Enterprise WLANs

Just prior to our publishing deadline, Cisco Systems surprised a lot of people--including, we hear, many within its wireless networking group--by acquiring Airespace, a leading wireless switch manufacturer whose Wireless Enterprise Platform won our latest Well-Connected Award for most outstanding product of the year. This decision's impact will be felt far and wide. Although some bemoan a shrinking vendor pool, the move increases Cisco's market share and prospects while legitimizing the wireless switch paradigm. And it's good news for Cisco customers, who now have fresh wireless options.

Have Wi-Fi, Will Fly

The main force driving enterprise WLAN adoption isn't a new and compelling mobile application. Instead, it's the rapidly growing installed base of Wi-Fi client devices. Notebook computers are displacing desktop PCs in many organizations, and most laptops have embedded Wi-Fi. When the client is ubiquitous, demand for infrastructure will follow.

The big reason we have cheap embedded Wi-Fi clients in enterprise notebooks is because Wi-Fi use has exploded in the home. A late 2004 study from the Dell'Oro group reported 73 percent year-to-year growth in the WLAN equipment market, accompanied by rapidly falling prices. Our neighbors have Wi-Fi. Your neighbors have Wi-Fi. Your boss has Wi-Fi, and his boss does, too. Intel's Centrino marketing campaign doesn't hurt, either.Public hotspots are also entering the mainstream, forming a fascinating Wi-Fi ecosystem. There were 57,271 hotspots in 96 countries as of early February, according to JiWire, a Web site that tracks hotspots worldwide. Venues include hotels, airports, coffee shops and restaurants, but locations are becoming more diverse.

Moving beyond hotspots, an entire industry segment is emerging to satisfy demand for metropolitan hotzones. Local politicians from Philadelphia to San Francisco are promising their constituents cheap and plentiful Wi-Fi--the modern-day equivalent of better public roadways. Although plenty of technical and political obstacles stand in the way of pervasive metro-area Wi-Fi, the technology has caught peoples' attention.

Despite the roadblocks to "Wi-Fi Everywhere," WLANs have reached critical mass. Some diehard IT managers are still resisting, often citing security concerns, but the latest generation of standards-based WLAN security offerings, coupled with better performance and more efficient management, makes their excuses ring hollow (for a rundown of standards in play, see "WLAN Standards Watch,").

And if that's not enough incentive, consider the alternative: searching out insecure rogue deployments and pulling the plug on departmental Wi-Fi systems. The only viable method of eliminating rogues is to implement a centrally managed production system.

We can approach the Wi-Fi market from two perspectives: supply or demand. To assess the latter, we polled you, our readers. You'll find detailed results from the 725 sets of responses in "ReaderSpeak," below, but here's the gist: Demand for service exists, and many organizations are playing Wi-Fi catch-up. Most deployments are in the pilot or tactical phase, but increasingly, users are looking for more advanced systems capable of providing high-availability network services.For the large proportion of organizations with highly engineered Cisco Ethernet LANs, the key question is whether to use a single vendor for wired and wireless or consider a wireless overlay on their Cisco networks. In considering this question, most seasoned IT pros think long term. It's not just about today's product; it's also about the integration problems of tomorrow, next year and 2010. Not surprisingly, the vast majority of our poll respondents say Cisco is best-equipped to deliver best-in-class enterprise WLAN products.

Still, a significant number of Cisco customers, from universities to financial services firms, have implemented wireless overlays using conventional APs and third-party management and security gateway capabilities or, more recently, products from new companies dedicated to enterprise WLAN switches. Cisco has struggled to deliver competitive WLAN switches, which has cost it market momentum and some large sales, including to Microsoft.

True to Cisco's "if you can't beat them, acquire them" legacy, the Airespace deal should re-establish its market leadership while throwing a wrench into the business plans of Alcatel, NEC and Nortel Networks, all of which had reseller relationships with Airespace.

Cisco did about $115 million worth of enterprise Wi-Fi business in its fiscal third quarter, giving it 54 percent of the market, according to Dell'Oro Group. By comparison, Airespace sold only $15 million worth of gear that quarter--about 7 percent of the enterprise market--but it was gaining momentum. Together, the two will command more than 60 percent of the market--maybe more if they can quickly and effectively integrate product lines. Initially, Cisco will rebrand the Airespace offerings, a move that will likely increase demand. Over time, expect to see Cisco APs functioning with Airespace controllers. The future of Cisco's WLSE management appliance and WLSM switch module is uncertain, but you'd have to be pretty naive to sign new POs for these products at this juncture. For more insights by two top industry analysts, see "The WLAN Analysts View".

Market EvolutionCisco's dominance of the enterprise WLAN market was built on its 1999 acquisition of Aironet, a company that built best-in-class APs. Aironet dominated at a time when Wi-Fi was just emerging as a serious network technology. Cisco improved on that technology with updated hardware that was field-upgradable and by porting the AP's operating system to IOS. It's long been regarded as a solid product, even by competitors, but with increased focus on security, roaming and system management, the door was open for new system designs that shifted some intelligence from the network edge to the core. The WLAN switch market segment, which grew from nowhere in 2003 to about $33 million for the third quarter of 2004, now represents more than 15 percent of the enterprise WLAN market.

In addition to Cisco-Airespace, other major players in the enterprise Wi-Fi switch market include Aruba Networks, Meru Networks, Symbol Technologies and Trapeze Networks. Although each vendor offers unique features, common elements are found in all leading products.

• Multiband APs: APs vary by the tasks they perform. Some, like Cisco's, perform as much Layer 2 processing, including 802.11 authentication, security and QoS (quality of service), in the AP as possible. Others split these functions between the AP and a centralized switch or controller. In both cases, a similar set of basic WLAN services is offered, and increasingly, these services are delivered by way of dual-radio AP designs, providing service in both the 2.4-GHz band (802.11b and 802.11g) and the less congested and higher capacity 5-GHz band (802.11a).

• Multilayer security services: Because security has been the No. 1 obstacle to enterprise WLAN deployment, it's no surprise that vendors are laser-focused on this area. Advances in 802.11i and WPA2 (Wi-Fi Protected Access 2, the Wi-Fi Alliance's certified implementation of 802.11i), which provides robust Layer 2 authentication and encryption services, are a key example. Most also support VPN security, by terminating mobile client tunnels in the switch or controller, or by passing traffic to an external VPN controller. Beyond offering simple authentication, vendors are increasingly linking authentication to policy. By doing so, individuals are granted access levels based on identity and organizational role. Such a system not only enhances internal security, but it also facilitates guest access, a growing requirement.

• Centralized configuration management and monitoring: Once a wireless network has more than 15 or 20 APs, it's no longer reasonable to manage them as distinct entities. Rather, APs must receive operating profiles and software updates from a central management platform. Automating the configuration of 802.11 parameters greatly facilitates deployment as well, translating to cost savings. Further, the system as a whole must include monitoring capabilities that improve performance and fault and security management. Because of WLANs' shared-media architecture, performance monitoring is crucial for ensuring reasonable service levels. With respect to security, rogue devices and potential intruders must be identified and, ideally, contained--in real time.• Radio-management services: Network managers with well-engineered structured wiring systems can take Ethernet physical-layer reliability for granted, but much more effort is required to manage the physical layer of enterprise WLANs. That's because the medium is both shared and unpredictable. Accordingly, WLAN switches have advanced radio-management capabilities, including radio channel and power-level assignments, that ensure optimal physical coverage, mitigate the effects of interference, and balance and optimize connections across APs. The most advanced systems do this in real time, relying on dense AP deployments to deliver scalable performance. In addition, vendors have begun to incorporate advanced location-awareness capabilities into their platforms, letting administrators identify the physical location of all connected devices, enhance security and even track assets. Most vendors now add advanced radio-management services in the design phase, letting network architects design deployment plans that optimize both coverage and capacity.

• Advanced mobility services: There isn't a ton of enterprise demand for advanced mobility services, which provide users with transparent and secure roaming across subnets. That's because most notebook computer users are nomadic rather than truly mobile, moving from office to conference room to cafeteria, but generally not using the network while they move. Notable exceptions are industries such as retail and supply chain, where handheld or vehicle-mounted computers impose unique mobility requirements. Advanced mobility services are useful to those who "suspend" their laptops. In a conventional WLAN environment that doesn't support mobility, users must restart some communication-oriented applications when they roam between subnets. In the long term, as converged voice and data networks become mainstream, mobility services will be required on all WLANs to facilitate VoWLAN (wireless voice) services.

The one area where commonality doesn't exist is the interaction between APs and switches. This is often portrayed as a battle between fat/smart and thin/dumb, and to some degree, that's true. Cisco is a big proponent of handling as much Layer 2 processing at the AP as possible. Other vendors find value in splitting MAC (Media Access Control) functions between the AP and switch. Still, even when some of the edge processing is off-loaded to switches, APs must be smart enough to handle simultaneous user service delivery functions and performance and security monitoring. Without adequately brainy APs, you may have to implement an overlay network for monitoring.

These aren't the only features that define today's market, of course. As technology evolves, new capabilities are added and vendors refine their offerings to meet a broader range of needs. For example, a number of wireless switch vendors are designing low-cost products for remote and branch offices. Another, future-oriented enhancement is the use of advanced smart-antenna and MIMO (multiple input, multiple output) technology to optimize coverage. Also, mesh backhaul capabilities allow wireless cells to be deployed in areas where it is difficult or impossible to extend wired networks.

Over the years, we've spoken to many early adopters of enterprise WLAN technology. In fact, we devoted a cover story to best practices last year (see "Wi-Fi Tales," at ID# 1510f1). Although public case studies can provide valuable insights, most of the interesting snafus confronting enterprise IT are off-the-record.One example is return on investment. Classic best practices dictate that a huge project like a WLAN deployment will be accompanied by a detailed ROI assessment. However, though a number of vendors, including Cisco, Intel and Microsoft, have invested resources in WLAN ROI studies, relatively few enterprise architects go through a rigorous ROI analysis of their own. Why? It's difficult to affix hard-dollar benefits to WLAN deployments. Others don't bother because they view WLAN deployment as inevitable--it's not a question of "if" as much as "when," so let's get on with it. So much for classic best practices.

A second factor is the evolution of technology. We all love cool new stuff, but IT managers are concerned about investment protection and worry that a deployment decision they make today may prevent them from doing a better job tomorrow. Part of the problem is normal maturation of vendor offerings--a car you buy today is almost always better than the one you bought three years ago. But there are also concerns about the evolution of wireless standards and uncertainty over the intersection between 802.11 and alternatives, including WiMAX and 3G. Evolving and nonstandardized switching architectures add to that uncertainty. The result is shorter lifecycle estimates. Although many organizations amortize Ethernet switches over a five-year period, getting much more than three years out of current Wi-Fi offerings is like trying to squeeze another 50,000 miles out of your old Chevy.

Finally, there's the void between the confidence organizations have in their ability to deploy WLANs and their real understanding of the technology. Too often, companies make bad wireless decisions, whether they embrace the wrong standards, design systems that don't meet long-term needs or select the wrong offering. Take our advice: If you're embarking on a strategic deployment, read up on the WLAN gear you're considering, train your professional staff on the vagaries of RF and wireless, do thorough research and development, and evaluate pilot deployments with a systematic strategy. And be willing to make midcourse corrections.

Five years from now, there's little doubt that WLANs will be pervasive across most industries and the majority will employ some switching architecture. And though technology will undoubtedly change significantly, the decisions you make today will play a key role in your future success. Get busy!

Dave Molta is a Network Computing senior technology editor. He is also assistant dean for technology at the School of Information Studies and director of the Center for Emerging Network Technologies at Syracuse University. Write to him at [email protected].We were amused recently by the Christmas Resistance Movement's Web site. Although we find the concept vaguely attractive (especially since our January American Express statement arrived), we give this hardy band about the same odds of success as those IT folks who have thus far prohibited wireless LANs on their turf.

Analysts estimate that 65 percent of companies have embraced wireless, and more will follow as security, standards and management rapidly gain ground. In "WLANs Bust Out," we discuss the trends driving enterprise WLAN adoption, survey the changing vendor landscape--including, for example, Cisco's purchase of Airespace--and outline the features you'll find in today's Wi-Fi switches. We also analyze the results of our latest reader poll.

In "Update: Wireless LAN Battle Plan," page 51, we test and rate the latest switches and access points from Airespace, Aruba Networks, Cisco Systems and Trapeze Networks. We used two new testing tools from Azimuth Systems and VeriWave to stress the WLAN gear to the max. Airespace won its second consecutive Editor's Choice award, thanks to the performance of its well-designed 4024 switches, which include cryptographic cards to support VPN services, and its auto-RF-capable 1200 APs and 1200R remote-office APs.

To take the pulse of wireless LANs in the enterprise, we sent a Web survey to members of our subscription base who have some involvement with wireless technology and LAN infrastructure. We heard back from 725 readers, who responded to our questions concerning perceived benefits of WLANs, obstacles to deployment, desired WLAN features and functionality, the importance of specific physical-layer WLAN standards, and opinions about industry issues and trends.

In our survey analysis, we looked at overall results and then filtered by deployment size. For example, we contrasted responses from the 26 percent who have production deployments of more than 15 access points against the 74 percent with small production deployments, WLAN trials or no WLAN at all. To assess respondent attitudes, we used a seven-point Likert scale. An average result of 3.5 indicates a neutral response.• Perceived benefits: As expected, the two highest-ranked benefits associated with WLANs are improved productivity (5.1) and increased convenience (5.0). The least important benefits are enhanced organization image (3.2) and infrastructure to support wireless voice over IP (3.7). Other benefits include business-process improvement (4.6), improved customer satisfaction (4.1) and savings in cabling costs (3.8). Individuals at organizations with large deployments felt significantly stronger about benefits related to customer satisfaction, business-process improvement and productivity.

• Deployment obstacles: Overall, the most significant obstacles are security concerns (5.3), uncertainty about standards (4.5) and lack of clear business justification (4.1). The least significant are lack of expertise (3.0), lack of demand (3.4) and management complexity (3.5). Individuals at organizations with small or no deployments are significantly more likely to identify lack of business justification and lack of demand as obstacles. Both groups cite almost identical neutral feelings about cost as an obstacle.

• WLAN system capabilities: The WLAN system features judged most important by the full sample include standards-based security, rogue detection and intrusion detection (all 5.9); system upgradability (5.7); secure roaming (5.5); system scalability (5.5); and centralized configuration (5.4). The features considered least important are automated site-survey planning (3.9), guest networking features (4.1) and location services (4.1). Individuals with large deployments place a higher priority on the value of multiband APs, system scalability and automated site surveys.

• PHY standards: We asked respondents to assess the importance of current and future physical-layer WLAN standards as they relate to deployment plans over the next three years. 802.11g received the highest importance rating (5.7), followed by 802.11n (4.8), 802.11b (4.5) and 802.11a (3.5). Results for 11a, 11b and 11g haven't changed significantly since our previous survey in May 2004. This is the first time we've asked about 802.11n and the results are striking, especially in light of the relatively low ranking for 11a. Readers at sites with large deployments give significantly higher scores to 11a, 11b and 11g than individuals in organization with limited or no deployments.

• Other findings: All respondents, and especially those with large installations, place a high emphasis on providing multiband a/b/g services. Many say product certification through the Wi-Fi Alliance is important, and most report that their organizations prefer to buy best-of-breed technology, even if it means entering into a business relationship with a new supplier.Epoll Results

As in most areas of networking, standards drive the WLAN industry. Thanks to the IEEE's enactment of 802.11 in 1997, wireless has moved from an ultraexpensive niche technology to a low-cost network commodity. But the WLAN standards process is far from optimal, a victim of intense engineering debate about alternate designs and political posturing by established vendors trying to protect their markets. Further, there's an immense amount of activity in a variety of forums. Few enterprise IT pros can expect to be conversant in all standards developments, but here are a few you must follow.• 802.11 a/b/g: These are established standards, but they are often enhanced with proprietary extensions. For example, several incompatible approaches increase the data rate of 802.11g to 100 Mbps or greater. Other extensions increase the WLAN's effective range. There's nothing evil about innovating outside of standards. After all, tomorrow's standards are often built on today's proprietary technology. Just avoid becoming overly reliant on proprietary extensions.

• 802.11e: Supporting real-time multimedia applications, including voice and video, requires QoS extensions to 802.11 MAC, and that's what 802.11e delivers. The first version of 802.11e has been approved, but products conforming to the standard have not begun to appear. In addition, certain elements are undergoing continued development, so this is best viewed as version 1 of WLAN QoS.

• 802.11i: Don't underestimate the market significance of the 11i security standard. It's not perfect, especially in terms of its ability to facilitate low-latency secure handoffs between access points, but it provides solid authentication and privacy services and brings a new legitimacy to WLANs. Even the home version, which uses shared rather dynamic encryption, represents a dramatic improvement over last-generation services.

• 802.11k: The 802.11k standard may be one of the least understood, but its long-term impact is likely to be immense. Today's radio resource-management architectures do a great job managing channel allocations and radio output power on network infrastructure, but they do nothing to enforce appropriate client radio behavior. Once 802.11k-compliant products emerge, infrastructure devices will be able to exert greater control over clients, telling them to turn down their volume in micro- or pico-cell environments, where a loud client could cause significant interference with adjacent cells.

• 802.11n: The IEEE 802.11n working group has begun to define this new standard, which promises to deliver throughput in excess of 100 Mbps, about four times faster than today's standards offerings. However, while there is general agreement that 802.11n will be designed around MIMO smart-antenna technology, there is much debate about the specifics. As a result, a standard is unlikely to emerge until 2006. Don't let the wait for 11n affect your plans--in three years, you'll be ready for an upgrade anyway.• 802.1x/EAP: Neither 802.1x nor EAP (Extensible Authentication Protocol, RFC 2284) is new, but both are key elements of the 802.11i security framework. More important, because they define a framework for authentication rather than a specific protocol, they require organizations to define specific EAP types that will be supported on their networks. Among the many alternatives are TLS, TTLS, LEAP, PEAP and EAP/FAST. The choice has implications for which client OSs can be supported and which back-end authentication databases can be used. The complexities are well beyond the scope of this article, so you'd better get to work on this one.

• CAPWAP: CAPWAP (control and provisioning of wireless access points) is an IETF initiative aimed at standardizing the interaction between APs and network infrastructure, thereby enhancing interoperability between APs and wireless switches. Someday, the interoperability vision of this working group will be achieved, but expect plenty of technical and political bumps until then.

• CCX: When you're the dominant player in networking, you have the luxury of driving de facto standards. That's what Cisco has done with its Cisco Compatible Extensions, now in its third revision. Rather than waiting for open standards, the company felt it needed to develop its own WLAN client extensions, which add an array of security- and radio-resource capabilities. Cisco isn't the only vendor to do something like this. But by virtue of its size, it can command adherence in the industry, so CCX has been widely adopted by all major WLAN chip makers. However, while Cisco licenses these extensions to client manufacturers at no cost, it doesn't let infrastructure manufacturers take advantage of those capabilities in their offerings. To benefit from CCX, you need a Cisco infrastructure.

There are plenty of wireless pundits out there, but two industry analysts who've earned our respect are Craig Mathias of The Farpoint Group and Joel Conover of Current Analysis. Mathias has a distinguished career as a wireless industry insider; he understands the past and has a clear vision of the future. Conover spent many years testing enterprise network infrastructure gear at Network Computing, earning a reputation as an individual who could distill complex environments to their essentials.

When reflecting on the enterprise WLAN market, both are upbeat. Conover notes that maturing standards have played a key role in making buyers comfortable. "We've addressed all the most significant hurdles," he says. "We have stronger security, broader spectrum availability, faster data rates and QoS."Mathias is a bit more reserved, characterizing the market as exhibiting slow, but steady progress.

In assessing the significant WLAN advances in the past two years, Conover cites the availability of 802.11a and the expansion of spectrum available in the 5-GHz band, developments he views as key to delivering scalable wireless services. Mathias, a longtime proponent of 11a in the enterprise, lists leading-edge technologies, including "VoFi," location and tracking technologies, MIMO, radios and wireless mesh for outdoor deployment.

Mathias and Conover differ somewhat on the tenuous links between standards, vendor extensions and the Wi-Fi Alliance. Conover acknowledges the value of proprietary features as long as they don't impact network functionality, but he also expresses reservations about vendor-driven protocols like Cisco CCX.

"Anytime a vendor pushes its technology rather than waiting for a standard, the consumer ends up suffering in the long run," he says.

Mathias disagrees: "Standards are the jacks-or-better to get into the game. I have no problem with prestandard products; innovation is essential, and such developments help spur the standards bodies to act more expeditiously."In identifying the most important likely developments in the next two years, Conover points to 802.11n and WiMAX, mainly because he views them as disruptive technologies. Mathias, on the other hand, focuses more on improved management capabilities on "integrated WLANs" that blur boundaries between wireline and wireless. He also anticipates further boundary-breaking between WLANs and cellular.