The Plunge Into Wireless

Where Is the Action?

First off, the WLAN market is profitable. WLAN vendors' revenue doubled in 2001 to $1.2 billion and leapt 21 percent in the fourth quarter, according to analysts at Redwood City, Calif.-based Dell'Oro Group. Research firm In-Stat/MDR projects WLAN shipments will climb from 3.3 million units in 2000 to 23.6 million in 2005.

"The enterprise-class WLAN market grew 38 percent in 2001," says Dell'

Oro analyst Greg Collins. "We're predicting 31 percent growth for 2002."

id
unit-1659132512259
type
Sponsored post

The challenge is to identify and play in the arenas that are growing the fastest. "The key areas for us are conference rooms and sales floors," says Tim McNicoll, a systems consultant with Little Chute, Wis.-based Heartland Business Systems, whose customers include a two-store retail outlet, a 12-location nursing home and potentially a golf course interested in a wireless link from its clubhouse to its maintenance center. "[But, in general, lots of our customers are asking about wireless."

Established markets for WLANs include manufacturing, distribution, health care and universities. But wherever goods or people are constantly in motion, WLANs can reduce deployment costs, improve productivity and increase the timeliness of information flow. Prospecting for WLAN opportunities within existing customers is a VAR's key advantage.

"Wireless is an extension of existing LAN infrastructure, not a replacement for wired LANs," explains Ken Haase, director of product marketing for WLAN-maker Proxim.

Enterprises are starting to put WLANs into conference rooms, training centers and branch offices, according to Eric Blaufarb, manager of technical marketing for Cisco's Wireless Networking Business Unit. And there is growing popularity in the education market.

"Education has money for WLAN and a need for it," says Jeff Manning, business manager for Agere Systems, maker of the Orinoco line of WLAN products. "There's almost a fear factor among universities in today's economy. They need students, and students are basing part of their decisions on perks, such as wireless access."

Retail chains, too, are serious about wireless, reports Gilles Ganault, 3Com's wireless products manager. Smaller VARs, however, will do better with local retailers, cautions Jim Portaro, CTO and co-founder of wireless integrator NeTeam, Akron, Ohio. "Nationwide chains have been wireless for years," he says, "and their IT buyers don't allow high margins." Bars and restaurants are also WLAN prospects.

Many WLAN implementations last year consisted almost entirely of products based on the IEEE 802.11b standard. Its deployment highlighted

limitations and security holes, but those issues will be addressed by new standards.

802.11b: Full of Constraints

802.11b transmits data via the unlicensed radio frequency (RF) range of 2.412 GHz to 2.484 GHz. The 802.11b standard divides this spectrum into 14 data channels at roughly 5-MHz intervals. But the 30-MHz signal used by 802.11b spans adjacent channels, limiting 802.11b to four channels in the same location. In the United States, where WLAN operations are restricted to channels 1 through 11, only channels 1, 6 and 11 are usable. Such constraints seriously compromise the flexibility of 802.11b WLANs.

In a simple WLAN, an access point (AP) device is wired to a traditional LAN via a standard Ethernet port. The AP is set to operate on one of the available data channels. Client devices are equipped with radio cards, which communicate with the AP, connecting the devices to the wired LAN.

802.11b provides a maximum data rate of 11 Mbps, but protocol overhead and access delays reduce real throughput to roughly 6 Mbps, which is shared among all clients. Furthermore, the data rate automatically drops back as the signal/noise ratio increases with distance. Under ideal conditions, the indoor data rate drops to 5.5 Mbps at some 125 feet, 2 Mbps at 175 feet and 1 Mbps at 250 feet. Throughput falls proportionately.

Placing APs so their coverage areas overlap enables a greater range while maintaining acceptable throughput. But adjacent APs must use different channels to avoid interfering with each other,and only three channels are available.

WLAN design is complicated by 802.11b's constraints. The rest of the world also makes things difficult: Other devices can interfere with 802.11b signals, including microwave ovens, 2.4-GHz cordless phones and Bluetooth devices. Office neighbors sometimes have to coordinate their placement of APs and selection of data channels. A thick concrete or steel-reinforced wall can enable your WLAN and your neighbor's to coexist on the same channel. But steel elevator shafts can create dead spots in the coverage area.

The 802.11a standard alleviates some of those problems. It operates in the relatively empty 5-GHz to 6-GHz RF band, avoiding most interference. 802.11a supports eight data channels. Its maximum data rate is 54 Mbps, yielding two to five times more throughput than 802.11b.

802.11a will never be interoperable with 802.11b because the two standards operate on different RF bands. However, the forthcoming 802.11g standard will extend 802.11b's data rate to 54 Mbps while retaining downward-compatibility with existing 802.11b equipment. Current 802.11b users will likely wait for 802.11g (expected next January) unless they

urgently need to fill pockets of high-bandwidth demand in their wireless networks. But speed and range are relatively minor issues compared with the big bugaboo plaguing WLANs: security.

Securing WLANs

The security features specified in the 802.11b standard are called wired equivalent privacy (WEP), which includes 40-bit, RC4-based encryption to protect data from passive eavesdropping. It also lets an administrator define a key for client authentication, but the key is static and shared among all clients.

Early in 2001, security researchers discovered flaws in WEP's implementation of RC4, which makes WEP easy to crack. Today, software that can "sniff the airwaves" for WLAN traffic and crack WEP in less than 15 minutes is freely available. Further, 802.11b provides no way to distribute new keys. If the shared key is compromised, someone will have to manually enter a new key into every AP and radio card. Vendors have added variations of 128-bit encryption, dynamic WEP keys that change from one session to the next, and RADIUS and VPN support, among others. But such proprietary enhancements work only among each vendor's products.

One way to remain vendor-independent is to put all APs on a VPN. You may be able to use a customer's existing VPN. If not, consider Colubris Networks' APs, which have built-in VPN and firewall functionality.

RADIUS and Kerberos, a network authentication protocol, can also supplement or replace WEP. Windows XP includes the IEEE 802.1x standard, which provides access control and dynamic key distribution using the extensible authentication protocol (EAP).

Vendor-agnostic WLAN security appliances are available from Bluesocket, ReefEdge, Vernier Networks and Ecutel. Sitting between the APs and the wired LANs, the products provide centralized management, user authentication, access control, rights management, VPN functions and quality of service. They're

fairly inexpensive; Bluesocket's WG-1000 box supports up to 15 APs for about $6,000.

The IEEE is currently working on 80211i, the enhanced security standard that will apply to 802.11a, b and g. 802.1x is in draft version. WEP encryption will be replaced in stages. Firmware upgrades to the Temporal Key Integrity Protocol (TKIP) are expected this summer. New WLAN chipsets incorporating the advanced encryption standard should arrive in the second half of 2003. More security services will be incorporated into 802.11i, but we may wait six months to three years for it.

Meanwhile, VARs face a bewildering selection of WLAN vendors and products. Let's look at the industry leaders from a VAR's perspective.

Choosing a Vendor

We looked at four vendors in detail, based on Dell'Oro Group's 2001 market-share figures and other analysts' opinions.

%95Cisco: Cisco shipped more than 18 percent of all 802.11b units in 2001, and the vendor's dominance in enterprise infrastructure gives it a big edge.

The products: Cisco launched its first 802.11a product, the Aironet 1200 AP, last month. It ships with a swappable 802.11b radio card and a second slot for an 802.11a card, enabling support for both standards in the same physical area.

Cisco's Aironet 350 series includes APs, client cards, a workgroup bridge that connects up to eight Ethernet devices to an AP, and a building-to-building bridge. All Aironet products support 802.1x and 128-bit WEP.

"Wireless was the first Cisco specialization program we introduced, in February 2001," says Surinder Brar, senior director of worldwide channels. "It's been very successful. We have certified over 1,200 wireless VARs."

VAR support: To obtain Cisco's wireless specialization certification (and the product discounts that accompany it), a VAR must train at least two people to fill three roles: account manager, systems engineer and field engineer. Cisco provides free online training and engages third-party firms for face-to-face classes worldwide. Classroom training costs about $2,000.

%95Agere Systems: Agere shipped 11 percent of 802.11b units in 2001; to date, Agere doesn't offer 802.11a products.

The products: Agere's line includes five APs. The low-end AP-200 and AP-500 units feature 128-bit WEP, access control table authentication and a single, non-swappable radio card. The AP-1000, AP-2000 and AS-2000 systems support two swappable radio cards, allowing versatile configurations. A starter system would include one radio card. A second card can be added and set to another channel to provide twice the bandwidth in the same area. Alternatively, one card can be configured as a point-to-point bridge, while the other remains a point-to-multipoint AP. With two cards, you can add 802.11a to an AP while retaining support for 802.11b users.

For security, the AP-1000 features 802.1x, RADIUS-based MAC authentication and 128-bit WEPPlus, Agere's proprietary encryption algorithm that eliminates the most easily cracked WEP keys. So does the AP-2000, with the addition of user-name/password RADIUS authentication. The AS-2000 access server, designed for public-access WLANs, uses Agere's proprietary advanced mobile security architecture.

Orinoco client cards are equally diverse. PCI/ISA adapters are sold separately from the radio cards they support. If an Ethernet- or USB-enabled device does not have an open slot, it can be plugged into an external Ethernet/serial con-

verter box that contains a radio card.

VAR support: Agere is committed to rebuilding the VAR channel it lost when it was spun off from Lucent Technologies early last year. "We sell only via VARs now. Our direct-sales force identifies large opportunities and passes them to the channel," Manning says. Today, Agere has only a few hundred U.S. resellers, and two-thirds of them are authorized only on home and SOHO products.

Agere recruits VARs through free one-day road shows, where participants can register to buy low-end products. They also get $1,000 coupons applicable to the $1,500 three-day training courses that qualify them to sell the entire line.