Market Analysis: Enterprise Wireless LANs

Ethernet is holding its ground, for now, by virtue of being fast, cheap and relatively secure. But wireless will eventually become the default method of connecting to enterprise networks, and Ethernet will assume a secondary role as a distribution, rather than an access, technology. When that happens, will Aruba, Symbol, 3Com or any other WLAN player be able to keep Cisco from extending its wireline dominance to wireless?

That depends on whether enterprise IT pros see going with a smaller vendor as a gamble or a smart bet. We have time to contemplate this scenario, of course--the wireless play won't happen overnight. In fact, in our reader poll for this article, only about 8 percent of respondents saw Wi-Fi displacing Ethernet as the most common form of network access during the next three years . But a wise strategist plans five or 10 years ahead, and by then a new generation of Wi-Fi gear will be broadly available, offering 10, even 100 times the performance of today's technologies.

Lots of No-Shows

Although we track developments continually, Network Computing takes an in-depth look at the enterprise WLAN space about once a year. Our evaluation in February 2005 proved interesting because we tested Cisco and Airespace gear side by side and concluded that Airespace had the better offering. Unbeknownst to us, Cisco was performing the same evaluation and agreed with our assessment. By the time our review went to press, Cisco had announced its acquisition of Airespace. Since then, the company has been busy doing what it does best: assimilating superior technology.

When we first embarked on our latest in-depth analysis, we worked with enterprise wireless network managers, vendors, analysts and test-tool makers Azimuth and VeriWave to develop a test plan that covered the full range of issues IT confronts, including product architecture, security, deployment, management, performance and cost. We asked for a significant commitment from vendors in both equipment and support staff. Of the 17 invited to participate, only two--Cisco and Bluesocket--took us up on our offer. Although excuses ran the gamut from a lack of internal resources to concerns that our test plan was too complex, not to mention a little too risky in light of the test platforms' relative immaturity, we concluded that most enterprise WLAN vendors don't want to participate in in-depth product reviews unless they can write the test plan.

Cisco's decision to buck that trend is notable because it has the most to lose from a critical review. After all, it dominates the WLAN market with more than 50 percent share, according to both Synergy Research and Gartner. That got us thinking that maybe the real theme of this article should be, Can anyone beat Cisco? It's a fair question, and one that's on many IT pros' minds. Yes, there are enough ABC ("anybody but Cisco") shops out there to keep at least a few competitors in business, but Cisco's decision to send us a crate full of gear to test shows the company is willing to go head-to-head with any rival, not on the basis of its name, but on its product's merit. Cisco engineers spent several days in our Syracuse University Real-World Labs®, helping us gain a better understanding of its broad and increasingly complex array of WLAN offerings. After they left, we spent about four weeks pressing as many buttons as we could and running a battery of tests (see our results). We also appreciate Bluesocket agreeing to participate; we're in the process of testing its gear.

We circled back with vendors that declined to participate and asked them--as well as Bluesocket--to complete an RFI that posed a dozen questions of interest to IT pros (see the list of questions) and spend a day with us demonstrating their offerings. Aruba Networks, Bluesocket, Colubris Networks, Extreme Networks, Extricom, Meru Networks, Proxim Wireless, Siemens AG, Symbol Technologies, 3Com and Xirrus returned RFIs describing their overall architectural approaches to enterprise WLANs and discussing such ideas as whether enterprises should focus on a single vendor for their wired and wireless networks; use of WPA2, authentication, authorization, monitoring, mobility and endpoint security; guest access; performance and scalability; and cost. Bluesocket, Extricom, Extreme, Meru and Xirrus paid visits to the lab. Our summarized analysis of Bluesocket's response is at left. The others can be found here, and you can read the full vendor responses here. Amazingly, some notable players, including Enterasys Networks, Foundry Networks, Nortel Networks and Trapeze Networks, didn't take the time to respond.

'Marketectural' Trends

It's never easy to mark generational shifts in technology, but it's important to understand WLAN evolution because each successive generation addresses fundamental architectural limitations of the products that came before.

We think in terms of three distinct eras. Early WLANs, both proprietary and 802.11, were sold primarily into vertical markets like retail, supply chain, health care, manufacturing and education. These WLANs were expensive and, by today's standards, feature-limited. Because the applications didn't require substantial bandwidth, the design goal was to maximize the coverage area of each access point. The number of APs and clients was limited, so management was simple. Some of these legacy systems have been upgraded, and many more will require overhauls in coming years as vendors gradually announce many components' end of life.

Second-generation enterprise WLANs supported newer access protocols (802.11a, b and g) on more powerful APs and provided significant functional improvements over first-generation offerings, at a lower cost. But inherent architectural deficiencies prompted the emergence of third-party tools for site design (Ekahau and Wireless Valley, now owned by Motorola) and management (AirWave and Wavelink), as well as security gateways (Bluesocket and AirFortress) and wireless IDSs (AirDefense and AirMagnet).

Third-generation enterprise WLANs are best represented by the Big 3 start-ups--Airespace, Aruba and Trapeze--all of which made market splashes in 2003. Their architectures applied client-server distributed processing principles to wireless LANs, combining so-called "thin" APs and centralized controllers glued together with proprietary protocols that effectively locked customers into using APs and controllers from a single vendor. Initial product offerings were creative but complex, often requiring that APs attach directly to controllers (then called wireless switches) installed at the network edge. By 2004, version 2.x offerings addressed many of the performance, reliabilty, security, integration and management deficiencies plaguing initial products. Cisco took significant steps to add controller capabilities to its highly successful Aironet wireless offerings, while established wireless competitors, like Bluesocket and Colubris, enhanced their systems to compete with the Big 3.

Meanwhile, network gear vendors--namely, Alcatel, Enterasys, Extreme, Foundry, Nortel and 3Com--developed OEM relationships to provide their customer bases with wireless solutions. These were largely me-too offerings that leveraged the channels of established network vendors, but such an approach is much less risky than internal development. And for providers like Trapeze, the OEM channel was a lifesaver, a way to remain profitable in an increasingly competitive market dominated by Cisco. The OEM approach is not a bad strategy per se, but it poses significant risks for enterprise IT, especially in emerging technology markets. Organizations that purchased Nortel WLAN gear when the company had an OEM relationship with Airespace, for example, were forced to migrate when Cisco bought Airespace and Nortel switched to Trapeze as a system provider.

Although notable differences in features and functionality exist among established WLAN controller vendors, all their offerings are more feature-rich and polished than they were a year ago. But the most interesting development since our last look at enterprise WLAN systems has been the emergence of new architectures from Extricom, Meru and Xirrus. The last is addressing deployment and scalability challenges by integrating as many as 16 radios and a controller into a single AP and using sectorized antennas to support narrow pie-slice-shaped cells, an approach resembling that taken by cellular providers. Extricom and Meru have adopted a more revolutionary tactic, eschewing conventional channel-planning design in favor of a single-channel architecture with the goal of addressing interference and roaming problems.

For organizations contemplating the rollout of simultaneous VoIP and data services over a single WLAN infrastructure in the 2.4-GHz band--and for those that just don't want to deal with the hassle of multichannel RF design--the approach taken by Extricom and Meru may offer significant benefits over more conventional architectures. Although equipment from both vendors operates with standard 802.11 clients, their controllers play a more significant role in regulating access to the airwaves, which allows for a more deterministic form of network access. And because the WLAN appears to clients as a single AP operating on one channel, rather than multiple APs operating on different channels, as is the case with older designs, roaming is extremely fast.

Although the single-channel architecture offers benefits, the problems associated with more conventional multichannel systems may be mitigated by several key developments. First, increasing numbers of enterprises are smartly supporting dual-band (2.4-GHz and 5-GHz) infrastructures, meaning contention issues are somewhat mitigated as clients are spread across a larger number of channels. Second, the emergence of ultra-high-speed 802.11n will make performance and capacity problems less of a long-term concern. And finally, if standards-based solutions to client-radio-management problems and secure, fast roaming make their way from the IEEE into products, the benefits of Extricom's and Meru's scheduled-access designs don't look quite so compelling.

There's a strong chance all this will happen during the next two years. Still, Extricom and Meru are making important technical contributions that could significantly enhance enterprise WLAN performance, and we wouldn't be surprised to see other vendors adopt some of these capabilities.

Growth Industry

Tracking enterprise WLAN market trends requires a fair amount of subjective interpretation. Fourth-quarter 2005 enterprise WLAN shipments worldwide were up 29 percent over the same period in 2004, according to Dell'Oro Group. For the year, sales were up 20 percent, making enterprise WLANs a billion-dollar market. Still, the enterprise market is about half the size of the more consumer-oriented small office/home office space, and other research firms put enterprise WLAN numbers slightly lower. Synergy Research pegs Q4 2005 enterprise WLAN growth at 5 percent year over year. Likewise, it reports overall 2005 enterprise WLAN sales of about $1.3 billion, up 5 percent from 2004.

To some degree, reductions in the per-unit cost of APs mask the true expansion. However, the positive cost impact of commodity-priced APs is offset by a steady enterprise migration from second-generation smart-AP system architectures to newer designs that leverage WLAN switches or controllers. These systems have considerably higher profit margins for vendors--and they significantly increase capital expenditures for enterprises. Synergy estimates almost 30 percent of enterprise WLAN purchases in Q4 were for controller-based architectures, and sales of controller-based systems grew 76 percent in the same quarter, year over year. Clearly, there's a trend toward newer architectures, especially for green-field installations, and even those who prefer more conventional smart APs recognize they'll eventually need to change their designs to leverage emerging features and services, like better roaming, enhanced security, location and mesh backhaul. The hope, from a budget perspective, is that enhanced operational efficiency of these new designs will offset higher acquisition and vendor maintenance costs. Whether this will pan out is a complex issue. In large installations, some centralized management capabilities are critical, but there are many variables that must be considered before spending extra money on hardware and software in hopes of reducing staff costs. These factors include the quality of management capabilities, the number and variety of users and the type of applications they're running, the available skill sets of technical staff, discounts provided by vendors, and internal budget policies that compare current and future costs.

As noted earlier, Cisco dominates in market share, controlling more than half of enterprise sales. Just how much more is a good question. If you zero in on the so-called "carpeted enterprise" market and exclude Symbol, and if you focus exclusively on WLAN infrastructure rather than supporting products like wireless VoIP, that number sneaks closer to 65 percent. By any measure, Cisco is doing well. Although Synergy has the overall enterprise WLAN market growing by 5 percent in Q4 2005, it gauges Cisco's growth at 18 percent. Impressive, especially when you consider that the company was busy absorbing Airespace during 2005, an activity that undoubtedly convinced some Cisco customers to take a wait-and-see attitude regarding new acquisitions.

What's Next

One of the most significant decisions for IT managers relates to the integration of conventional Ethernet and Wi-Fi LAN services. One school of thought is that Ethernet and Wi-Fi are complementary LAN access alternatives that demand tight service, security and policy integration. For example, many organizations with large 802.11 deployments are implementing 802.1X authentication and privacy services. Although 802.1X has long been available for Ethernet networks, few organizations have taken advantage because the cost often exceeded the benefits. However, once an 802.1X infrastructure is developed to support 802.11, the incremental effort associated with adding wired Ethernet to the mix is relatively modest. Vendors that embrace this view seek to leverage existing Ethernet infrastructures by adding wireless functionality. The most notable examples include Cisco's plan to add Wi-Fi controllers to its Catalyst 6500 and 3750 products (see our take on network node validation ).

A counterpoint position asserts that these technologies are sufficiently unique in design and capabilities to be treated separately. Does it make sense to upgrade an established Ethernet infrastructure solely to support enhanced wireless functionality? After all, it's common for Cisco shops to run older, more stable IOS code in their switches and routers. Vendors that champion the overlay strategy assert that the Wi-Fi infrastructure should be logically distinct, though dependent on, a robust Ethernet environment. They further warn that, though a vendor may offer the appearance of wired/wireless integration by physically embedding wireless controller capabilities into a switch, such an approach may offer only a minor level of true integration. And the risks associated with early adoption are real, despite vendor efforts to test all permutations.

From a practical perspective, Cisco has embarked on a concerted effort to integrate wired Ethernet and wireless 802.11 services, but its most ambitious goals are still found in PowerPoint slide decks rather than in real products. Still, we predict Cisco will continue its push in that direction, providing rational incentives for its Ethernet customers to remain loyal when it comes to wireless.

For other purveyors of wired and wireless gear, including Enterasys, Extreme, Foundry, Hewlett-Packard and 3Com, all of which partner with third parties for WLAN services, the level of integration is thin at this point. The reason for this goes beyond the challenges associated with integrating wired and wireless to reflect the complexity that's still associated with delivering enterprise-class wireless.

For technology professionals looking at wireless as a tactical service, either approach will likely meet your needs. For more strategic, pervasive deployments, the level of integration required will vary depending on your security policies and the nature of your wireless applications. Delivering enterprise hotspot service is getting a lot easier; implementing pervasive wireless VoIP, location services and granular multilayer security is not.

Last but not least, don't discount the very real possibility of finger-pointing between wired and wireless vendors when things go wrong. Purchasing best-of-breed technology for every network application sounds great in principle, but minimizing the number of vendors you deal with to maintain adequate service levels almost always simplifies operations. That puts Cisco in a clear position of market leadership. Yes, its gear may cost a little more, and you may need to navigate through the complexities of a mega-company for support. But when it comes to wireless, it's a safe bet you won't be giving up much for this added level of comfort.

Dave Molta is a Network Computing senior technology editor. He is also assistant dean for technology at the School of Information Studies and director of the Center for Emerging Network Technologies at Syracuse University. Write to him at [email protected].

Cisco CCX: Added Value or Standards End Run?

Cisco is walking a fine line with its Cisco Compatible Extensions (CCX) program. The dearth of critical standards-based functionality in areas like mobility and RF management has forced the company to venture into the world of proprietary protocols to meet customer needs. CCX encourages WLAN-client vendors and silicon providers to implement Cisco-specific enhancements and certify those products for compatibility. Although Cisco has encountered challenges along the way, especially in getting vendors to update drivers and utilities for older hardware, most new enterprise-class client hardware includes full support for CCX.

It's ironic that the management team from Airespace used to complain to us that, though Cisco was open in providing CCX implementation details to client vendors, Cisco hardware was required if you wanted to leverage those features. When Cisco relabeled and added the old Airespace controllers and APs to its Unified Network, there was no support for CCX. Version 4.0 of Cisco's WLAN controller software now includes support for a range of CCX functions, including roaming, radio resource management, Cisco discovery protocol and enhanced security.

Eventually, we expect to see standards-based solutions to all the feature voids CCX is designed to address. Cisco's public statements vehemently assert that the company will maintain and promote proprietary capabilities only as long as necessary and that it will be aggressive not only in contributing its intellectual property to standards bodies but also in supporting standards as they emerge. Seasoned IT pros can be forgiven some skepticism--Cisco's track record in this regard is checkered. Yes, the company almost always adds support for standards, but the implementation of those standards sometimes provides customers with subtle encouragement to stick with proprietary features.

We hope this isn't the path Cisco takes with CCX, and in the end, it's up to network managers to drive Cisco's direction. If you express satisfaction with proprietary capabilities, there will be little motivation to standardize. Sometimes, solving problems in your own organization takes precedence over doing what's best for the industry as a whole. But at the least, you should let Cisco know that you believe in open industry standards and will make future purchasing decisions with that ideal in mind.

Lab Tested: Cisco Unified Wireless Network

Cisco Systems sent key elements of its Unified Wireless Network to our Syracuse University Real-World Labs®. These appliances, controllers and APs blur the lines between Cisco's market-leading wired network gear and the enterprise WLAN. (See "Picking the Pieces" , for a rundown of components.)

The Unified Wireless Network is based on the products and technologies Cisco picked up when it acquired Airespace. Cisco says standalone IOS-based APs will still be supported, but companies looking for superior management tools and advanced functionality, such as fast roaming, mesh services and location capabilities, should consider phasing in UWN devices. Click here for info on migrating from autonomous wireless networks to the newer architecture.

Those planning new Cisco controller-based networks, or expanding existing ones, will need the WCS (Wireless Control System). For testing, we entered a floor plan of our lab with an aerial map view, specified the type of APs and antennas we wanted, whether to optimize for coverage or capacity, and our throughput expectations. While WCS provided an educated guess at how many APs we should deploy, its features are not as comprehensive as those found in some third-party planning tools.

We also evaluated WCS' monitoring and reporting capabilities. We quickly saw an aggregate view of network health from a dashboard that provides data on controllers, APs, rogue APs and client activity, and we could drill down to specific devices and events. We generated canned reports on items including client counts, transmit power and channel and AP activity, based on historical data from the previous seven days. While the reports are elementary, they provide trend information. Overall, the built-in security-monitoring and reporting capabilities will meet the basic needs of enterprises without specific compliance or regulatory requirements; others may want to consider a wireless IDS/IPS system.

We also investigated the Unified Wireless Network's location-tracking, guest-access capabilities and the ability of the architecture to serve enterprises with branch-office locations. We were impressed with location tracking, and Cisco's upcoming 4.0 software and hardware release should ease the creation of guest credentials. A wide range of AP and controller choices provides flexibility in configuring remote locations.

For more in-depth information on our testing, including performance, pricing and future standards support, see our full Unified Wireless Network review .

We issued an RFI to get a snapshot of what Cisco's competitors are doing in the enterprise WLAN market. Aruba Networks, BlueSocket, Colubris Networks, Extreme Networks, Extricom, Meru Networks, Proxim Wireless, Siemens, Symbol Technologies, 3Com and Xirrus answered these questions; a summary of their responses is available here. and full RFI responses are here.

1. Architecture. The approach to design of enterprise WLAN systems varies among vendors. Enterprise IT professionals evaluating system purchase decisions often seek to gain a greater understanding of the approach taken by each vendor. Describe your overall architectural approach to enterprise WLAN solutions.

2. Wired/Wireless Integration. Many enterprise IT professionals are unsure whether they should focus on a single vendor for their wired and wireless networks or if a wireless overlay solution is a better choice. Provide your perspectives on this issue. If you are a company that offers an integrated solution, please explain the benefits of this level of integration, providing specific examples wherever necessary. If you are an overlay vendor, explain the benefits of such an approach and provide reassurance to those skeptics who feel it is best to look to a single vendor for wired and wireless LAN systems.

3. Security. The ratification of the 802.11i standard and its subsequent incorporation into the Wi-Fi Alliance's WPA2 certification program has some in the industry concluding that enterprise WLAN security challenges have been solved. However, most enterprise IT professionals realize that WPA2 is just one part of the security problem; that a multilayer, end-to-end wireless security solution that addresses authentication, authorization, monitoring, mobility and end-point security is required for enterprise-class WLAN systems. Explain how your solution meets these security challenges and to what degree these security services are integrated or dependent on third-party solutions.

4. Guest Access. Increasingly, IT professionals are being called on to accommodate the needs of guests who wish to gain Internet access while visiting their facilities. Providing guest access while ensuring that it does not violate internal security policies or result in significant administrative overhead or inconvenience can be quite challenging. Describe the capabilities of your system to facilitate guest access services.

5. Performance and Scalability. Many forward-looking enterprise IT professionals envision a day when wireless is the default mode of network access within their organizations. However, there are concerns that existing systems may not be scalable enough to meet these emerging needs, both as relates to a campus deployment as well as a distributed deployment where wireless services need to be provided at a large number of geographic locations. Explain how your solution is capable of meeting these scalability challenges and, using metrics of total number of APs, total physical locations or total concurrent users, describe your largest wireless installations. You do not need to provide explicit reference to the organization, though we encourage you to provide us with such references if your customers are willing to talk to us privately.

6. Availability. As WLANs make the likely transition from secondary network access method to primary network access method, and wireless applications become more mission-critical, redundancy and high-availability become more critical elements of the enterprise WLAN purchasing decision. Explain the high-availability features offered with your product line and describe other features that enhance availability, including system failover capabilities. Also, assess the incremental costs associated with implementing these system capabilities.

7. VoIP Support. The ability to support VoIP and other real-time applications are becoming increasingly important on enterprise networks. Wireless VoIP in particular has attracted significant interest, particularly in organizations that are committed to VoIP on their wired networks or have mobile voice requirements that aren't easily or cost-effectively met using cellular phones or private two-way radio systems. Describe how your system has been designed to accommodate these needs, and provide one or more examples of organizations that have implemented voice services using your system. You do not need to identify that organization by name but you should at least describe its business requirement and the scope of its installation.

8. Design and Deployment. The cost of implementing an enterprise WLAN involves not only the cost of network hardware and software, but also staff time required to design and implement the system. To address these challenges, most vendors provide capabilities to facilitate site surveys and/or develop a logical model of the WLAN prior to installation, either using integrated tools or by relying on integration with a partner's offering. Describe the design and deployment capabilities of your system and provide an example of an installation where a customer has benefited from these services.

9. Monitoring and Management. As enterprise WLANs expand from tactical hotspot installations to pervasive deployments, monitoring and management capabilities become increasingly important for facilitating deployment, enforcing policy and compliance, solving service problems, as well as proactively addressing capacity and performance issues. Describe your monitoring and management capabilities, making explicit reference to how your system meets the management and operational needs of users, helpdesk staff, network engineers and IT managers.

10. Advanced Services. While all enterprise WLAN systems are expected to provide basic network access services, some vendors are developing specialized capabilities, including location services and asset tracking, to enhance their offerings. Describe any unique capabilities or services that your customers have found important in making their system purchase decisions.

11. Distribution Model and Partnerships. Describe your business model for delivering solutions to customers. You should describe the role of direct sales and sales-support staff as well as any distribution channels through which you operate. If a significant proportion of sales come through partners, describe your strategy for ensuring that partners are knowledgeable enough to sell, deploy and support your systems. Also, if you have other industry partnerships that you feel are relevant to our readers, briefly describe them.

12. Cost. While true cost of deployment and ownership is often related to the underlying system architecture, the cost of software and hardware components often represents a significant proportion of those costs. Provide manufacturer suggested retail pricing for the most common elements of your solution, including access points, switches/controllers, management systems and software service modules. Also, describe the hardware and software maintenance costs associated with your solution.

• Download WLAN Market Full RFI Responses:

• 3Com
• Aruba
• Bluesocket

• Colubris
• Extreme
• Extricom
• Meru
• Proxim Wireless
• Siemens

• Symbol
• Xirrus

• Download Synopsis Tables of RFI Responses (.PDF)