A switch or a gateway? Real wireless LANs, real choices

Nothing makes network administrators cringe like the prospect of deploying a large wireless LAN.

Security is only the most obvious stumbling block. True, immature WLAN security standards have led many administrators to deploy slow, awkward VPNs to “secure the air.” But perhaps more intimidating is that in wide-scale deployments, configuring APs (access points) for optimum coverage can demand a rocket scientist’s understanding of RF (radio frequency) management. These obstacles have led IT to drag its feet on wireless — even as rogue users take matters into their own hands and set up dangerously unsecured APs.

Thanks to a recent flood of new WLAN gateways and switches, however, conventional excuses are wearing thin. Today, IT managers are stalling for another reason: There are too many choices for solving WLAN security and RF management problems.

The first volley of solutions came from the gateway developers — such as ReefEdge, Bluesocket, and Vernier — and mainly addressed security. More recently, WLAN switches have added automated RF management. This enables IT workers to handle APs as a group from a central point, easing setup and reconfiguration dramatically. And native Wi-Fi security protocols are actually reaching the point where they can be used effectively in the real world.

IT teams now face the challenge of choosing among a host of new devices — the most advanced of which are manufactured by unfamiliar companies — even as further technology evolution seems certain and a shakeout among hardware vendors looms. Moreover, each vendor is adamant that their way is the only way. “People get into this religious-war business, but one size doesn’t fit all,” says Mike Disabato, senior analyst at Burton Group. Ultimately, he says, the layout of the existing LAN, the desired WLAN coverage, the authentication mechanisms, and the integration options all weigh heavily on the choice of technology for a given wireless network.

Gateways Vs. Switches

One of the first decisions IT must make is to choose between a gateway solution and a WLAN switch.

Companies that have already deployed a slew of APs and are loath to replace them may want to consider gateways because they can operate with APs from any vendor. In addition, gateways stray the least from standards-based technology. But they also focus mainly on managing security and user profiles, not on managing the WLAN itself. Services such as rogue AP detection or AP layout planning must be added piecemeal, usually by opting for third-party solutions.

Click for larger view.

“We think it’s important to get this technology from someone who has all the parts so you don’t have to be a system integrator,” says Dan Simone, vice president of product management at Trapeze Networks, a WLAN switch developer. Burton’s Disabato has polled the WLAN switch vendors and found that each bundles similar features, including rogue AP detection and AP deployment tools. The downside is that — because the 802.11 standard fails to address such issues — these features are implemented differently from vendor to vendor, leading to classic lock-in.