Receive new posts as email.
RSS 0.91 | RSS 2.0
RDF | Atom
Podcast only feed (RSS 2.0 format)
Get an RSS reader
Get a Podcast receiver
| Sun | Mon | Tues | Wed | Thurs | Fri | Sat |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | 3 | 4 | 5 | 6 | 7 | 8 |
| 9 | 10 | 11 | 12 | 13 | 14 | 15 |
| 16 | 17 | 18 | 19 | 20 | 21 | 22 |
| 23 | 24 | 25 | 26 | 27 | 28 | 29 |
| 30 | 31 |
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator or JiWire, Inc.
Entire site and all contents except otherwise noted © Copyright 2001-2006 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Powered by
Movable Type
Apple adds enterprise features to the iPhone, including 802.1X, and opens it to developers: Today’s announcement from Steve Jobs was full of surprises, including the fact that Apple licensed Microsoft’s ActiveSync for full Exchange support, and the level at which developers will have access to iPhone hardware and information.
The 2.0 software, free to all current owners of iPhone, will be available in June, which kind of tips the hand as to when we’ll see a 3G iPhone, too, I imagine. iPod touch owners will pay a “nominal” upgrade fee, as Apple books iPhone revenue over 24 months and iPod revenue as units are sold.
Apple will pile in all the stuff that enterprises demanded from Research in Motion in the Blackberry platform—and that RIM built in—including support for 802.1X (including WPA2 Enterprise) for authenticated Wi-Fi login, two-factor authentication, certificates, and additional VPN types. They’re also adding “remote bricking,” a critical feature that allows a stolen or misused phone to be remotely and securely wiped.
On the developer side, Apple is opening up the whole puppy in a way that I didn’t expect. I assumed the firm would put limits on whether the cell data connection could be used by apps, but not restrict the Wi-Fi side. The announcement puts nothing off limits except VoIP over cell data, although there’s a list of characteristics that software can’t contain, such as being malicious or a bandwidth hog. All software is distributed and installed via App Store, available on an iPhone or in iTunes for synchronization. This includes free software. Apple will therefore vet, and ostensibly be able to halt use of programs that exhibit behavior they deem bad. Jobs said, “We can turn off the spigot if we need to.” Every app will be signed by a developer certificate.
Developers can have access to location information provided by Google (cell towers) and Skyhook (Wi-Fi) for use in their programs. No mention was made of privacy settings for such. Skyhook’s Loki toolbar requires that you grant permission to Web sites that want to obtain your location details; I expect a system-wide approach to that, too.
No mention was made today of a few particular problems with iPhone security, such as the ability to tunnel and traverse a VPN across multiple network media, such as using an iPhone for a secure connection while you travel from work, across the EDGE network, and to hotspots. This likely could be built on top of the enterprise features. You’d also need policy management, such as disallowing certain kinds of connections without a VPN being active or over non-trusted Wi-Fi networks.
Certainly, this is a big step forward for corporate users, mobile applications, and consumer ease on the iPhone platform. The beta is available today to developers; you can become a developer for $99. Amazingly, Apple’s developer site crashed and is still unavailable two hours after the press conference ended.
Posted by Glennf at 1:05 PM | Comments (0)
Cisco releases full details on problem at Duke: While widely reported that one or two Apple iPhones out of about 150 used on Duke University’s Wi-Fi network were bringing down groups of a dozen to 30 access points at one time, it turns out it was a Cisco fault all along that the iPhone triggered. A Duke assistant IT director initially blamed the iPhone for the problem. He later posted a note on his blog that he “regret[ted]” sounding quite so sure it was the iPhones’ fault.
Cisco’s security advisory, “Wireless ARP [Address Resolution Protocol] Storm Vulnerabilities,” explains how in a very particular set of circumstances, a mobile device moving between access points and retaining certain information could cause Cisco network controllers to produce a storm of ARP requests. When I first heard about this problem in email from Miller—I declined to write about this because I thought it was too speculative at the time—the 18,000 ARP requests being made per second seemed like far too high a number to be produced over a wireless connection by a single mobile device.
While the advisory doesn’t cite the Duke situation, the company confirmed that the Duke situation was what triggered this advisory and update, according to Network World.
The iPhone is now in the clear as the culprit, just the trigger. It’s likely we’ll see more vulnerabilities and bugs show up, however, because of the extreme mobility and promiscuity of the iPhone. It’s willing to connect to any network it knows whenever it sees it, and to hop off onto EDGE whenever the network performance drops too low.
Posted by Glennf at 10:34 AM | Comments (0) | TrackBack
Network World reports that Bluesocket will release MIMO access point: Bluesocket has an enterprise-scale wireless LAN system that specializes in policy-based management and access control. The new AP will cost $795 when it’s available in July, twice its predecessor, but MIMO’s increased coverage area could reduce the amount of equipment necessary by more than 50 percent. Less equipment reduces per-AP expenses for management, too.
Posted by Glennf at 6:05 PM | Comments (0) | TrackBack
Hotspot and access point aggregated management software company Sputnik expands, updates its product line: The company specializes in providing a centralized console that allows management and reporting across a network of Wi-Fi access points, whether for academia, hotspot networks, hotzones, or companies.
Sputnik Server 110 is a 1U rack-mounted server pre-loaded with 10 AP licenses and the Control Center software for $2,699; additional licenses can be purchased. The company’s new AP 210 ($279) has a 285 milliwatt transceiver and the 260 ($399) has two such radios. They’re designed for extended coverage, and can handle, the company says, point-to-point links of up to two miles. They have the nice feature of keeping traffic isolated, so that users on the network can’t turn on promiscuous mode to examine other users’ data.
They also released a Linksys WRT54GL firmware image which allows the new Linux-based model (an old model renumbered and sold at a higher price) to run the Sputnik Agent software. The firmware works on older WRT54Gs and all models of WRT54GS. They’ll sell you preflashed WRT54GLs for $99 and WRT54GSs for $109.
Posted by Glennf at 2:30 PM | Comments (0) | TrackBack
The WLAN management tool company adds radio features, site planning: I’ve spoken to a number of IT managers, largely but not exclusively in academia, who turned to AirWave as a way to better manage often hetergeneous wireless LANs that are comprised of equipment from many vendors. Some prefer AirWave to vendors’ own management tools, too.
The latest version of their software includes site planning with visualization overlays—which boiled down means they can show RF patterns on a drawing. The planning tool doesn’t offer simulation of signal propagation, which are part of other vendor-specific tools.
This version also adds rogue access point detection using the wired LAN as a primary tool to ferret out commodity APs without requiring constant network scanning. (This assumes undisguised APs, of course.) The company has extended the makers and brands of access points and switches they support, as well.
This new version ships this month.
Posted by Glennf at 12:46 PM | Comments (0) | TrackBack
Software aggregates up to 1,000 nodes; 4.9 GHz gear for public safety and first responders: Any time you start assembling networks with many identical pieces, these pieces need aggregated management. It happened by 2002 in the WLAN space, with several companies offering (and still offering) tools to configure up to thousands of WLAN APs at once.
Firetide now offers their HotView Pro mesh management software for up to 1,000 of their nodes. The software coordinates tasks, like load balancing across different routes, and can treat multiple meshes as a seamless entity for managing data flows.
The 4.9 GHz space in the U.S. has become very active lately, with many companies deciding that the public safety sector interest in wireless needs to be acted upon using existing equipment rejiggered to handle the licensed spectrum. Firetide’s HotPort 4.9 GHz equipment will be part of the enormous Rio Rancho, N.M., deployment.
Using the 4.9 GHz public safety band ensures that first responders and public safety officers and workers will have access to unfettered bandwidth—no worries about local Wi-Fi networks or hotzone congestion.
Posted by Glennf at 1:22 PM | Comments (0) | TrackBack
The press release avoids the word “hack,” but Sputnik isn’t working with Linksys, just its routers: The Linksys WRT54G is one of the bestselling routers in the world, and its firmware uses software that comes with a variety of open-source and free software licensing requirements for publishing changes. Thus, there are many projects which hack the Linksys, turning its inexpensive hardware into powerful components of larger systems, like mesh networks. (Switched WLAN is more difficult as Linksys uses Broadcom chips, which do not have open-source but only binary distributions.)
By using a commodity AP, which has always been Sputnik’s plan, they allow powerful centralized network management and monitoring through their applications, and that’s where they insert value and extract revenue. The AP cost becomes so low that’s its efficient to deploy more of them since management time and expense doesn’t grow per AP.
Sputnik’s Agent software works on the Linksys WRT54G and WRT54GS. Read the press release.
Posted by Glennf at 9:47 AM | Comments (0) | TrackBack
iPass now supports 3G: The Sierra Wireless AirCard 580 can be supported using iPassConnect, the front-end software that iPass sells to corporate customers for their roaming employees to have access to tens of thousands of hotspots and hundreds of thousands of dial-up numbers worldwide. Adding 1xRTT and EVDO in the U.S. means that one more component of mobile data is now swept under a centrally managed and metered plan.
Posted by Glennf at 9:29 AM | Comments (0) | TrackBack
You have nothing to lose but your cubicles and your sense of day-to-day security: Companies are starting to look big-time into allowing flexible work environment that don’t lock people into a single cubicle or office. This allows them to use office space more densely but flexibly and lets people work more to their liking. Of course, some people like a cubicle, don’t they?
One of the drivers for increased mobility is that thin APs require less management—a claim long made by thin AP makers and confirmed when Cisco bought Airespace—and greater flexibility. It’s clear Microsoft chose Aruba not just because they were thin, but because their approach is commodity-driven with enterprise-class management: that is, magic in the APs is less important than magic in the central console. (Microsoft may also have chosen Aruba because of its remote AP option in which APs can be added using IPsec security over any remote Internet network.)
The other drive is, of course, 802.11i and its integration into branded standards as WPA2. With WPA2 Enterprise, companies finally feel like they have the strongest possible security at their disposal.
The companies discussed in this excellent article have found big cost savings across the board, but those also come with more worker satisfaction and increase productivity.
I’ll be curious on a long-term if workers without a place to hang their hat reliably every day who do spend most of their time in an office feel less tied to a company. In a classic Dilbert, after offices are deassigned, Wally moves his stuff around in a grocery cart and engages in office graffiti.
Posted by Glennf at 12:44 PM | Comments (0) | TrackBack
Aruba beats out Cisco (Airespace), Trapeze: The Microsoft campus and worldwide offices will be upgraded from its current Cisco infrastructure to use 5,000 Aruba access points, part of a WLAN switched network. The Wall Street Journal reports the deal covers 281 buildings in 83 countries to support 25,000 simultaneous Wi-Fi sessions. One of Aruba’s bits of magic is IPsec tunneled remote APs that can use a centralized switch located over a WAN.
This is an enormous win for Aruba, which has been accumulating customers, but it seemed that the safe money was on Cisco because of the Airespace acquisition.
Posted by Glennf at 10:00 PM | Comments (0) | TrackBack
The first fruits of the Airespace acquisition produce a tracking device: The Wireless Location Appliance 2700 allows network managers to track anything with a Wi-Fi adapter in it, whether the adapter is part of a Wi-Fi-based RFID tracking system for high-priced assets (like hospital equipment), a laptop, or an employee with a Wi-Fi VoIP phone.
In a briefing earlier this week, Cisco managers explained that assets and individuals can be tracked both over time and in real-time with thousands of devices trackable per location appliance. This would, for instance, allow a company to pinpoint when a device had moved out of a building and disappeared—allowing them to check that date and time with various security cameras.
The appliance works at relatively high protocol layers and has an API that will allow it to be integrated into other systems that already handle the front end of asset management, such as PanGo Locator offered by PanGo Networks. With companies already tracking assets by number in these systems, tying them into a real-time display can allow hospitals—and early and obvious market—to know precisely where equipment is before it’s needed.
Cisco acquired Airespace mere weeks ago and this is the first fruit of collaborative labor between existing Cisco product teams and the upstarts with their fancy lightweight access points.
Posted by Glennf at 3:01 PM | Comments (1) | TrackBack
iPass says they have 20,092 hotspots in 51 countries: The enterprise mobile worker connectivity firm has been aggressively courting operators around the world to amass this portfolio which includes 55 networks. Sprint PCS now claims over 19,000 hotspots in their fixed-fee network, and it would be interested to do a side-by-side comparison—but also quite difficult.
iPass uses metered rates for hotspot, dial-up, ISDN, and wired access for its customers which allow corporations to use a single network login both within their enterprise and with the iPass Connect client software. Instead of each user paying a fee for unlimited access on a number of networks, iPass aggregates not just networks but usage. So a worker who is on the road a few days a month may average out the usage of a worker who is constantly on the road. From a cost containment standpoint, this approach appears to be one that enterprises like. But it requires scale of locations especially for international companies or those with international sales.
Sprint PCS aggregates locations from SBC, Boingo, AirPath, Wayport, STSN, and other, but the majority of their locations are domestic. They offer unlimited usage plans for businesses on a per-user basis that can include metered rates for dial-up. They also offer a client. Sprint PCS works extensively with enterprises, too, in some cases building their networks through a managed services division.
I would not have thought a few weeks ago that the battle for corporate hotspot pocketbooks would be fought between iPass and Sprint PCS. But here we are. Sprint PCS is in the middle of a large transition as a carrier with its Nextel merger in the works; iPass is a publicly traded firm that once had a stock price five times higher than today and market cap of well over a billion dollars.
Moving into competition with Sprint PCS may not be a bad thing for iPass at all; it’s good company.
Posted by Glennf at 10:26 AM | Comments (0) | TrackBack
It’s not clear whether “open-source” means boot our code in this scenario: Aruba has released its bootloader, a method by which an access point with the right hardware can load Aruba’s AP code when detected by its central WLAN switch on a network. That’s all well and good, but it doesn’t bring much to the table—yet. Aruba promises more. In this article at Linux Pipeline, I examine the promise of open source for Aruba and the industry, and get a little into the issue of the latest proposal for WLAN switch AP interoperability.
Posted by Glennf at 8:08 AM | Comments (0) | TrackBack
We called him crazy, but he just kept coming at us: Peter Judge writes about Extricom, the company that produced a barrage of what appeared to be overblown throughput claims last November, but now offers enough details to evaluate their technology. Their claims of huge throughput weren’t across the entire system—that is, 1 Gbps everywhere—but rather aggregated throughput from multiple cells on the same network using the same channels.
The system promotes channel reuse by leveraging the collision detection that’s at the heart of 802.11 and Ethernet systems to better use the empty spaces that are wasted in routine Wi-Fi communication. Each Extricom switch has multiple thin APs on the same channel. The switch decides which AP handles which client without switching channels, and thus the client doesn’t change its connection (which means handoff latency is reduced far below any conventional system) and the switch maximizes the use of the RF space.
APs are coordinated at the switch level to avoid interference, but the 802.11 specification can handle co-channel interference as well. Between those two parts, the amount of interference is dramatically reduced. The goal is to allow many simultaneous voice conversations by bringing each client’s available bandwidth as close to the maximum throughput for their particular standard.
The only complaint from a test site seems to be the current eight-AP limit on their first switch model. That model will ship in May for $8,000 to $14,000 based on quantity and options like Power over Ethernet, according to the Techworld report. A 32-port switch will follow in the fall.
It’s ingenious, and I’ve confirmed that this could work (if implemented properly) with a Wi-Fi expert. It’s too bad they didn’t explain this more clearly six months ago.
Posted by Glennf at 3:18 PM | Comments (0) | TrackBack
Sprint now claims 19,000 hotspots in its aggregated network: The company announced that it will gain another 6,000 locations from Quiconnect, 3,800 from Fiberlink, and several hundred from Pronto, Opti-Fi, and Nomadix. (The Fiberlink locations are actually resold from Boingo’s aggregation platform, although that fact isn’t mentioned anywhere.)
Sprint previously had arranged deals with SBC, Wayport, Airpath, STSN, and Concourse, as well as limited bilateral roaming with AT&T Wireless (now Cingular) for airport access. Those locations must have totaled 10,000, although I’m having a little difficulty adding up all of the component networks.
One of the key elements Sprint is pushing is its Extended Workplace, a way of having a single user interface for connecting across all kinds of communications methods, including dial-up, Wi-Fi, cell data, and Ethernet. Extended Workplace provides companies with a way of enforcing end-user policies, like VPN usage or anti-virus protection—just as with software from remote-access providers like iPass.
Pricing for Extended Workplace is $120 per month per user for unlimited Wi-Fi and Sprint PCS Vision (its brand name for 1xRTT data service) with additional metered fees for dial-up and other connection services.
The article bizarrely quotes a Sprint business development manager stating that Sprint started building airport Wi-Fi service in 2000 and now has seven airports. Now I’ve been writing about and researching airport Wi-Fi since 2000, and I can state categorically that Sprint didn’t start getting into the business as a provider until 2003. If they were providing the back-end outsourced services, then they were handling it for Nokia and other companies without revealing their brand at the time. Nokia, Wayport, and MobileStar unwired the first airports in North America that I’m aware of all before 2001.
Posted by Glennf at 6:10 PM | Comments (0) | TrackBack
Microsoft and VeriSign have own flavor of how to protect networks from infected computers: This new architecture will be based on Microsoft’s Network Access Protection (NAP) and VeriSign’s Unified Authentication platforms. It’s supposed to protect networks by checking that a laptop trying to connect over Wi-Fi has been issued a clean bill of health with the latest patches and virus definitions, among other factors.
But this announcement doesn’t mention a press release from yesterday from the Trusted Computing Group’s Trusted Network Connect specification will also work with NAP. The TNC spec allows computers that connect to a network through any medium to validated for security before being allowed access. It ties nicely into 802.1X port-based authentication. If a computer fails validation, it’s segregated on a protected VLAN that only offers access to patches and updates, but can’t reach the rest of the network.
Posted by Glennf at 8:36 AM | Comments (1) | TrackBack
Trapeze has added support for several Cisco APs: WIth a command-line change, a Cisco AiroNet 350, 1100, or 1200 can be part of a Trapeze-managed WLAN switched network. This should make it an easier sell for Trapeze VARs walking into Cisco-oriented enterprises, especially with Cisco VARs and direct sales folk trying to push new Airespace equipment into existing installations. This announcement ranks up there with AirWave’s recent 3.1 version bump that allows AirWave’s software management tool for WLANs to handle Cisco Airespace devices, too.
Posted by Glennf at 10:55 AM | Comments (0) | TrackBack
In-Stat says that WLAN switches will become more prevalent, but not as stand-alone devices: As Mobile Pipeline explains it, Ethernet switches will increasingly incorporate WLAN functions making the use of thin access points (most radio intelligence) a given but the centralized functions won’t require specialized hardware. The article specifically notes that Aruba and Trapeze may face difficulties on their own; Airespace was acquired by Cisco.
There’s another course for Aruba and Trapeze and similar companies to take, one that I think we’re seeing the early directions toward. Instead of selling centralized hardware and specialized APs, move to centralized software that runs on commodity PCs that integrators and VARs can configure. The value would move entirely to the switching software. Aruba and Trapeze’s SLAPP proposal is one step in that direction for removing specialized requirements from APs; the next step would be to agree on a standard featureset with extensions that could loaded by individual switches.
Posted by Glennf at 8:53 AM | Comments (1) | TrackBack
AirWave’s multi-vendor WLAN management tool now has Airespace support: Version 3.3 will support configuration of the Cisco Airespace WLAN switch controllers and access points. This is fairly significant given AirWave’s existing support for other Cisco devices and Airespace’s success in shipping boxes to academia and enterprises leading to Cisco’s acquisition.
Posted by Glennf at 11:48 AM | Comments (0) | TrackBack
We’re all headline slap happy with introduction of WLAN switch standard SLAPP: The idea isn’t to make fun with acronyms, but rather to find a standard baseline for switch-based access points that will allow switchmakers to focus their efforts on centralized support and turn APs into commodity items. Almost all industries eventually migrate into this modality, but problems in getting agreement among highly competitive vendors on CAPWAP (Control and Provisioning of Wireless Access Points) and LWAPP (Lightweight Access Point Protocol) led to SLAPP: Secure Light Access Point Protocol.
Trapeze and Aruba apparently put their engineers together on the problem and produced a standard they took to the Internet Engineering Task Force (IETF) to replace an expiring LWAPP proposal.
In SLAPP, the only issues addressed are getting an AP provisioned and into switch mode. Trapeze and Aruba both announced proposals in recent weeks around this issue: Aruba went the open-source route, releasing a bootloader for Atheros reference designs that use a Motorola PowerPC; Trapeze is working with partners to incorporate their bootloader into commodity hardware. Fundamentally, both approaches are similar.
The actual operation of the switched APs would still be proprietary, but at least a commodity device to boot from any compatible image under SLAPP.
Posted by Glennf at 3:55 PM | Comments (0) | TrackBack
Xirrus launches its wireless LAN array: In a briefing last week, Xirrus executives explained that their product combines the utility of a wireless LAN switch with a single footprint that can coordinate frequency and signal pattern across as many as 16 channels using a combination of 802.11a and 802.11b/g with sectorized antennas. Gigabit Ethernet carries the traffic to and from the array; a redundant failover Gigabit Ethernet port and a 10/100 management port ensures throughput.
The WLAN array comes in three configuration: four ports, eight ports, or 16 ports (models XS-3500, XS-3700, XS-3900). All three models can work in 802.11a, b, or g mode for each radio, with up to 12 for 802.11a and up to four for 802.11b/g. Xirrus has baseband-level control of the radios which allows them to adaptively and dynamically change the signal strength and antenna scope. Because they’re sectorized, that means each radio can serve a greater distance if needed than the typical indoor omnidirectional antenna—or back off as the RF environment requires.
The arrays have what are now required features of any switch: VLANs, multiple SSIDs per switch (up to 16), QoS, and assignment to VLAN based on authentication, SSID, or other factors. One of the radios on any model can be set to work as a monitor for security threats, like rogue access points.
The arrays can be managed using Layer 3 tunneling with a centralized platform, the XM-3300, which can handle up to 500 WLAN arrays. Because there’s an extra 10/100 interface, the management can be entirely out of band of the actual network traffic. The arrays are powered with 48-volt DC which requires either direct electrical wiring for an AC adapter or the use of DC power over Ethernet—not the standard kind, but their 48-volt variety—that ties into their Remote Power System (XP-3100) at over 300 feet of Cat 5 Ethernet cable.
The Xirrus array is the logical extension of the WLAN switch concept. One of the early gating factors for WLAN switching was the necessity for all traffic to be routed from an access point back via Ethernet to a physical switch which had to manage all the data coming and going. While this added the benefit of VLAN-based roaming that was independent of a physical switch location, it also tied bandwidth to the computational and switching capacity of that centralized switch device. (Symbol’s first “access port” system had only 10/100 Mbps Ethernet out the back even though it could aggregate hundreds of Mbps in its first incarnation.)
As the switch market as matured, makers have continued to wrestle with this problem by using Layer 2 tunneling to virtual switches, but there’s only so much power and GigE you can throw at that problem as long as traffic must be routed. Xirrus’s idea of putting centralized intelligence in a hub-and-spoke model of smarts that takes radio frequency control and switching and mixing them together is intriguing: they’ll have to deliver on reduced cost of deployment, management, and increased throughput to sell their product. But there’s an air of simplicity about it that should roil the WLAN switch market.
The array costs $3,999 for a four-port unit, $6,999 for eight ports, and $11,999 for 16 ports. The management platform costs from $4,999 for a 10 array manager up to $24,999 for a 500 array manager. The remote power system costs from $1,999 to power four arrays with three $999 modules that can be plugged in to power an additional four arrays each, or up to $3,996 to power 16 arrays. The equipment should ship in May. The array design is modular for replacement and radio upgrades.
An interesting sidenote to Xirrus’s rollout is that they’re investing heavily in the market’s refreshed interest in 802.11a: 802.11a is apparently more and more appealing to businesses as they consider rolling out voice over IP over WLAN. (See our VoWLAN blog.) With 12 nonoverlapping channels that are designed for 54 Mbps—and no 802.11b devices to slow the network down—and 11 more channels on their way, 802.11a is an extremely appealing alternative to 802.11g for voice and streaming media. It’s relatively inexpensive to buy dual-band client cards, and I expect businesses to start making the switch to a/g client purchases as they move forward.
Posted by Glennf at 7:53 AM | Comments (0) | TrackBack
Airespace accepted Cisco’s proposal, leading Alcatel and Nortel to tear up their dance card: Alcatel partnered with Aruba on Tuesday, and Nortel today said that Trapeze will fit into its line-up. Nortel will continue to sell the WLAN 2200 series which was developed with Airespace, but the 2300 embeds Trapeze technology. Alcatel will provide worldwide marketing for Aruba’s products, and Aruba is excited about integrating Alcatel’s Voice over WLAN and security components into its line-up.
Posted by Glennf at 3:14 PM | Comments (0) | TrackBack
The attention that MCI has gotten from its expanded hotspot network is bewildering to me: I cover the industry obsessively, and so I know that MCI is just reselling locations available from Boingo and Wayport. Still, there have been piles of articles trying to articulate how MCI’s hotspot plan fits into their rest of their operations. There’s a strategic goal there, of course, but the articles—not the one linked to, however—often confuse the private-label reseller relationship that Boingo has with MCI (and with Earthlink, Fiberlink, and other companies without -link in their names) and Wayport with, well, everyone, with MCI building out a hotspot network a la SBC or T-Mobile.
Although the IDG story linked to says that the service costs $40 per month for unlimited Wi-Fi/broadband when added to a dial-up and VPN account, it’s unclear exactly how that works as MCI’s Remote Broadband Access FAQ states that wireless charges are in addition to dial-up charges. Just another way in which it’s hard to figure out what, precisely, something costs.
Posted by Glennf at 8:45 AM | Comments (0) | TrackBack
Meru claims it’s more compliant than compliant: Meru Networks issued a very odd press release that stated that although they were already meeting Wi-Fi Alliance certification standards, they resubmitted their gear for “more rigorous tests than are used on its competitors.”
But the outcome is that Meru is…”completely compliant.”
There’s back story here that wasn’t exposed in the release. It sounds like someone has been talking smack about Meru. And now they are compliant, even though before they were…compliant. Sure, that takes the confusion out of the marketplace.
Posted by Glennf at 6:39 AM | Comments (1) | TrackBack
The 802.1X protocol for authenticating users and restricting access is starting to hit the big time: This long feature, which I wrote for Mobile Pipeline, walks through how the 802.1X specification works, how it can be secured, and what benefits it is bringing to businesses and academic institutions that want to segregate traffic, control access, and provide a high level of security to their wireless links.
After talking to vendors and customers, it’s clear that all the pieces needed to make 802.1X a consistently deployed, secure, successful method of authentication are in place. Even better, 802.1X can secure wired and wireless networks with equal ease, preventing rogue access points, unauthorized Ethernet users, and even sticking virus-infected legitimate users on special VLANs to solve their problems before they hit the LAN.
Posted by Glennf at 8:41 AM | Comments (0) | TrackBack
Aruba will release some of its access-point code under open-source licenses: Trapeze may follow: Peter Judge at Techworld reports the fascinating news that Aruba wants more Atheros-based access points to incorporate their secret sauce by making it no longer secret. They’ll post source code on Sourceforge under open-source copyright agreements. This commodifies the AP, pushing Aruba’s intelligence entirely into the controlling switch and reducing overall cost of management. Judge reports that Trapeze is expected to make a similar announcement.
Now wait a minute, your grizzled editor thinks to himself aloud, scratching his head, where have I heard this model before?
Oh, yes: Sputnik. Sputnik’s first centralized management software release through its current one relies on firmware incorporated into access points that they make available at no charge to commoditize the AP and put value into the central controller. But Sputnik is a management tool; Aruba is a switch vendor. It’s interesting to see the model recapitulate itself.
Update: NetGear will pursue Aruba certification for their access points, Tom’s Networking reports.
Posted by Glennf at 8:24 AM | Comments (0) | TrackBack
If you’re interested in where Voice over IP over WLAN is heading in the enterprise, listen to this interview with Telesym: I met over in Bellevue, Wash., today with Telesym, a firm that extends an enterprise-based phone exchange (PBX) system into laptops, handhelds, and “scanners”: bar-code devices used in retail and logistics by store and floor personnel.
I spoke with Mike Houston, Telesym’s director of Marketing, Ken Myer, senior VP of sales and marketing, and Jennifer Gehrt, a founding partner at Communiqué Public Relations about Telesym’s position in the market, but more largely about the future of VoWLAN. (Ken had to leave for a meeting, so I spoke primarily with Mike in this podcast).
You’ll hear at the outset of the recording after my introduction a conversation we had using Telesym technology: I was on a USB headset connected to a Telesym client running under Mac OS X; Mike was on a cellular phone. I had the recorder up to the headphone on the headset; next time, I’ll plug the recorder into the line out on the laptop to better demonstrate the quality.
The audio file is available as an 8 MB MP3 download, a 6 MB MP3 compressed with ZIP, or your podcast-capable news reader should already have identified it.
Posted by Glennf at 4:54 PM | Comments (0) | TrackBack
iPass and Meetinghouse have partnered to improve 802.1X support for mobile enterprise workers: Meetinghouse is one of the two companies focused on 802.1X and integrity checking for networks (Funk is the other), while iPass is the leading enterprise mobile access enabler. The two firms will work together to integrate Meetinghouse’s Aegis client into their iPassConnect client. This is interesting because Funk’s platform is all Windows on the client side, while Meetinghouse has Mac OS X (10.2), Linux, Unix, Windows, Palm, and Zaurus clients.
The overall goals are to make it much, much easier to provide authentication across a system without imposing a higher burden on the user, the enterprise the user works for, or the hotspot operator. This is possible, but it requires some sign-off from each party to make it simpler, which is always the crux of this kind of change.
802.1X provides the highest level of security for the wireless link on a Wi-Fi network by securing the credentials exchange, offering a unique network encryption key, and providing the option to regular change that key without user involvement beyond the initial login.
Posted by Glennf at 2:32 PM | Comments (1) | TrackBack
I’m worn out from reading this exhaustive coverage of WLAN switches in Network Computing: The publication invited 18 companies to be involved in their testing, but only four agreed: Airespace, Aruba, Cisco, and Trapeze. That’s now three companies; the Airespace acquisition by Cisco happened after testing. There’s a long sidebar at the end with explanations from vendors who didn’t participate which is particularly interesting if you were considering purchasing hardware and support software from these companies.
One piece of excellent news is that all four products coped extremely well with WPA2, the certified version of 802.11i, through all of the client and back-end mix and match that author Frank Bulk and his crew threw at the systems. Trapeze is the weakest on integrity detection, an increasing theme for 802.1X and both wired and wireless switches. They also noted that Cisco used a CLI or Web browser to configure its access points instead of the WLSE management system, which was telling.
Most miraculously, the article includes apples-to-apples pricing for three scenarios which is information a company might spend weeks trying to gather from reluctant vendors and integrators.
Posted by Glennf at 12:43 PM | Comments (2) | TrackBack
Hey, don’t get excited—this new Blackberry doesn’t have cell access: The Blackberry 7270 has Wi-Fi built in as well as a VoIP client, but there’s no cellular radio inside, reports Techworld. Instead, it’s designed as a campus-wide enterprise tool that combines voice and messaging. Campus-wide pager systems have been widespread and there’s a growing use of VoIP over Wi-Fi; this is a neat combination of both. But it means some executives will now have to carry two Blackberrys.
Posted by Glennf at 6:33 AM | Comments (0) | TrackBack
With consumer 802.11g costing below $70 for good gear, enterprise APs still run you more than $400 with discounts: There is, of course, a price premium you pay for devices that handle VLAN switching, multiple broadcast SSIDs, and other enterprise-related features. But the difference between the underlying silicon is pretty small (or non-existent) these days. You’re paying a large differential for brand, service, support, integration, firmware, and the firmware’s hooks for management. And switch AP cost even more but provide more flexibility, which should lessen server-room and management costs.
Posted by Glennf at 1:42 PM | Comments (2) | TrackBack
The Wall Street Journal reports Cisco and Airespace have agreed on terms: The deal, first indicated by News.com days ago, values Airespace at $450 million. The company makes a switched wireless LAN product line that leaves radio frequency intelligence in the access point and moves intelligence into the switch. Cisco’s product line has smart APs which track the user AP by AP instead of across a switch. Cisco confirmed the deal with a press release this afternoon.
The deal will allow Airespace to solve a major problem affecting WLAN switch vendors, only partially solved by them introducing their own Layer 2 switches: dealing with the bottlenecks of pumping traffic across their centralized switches from increasingly speedy and loaded WLANs. With Cisco’s expertise in the increasingly common 10 Gbps Ethernet switches and backbones, this should allow Airespace to more easily extend their intelligence without bogging down networks.
This becomes especially important when networks speed to 100 or even 400 Mbps on the edges. With just one or two gigabyte Ethernet ports on a switch, it doesn’t matter how smart you are: you just run out of room.
Airespace has a reported total of $58 million of investment dollars, making a nice return on the deal. [Thanks to Frank B. for the Cisco press link.]
Posted by Glennf at 12:35 PM | Comments (0) | TrackBack
Colleges are the bleeding edge of WLAN technology: I wrote this piece for Mobile Pipeline (my first for them) which started out as a more general best practices article for giant WLANs, and morphed into an article about college WLANs. Why? As I explain in the story, giant WLAN enterprises don’t want to talk on or off the record about what they’re doing. Academic institutions are happy to oblige.
Schools also have the disadvantage of having to support many, many generations of equipment and operating systems. You can’t tell a professor to take a flying leap, and some schools may still have five-year-old laptops and desktops that still have to be integrated.
It’s clear that 802.1X is the next big trend for both schools and enterprises. It solves many problems while adding tremendous policy flexibility. Using 802.1X and L2TP means that you can have smaller VLANs that are segregated by policy, group, or even randomly to balance users among VLANs.
Posted by Glennf at 11:34 AM | Comments (0) | TrackBack
I’ve been saying it for months and months: It’s been crystal clear to me that Cisco did not have an internal WLAN switch strategy, and has its biggest problems in dealing with issues that switches can solve, which is policy-based VLAN assignment for WLAN users across network segments. News.com reports that a deal may be in the work for Cisco to buy Airespace, which is the leading marketshare vendor among the startup switch makers with seven percent of the market. I’ve thought Airespace was a 100-percent Cisco target, and am just surprised its taken this long to hear about a deal firming up.
Cisco’s intelligence is in the access point, which means that hand-offs are coordinated at the AP level, making VLAN roaming and other related issues pushed out to the edge or handled by Ethernet switches, which doesn’t work very well for mobile users. Airespace handles the logical part of this in the switch: the AP is a radio with some intelligence, but it’s not the smartest part of the network.
Cisco has obviated some of its shortcomings in this area—and, of course, it has massive strengths in other areas—by turning WLSE, its centralized management tool, into as much of a switch-like controller for signal strength and other factors as it can.
Update: Om Malik has more commentary on this issue, noting that Airespace may rack up (pun intended) a large deal to upgrade Microsoft’s network, and that Juniper might also be interested in acquiring Airespace. It’s like the late 1990s, except with actual customers and revenue.
Posted by Glennf at 6:26 AM | Comments (0) | TrackBack
Instant802 offers manufacturers mass-profile possibility for access points: Instant802 makes the software for service providers and manufacturers that runs their APs. For instance, the Gateway AP series that I have praised in the past uses Instant802 firmware. They’ve released an Enterprise Managed AP (EMAP) platform which allows many APs to be configured as if they were a single AP. This is a fascinating way to sidestep large-scale management through a cluster profile, because the platform handles load balancing, beacon assignment (up to four SSID names per AP), and channel selection. Call it a plug-and-play enterprise solution.
Posted by Glennf at 9:52 AM | Comments (0) | TrackBack
Microsoft was early campus-wide WLAN deployer, but needs new technology: The company has made extensive use of its WLAN infrastructure, but is facing the same growth pains as everyone else. There’s no capability for VLANs, so all users get the same network privileges, making it impossible to offer guest access without them having set up a separate guest WLAN. Microsoft was an early 802.1X user, too, deploying an internal public-key infrastructure based method (EAP-TLS) which required the irritating installation of individual certificates on every computer that connected to the WLAN.
What was good for Microsoft was good for the industry, too, resulting in the good and ever-better implementation of Wi-Fi support within Windows XP. It still baffles me, however, that there’s no location and profile manager as Apple has had for what I think is going on a decade. Even with Windows XP, you have to set up preferred networks that can be accessed universally as opposed to specific networks for specific location profiles.
Microsoft is taking bids, and I wouldn’t be surprised if a WLAN switch vendor wins based on the requirements that they have for VLANs across WLANs and the entire campus, alongside their new interest in VoIP.
Posted by Glennf at 9:34 AM | Comments (0) | TrackBack
AirMagnet released an upgrade to its site survey tool: There are now two versions of the tool, one aimed at network managers the other designed for consultants and site surveyors who build wireless LANs for a living.
Some of the capabilities of the survey tool sound similar to Trapeze’s RingMaster software, which helps IT managers construct their Trapeze networks. AirMagnet seems to be adding more and more functionality such that in some regards it is moving into the territory of the appliance vendors, like a Bluesocket or Reefedge.
Posted by nancyg at 5:00 PM | Comments (0) | TrackBack
GigaBeam puts multi-gigabit-per-second wireless into lower Manhattan: Using a carrier-neutral interchange, GigaBeam is using point-to-point wireless gigabit connections in the 71-76 GHz and 81-86 GHz range. Prices weren’t noted. The company plans to hit 10 Gbps in 2005.
Posted by Glennf at 2:20 PM | Comments (0) | TrackBack
Om Malik alerts us that ReefEdge has had layoffs; he muses about their future: Om points out that the WLAN market slice for new players is exquisitely small with AireSpace taking the biggest part of that tiny piece of pie. ReefEdge is a switchmaking focused on policy issues, and Om can’t get them to return his calls. He reports on the swirling rumors, which he has been unable to get the company to talk about.
Om asks, The big question, however remains for the venture capital community: how do you evaluate a start-up that is involved in highly commoditized business like WiFi? This question is equally valid for the enterprises looking to buy WLAN equipment. The ultimate end game is certainly acquisition by the big players of niche switch firms, and Airespace has seemed an obvious Cisco candidate for months and months.
Posted by Glennf at 12:07 PM | Comments (0) | TrackBack
Chipmaker Engim and WLAN monitoring firm AirMagnet partner for powerful three-radio-in-one solution: Engim’s chipsets can provide the equivalent of several radios within a single design. The chips process all of the signals in the 802.11a, b/g, or a and b/g bands (depending on configuration) and then dole out the details to on-board media access controllers. This lets them coordinate and analyze frequency use in a way that multiple physical radios cannot.
The neat part of this is that the silicon gives access to the spectral picture in a way that can be broken off and used separately. Airespace was the first firm to combine spectrum analysis with WLAN access points in a single device, and they accomplish this by licensing the code from Atheros that gives them access to the baseband; Trapeze now offers the same. However, a partnership between Engim and AirMagnet on Engim’s reference design will allow the two companies to offer three radios in a single box in which two can be set to be access points and a third can be a dedicated AirMagnet monitor.
AirMagnet’s system can track performance problems on a network, identify rogue access points (unauthorized Wi-Fi), and detect intrusion. Like most monitoring software, it can even disable rogues through a denial of service attack focused on the “illegal” access point.
Rich Mironov, vice president of marketing at AirMagnet, explained in an interview that the company has never wanted to be in the hardware business, but that until now they have needed to create and sell their own overlay of sensors for a WLAN. This partnership will allow them to transition gradually to a pure software business. Mironov said, “We’ve taken all of our sensor software and we’re putting it inside the Engim device.”
“Today, you might be buying three separate devices, two access points and one of our sensors, and here we have the chance to roll that into one physical device at much lower cost and much lower deployment cost,” Mironov said. The Engim reference design has not yet been sold to any OEMs, or companies that will integrate the design into their own product needs, but announcements are expected in the near future from WLAN switch makers.
All WLAN systems outside of Airespace and Trapeze that offer monitoring using access points have to drop the AP’s clients, switch to monitoring mode, gather information, and switch back to AP mode. This disrupts low-latency connections, such as voice over WLAN (VoWLAN), and isn’t elegant. Even switchmakers agree, but it’s necessary that they offer such an option to companies that didn’t want to deploy a separate AirMagnet or other monitoring network. Mironov pointed out that such an approach misses critical data, too. “If you don’t maintain a sort of stateful constant watchful view of what’s going on, you miss all the interesting attacks,” he said.
AirMagnet is in the remarkable position right now of having their prototype version of the software that will be embedded in Engim’s design ready to go—they’re just waiting for the deals to be inked and the production lines to run to finalize specific featuresets for each vendor.
The Engim design can be used either as a two AP/one sensor configuration or as three APs. Mironov said that companies might install one or two Engim-based units with three APs enabled for every one configured with two APs and one sensor. (Trapeze Networks offers dual-radio APs in which one radio can be turned into a sensor in the same fashion.)
Posted by Glennf at 7:20 AM | Comments (0) | TrackBack
