 |
 |
 |
 |
 |
 |
About the Author:
Eric has over 13 years experience in all facets of information technology management, planning and implementation. He has directed the planning, development, and implementation of a variety of e-commerce and networking applications, managed LAN/WAN internetworking, router configuration, and installation and configuration of switches and hubs and is a certified Cisco/Airespace network engineer. His experience includes the full array of Microsoft products, multiple current operating systems and hardware platforms, and planning, implementing and managing intranets, extranets, and firewall/VPN solutions. He is a frequent contributor to several online technology newsletters and an experienced information technology trainer and speaker and is the Director of Information Technology at EDI, Ltd.
Top 5 Mistakes Made in Wireless Networks
by J. Eric Smith MCSE, CNE, CCNP, CISSP,
To err is human, but when it comes to wireless networking, mistakes can be costly. Through our work with wireless data networking since before it was “cool,” EDI has seen lots of common mistakes. Getting to know – and avoid – the Top 5 of them could greatly increase your chances of having a successful wireless LAN project.
1. FAILURE TO UNDERSTAND CO-CHANNEL INTERFERENCE
It's often been said, you can't partition air, and nowhere is that more true than in wireless networking. Unlike physical cables, where the signal stays within the copper conductor, wireless networks broadcast across a wide area from a central antenna. It can be likened to a person shouting across a room: he may be shouting at one person, but anyone nearby will hear the shout as well.
So long as only one person – or access point – is doing the talking, there is no problem. But what happens when more than one person – or access point – tries to talk at the same time? If you've ever been at a loud, crowded party, you understand that it's almost impossible to understand anything in such an environment.
Wireless networks suffer from the same phenomena and for the very same reason: air must be shared. But wireless networks have a trick that people cannot duplicate: wireless networks can talk at the same time but on different channels and thus avoid interfering with one another. The 802.11 specification allows for 11 different channels in North America, so you'd think that you could have 11 different AP's talking at one time.
You'd be wrong. Due to arcane vagaries in the 802.11 specification, those 11 channels typically only yield three usable, non-interfering channels. Thus a wireless design becomes a careful balancing act between having too many AP's – and thus too much interference – or too few – and thus not enough coverage. When dealing with more than a handful of AP's, this task is almost impossible without the aid of highly specialized wireless modeling tools and an experienced designer.
2.MISUNDERSTANDING THEORETICAL PERFORMANCE VERSUS ACTUAL PERFORMANCE
Bought a new car lately? If so, you probably reviewed the EPA mileage figures on the window sticker. The funny thing is, once you start driving the car, you notice that the real mileage figures can be substantially less than the stated EPA figures. Why? You've just seen a real-world example of real versus theoretical results.
802.11a and 802.11g offer 54-megabits of throughput, just like it says on the outside of the box. However, that figure is the theoretical maximum throughput of the "physical" interface. In short, it's the best the interface can ever do under the most extreme ideal conditions. In the real world, things are not so ideal. Interference abounds, and nasty little inconveniences like multiple users actually exist. Real throughput is not only lower than the theoretical maximum, it is significantly lower. Most users see around 20- to 25-megabits of throughput under relatively ideal conditions. Throw in a bunch of users and spurious interference and the figure can drop even more.
When planning a wireless network (LAN), it is very important to understand the limitations imposed upon you, and throughput is as important as any other. While email and web surfing are relatively low-bandwidth requirements, critical applications like EPR, patient monitoring, Voice-over-IP, and many others demand low-latency, guaranteed-bandwidth solutions. Wireless LAN's can meet these requirements, but only if engineered properly. A solution that does not take these caveats into account may work, but work poorly, negating much of the advantage of deploying them in the first place.
3.IMPLEMENTING BAD SECURITY
When surveyed three years ago, the primary reason most IT departments had for not implementing a wireless LAN was security. It outweighed the next-highest concern by a factor of three amongst polled individuals, and with good reason. Wireless security – prior to the advent of 802.11i – was an oxymoron. The Wired Equivalency Protocol – or "WEP" – was not only woefully inadequate, it was demonstrably ineffective. Free kits, available to anyone on the Internet, were available that would automatically crack any wireless network encryption within hours – sometimes minutes – of activation. Network managers in the know resisted wireless LAN's vigorously for this reason.
Today, there are far superior options. 802.11i added new encryption options to the 802.11 platform, among them the Advanced Encryption Standard (AES). AES has been certified for government use in such security-conscious organizations as the National Security Agency, the Central Intelligence Agency, and all four branches of the military. No known exploits exist for this encryption algorithm, and the complexity of it has precluded even theoretical attacks. Oddly enough, it is now possible to secure your wireless network more robustly than most wired LAN's.
The tragedy in this scenario is that most organizations are ignorant of the differences in wireless security. There are a dizzying array of options, ranging from the old WEP – which is extremely vulnerable yet widely deployed – to the ultra-new AES. Sadly, many organizations go with the dominant WEP, oblivious to the fact that it gives a completely false sense of security.
The tools exist today to secure a wireless LAN. Every major distributor offers gear supporting the latest standards. The crucial differentiator these days is not the availability of the technology. Instead, it is the overall lack of knowledge with respect to wireless security that is the biggest foe of a secure wireless LAN. Keeping up with the pros and cons of each and every current standard is crucial to a successful deployment.
4.STAYING FAT INSTEAD OF GOING THIN
Diet fads are everywhere. No matter where you look, someone is offering you a way to lose weight and get thin again. Unfortunately, this bandwagon is not as prevalent in the wireless space as it ought to be, and vendors share no small part in the reasoning behind it. To understand the "fat" versus "thin" concept, we have to understand where wireless LAN's started as well as where they're going.
In the beginning, all access points were "fat." Defining this, each access point was essentially an island unto itself, sharing little or no information with other access points in its immediate area. While this approach worked well for a few access points, it became unwieldy when the number of devices grew to more than a handful. Worse, since each access point did not cooperate with its neighbors, there was little or no fault tolerance or coordination with security. A number of third-party, add-on solutions were developed to meet these shortcomings, but they were merely bandages on a festering problem. A new solution was required.
Roughly three years ago, that solution came of age in the form of WLAN switches. Technically more an appliance than a switch, these devices moved nearly all of the "smarts" out of the access point and centralized them into the switch or appliance. This had a number of beneficial effects. Access points, being less complex, could be cheaper. Being centralized, the access points could now act much more in concert with one another, adjusting power and channel coverage optimally to the environment in real time. Security, long a problem with fat access points, could instead be homed on the appliance, simplifying access control. It represented a fundamental change in how wireless LAN's could function.
Today, all new deployments of any size whatsoever are arranged around the "thin" access point idea. Wireless equipment vendors still promote and sell "fat" solutions despite this, which is why it's important to understand the advantages of either deployment method. However, for nearly all medium to large-scale deployments, thin is in.
5.DEPLOYING ONLY IN LIMITED AREAS
Many organizations have been led to wireless LAN's only reluctantly, largely because of security or performance concerns. To that end, many have deployed wireless coverage only in very specific areas in the enterprise such as lobbies and break rooms. Invariably, EDI's experience has shown that users who are exposed to wireless in limited areas will clamor for ubiquitous coverage shortly thereafter. The advantages to being untethered from an Ethernet cable coupled with the rise in purchases of laptops over desktops in the enterprise have created a completely mobile workforce. Employees long for the type of mobility that will allow them to work effectively anywhere in the building, and the productivity advantages to such an arrangement are well documented.
Unfortunately, those who plan for limited wireless deployments up front are actually short-selling themselves. The main costs in a wireless deployment are all up front, mainly in the installation of the cabling and access point infrastructure. By deploying such a network across the entire campus all at once, significant cost savings can be realized over a piecemeal scenario. Understanding how wireless networking will benefit the enterprise is key to understanding the necessity of an all-or-nothing deployment.
Today's workforce is centered around mobility and the ability to rapidly respond to changing conditions. A wireless infrastructure allows employees to remain productive regardless of their physical location, and in many cases regardless of what kind of device they may have with them at the time. Organizations that understand and fully implement this competitive advantage may prosper beyond those who focus on wireless as a "nice to have" addition.
PUTTING IT ALL TOGETHER
Wireless networking presents a variety of challenges in deployment, which is ironic because it’s presented as a solution to the complexity of having to physically “wire up” a location and all of your equipment. It’s very easy to deploy a wireless LAN, but it’s not easy to deploy one properly. As outlined above, there are numerous pitfalls to such a deployment and only experience and good tools will help you avoid them.
Despite these challenges, we cannot ignore wireless any longer. Customers are demanding it when they travel, and businesses are leveraging wireless to become more competitive. It’s inevitable that you’re going to have to deal with wireless LAN’s if you’re not already doing so. The hard part is making sure it’s done right the first time, as a poor deployment is a waste of money as well as a potential security nightmare.
For additional information or discussion about wireless networking, please contact us at info@ediltd.com.
