Virtual SmartZone - Essentials

Scalable Virtual Wireless LAN Controller

DATA SHEET

The Virtual SmartZone™-Essentials (vSZ-E) represents a new class of affordable and

versatile virtual WLAN controllers designed for enterprise deployment. Powered
by the SmartZone OS, it addresses network challenges faced by enterprises of all
types and sizes.

ENTERPRISE
Organizations must support accelerating demands on their WLAN infrastructure with
the rise of Internet of Things (IoT) and Bring Your Own Device (BYOD). The need for
employees and customers to have the best user experience is driving organizations in
every vertical to adopt the best possible network infrastructure. The vSZ-E allows all
enterprises to deploy an affordable and highly resilient Wi-Fi network.

DISTRIBUTED AND REMOTE OFFICE

BENEFITS
End-user quality-of-service expectations are on the rise. Capital equipment budgets
VIRTUAL FLEXIBILITY are not. The vSZ-E provides IT departments with intuitive, visual tools to centrally
The vSZ-E makes possible an all-virtual branch campus manage end-user experience in distributed and remote offices. Its active/active
deployment on commodity hardware supporting up to redundancy architecture provides the budget flexibility that comes from having no
3,000 APs, minimizing CAPEX and maximizing server reuse
idle capacity.
and flexibility.

ALL-IN-ONE SIMPLICITY
Virtual SmartZone (vSZ-E and vSZ-D) is a WLAN “network-
in-a-box,” enabling IT to easily and cost-effectively deploy
and scale a high-performance WLAN, with no requirement for
stand-alone elements.

COMPREHENSIVE EXPERIENCE
MANAGEMENT Simplified
Visual Connection Diagnostics speeds and simplifies Manage and
the network
troubleshooting and client problem resolution while unique enhanced
hierarchy for search
“super-KPIs” enable IT to more quickly detect and react to segmentation. functionality.
potential user experience degradation.
Quickly change
MULTI-VARIATE, ROLE-BASED POLICIES scope and
Optional Ruckus Cloudpath integration lets IT to create rich easily manage
profiles.
location-, device- and user-based policy rules, enabling
network segmentation based on real security and policy needs
rather than a one-size-fits-all approach.
Monitor and
configuration
SURVIVABLE CONFIGURATION AND workflows are

REPORTING fully integrated.

Store up to 30 days of network configuration and client data

on internal storage drives.

AUTOMATED AP PROVISIONING
L3 and L2 auto-discovery of APs and AP auto-configuration
reduces manual administration.

MOBILE DEVICE FRIENDLY

Support Bonjour services and control mDNS traffic like
Apple’s AirPlay, AirPrint, and ChromeCast across VLANs
and subnets.

ADDITIONAL ADVANCE FEATURES

Rogue AP detection, interference detection and mitigation,
band steering, airtime fairness, hotspot, guest networking
services and more.

© 2017 RUCKUS WIRELESS, INC 1

Virtual SmartZone - Essentials
DATASHEET DATA SHEET
Scalable Virtual Wireless LAN Controller

Global filter
preserves
Completely admin
redesigned context
dashboard throughout
experience. menus and
pages

Fresh
Google maps layout, user
integration and interaction,
indoor floorplans and styling
throughout.

New menu
structure with
simplified
navigation.

MANAGEMENT / OA&M
Administrative Dashboard
The Dashboard is a customizable and contextually rich interface that
reduces the time required to support large-scale networks. Consistent
menus and consolidated and streamlined navigation shortens time to
perform routine tasks such as AP configuration or monitoring actions.
Configurable visual filter settings for the Dashboard personalize visual
network alerts and WLAN statistics; settings are preserved throughout
sub-pages. View maps, health and traffic analysis, spectrum analysis,
and more.

Visual Connection Diagnostics

Visual Connection Diagnostics speeds and simplifies troubleshooting
and client problem resolution. This troubleshooting tool allows an
administrator to focus on a specific client device and its connection
status. An intuitive interface tracks the step-by-step progress of
the client’s connection through 802.11 stages, RADIUS, EAP
authentication, captive portal redirects, encryption key setup, DHCP, API Enhancements
and roaming. Administrators can identify information in each step, A rich set of RESTful JSON APIs enables the use of 3rd party
like EAP type or IP address assigned and then pinpoint where in the configuration, monitoring, reporting and analytics tools. Each
process a failure occurs. This enhanced visibility helps determine SmartZone controller supports access to a complete set of Wi-Fi
the likely cause of client problems and, based on the failure stage, network machine-level metrics enabling it to plug directly into existing
gives useful guidance for remediation. Visual Connection Diagnostics automated backend systems and to provide a ‘headless’ interface for
supports open, PSK, 802.1X, and WISPr networks. the WLAN infrastructure.

© 2017 RUCKUS WIRELESS, INC. 2

Virtual SmartZone - Essentials
DATASHEET DATA SHEET
Scalable Virtual Wireless LAN Controller

Public API support includes zone and WLAN details, AP group Role-Based Policy Management
override settings and AP override settings. API improvements are Granular role-based policies enable the creation of policy groups
supported by near real-time monitoring with data granularity as fine as segmented by user role, domain, location, OS type, certificate
three minutes. The real-time push streaming data driven framework status, VLAN and many more factors. Roles are assigned during the
enable SmartZone to deliver better report and management support. authentication phase of new user onboarding, then VLAN, OS, and
L3-7 policies are assigned as desired. Policy enforcement actions
Multi-Zone Control
include allow, deny, and rate-limit based on VLAN or VLAN pool and
Multi-Zone is used to segment the WLAN into independent L3/L4 Access Control Lists (ACLs).
organizational units. The vSZ-E supports up to 1,024 zones enabling
IT to create policies that group AAA, DPSKs, Hotspot portals, Bonjour Hotspot 2.0 / Passpoint
policies, and WebAuth portals and assign them to one or multiple Hotspot 2.0 enables 802.1x/EAP mobile devices to automatically
zones. Different zones can operate using different firmware versions or discover, select and authenticate to APs for which a roaming
different country codes. Administrators can also upgrade AP arrangement exists. Hotspot 2.0 is automatic and requires no user
zones independently from the controller software and manage APs intervention after proper device provisioning. Self-service provisioning
with firmware up to two releases old. IT can update firmware one can be accomplished by the Ruckus Cloudpath security and policy
zone at a time or within a dedicated test zone before upgrading the management platform.
entire network.
Isolation Whitelist
Lawful Intercept Administrators can manually configure a whitelist entry, either to add
All SmartZone WLAN controllers support lawful intercept of encrypted non-gateway devices such as printers or to allow additional gateway
traffic to maintain CALEA compliance on public or government-owned MAC addresses that may be required for load balancing or other
networks. Enable the mirroring of client traffic to a LIG (Lawful Intercept functions. The isolation whitelist can be auto-only, manual-only, or
Gateway) over L2oGRE (Soft-GRE). auto and manual.

Bonjour Management
Bonjour Management enables the detection of Bonjour services
SECURITY AND POLICY (such as AirPlay, Apple TV and other Apple network services) and
Automated Enhanced Client Security / DPSK other mDNS-based services such as ChromeCast across VLANs
Ruckus patented Dynamic PSK™ (DPSK) enhances client security by and subnets for both wired and wireless networks. The vSZ-E is
automating randomized passphrase keys for use with each device. The preconfigured with common Bonjour service types, making Bonjour
vSZ-E supports 20,000 DPSKs, with up to 10,000 per zone. Group service detection automatic.
DPSK, user-specified passphrase and number-only DPSK further
Bonjour Fencing allows administrators to control the physical area
enhance client security in all settings.
in which a given Bonjour-based service is discoverable. This is
Group DPSK allows IT to create a DPSK that can be shared by accomplished by mapping to nearby APs devices that are advertising
multiple different devices, with up to sixty-four Group DPSKs in a zone. Bonjour services and allowing only that AP or its neighbors to
Administrators can also specify a number-only DPSK, which makes advertise the Bonjour record. This prevents users/devices from
guest or other “easy entry” scenarios more user-friendly. discovering Bonjour services that are not nearby and thus not relevant
to their search.
WIDS / WIPS / Rogue AP Detection
Additional Security and Policy Features
The vSZ-E includes Wireless Intrusion Detection and Prevention
System (WIDS/WIPS) functionality, enabling rogue AP detection. • DoS Prevention – Admins can monitor connected clients and
easily block a specific device if suspicious behavior is detected or
Rogue access points exhibiting malicious behavior such as spoofing a device is stolen. Block a user device if it fails authentication too
the SSID or BSSID of a connected Ruckus AP are prevented from many times in a short period. Includes configurable settings for
connecting clients to the network. number of failures, span of time to measure failures, and duration
of block. This prevents common authentication hacks or other DoS
APs can be classified as “rogue” or “known” to minimize disruption attacks that consume AP resources.
towards unowned neighboring APs or lab equipment, preventing the
network from acting against these discovered APs.

© 2017 RUCKUS WIRELESS, INC. 3

Virtual SmartZone - Essentials
DATASHEET DATA SHEET
Scalable Virtual Wireless LAN Controller

• Manual-Block - Admins can select one or more wireless clients Layer 7 Application Visibility and Control
and create a system/zone-wide block. This block prevents the Robust Layer 7 application recognition and control pinpoints top
device from connecting to any AP on the system. This can be useful applications and top users, among other metrics. The vSZ-E allows
in situations in which devices have been stolen or compromised, or rate limiting, blocking and QoS actions by application to support
in which a user has violated an acceptable use policy. organizational network usage policies. The application signature
• LDAP over SSL - Allows the vSZ-E connection to use LDAPS, database is updated independently of SmartZone firmware upgrades,
which initiates a TLS-encrypted session before LDAP messages ensuring that administrators can always manage and control the
are transferred, thus providing an additional layer of data privacy. latest applications.

  Super-KPIs
Unique “super-KPIs” enable IT to more quickly detect and react to
NETWORK INTELLIGENCE potential user experience degradation. vSZ-E proactively monitors
Traffic Analysis a core set of metrics that consistently correlate well with common
problems, and presents a summary metric as a starting point for
Traffic analysis displays domain, zone, AP group, WLAN, and AP traffic
problem isolation. Using aggregate measurements that capture a
and client trends over time. Quickly find the most heavily loaded AP or
broad range of problems associated to the Wi-Fi network simplifies
top network users and devices. View client OS types and application
troubleshooting by narrowing the scope and location of the problem.
consumption. Filter statistics by band (2.4 GHz, 5 GHz, or both) and
These holistic, proprietary, “super” metrics include Latency, Airtime
traffic direction (uplink, downlink, or both), and monitor client load
Utilization, and Connection Failure.
over time.
AP Health
AP health is a key indicator of user experience quality and with vSZ-E
this information is presented front-and-center. On the Dashboard, AP
status is categorized based on health/performance thresholds defined
by an administrator. On a map, APs are color-coded based on this
status. vSZ-E automatically identifies APs that cross performance
thresholds and visually ranks the worst-performing APs. With this data
and historical trend analysis, admins can easily compare individual
APs with groups of APs to look for isolated trouble spots or identify
broader patterns.

Cluster Health
Monitor and flag cluster node status and keep critical cluster health
alerts highlighted within the Dashboard through status symbols
showing Green/Yellow/Red for each cluster node. Displays historical
line charts and allows threshold settings for Cluster Health, spanning
CPU, RAM and disk utilization, port/interface usage, and packet rates.

Client Health
Check on real-time client performance metrics, connectivity, and
Indoor and Outdoor Maps traffic. View client signal-to-noise ratio (SNR) and data rate, as well as
With Maps, centrally view all sites at the same time with Google Maps historical traffic, to help troubleshoot connectivity problems.
integration and display sites, floorplans and APs on the map. Simplify
routine checkups of AP health on a site-by-site basis with one click. Topology Health
Inspect the status of APs across floorplans to find online, flagged, and The Topology view contained within the Dashboard uses a system
offline APs. View health and traffic data for each AP to evaluate site hierarchy tree to enable easy identification of network problems
performance. Administrators can choose an AP to view details like inside domains, zones, and AP groups. Visually identify with Green/
health status, IP address or other operational metrics. APs are color- Yellow/Red status indicators nodes in the tree with offline APs or
coded by status, and administrators can overlay operational data—like APs with poor performance that have crossed admin-defined
operating channel, traffic, client count, airtime utilization—for each AP performance thresholds.
on the map.

© 2017 RUCKUS WIRELESS, INC. 4

Virtual SmartZone - Essentials
DATASHEET DATA SHEET
Scalable Virtual Wireless LAN Controller

Spectrum Analysis Radio and Wi-Fi Optimization

On-demand real-time spectrum analysis make use of existing radios • BeamFlex+ - BeamFlex+ adaptive antenna technology increases
within the AP, removing the requirement to have dedicated APs for every Ruckus AP’s performance and range. Multiple antenna
elements inside each AP manipulate RF patterns in real time to
spectrum reporting. Visualize RF spectrum by real-time energy, real-
maximize, on a per packet basis, signal gain for each client,
time utilization, density, energy waterfall, and utilization waterfall. While while accommodating changes in client device orientation.
an AP conducts a spectrum scan, clients are offloaded to nearby This technology mitigates radio interference, noise related
APs to minimize connection disruptions. In the case of APs with three performance issues, and improves application flows especially for
radios, the 3rd radio can provide spectrum analysis of both 2.4 and mobile devices.
5 GHz bands without impacting client connectivity. Spectrum Analysis
• ChannelFly - The ChannelFly dynamic channel management
is supported on 802.11n, 802.11ac Wave 1 and Wave 2 APs. technology in all Ruckus APs improves wireless performance in
highly congested environments by dynamically switching a client to
Report Generation and Export a better channel when the one it’s using starts to degrade.
View rich statistics on subscribers (including client fingerprinting), APs, This capability allows APs to automatically select the optimum
SSIDs, backhaul (mesh), and the vSZ-E cluster itself, with granularity 2.4 and 5 GHz channels to maximize performance and minimize
interference. ChannelFly also supports a channel-change cost
as low as three minutes. Reports encompassing durations of up to
metric that refines client channel migration using channel capacity
30 days can be generated for a variety of key performance indicators prediction models and initial learning and settling time updates.
(KPIs) and exported in multiple formats. For operators seeking richer
information, the Ruckus SmartCell Insight (SCI) network analytics • Capacity-Based Admission Control - To help ensure existing
clients’ quality of service during periods of heavy load, Ruckus
tool provides for long-term data storage, data analytics and more
APs implement a capacity-based client access control algorithm
complex reports. that declines connection requests from new clients if already-
connected clients are at risk of service quality degradation.

CONNECTIVITY
ARCHITECTURE
Distributed Connectivity Optimization
With an encrypted AP-to-AP communications protocol, managed Separate Control and Data Plane
APs discover neighboring APs over-the-air and build encrypted The SmartZone platform addresses deployment and latency
communication channels to share network load, operating channels, constraints with traditional WLAN architectures by implementing a
roaming and other relevant RF parameters. This enables smarter customized Local MAC architecture which places all essential WLAN
roaming and load balancing behavior and is supported on both IPv4 or services including authentication and association requests within
IPv6 networks. the Ruckus AP. This enables all SmartZone controllers to separate
control and management traffic from data traffic while optimizing for
SmartMesh Wireless Backhaul both using SSH-based and GRE-based protocols, thus improving
Ruckus SmartMesh supports wireless backhaul redundancy by creating deployment flexibility and network latency.
self-forming, self-healing mesh networks automatically with a single
checked box on the administrative interface. With Ruckus APs and A single SmartZone controller placed within a centralized data center
BeamFlex+ technology, APs adapt to changing conditions to further can manage multiple remote sites without forcing all authentication
ensure a solid mesh connection between APs, making use of the requests or client data to tunnel through the SmartZone controller.
5 GHz band to backhaul AP traffic to a point where wireline facilities are
User traffic is bridged through the local L2/L3 network which improves
available. Mesh backhaul configurations dynamically reconfigured to
latency between clients and services.
reroute traffic over different paths as conditions change.
Branch office deployments and direct integration between APs and
local IT infrastructure Active Directory, LDAP, RADIUS, DHCP, DNS,
and Firewalls are also enabled.

Data encryption of payloads being transmitted over a public network

connection, such as the Internet, are encrypted with SmartZone.

© 2017 RUCKUS WIRELESS, INC. 5

Virtual SmartZone - Essentials
DATASHEET DATA SHEET
Scalable Virtual Wireless LAN Controller

Ruckus WLAN
APs Gateway

vSZ-E
L2 / L3
AP Control / Management Network
Data

vSZ-D
2

1
Data Plane Options
1 – Local Breakout
2 – Tunneling Through WLAN Controller
3 - Tunneling Through WLAN Gateway

Scalable Cluster Architecture Offload DHCP/NAT Services

Active/active clustering delivers higher availability and resiliency than DHCP/NAT services are provided by the AP or separately by the
traditional N+1 standby. The architecture ensures redundancy and Ruckus Virtual SmartZone Data Plane while the vSZ-E centrally
balances AP loading with cluster-wide management across data manages the AP and maintains through-NAT client visibility. This
centers and zero idle controller capacity. topology simplifies the replication of a WLAN configuration across
multiple sites while minimizing capital expenditures associated with
AP Survivability separate routers and DHCP servers.
The vSZ-E minimizes the impact of lost connectivity between the
controller and the AP by placing essential WLAN services within the
AP. WAN link outages or controller failures do not affect the normal
operation of WLAN services.

SMARTZONE OS: COMMON FEATURES AND ATTRIBUTES

Active Clustering Separate Control and Data Planes Flexible Tunneling Survivable AP Architecture
Ensures redundancy and balanced AP Segment user traffic from management/ Allows for distributed or centralized L2 In the event of backhaul outage, new
loading with cluster-wide management control traffic for flexible deployment, tunneling on a per-WLAN or per-zone APs and clients can be added and full
across data centers and zero idle higher security and lower-cost scaling basis using Ruckus or 3rd-party data WLAN functionality persists.
controller capacity. and tunneling. plane nodes.

Visual User Interface Rich Northbound APIs Flexible Licensing Integrated Reporting
Intuitive, graphics-intensive interface RESTful JSON APIs enable the use Migratable, single-AP licenses ensure Customizable reports with visual alerts
simplifies and speeds control and of 3rd party configuration, monitoring, linear pricing, while intra-cluster sharing and pivot-table functionality makes it
management tasks, while enhancing reporting and analytics tools. eliminates duplicate license costs. easy to prioritize and respond to network
visibility. conditions.

© 2017 RUCKUS WIRELESS, INC. 6

TITLE GOES
Virtual HERE
SmartZone -DATASHEET
Essentials DATA
DATASHEET
SHEET
SUB-TITLE
Scalable GOES
Virtual HERE
Wireless LAN Controller

SUPPORTED CONFIGURATIONS
Managed APs • Up to 1,024 per vSZ-E
• Up to 3,000 per cluster of 4x vSZ-E

Client Devices (UEs) • Up to 25,000 concurrent session per vSZ-E

• Up to 60,000 per cluster of 4x vSZ-E

WLANs • 2,048 per vSZ-E

Controller Expansion • Up to 4 controllers in N+1 active-active mode, supporting non-disruptive capacity expansion.

Controller Redundancy • Distributed data preserving with N:1 redundancy

# OF APS # OF CLIENTS vCPU (Core) RAM (GB) DISK (GB)

100 2,000 2 15 100
1,024 25,000 8 23 250

MODEL DESCRIPTION
L09-0001-SG00 AP management license for SZ-100/vSZ 3.X, 1 Ruckus AP

L09-VSCG-WW00 Virtual SmartZone 3.0 or newer software virtual appliance, 1 instance, includes 1 AP license

S01-0001-1LSG Partner WatchDog support per SZ/vSZ AP, 1 YR

S01-0001-3LSG Partner WatchDog support per SZ/vSZ AP, 3 YR

S01-0001-5LSG Partner WatchDog support per SZ/vSZ AP, 5 YR

S01-VSCG-1L00 End user WatchDog support - vSZ-RTU, 1 YR

S01-VSCG-3L00 End user WatchDog support - vSZ-RTU, 3 YR

S01-VSCG-5L00 End user WatchDog Support - vSZ-RTU, 5 YR

Copyright © 2017, Ruckus Wireless, Inc. All rights reserved. Ruckus Wireless and Ruckus Wireless design are registered in the U.S.
Patent and Trademark Office. Ruckus Wireless, the Ruckus Wireless logo, BeamFlex, ZoneFlex, MediaFlex, FlexMaster, ZoneDirector,
SpeedFlex, SmartCast, SmartCell, ChannelFly and Dynamic PSK are trademarks of Ruckus Wireless, Inc. in the United States and
other countries. All other trademarks mentioned in this document or website are the property of their respective owners.
17-4-A

Ruckus Wireless, Inc. | 350 West Java Drive | Sunnyvale, CA 94089 USA | T: (650) 265-4200 | F: (408) 738-2065
ruckuswireless.com