Wireless local area network (LAN) hardware has reached commodity prices. For as little as £50, anyone can pick up a basic WiFi access point. Plug-and-play technology means that wireless connections can be up and running in a matter of minutes.
This might be good news for the mobile worker, but for the IT manager it can quickly turn into an ordeal. Failure to keep up with demand for WiFi networks can lead to the establishment of ‘rogue’ hotspots, which can punch holes in corporate network security policies. “If IT managers are not deploying WiFi quickly enough, employees will plug and play themselves,” warns Jon Weatherall of Hewlett-Packard’s networking business.
Nor is security the only issue that IT departments face when it comes to installing WiFi. Designing a good network – one that gives the right coverage across a site, allows roaming between access points and yet does not encourage hackers or ‘war chalkers’ to come along for a free ride on the LAN – is tricky. Managing network assets, including the access points themselves, also requires careful planning.
Better tools, though, are available. “Wireless LANs are, in some ways, meant to be insecure, that is how they are designed,” says Andrew Allison, director of mobile computing for Intel UK. “What we do – and what we recommend – is to use a VPN [virtual private network]. You can now implement straightforward, off-the-shelf security solutions for WiFi.”
All the same, security is by no means the only issue that stands in the way of an efficient wireless LAN project. Planning the system for optimal coverage takes skill, as wireless signals are prone to interference.
Access points can even interfere with each other. As almost all wireless LANs are extensions of fixed networks, existing network designs should also be taken into account.
Enterprises will also want to design a system that maximises their investment in the technology. Individual access points might be cheap, but a poorly planned network will take longer to pay its way.
Weatherall believes that the message is getting through. He cites growing demand among businesses for intelligent network switches and access points that use power over Ethernet. The access point itself might be a commodity item, but companies with large networks want to combine it with intelligent switches that can act as gatekeepers to the corporate network, he says.
Mix-and-match
HP and other high-end vendors, such as Cisco Systems, have technologies that allow enterprises to run multiple services over a single wireless LAN. This might include ‘vanilla’ Internet access for visitors, extranet access for contractors and full access for staff.
“If you can mix and match all this in one infrastructure, with the same level of security, it can be a huge advantage,” says Weatherall.
Consulting firm Cap Gemini Ernst &Young is one company that has deployed such a ‘second generation’ wireless LAN. The company has wireless access in its Paris headquarters, as well as its corporate university just outside the French capital. As many as 80% of its employees work with laptops, with only administrative staff using fixed workstations.
“We had a large number of access points, but they were not well organised,” says the company’s European chief technology officer (CTO), Jean Paul Figer. “We decided to build a dedicated wireless LAN infrastructure. This now separates traffic. We have Internet-only access for visitors.”
Access to the network is controlled by a combination of VPNs and smart-card based certificates for users. The technology supports hot-desking and gives far greater flexibility for a company where most staff spend a lot of time out of the office and on the road.
But the cost savings have also been more or less immediate. “The cost of an access point, to us, is about the same as the cost of a Cat 5 [fixed Ethernet] outlet,” says Figer. “But an access point serves more than one machine.”