Technology Considerations


The architecture for the WLAN was initially based on three components:

  • Security

  • Coverage

  • Throughput

Security

As the chief technical concern, security had to be addressed to meet the existing company policy on wireless technologies. As a precaution before the WLAN project kickoff, the company instituted a moratorium on WLAN use. This proved to be well founded because security standards for WLANs continued to evolve.

The security architecture was built on the Cisco SAFE Blueprint. As is good practice, decisions related to security were based on a risk assessment. Each deployment (that is, site) required a local policy based on the findings of this assessment and business needs. This then led to a more formal practice where a policy could be enforced. Each policy was built on four factors:

  • Threat analysis What the potential threat is and what damage an exploit could cause, typically formed around financial losses.

  • How to secure Which type of security would or would not be allowed.

  • What to encrypt What value the information being protected holds.

  • Which IP policy to use Whether the IP addresses used would be public (routable) or not.

Note

You can find more information about Cisco SAFE, including the white paper, "SAFE: Wireless LAN Security in Depth - version 2," at http://www.cisco.com/go/safe.


The actual design employed throughout the enterprise was in line with the published Cisco recommendations. This included the Lightweight Extensible Authentication Protocol (LEAP) with Wired Encryption Protocol (WEP) and Dynamic Key Rotation, migrating over time to LEAP with Cisco Key Integrity Protocol (CKIP). The support infrastructure for authentication and validation was provided through the use of Cisco Access Control Server (ACS) and the company's Local Directory Authentication Protocol (LDAP) services. Each system was strategically placed local to where the deployed services would be installed.

Coverage

The intent of the WLAN was to give access only where it might be most used. The company culture directed this approach. This meant that during the initial deployment, not all areas in the office facilities were provided with WLAN coverage. They were limited to conference rooms or other group meeting areas (for example, cafeterias). The deployment up to this point was successful because the company policy and culture did not encourage an extended use of the WLAN for network access. The technology, however, has seen consummate adoption at all levels and functions of the employee chain. This desire for ubiquitous wireless access has since changed the WLAN from being a convenience to a required service resulting in an enterprise-wide deployment.

Even with this change in direction, the design was focused on providing proper coverage as opposed to providing a fixed throughput. Today, the WLAN-enabled areas still remain unchangedemphasis and priority are given to more formal meeting areasbut the general office population receives the service as a byproduct of the signal bleeding into other areas.

Note

The entitlement of wireless and mobile devices such as laptops and PDAs is not ubiquitous in the enterprise.


The company's direction is that the WLAN will not be a replacement for the wired office. It is simply an overlay network of convenience. Furthermore, no compelling argument has ever been made to support the need for roaming; therefore, WLANs are confined to "roaming domains" such as a factory or single building.

Factories, however, do have additional conditions to meetprimarily, the need for dynamic modification of the physical layout on the factory floor. This condition drove the need for more flexible designs and installations. The WLAN in the factory had to support an environment that had physical churn. Physical layout changes occur to a point where changing the traditional wire infrastructure would become cost-prohibitive. In essence, within the factory, the WLAN became a replacement for traditional wired access.

A constant hurdle in the factory and warehouse is that they are typically filled with wireless obstacles. Factories tend to be filled with large metal machines that perform specialized functions such as processing and metal machining through the use of robotics. This fact alone made the effects of multipath, attenuation, and interference very serious factors to contend with. Certain systems on the factory floor also could be hampered by the WLAN (RF interference on existing systems) because they, too, operated in the unlicensed 2.4-GHz bandalthough they were not tied to the 802.11 protocol. To overcome these hurdles, one key difference in the design for the factory was the use of directional antennas, which played a major role in the factory WLAN design.

Throughput

Several factors came into effect concerning the throughput over the WLAN:

  • Policy

  • Cost

  • Coverage

Mobility did not dictate the use of WLANs, and as we previously mentioned, the culture did not encourage the use of WLANs. Today, and like other companies, the change in work behaviors from "heads down" to more "open collaboration" has since changed the stance (policy) that the company takes toward mobility in the workplace.

Even though WLANs are becoming more of an accepted enabling technology, the cost still needed significant justification. The cost of the infrastructure in an environment where WLANs were initially not used as a primary access method to the network meant that strategic placement was done in a manner where "the most bang for the buck" could be realized.

Both policy and cost forced the IT organization to provide maximum coverageversus highest throughputwith a minimal investment in infrastructure. This design dictated that data rate shifting be allowed because it would allow users to associate with the WLAN from greater distances at the expense of throughput.

As a result (either directly or indirectly), performance and availability issues arose. It has been shown that allowing for dynamic changes in the WLAN (data rate shifting), in an often-unpredictable medium can become counterproductive in the long run. This practice might change in the future.




The Business Case for Enterprise-Class Wireless Lans
The Business Case for Enterprise-Class Wireless LANs
ISBN: 1587201259
EAN: 2147483647
Year: 2004
Pages: 163

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net