Receive new posts as email.
This site operates as an independent editorial operation. Advertising, sponsorships, and other non-editorial materials represent the opinions and messages of their respective origins, and not of the site operator.
Entire site and all contents except otherwise noted © Copyright 2001-2009 by Glenn Fleishman. Some images ©2006 Jupiterimages Corporation. All rights reserved. Please contact us for reprint rights. Linking is, of course, free and encouraged.
Novatel Wireless has introduced a sleek mobile 3G router that's seemingly far more than its competition: The MiFi is a cellular router due out in the first quarter of 2009, with pricing not yet disclosed. While there are several competitors on the market, notably from Junxion, a firm acquired by Sierra Wireless earlier this year, Novatel claims some unique qualities. The MiFi will have an internal battery that can offer 3G to Wi-Fi bridging for up to 4 hours of use and 40 hours of standby.
The slim unit appears to be designed around an integral card that's not removable, which is a departure from most similar designs, which allow interchangeable cards supplied by an integrator or an end-user. Novatel hasn't yet said what technology will be inside, but it's easier to see both EVDO Rev. A and HSPA versions with slots for inserting the necessary authentication card.
Novatel also says it will differentiate the MiFi by allowing third-party applications to run on the system, and supporting external storage with a microSD slot that can handle formats up to 8 GB. That means that the MiFi could act as a caching Web server, a store-and-forward mail server, a VPN end point, and other purposes as well.
Apple adds enterprise features to the iPhone, including 802.1X, and opens it to developers: Today's announcement from Steve Jobs was full of surprises, including the fact that Apple licensed Microsoft's ActiveSync for full Exchange support, and the level at which developers will have access to iPhone hardware and information.
The 2.0 software, free to all current owners of iPhone, will be available in June, which kind of tips the hand as to when we'll see a 3G iPhone, too, I imagine. iPod touch owners will pay a "nominal" upgrade fee, as Apple books iPhone revenue over 24 months and iPod revenue as units are sold.
Apple will pile in all the stuff that enterprises demanded from Research in Motion in the Blackberry platform--and that RIM built in--including support for 802.1X (including WPA2 Enterprise) for authenticated Wi-Fi login, two-factor authentication, certificates, and additional VPN types. They're also adding "remote bricking," a critical feature that allows a stolen or misused phone to be remotely and securely wiped.
On the developer side, Apple is opening up the whole puppy in a way that I didn't expect. I assumed the firm would put limits on whether the cell data connection could be used by apps, but not restrict the Wi-Fi side. The announcement puts nothing off limits except VoIP over cell data, although there's a list of characteristics that software can't contain, such as being malicious or a bandwidth hog. All software is distributed and installed via App Store, available on an iPhone or in iTunes for synchronization. This includes free software. Apple will therefore vet, and ostensibly be able to halt use of programs that exhibit behavior they deem bad. Jobs said, "We can turn off the spigot if we need to." Every app will be signed by a developer certificate.
Developers can have access to location information provided by Google (cell towers) and Skyhook (Wi-Fi) for use in their programs. No mention was made of privacy settings for such. Skyhook's Loki toolbar requires that you grant permission to Web sites that want to obtain your location details; I expect a system-wide approach to that, too.
No mention was made today of a few particular problems with iPhone security, such as the ability to tunnel and traverse a VPN across multiple network media, such as using an iPhone for a secure connection while you travel from work, across the EDGE network, and to hotspots. This likely could be built on top of the enterprise features. You'd also need policy management, such as disallowing certain kinds of connections without a VPN being active or over non-trusted Wi-Fi networks.
Certainly, this is a big step forward for corporate users, mobile applications, and consumer ease on the iPhone platform. The beta is available today to developers; you can become a developer for $99. Amazingly, Apple's developer site crashed and is still unavailable two hours after the press conference ended.
Cisco releases full details on problem at Duke: While widely reported that one or two Apple iPhones out of about 150 used on Duke University's Wi-Fi network were bringing down groups of a dozen to 30 access points at one time, it turns out it was a Cisco fault all along that the iPhone triggered. A Duke assistant IT director initially blamed the iPhone for the problem. He later posted a note on his blog that he "regret[ted]" sounding quite so sure it was the iPhones' fault.
Cisco's security advisory, "Wireless ARP [Address Resolution Protocol] Storm Vulnerabilities," explains how in a very particular set of circumstances, a mobile device moving between access points and retaining certain information could cause Cisco network controllers to produce a storm of ARP requests. When I first heard about this problem in email from Miller--I declined to write about this because I thought it was too speculative at the time--the 18,000 ARP requests being made per second seemed like far too high a number to be produced over a wireless connection by a single mobile device.
While the advisory doesn't cite the Duke situation, the company confirmed that the Duke situation was what triggered this advisory and update, according to Network World.
The iPhone is now in the clear as the culprit, just the trigger. It's likely we'll see more vulnerabilities and bugs show up, however, because of the extreme mobility and promiscuity of the iPhone. It's willing to connect to any network it knows whenever it sees it, and to hop off onto EDGE whenever the network performance drops too low.
Network World reports that Bluesocket will release MIMO access point: Bluesocket has an enterprise-scale wireless LAN system that specializes in policy-based management and access control. The new AP will cost $795 when it's available in July, twice its predecessor, but MIMO's increased coverage area could reduce the amount of equipment necessary by more than 50 percent. Less equipment reduces per-AP expenses for management, too.
Hotspot and access point aggregated management software company Sputnik expands, updates its product line: The company specializes in providing a centralized console that allows management and reporting across a network of Wi-Fi access points, whether for academia, hotspot networks, hotzones, or companies.
Sputnik Server 110 is a 1U rack-mounted server pre-loaded with 10 AP licenses and the Control Center software for $2,699; additional licenses can be purchased. The company's new AP 210 ($279) has a 285 milliwatt transceiver and the 260 ($399) has two such radios. They're designed for extended coverage, and can handle, the company says, point-to-point links of up to two miles. They have the nice feature of keeping traffic isolated, so that users on the network can't turn on promiscuous mode to examine other users' data.
They also released a Linksys WRT54GL firmware image which allows the new Linux-based model (an old model renumbered and sold at a higher price) to run the Sputnik Agent software. The firmware works on older WRT54Gs and all models of WRT54GS. They'll sell you preflashed WRT54GLs for $99 and WRT54GSs for $109.
The WLAN management tool company adds radio features, site planning: I've spoken to a number of IT managers, largely but not exclusively in academia, who turned to AirWave as a way to better manage often hetergeneous wireless LANs that are comprised of equipment from many vendors. Some prefer AirWave to vendors' own management tools, too.
The latest version of their software includes site planning with visualization overlays--which boiled down means they can show RF patterns on a drawing. The planning tool doesn't offer simulation of signal propagation, which are part of other vendor-specific tools.
This version also adds rogue access point detection using the wired LAN as a primary tool to ferret out commodity APs without requiring constant network scanning. (This assumes undisguised APs, of course.) The company has extended the makers and brands of access points and switches they support, as well.
This new version ships this month.
Software aggregates up to 1,000 nodes; 4.9 GHz gear for public safety and first responders: Any time you start assembling networks with many identical pieces, these pieces need aggregated management. It happened by 2002 in the WLAN space, with several companies offering (and still offering) tools to configure up to thousands of WLAN APs at once.
Firetide now offers their HotView Pro mesh management software for up to 1,000 of their nodes. The software coordinates tasks, like load balancing across different routes, and can treat multiple meshes as a seamless entity for managing data flows.
The 4.9 GHz space in the U.S. has become very active lately, with many companies deciding that the public safety sector interest in wireless needs to be acted upon using existing equipment rejiggered to handle the licensed spectrum. Firetide's HotPort 4.9 GHz equipment will be part of the enormous Rio Rancho, N.M., deployment.
Using the 4.9 GHz public safety band ensures that first responders and public safety officers and workers will have access to unfettered bandwidth--no worries about local Wi-Fi networks or hotzone congestion.
The press release avoids the word "hack," but Sputnik isn't working with Linksys, just its routers: The Linksys WRT54G is one of the bestselling routers in the world, and its firmware uses software that comes with a variety of open-source and free software licensing requirements for publishing changes. Thus, there are many projects which hack the Linksys, turning its inexpensive hardware into powerful components of larger systems, like mesh networks. (Switched WLAN is more difficult as Linksys uses Broadcom chips, which do not have open-source but only binary distributions.)
By using a commodity AP, which has always been Sputnik's plan, they allow powerful centralized network management and monitoring through their applications, and that's where they insert value and extract revenue. The AP cost becomes so low that's its efficient to deploy more of them since management time and expense doesn't grow per AP.
Sputnik's Agent software works on the Linksys WRT54G and WRT54GS. Read the press release.
iPass now supports 3G: The Sierra Wireless AirCard 580 can be supported using iPassConnect, the front-end software that iPass sells to corporate customers for their roaming employees to have access to tens of thousands of hotspots and hundreds of thousands of dial-up numbers worldwide. Adding 1xRTT and EVDO in the U.S. means that one more component of mobile data is now swept under a centrally managed and metered plan.
You have nothing to lose but your cubicles and your sense of day-to-day security: Companies are starting to look big-time into allowing flexible work environment that don't lock people into a single cubicle or office. This allows them to use office space more densely but flexibly and lets people work more to their liking. Of course, some people like a cubicle, don't they?
One of the drivers for increased mobility is that thin APs require less management--a claim long made by thin AP makers and confirmed when Cisco bought Airespace--and greater flexibility. It's clear Microsoft chose Aruba not just because they were thin, but because their approach is commodity-driven with enterprise-class management: that is, magic in the APs is less important than magic in the central console. (Microsoft may also have chosen Aruba because of its remote AP option in which APs can be added using IPsec security over any remote Internet network.)
The other drive is, of course, 802.11i and its integration into branded standards as WPA2. With WPA2 Enterprise, companies finally feel like they have the strongest possible security at their disposal.
The companies discussed in this excellent article have found big cost savings across the board, but those also come with more worker satisfaction and increase productivity.
I'll be curious on a long-term if workers without a place to hang their hat reliably every day who do spend most of their time in an office feel less tied to a company. In a classic Dilbert, after offices are deassigned, Wally moves his stuff around in a grocery cart and engages in office graffiti.
Aruba beats out Cisco (Airespace), Trapeze: The Microsoft campus and worldwide offices will be upgraded from its current Cisco infrastructure to use 5,000 Aruba access points, part of a WLAN switched network. The Wall Street Journal reports the deal covers 281 buildings in 83 countries to support 25,000 simultaneous Wi-Fi sessions. One of Aruba's bits of magic is IPsec tunneled remote APs that can use a centralized switch located over a WAN.
This is an enormous win for Aruba, which has been accumulating customers, but it seemed that the safe money was on Cisco because of the Airespace acquisition.
The first fruits of the Airespace acquisition produce a tracking device: The Wireless Location Appliance 2700 allows network managers to track anything with a Wi-Fi adapter in it, whether the adapter is part of a Wi-Fi-based RFID tracking system for high-priced assets (like hospital equipment), a laptop, or an employee with a Wi-Fi VoIP phone.
In a briefing earlier this week, Cisco managers explained that assets and individuals can be tracked both over time and in real-time with thousands of devices trackable per location appliance. This would, for instance, allow a company to pinpoint when a device had moved out of a building and disappeared--allowing them to check that date and time with various security cameras.
The appliance works at relatively high protocol layers and has an API that will allow it to be integrated into other systems that already handle the front end of asset management, such as PanGo Locator offered by PanGo Networks. With companies already tracking assets by number in these systems, tying them into a real-time display can allow hospitals--and early and obvious market--to know precisely where equipment is before it's needed.
Cisco acquired Airespace mere weeks ago and this is the first fruit of collaborative labor between existing Cisco product teams and the upstarts with their fancy lightweight access points.
iPass says they have 20,092 hotspots in 51 countries: The enterprise mobile worker connectivity firm has been aggressively courting operators around the world to amass this portfolio which includes 55 networks. Sprint PCS now claims over 19,000 hotspots in their fixed-fee network, and it would be interested to do a side-by-side comparison--but also quite difficult.
iPass uses metered rates for hotspot, dial-up, ISDN, and wired access for its customers which allow corporations to use a single network login both within their enterprise and with the iPass Connect client software. Instead of each user paying a fee for unlimited access on a number of networks, iPass aggregates not just networks but usage. So a worker who is on the road a few days a month may average out the usage of a worker who is constantly on the road. From a cost containment standpoint, this approach appears to be one that enterprises like. But it requires scale of locations especially for international companies or those with international sales.
Sprint PCS aggregates locations from SBC, Boingo, AirPath, Wayport, STSN, and other, but the majority of their locations are domestic. They offer unlimited usage plans for businesses on a per-user basis that can include metered rates for dial-up. They also offer a client. Sprint PCS works extensively with enterprises, too, in some cases building their networks through a managed services division.
I would not have thought a few weeks ago that the battle for corporate hotspot pocketbooks would be fought between iPass and Sprint PCS. But here we are. Sprint PCS is in the middle of a large transition as a carrier with its Nextel merger in the works; iPass is a publicly traded firm that once had a stock price five times higher than today and market cap of well over a billion dollars.
Moving into competition with Sprint PCS may not be a bad thing for iPass at all; it's good company.
It's not clear whether "open-source" means boot our code in this scenario: Aruba has released its bootloader, a method by which an access point with the right hardware can load Aruba's AP code when detected by its central WLAN switch on a network. That's all well and good, but it doesn't bring much to the table--yet. Aruba promises more. In this article at Linux Pipeline, I examine the promise of open source for Aruba and the industry, and get a little into the issue of the latest proposal for WLAN switch AP interoperability.
We called him crazy, but he just kept coming at us: Peter Judge writes about Extricom, the company that produced a barrage of what appeared to be overblown throughput claims last November, but now offers enough details to evaluate their technology. Their claims of huge throughput weren't across the entire system--that is, 1 Gbps everywhere--but rather aggregated throughput from multiple cells on the same network using the same channels.
The system promotes channel reuse by leveraging the collision detection that's at the heart of 802.11 and Ethernet systems to better use the empty spaces that are wasted in routine Wi-Fi communication. Each Extricom switch has multiple thin APs on the same channel. The switch decides which AP handles which client without switching channels, and thus the client doesn't change its connection (which means handoff latency is reduced far below any conventional system) and the switch maximizes the use of the RF space.
APs are coordinated at the switch level to avoid interference, but the 802.11 specification can handle co-channel interference as well. Between those two parts, the amount of interference is dramatically reduced. The goal is to allow many simultaneous voice conversations by bringing each client's available bandwidth as close to the maximum throughput for their particular standard.
The only complaint from a test site seems to be the current eight-AP limit on their first switch model. That model will ship in May for $8,000 to $14,000 based on quantity and options like Power over Ethernet, according to the Techworld report. A 32-port switch will follow in the fall.
It's ingenious, and I've confirmed that this could work (if implemented properly) with a Wi-Fi expert. It's too bad they didn't explain this more clearly six months ago.
Sprint now claims 19,000 hotspots in its aggregated network: The company announced that it will gain another 6,000 locations from Quiconnect, 3,800 from Fiberlink, and several hundred from Pronto, Opti-Fi, and Nomadix. (The Fiberlink locations are actually resold from Boingo's aggregation platform, although that fact isn't mentioned anywhere.)
Sprint previously had arranged deals with SBC, Wayport, Airpath, STSN, and Concourse, as well as limited bilateral roaming with AT&T Wireless (now Cingular) for airport access. Those locations must have totaled 10,000, although I'm having a little difficulty adding up all of the component networks.
One of the key elements Sprint is pushing is its Extended Workplace, a way of having a single user interface for connecting across all kinds of communications methods, including dial-up, Wi-Fi, cell data, and Ethernet. Extended Workplace provides companies with a way of enforcing end-user policies, like VPN usage or anti-virus protection--just as with software from remote-access providers like iPass.
Pricing for Extended Workplace is $120 per month per user for unlimited Wi-Fi and Sprint PCS Vision (its brand name for 1xRTT data service) with additional metered fees for dial-up and other connection services.
The article bizarrely quotes a Sprint business development manager stating that Sprint started building airport Wi-Fi service in 2000 and now has seven airports. Now I've been writing about and researching airport Wi-Fi since 2000, and I can state categorically that Sprint didn't start getting into the business as a provider until 2003. If they were providing the back-end outsourced services, then they were handling it for Nokia and other companies without revealing their brand at the time. Nokia, Wayport, and MobileStar unwired the first airports in North America that I'm aware of all before 2001.
Microsoft and VeriSign have own flavor of how to protect networks from infected computers: This new architecture will be based on Microsoft's Network Access Protection (NAP) and VeriSign's Unified Authentication platforms. It's supposed to protect networks by checking that a laptop trying to connect over Wi-Fi has been issued a clean bill of health with the latest patches and virus definitions, among other factors.
But this announcement doesn't mention a press release from yesterday from the Trusted Computing Group's Trusted Network Connect specification will also work with NAP. The TNC spec allows computers that connect to a network through any medium to validated for security before being allowed access. It ties nicely into 802.1X port-based authentication. If a computer fails validation, it's segregated on a protected VLAN that only offers access to patches and updates, but can't reach the rest of the network.
Trapeze has added support for several Cisco APs: WIth a command-line change, a Cisco AiroNet 350, 1100, or 1200 can be part of a Trapeze-managed WLAN switched network. This should make it an easier sell for Trapeze VARs walking into Cisco-oriented enterprises, especially with Cisco VARs and direct sales folk trying to push new Airespace equipment into existing installations. This announcement ranks up there with AirWave's recent 3.1 version bump that allows AirWave's software management tool for WLANs to handle Cisco Airespace devices, too.
In-Stat says that WLAN switches will become more prevalent, but not as stand-alone devices: As Mobile Pipeline explains it, Ethernet switches will increasingly incorporate WLAN functions making the use of thin access points (most radio intelligence) a given but the centralized functions won't require specialized hardware. The article specifically notes that Aruba and Trapeze may face difficulties on their own; Airespace was acquired by Cisco.
There's another course for Aruba and Trapeze and similar companies to take, one that I think we're seeing the early directions toward. Instead of selling centralized hardware and specialized APs, move to centralized software that runs on commodity PCs that integrators and VARs can configure. The value would move entirely to the switching software. Aruba and Trapeze's SLAPP proposal is one step in that direction for removing specialized requirements from APs; the next step would be to agree on a standard featureset with extensions that could loaded by individual switches.
AirWave's multi-vendor WLAN management tool now has Airespace support: Version 3.3 will support configuration of the Cisco Airespace WLAN switch controllers and access points. This is fairly significant given AirWave's existing support for other Cisco devices and Airespace's success in shipping boxes to academia and enterprises leading to Cisco's acquisition.