A pack of startups in the US is racing to create a new generation of wireless LANs based on wiring-closet devices that connect to wired backbones and control up to hundreds of access points and thousands of end users.
First out of the gate is Aruba Wireless Networks, a 40-employee company that next week week starts beta tests of a wireless LAN "switch" and access points it says will give network executives as much control over their wireless networks as they have over wired ones. Close on its heels is AirFlow Networks, which is about to begin beta-testing its switch, and BlackStorm Networks and Trapeze Networks, which are expected to start revealing their plans in coming weeks.
"This [Aruba product] was like nothing I had seen in the wireless arena," says Neil Buckley, manager of network security at Partners Healthcare, a Boston HMO. "It has integrated in one core switch all the features of a VPN, firewall and intrusion-detection system. You have real-time visibility into your wireless LAN."
Wireless LANs today are largely a group of individually deployed access points that connect to a wired LAN. Individual users connected to one access point must share the available throughput, which is typically 5M to 7M bit/sec for IEEE 802.11b nets, and roughly 15M to 20M bit/sec for 802.11a networks.
Network executives have to add third-party radio monitoring and packet analysis software, VPN concentrators and client software, and firewalls designed for low-speed dial-up connections. There is a painful lack of wireless LAN management tools.
That's precisely the case at Partners Healthcare, where wireless LAN deployment has stalled at about 60 Cisco Aironet access points. "Today, [management] is all manual," Buckley says. "Any changes that need to be made, need to be done to all of the access points. That's not where you want to be in terms of [keeping down] operational costs."
By contrast, Aruba is adopting an approach similar to that used by Ethernet hub pioneers such as SynOptics: multiple devices connecting to a central wiring-closet box, with each client device connected via a different "port." Although ports don't actually exist in wireless LANs, which use radio frequency instead of cables, control has to be exercised individually over each wireless user, and maintained as the users move across a set of wireless access points at a given site.
Aruba access points forge the radio link with client devices. These access points also can act as "air monitors" that constantly search the frequency for packets from new radios, whether on clients or access points, authorized or not. Using patent-pending software, the Aruba access points can block end users from connecting to a so-called rogue access point, which might be nothing more than one across the street in a Starbucks coffee shop, says Aruba co-founder and CEO Pankaj Manglik, who previously worked at switching companies Cisco and Alteon.
Users are passed directly to the Aruba switch, which handles all the authentication, access policies and encryption, as well as creating a personal firewall for each user to control his Web access. Once authenticated, the switch lets the packets from the wireless LAN to shift the wired network.
Manglik says that by "walling" wireless LANs behind a central firewall, then requiring a VPN to access resources on the wired net, network executives are boxing themselves into an architecture that can't support large numbers of users at LAN, or even wireless LAN, speeds.
Another benefit of using Aruba access points with the switch is that they can work together, using another patent-pending software program, to constantly measure signal strength and user number, and then create a continually changing map of the wireless LAN. If one access point fails, or becomes too crowded with users, the switch can change the power settings on each access point radio, or move users to one or more other access points.
Aruba, which has US$10 million in first-round venture funding, has upgraded its switch software so its box can work with Cisco Aironet access points. But when working with third-party devices, the switch can't create dynamic site maps or monitor airspace for rogues.
An official definition of "wireless switch" does not exist, and the market is getting crowded with claimants. But even Aruba and BlackStorm executives stop short of promising switched wireless bandwidth. "You won't have Gigabit Ethernet in a wireless LAN," says Alan Cohen, vice president of marketing for BlackStorm.
Vendors including Bluesocket, Cranite Systems, Fortress Technologies, ReefEdge and Vernier Networks, have built security gateways for wireless LANs, sometimes adding class-of-service features to set traffic priorities. These vendors all say they plan to add switching features.
AirFlow says it has alpha units of its AirSwitch installed at a few customer sites, and will shortly launch the beta-test phase. AirFlow's switch will plug into a wiring closet router and work with streamlined access points, dubbed AirScouts.
BlackStorm, which received an undisclosed amount of funding last spring, appears to be addressing the same problem as Aruba. "Today's access points are like bug lights -clients attach to the brightest one," Cohen says, adding that more details will be made public in a few weeks. But he says the security gateway companies typically do not provide detailed examination of, and information about, the actual wireless packets.
Last September, wireless pioneer Symbol Technologies introduced its Axon box, which connects to streamlined Symbol access points and runs Layers 2, 3 and 4 switching software to process the wireless packets. Axon plugs into a wiring closet's Ethernet switch. More recently, start-up Vivato unveiled plans to build what it termed a wireless switch, but so far has revealed little more, except that it is based on a phased array antenna to focus radio beams on individual clients.
Cisco so far has talked of integrating its access points with its network management infrastructure, although industry watchers say they wouldn't be surprised to see Cisco snap up a wireless LAN switch start-up if customers starting buying into the concept.