May 06, 2009, 9:45 AM — Wireless networks bring flexibility, but IT managers say interference, latency and security issues can be challenging.
Oklahoma City, for example, for a year has operated a 620 square-mile 802.11g wireless network that now supports about 200 applications accessed by laptops, handheld devices and other endpoints by city police and fire personnel as well as other city departments such as transit and public works.
As convenient and reliable as this Tropos Networks-based meshed 802.11g is, the city backs it up using Sprint mobile cards as standard operating procedure for protecting mission critical applications and to extend the range of wireless coverage since the Tropos system deployment was not designed to cover all 620 square miles. The Sprint cards can also come in handy when line-of-sight interference occurs (no significant RF interference has surfaced).
Potential latency issues associated with the 802.11-based network could have complicated Oklahoma City's security plans to transition thousands of employees from re-usable passwords to stronger token-based, two-factor authentication. Wireless networks "have issues with firewalls and timing concerns," says Steve Eaton, Oklahoma City's information security architect, noting that latency -- the time it takes a packet to reach from one designated point to another -- is slower than in wire-only networks.
So when installing the Quest Defender two-factor authentication gateway the city selected, configuration adjustments were made.
Others benefiting from the advantages of wireless say they are also cognizant of its challenges.
Since late last year, Lynchburg, Va.-based Liberty University has deployed hundreds of Aruba 802.11n wireless access points on campus, and also uses the Aruba Endpoint Compliance System (ECS) for network-access control for students.
"The vast majority of our students are now on it," says Bruce Osborne, a network engineer at the university.
Each student needs an ECS software agent, says Jimmy Graham, Liberty's manager of network services, and if any of the roughly 10,000 students lack the requisite antivirus or security patches, they're isolated from wireless access until their computers obtain required security updates, which can be done online.
The tougher challenge has been getting VoIP phones -- in this case Cisco's -- to work optimally on the wireless network. There are challenges related to latency and VoIP's high-bandwidth needs.
"We need quality-of-service to manage this," Osborne says. VoIP traffic over wireless will need to be given priority over other traffic, and until that is all sorted out, the majority of phones will remain wireline-based on the campus.
Sisters of Mercy Health System, the Hatboro, Pa.-based healthcare provider, is benefiting from IP-based phones over wireless in its installation of the Ascom IP DECT System wireless base stations and phones at a number of its hospital sites.
"We were looking for a wireless system and failover," says Felix Merlino, manager of telecommunications for the healthcare organization, noting integrator InfoLogix designed and installed it.
Hospital staff has welcomed IP phones over wireless as a good alternative to a paging system to contact needed medical personnel. While the wireless equipment doesn't interfere with any other hospital equipment, there can be issues with blocked reception, which have to be addressed by adjusting base stations.
The firmware for the IP DECT equipment has to be patched from time to time, notes Cory Lindley, the healthcare provider's senior telecommunications analyst, adding, "As we move further into the VoIP realm, I can see that will be a regular occurrence." Patching requires systems to be shut down and rebooted so it's important to have a second gateway as backup, he points out.
Just considering use of wireless access points in network design raises considerations in terms of the Payment Card Industry (PCI) security rules, says Bernie Rominski, IT security officer for Regis Salons.
The beauty salon group has about 8,000 corporate and franchise locations, most of which still use old point-of-sale dial-up machines. But Regis Salons is updating its network look with plans for a shared Web portal for business purposes and an Internet-based POS system that may include wireless LANs in the salons.
PCI rules for wireless indicate there needs to be a segmented network, Rominski points out, noting "The PCI Data Security Standard recognizes segmentation as a firewall." He adds that means each salon, if it uses wireless, will likely also install a firewall to be able to comply with PCI DSS.
