Business Model

The company's adoption of WLANs as a technology was based on the initiative to help increase user productivity, adopt Radio Frequency Identification (RFID), provide an alternative to physical cabling in the factory floors, and as an inventory control mechanism in the warehouse.

The company's use of WLANs had to fulfill two main goals:

• First and foremost was the need to provide adequate documentation supporting the ability to secure the transmission of data in the wireless medium.

• Additionally, with the arrival of Sarbanes-Oxley, it had to be reviewed for compliance.

The compelling story that supported the business case for deploying WLANs was the result of a time (use) study. The goal of the study was to prove a financial benefit to deploying WLANs. Those employees who participated were asked to record their time daily.

This employee test bed consisted of three small groups composed of 15 to 20 individuals. They were grouped into two user categoriesmobile and nonmobilewhich were then further classified into three groups as follows:

• No laptop

• Laptop with no access to WLAN

• Laptop with access to WLAN

The results of the study from each user group were compared to each other to subjectively support the need for WLANs in specific areas.

The time study focused on people productivity; however, the company had an additional hurdle to cross. It was time for them to migrate their manufacturing and factory facilities from the older 900-MHz systems to a more current 2.4-GHz (802.11) infrastructure. This would allow them to take advantage of the emerging technologies and products coming into the market. Especially important was the ability to take full advantage of RFID and cost avoidance and to provide flexibility. This is covered later in this chapter.

The company is conducting a post-WLAN implementation follow-up study using the same individuals to validate the assumptions and provide the needed data that would show a positive ROI.

Technology Considerations

The architecture for the WLAN was initially based on three components:

• Security

• Coverage

• Throughput

Security

As the chief technical concern, security had to be addressed to meet the existing company policy on wireless technologies. As a precaution before the WLAN project kickoff, the company instituted a moratorium on WLAN use. This proved to be well founded because security standards for WLANs continued to evolve.

The security architecture was built on the Cisco SAFE Blueprint. As is good practice, decisions related to security were based on a risk assessment. Each deployment (that is, site) required a local policy based on the findings of this assessment and business needs. This then led to a more formal practice where a policy could be enforced. Each policy was built on four factors:

• Threat analysis What the potential threat is and what damage an exploit could cause, typically formed around financial losses.

• How to secure Which type of security would or would not be allowed.

• What to encrypt What value the information being protected holds.

• Which IP policy to use Whether the IP addresses used would be public (routable) or not.

The actual design employed throughout the enterprise was in line with the published Cisco recommendations. This included the Lightweight Extensible Authentication Protocol (LEAP) with Wired Encryption Protocol (WEP) and Dynamic Key Rotation, migrating over time to LEAP with Cisco Key Integrity Protocol (CKIP). The support infrastructure for authentication and validation was provided through the use of Cisco Access Control Server (ACS) and the company's Local Directory Authentication Protocol (LDAP) services. Each system was strategically placed local to where the deployed services would be installed.

Coverage

The intent of the WLAN was to give access only where it might be most used. The company culture directed this approach. This meant that during the initial deployment, not all areas in the office facilities were provided with WLAN coverage. They were limited to conference rooms or other group meeting areas (for example, cafeterias). The deployment up to this point was successful because the company policy and culture did not encourage an extended use of the WLAN for network access. The technology, however, has seen consummate adoption at all levels and functions of the employee chain. This desire for ubiquitous wireless access has since changed the WLAN from being a convenience to a required service resulting in an enterprise-wide deployment.

Even with this change in direction, the design was focused on providing proper coverage as opposed to providing a fixed throughput. Today, the WLAN-enabled areas still remain unchangedemphasis and priority are given to more formal meeting areasbut the general office population receives the service as a byproduct of the signal bleeding into other areas.

The company's direction is that the WLAN will not be a replacement for the wired office. It is simply an overlay network of convenience. Furthermore, no compelling argument has ever been made to support the need for roaming; therefore, WLANs are confined to "roaming domains" such as a factory or single building.

Factories, however, do have additional conditions to meetprimarily, the need for dynamic modification of the physical layout on the factory floor. This condition drove the need for more flexible designs and installations. The WLAN in the factory had to support an environment that had physical churn. Physical layout changes occur to a point where changing the traditional wire infrastructure would become cost-prohibitive. In essence, within the factory, the WLAN became a replacement for traditional wired access.

A constant hurdle in the factory and warehouse is that they are typically filled with wireless obstacles. Factories tend to be filled with large metal machines that perform specialized functions such as processing and metal machining through the use of robotics. This fact alone made the effects of multipath, attenuation, and interference very serious factors to contend with. Certain systems on the factory floor also could be hampered by the WLAN (RF interference on existing systems) because they, too, operated in the unlicensed 2.4-GHz bandalthough they were not tied to the 802.11 protocol. To overcome these hurdles, one key difference in the design for the factory was the use of directional antennas, which played a major role in the factory WLAN design.

Throughput

Several factors came into effect concerning the throughput over the WLAN:

• Policy

• Cost

• Coverage

Mobility did not dictate the use of WLANs, and as we previously mentioned, the culture did not encourage the use of WLANs. Today, and like other companies, the change in work behaviors from "heads down" to more "open collaboration" has since changed the stance (policy) that the company takes toward mobility in the workplace.

Even though WLANs are becoming more of an accepted enabling technology, the cost still needed significant justification. The cost of the infrastructure in an environment where WLANs were initially not used as a primary access method to the network meant that strategic placement was done in a manner where "the most bang for the buck" could be realized.

Both policy and cost forced the IT organization to provide maximum coverageversus highest throughputwith a minimal investment in infrastructure. This design dictated that data rate shifting be allowed because it would allow users to associate with the WLAN from greater distances at the expense of throughput.

As a result (either directly or indirectly), performance and availability issues arose. It has been shown that allowing for dynamic changes in the WLAN (data rate shifting), in an often-unpredictable medium can become counterproductive in the long run. This practice might change in the future.

Deployment

The deployment was handled primarily by internal resources. This method was aided by the fact that the deployment was limited, but additionally it worked as a catalyst to build awareness, ownership, and skills within the team. In the general deployment, the only aspect that was handled outside of the company was the cabling. The local IT team did site surveys, installation, and configuration. The exception was factories, where professional third-party companies were employed for site surveys.

What the Future Holds

Enterprises often initially struggle with the added financial burden of deploying, managing, and operating WLANs; over time, their growing dependence upon the service makes it unacceptable to have interruptions. What initially begins as an overlay network becomes a top priority when broken because of the sheer number of employees relying on the WLAN. In the future, as services grow in demand or as advanced technologies are added onto the original WLAN architecture, the company will wrestle with the growing need for access and the subsequent financial challenges.

Now that the WLAN is finding its way into the general office population, the need for additional services such as guest access and voice are becoming part of the general architecture. Being highly security-conscious, the company must also identify a mitigation plan for rogue device detection.

Guest Access

At present, the company does not provide guest access as a common practice. Much of the need did not exist initially, but as the market adoption starts to climb, this added-value service becomes more realistic. The company sees the use of guest access not only as a convenience but also as an additional layer of security.

Voice over IP

Today, the company is currently adopting Cisco VoIP to offset climbing telephony costs and to take advantage of business-enabling applications and services that can be provided through a converged solution. One of the VoIP technologies used is Cisco IP Communicator, which is the software-based solution that makes the PC a fully functional IP phone. Over time, the wireless-enabled PC will need to be supported by a voice-enabled WLAN.

Many challenges lie ahead for this company when it comes to delivering a voice-enabled WLAN. Issues about telemetry and location services that allow a phone to be located in case of emergency will be a major focal point. Most important, the re-architecture of the WLAN to support better throughput, quality of service (QoS), and roamingboth Layer 2 and Layer 3will need to be completed to support applications and services that continue to emerge.

Rogue Access Point Detection

Rogues APs comes in two flavors: those that are friendly and those that are not. Friendly rogues are not malicious, but they are also not wanted. Unfriendly rogues are considered malicious and not wanted.

Without a plan in place to identify either one, the company has no mitigation option available. Additional work is being carried out to manage the threat of rogues in the enterprise. The variety of tools and management systems that exist on the market today are being evaluated to address this issue.

Summary

The manufacturing company examined in this case study uses WLANs to improve productivity (office) and business process (factory). Like many companies that adopt technologies early, the financial restrictions and company culture that existed forced the deployment to be limited in scope and scale. The due diligence done in the discovery and initial deployment proved successful in driving the acceptance of WLAN as a viable and financially justifiable solution. In addition to having to work within financial limitations, the company was challenged with finding a solution that could provide a sufficient level of security. A WLAN also proved beneficial in the factory by helping to reduce cost and allow for flexibility. Looking forward, further uses of the WLAN, such as voice and RFID, continue to be examined.