width=10 nowrap> « back to results for ""
Below is a cache of http://www.arubanetworks.com/pdf/technology/whitepapers/wp_INDENT.pdf. It's a snapshot of the page taken as our search engine crawled the Web.
The web site itself may have changed. You can check the current page or check for previous versions at the Internet Archive. Yahoo! is not affiliated with the authors of this page or responsible for its content.
The Indestructible Network White Paper |
Peter Thornycroft and Chuck Lukaszewski

Enterprise
The Indestructible Network:
Wireless LANs for Industrial and
Outdoor Applications





1
The Indestructible Network
Aruba Networks

Industrial and outdoor environments
Many organizations require data and voice communications in industrial and outdoor environments.
Historically these needs have been met by a patchwork of copper or fiber-optic cable in the ground, low-
bandwidth 900 MHz and 2.4 GHz wireless links, and depending on the particular site, satellite networks too.
While wire-line networks can support high data rates with high reliability, it is not always feasible or cost-
effective to dig trenches or string overhead wire across chemical plants, container ports or off-shore oil
platforms. Manufacturing plants and storage facilities with explosive atmospheres and ignition hazards have
specialized installation requirements, raising the installation cost and complexity of wired networks.
Consequently many deployments utilize both wired and wireless technologies, often combining licensed and
unlicensed spectrum across a number of different frequencies.
Until recently this hybrid patchwork of communication technologies was the best achievable solution,
particularly for mobile, data-intensive clients such as rugged handheld terminals and vehicle-mounted
terminals. Still, the final results fall short of both IT requirements and user expectations. Wireless signal
quality and available bandwidth is often highly variable across an industrial or outdoor site, resulting in user
complaints. For the IT group, fault management and performance monitoring can be especially difficult; the
lack of homogeneous monitoring and management for the diverse wireless links results in disparate alarm
and reporting consoles. Indeed, many organizations find they must support separate, overlaid communication
networks, each with its own infrastructure, resulting in duplicate management systems and IT effort. Worse
yet, overlaid networks using legacy and new equipment on the same frequencies can result in unintentional
interference.
Many communication services in industrial and outdoor environments require low bandwidth: telemetry and
SCADA applications generate only a few kbps on average, easily within the range of any wireless
technology today. Many organizations now need to support new applications for remote workers, such as
data or Internet connections for ruggedized PC terminals, and even voice services in areas that are remote
from cellphone coverage. These require considerably more bandwidth than SCADA. Finally, many
applications such as power generation, water treatment and chemical plants intend to add real-time wireless
video surveillance for security purposes, driving even higher data rates and predictable quality of service
(QoS).
In recent years these new requirements on outdoor and industrial communications have increasingly stressed
communications infrastructure designs. Meanwhile, a number of developments in Wi-Fi for enterprise
customers have reached the stage where, with a small number of additional features, the technology is able to
profoundly improve the outdoor experience and, in so doing, consolidate, simplify, and flatten the traditional
patchwork and overlay of disparate communications networks.
State-of-the-art in Enterprise Wi-Fi
Many IT professionals in industrial enterprises will be familiar with the earlier generations of wireless
products that provided the technology foundation for the original Institute of Electrical and Electronic
Engineers (IEEE) 802.11 standard in the late 1990s. For the purposes of this paper, we distinguish between
early 802.11 (Wi-Fi) networks consisting of many standalone access points (APs), and what is now termed
Enterprise Wi-Fi in which a centralized appliance controls hundreds or thousands of network-attached
radios (thin access points) in a secure, reliable manner.






Aruba Networks
The Indestructible Network
2

Enterprise Wi-Fi networking technology was pioneered by a number of small, startup companies advancing
this new architecture, beginning around 2002. It grew out of the broader consumer market, where Wi-Fi
rapidly became the accepted way to build home networks for Internet access, and from specialist vendors
serving the warehouse and manufacturing markets, where wireless communications were often the only way
to reach mobile workers and terminals.
Enterprise wireless LANs (WLANs) applied the same solutions for a broad range of indoor customers,
including universities, retail stores, hospitals, hotels and carpeted office environments. Instead of searching
for an Ethernet jack with which to connect to the LAN, users could avail themselves of Wi-Fi coverage. The
low cost of Wi-Fi chips, and the widespread availability for interface cards and integral Wi-Fi in laptop PCs,
aided the growth of enterprise WLANs to what is today a >$1 billion industry. While certain industries have
been slower to adopt the new architecture, the IT workload associated with management, security and
troubleshooting continues to extend the market for enterprise Wi-Fi equipment, replacing large networks of
standalone or fat access points across many industries.
In order for Wi-Fi to be accepted by enterprise IT groups, it had to be packaged and enhanced in a number of
ways. The thin access point architecture removed complexity from the edge of the network and introduced
a central WLAN switch, or multi-service mobility controller, that manages large numbers of dependent
access points. The multi-service mobility controller is responsible for managing and coordinating its
dependent access points, and aggregates all Wi-Fi traffic, subjecting it to a firewall checks before connecting
it to the Enterprise LAN.
Some of the advantages of the centralized enterprise WLAN architecture are presented below.
Identity-based security
Identity-based security applies rules to people and clients rather than to ports on the network, only
permitting access appropriate to the specified role of the user as defined by a server such as RADIUS.
Centralized WLANs support the full range of user authentication methods including the IEEE 802.1x
framework that allows the use of PEAP, EAP-TLS, EAP-TTLS and LEAP, providing a state-of-the-art
security regime only equaled by the most modern wired networks. Users can be authenticated against
existing LDAP, RADIUS or Microsoft Active Directory servers, as well as a local database inside the
multi-service mobility controller. Supported encryption methods include WEP, TKIP (WPA), AES
(WPA2) and the L2 xSec encryption algorithm. Web-based authentication allows guest and clientless
users to access the network secured with standard SSL.
Unauthorized, user-installed rogue APs are a continuing security threat to all enterprise and industrial
WLANs. Centralized WLANs have many advanced features enabling detection, identification, location
and suppression of rogue APs, both in the air and on the wired network. When a rogue is detected,
alarms and logs alert the network manager.
Non-disruptive integration into existing networks
Centralized WLAN architectures allow a modular, phased introduction of mobility from pilot network to
full-scale enterprise deployment, deploying on top of existing L2 and L3 LAN/WAN infrastructure.
Access points are completely plug-and-play, requiring no manual configuration. They can be attached to
any existing Ethernet switch or IP router and across any subnet boundary. Once connected, access points
self-configure by automatically building a secure (GRE or IPSec) tunnel to the multi-service mobility
controller. The controller automatically discovers and configures each AP based on the policies set by
the administrator.





3
The Indestructible Network
Aruba Networks

Secure convergence for mobile VoIP and video services
Centralized WLANs provide intelligent controls reliably and securely delivering voice, data and video
services to fixed and mobile clients with PCs, dual-mode handsets, smartphones and video cameras.
They support the end-to-end QoS required for multi-service applications, respecting relevant L2 and L3
QoS tags. Other features for voice include call admissions control based on the number of active calls on
an AP, and bandwidth control to limit the amount of bandwidth lower priority devices can use. As users
move from AP to AP, their security and session state is maintained in the multi-service mobility
controller, assuring