Gone are the days of being able to ignore security and role separation for enterprise wireless systems. Regardless of whether you go with a thick access point (Cisco or Symbol) or a thin access point (Trapeze or Aruba), your wireless infrastructure must be able to support role separation through using multiple SSIDs (service set identifiers) and dropping these onto the appropriate VLAN.

The Bottom Line Trapeze RingMaster 5.0 with AirDefense 7.0 Trapeze Networks, trapezenetworks.com Excellent  8.8 criteria score weight Management 9 20% Security 9 20% Performance 8 15% Setup 9 15% Ease-of-use 8 10% Scalability 9 10% Value 9 10% Cost: AirDefense: Model 1150 Appliance (small wireless environments expecting limited growth), $5,995; Full IDS and Rogue Detection license for one MP-372 AP/sensor, $695; Personal Manager license for one server appliance, $4,995. Trapeze: MX-8 (eight port switch), $2,995; MP-372 Access Point, $549 Platforms: Microsoft Windows Bottom Line: The enterprise wireless market shakeout gave birth to several vendor alliances. In the case of AirDefense and Trapeze, the resulting partnership is certainly beneficial, combining Trapeze’s speed with AirDefense’s IDS-oriented security. If the solution needs anything, it would be more automation, which is slated for future releases. About our Reviews and Scoring Methodology

With the recent ratification of the 802.11n enhancements, enterprises that want to set up secure wireless networks are looking at services such as wireless defense (Wireless IDS), easier advanced encryption and role separation setup, and multimedia support for Wi-Fi VoIP as differentiators in today's Wi-Fi marketplace.

Enter Trapeze Networks and its new entry-level RingMaster 5.0-AirDefense 7.0 solution. Sold by both Trapeze and AirDefense in configurations ranging from entry-level 1U appliances to monster multiserver arrays, this tightly woven package leverages existing Trapeze APs as AirDefense sensors for both monitoring and security tasks. The AirDefense firmware also takes the place of the standard Trapeze backup firmware image. With both images now coexisting on the hardware, you can change from a sensor to an AP through a simple click in Trapeze RingMaster. (RingMaster's UI handles much of the wireless configuration, with a little overlap by the AirDefense UI.) The benefit of this tag-team packaging? IDS and system monitoring are tightly tied together so that IDS alerts can trigger management actions, and vice versa.

The Trapeze RingMaster and AirDefense consoles are currently separate applications tied together at various menus, but the AirDefense-Trapeze integration will become quite a bit tighter in future releases, with a richer set of scripts and action items for the IDS to execute — including the ability to switch over additional access points into IDS sensors. Future APs will also have expanded flash storage to save backup images of both the Trapeze and AirDefense firmware.

Watching over network access
I added the AirDefense-Trapeze box to our existing Trapeze MX-8 small office Wi-Fi switch at the Advanced Network Computing Lab at the University of Hawaii. Soup to nuts, the integration took perhaps one hour total, including downloading the new AirDefense firmware onto my access points.

Click for larger view.

One of the keys to this solution's success is that any existing Trapeze Access point can be tasked as either an access point or a sensor. Think of a sensor as the equivalent of a wireless protocol analyzer that is then correlated with other air sensors across the enterprise and network data from RingMaster. During testing, the AirDefense system saw dozens of neighboring Wi-Fi devices, but they were not flagged as critical because RingMaster was able to tell the AirDefense server that those devices weren’t on my internal network and thus were not an immediate threat based upon my policies. This level of data sharing dramatically reduced the number of false positives. So while the IDS functions are currently in the AirDefense console and AP information is currently in the RingMaster console, future versions should see the two slowly merge through greater use of the RingMaster plug-in features.