YES, by Doug Klein The enterprise is ready for wireless LANs for three reasons: replacing cable with wireless gives companies an instant ROI; deployment issues have established solutions; and rollouts are well under way. One wireless access point typically saves a company significantly more than the labor cost of running wire. Multiply these savings by thousands of users, and it's easy to see why access points are rapidly appearing across companies.
Although to some the phrase "enterprise wireless LAN" implies a network of hundreds of access points, most companies deploy tens of access points, not hundreds or thousands. A wireless LAN with 20 access points easily serves 1,000 users. So the most pressing deployment issues are not how to manage large numbers of devices, but how to manage the rights and services for hundreds or thousands of users.
In an enterprise environment, the IT organization maps corporate policies onto the computing and network infrastructure. Users are granted access to resources based on their identity, role in the organization and other related factors.
In the wired LAN, these policies are applied to physical ports in the switching fabric - the ports where specific users connect. This model is completely flawed for wireless LANs, where radio signals bleed through walls, shared access points connect multiple users and mobility implies a mix of users at any access point.
The objective is to support user mobility while letting administrators apply network access policies appropriately. Administrators should be able to use the same policy servers for the wireless LAN as they do for the wired LAN. Ideally, a system should support multiple standard authentication mechanisms for maximum flexibility. Control must not rely on any physical device, but instead reflect the user's identity, time of day and current location.
In addition to maintaining network security, the ideal approach assures the integrity of user data as it travels across the "open" radio network on its way to the wired LAN. The system needs to support the varying needs of data encryption, ranging from none (open, insecure access) to very high (VPN-level data security).
Network access policy and security requirements must survive in an environment where users are moving. Any system that requires user intervention (relogging on, reconfiguring devices) to fulfill the organization's security requirements will fail. And as the network grows, the system must scale to supply consistent levels of mobility, security and control, as well as adapt to support new and evolving standards.
By implementing a wireless LAN with awareness of the issues and requirements for a secure network, IT organizations are embracing this technology, improving user services while delivering the security and integrity that modern network practices demand.
Klein is CTO for Vernier Networks, a developer of wireless network infrastructure systems. He can be reached at firstname.lastname@example.org.
NO, by Merwyn Andrade
Until tools are available that will let network managers effectively deploy, secure and manage wireless LANs, 802.11 technology will continue to languish in the enterprise. Without a structured architectural blueprint by which companies can operate and scale wireless LANs, extending them across the campus will be more complex and costly than using current technology.
Two huge obstacles are stifling enterprisewide adoption of wireless LANs: mobile security and deployment. With wireless LANs, your network is now in the air. Consequently, it's essential to have a clear view and complete control of the airspace.Not only must you be able to identify malicious users and rogue access points, but also take action automatically against unauthorized activity.
Today's wireless LAN appliances are point products that address only a one aspect of the security problem. To deploy a secure wireless LAN with these products, an appliance is needed that detects rogue access points, another that does user authentication and access control, and yet another that terminates VPNs. Network managers cannot live with such a disjointed approach to wireless LAN security. An approach that addresses all aspects of security and lets network managers quickly enact changes across the wireless LAN is key to enterprise wireless LAN deployment.
In today's wireless LAN model, security and wireless intelligence are largely distributed in access points - which is difficult to manage and a nightmare to upgrade. This leads to the second obstacle: large-scale deployment. Simply put, given the limitations of wireless LAN technology, companies have found it next to impossible to deploy wireless LANs beyond small pockets.
Clearly missing is the ability for network managers to capture 802.11 packets out of the air and process those packets centrally. This is essential to troubleshooting wireless LANs, monitoring station-to-access point associations, evaluating traffic flows, load balancing traffic, automating around failures or changing channel and coverage settings when traffic patterns change. Without such capabilities, network managers cannot build and manage large wireless infrastructures.
But new wireless LAN switching technology has emerged to give network managers a centralized model and the tools necessary to deploy, scale and secure enterprise wireless LANs. A centralized switch in the wiring closet or data center controls and coordinates access points that provide user access and air monitoring. All changes to and control of the wireless LAN is streamlined and automated. This lowers operational management costs, solves the security upgrade problem and radically simplifies deployment - leaving users unplugged but well-connected.
Andrade is director of technology at Aruba Wireless Networks Inc. and is a contributor to the IEEE 802.11i security specification. He can be reached at email@example.com. -- Network World (US)
Join the CIO New Zealand group on LinkedIn. The group is open to CIOs, IT Directors, COOs, CTOs and senior IT managers.