John Cox: Does Microsoft

Whatever Microsoft Corp. may have done wrong with Windows XP, it looks like it has got one thing absolutely right: the so-called “native support” for wireless LANs.

With such wireless capabilities in XP, Microsoft shows it understands one thing very clearly: users are no more interested in the technical details of wireless communications than those of cell phones or televisions. What users want are the benefits of a wireless link, which they’ll assume is there just as they assume electricity is there when they plug a toaster into a wall outlet.

The wireless support in XP may make upgrading to the new OS more appealing to enterprise users, because that feature is not available in Microsoft’s existing operating systems. Wireless support is designed to make wireless connectivity an invisible and always-available element of XP-based clients.

But there are going to be teething problems. According to user postings on various Usenet groups (most of these folks used earlier builds of XP, not the final release), testers have had mixed results with the wireless features, especially the so-called Zero Configuration tool. Zero Configuration is software that is supposed to automatically configure the wireless network interface card (NIC) to connect with an available wireless net. The NIC scans for nets within range, and then passes these to Windows XP. An XP wireless configuration service then configures the NIC for a given wireless net.

If no 802.11 net is within range, Windows XP will automatically set up the NIC for “ad hoc” networking – peer-to-peer communications with other laptops or devices that also have a wireless LAN card.

Microsoft has added at least two other important, related capabilities. One is the first large-scale client implementation of the proposed IEEE 802.1x security standard, which sets up port-based network access control to authenticate users. The wireless LAN access point serves as the XP client’s authenticator for accessing the network, relying on Microsoft’s Internet Authentication Server (IAS), a Remote Authentication Dial-In User Service (RADIUS) server, to actually validate the client credentials.

Microsoft and Wayport, which provides high-speed Internet access to users in hotels and airports, both tested the implementation this past summer at the Seattle-Tacoma airport. The laptops were able to “find” the Wayport wireless LAN service at the airport and then set up a secure, authenticated connection.

Basically, the access point “challenges” a client device that comes within range; the client reveals its identity, which the access point passes on to the RADIUS server for authentication. The RADIUS server asks for the client credentials to confirm the identity, and the client sends these via an “uncontrolled port” on the access point. The RADIUS server validates the client, and issues an encrypted authentication key to the access point. The access point uses the key to securely send other keys to the client. If desired, the access point can require the client to periodically re-authenticate.

According to one wireless LAN vendor, up to 99 user profiles can be stored for different networks (home, corporate, airport public access, and so on), along with any combination of user IDs, passwords, encryption codes, etc. All of this data can be used automatically by Windows XP to create a secure wireless link between the NIC and the appropriate net.

The second added capability is based on several enhancements to the Windows 2000 code that lets the OS detect a network and then act appropriately. Windows XP can detect when the client device moves to a new access point: it can force a re-authentication, and detect changes in the IP subnet to create an appropriate IP address, or select from several address configurations stored in the XP client.

According to Microsoft, these changes will do away with the need for Mobile IP to act as a mediator for clients, and efficiently handle a range of issues associated with roaming between nets. Access points can now share among themselves such data as station location, which is used for message delivery. This is made possible by a new protocol called the Inter-Access Point Protocol. The protocol is not part of the IEEE standard but it is supported by several wireless LAN vendors, according to Microsoft.

Up and down the line, XP is getting strong support from equipment vendors. Agere Systems has unveiled a dual-slot Access Point 200, which uses the XP and 802.1x security protocols and incorporates the 32-bit PCMCIA slot needed to plug in the 54Mbps 5 GHz 802.11a interface cards that are now available. The AP 200 will ship this month, with a manufacturer’s suggested list price of US$1,295. The AP 200 can work with any RADIUS server. To make use of the 802.1x security features, the client devices must be running Windows XP.

Intersil has released to its OEM customers Windows XP drivers for LAN products based on its Prism line of wireless chips. The drivers are needed because the draft 802.1x standard is not yet supported in the IEEE 802.11b wireless LAN specification, which is the basis of most new wireless LAN products. Other vendors are expected to follow suit.

Sony has already unveiled a line of 36 Vaio desktop and laptop PCs, running Windows XP. Some of the new computers, such as the PCG-SRX7, incorporate built-in Bluetooth and 802.11b wireless cards. XP will let these users move among different wireless LANs easily.

Microsoft says one enterprise, GE Capital Information Technology Solutions (GECITS) based in Europe, is upgrading 3,500 laptop technicians to XP, largely because of this native wireless support.

Cox is a senior editor with Network World (U.S.). He can be reached at