NetMotion eases wireless remote-access headache

See correction below

In the course of a career that centers on explaining new technologies, few things have given us more brain bruises than explaining the differences between the Mobile IP and VPN standards. NetMotion Wireless' Mobility XE throws this discussion a welcome curve: it goes beyond Mobile IP, addressing wireless roaming needs with more effective security, control, and bandwidth optimization.

Both the Mobile IP and VPN standards handle remote users and provide encryption of the data stream. Both provide a way to access the remote user via a locally assigned address. The bottom-line difference becomes apparent only when users suddenly break their connection and attempt to reconnect later.

A VPN user in this situation has simply lost his network session; any work in progress is most likely gone and the user has to re-authenticate to the network when he logs on next. Mobile IP does something different: The standard's HA (Home Agent) software keeps the session open and handles the reconnection process when the mobile user returns to an Internet connection.

This feature is all the more impressive because the HA manages reconnections even if the user logs on again using different media. For example, the initial session may have started as a remote connection and then restarted from that user's local desktop connection in the office. None of this matters to a Mobile IP user. It's all in the background.

Here's how Mobility XE takes the concept and intent of Mobile IP several steps further: The user logs in to a "mobility" server on the enterprise network and is authenticated against the RADIUS or NTLM (NT LAN manager)/Active Directory that guards network access. Each user or group is assigned a VIP (Virtual IP) from a set of specific IP addresses or from a pool of addresses through DHCP. Because hosts talk to the VIP, not to the hotspot address assigned to the mobile user, the session will be kept open as long as permitted by admin rules.

Range of mobility

Mobility XE works for both wired and wireless connections, but given that its focus isn't on point-to-point connections, you're probably still better off employing a VPN for site-to-site tunneling applications.

Mobility XE server is the heart of the product. We installed our copy on an HP ProLiant DL360 running Windows 2003 Server in less than 10 minutes thanks to a smooth configuration wizard. Real-life users will see a slower installation only if they decide to import a large number of users from an existing RADIUS or Active Directory store.

We configured the Mobility XE server to pull addresses for its VIP store from our test network's DHCP server. We added our small number of test users through the Mobility XE console; integration into NTLM (Windows authentication) and RADIUS are point-and-click options. One feature we found particularly useful for legacy applications allowed us to configure a specific VIP for a specific user, so the legacy application would lock usage only to that IP.