Security software

IT Managers Ignore Wireless at Their Peril

Wireless communication, once the domain of broadcasters and carriers, is now available everywhere we work, play, study, dine and drink coffee. These days wireless also seems to be equipped in every imaginable device, including toys made by the likes of Fisher Price. The technology can also be thanked for eliminating what was once the common eyesore of Ethernet cable carpets.

Wireless has become an ubiquitous service, not just one of convenience. On a typical morning commute, more often than not, a myriad of blinking mobile Internet dongles and illuminated iPhones glow aboard buses and trains as workers link in to the office, or digest their morning news.

New breeds of business have emerged, comprised of roaming staff that connect to headquarters via wireless, while others use the technology to free employees from the shackles of their individual cubicles. It has made the Web more convenient and accessible, and created new expectations where websites can only be the best if they cater to handheld device screens.

The technology has moved from public obscurity to a place in front-line politics, with major political parties planning to roll out the technology across hundreds of thousands of kilometres to bring regional Australia into the 21st Century. Within enterprises, the wireless network allows staff to replace desktops for laptops, use their smartphones for work, and provide secure and separate Internet access for visitors. Wireless is a CapEx goldmine for offices with fewer than 100 staff, too, because it offers a means to provide voice and data access without the need to punch holes through walls to lay down Ethernet cables. But there are limits, for while the upfront installation costs are much less than wired connectivity, the decision must be balanced against the technology's slower speeds and higher latency.

IEEE 802.11 is a set of WLAN standards that span the 2.4, 3.6 and 5GHz frequencies, governed by the Institute of Electrical and Electronics Engineers (IEEE). The first amendment in 1999, dubbed 802.11a (or simply .11a) incorporated orthogonal frequency division multiplexing technology to boost network speeds in the 5GHz band to between six and 54 megabits per second (Mbps). 802.11b followed months later with a new set of spectrum technologies that would be surpassed within four years by .11g after multiplexing technology produced .11a speeds for the popular 2.4GHz band.

While continually improving, most speed ratings for networking devices are over-inflated, and indicate the theoretical maximum data rate, rather than the throughput users receive. Good cabling, architecture and avoidance of radio interference help improve speeds. The most recent amendment, .11n, was ratified in September 2009, although vendors had sold the technology for years beforehand under the "draft" and "draft 2" disclosures. The much-anticipated technology defined the use of high throughput radios that can support theoretical raw network speeds rates as high as 600Mbps. The amendment builds on a string of forerunner standards with the inclusion multiple-input multiple-output (MIMO) antennae and 40MHz channels to the physical layer, and frame aggregation to the Media Access Control (MAC) layer. Like .11a, the newer standard offers businesses the ability to use the 5GHz band, which in most cases has far less interference than the 2.4GHz band that competes with Bluetooth and microwaves. Both bands are accessible under the dual-mode .11n standard. Turn off the 2.4Ghz spectrum, however, and your new iPhone 4 (as well as most portable devices) will not connect.

The .11n standard brings more speed, throughput and uses cleaner spectrum bands, but also introduces new challenges to deployments in existing wired networks, AirSpy Training founder, David Coleman, notes in a research paper.

"Using standard Power over Ethernet (PoE) to remotely power access points may no longer be possible [with .11n]," the paper reads.

WLAN manufacturers have since built in support for Power over Ethernet while delivering .11n wireless, but Coleman warns other problems remain with the standard. "The increased bandwidth from multiple 802.11n access points might also create backhaul bottlenecks anywhere from the access layer to the core layer of the wired network infrastructure."

He notes in the research that there may be design challenges with running .11n alongside a/b/g transmissions and points to new security considerations that may have to be addressed with intrusion detection systems. Coleman says .11n is also immune to data corruption from the radio frequency phenomenon known as 'multipath', which corrupts data travelling over earlier 802.11 standards, and causes TV broadcast images to become offset and fuzzy. The next standard in line, amendment .11u, is a plan to standardise user access based on a relationship with another external network, meaning agreements could be forged between wireless hotspots, or access could be restricted to limited services between an agent and device. American telco consultant, Bill St Arnaud, wrote that the standard will "improve the experience of a travelling user who turns on a laptop in a hotel many miles from home. Instead of being presented with a long list of largely meaningless Service Set Identifier (network names), the user could be presented with a list of networks, the services they provide, and the conditions under which the user could access them."

Standard amendments .11k and .11r improved transitions of networked devices over wireless networks. The former defined a new way to distribute traffic to access points (APs) that overthrew the former process whereby each device jostled for the closet AP with the strongest signal. That process fell over when too many devices flooded the AP and left others underutilised, degrading network performance. The .11k amendment would flick extra devices to empty APs, regardless of whether the signal was weaker, meaning better throughput in the end. The latter standard, .11r, sped up device swapping that occurs between APs as a device travels through a WLAN. The swapping process became complex and slow after the introduction of IEEE amendments such as Wi-Fi protected access and .11x, and the rising popularity of smartphones.

Access points (APs) are often the most expensive part of WLAN deployments. The devices boost network capacity and coverage, but additional redundant APs can add expense and increase management requirements. Thin APs relay network management to centralised controllers, and peaked in popularity over WLANs built on the earlier 802.11 wireless standards. The essentially dumb terminals are particularly attractive for large-scale deployments that require hundreds or thousands of the devices because they cut down on the cost of monitoring and upgrading fat APs, which carry packets between wireless and wired networks and are self-contained and fully-functional.

Thin APs can run through Power over Ethernet and may reduce human error even on small networks, but they present latency issues, which Gartner notes can be problematic for enterprises. The firm reports that centralised controller configurations can result in "round-trip" delays when retrieving data from corporate servers as remote users become more distant from the data centre.

Gartner also notes that some 40 per cent of APs shipped to midsize and large enterprises last year were stand-alone and were installed often in branch offices for small WLAN coverage areas. Yet, some pundits predict a resurgence in fatter APs in line with the introduction of .11n. Telsyte research director, Foad Fadaghi, says the standard offers better throughput and does not require the same level of centralisation of the older .11 technologies. He says .11n APs can identify optimal location plots, run spectrum analysis to check for spectrum interference, and automate traditionally painful manual settings like tweaking transmission frequencies.

"We have seen a trend in managing more fat APs in many deployments," Fadaghi says. "The advantage it has over .11g is management because it makes it easier to deploy and handle networks."

He predicts organisations will trend towards a hybrid architecture of fat and thin APs, especially those transitioning from older network architectures that do not want to discard hardware.

"The new functionality is a clear future for WLANs," Fadaghi says. The rise of smartphones and their fall in price will also buttress demand for more function-rich WLANs.

Charles Sturt University dropped $1 million coupled with an equal Commonwealth government grant when it started its .11n WLAN deployment last year. The university's 2500 students are served by some 200 APs that range from denser groups of small and aesthetic indoor boxes, to scattered, weather-hardy outdoor APs. It is a challenging deployment, operations director Philip Roy says, because each of the 35,000 students must have consistent, secure access in every inch of its five campuses in Bathurst, Wagga Wagga, Albury, Dubbo and Orange. So far, only Bathurst has the Motorola-based network, but the rest will follow. The .11n network replaces a WLAN based on scattered hotspots, and also covers neighbouring student residences. Roy had shunned the trend of converging wired and wireless networks and instead drove a wedge between the two so as to be able to manage them independently.

"They are different, and it has made sense to manage this huge wireless network on its own," Roy says.

There is an aspect of federated identity between the two networks, because each student is automatically registered for both wired and WLAN access based on student numbers. Access rights are decided against a list of criteria, after which students are permitted to use privileged areas. The network, protected by Wi-Fi Protected Access 2 (WPA2) security, also has a secure portal access for certain handsets that can't handle the more complex security protocol, which also warns users of the elevated risks. Securus Global practice manager, Declan Ingram, says the threats from intrusions and interference to WLANs are less transparent than those that affect wired networks. "While most organisations are using WPA and securing that layer, sometimes they forget the need to secure other systems accessible from the wireless network [such as] firewalls and servers and so on," Ingram says. "Without thorough testing, these sorts of vulnerabilities are often not found until it is too late."

The adage 'measure twice, cut once' could be applied to big WLAN deployments like that at Charles Sturt University. Roy and a team focused on the business case and requirements, and left the technology to integrator Cirrus Communications. He selected a diverse cross-section of the university to run a pilot test, which covered device- and traffic-heavy lecture halls, to open and varied outdoor terrains, and told the integrator to make it happen. They did, and the pilot was essentially repeated across the grounds.

Roy says others looking to deploy a similar WLAN, even on a small scale, need to focus on network expectations and must get building blueprints early.

"The wrong materials in the walls can stop wireless dead," he says. Cirrus Communications chief executive officer, Dr Eric Heyde, says the university was difficult to plan because of geography and different access densities. "High density can often result in bottlenecks for wireless networks," he says. "You only have to look back at how (Apple CEO) Steve Jobs struggled during his iPhone 4 launch presentation because too many devices were congesting the wireless network."

Market trends point to a rising popularity in WLANs, indicating that businesses should place the technology on an equal footing with other wired infrastructure and provide users with the access they demand. Gartner reports global sales of WLAN technology churned US$485 million in the first quarter of 2010, a one per cent decrease since the preceding three months, yet a 36 per cent spike since the same period last year when the financial crisis emptied corporate coffers.

It has been a particular boon for devices based on the .11n standard. Some half a million enterprise .11n APs were shipped in the first six months of 2009, while a whopping 7.7 million devices geared for small businesses and consumers were sold by the end of the third quarter, according to ABI Research. The standard accounted for about 19 per cent of WLAN access point shipments last year, and is expected to tip 32 million sales and half of the total sold in 2010. Shipments of APs based on the standard were shy of eight million during 2008.

Vendors have driven sales of .11n devices since 2008, ahead of its official ratification. Access points can now be picked up for around US$500, and some vendors are pushing up prices and reducing production of a/b/g standard devices in what Gartner notes is a move to encourage adoption of the new technology. Sales of the forerunner technology will ebb but slowly, as businesses continue multi-year deployments.

ABI Research associate Khin Sandi Lynn says vendors are trying to gain market share with products that bolster coverage reliability and are cheaper. "Price competition will attract more organisations that have not yet moved to .11n," she says.

Subscribe to the Daily Downloads Newsletter

Comments