Wireless LANs at the office

Although deployment of wireless LAN networks has been a roaring success off campus — especially helpful for field force workers and in warehouse or distribution spaces, as IEEE 802.11x gets deployed on campus in the heart of the enterprise — IT managers may discover that populating an office space with wireless has some unique challenges.

If the entire company does not have access to the network over a WLAN, senior management may find themselves in the unenviable position of trying to explain to some users why they have been left out. And as is often the case, one decision that hasn’t been thoroughly thought through usually opens the door to more problems.

However, concerns such as roaming, interoperability, and security must be addressed with management tools, not just the technology alone, and the management capabilities of WLANs, while not as robust as the wired network, are evolving rapidly. The problem is that managers typically lead with the hardware decision, and management of the technology becomes an afterthought, according to Eric Hermelee, vice president of marketing at Wavelink in Kirkland, Wash.

“Deciding on what hardware to buy is a commonly misunderstood starting point. Management should be done up front,” Hermelee says.

Vexed by interoperability

Management issues extend far beyond a WLAN’s initial rollout and daily maintenance. For example, a technically savvy employee not included in the first round of WLAN access might take matters into his or her own hands and deploy his or her own rogue AP (access point). In addition to compromising the overall security of a network, if there are enough rogue APs on the network, quality of service will suddenly and inexplicably take a nosedive.

What if, after hue and cry from the have-nots, senior management decides to rethink its original decision and open up the wireless network? Now the network administrator has to upgrade the APs, which were artfully and painstakingly placed above the ceiling tiles.

Unless the software purchased with the hardware has a feature allowing a WLAN administrator to centrally upgrade the system, the ceiling tiles will have to be removed and each access point unearthed and flashed individually. That brings the total cost ownership numbers up a notch or two.

Perhaps after a year of deployment, the decision is made to add more nodes to the network. A network manager trying to be a good corporate citizen may put out requests for bids on the hardware. Unfortunately, one of the largest and least-discussed issues around IEEE 802.11x, also known as Wi-Fi, is the lack of interoperability among vendors’ products.

“Vendors have developed unique ways to secure their WLAN platforms. As a result, a Proxim [AP] system doesn’t work with a Cisco AP. Access points, beyond the base spec, are not particularly interoperable,” notes Rob Enderle, senior analyst at Giga Information Group in San Jose, Calif.

And it gets worse for global deployments, especially with IEEE 802.11a, the follow-up to 802.11b technology; 802.11a runs at a more desirable 55Mbps as opposed to 11Mbps.

“What works [as IEEE 802.11a] in the States doesn’t work in Great Britain, and what works in Great Britain won’t work in Germany, and what works in Germany won’t work in Spain,” Enderle adds.

The IEEE 802.11h subcommittee on interoperability is addressing this issue, working on a single interoperable specification for 802.11a and the HyperLAN II standard used in many European countries. Although IEEE subcommittee plans to propose this single interoperable spec before the end of the year, it is still a long way from final approval and adoption.

Roaming is another problem unique to a campus situation. In a warehouse, a single wireless network usually suffices, but the corporate facility environment by its very nature is different. Over the last 10 years IT has found it far easier to create subnetworks within an enterprise, rather than a less-secure single, flat network, resulting in individual subnets created for each department such as finance, marketing, and research and development. And of course, each department usually has its own geographic space within a building.

Adding WLANs to this mix introduces another management issue: What if a user is summoned to a conference room out of his or her subnet?

“The difficulty with roaming across subnets goes back to when TCP/IP was designed. Because the ID of the network became a way of identifying the application source it is coming from, the application is associated with the IP address. If the IP address changes, as it does when you roam across a different subnet, the user is disconnected from the application,” says Emil Sturniolo, chief scientist at NetMotion Wireless in Seattle.

NetMotion Wireless addresses this problem by creating a single, virtual address for the user so that as the user’s actual IP address changes while roaming, the single virtual address keeps the user connected, Sturniolo adds.

After security, the single biggest reason customers come to Vernier is because it has a roaming solution across subnets that allows users to move seamlessly from one to another without breaking the connection, says Julian Richards, senior director of product marketing at Vernier Networks in Mountain View, Calif. If roaming is not addressed, “[and] you move to another subnet, your open session will break. If you are talking on the phone using voice over IP or watching a video [and change subnets], you will have to reconnect” creating a frustrating situation, he adds.

Roaming will also take center stage as public access hot-spots begin to merge with wide area wireless networks. If the wireless carriers are to gain user acceptance for data over cell phones, they will have to find a way to switch users between IEEE 802.11x at an airport and wide area networks as the traveler drives away without losing the connection.

“After all, by rolling out a wireless network you are encouraging users to roam around,” Richards says, adding that he believes roaming will become an even more important issue as PDAs get WLAN capability.

Central control questions

Another critical managerial issue found on campus is the question of how fine a manager can tune access control. For example, in an academic organization a manager might want to be able to create a policy that said during exam week, during specific hours, and in certain locations, the class of users designated as “students” will not have access to instant messaging.

Most out-of-box WLAN management software from hardware vendors is not yet capable of this kind control; when it is available, enforcing a new access policy often requires that each AP be changed individually.

To address the need for better central WLAN control, Vernier offers a two-tier solution that includes boxes at the edge that the APs plug into, Richards says. It also has a central access server that talks to the companies directory services and uses that to manage, control, and change access.

Symbol Technologies, based in Holtsville, N.Y., announced earlier this month its solution for central control of WLANs as well. Using a so-called wireless switch — not actually wireless but cabled to the wireless APs — Symbol’s Mobius uses dumbed-down access ports rather than access points and puts all of the intelligence into the switch that connects to the network. With WLAN management centralized on a switch, network managers will have a systemwide view of the network on their console and a far easier way to manage a distributed WLAN.

On the down side, of course, a single point of control also becomes a single point of failure (see ” At the wireless edge “). To sidestep this potential problem, companies such as Symbol and Vernier plan to build redundancy into the next version of their systems, according to sources.

The speed factor

Part of WLAN management is also vulnerability prevention. Although the threat of rogue APs sounds dangerous, they are easily identified using management software from Cisco, Symbol, Proxim, or Wavelink. All of these applications log the MAC (media access control) layer of each AP and can quickly identify an unknown address. In addition, products called sniffers — nothing more than an air card in a portable device — can be used to find each unauthorized AP and pinpoint its location.

Despite all the challenges in deploying and managing a wireless LAN on campus, there are benefits. While most industry experts agree that the ROI of wireless in the enterprise is more difficult to quantify, Bruce Sanguinetti, president and CEO of Palo Alto, Calif.-based Bermai, which makes a single-chip IEEE 802.11a and 802.11b solution, sees some real pluses in terms of productivity and speed of response.

In Bermai’s case, Sanguinetti says the company doubled the size of its office, tripled the number of T1 lines, and added VOIP. With the help of the wireless network, Bermai was able to coordinate all its efforts, add more nodes to the network more quickly, and have everyone up and running — and back to doing business — more quickly.

“WLANs take the urgency off the back of IT by giving them an augmenting, wireless backbone so that they can move, adjust, enlarge, and shrink the network more easily,” Sanguinetti says.

“We had VOIP telephones, laptops, desktops, and lab equipment all connected within an hour. If we had to cable it and [get] a T1, we’d still be waiting,” Sanguinetti adds.

Return to Special Report: Wireless network management

Source: www.infoworld.com