• Home
• Archives
• Newsletter
• Career Center
• White Papers
• Contact

Hot IT Jobs

Hiring to Process Orders for Big Brands, Data Entry. $45/Hr

Director, Data Warehouse and Database Administration (Netezza an

.NET Programmer/Analyst

Animation Studio Sales Position

Database and Information Technology Specialist

Wireless LANs

Mobile devices impact WLANs

Make certain that the devices used for business purposes have been certified for interoperability.

by Christian Gilby

With the proliferation of new communication devices on the market, enterprises face a challenge to their networks as they implement wireless local area networks (WLANs). Increasingly, businesses can expect to have many workers bringing their own mobile devices onto the corporate network. These devices (e.g., smart phones, portable game players, media players) are being brought into the enterprise with or without the approval of the IT department, and they can significantly impact network performance and interoperability.

The top challenges enterprises face in dealing with the growing number of emerging mobile devices are reliability, security and service quality. The WLAN system should provide security mechanisms to ensure that only approved devices are allowed access to the network, while blocking unapproved devices.

Additionally, new mobile devices should not be able to disrupt the operation and availability of the WLAN. Since many WLANs are now being utilized for mission-critical applications, the system should also ensure that these new mobile devices do not cause quality-of-service degradation for these applications.

According to the Wi-Fi Alliance, as of October 2007 there were more than 4,000 certified devices across many product categories, including access points, computers, adapter cards, video cameras, digital media players, gaming consoles, phones and PDAs. Certification testing on these devices, performed by the Wi-Fi Alliance, focused on three key areas:

• conformance to the IEEE 802.11 standards;
• compatibility with other certified products in many configurations, ensuring that devices will work with products available today, as well as new products developed in the future that comply with the certification requirements; and
• performance of devices for common applications, with the testing going beyond basic protocol interoperability to ensure that the devices meet a minimum performance level.

When selecting a WLAN system, enterprises should choose a solution that has been certified for interoperability with 802.11 client devices by the Wi-Fi Alliance. Also, choosing clients such as phones, laptops and other devices that have been certified by the Wi-Fi Alliance as interoperable can help eliminate operational headaches down the road. Enterprises can determine if a product has been certified by going to: http://certifications.wi-fi.org.

For devices that will be used for business-critical applications, companies should verify that their WLAN vendor has an interoperability program in place, has tested performance of the device and application combination, and certifies the device meets the performance requirements of the enterprise. If the WLAN vendor does not have this in place, the enterprise will need to perform its own testing in order to ensure it can support the applications. This will address the interoperability concerns for enterprise-controlled devices.

Wi-Fi is being embedded in a wide variety of consumer electronics. Employees bring these devices into the workplace and expect to connect to the corporate network. Typically, these devices have not been tested by the enterprise, nor are they supported or endorsed by the company. These devices also often access the WLAN without the user's knowledge, as the radios are usually enabled by default.

As consumers continue to buy new gadgets as fast as they debut, these devices are also brought into the enterprise before they have been certified for interoperability. Occasionally, a new device may disrupt the network so severely as to cause a network outage. A key consideration is to find ways to ensure these applications do not disrupt the mission-critical applications running on the network.

One way this can be done is to maintain a database of authorized devices and have the WLAN system verify each device's hardware ID prior to letting it access the network. Many of today's WLAN systems provide a mechanism, often called RADIUS MAC filtering, that can be used to perform this validation for any of the extended service set IDs (ESSID) on the system.

If an enterprise uses this approach, it should create and maintain a database of hardware IDs for all of the enterprise resources. RADIUS MAC filtering will perform a database lookup on the RADIUS server by sending the hardware ID (MAC address) of the mobile device to the server in an access-request message prior to allowing the device to associate to the WLAN access point. The RADIUS server will then send back either an access-accept or access-reject message to the WLAN, indicating whether or not the device should be allowed onto the enterprise WLAN.

If the enterprise wants to provide a basic, non-guaranteed service for non-authorized devices, then a separate ESSID can be created. This ESSID can provide Internet access by placing the users on a separate virtual LAN that keeps this traffic off the corporate intranet and is outside the corporate firewall. This can be utilized to serve visitors and guests to the enterprise, as well as employees with wireless-enabled personal devices, without compromising network security.

For this guest ESSID, use a captive portal for user authentication to ensure that only authorized guests and employees can make use of this service. This also allows companies to track devices for security or for resolving network issues. Users can also be required to enter a user ID or e-mail address and password to be granted access. This device hardware ID can then be associated with a user in case there are any issues encountered.

Since many of the new devices entering the enterprise are multimedia devices, the quality of service (QoS) for applications should be assured. For example, users could be using applications for watching TV from the WLAN. In order to preserve the reliability and QoS for business applications, enterprises should enable the WLAN system's QoS features for critical voice, data and video applications on the corporate ESSID, while providing best-effort service for the guest ESSID. This ensures that bandwidth is reserved or prioritized for critical applications.

With planning, companies can maintain the integrity of an enterprise WLAN even with the proliferation of new devices. Key to this is ensuring interoperability by making certain that the devices an enterprise utilizes for its business purposes have been certified for interoperability by the Wi-Fi Alliance or tested by the WLAN vendor through an interoperability program. All other devices should be placed into the lower priority guest access ESSID, and the WLAN system's QoS features should be enabled to ensure that the new devices do not disrupt traffic.

Christian Gilby is product line director at Meru Networks, Sunnyvale, Calif.

 For more information (click here)