If you take a minute to listen to the wireless pitchmen at Symbol Technologies, the basic message is that everyone who has deployed an 802.11-based wireless Ethernet network (WiFi) has probably spent more money than they should have and they don't have much to show for it.
The pitch is interesting because it bears some similarity to other columns where I've discussed the need to separate application functionality from the network's physical layer. Symbol's twist on this notion is that wireless access points come with far too much costly baggage, especially the current scheme for managing a wireless local area network (WLAN) in the same way that enterprise network administrators might manage a regular wired LAN.
For example, imagine an airport or a hotel where virtual LANs are used to segregate several groups of users, including airport employees, airline employees, and the flying public. Each VLAN (and especially the public one) might have different policies associated with it. It might be necessary to allow every group to easily roam the premises, with the ability to maintain certain Quality of Service (QoS) levels for a group of users who need voice over IP (VoIP) or features dictated by a Service Level Agreement (SLA), especially in carrier-class situations.
Try setting a network like that up today when most of the management facilities are actually located at the edge of the network, in the access points. Forgetting the policy issue for a minute, just setting up the VLAN while enabling seamless roaming for all users would probably be an Olympian feat for most WLAN administrators. If you had three VLANs, you could deploy three sets of access points and try using the WiFi-base LAN naming convention (Extended Service Set Identifiers or ESSIDs) or MAC addresses to keep the three networks partitioned from each other. In that scenario, they're just three separate segments, not elegantly managed VLANs.
Perhaps the easiest way to accomplish the task is to tie the three sets of access points to a managed switch in the wiring closet and use the switch to somehow keep things partitioned. Even so, you'd still have to work on ways to marry WiFi adapters to access points and have separate authentication servers to help manage who gets access to corporate resources.
But now, with extra, expensive manageable access points distributed throughout the premises (and more work to manage each of them individually), separate authentication servers (such as Cisco's Access Control Server), and managed switches, a managed corporate WLAN starts to get expensive. In addition, the upgrade paths from 802.11b (11mbps @ 2.4 GHz) to 802.11a (54 mbps @ 5 GHz) to 802.11g (11 or 54 mbps @ 2.4 GHz) to whatever else comes along typically requires replacement of the access points. (Although, WiFi vendors are getting better about making their access points upgradeable.)
The folks at Symbol think they have an answer to these WLAN problems. Symbol's senior director of wireless marketing Gary Singh says you need to move the intelligence out of the access points and back to a central point in the heart of the network where other LAN functions are typically managed. By stripping the access point of its smarts (especially the electronics that do packet processing), you basically turn it into a dumb wireless port, much like the physical port found in many walls. Consistent with this belief, Symbol now refers to its access points as access ports.
This design, according to Symbol officials, brings instant cost savings because the price of enterprise class access points goes down significantly. Symbol is quoting street prices of under $200.
Not only could this design model bring the cost of initial deployments down, but it also lowers the cost of upgrades. Also, Symbol claims that user density per access point goes up. In other words, more users can connect through a single access point without a serious degradation in performance because the access point doesn't have to do any packet processing (especially for security purposes), and therefore works at wire speeds. A third advantage specific to Symbol's "Access Port" is the cleanliness of its implementation. For this reason alone, I believe it's worth looking at Symbol's setup.
Symbol's Mobius Axon Access Port (MAAP) is a small, round device with nothing but an Ethernet port and a single status LED on it. It mounts to a wall or a ceiling with a screw in such a way that only the LED is visible. The Ethernet port supports three Power over Ethernet (PoE) implementations: two proprietary ones from Cisco and Symbol, and the forthcoming 802.3af IEEE standard for PoE. In other words, you don't have to run separate power to your access point locations, or choose access point locations based on the availability of nearby power. Symbol's MAAPs don't include any other ports-- such as management ports found on other access points that are a security risk because they're not tamperproof. Symbol's MAAPs are also plenum rated so that they meet local fire codes for what can be tucked above the ceiling tiles.
With no smarts in the device, Symbol has moved all of the typical management functionality that might have been embedded into these sub-$200 MAAPs into its Mobius Axon Wireless Switch. The switch uses Linux as its real-time operating system (RTOS), so it not only handles all of the management functionality that has traditionally been out at the edge in the access points, but it's also capable of handling other tasks (such as authentication) that you might be offloading to separate systems.
If you standardized on Cisco's Secure Access Control Server (ACS), for example, your costs for hardware and software would probably be around $6,000 per network segment. While it's not absolutely necessary to have an ACS on every segment (you could have just a central unit), any QoS-sensitive application (like VoIP) could run into performance problems if a wireless client roams and the resulting re-authentication causes a hiccup in service.
Symbol, on the other hand, builds all of this functionality into its switches, which range in cost from $2,895 for six ports to $5,367 for 24 ports. In addition, the fact that the switch's RTOS is Linux enables Symbol to build in other functionality that WLAN managers are sure to find interesting. For example, you could set up IEEE 802.1q-compliant wireless VLANs and define policies (for example, filters and firewalling) that are VLAN or ESSID specific. Better yet, you could extend wired VLAN policies into the wireless VLANs.
Speaking of ESSIDs, if you're using ESSIDs today to manage your WLAN, chances are that you have a one-to-one access point-to-ESSID correlation. Most of the access points I've seen can only support one ESSID. By moving the brains out of the access point and into the switch, the same wireless infrastructure can support multiple ESSIDs simultaneously.
The advantages of moving the management out of the access points and into the switch appear to be endless. Beyond those advantages are features that Symbol doesn't yet support, but plans to enable since the choice of Linux gives it that flexibility. For example, Symbol already has plans to enhance the switch for voice management of VoIP applications as well as a virtual private networking (VPN) server, which is what many wireless installations use for security.
The switch has a hitch
Symbol's device is definitely a step forward, but there's a hitch. Because of the way MAAPs are provisioned with connectivity by the switch (a process Symbol calls "adoption"), a Symbol-specific proprietary technology-- Wireless Network Management Protocol (WNMP)-- is required to make this work.
If you've followed my columns, you know that I'm extremely adverse to proprietary technologies, especially at the lower layers of your solution matrix. Via WNMP, a MAAP has its radio activated, channel set, and power tuned to whatever settings the network manager specified in the WLAN's policies.
That's the hitch. If the switch is the razor, the MAAPs are the blades. The switch will support non-Symbol access points, but that support isn't nearly as robust as it is for its MAAPs, which are cheaper anyway. According to Symbol officials, the company is considering licensing WNMP so that other companies can build devices that integrate with its switches as nicely as its own MAAPs do.
Whether or not you're comfortable taking on a proprietary technology at the lower layers of your network is certainly a question worth asking. Maybe the answer lies in a cost comparison of your planned WLAN rollouts versus the same rollout using Symbol's Mobius Axon Wireless System. It's a slick system, but depending on the rollout, ROI mileage is likely to vary.
What do you think? Is Symbol onto something? Should WLAN management be moved off the edge and into the core? TalkBack below or write to me at david.berlind@cnet.com.
