Wireless flexibility
Bluesocket gateway solves crucial wireless network access issues
IN MANY COMPANIES, there is a fundamental problem with providing wireless access to both employees and guests. How do you provide secure wireless networking to your staff while also providing wireless access to the Internet and to external e-mail services for nonemployees?
With most wireless security solutions, the only way to accomplish that is to provide a separate wireless access point for guests to use, complete with a separate network segment. Then you have to hope that the guests know how to attach to the open access point.
Bluesocket’s WG-1000 Wireless Gateway solves that problem, along with a number of others related to providing secure access to a company’s wireless network. The WG-1000 can provide different levels of access to different groups of employees, then limit that access to specific services, limit bandwidth, and even require that a particular user name and password be tied to a specific MAC (media access control) address as a way to enhance security. Even better, the WG-1000 allows users to roam between subnets, enabling operation between buildings in a campus environment, for example.
The Bluesocket WG-1000 is a 1U appliance running a modified version of Linux, with management access through a secure browser connection. The initial setup of the WG-1000 is almost a nonevent: You attach it to your network and turn it on. The device gets a DHCP address, which it displays on its LCD front panel. You browse to the displayed address and you can make whatever changes you wish, such as setting the WG-1000 up with a fixed IP address or telling it whether you want it to act as a DHCP server, handle network address translation and DHCP relay, and the like.
After the installation, you must define security groups and the services that will be available to each group, then assign users to each group. If you wish, you can use an external authentication server to provide the WG-1000 with the security information already available on your network — Bluesocket supports RADIUS, LDAP, Active Directory, or Windows Domain. It also supports RADIUS accounting.
Users can connect to the network through the WG-1000 using an IPSec tunnel, PPTP, or they can connect in the clear. Setting up the security levels, services, and bandwidth for each group involves a series of pull-down menus and table entries. The process can be tedious, but if you have enough users for it to become an issue, then you probably already have an authentication server that can eliminate the tediousness.
Users who don’t require authentication will see little evidence that they’re even using the WG-1000. All they’ll notice is that they can use their wireless connections wherever they might happen to be.
For everyone else, the only evidence of the WG-1000’s presence is the requirement to log in and be authenticated. Afterward, even if they roam around the building or the campus, they’ll stay connected to the network. The WG-1000 allows roaming across separate network segments, and movement of an IP address around the network is handled by communications between the gateways.
By doing this, Bluesocket improves on the standard 802.11b roaming capability, which requires you to stay within the same subnet. While you still have to create separate segments of VLANs (virtual LANs) for Bluesocket, they don’t all have to be the same segment or VLAN, and that is a big improvement for wireless network manageability.
We did notice during our testing of the roaming feature that the WG-1000 cannot handle broken connections. In other words, if you happen to roam widely enough that you’re beyond the reach of the radio signals from any of the access points, you may have to be re-authenticated when you come back into range. The user would then have to re-enter his or her name and password.
As you’d expect from this kind of product, it’s basically neutral in regard to what sort of wireless APs (access points) are connected to it. In fact, you can connect wired nodes if you desire, meaning that you can have an Ethernet port in an exposed public area, and still require strong authentication before anyone can use it. Our testing included 802.11b equipment from Enterasys, an 802.11a AP from NetGear, and a Bluetooth AP that we’re not allowed to mention because its manufacturer says it doesn’t actually exist.
All worked fine, which supports Bluesocket’s claim that their products work with most types of wireless APs.
The WG-1000 also inhabits the same market as NetMotion Wireless’ Mobility product(see ” The Seamless Edge “), and comparing the two is a natural response. However, Bluesocket need not worry about measuring up to the NetMotion product’s positive review.
For one, the WG-1000 is a superb solution to the thorny issue of wireless security. It truly provides the authentication, encryption, and control that IT managers need to protect their networks.
Second, the two products are not really competitive. They do some of the same things, but they work differently and are used for different purposes and in different environments. We can think of plenty of instances in which you’d want to use both products at the same time.
