Future proof

Ideally, every IT and network manager should get a crystal ball on their first day on the job. Unfortunately networking the enterprise isn’t that simple.

  • E-Mail
By  Simon Duddy Published  November 25, 2004

|~|rab_m.jpg|~|“From a good practices perspective, the major advantage of 802.1x is that it provisions the framework to authenticate users at the network entry points. Without 802.1x, enforcing access control on network services would be similar to placing physical security on the third floor of a building rather than at the main entrance.” - Rabih Itani, network and security manager at the American University of Beirut|~|Technology can be a life-saver for the enterprise. Get to grips with a winning technology early and your rivals could be left swimming in your wake. At the same time, invest heavily in a lame duck and the enterprise could spend years swimming in circles. This is why network managers have to stay abreast of the latest technology and why to them, no matter how fascinating a technology is, the real issue is how much money it will make or save. The technology behind voice and data convergence has been around for a long time and the benefits of the approach are obvious — money can be saved by having one network instead of two and the versatile internet protocol (IP) infrastructure can be utilised to bring more sophisticated tools to the business of office communication. However, many commentators say that convergence lacks a killer application. “Technology is getting ahead of business need here. Convergence brings lots of benefits from video-conferencing to unified messaging and net voice mail but none is a killer application. Voice is a killer application,” says Jean Louis Previdi, senior vice president and research director, EMEA Meta Group. With the arrival of voice over Wi-Fi (VoWi-Fi), convergence may have found its killer application. Certainly research points in the direction of growth for the technology, with Infonetics predicting that VoWi-Fi use will increase at a rate of 450% from now to 2006. VoWi-Fi, which takes VoIP calls and sends them across a wireless network, means that VoIP now not only competes with traditional wired telephone calls but also calls from mobile phones. This could help users cut down on their mobile phone bills, as they transfer calls from the expensive cellular network to the cheaper IP network. It also allows the enterprise to extend the benefits and features of the office phone system to the mobiles of its employees. “By delivering improved, seamless access to IP applications over wireless networks, the key advantages employees have in their offices are extended to them as they move within an enterprise, and outside office walls,” says Micky Tsui, vice president and general manager for Avaya’s communications systems division. The technology is a long way from ousting mobile phones from its position though. Its ability to extend the office phone infrastructure to mobiles only applies to devices within range of the company’s wireless LAN, which limits the technology’s usefulness to the typical enterprise. This makes the technology an IP alternative to cordless phones rather than a truly viable alternative to the mobile phone. Vendors may be over-stating the appeal of VoWi-Fi and the scepticism generated by this has been exacerbated by call quality issues. This is caused by a variety of factors, such as that most 802.11 access points can handle a maximum of eight calls simultaneously. This limited capacity can quickly be swamped in a busy office. Voice traffic can also be superseded by data moving on the network. For example, if a call gets stuck behind a large data transmission, it has to wait before it can move to its destination. While a small time lag is usually acceptable when moving data in the network, it is not acceptable in voice, where the high quality of traditional telephony has created high expectations. “When there are small misses in data transmission — say, in downloading something from the Internet — you don’t notice it, but when those misses occur in voice transmission, the human ear can pick it up immediately,” says Hani Nofal, enterprise accounts manager, 3Com Middle East. The answer to this is to use quality of service (QoS) to set levels of priority for traffic in the network. This should ensure that voice calls are given top priority. However, the IEEE 802.11e standard, which is tackling this issue, is not expected to be ratified until the first half of 2005. This makes a wait and see stance an appropriate one for interested companies. The resolution of this technical issue should also give vendors time to explore the business case for VoWi-Fi and deliver more telling reasons why it will benefit the enterprise. At the moment, installations are mainly limited to niche areas such as healthcare, as some hospitals prohibit the use of mobile phones for interference reasons. This makes a LAN based wireless voice service attractive. That said, the Middle East is seeing VoWi-Fi implementations in the wider enterprise. One such example is Qatar sports academy Aspire, which uses 20 wireless IP phones and 50 soft phone licenses from Avaya over a 3Com wireless network. “Today’s networks don’t just transmit text data. Voice and video are now an integral part of any network design,” says Soubhi Abdulkarim, IT Manager, Aspire sports academy in Qatar. “However, one of the reasons for the slow adoption of transmitting voice and video is different incompatible standards,” he explains. Despite the immaturity of some point solutions, wireless is becoming increasingly common in the enterprise and this trend will undoubtedly continue. The demand is fueled by a desire to extend the enterprise network beyond its physical borders. “Although everybody is talking about hotspots and being able to have internet access from multiple locations, the goal is to continually provide a virtual presence regardless of your location,” says Steven Brown, director of operations for hotspot management firm Single Digits and the CEO of Vesta Group. “This means much more than being able to access the internet. It means having your office or home connectivity seamlessly forwarded to you regardless of where you are,” he adds. While this grand vision is enticing, wireless growth has stalled because of doubts over security, which has made security-enhancing technology a top priority in the wireless world. This has led to significant developments, most notably with the arrival of the 802.11i standard. This technology has been developed in response to concerns over weaknesses in standards such as wired equivalent privacy (WEP), which failed to resolve the issues of eavesdropping wireless signals and hackers logging on with genuine user’ accounts. The 802.11i standard was ratified in July by the Institute of Electrical and Electronics Engineers (IEEE) and offers improved encryption for 802.11 standard wireless products. As a core feature, 802.11i includes 802.1x authentication, which provides a framework that allows users to be authenticated by a central authority. At the same time, the authentication process is pushed to the edge of the network where intrusions are likely to first appear. “From a good practices perspective, the major advantage of 802.1x is that it provisions the framework to authenticate users at the network entry points,” says Rabih Itani, network and security manager at the American University of Beirut. “Without 802.1x, enforcing access control on network services would be similar to placing physical security on the third floor of a building rather than at the main entrance,” he explains. As well as providing authentication, 802.1x allows every connection to be identified with its own WEP key. Before all users would have the same key, which could be circulation for months. With each key separate and able to be changed as often as the network manager wants, a significant window of opportunity for hackers has been closed. With each user having a key, it also doubles up as a monitoring tool for network staff. “Wireless network access authentication via radius servers using 802.1x standards will have a big impact in 2005 and 2006,” says Barry Lindsley, NSE, Fluke Networks. However, Lindsley cautions that, “Enterprises in the Middle East will have to invest in the appropriate management systems to ensure they have the visibility in the network to ensure good installation, commissioning and management of the technology.” This is especially true for trailblazers of the technology who are using network equipment from multiple vendors. Not all equipment supports 802.1x and network managers may have to employ workarounds to use the technology, as upgrading entirely new equipment is unrealistic for most companies. Further possible weaknesses have been exposed by network users in the US, who point to hacking techniques such as session-hijacking, which they say 802.1x does not effectively address. In session-hijacking, the hacker waits for a user to authenticate, then sends a disassociating message, forging it to make it look like it came from the access point (AP). The genuine user thinks they have been kicked off the session, but the AP has authenticated the connection. If WEP is not deployed on the network, the hacker can then use the connection. 802.1x does have limitations and can be cracked, although it is by no means an easy task for hackers to manipulate the authentication protocol. “Despite its limitations, 802.1x should be considered seriously by network administrators as it is an effective way of eliminating a high percentage of attacks right at the network gate,” says Itani. Others are keen to play down the weaknesses of the protocol, emphasising the primacy of the overall security strategy as opposed to one particular technology or device. “The gaps that appear tend to come from a failure of strategy first, rather than from the protocol itself. Used as part of a holistic security strategy, 802.1x is an effective industry standard,” says 3Com’s Nofal. Despite lacking a silver bullet solution, wireless security is catching up with its wired equivalent in terms of robustness. One area in which wired still has a huge lead over wireless is in high-end transmission speed. One of the most eagerly anticipated technologies of recent years is 10 Gigabit Ethernet over copper (10GBE) cabling. Although models claiming this speed have been available for some time, they have not enjoyed industry-wide credibility or have been restricted to short distances (55m). However, Systimax is believed to be ready to release draft standard compliant products this month. The IEEE does not expect to ratify the standard until July 2006 but the technology is already generating considerable interest in the industry. “They [the products] will be draft standard compliant, it will go up to 100m using UTP cabling and with an RJ45 connector. We are sticking to what people know, while bringing greater performance,” says Dieter Podingbauer, managing director, Central & Eastern Europe, Middle East & Africa. “We expect demand in the data centre and backbone side first, as well as in industry sectors such as healthcare and government. But we also expect the demand to quickly broaden. We did a survey of our worldwide customer base in 2002, which showed that 55-59% of enterprises expected to have 10 Gigabit on the backbone within five years,” he adds. However, some vendors have cautioned against using un-standardised cabling, especially as the requirements for 10 Gigabit Ethernet over copper are so tough. For example, Belden has questioned the wisdom of leaping before looking at a ratified standard. “We prefer to wait until the standard is ratified first,” says Steve Lampen, multimedia technology manager, Belden CDT. “There are quite a few 10GBE products out there but before standards are finalised, you can’t be sure that they will meet vendors’ claims. We’ve seen cabling that was claimed to be 10GBE but we haven’t seen it working yet,” he adds. The indications among network staff in the Middle East are that they would be willing to invest in the technology if needed, even before it is standardised, if it has credible backing from vendors. “At the moment we don’t have a requirement for 10Gigabit traffic, as we don’t utilise that much bandwidth,” says Hussein Ali Ghanimah, head of IT operations, Juma Al Majid. “But if we added new bandwidth hungry applications with lots of audio and voice transactions, for example, then we would look into it. And if it is a proven technology, even if it is not standardised, why not go for it?” he adds. For the time being, enterprises with high bandwidth needs will be most tempted to opt for 10GBE. Also contactors of new buildings that are being designed with a 25 year lifespan in mind, will consider it. However, those companies that have already invested heavily in fibre technology will be reluctant to swap out for un-standardised copper. “10GBE is something we would look at. But we’d have to check everything was compatible as there are hardware differences between copper and fibre. We wouldn’t invest heavily in one network make-up and then change it for another,” says Richard Jasnau, divisional manager of telco operations & infrastructure at Sahm. Sahm is the technology arm of the UAE property giant Emaar. For these reasons initial take-up will be slow. The real demand should kick-in after the standard is ratified, as bandwidth needs grow and the price difference between 10Gigabit and 1Gigabit narrows. The savvy network manager always has one eye on the future and a blend of vision and scepticism is needed to guide the enterprise in the right direction. Tackling innovative technologies such as 10 Gigabit Ethernet over copper, wireless network security protocols and Voice over Wi-Fi effectively will help network managers guide the business safely into the future.||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code