Deploying WLANs requires network management, security skills
Wireless networking is alluring on so many levels. It can boost employee productivity by offering remote access, and it can support flexible on-site connectivity for contractors and other temporary workers at a fraction of the cost of traditional wired networks.
Despite the strong appeal of wireless local-area networks (WLANs), information technology managers launching such initiatives must avoid the temptation to rely on their experiences with wired LANs, according to industry experts. Otherwise, they could fall victim to some of the most common — and costly — mistakes organizations make with WLANs.
"You need to think more about where you are going to put access points, how you're going to manage traffic and handle security because you are sharing bandwidth in a different way from the way you shared bandwidth over the wire," said John Parkinson, chief technologist for the Americas region of Capgemini.
"You have to go into surveillance mode for a while," he said. "You have to have people whose job it is to watch for people breaking rules. There are big benefits to [WLANs] if you can get the environment and behaviors right. It takes a lot more work than people think."
For agency officials planning to deploy WLANs, here are some common mistakes to avoid.
1. Assuming employees follow policies
Without vigilant monitoring of the radio frequency spectrum, WLANs can become a sort of Wild West environment even for agencies with a no-wireless policy. Often a small working group will circumvent official channels and set up an ad hoc network by installing an illegal access point. Or users will bring in laptop computers with network cards installed and unwittingly create a way for unauthorized users to access an internal network.
To guard against rogue access points and users who don't disable network cards, administrators must use a handheld WLAN analyzer to scan buildings for such devices or choose a solution that continuously monitors the spectrum, said Jeff Keenan, president of Keenan Systems LLC, a consulting company based in Hartford, Conn.
"Even if they have a no-wireless policy, they have to scan for rogue access points," Keenan said. "That is still one of the No. 1 concerns. You can't control the [radio frequency] environment. Someone could set up an access point anytime."
WLAN analyzers also can detect when a signal from a neighboring building is bleeding into an agency's building, he added.
When laptop users fail to disable network cards while at work, the cards will search for an access point even if the user is working on the wired network, said Ryan Crum, senior associate in PricewaterhouseCoopers' security and privacy practice.
"I can pick up that probe, and I can provide an access point to that person, ...and it will connect to me," Crum said. "Any vulnerability they may have on their machine, any patch they may be lacking — I can attack them from that."
2. Installing wireless points blindly
During the planning stages of a wireless initiative, many agency officials underestimate the importance of a site survey. Site surveys involve using software to measure the radio frequency signals at various points throughout buildings to determine the best locations to place access points while noting possible sources of interference to the signal, such as fax machines and microwave ovens.
"It's just something that maybe in a small office with 50 users you can get by without. ...Beyond that, it is something you really, really want to get done," said John Meggers, senior consultant at Blackwell Consulting Services. "You would be shocked at how different offices can have walls you thought were just drywall but are solid concrete."
In addition, officials must avoid being lulled into the common mistake of surveying one building on a campus or one floor of a building and designing an entire deployment based on the characteristics of those locations, said Bruce Fleming, divisional chief technology officer at Verizon Federal Networking Systems.
"It's not like one size fits all," Fleming added. "You can't say rooms that are [40 feet by 20 feet] require access points in these locations. Every floor is different, and an access point on one floor may not work on another floor."
3. Going from skeptic to true believer
Agency officials often approach wireless networking cautiously, starting with one access point and then expanding rapidly as the technology proves its worth. One access point does not require much management but a full-blown network does.
Managers often make the leap from one access point to many, and as a result, IT staffers struggle to manage user access, bandwidth, performance, optimization and other issues for multiple access points without centralized management tools.
Agency officials need to factor management into their initial deployment strategy, Keenan said. For example, they can opt for intelligent access points with built-in management features.
"Instead of having the management on each device, ...the thin access point with a [WLAN] switch brings all the management back to a central location," Keenan said. "It can control the radios, security and performance features and automatically adjust if one access points fails."
In addition, vendors are maneuvering to offer a broader range of management products. Officials at Colubris Networks Inc., for example, have developed the Virtual Access Point, which allows agency officials to apply different policies for securing and prioritizing voice, data and multimedia traffic.
"People see a need to manage the wireless infrastructure as a whole entity, not as a bunch of discrete, separate devices," said Carl Blume, Colubris' director of product marketing. "The idea is to leverage your wired network and to be able to deliver all the [applications] on the wired network through the wireless infrastructure to the clients."
4. Thinking next week, not next year
Wireless voice-over-IP technology may seem like a distant idea, but it is better to plan for it now rather than play catch-up later.
If officials have not planned to support voice over IP, revising the initial WLAN deployment can cost twice as much, said Luc Roy, senior director of product management at Chantry Networks Inc.
To prepare for voice over IP, administrators must incorporate support for seamless roaming among access points to avoid jitter and latency delays, Roy said. In addition, officials should consider radios that support both 802.11a for voice and 802.11b for data. Users may be equipped with only 802.11b if voice over IP is not factored into early WLAN planning.
Officials at the Bernalillo County, N.M., Metropolitan Court are using Chantry's networking technology to provide voice over IP for the court's security team while eliminating interference that can interrupt calls. The technology also can prioritize security personnel voice traffic over prospective jurors' Internet traffic.
5. Hoping for the best
The more wireless applications you bring online, the more you need to think about performance management because the network will quickly clog up. One approach is to build a back-end repository of data that will be available if there is a network coverage problem or if the network is down.
"You need to build applications so they have a persistent data storage so they can work off-line, and when users do have coverage, changes can be sent back to [the] enterprise," said Martyn Mallick, senior product manager at iAnywhere Solutions Inc., a Sybase Inc. subsidiary. "Performance of applications typically is better because you are interacting with data that is local on the device, and you don't have to worry about round trips to the server."
Additionally, agency officials must avoid the temptation to buy a mobile platform narrowly tailored to early mobile applications, such as e-mail. They might find performance is limited when they later launch enterprise-class applications, Mallick said.
Havenstein is a freelance writer based in Cary, N.C.
NEXT STORY: CA bundles storage apps