History of the Microsoft Wireless LAN

History of the Microsoft Wireless LAN

Demand for wireless access to enterprise LANs is fueled by the growth of mobile computing devices such as laptops and personal digital assistants (PDAs) and by a desire by users for continual connections to the network without being restricted to plug-in areas that do not move with their work. Microsoft s dedication to providing end user connectivity anytime and anywhere drives its wireless product enhancements (as well as its commitment to providing a secure and reliable enterprise wireless networking infrastructure).

Microsoft was the first large enterprise to embrace wireless LAN (WLAN) technology as an alternative to wire-attached laptop units. With the IEEE 802.11 WLAN standard newly ratified as an international standard, Microsoft readily endorsed the IEEE 802.11b extension to the newly published standard (ratified September 16, 1999) and began deploying IEEE 802.11b in December of 1999 throughout its Redmond corporate campus. Since then, Microsoft has actively worked to improve and to lead efforts with the IEEE 802.11 standards body to enhance and refine areas of data privacy, authentication, and network reliability.

Shortly after the IEEE 802.11b ratification, the IEEE 802.1 MAC Bridging group began working on the IEEE 802.1X extension to the 802.1 bridging standard in support of authenticated port access to LAN-based networks such as IEEE 802.3 (Ethernet), IEEE 802.5 (token ring), Fiber Distributed Data Interface (FDDI), and IEEE 802.11.

Microsoft initially offered wireless connectivity as a supplement to the ubiquitous wired connectivity. Although it was not designed to be an end user s primary network connectivity device, the WLAN service soon became a highly desired connectivity choice that enabled impromptu discussions, software demonstrations, and ability to take work to meetings all of which had a positive impact on worker productivity.

After the initial Redmond campus rollout finished, Microsoft had the largest enterprise WLAN network in the world, but it also immediately had to solve the deployment, integration, and maintenance issues of a large WLAN network. From the initial deployment of 2,800 wireless access points (APs) and 19,000 wireless network adapters, Microsoft had to deal with issues of security and scalability from the start. For example, Microsoft realized that Media Access Control (MAC) address filtering and early virtual private network (VPN) solutions would not be a scalable final solution to support a global WLAN.

The initial rollout of 802.11b on the Redmond campus used static Wired Equivalent Privacy (WEP) 128-bit encryption keys for data confidentiality and IEEE 802.11 shared key authentication. News of ongoing security compromises of WEP and shared key authentication prompted Microsoft to take an aggressive stance toward the security of its WLAN infrastructure. The result of this stance is the current WLAN deployment that uses 802.1X, certificate-based EAP-TLS authentication, and per-session WEP keys.

Microsoft continues to lead the security efforts in both authentication and data confidentiality in the IEEE 802.11i security task group. Microsoft also realizes the benefits to other areas of functionality and provides contributions to support end user requirements for world mode operation of wireless network adapters and an inter-wireless AP protocol that uses connect blocks of session association information.

NOTE
World mode operation enables a wireless network adapter to operate in different countries, each of which can define the use of the S-Band Industrial, Scientific, and Medical (ISM) frequency band for 802.11b wireless networking. Different countries divide the S-Band ISM into different channels and define different transmission power requirements. Wireless APs and wireless network adapters support world mode operation.

Microsoft WLAN Technologies

The Microsoft WLAN utilizes the following technologies:

• IEEE 802.11b

• IEEE 802.1X

• EAP-TLS authentication

• RADIUS

• Active Directory directory service

• X.509 Certificates