Get on the path to secure roaming

There is a lot of talk about the opportunities offered by mobile networks, but finding a secure, cost-effective approach for business can be a challenge

Keith Inight marvelled at the powers of modern technology when he logged on to a 3G network using the card in his laptop. He wanted to do all of the things he would normally do - check his e-mail, browse the news, and so on. But before he could do all that a server somewhere decided that it wanted to send his laptop some updates. A few hundred megabytes of them, in fact. Given that he was in Brussels at the time and not on his home network, this was not ideal. "Technically, it worked fine, but the bill for roaming was unbelievable. It ended up costing hundreds and hundreds of pounds," recalls Inight, a senior architect at Atos Origin.

The problems with mobility

For all the talk about mobile communications and the enterprise, companies can find some nasty surprises along the way. Creating a mobile network can improve employee productivity and have an impact on top line performance, but the components of that system, from the application down to the employee at the endpoint, need careful management.

And as with all technology, it starts with the users, says Inight. "Mobile users come in all sorts of flavours. You have mobile business users, all the way through to the gas repair man," he says.

The type of user that you are serving will have an effect on the components of your network such as the transport layer, the amount of application logic in the endpoint and the nature of communication, such as batch or streaming data.

Gwyn Smith, technology leader for mobile at Computacenter Services, breaks users down into three categories: flexible workers, knowledge workers and task workers. The flexible workers have no fixed desk and are typically supported by a conventional laptop or tablet PC. "They expect an office-like experience wherever they want to be," says Smith.

But it is easier to demonstrate return on investment for a flexible worker than for a knowledge worker, who can be most demanding and difficult to tie return on investment to. On the other hand, you can usually demonstrate a clear return on investment for task workers like field engineers, who carry out regular, repetitive activities.

"For example, you can demonstrate that if you give a system to a person and use it to schedule him, he can take on two more jobs per day," he says.

Applications always have to be configured for users, but now you will have to configure them for the network, too. "In the real world, there is nothing always-on about an always-on network. Buildings are made of brick, and you will be in basements. The smart approach is to take that into consideration when you are building your system," Smith says.

Tailoring your application to cope with an unreliable network is a critical factor, especially when that software normally conducts transactions over a healthy, low-latency local area network (Lan).

Mobile extensions products

Several companies produce mobile extensions for their networks that may satisfy your needs, but they are not always suitable. The Tennant Company, which manufactures floor cleaning equipment, discovered this when it began implementing its US-based network.

Joel Smollen, IT manager for the company, says that the SAP user decided not to go with the firm's own mobile extensions. Instead, it used a third-party provider called Dexterra, which sold service scheduling software that connected with the SAP back-end.

"When we made the decision, SAP's mobile client was very heavy on the client and the network. Knowing that we had limited network resources and that there would be regional variations, we did not want to risk having that data going across the network," Smollen says.

Dexterra acts as middleware. It distributes transactions issued by the server application across the mobile network to laptops in the field. Such middleware does not need to do any significant in-stream processing, but instead serves as a proxy client, shielding the back-end server from the unreliable, sporadic connections likely on the mobile side.

Where you put that middleware can depend both on the operator's and the customer's own security considerations. Paul Stonadge, head of Vodafone professional services, says that some customers are happy to use the middleware product that the operator provides as an off-premise service, hosted in its network operations centre.

"But some customers require deployment of the system behind their firewall. There are different ways of doing that, such as a virtual private network (VPN), IP security, leased line and so on," he says.

But be wary of the network operations centre, warns Inight. It is the perfect chance for the operator to layer services on top of the basic pipes that they are providing, probably at a premium.

"What they would love to do is build all sorts of things on top of that network operations centre, such as e-mail scanning," he says. Security is not the only reason that you might want to think about deploying network services such as middleware, e-mail scanning and other things like web filtering behind your firewall. Cost could be an issue, too. It is a trade-off.

"There is no straightforward answer for this. It depends how much technology you want to manage yourself," Stonadge says.

Managing the transport layer

But one thing that you will not be able to manage yourself is the transport layer. The fundamental value that the operator provides is the network of base stations providing both bandwidth and regional coverage. Choosing which network service to use will depend not only on the type of data that you are sending, but also on the way that you have crafted the software on the client.

It is a rare customer that will try operating a mobile network over 2G GSM networks these days, says Stonadge. Instead, 2.5G will give you roughly 48Kbit/sec of usable data. Moving to its 3G network will give you somewhere around 300Kbit/sec, while its High-Speed Downlink Packet Access (HSDPA) based 3G broadband downlink peaks at 1.4Mbit/sec, with an uplink of around 300Kbit/sec.

Experts say that speeds will eventually rise to around 5.5Mbit/sec in real terms. It is difficult to see how this would be useful unless you are focusing on data-heavy applications like video, or knowledge workers with enough management clout to justify the cost of a desktop-like experience on the road.

Tennant opted for the high-speed Evolution-Data Optimised network in the US to help ensure its success. "That is because it is where we launched initially, and we were not certain of the data volumes that we would achieve," says Smollen, who adds that the project proved it could handle services in Europe using 2.5G GPRS services.

"Universal Mobile Telecommunications System (3G) is not widely deployed outside major metropolitan areas," Smollen says of Europe. It finished the roll-out on this side of the Atlantic in January 2006.

One way in which Tennant optimised the network was to put some intelligence in the client-side software that minimised the need for chatty traffic across the network. The firm holds minimal data on the client PC, such as parts lists, a basic set of customer profiles "owned" by the relevant engineer, and service order information.

This information can then be exchanged with the server in batch mode, making it possible for engineers to continue working even when in a basement or some other area where the network is inaccessible.

In enterprise mobile deployments, the decision to transfer data in batch mode is more of a network availability and efficiency issue than a tariff issue. Considerations about whether to pay for data by the megabyte or by the minute are largely moot at this level, says Stonadge.

"One thing that worked well in mobile e-mail and which is carrying over into applications is to have a set service fee for the application itself. That then takes out of the equation anything to do with the specifics of data volume and how it changes monthly. It is a much simpler per-seat pricing model," he says.

That will be welcome news to IT directors who want to whittle variable costs out of their budgets. It will be less welcome, however, for those cost-conscious IT departments unwilling to pay the inevitable premiums that such pricing models will layer on top of basic operating margins.

Depending on your service provider, endpoints can be potentially made smart enough to choose the most appropriate available network based on criteria such as required speed, cost, and provider. Some operators ship software that will switch automatically between Wi-Fi, hotel dial-up, or cellular networks based on these criteria, which is something that may have made Inight's Microsoft patch less financially painful.

Security issues with Wi-Fi

However, not everyone is comfortable with Wi-Fi. Smollen sees it as too insecure for vertical applications where customer data is being exchanged, for example, and will not allow his system to operate over it. It is one of a series of security decisions that companies must make when securing the network and the endpoint.

Dealing with lost or stolen endpoints is a problem that being automatically connected to a mobile enterprise network can help with. Several operators now offer facilities to automatically wipe a handset that has been reported as stolen. This is more difficult with laptops, but not impossible. Absolute Software offers Computrace, a laptop protection system claiming remote data wiping among its features.

Locking down the laptops with tools that prevent USB key access, and perhaps even general internet access can be a good way to tighten up security, although you then have to ask why field engineers would not simply be given a cheaper and less functional handset to work with.

Smollen argues that he wanted to keep the company's options open for future developments on the network. He hopes to add more functions and services as the system beds in.

That, more than any discussion of data rates, middleware location or service tariffs, is perhaps the biggest lesson to take away from any discussion of enterprise mobile networks. Future-proofing is key. Many companies are only just probing mobile computing at a horizontal level, equipping managers with Blackberry devices to make them more productive with e-mail, for example.

After companies get used to these first steps, they may begin exploring other possibilities such as access to customer relationship management and other corporate applications.

Hosted small business CRM and enterprise resource planning provider Netsuite knew what it was doing when it produced a version for Apple's iPhone shortly after the device's launch. We are only a short way down the mobile road, and we have a long way to roam.

Read more on Wireless networking