Home      This Issue      
   
Volume 2 • Issue 6   

Igniting Revitalization

Turn, Turn, Turn

Staying Power

Up to Speed

Going Green and Saving Some, Too

Wireless on the Go

Wireless on the Go

Growth of centralized wireless
networking spurs new technologyfor reliability and security

By Jeff Davis, Wireless Systems Engineer, Ortronics/Legrand

Wireless and network security are twoof the hottest areas in informationtechnology. Centralized wireless networkingsolutions based on the Institute ofElectrical and Electronics Engineers (IEEE)802.11 Wi-Fi standards are experiencing rapidgrowth and adoption. Much of their successcan be attributed to the advanced managementfeatures and security capabilities that arguablymake wireless as secure as, or more securethan, wired networks.

Centralized wireless vendors work diligently to improve product capabilities so wireless networks look and feel like wired. From a user perspective, wireless provides a host of convenient and advanced capabilities wired networks cannot offer. Some vendors can extend their security models to secure wired ports as well. Such features benefit organizations through more efficient, productive ways to manage users and offer network access.

Centralized wireless networking has also led to advancements in how access points are deployed. Access points no longer have to or should be installed in the ceiling. Today’s thin access points are more aesthetic; some models even have internal antennas for easier installation. Ortronics/Legrand has pioneered the deployment model of integrating wireless access points, known as Wi-Jacks, into structured cabling. Wi-Jacks are mounted flush to the wall, and CAT5 is terminated using a standard 110 punchdown. This installation is ideal for health care, education, business, and hospitality deployments.

Selecting a wireless solution is often a daunting task. These next sections provide a primer on wireless standards and discuss important features and benefits to look for in a centralized wireless solution.

A Groundbreaking Approach

Ortronics/Legrand is the first in its industry to introduce a centrally managed wireless solution that is fully integrated with the structured cabling infrastructure. Ortronics’ groundbreaking approach to wireless marked an exciting evolution in the structured cabling industry and changed the way wireless can be deployed.

Ortronics Wireless Solutions features the new patent-pending Wi-Jack series of wireless access points that mount directly to a wall outlet box, using the same installation practices as a standard wall outlet. The new Wi-Jack Duo is the world’s smallest enterprise-grade dual radio 802.11a/b/g access point that is the size of a single-gang faceplate. The Wi-Jack standalone and workstation are also available in a single radio version with support for .11a or .11b/g. The workstation version allows wireless connectivity and two additional modular ports to support copper, fiber, or coax.

For advanced intelligence, superior security, and easier management, Ortronics Wireless Solutions allows centralized controller management and monitoring of access points with state-of-the-art firewall, intrusion detection, VPN terminations, and radiofrequency (RF) management, all in a single solution. Wireless controllers are available in versions supporting as few as four to 512 Wi-Jack access points and hundreds of users per controller and are stackable for easy scalability in any size wireless deployment.

The following features are available in all wireless controllers:

  • RF management and planning software
  • ICSA stateful firewall
  • User role-based access control
  • Advanced security, 802.1x and 802.11i
  • Intrusion protection system
  • Captive portal and VPN support
  • Support for secure voice over wireless
  • Ortronics Wireless Solutions also offers a power-over Ethernet injector, which acts as a mid-span device to provide power to the access point over a Category 5e or 6 Ethernet cable, eliminating the need for a separate power outlet at each access point location.

For more information on Ortronics Wireless Solutions, visit www.ortronics.com.

Wireless Primer

Wireless local area networks (WLAN) are often called Wi-Fi, 802.11a/b/g, or just plain wireless. Wi-Fi’s popularity is driven by its ability to provide mobility and extend the network by eliminating patch cords that typically connect devices to network jacks or ports. Wi-Fi popularity started in the home, then spread to hotspots, and is now mainstream in most enterprise networks.

Several standards exist to keep wireless equipment development at some level of basic interoperability. The IEEE 802.11 working group provides most of the standards for wireless LAN connectivity via radiofrequency (RF) transmission between client station and access point. The 802.11a, .11b, and .11g standards are the most recognizable.

A few other IEEE standards worth knowing include 802.11n Higher Throughput, 802.11i Enhanced Security, and 802.11e Quality of Service (QoS) Enhancements. These standards provide additional speed, security, and traffic prioritization to better support functions.

The new 802.11n standard has been much anticipated. Its real impact and how it will affect centralized wireless deployments is yet to be seen, however. Since .11n access points are based on new hardware architecture, most, if not all, current a/b/g access points will not be upgradeable. The cost of new .11n access points may slow adoption for customers who have already deployed, whereas new deployments may include a mix of .11n and .11a/b/g access points to serve older client devices. The enhanced security standard, 802.11i provides for strong, robust security through the government-level Advanced Encryption Standard (AES). When coupled with port-based access control, 802.1x, the wireless network exceeds the security on most wired networks.

The 802.11e standard features typical provisions for wireless packet prioritization, which is very important for certain types of latency-sensitive traffic. The use of QoS ensures reserved headroom for delay-sensitive applications. Without prioritization, the quality or reliability of voice-over-wireless phone calls would likely suffer tremendously. Several additional IEEE standards are in active development to extend wireless networking capabilities. While these standards have not been ratified yet, understanding how they might affect your current or future wireless deployment may be important.

Now let’s look at some key features that differentiate centralized wireless network architecture from traditional wireless deployments.

Centralized Architecture

A centralized wireless network architecture typically consists of wireless controller(s) deployed at the network core, in the data center, and/or in individual wiring closets. Regional and branch offices may also have wireless controllers that are centrally managed at corporate. In general, network design determines the placement and number of controllers.

The wireless controller typically acts as a security gateway where all wireless-to-wired traffic is sent to and processed by the wireless controller before being granted access to network resources. Some solutions offer access points that need not be plugged directly into the wireless controller. This concept makes it possible to deploy the wireless controller centrally in the data center and connect access points where wireless is needed (see Figure 1). With the Ortronics solution, for example, all access points automatically create a generic routing encapsulation (GRE) tunnel directly to the wireless controller. All traffic from wireless users is automatically encapsulated and tunneled over the wired network directly to the controller. GRE allows for extreme flexibility in deploying access points and requires very few, if any, changes to the existing wired network.
Figure 1: Pervasive centralized wireless overlay across all sites

Deploying access points anywhere on the network that tunnel back to the central wireless controller is known as overlay deployment. Provisioning wireless as an overlay to the existing wired network eliminates the need to create specific virtual LANs (VLANs) just for wireless and avoids costly upgrades to switches that may not have VLAN capability. For highly secure environments, the access points can also use IPSEC to secure the tunnel between the AP and the controller.

Performance and Scalability

Early wireless controller deployment models put control at the network edge in each IDF. Since then, controller scalability has increased substantially. Current models now support sites requiring from a half dozen to 500 access points. This scalability has allowed universities and other large organizations to deploy hundreds of access points under a single wireless controller without overburdening IT staff with repetitive configuration tasks.

Wireless controller performance has grown steadily as well. It’s typical to have support for throughput of 1 Gbps upward to 8 Gbps with the ability to support from 100 to more than 4,000 simultaneous users, all managed using a single interface from almost anywhere on the network.

Monitoring and Management

Figure 2: Signal coverage heat map by channel

In a centralized environment, you can monitor and manage the entire WLAN from a centralized interface. Some vendors require a separate server for management, while others provide this capability directly on the wireless controller. Vendors also vary on the level of detail available when managing users and access points. Integrated troubleshooting tools are also built in, making it possible to diagnose and fix client and/or access point problems from a central location.

For larger networks requiring multiple controllers, some vendors offer controllers in a master-slave relationship. A single controller is used for monitoring and can also have the ability to push and pull information between other controllers as necessary. This feature is ideal when controllers are deployed at remote sites that have limited or no IT staff. Network administrators with centralized wireless solutions have commented on how important it is to fix problems without having to go to the problem’s location.

Design and Deployment

With traditional wireless LANs, manual timeconsuming site surveys are conducted to determine the exact number and placement of access points for maximum coverage. This step was critically important in earlier deployments where access points could cost as much as $2,000 each. The problem with designing a WLAN based on coverage only is that it does not account for the number of users per access point, a factor that heavily affects performance and user experience. As wireless access becomes more prevalent, designs for denser access point deployments are needed to achieve greater user capacity and better performance.

A more contemporary approach is to deploy access points in areas where users are rather than in the ceiling. Since access points are a shared medium, all clients on a single AP contend for bandwidth and RF access. Ortronics Wi-Jacks are an ideal access point choice for this type of deployment because they can be wallmounted using existing cable runs. By mounting access points in the user area, it allows for denser deployment with less contention. RF obstructions in the user area, such as walls, cubicle partitions, and furniture, allow for small wireless cells that provide higher capacity to smaller groups of 10 to 20 users, which raises the overall per access point performance.

The Differences Between 802.11 Standards:
Standard Data Rate Modulation
Scheme		 Pros/Cons and More Information
IEEE 802.11a
1999		 Up to 54 Mbps in
the 5 GHz band		 OFDM
Twelve available channels. Less potential for RF interference than 802.11b and 802.11g. Better than 802.11b at supporting multimedia voice, video, and large-image applications in densely populated user environments. Relatively shorter range than 802.11b. Not interoperable with 802.11b.
IEEE 802.11b
1999		 Up to 11 Mbps in
the 2.4 GHz band		 DSSS
Not interoperable with 802.11a. Requires fewer access points than 802.11a for coverage of large areas. Offers high-speed access to data at up to 300 feet from base station. Fourteen channels available in the 2.4GHz band (only 11 of which can be used in the United States due to FCC regulations) with only three nonoverlapping channels.
IEEE 802.11g
2003		 Up to 54 Mbps in
the 2.4 GHz band		 OFDM
May replace 802.11b. Improved security enhancements over 802.11b. Compatible with 802.11b. Fourteen channels available in the 2.4 GHz band (only 11 of which can be used in the United States due to FCC regulations) with only three nonoverlapping channels.
IEEE
802.11n*
*expected mid-2007		 Up to 540 Mbps;
anywhere from two
to 10 times faster
than a/g		 TBD
Builds upon previous 802.11 a/b/g standards by adding multiple-input multiple-output (MIMO). MIMO uses multiple transmitter and receiver antennas to allow for extended signal range and increased data throughput up to a theoretical maximum of 540 Mbps.

Adding a Wi-Jack AP to a conference room, classroom, dormitory, or general user area can take less than 20 minutes to install and provision on the wireless controller. In some cases, customers start by mounting access points high on the walls for a coverage model, and then as user count increases, they fill in areas with additional access points, letting radio management set the correct channel and power. In a centralized WLAN deployment with “thin” access points, the need for a site survey is practically eliminated. Sophisticated 3D planning tools based on imported floor plans help model wireless requirements such as data rates and the number and placement of access points. By entering different data rates and types of access points (802.11a or b/g), administrators can dynamically see expected coverage zones and determine how many access points are needed to meet capacity levels throughout a building.

Guest Access

Guest access using Wi-Fi is a great way to offer productivity-enhancing network access to guests, partners, and temporary contractors. A centralized solution architecture typically excels in this area. The best solutions use a captive portal sign-on Web page to place users into a role that has stateful firewall access policies that determine traffic type and which networks the guest user can access. A typical configuration would provide guest access to the Internet while denying access to the internal network.

For contractors, the guest access policies can be modified per user or group level to allow access to specific resources on the internal network. To control guest access further, some solutions employ bandwidth contracts that limit the amount of bandwidth guests can consume. Centralized vendors have also made it possible to provide receptionists and help desks with special access for creating guest logins on an as-needed basis. This type of guest access offers an alternative to protect the internal network from visitors plugging potentially infected computers into conference room ports, which may spread viruses or other types of malicious software.

VoIP Support

Centralized WLAN is ideal for extending voice over IP (VoIP) onto the wireless network. For quality voice-over-wireless performance, the network needs to provide low latency transmission and fast roaming between access points and employ per-AP call admission control (CAC). In simple terms, to avoid latency, it is best to have a solution that can identify voice protocols at the packet level and provide QoS prioritization of voice protocols while all other traffic is treated with normal priority. Moving a voice device from one access point to another should happen in less than 50 ms to avoid reduced sound quality or dropped calls. Most centralized solutions can handle roaming at the controller level, which leads to typical roaming times under 10 ms.

Security

Security has been a major concern for wireless and, to some degree, has slowed its adoption. The ratification of 802.11i (WPA2) was definitely a step forward, but as with securing wired or wireless networks, it’s best to use a layered security approach. Doing so means selecting and applying security as needed from Layer 1 to Layer 7 of the OSI model. This multilayer approach is a very effective and flexible way to treat the different types of wireless devices accessing the network. For example, internal user laptops may employ the highest security level possible, while warehouse scan guns may only use wired equivalent privacy (WEP) with traffic policies that allow for very specific, restrictive access.

Conclusion

It is no surprise that centralized wireless is taking market share so rapidly. Organizations planning to adopt wireless networks may now choose from a number of solid product offerings that are secure and easier to manage and that have the functionality needed for any size application.
Published by QuestCorp Media Group, Inc.