WLAN installations offer companies a way to improve their business operations and increase revenues. Approaching a WLAN deployment in steps or phases can help make this process faster and more efficient. The best way to add wireless connectivity is to start small and plan with an eye toward expansion.
Step 1: Deploy a Pilot Program
Tasks: Define the scope, participants, zones, metrics, and training.
Scope and participants: Popular sites for wireless LAN projects include executive offices, sales offices, operational facilities, and new buildings. It’s vital to obtain a good sampling from each location in which you plan to install wireless. Plan for a realistic sample, depending on the pilot’s scope, your campus size, and user base to get results that are applicable to the larger population. Include coverage for various job classifications, employee segments, and departments-all of whom will derive a different value from wireless. Zones: Map the wireless zones that participants will use (conference rooms, common areas, cafeterias, offices, operational areas, etc.), and determine the LAN wiring you have in those areas. Access point hardware is hardwired to the LAN. Work closely with your facilities team to incorporate wireless technology in ways that will minimize rework as the WLAN expands. It may be useful to perform a site survey in this stage.
Metrics: At the very start, lay out how you’ll measure the production value index. Start with a baseline measurement of costs before the pilot, and plan how to measure and report productivity and return on investment (ROI) metrics afterward. Someone from human resources may be a valuable contributor to your team for this aspect.
Training: The success of a pilot often pivots on how well participants and your help desk personnel are trained, and whether your support group can respond quickly to requests for help. First impressions can make or break the success of the pilot. Start early to document how users should get started, how to use the system, and how to obtain support and prepare trainers and FAQs for deployment, and train your IT and technical support teams thoroughly in the new technology.
Step 2: Establish a Security Program
Tasks: Address authentication and encryption concerns. Implement Basic Industry Standard Security
Service set identifier (SSID): Configure clients with the correct SSID to access their WLAN. The key should be shared only with those having legitimate need to access the network.
Media access control (MAC): Filtering addresses restricts WLAN access to computers that are on a list you create for each access point on your WLAN. This should be enabled.
Wired equivalent privacy (WEP): Encryption scheme that protects WLAN data streams between clients and APs as specified by the 802.11 standard. This should be turned on, but it should be realized that flaws have been discovered in this mechanism.
Implement Advanced Industry Standard Security (Recommended) Implement the highest level of security feasible in your environment, including:
IEEE 802.1X: A security standard featuring a port-based authentication framework and dynamic distribution of session keys for WEP encryption. A RADIUS server is required.
WPA: Wi-Fi Protected Access* is a security standard that solves the encryption issues of WEP by utilizing TKIP (Temporal key integrity protocol), which wraps around WEP and closes the security holes of WEP. WPA also includes the authentication benefits of 802.1X. EAP: Extensible authentication protocol (EAP) is a point-to-point protocol that supports multiple authentication methods. The support for EAP types depends on the OS being supported.
Consider Proprietary Security Consider utilizing a proprietary security solution to protect your WLAN. Implementation however will generally restrict you to a single vendor. As recognized industry leaders of client and infrastructure systems, Intel and Cisco are working together to enable a protected, interoperable, and manageable wireless mobility ecosystem.
Cisco Compatible Extensions add security, performance, and manageability benefits to a wireless LAN network consisting of Cisco Aironet infrastructure and compatible third-party clients.
Other Security Considerations
Rogue access point: Perform regular network audits to identify rogue access points and disable or reconfigure them appropriately. Rogue access points are those installed without the IT departments knowledge and are generally not configured with any security settings, which leaves an open door for unauthorized access.
Virtual private network (VPN): This technology offers additional security by creating a tunnel that shields your data from the outside world. A common security policy for many corporations is to require clients to use VPN to access the corporate network through any wireless access point.
Step 3: Deploy the Wireless LAN
Tasks: Select and purchase equipment, and provide wireless adapters to participants.
Set up the Infrastructure side: After determining which WLAN technology products are right for you, purchase the appropriate number of access points for your pilot.
Choose among the top providers, especially those that will provide solid product support. Choose access point units that offer interchangeable antenna options (for example, omni-directional and directional antennas).
These accommodate different spaces so you can fine tune reception for optimal reach. Access point units need electricity. Larger installations do best using power over existing Ethernet/Cat-5 cabling to avoid expensive retrofitting of electrical wiring. Make sure the units you buy support Power over Ethernet or purchase products that provide this.
Set up the client side: Install network interface cards (NIC), or provide users with Intel Centrino mobile technology based notebooks. Create auto-installers to install all the WLAN drivers, VPN software, etc. in participants’ notebook PCs.
Look for steps four and five in the next edition of CDN This Week.
