Wireless networks are becoming more popular in smaller companies, but how can enterprises overcome the implementation challenges? Danny Bradbury reports.
For an industry that has historically concentrated on staying connected, it is ironic that the focus today is on removing physical links altogether. The wireless networking community is now preoccupied with cutting the cables. The benefits for home and business users are clear. But the bigger the company and the more complex its infrastructure, the more challenges it has to overcome before it can enjoy those benefits.
Hotdesking is one way of maximising the return on investment of a wireless Lan. Companies with many mobile staff such as salespeople who return to the office sporadically, or who move between offices, will find WLans useful because they can minimise the fixed network resources that they need to provide for employees. It is easier to provide desks for occasional use in a cost-effective way when you do not have to cable them together for network use.
But connecting buildings together, rather than the people in them, is the clearest example of an enterprise-specific application for WLans. Companies such as Proxim are providing wireless bridges designed to work between buildings in a campus environment. Ian Shepherd, solutions manager at networking consultancy Telindus, has installed a number of WLans for corporate clients. He says although there are alternative means of wireless inter-building communication such as microwave links, 802.11 or higher-speed Hiperlan2 connections are cheaper. You do not need a licence for a WLan link, he says, whereas microwave bands require registration.
However, there are some downsides to inter-building WLan bridges. Frequency hopping throughout the 2.4GHz or 5GHz bandwidths used by modern WLan systems can cause collisions. This will not be a problem if two buildings are communicating with each other in an unpolluted range of frequencies, but if WLan bridges are in a densely populated corporate area or campus environment, more collisions could occur. The 2.4GHz frequency is notoriously crowded with signals from other devices anyway, which is a problem you would not get using a microwave system.
Wireless bridges are still rare, and the bandwidth problem becomes more pronounced behind the bridge where numerous clients are sharing a single access point, says Martin Cassidy, regional vice-president and general manager at WLan gateway supplier BlueSocket. The shared nature of the medium, combined with its Carrier Sense Multiple Access/Collision Detection-like method of handling packet collisions, means that the true bandwidth on an 11megabit per second network is more like half that, he explains.
Using Wired Equivalent Privacy (Wep) encryption - the most basic encryption mechanism for WLans, which is relatively easy to break - also reduces the network's throughput. With many companies rolling out 100mbps links to the desktop, this could have significant ramifications for an employee's experience on the network. Videoconferencing, internet protocol telephony or applications that require fast network access, such as call centre contact management, could all suffer as a result. Allocating different frequencies in the local WLan spectrum to different clients is one solution, but this creates its own problems. Different frequencies react differently to furniture and building elements such as walls, which is why client devices need to frequency hop.
This problem will be at least partially alleviated by the introduction of higher-bandwidth access points. The European Telecommunications Standards Institute-approved Hiperlan2 standard is one option, although the Institute of Electrical and Electronics Engineers, which manages WLan standards, is hoping to approve an extension to the base 802.11b standard in June. The extension, called 802.11g, will extend the current 11mbps data rate to 54mbps. The advantage is that users will be able to function at a higher bandwidth without moving to the 5GHz frequency required by the alternative high-bandwidth 802.11a standard.
The obvious answer to this problem is to put more access points in the organisation so that the number of users per access point is reduced. This is fine in principle, but it creates its own management problems. Martin Cook, marketing development manager at Cisco, recognises the problem. "Before, if you were using basic access points, it was manageable. You could telnet in or use a web interface on a one-to-one basis. But we are now seeing WLans with several hundred or several thousand access points," he says. This not only draws on the network manager's time but also creates problems ensuring that policies are completely coherent throughout the infrastructure.
Cisco has been adding WLan access point management into its existing network management tools family. Its Ciscoworks Wireless Lan Solution Engine uses template-based configuration in conjunction with hierarchical grouping to help to apply policies to sets of WLan servers. If, for example, the accounts department has different management needs from the marketing team, the access point policies can be set accordingly. The tool also includes monitoring and performance alerting capabilities. It is also necessary to standardise client-side configuration, says Cook, adding that the standards bodies responsible are not addressing such issues. Consequently, implementation is up to manufacturers.
At least the development of the 802.1x protocol has helped to address some of the digital key management problems that plagued Wep. Wep keys had to be changed manually on client machines, making it difficult to scale security systems based on this technology. Apart from increased security, 802.1x also offers administrators the ability to securely update keys across the network, making the process less time consuming. It makes enterprise-level implementation more likely, because companies can make their data more secure. But other problems remain. In particular, inter-subnet roaming is a challenge.
Cassidy says that in a wired building you would probably have a subnet per floor, especially given the range of most wireless access points. You would get an address from the floor you are on, or from a central Dynamic Host Configuration Protocol (DHCP) server. The problem happens when you move between floors (and therefore between subnets); the new wireless access point would not know you, so you would have to re-establish your connection. "It is not elegant. If you are on Outlook e-mail, for example, it would take a while for you to notice it has stopped sending and receiving," he says. "You need to be able to hold the IP address."
This may be true in theory, but in practice most people do not work in this way. Because DHCP servers can be set to issue a short-term lease, you simply reconnect when you move to a new subnet, says Shepherd.
Claus Bjoernsten, regional mobile platforms manager at Intel, says people mostly use WLan facilities when they are at a desk, making the idea of losing a connection en route to a desk less relevant.
There are some applications where disconnections during roaming could present a problem, however. Using a wireless device for IP telephony purposes would not be satisfactory if you lost your connection while walking down the corridor. With companies such as Cisco releasing wireless IP phones, this could become more significant for customers over time.
Many suppliers are implementing their own solutions. BlueSocket holds the IP address of a client across subnets using its own gateway device, which enables it to maintain session state. Cisco takes another approach, according to Cook, using its Proxy Mobile IP technology. This takes the task of IP configuration away from the mobile client, instead letting access points act as proxies. An authoritative access point co-ordinates the whole process, including the management of the mobile client's IP address by other subnets' access points.
Wireless networks are slowly moving from the small office, home office and small- and medium-sized enterprise market to the larger corporate space. As the benefits of such implementations become clear, enterprise IT departments will overcome the challenges detailed here, probably using third-party solutions from companies such as BlueSocket to complement their wireless infrastructure.
The main factor that will slow down adoption, other than a flat economy, is the extensive cabling infrastructure in most offices. Because many buildings are already crammed with cabling, companies will be less motivated to spend thousands of pounds on wireless access points and associated infrastructure. The growth curve will be slower than some suppliers might hope, but it will nevertheless happen over the next few years. Intel's global wireless network stemmed from a drive for a more mobile, notebook-based workforce. After standardising its PC purchasing operation in 1995, the company noticed a lower total cost of ownership for notebook-based workers, who used their PCs for two or three hours more every week than their desktop-based counterparts. The company therefore increased the number of notebooks as a percentage of all PCs from 20% to more than 60%.
To support the move, Intel piloted a WLan in 2001 and is implementing a global mobile network encompassing wireless Lans and public wireless hot spots with virtual private network-enabled clients. This year will see it deploy 802.11b access points and cards across the company, but it hopes to move to a higher-speed standard in time. It has chosen not to use the alternative 802.11g standard when it is ratified because it operates in the same crowded 2.4GHz spectrum as 802.11b. Instead, it will gradually migrate to dual-band 802.11b and 802.11a devices next year.
Unlike Novell, the company will not allow open access to the wireless network. Instead, it will handle security by using specific service set identifiers in its wireless access points, along with machine address code authentication for clients and VPN software. When the 802.11i security standard is ratified later this year, the company will implement that to provide extra network security.
Reasons to be wireless
- Increased mobility makes hotdesking easier
- The emergence of high-bandwidth standards makes wireless Lans more attractive than before
- The rise of public hotspots means that you can extend your wireless Lan outside the enterprise using the same client hardware and software
- Wireless IP phones can increase employee productivity while lowering costs
- Suppliers are introducing management software to make enterprise wireless management easier.
Suppliers are doing their best to accelerate the adoption of WLans. Intel, (which recently teamed up with Marriott to offer WLan access at its hotels) is launching the Centrino low-power processor with built-in Wi-Fi capabilities. Cisco is licensing its security and management software under the "Cisco Compatible" programme to help chip makers and other third parties make their wireless implementations compatible. Meanwhile, many suppliers began interoperability testing last month on the Wi-Fi Protected Access (WPA) standard, which promises enhanced security for the 802.11b protocol. WPA will be superceded by the 802.11i security standard, due for ratification later this year.
Novell's wireless network
Novell executives waiting for their jets at the airport hangar in Provo, Utah, can surf and gather e-mail using a wireless network. The WLan connects via a wireless network bridge to a larger WLan at the company's headquarters a few kilometres away. This is just one Lan in a network of wireless Lans spanning Novell offices across the world. In total, 6,000 devices including laptops and personal digital assistants connect to 500 access points in the global infrastructure.
John Adey, regional chief information officer for Novell, explains that certain groups, such as developers, have not yet migrated to the 802.11b network because of bandwidth considerations. Nevertheless, 80% to 90% of staff use laptops, he says, and all notebooks purchased now include a wireless option. The firm handled roaming by putting each office on its own subnet, while the management overhead was circumvented by doing away with Wired Equivalent Privacy encryption altogether. The technical team responsible for rolling out the network minimised the associated security risk by restricting access to the internal company network through a browser-based portal, managed by its iChain security product. Neither machine address code authentication or encryption are used on the open network, so that any wireless user coming into contact with the network can surf the internet on it.
Although many offices have structured cabling, newer ones in Japan are completely wireless. As more of these offices are established, the cost benefits will become clearer, says Adey. Moving to a wireless office has reduced networking costs to roughly $30,000 (£19,000) from an average of $250,000. "If we move out of one office to another one, we can take most of the kit with us," he says.