The Role of Infrastructure

As mentioned earlier in this chapter, the environment in which a company or institution operates can be broken down into interdependent blocks to create a layered model not so different from the OSI model. Each building block can subsequently be broken down into discrete components to further deconstruct and model the corporate and IT ecosystem.

At the infrastructure layer, a simplified distinction can be made between three different classes of IT assets:

• Compute assets These assets manipulate and transform information. Servers and personal computers (PCs) fall within the compute asset class.

• Storage assets Storage assets exist to collect and warehouse information. Disk arrays, CDs, DVDs, and tape libraries are all examples of storage assets.

• Transport assets Transport assets ensure that information can be moved from their point of origin or safekeeping to a point of consumption. Different kinds of communications networks such as the Public Switch Telephone Network (PSTN), WANs, LANs, and the technologies of choice for their implementation such as routers, switches, hubs, and firewalls are all examples of transport assets.

Figure 2-4 illustrates the different asset classes of the IT infrastructure layer.

These asset classes exist regardless of the syntax or semantics of the datathat is, the classes are independent of how the information is represented and what its meaning is. Also note that the classes do not necessarily imply an electronic nature. Indeed, customer data on a paper document can be transformed by a pencil, stored in a filing cabinet, and transported through the postal service. For the purpose of this book, however, we shall ignore analog representations and focus solely on the digital world.

Although the economic value of the information can vary widelya meeting invitation e-mail is probably much less valuable than a product order or annual budgeting dataits core utility is constant. Information enables companies to sense and respond to changing business environments, thus facilitating the creation and sustenance of a competitive advantage. Similarly, information allows healthcare institutions to provide relevant, accurate, and timely care to patients. Finally, information in educational institutions arms the next-generation work force with the tools necessary to support the economy and drive continued growth through ongoing innovation.

Given the importance of information, it is critical to design an infrastructure that effectively, efficiently, and securely supports the transactional, analytical, and collaborative use of data. As such, the challenge at hand is one of aligning technology solutionsmore specifically the IT infrastructure portfoliowith business requirements.

Pros and Cons of the Wired Versus Wireless World

WLANs can be considered a specific subset of the IT transport assets. This type of asset is dedicated to and specialized in the transfer of information from a point of origin to a point of consumption or storage. Note, however, that this transport asset class contains many different communications network solutions. Examples include the GSM or CDMA networks used for cellular communications; data networking solutions such as WLAN, Ethernet, and SNA for local-area networks; and Frame Relay, ATM, and SONET for wide-area networks.

Chapter 1, "Introduction to Wireless LAN Technologies," introduced the OSI reference model and employed the lower two layers (physical and data link) to provide a means of distinction and classification between the various types of networks. This section focuses on the subset that is relevant to WLANsthat is, local-area networks.

WLANs employ the unshielded, unbounded carrier mechanism of radio waves, as opposed to the unshielded or shielded but bound transport channel of wired networks. Indeed, wired networks use either electrical or photonic signals that are tunneled through a bearer medium. This unbounded versus bounded nature is the key difference between wireless and wired LANs. The organizational pros and cons related to this difference are discussed next.

Mobility: Pro

The unbounded nature of WLANs makes them pervasive within the coverage area. As such, you are not forced to locate and remain tethered to a network outlet. Your three-dimensional roaming domain is equal to the WLAN coverage area. In the wired world, your roaming ability is restricted by the tether. It is equal to the volume of the sphere with a radius equal to the length of the cable that connects your NIC to the network drop. That is the very best-case scenario. In practice, physical obstacles such as furniture, doors, and walls will make this reach much smaller.

Contrary to the wired world, the connectivity footprint in the wireless world is not limited to the network outlet. It is equal to the reach of the radio cloud, or more specifically, to the reach of your Basic Service Set (BSS). This untethered character makes WLANs ideal for environments that require fluid, transparent movement of computing assets. The value of mobility thus translates into convenience and reduced downtime, which in turn can translate into increased productivity. Figure 2-5 illustrates the difference in physical reach and mobility between wireless and wired networks.

Mobility is a key benefit in many different environments as it enables individuals to do their work when and where it is convenient for them, thus directly boosting productivity.

In the knowledge-worker corporate world, the ability to swiftly pick up and move between locations while retaining access to information reduces employee downtime and facilitates collaboration. Note that this concept is not bound to the confines of the corporate offices. WLAN hotspots in airport lounges, coffee shops, and hotels, and airplanes enable road warriors to obtain network access at their convenience throughout the business day. By supplementing WLANs with wide-area wireless cellular networks, the business traveler will soon be able to remain connected continuously throughout his or her journeys. Figure 2-6 and Figure 2-7 illustrate the evolution of connectivity options at various stages of a typical business trip.

Another example is the world of education. Students are highly mobile. They move between dorm rooms, classrooms, study rooms, and libraries. Because many of today's students are armed with laptops, the value of mobility of the computing asset is vastly increased by complementing it with a transparent, flexible and mobile communications solution. Note that the same is true for teaching staff who roam between their offices, classrooms, and meeting rooms. The ability to remain connected anytime and anywhere vastly increases the ease of use, and hence the productivity, of mobile computing devices.

The hospital environment requires that physicians and nurses have patient information available at the point of care. By their bringing the computing environment to the mobile users, the probability that the healthcare professionals will use the IT tools provided greatly increases. As such, the quality and safety of healthcare is increased through accelerated access to and recording of patient information at the point of care. Refer to Chapter 10 for a case study of WLANs in the healthcare environment.

Convenience: Pro

The source of convenience for WLANs can be found in the shared nature of the communications medium. Indeed, contrary to the fan-out ratio of one user per wired LAN endpoint, the fan-out ratio for access points of WLANs is theoretically unlimited. Many different users can associate with the same access point without running into the situation of insufficient data ports.

Note

The fan-out ratio is the ratio of available network connections to users of the connections.

In practice, there is an acceptable access point fan-out ratio of approximately 30:1. This is a direct result of the MAC mechanism. When too many stations are attached to the same AP, increasing contention for network access will yield a deadlock situation in which no station can successfully send or receive either because of the inability to obtain airspace access or because of frame collisions.

The upper limit of fan-out aside, WLANs provide a very flexible solution for providing a high number of mobile devices with network access. This is ideal in situations where many different individuals (or devices) require network connectivity. Examples include meeting rooms, classrooms, and public hotspots such as airport lounges and coffee shops.

In addition, by using WLANs, you avoid the aesthetic wiring nightmare of using ad-hoc hubs or switches to increase the fan-out of wired solutions. Finally, you avert the risk of encountering the situation in which you do have a free data port, but you have no cable to plug into it.

Bandwidth: Con

WLANs do not offer the same bandwidth that is available in wired networks. Although you encounter port speeds of up to 10 Gbps in today's wired LANs, WLANs are currently limited to 54 Mbps. The reasons are mainly related to the physical characteristics of the bearer mediumthat is, radio instead of electrical or photonicand the fact that WLANs are typically used in a shared operating mode. As such, it is critical to consider the bandwidth and quality of service (QoS) implications when evaluating WLANs. First, available WLAN bandwidth is orders of magnitude less than what is available with wired networks. Second, WLAN bandwidth is shared among wireless stations. Real available throughput thus becomes a fraction of the WLAN's nominal throughput. Finally, because WLANs are a best-effort transport solution, additional considerations are required to provide some form of QoS determinism for latency-sensitive applications.

When a device is directly connected to a switch port, the communication medium is dedicated to that device. This dedicated connectivity is only achieved in the WLAN environment if a single device is associated with an AP. As such, bandwidth consideration should always be made with the shared nature in mind.

Note

Strictly speaking, in 802.11even when the AP has a singular clientthe AP and the client share the same medium when communicating with one another. In Ethernet, separate wires enable simultaneous bidirectional or full-duplex communication.

Note that the size of the pipe is not the only important parameter. Determining the amount of time required to get access to the transport medium and the probability for successful transmission (that is, no collisions) are also of key importance. The MAC characteristics of WLANs are such that no guarantees are made in terms of timely delivery.

As such, additional intelligence is required to provide the relatively predictable network throughput, latency, and jitter that is required by real-time and interactive data flows. QoS refers to the ability of a network to provide these higher-priority services and improved loss characteristics to selected network traffic. IP makes use of Layer 3 mechanisms such as IntServ or Diffserv. The IEEE 802.11e working group ratified the mechanism for providing Layer 2 class of service (CoS) mechanisms for WLANs in July 2005.

Note

Class of service (CoS) is part of the portfolio of QoS techniques, which also includes queuing, bandwidth reservation, and traffic engineering strategies. CoS is a way of classifying packets based on application type (voice, video, file transfer, transaction processing, etc.), user type, or any other classification method. The different classes can then be assigned different handling priorities.

802.11e provides the mechanism for injecting more deterministic behavior into the queuing and MAC protocols for WLANs. The goal is to provide a more robust foundation for QoS and increase the support of WLANs for latency- and jitter-sensitive applications such as IP Voice and IP Video.

The bandwidth and QoS limitations should not be taken lightly. As more high-bandwidth and latency-sensitive applications come online, the provisioning of appropriate capacity becomes critical. IP Telephony and high-bandwidth video applications are prime examples.

Effect on Cost and Spending

To perform a relevant cost comparison between wired and WLAN solutions, three distinct deployment scenarios must be considered:

• Exclusively wired LANs

• Exclusively wireless LANs

• The hybrid version in which both wired and wireless connections are provided

Note

WLANs typically employ wired connections to connect APs to the LAN backbone. As such, the distinction between the three LAN environments is based on the connection that is offered to the end user device.

It is critical to realize that all cases are tradeoffs. The cost per end-user connection is lower for WLANs than for their wired counterparts because of the shared nature of the connectivity medium. However, the cost of bandwidth per end user for WLANs is significantly higher than for wired environments. Furthermore, this cost increases approximately linearly as a function of the number of end users that are associated with the AP.

Lastly, an opportunity cost is associated with the inability to connect an end user to a network. The basic premise is that a user requires connectivity to perform a function or task. An opportunity cost is the loss of benefits of a forgone opportunity. For example, if you quit your job to return to school, you incur an opportunity cost of lost income while you pursue your studies.

In the case of WLANs, the task in turn contributes to a particular benefit or contribution of the user. Examples include increasing revenues, lowering unit costs, boosting customer satisfaction, and sharing information. Failure to perform these tasks has a quantitative or qualitative cost, which is referred to as the opportunity cost.

The usable fan-out ratio of APs is approximately 30:1. Hence, the probability that an end station will not be able to obtain basic connectivity, even though throughput might be quite low, is relatively low. The opportunity cost associated with the inability to connect approaches zero. In contrast, wired connectivity has a fan-out ratio of 1:1. If the connection is in use, no other edge station can attach without completely disrupting the first user. The opportunity cost is greater than zero. Depending on the task that is prohibited from being completed, the opportunity cost can be low to very high.

For example, if you want to connect to check whether you received an invitation for a meeting that will take place in two weeks, your opportunity cost of not being able to connect is relatively low. If, however, you are engaged in a timed auction on eBay for a new motorcycle, the opportunity cost associated with not being able to adjust your bid is at least equal to your reservation pricethat is, the maximum price you are willing to pay. It could be higher if the motorcycle has a qualitative (for example, emotional) value for you.

With the aforementioned in mind, now take a look at the different deployment scenarios.

Wired-Only LAN

The benefit of a wired LAN is that it offers end users high throughput per port. Today, dedicated 100-Mbps connectivity has become the norm for corporate LANs. Throughputs of 1 Gbps are common in the data center environment, with 10 Gbps gaining increased traction.

However, the dedicated throughput per port comes at the price of the limited fan-out ratio of the connection. Indeed, in a wired-only environment, the ratio of end-user devices to connections is 1:1. As such, a potentially large opportunity cost is associated with wired-only connectivity if it is deployed in environments where many end users might require simultaneous connectivity. Meeting rooms, lecture halls, and public hotspots are prime examples of such scenarios. Figure 2.8 summarizes these points in a performance scoreboard for 100 Mbps, 1 Gbps and 10 Gbps wired networks. The axes represent throughput, cost per end-user connection, and risk of unavailability of network outlet. Note that the scales of the axis are logarithmic.

Wireless-Only LAN

The benefits of WLANs are primarily found in the mobility-enabling nature and shared nature of the communication medium. Physical roaming is possible, as long as devices adhere to specific boundary conditions, which are discussed in Chapter 5, "Guidelines for a Successful Architecture and Design," and a single access, point can provide seamless network access for several end devices ranging from one to multiple dozens.

Because of the shared nature of the communications medium, the opportunity cost of not being able to obtain network access, is minimized. It does not, however, become zero, because the MAC mechanism employed by WLANs precludes an infinite number of stations successfully passing through a single AP. Finally, the shared nature of the AP leads to a relatively low (and variable) cost per end-user connection. Figure 2-9 summarizes these characteristics for 802.11b (11 Mbps) and 802.11g (54 Mbps) WLANs. Note that the $/end-user connection depicted is the worst-case scenariothat is, an AP with a single userand the bandwidth is the best case (11 Mbps for 802.11b versus 54 Mbps for 802.11a and 802.11g).

Hybrid Wired and Wireless LAN

When combining both types of LANs, you arguably create an environment with the best of both worlds. By strategically selecting the locations where wireless network access is provisioned, you enable physical mobility and the ability to transparently share network connectivity among multiple end-user devices. With the latter in mind, the opportunity cost of not being able to gain network connectivity is minimized. Furthermore, if and when higher throughput is required or more stringent demands are placed on the QoS, wired connectivity remains an available option.

When you are considering the cost per end-user connection, the hybrid model spans a range that is a function of the degree of overlay created. If a full overlay model is selectedthat is, every point that is provisioned with wired connectivity also has a wireless connection availablethe cost per end-user connection will be higher than the wired-only scenario. This is the highest possible cost. Similarly, the lowest possible cost is that in which only wireless is available. Note that in this case, the benefits of wired connectivity are not present. As such, the hybrid model cost per end-user connection falls somewhere in between these two extremes.

Figure 2-10 shows an example of a hybrid connectivity profile.

Security

You should consider security for WLANs to be a superset of the security considerations for traditional wired LANs. In both cases, the following four distinct challenges of securing your communication session are critical:

• Network Admission Control Gaining access to the communication medium

• Authentication Ensuring that the communicating parties know whom they are communicating with

• Encryption Making sure nobody else can read the information that is being sent

• Hashing Certifying that nobody has tampered with or modified the messages

The wireless nature of WLANs impacts these four considerations in profound ways when compared to their wired counterparts.

Challenge 1: Network Admission Control

Wired LANs are by nature physically bound. They employ shielded or unshielded copper wires or fiber-optic cables. Connecting to an endpoint or tapping onto the wire is a challenge because it requires physical access. Hence, gaining access to a wired LAN can be made as difficult as obtaining access to a facility or somehow acquiring access to subterranean communication lines.

WLANs, however, employ radio signals as the transport medium; therefore, the medium is inherently both unshielded and unbounded. You can thus gain access to the communication medium at any point where you can tune into the radio signal. As such, the burden of securing access to the network cannot be placed on physical barriers but rather must be supported by other mechanisms.

WLANs resolve this challenge by using different kinds of solutions, including admission control mechanisms such as MAC address filters and EAP authentication. These and other mechanisms are discussed in more detail in Chapter 7, "Security and Wireless LANs."

Challenge 2: Authentication

A challenge that is common to both wired and wireless LANs is authentication of communicating parties. Both parties need to be sure of their counterpart's identity. This challenge is specifically related to the endpoints of communications and is independent of the transport medium and mechanism. As such, the same degrees of importance and complexity are present in wired and wireless environments.

Note

In a wired network, the user usually be confident that the jack in the wall does not lead out to the parking lot. Conversely, users information about physical location can be inferred from a user attaching to a WLAN. The user can be inside the building or outside in the parking lot.

Various mechanisms exist to support authentication. Examples include using simple keys (symmetric or asymmetric) and more complex digital signatures. Chapter 7 covers these topics in more detail.

Challenge 3: Encryption

Encryption is the process of converting or scrambling a message to something incomprehensible using a locking key so that it can be reconverted only by an authorized recipient holding the unlocking key. Think of the process as putting the message in a safe, locking it with a padlock, and sending the safe to a recipient who is the only other person who can unlock the padlock and open the safe.

Because of the broadcast nature of WLANs, every station that can tune into the signal emitted by another station can "listen in" on the communication session. As such, you should be aware of the consequences and risks of sending information in clear text over WLANs. The risk is more elevated than in wired LANs where tapping is explicit versus implicit in the case of WLANs. However, this implicit/explicit listening capability is the only true difference between the wired and wireless environment.

To avoid unintentional or intentional tapping of the communication sessions, you should use ciphers in your wireless environment to scramble the transmissions in such a way that the information is only meaningful to the sender and receiver of the information. The same considerations should be made for wired environments when selecting encryption algorithms. Consult Chapter 7 for more detailed coverage.

Challenge 4: Hashing

A final risk that exists in communication is that of a third party modifying the message while it is in transit. The broadcast nature of WLANs eases not only the tapping of communication sessions but also the ability to inject bogus messages. To identify messages that have been tampered with, you append a tag to the message. The tag is a mathematical summary of the message. The process of summarization is called hashing. Upon receipt, the receiver reconstructs the tag and compares it to the sender's tag to determine whether the message has been tampered with.

Note

Hashing is the creation of a one-way mathematical summary of a message such that the hash value cannot (easily) be reconstituted back into the original message, even with knowledge of the hash algorithm.

For identical reasons as mentioned for encryption, the importance of hashing is greater in WLANs than in wired environments. Refer to Chapter 7 for more details on hashing.