Enterprise WLAN Grows Up

Executive Summary: With 60 percent of enterprises upgrading or deploying wireless local area networks (WLANs) in 2005, comprehensive management of the wireless network is a top priority to limit burgeoning operational costs. A lack of standards has confused the market resulting in a vendor mix of proprietary and open solutions heavily dependent on hardware capabilities. What to do? Get a WLAN management solution, but do so with an eye to what network management vendors like Hewlett-Packard (HP), IBM, and Computer Associates (CA) are doing as they ultimately will consolidate wired and wireless network management.

Deployments Grow, WLAN Management Advances

WLANs are graduating from employee-initiated deployments to centrally managed networks albeit separately from the wired network currently. Without holistic management, operational costs of these networks grow proportionally with the number of access points. Why all the attention on administration and management now?

  • Enterprises are increasing deployments. Sixty percent of enterprises are upgrading or deploying WLAN networks in 2005.1 Of those deployments, vendors are reporting that average access points per deployment are doubling, from 75 to 150, resulting in larger networks to manage.2
  • Secure WLANs are here. Wi-Fi Protected Access (WPA) and 802.1x solved the security hole from a practical perspective more than a year ago, but the July 2004 ratification of the 802.11i standard provides CIOs a legitimized authentication and encryption approach to formally endorse WLANs.3
  • WLAN switching is validated. The fervent architecture wars ended with Ciscos Airespace acquisition in early 2005.4 The result? Both switching and thick access point architectures are valid, and WLAN management products must support both.
  • Emerging applications are appearing. New applications, such as voice over WLAN (VoWLAN), are advancing in industries like healthcare creating the need to control quality of service (QoS) to limit voice latency through management of radio frequency (RF) features.5 Other new applications, such as Airespaces location services to track 802.11 tagged assets, increase the endpoint device management burden.

Determining Your WLAN Management Approach

WLAN management requires RF administration and enhanced security control in addition to traditional LAN management reporting and monitoring functions.6 Limited access point standards to date wedded management tools tightly to equipment. Your current choices are the following: 1) proprietary products from WLAN switch vendors that manage only their hardware, or 2) pure-play products for multivendor deployments with rudimentary RF control. Dont look to the large network management system (NMS) vendors like HP and IBM yet as they are waiting for the market to mature in 2005 before providing feature rich products.7 What to do? Be sure to pick a management tool, because an insufficiently managed network will cost more than a potential vendor replacement but first answer these questions:

  • Whats already there? If legacy equipment exists, then it must be managed. For example, one multibillion-dollar computer hardware company is supporting thousands of access points representing 10 models from five different vendors acquired during a four-year span. How? Use of pure play AirWaves product to provide a Web-based management tool providing control across an international footprint. If you are lucky and have a greenfield deployment, standardizing equipment from WLAN vendors like Aruba Wireless Networks and Trapeze Networks gives you an RF planning tool that can help eliminate site surveys but be aware that you are locking yourself into a proprietary system, at least until a standard emerges.
  • What are my management priorities? Manual resolution of issues like downed access points can be deadly in large or mission-critical networks, such as those using VoWLAN. Look to self-healing systems like those from Aruba and Airespace, which optimize the network via automated reconfiguration of channels and transmission power output. Usability is often a priority. For example, one large hardware companys WLAN trouble tickets go to the help desk, requiring an intuitive user interface to limit training. If you need to provide SLAs to your users, make sure that the solution allows you to monitor your metrics.
  • What is my overall security approach? If intrusion prevention is a priority, ensure that your vendor has partnerships that tightly integrate, such as those from Cisco and AirDefense.8 On the other hand, Aruba provides integrated management of wired and wireless security. For endpoint security, Roving Planet and Wavelink provide end user device scans to ensure that software is compliant and to support general management functions.9
  • What is my tolerance for vendor viability? While offering the best solution for a heterogeneous architecture, pure-play WLAN management companies make good acquisition targets so choose carefully. Look under the hood for financial tenacity. Require deep partnerships that go beyond just marketing like AirWaves multilayered ProCurve Networking by HP relationship and Wavelinks Symbol Technologies collaboration.

The Future: A Consolidated Network Management Approach

Make no mistake, wired and wireless LANs will be cohesively managed in the future to limit operational costs. RF management will always be a unique wireless component, but a shared wired/wireless policy store for application access and endpoint control will be centralized in NMS products as wired network quarantine matures.10 What should be expected in that evolution?

  • An access point standard will emerge. As Cisco absorbs Airespace, it will define the de facto standard either through acceptance of the in-process Control and Provisioning of Wireless Access Points (CAPWAP) initiative or its own derivative.11 This may leave the remaining WLAN equipment vendors to focus more on management software as standards-based hardware becomes commoditized.12
  • Acquisition by network management vendors. Look for ProCurve Networking by HP to acquire AirWave in the next two years. Multivendor management support will be important as HP grows its ProCurve WLAN market share by adding to existing multivendor installations. CA should abandon its incomplete organic offering and look to acquire a Roving Planet or Wavelink. IBM and BMC Software will announce approaches as the market matures. Remaining pure-play WLAN management vendors will focus on SMB markets where the HPs, IBMs and CAs dont exist.

Recommendations: Prioritize WLAN Management

Treating WLAN network management as an afterthought will result in high operational costs,

security risks, and user dissatisfaction as noncentralized, manual control fails to provide users the

reliability of the wired network. The market is still maturing, but solutions do exist to sufficiently

manage networks now.

  • Establish your priorities and risk tolerance. Define the importance of features, such as a self-healing network, rigor of user-device scans, and security components to provide a blueprint when evaluating vendor solutions. Evaluate your cost tolerance if your solution must be replaced in one to three years.
  • For a multivendor WLAN, choose a management partner that has longevity. Vendors with partnerships like AirWave and HP as well as Wavelink and Symbol offer protection as the market consolidates.
  • If starting out fresh focus on WLAN switch management. Switching will be the basis of future WLAN deployments and provides the most centralized features for management. Look to the Cisco/Airespace combination to help define de facto standards for interoperability.

Endnotes

1 In a November 2004 survey of 1,383 technology decision-makers at North American and European enterprises, Forrester found that 60 percent of enterprises will be purchasing or doing first-time deployments of wireless networking equipment in 2005. See the December 15, 2004, Data Overview 2005 Enterprise IT Outlook: Business Technographics North America.

2 WLAN and management vendors reported trends of average number of access point deployments. These numbers were computed removing the relatively few large, more than 1,000 access point deployments reported by vendors.

3 The 802.11i standard provides: 1) 802.1x for authentication, requiring the use of extensible authentication protocol (EAP), and an authentication server, such as RADIUS; 2) robust secure network (RSN) for keeping track of associations; and 3) CCMP encryption approach leveraging advanced encryption standard (AES). It still may be nontrivial to implement 802.11i, however the standard is available. See the July 22, 2004, Quick Take We Now Have An IEEE 802.11i Security Standard.

4 Integrated switching solutions combine wireless and wired switching into a single infrastructure that is centrally managed. In contrast, overlay solutions still centralize wireless switching but separate wireless equipment from the wired switching infrastructure. See the November 4, 2002, Planning Assumption Dumb Vs. Smart Access Points: Deciding Which Wireless LAN Approach Makes More Sense and see the January 13, 2005, Quick Take Cisco Broadens WLAN Strategy, Acquires Airespace.

5 VoWLANs are expected to grow considerably in industries like healthcare and retail. See the June 8, 2004, Trends Voice Over Wireless LANs.

6 RF management functions include site planning and performance optimization. Increased security functions include management of authentication approaches like 802.1x and VPN, intrusion detection, and endpoint quarantine.

7 The large NMS vendors like HP, IBM, and CA are waiting for 2005 to mature before providing feature-rich heterogeneous WLAN management support. The WLAN market has experienced recent consolidation activity. In October 2004, Legra Systems and California-based AirFlow Networks closed their doors. In December 2004, Siemens bought WLAN switch vendor Chantry Networks.

8 Ciscos offering integrates AirDefenses intrusion protection system. See the December 7, 2004, Tech Choices Protecting Against Wireless Threats.

9 Roving Planet scans the device through a network-based approach. Upon authentication request to the network, a temporary client is sent to the user. After obtaining the users agreement, the scan is conducted. Wavelink installs a client-side application that is used to collect information about the device and sends it to the network upon authentication request.

10 Network quarantine is maturing in wired networks. See the August 3, 2004, Tech Choices Making Sense Of Network Quarantine.

11 The Light Weight Access Point Protocol (LWAPP) was set forth to the Internet Engineering Task Force (IETF) by wireless LAN switch vendors as a standard for communication among thin access points. It has since expired and been essentially carried forward by the Control and Provisioning of Wireless Access Points (CAPWAP). Airespace was a key proponent of LWAPP while Cisco had taken a wait-and-see approach before the Cisco/Airespace merger. The acquisition of Airespace has Cisco reevaluating LWAPP/CAPWAP, most notably as a possible mechanism to integrate the Airespace product line. For more information, see http://www.ietf.org/html.charters/capwap-charter.html.

12 Standardization of lightweight access points has been ongoing. See the July 14, 2003, IdeaByte New WLAN Access Point Protocol Could Shake Up Market.

Copyright © 2005 IDG Communications, Inc.

Subscribe today! Get the best in cybersecurity, delivered to your inbox.