- Apple's AirPlay wireless content streaming doesn't work when Apple clients and Apple TVs are on different IP subnets, which is a feature of most enterprise networks.
- Bonjour technologies "do not work in a scalable, sustainable fashion between different IP subnets," and workarounds such as Wide-Area Bonjour (DNS-SD) and Dynamic DNS have scaling and security problems.
- Many education institutions routinely disable IP multicast, an essential part of Bonjour.
- Apple TV doesn't support WPA2-Enterprise authentication and encryption, and its single-password security is hackable.
For some of these problems, there are workarounds, but they entail redesigning networks, creating dedicated networks for Bonjour/AirPlay connections, and the like. Some commercial products are appearing from WLAN vendors to address Bonjour shortcomings. Aerohive announced in March its Bonjour Gateway, which makes advertised services available throughout an entire layer-3 network. Aruba's AirGroup feature, also announced in March and due to be released later this year, lets the WLAN controller listen for Bonjour's multicast DNS messages, identify the users and their access privileges, and direct the request to a nearby Apple AirPrint printer, for example.
Yet not everyone agrees with the petitioners' assessment of Bonjour. The protocol is very well designed for what it is in fact designed to do, says Benjamin Levy, principal with Solutions Consulting, a Los Angeles technology services firm that specializes in enterprise Apple deployments. The problems identified by the petitioners "identify the specific strengths of, and reasons for, Bonjour as weaknesses," he says. "It wasn't designed to cross subnets, and its method of discovery uses multicast and multicast DNS, so, umm, huh? Remember that Bonjour is really ZeroConf and Zeroconf is open. It's not just Apple devices."
"Bonjour was intended as a lightweight resource discovery mechanism for a local area network without needing to set up a directory service," agrees William Green, director networking and telecommunications, at University of Texas at Austin. And that's the point, he adds. "Enterprises consist of many local area networks - we have over 3,500 - so those discovery mechanisms do not work well, or at all, depending on routing," he says.
Levy notes that Apple TV's lack of WPA2-Enterprise support isn't related to Bonjour and AirPlay and can be fixed by Apple updating the device's firmware. "In that event, what they're really making is a feature request, and Apple pays attention to those," Levy says. "I think Apple would pay very real attention to feature requests that move more Apple TVs into boardrooms and classrooms as viable replacements for projectors and so on."
UT's Green again agrees. But the lack of WPA2-Enterprise support is one more missing piece in Apple's whole enterprise networking puzzle. "The lack of support is a problem for enterprises that track people individually via WPA2-Enterprise," Green says. "Some schools go as far as to drop them on different networks and provide them different services based on their login ID. We do not do that at my institution, but we do account for their actions and quarantine that way."
Education IT groups clearly are tired of having to constantly and awkwardly work around Bonjour.