Some of the biggest names in the wireless LAN industry recently unveiled products that could help define the next stage for enterprise wireless networks.
The products are from hardware vendors Aruba Wireless Networks Inc., Cisco Systems Inc. and Symbol Technologies Inc., and software vendor Network Chemistry Inc., which offers a wireless intrusion-detection and -prevention system. As a whole, the offerings define an enterprise WLAN as an infrastructure that:
– Supports 802.11g and 802.11a radios at the same time, for maximum capacity.
– Marries user and device information with centralized security policies.
– Expands control over the airwaves, to combat rogue connections and minimize interference.
“The big question is, how do you manage the security and reliability of the WLAN, and do that in a way that’s operationally efficient?” says Abner Germanow, program manager for enterprise networking and WLANs at IDC. “That’s one of the common elements you can see in these and other recent announcements.”
Cisco, which dominates the access point market with a 40 per cent share, now is selling its first access points – the Aironet 1130 and 1230 – with 802.11g and 802.11a radios already installed. In the past, some of the single-radio Aironet devices could be upgraded by plugging in a second radio.
Symbol now offers a similar dual-radio access point, the AP300. It’s the first Symbol product to support 802.11g, which some vendors first offered a year ago. Symbol delayed until it got the kind of 802.11g silicon it wanted from chipmaker Conexant Systems Inc.
These twin-radio access points not only work with any WLAN client, 802.11b, g or a, but also dramatically increase WLAN capacity. Together, 802.11g and 802.11a offer 15 radio channels at each access point. This means more users can share a larger data pipe, with a data rate of 54Mbps, than is possible with just the three channels of 802.11b.
Extra channels are good, says Craig Mathias, an analyst at Farpoint Group. “You want to optimize for capacity,” he says. “The pitch we make to our end-user clients is, you’re going to get a lot more capacity (with more channels), and you’ll need that capacity as you start to put things like voice calls on your WLAN net.”
Cisco’s Aironet 1130AG, in a plastic case with built-in omnidirectional antenna for wall mounting, costs US$700; the 1230AG casing meets codes for installation above drop-ceilings, and can be matched to various directional antennas. It costs US$1,000. Symbol’s AP 300 costs half that amount.
The AP 300 is a thin access point,stripped down to little more than the two radios, with intelligence shifted to the WLAN switch. The intelligence is in Symbol’s WLAN switch products. The company is releasing Version 1.5 of its software for the WS2000 switch, which combines an access point with a stateful firewall, Power-over-Ethernet support, a WAN uplink and storage in a compact, four-port box.
The new software supports Advanced Encryption Standard encryption and the rest of the 802.11i security standard, including Pairwise Master Key (PMK) Caching. PMK caching is a technique for sidestepping the need to re-establish security each time a wireless client moves to a new access point, according to Gary Singh, senior director of marketing for Symbol. WS2000 pricing is unchanged at about US$1,000.
Switch vendor Aruba is expanding its switches, called Grid Controllers, to become a kind of security clearinghouse not only for wireless but now for wired clients. These controllers can run applications or link with third-party applications for anti-virus scanning and updating, intrusion detection, and content filtering. Using Aruba’s Grid software and hardware, network administrators can create and enforce a range of security, authentication and access policies and apply them to a given user accessing the network with a given device.
The 6000 Grid Controller has a two-port Gigabit Ethernet line card and a supervisor module that can process 3.6Gbps of encrypted traffic. The 6100 model doubles that to 7.2Gbps.
Aruba’s wireless Grid Points are in essence WLAN access points that tunnel traffic to the controller for processing. The new 2E Grid Point is for connecting wired clients into the Aruba controllers for security. The PC plugs into the grid point, which connects to the Ethernet LAN. Aruba expects these to be used first to secure Ethernet ports in conference rooms and other open areas.
The company plans to ship these in early 2005.
Better control over the radio waves is the focus of new software from Network Chemistry, a company founded in 2002 to create an intrusion-protection system called RFprotect Enterprise for WLANs. Radio sensors monitor all transmissions and funnel information back to server-based programs for analysis and alerting.
“We looked at several products but most of them just sniffed (wireless) packets and reported this data back,” says Josh Anderson, a security analyst with a Fortune 500 utility, and a Network Chemistry user. “Network Chemistry went to a deeper level. They can say ‘this traffic pattern shows a specific vulnerability or attack.’ They’ve turned these patterns into events and made them easily identifiable.”
RFshield is a new program that can disconnect or block unauthorized WLAN connections. In effect, it launches a denial-of-service attack against such connections but without disrupting legitimate users.
Also added to RFprotect is RFanalysis, which compares wireless packet performance with measured radio signals and other electromagnetic noise. The data can be used to detect interference, and identify a range of performance problems such as intermittent cross-talk between channels. RFprotect 3.1, with both new modules, starts at about US$1,200. The RF sensors cost US$600 apiece.
Intrusion prevention is one of the hottest WLAN topics as archrival AirDefense Inc. recently extended its product line. And Cisco, which has been outpaced by these start-ups, now is improving its capabilities by announcing an integration deal with AirDefense.
The companies are writing code so that the AirDefense application will be able to use Cisco’s Aironet access points to scan the radio band for rogue wireless devices and be accessible by the Wireless LAN Solution Engine, a Cisco management platform. This interoperability will be ready in early 2005.
