ipUnplugged and NetMotion grant wireless users room to roam

This version of ipUnplugged is quite attractive for providing a solid, secure mobility solution wherever clients may roam, at a decent price. However, some client deployment issues and limited authentication methods detract from an otherwise solid product.

Free IT resource TechNet: More ways to know it, share it, and keep it running. Sponsored by Microsoft Free IT resource Attend the SOA Executive Forum: Breaking SOA Bottlenecks SOAExecForum.com/may2007 Sponsored by InfoWorld

NetMotion Mobility

NetMotion Mobility creates an encrypted tunnel between the NetMotion software client and the NetMotion network infrastructure. Interestingly, the secure client is invulnerable to almost all wireless security attacks, and the client is seen by corporate app servers as being a constantly connected LAN device, supporting seamless subnet roaming and application persistence.

I tested roaming and persistence with several different applications, and the software worked quite well at maintaining session communication. A very small percentage of application failures occurred during protocol transitions from Wi-Fi to LAN to GPRS. NetMotion also has best bandwidth routing where the client automatically chooses which media type has the highest bandwidth connection.

This always-on connectivity is accomplished with two components: a NetMotion Mobility Server (managed via console or Web interface), which acts as a proxy for the wireless client via Mobility Client software.

I installed the Mobility server software on a Windows Server and was up on the server management interface in short order. I would have liked the ability to test to ensure proper RADIUS authentication for the Mobility clients.

The server itself doesn’t store a local user access list, relying instead on being transparent to the network and using Active Directory, RADIUS, Kerberos, Windows 2000/NT Domain, or other PKI to provide the user and group authentication components. I would have liked to have a separate wireless access list maintained on the Mobility server but went with using my existing RADIUS authentication infrastructure to manage users and groups.

Organizations deploying NetMotion for use across the Internet will want to harden the Windows server. Unfortunately, NetMotion offers no tools or documentation to help in doing so.

NetMotion Mobility requires that DHCP is enabled on the deployed network to properly support roaming for the clients. Once a DHCP address is used for the Mobility server, the server dishes out a virtual DHCP address to the clients. The DHCP pool can easily be configured from the Mobility management interface.

Mobility server’s management interface is too fragmented. The single management interface is for all primary server functions, including authentication, server fail-over, NAT, and encryption. Unfortunately, there’s a second application for monitoring client activity, and another Web interface where policies and rules are managed, along with remote monitoring. A single Web administration console is slated for a future release.

Deploying clients is fairly straightforward, but NetMotion relies on an organization using SMS or another deployment method for getting the client software on each piece of client hardware. There are also two potential pitfalls. First, clients, by default, can select to bypass the Mobility client software completely, leaving the mobile device insecure and unconnected to a Mobility server. Further, you can’t hide the Mobility client agent from an end-user.

The variety of client-tunnel-encryption methods supported by the Mobility server is impressive, including DES, Twofish, and 128-bit AES (Advanced Encryption Standard).

New to Version 5 of the Mobility server is policy-based management, which is accessed via a Web-based front end and is fairly straightforward. I was able to manage client properties such as filtering certain Web sites and blocking high-bandwidth applications.

NetMotion doesn’t create reports on use or deployment of its client software, but a plethora of statistics is available in real time from the Mobility Status Monitor.

I was impressed with how each product fared. Making a choice will depend on your deployment strategy and how much you want to spend. Subnet roaming and application persistence is easier and works better with just one NetMotion server installation, but the less-expensive ipUnplugged works just as well as NetMotion when it comes to seamlessly moving outside the confines of the enterprise to VPN over different wireless technologies.