Browse by year:
March - 2003 - issue > Technology
Unplugging The Enterprise
Keerti Melkote & Pankaj Manglik
Thursday, February 27, 2003
THE BUZZ IS ON. WI-FI NETWORKS ARE mushrooming everywhere to provide high speed wireless access to the Internet not only from home, but from the streetside café, airports, convention centers and any other public place imaginable.

But what about the enterprise? Enterprise network managers are painfully aware of Wi-Fi as they struggle day after day to keep their networks from breaking apart or being broken into. Unfortunately for them, the Wi-Fi industry has largely ignored the most important issues facing them: namely, ROI, security, and ease of deployment.

The Wi-Fi Conundrum: Mobile Productivity or Cordless Chaos?
The convenience of wireless connectivity and the productivity benefits it brings have always been the clear and obvious reasons for using Wi-Fi.

But these benefits aren’t quantifiable. To wit: What is the ROI on a cell phone for the average employee? Nonetheless, in today’s tight economic climate, corporate IT managers have to answer the dreaded ROI question: Why Wi-Fi?

In many ways, this mirrors the same dreaded ROI question raised when the PC emerged on the corporate computing landscape or, more recently, with regard to the World Wide Web. Wi-Fi networks are in a very similar state today. Many departmental Wi-Fi networks have been deployed to enhance productivity—serving as a testing ground for widespread Wi-Fi.

However, a few broad trends in the corporate computing landscape, such as a shift toward Wi-Fi-enabled laptop computers, the proliferation of networked PDAs, and integrated operating system support for Wi-Fi from Microsoft, are making it hard to imagine a future where individuals would connect into corporate networks with tethers. Wi-Fi will become the de facto network connection at work, at home, and anywhere else that you might care to connect.

As a direct result of this mass-market groundswell of wireless LAN adoption, Wi-Fi is being driven in the enterprise market: with or without IT. For the first time, network managers risk losing control of their networks as employees take matters into their own hands by installing their own wireless islands.

This leads us into the first big hurdle for enterprise Wi-Fi: security.

Wi-Fi Security: Is IT Losing Control?
Establishing Wi-Fi connectivity in the enterprise is as simple as plugging in a Wi-Fi access point (AP) into any port on the wired network. To the network manager, this single act, which can be undertaken by any employee without IT’s knowledge, has completely put to pasture the years of toil in creating a high performance, reliable, and stable-wired network. This “rogue” AP has thrown open the hardwall-protected edge of the wired network. With network traffic being transmitted over air, it is trivial for anyone within parking distance to sniff out corporate data on today’s private intranets.

Adding to the horror, these rogue APs have created a veritable feast for the free-surfers of the world who have organized worldwide war chalking events to sniff out all open APs. Once found, these open APs are advertised on the Internet for all to see. Reports of corporate networks being shut down by their Internet Service Providers (ISPs) are making headlines as Wi-Fi makes it simple for spammers to access corporate networks, send out the spam, and then disappear without a trace.

Because Wi-Fi security is a multi-faceted problem that requires securing the air, the network, and the user, enterprises need a holistic solution to the problem that also gives them the flexibility to easily upgrade the infrastructure as changes occur. A centralized, switched model has proven useful for this purpose in the wired world. The same is true in wireless.

Wi-Fi Deployment: Can Wi-Fi Be Cost-Effectively Scaled and Managed?
If APs are all it takes to create an enterprise Wi-FI network, why doesn’t IT just deploy some APs and support them? As cheap and easy as it is to purchase Wi-Fi gear from your local CompUSA and installing it at home, deploying and operating a corporate wireless network is neither inexpensive nor simple. When it comes to corporate deployment, Wi-Fi’s biggest strength, its low cost and simplicity, is also its biggest weakness.

Enterprise networks are required to provide consistent, repeatable and reliable connectivity. Wi-Fi networks are no exception. To ensure requirements are met, network managers must go through a manual multi-step process to install, troubleshoot, and manage access points (APs). Meanwhile, the industry today has taken the approach of adding functionality to the AP, making it an intelligent, autonomous system capable not only of bridging traffic between the wireless and wired worlds but also of adding processing-intensive capabilities such as authenticating users or encrypting data.

In this model, as security encryption schemes change, new 802.11 mechanisms are introduced, or features are enhanced, IT must touch each and every AP in the ceiling. Not a problem for small deployments, but for large-scale installations, this just doesn’t work and is cost-prohibitive.

Consequently, deploying an enterprise Wi-Fi network today is an expensive process over time wherein the total operational expenditures (OPEX) far outweigh capital expenditure (CAPEX).

Today’s Enterprise WLAN: Quarantined at the DMZ
Given these security and deployment issues, it is no small wonder that enterprises are finding it very hard to justify Wi-Fi ROI. They face either losing control of their networks by allowing employees to deploy their own APs or being damned by management for deploying a WLAN that is expensive and inefficient to operate.

In turn, many enterprises have actually banned wireless usage in the office. Asked about how they enforce the ban, network managers point to the trust model and assume that the fear factor of employees getting fired will deter deployments. The most common gripe and fear from network managers is the lack of tools available to enforce this ban.

A more common approach is to quarantine the Wi-Fi network at the Internet demilitarized zone (DMZ). In this model, corporate WI-Fi users are treated as insecure until they present some credentials allowing them to access the Intranet—typically performed using VPN technology. Wi-Fi is treated as merely another remote access technology and not as the local access network technology for which it was originally designed.

Back to the Future with Wi-Fi Switching
History repeats itself and Wi-Fi is no exception. Wi-Fi networking today is in the same stage that wired Ethernet networking was in the late 80s.

Then, Ethernet networks operated over yellow coaxial cable (aka “Thicknet”) that physically ran through the ceiling. Adding users to this network required an engineer to perform an arduous procedure known as a “vampire tap.”

The Ethernet switch changed all this. A key innovation that moved wired Ethernet from a niche departmental technology to a mainstream enterprise technology, 10Base-T enabled signals to travel over the Category-3 or Category-5 phone cables. This gave user-dedicated cabling and bandwidth to and from the wiring closet.

These cables would then be star-wired into an Ethernet hub acting as a collapsed Ethernet backbone on its backplane. This centralized model radically simplified Ethernet deployment to such an extent that enterprise-wide Ethernet networks became the norm as troubleshooting times went from hours to minutes or even seconds. No such device today, though desperately needed, exists today in the world of wireless.

Today’s APs are the equivalent of the yellow-cable Ethernet. They work well at home or for connecting small departmental deployments. But connecting multiple APs in a network quickly becomes as cumbersome and costly as extending yellow-cable Ethernet was in the early 80s.

The enterprise Wi-Fi opportunity, therefore, lies not in the technology realm of extending the range of Wi-Fi connectivity or making it go faster but in a much more fundamental realm: delivering control of the airwaves back into the hands of the IT department.

The innovation that will enable the deployment of Wi-Fi into the enterprise is a new class of devices called a wireless LAN switch. With it, enterprises can centralize intelligence from multiple APs into a single switching point—turning the APs themselves into simplified radio repeaters that also monitor the traffic in the air that can be easily deployed wherever Wi-Fi presence is desired. In other words, the AP becomes an extended port of the Wi-Fi switching system.

WLAN switching then enables network managers to create a structured wireless architecture that “locks the air” and makes it possible for the same scale of enterprise Wi-Fi deployments that Ethernet saw with the invention of the intelligent switch. Without such a model, and devices to support it, Wi-Fi is destined to languish in the enterprise.

Now imagine a wireless LAN that constantly monitors air space, network growth, and user density, dynamically adjusting bandwidth, access control, quality of service, and other parameters as mobile users roam throughout the enterprise. This is the future with wireless LAN switching. Stay tuned.

Keerti Melkote (L) and Pankaj Manglik (R) are founders of Aruba Networks. Both bring over two decades of experience in the wireless industry, past stints including those at Alteon, Cisco and other.

Share on LinkedIn