Radar requires that one controller host the Analysis Engine, and a data collector application, is installed on each controller. The data collector receives and manages the RF scan messages sent by each AP. The data collector forwards to the Analysis Engine lists of all connected wireless APs, third-party APs and RF scan information collected from participating APs.
The Analysis Engine processes the scan data from the data collectors through algorithms that make decisions about whether any of the detected APs or clients are threats or are running in an unsecure environment (for example, in ad-hoc mode).
APs must be part of a Radar scan profile to participate in WIDS-WIPS activity. A scan profile is a collection of WIDS-WIPS configuration options that can be assigned to appropriate APs. The actual configuration options depend on whether the profile is an In-Service or Guardian scan profile.
The Analysis Engine relies on a database of connected devices on the Extreme Networks ExtremeWireless system. The database is basically a compiled list of all APs and clients connected to the controller. The Analysis Engine compares the data from the data collector with the database of known devices. For more information on enabling the Analysis Engine, see Enabling the Analysis Engine.