There’s an interesting article in Computerworld today about the need for more integrated management of wired and wireless networks.

There often seems to be an assumption that integration is the responsibility of the hardware vendor — and often hardware vendors seem to believe that offering a wireless controller on a blade in a switch constitutes “integration.” That’s consolidation, not integration.

Truly integrated management must involve existing network management frameworks — integrating wireless data and location information with existing service desk, asset management, event correlation, and other applications. This means that the major network management software providers need to make their applications increasingly ‘wireless aware’ through integration with wireless systems. This simply is not happening today.

Only when these NMS providers step up their level of activity will we truly achieve wired-wireless integration.

In a recent AirWave customer survey, more than 70% of respondents indicated that they plan to test or evaluate a new wireless hardware provider by the end of 2008. That’s probably related to the introduction of 802.11n products — when organizations are evaluating new technologies and hardware upgrades, it’s a natural time for them to consider vendor selection.

Someone recently asked me how many vendors an organization should consider when performing an evaluation. There’s no right answer for every situation, but I usually recommend looking at three providers. More than that can be unwieldy and burn internal resources unnecessarily… In most cases, unless you’ve been burned by an unresponsive vendor, you will want to look at your incumbent provider’s new products. You should also evaluate at least one close competitor of your incumbent, so you can really understand technology differences, support capabilities, and other factors. For the third candidate, consider a vendor with a highly differentiated technology or product architecture — you may not select them as your primary vendor, but you might discover some niche solutions that will work extremely well in certain environments.

Thanks to everyone who joined the 802.11n Capacity Planning Webinar last week!  I have been going through all the questions that I didn’t have time to answer during our one hour session.  One question that was asked multiple times was, “Where can I find more detailed information about 802.11n?”  Below are a couple of really good resources that talk about some of the changes that 802.11n is incorporating, directly from some of the chipset vendors:

Broadcom:       http://www.broadcom.com/docs/WLAN/802_11n-WP100-R.pdf

Intel:                 http://www.intel.com/technology/magazine/communications/wi08041.pdf

WiFi Alliance:   http://www.wi-fi.org/files/WFA__80211n_faq_draft.pdf 

What items can we take care of from a wireless design and infrastructure point of view when it comes to our wired network? Well, there are a couple of things we can do to enhance the security and performance of the network. First, since almost all customers are now using multiple SSIDs and VLANs, then we should take the management VLAN (i.e. the IP address of the physical AP) and setup some ACLs that allow only the datacenter and administrators ability to access the AP.

Next, make sure that you don’t have too many users on each VLAN. Remember, until you move to 802.11n, the amount of broadcast traffic can be a much higher percentage of overall traffic than what we are used to on the Ethernet side of the network. Lastly, in most thin AP environments, keep in mind that all the wireless data is tunneled back to the controller(s). This dictates that we engineer enough backhaul bandwidth between our IDFs, MDFs, and datacenters to handle all this ‘tunneled’ data without impacting the rest of the wired network.

One of the cool new AMP features for 5.1 - which continues to spread across the site for 5.2 and 5.3 - is pagination. It’s something that a lot of our customers have asked for, but it’s also something that generated a few support calls.

When you load a page in AMP like Reports–>Generated AMP shows you a list of all of the items on the page. When that’s a very long list — like all of your reports, or all of the APs in AMP — the page can take a long time to load. Beginning in 5.1 we’ve begun to paginate lists in AMP. That means that big pages can take a lot less time to load. This will continue in 5.3 and beyond.

Now the reports page has a pagination bar at the top. It includes the number of reports displayed on the first page (1-20) and the total number of reports available, as well as the total number of pages of reports and navigation toggles to move between pages. It looks like this:

What some of our customers didn’t realize is that you can still see all of your reports on one page — some people really find that useful. All you have to do is click on the number of reports per page, which is a blue link. That will give a dropdown menu that gives you the option to show other numbers of reports per page, including all records on one page.

We’ll continue to paginate more lists in upcoming AMP releases, and we’re also working on a way to set pagination preferences so AMP will remember how many reports you want displayed per page.

802.11n continues to be the hot topic in the WLAN industry and it’s only going to get hotter. I highly recommend reading eWeek’s “10 Things You Should Know About 802.11n” slide show to get a good grasp for what you are in for if you plan on deploying any time soon.

Along those lines, I was talking with a customer this week about their future WiFi roll-out plans. This customer has been using the AirWave software to manage their network for about 3 years. They are managing about 450 autonomous APs that cover their libraries, class rooms and some other public areas. They’ve recently announced plans to add an additional 450 devices. They have chosen a controller based architecture for this roll out and will be using a/b/g/n APs. Over time they hope to phase out the legacy devices but believe it will take some time.

This multi-standard environment is going to be typical for at least the next 1-2 years.

Wireless has recently gotten a lot more expensive for large retailers. I am not talking about the actual costs of devices, but rather about the level of responsibility anyone who processes credit cards is going to have when anything “wireless” touches their network. Retailers have been deploying 802.11 devices for over 10 years, predominately in their distribution centers and more recently in their stores. The inventory applications that they run across the WLAN are mission critical and are valued in the millions of dollars on an hourly basis. Based on the success of these applications in the DC’s, retailers have quickly deployed wireless routers to their stores to run applications like POS, VOIP, and those same inventory systems.

Now with the PCI standard, retailers are being told that they have to do a much better job of securing these devices, the networks they are connected to, and just about everything else that involves credit card or customer data. I am sure most retailers would have thought twice about rolling out WiFi to their stores had these standards been in place 10 years ago. That being said, most of the WiFi infrastructure is already out there and is ingrained into the operations of the retailer and would be hugely painful to rip out. Retailers are going to be forced to do a much more thorough job of inventory and configuration management, use better encryption, and segment their network to keep all of this credit card/user data separate from everything else on their network. Management tools in general are going to be a big help to this industry in the coming months.

The most common questions we’re asked by folks in enterprise IT these days are: “Should I start switching to 802.11n?” and “What do I need to do to get ready for 802.11n?”

There’s no question that 802.11n is a breakthrough technology that is going to dramatically accelerate wireless adoption by providing more throughput and better performance. At this point, though, there have probably been more 802.11n press releases than entreprise-grade access points shipped. So it’s a little early to be implementing .11n today… but it’s only a few months from reality.

What you really should be doing today is monitoring your wireless network utilization trends over the past several months. The most expensive thing you can possibly do will be to rip out all your existing 802.11abg access points and replacing them with .11n products right away. Instead of this kind of ‘forklift upgrade,’ take a look at your actual utilization patterns and trends: Where are you really approaching capacity? Are you hitting capacity limits regularly or just on rare occasions? Do usage patterns change significantly by time of day or week? Are utilization trends changing rapidly or holding relatively steady?

Your first step should be to figure out where you really need more capacity. Once you know that, you cn figure out an intelligent upgrade schedule. In the meantime, you should also start talking to your device suppliers to figure out when they’re going to start making 802.11n client devices available to you.

Being a manufacturer in the tech industry, we like to throw around big words like “security”, “scalable”, and “flexible”. But what the heck do these things really mean? Our big issue at AirWave is that we are a network “management” solution for wireless LANs. But this word “management” is so overused that anyone outside of AirWave rarely can tell exactly what we do unless we spend 5 minutes breaking it down for them. So let me try to explain all the different types of “management” involved in the wireless LAN arena and exactly what we mean by being a “network management” company.

Management can be broken down into three main categories:

• Data Management
• RF Management
• Network Management

Data Management is about what happens with and to end users packets as they travel over the WLAN and through the network. Data management can include the use of tunnels, authentication and encryption, packet analysis and just about anything that is “in the packet path”. More times than not, when people are talking about this form of “management” they are answering questions like:

• How do you determine who can get on the network?
• What applications are users working with once they are on the WLAN?
• How is the end user traffic being routed on the network?
• What is going wrong at the packet level?

RF Management is about troubleshooting and tuning communications that are truly wireless, usually between an access point and an end user’s client card. This usually has to do with the frequencies being used for communication, protocols within the 802.11 framework, location determining technologies, and other radio specific questions. Many of the advanced (auto-magic) RF features touted by the WLAN switch companies fall into this category including automatic channel setting, load balancing, and fail-over. Questions being answered include:

• How do I prevent interference?
• How can I load balance users across access points?
• What is the right channel for my access point?
• What does my spectrum look like?

That leave us with my personal favorite, Network Management. Network management is about utilization, performance, configuration, maintenance and trouble shooting. The FCAPS model does a good job of categorizing several of the functions (but I think it confuses some of the data management functions). Network management is typically done outside the packet path and collects data from the network via passive protocols like SNMP. These systems will continually collect information about the network and present information in helpful reports as well as generate alarms when certain error conditions are met. Network management will answer questions like:

• How many people were on my network last month?
• How much bandwidth is Bob Jones using?
• Is that access point up or down?
• What do my configurations look like?
• Are we meeting our service level metrics?

As you can imagine, each of these 3 different layers of management are very important in the WLAN landscape, especially for enterprise deploying mission-critical wireless LANs.

I was listening to a presentation on the evolution of the WLAN architecture. Most of these presentations begin with the advent of the “fat” AP (autonomous) and then transition to the newer “thin” (controller based architectures). Some are now talking of a 3rd generation which speaks to a hybrid AP architecture where the AP can be “fit”. By far the biggest change between the 1st and 2nd generation is the use of a controller (or wireless switch). This was initially pitched by the likes of Airespace, Aruba and Trapeze as the “end all, be all” way to centrally manage a wireless LAN. What I find very interesting is that the 1st generation WLAN deployed at the enterprise actually used a controller. Yes, it got very little press, but nonetheless they did use a controller.

Let me explain. When most corporations began deploying WiFi back in 2002 the only real security option they had built into the access points was WEP based encryption. WEP was easily hacked and made all kinds of press early on. Plus WEP took care (sort of) over the air encryption but didn’t really protect an enterprise from unauthorized users. So enterprises began using their existing infrastructure to secure the WLAN - those existing VPN servers. What they did was they created VLANs for the wireless APs that were basically unprotected - pretty much a DMZ. Wireless users could associate to the APs but the only place they could get to was the VPN server. A wireless user would then pull open their VPN client, authenticate and then they would be re-routed back to the corporate network. Enterprises treated wireless users as if they were remote. I thought that this was a great solution using existing infrastructure plus the enterprise got authentication and real encryption for their WLAN.

The major downside to all this is two-fold: first, the VPN infrastructure wasn’t robust enough and second, the packet flow was sub-optimal. Most corporations built out remote access via VPN to support maybe 5% of their user population. VPN concentrators can be pretty expensive and a bit difficult to support. Once wireless users began using this infrastructure usage patterns went through the roof. Corporations were finding themselves having to invest even more money in VPN servers as wireless users doubled and even tripled their previous pure remote access usage patterns. The network access path for wireless users was also kind of strange. You basically took a user sitting within the corporate walls, forced them outside of the corporate network, put them on the internet and then forced them back into the corporation and then to their local network. Not the most obvious and efficient flow.

So what did the industry learn from all this? First, an enterprise security solution had to have authentication and strong encryption (now we have 802.11i). Second, having a separate data plane (VLAN) for wireless was OK as long as it didn’t become too circuitous. The second generation WLAN vendors took this to heart and offered controllers that would be deployed on local subnets. They started out by offering layer 2 solutions but eventually moved to layer 3 as customer wanted to leverage their existing open switch ports.

Now we are left with 2 camps, those that offer some form of “unified” architecture and those that are “overlay” solutions. Unified solutions promise to integrate wired and wireless functionality - basically to add controller like functionality into existing switches and routers. Cisco and HP ProCurve are the leading vendors here. The overlay vendors say that wireless still needs to be kept separate and re-routed onto the LAN once users have been approved (Aruba). Sitting in the middle in a more hybrid architecture are companies like Trapeze (they OEM to Nortel, 3Com and Enterasys) that say that authentication and configuration information should be communicated back to a controller (overlay) but data traffic should be put directly on to the LAN. I can see this last approach showing a lot of merit as it leverage the second rule we learned from the VPN solutions.

I also see a lot of merit in the unified approach once these vendors truly integrate the WLAN controller functions into their switch and router software. Today all of these solutions take the form factor of a controller (most controllers today are just PCs) and shove it into a blade or card that goes into an existing wired switch or router. The only thing that is integrated is that these functions sit in the same box. Truly unified WLAN solutions will encompass a switch or router that does not care if you are wired or wireless, and if you are wireless they will have the intelligence to authenticate and encrypt your traffic while you traverse the network in a direct manner.