals for traditional RTLS. In the last few years there has been an emergence of uses around tracking shoppers and other casual users that combines RTLS with a user registering either with a ‘social login’ or with a loyalty program of a retailer to track shopping habits so that physical stores and locations can have a better idea of what interests users in those locations. The value for this is specifically for optimizing the layout of stores for users to easily find what most interests them and for advertising in store displays that are personalized for the interests of the users. This can be done without the user logging in by using the more anonymous MAC addresses of the device However, this is just a modernization of traditional store based tracking that looks at items brought to optimize store layout. There is a privacy aspect to this as well, where an app installed by the user or a captive portal signup means a more positive acknowledgement of consent to be tracked and making the value to the end user more visible. This is similar to loyalty programs that track user purchases in return for offering addition discounts of interest. As usual there is a balance here between the users needs, in this case privacy and transparency into what their data is used for, and the value to the business of getting good info into the likes and dislikes of a customer in their store. Captive portals in this situation can be used to be more open with shoppers about what is being collected and how it is being used.

In this short tour of different use cases for captive portals I have attempted to show that the use or not of captive portals is not simply a matter of a single value to both end users and the businesses using the captive portal. There is friction on both sides as to the differing needs and it’s not an easy definition to say that captive portals have no use at all and just get in the way of users. At best it is a balancing act between the value to those deploying the portals and those who have to use them. At times, the value of making it as frictionless as possible to end users outweighs the business value. In other cases it may provide a much better value to both to have a captive portal.