James Wiedel didn’t purchase a product specifically to manage the wireless LAN infrastructure at the University of Southern California in Los Angeles.
Rather, the director of networking at the university’s information services unit relies on the Aprisma Spectrum software already in place to monitor a wired infrastructure of 1,000 switches, 50 routers and 44,000 endpoints. Although he started in the summer of 2002 with just 50 access points, even today Wiedel asks: What’s an extra 250 Enterasys Networks R2 wireless access points?
“I treat my wireless just like my wired net. Both nets require registration, and both nets need to know who you are, where you are and how you are accessing them,” Wiedel explains. “If you’re not a known entity, wired or wireless, you get shut down. We have cable, we have fibre or glass, and now we have air. It’s just another method of transport.”
Wiedel applied established use and access policies for his wired network to the WLANs distributed across all major university buildings and even campus parks. The Spectrum software also can detect wireless access points, read performance attributes off the equipment, and perform traditional management and trouble-shooting analysis based on data collected from the devices and the airwaves. Spectrum provides 802.11-specific extensions to understand the wireless topology and determine signal strength, plus offers capabilities to monitor laptops, cell phones and other devices tapping into the WLAN.
Wiedel’s plan to treat wired and wireless as one entity is a good way to keep WLANs under control and safe from security breaches, according to industry analysts.
It is easy for wireless LAN installations to get ahead of management strategies at the rate WLANs are being installed, market watchers say. Forrester Research Inc. reported in May that 34 per cent of the more than 525 enterprise IT executives surveyed last fall had implemented wireless networks, compared with 11 per cent who had earlier that year. A separate Forrester survey found that 60 per cent of firms plan to increase their wireless deployments this year.
“Firms deploying WLANs must put appropriate policies in place for administering and securing their wireless networks,” Forrester says.
In Wiedel’s case, network users are assigned an ID and password, and have to use them to log on to the wired and wireless environment. To ensure the wireless traffic isn’t vulnerable, Wiedel says, it must go through VPN tunnels. “We force the tunnel, we have encryption in both directions and authentication,” he says.
“Security is tied to management in wired nets, but it becomes glaringly obvious in wireless that the two can not be treated separately,” says Stephen Elliot, a senior analyst at IDC. “Users want their wireless infrastructure as secure as their wired and often then see wireless as just another extension to the wired environment.”
A slew of tools are available for managing WLANs, both from established management software companies such as Aprisma Management Technologies Inc., Computer Associates International Inc. and IBM Corp., and wireless specialists, often with the telltale “Air” or “Airo” in their names.
AirDefense Inc., AiroPeek, AirPrism Inc., AirMagnet Inc., ReefEdge Inc., Roving Planet Inc. and WaveLink Corp. are among companies that address performance and security monitoring on wireless networks. They offer a range of capabilities that include policy enforcement, performance management, security and reporting. Still others such as Blue Socket Inc., Highwall Technologies LLC, Meru Networks Inc. and Network Chemistry Inc. have introduced products to manage radio frequency for WLANs.
The new radio-frequency tools differ from traditional network management applications, which focus on Layer 3 and rely on the fact that IP-addressable devices are physically attached via a wire to the network. These new products use radios to scan the air, pull data from radio chipsets in WLAN devices, and expose via GUIs and alarms what’s happening on the Layer 1 wireless connection. As such, they go beyond the capabilities of expensive, specialized and bulky wireless protocol and spectrum analyzers used in wireless engineering.
Yet IDC’s Elliot says scalability can be a concern with products from smaller and specialized vendors. IDC expects about one-quarter of the 20 WLAN management start-ups to merge, be acquired or die off as veteran management software makers expand their offerings to include wireless nets.
Among those big vendors is CA, which recently said it has been working with beta customers on Unicenter Wireless Site Management, a product that uses server and agent software to discover WLAN users and devices, monitor performance and bandwidth, and secure access to wireless nets.
Maurice Ficklin, director of technical services at the University of Arkansas at Pine Bluff, worked with CA on its beta software and, like USC’s Wiedel, says he treats his wireless assets the same as his wired assets. Securing the WLAN didn’t pose a new or significant challenge because he applied the same security policies and use requirements to his WLAN. “Unicenter overlays our entire network, wired and wireless,” he says.
The software maps the wireless network and uses agents on wireless devices to ensure those tapping into the network are authorized. A wireless laptop without a Unicenter agent on it, for example, would not be allowed to gain access to the WLAN.
HP in June announced its partnership with WaveLink and the integration between OpenView wired network management software and WaveLink Mobile Manager. Others, including Aprisma, Concord Communications Inc., IBM, Micromuse Inc. and System Management Arts Inc., say their software detects and manages availability and user access to wireless assets. The companies have yet to announce separate products to tackle wireless management.
“IBM Tivoli looks at wireless as just another endpoint to manage along with other more traditional endpoints,” says Steve Wojtowecz, director of strategy at IBM Tivoli. “Separating wired and wireless systems management is not the most effective approach when you consider redundancies and lost productivity resulting from having to manage two separate systems.”
Users and industry watchers would like to see more and better tools for identifying and stomping out rogue WLAN access points and end users, which represent security and net performance threats.
Vendors such as AirMagnet Inc., Network Associates Inc.’ Sniffer Technologies, Fluke Networks Inc., Network Instruments LLC and Finisar Corp. have introduced wireless protocol products to address the problem. These work by sniffing wireless airwaves to detect unauthorized activity but in some cases still require network managers to lug a device around a campus.
“The access points just run into each other. It’s a real mess, and the only way to see them is to go out and resurvey your entire network,” Wiedel says.
IDC’s Elliot says the emergence of 802.11x in products as an authentication method will help to weed out rogues.
– With files from John Cox, Network World (U.S.)