Managed Mobility

As laptop use increased and new applications appeared, many information workers became addicted to mobile lifestyles. Security concerns made companies wary of this new trend. However, early scepticism about mobility
gave way to an understanding that companies realised immense productivity gains. Not only was the company able to achieve more, but employees were happier when unchained from their desks.

As laptop use increased and new applicationsappeared, many information workers becameaddicted to mobile lifestyles. Security concernsmade companies wary of this new trend.However, early scepticism about mobility gave way to an understanding that companiesrealised immense productivity gains. Not only was the company able to achieve more,but employees were happier when unchainedfrom their desks.Wireless devices meant workers have becomeused to mobility outside of the office.WirelessLANs (WLANs) bring the same advantagesinto the office. The value of WLANs, like thatof any other technology, depends on the relative benefits it provides measured againstthe costs and risks it incurs.With earlyWLANs, the obvious and powerful benefitswere offset by large costs in equipment and IT effort, as well as by additional security risks.This balance has changed significantly in favourof WLANs.The concerns have been all buteliminated by a new generation of WLANswitches. Internationally agreed security standards have made it simple to set up secure wireless networks, while the centralisedcontrol provided by switches has lifted themanagement burden from IT staff.  Costs arereduced when the wireless network is made a seamless part of the wired network.FLEXIBILITYThe efficiencies afforded by mobile workingapply in the office when a WLAN is present:workers are free to roam and gain access tocorporate data and applications in meetingsand at colleagues desks.Additionally, a WLAN can carry voice trafficand reduce phone bills if it has guaranteedquality of service (QoS), and applications suchas location tracking of physical assets and staffcan be implemented.And there are new breedsof applications that utilise the power of wireless networks, such as mobile email onWi-fi-ready PDAs.At the same time, a WLAN can make it mucheasier to provide services for people that arein the building temporarily. Contractors can beup and running as soon as they arrive, insteadof waiting for IT to connect them. If visiting,customers can access the Internet fom youroffices, moving business along at a faster rate.One firm noted that provision of wireless networks increased its productivity by collapsing stages of its business processes,resulting in measurable improvement. Meetingswith partners were held in a room that hadwireless access to the corporate network,providing secure access to the Internet.Company staff and visiting business partnerscould access their corporate networks beforethe meeting broke up.Agreed actions could beput in process and any problems that croppedup could be dealt with immediately.INITIAL CONCERNS The first corporate WLANs dumped a wholenew layer of complexity on IT staff, so thecosts of installing and maintaining them faroutstripped the cost of the equipment. Sincethey were also unreliable, they also imposedcosts in lost office productivity.WLANs carry data over radio signals. Filingcabinets and even people can impede radio signals, and others can leak in from outside the building or emerge from cordless phonesor microwave ovens.Therefore, great care hadto be taken when installing and managing theearly WLANs.T o install a first-generation WLAN, a site survey had to be carried out to determinewhere to place the wireless access pointsTHOUGHT LEADERSHIP ZONE:MANAGED MOBILITY1" CIOs are sacrificing opportuni-ties through unwarranted fearof wireless networks."  A wireless network can bringimmense benefits to an office.Applications such as voice overIP facilitate the flow of informa-tion and save money. Many CIOs are wary of implementing wireless networks, believingthem difficult and costly toimplement, and a security risk."  In the past, these fears were justified.Advances in manage-ment technology and securitystandards have made wirelessnetworks efficient and secure."  Modern, business-oriented wireless LANs (WLANs) can be installed easily and managedeffectively.They are an extensionto the wired network."  Contrary to expectations, amodern, business-orientedWLAN will -  reduce IT effort, not increase it-  increase overall security, notreduce it-  reduce total cost of ownership,not increase it-  bring greater productivity to theorganisation as a whole.SUMMARYTHE WLAN ADVANTAGEin association withFor more managed mobility resources go to www.itleadershipforum.com/mobilityUntitled Document(APs).Adding an AP to the system, or respond-ing to a source of interference, would entailconducting another site survey and moving andresetting existing APs manually.Wireless access points have to be positionedso that their signals cover the entire office butdon't interfere with each other. For the bestcoverage,APs are installed in ceiling spaces,which makes it costly in time and effort to getthem wired into the building s network andpower infrastructure.When changes weremade, these costs were repeated.T o connect, users had to negotiate a wirelesshandshake with the AP , and repeat that handshake when they moved to a differentpart of the building covered by a different AP an obvious drag on productivity.Before centrally managed WLANs, corporatesecurity was unaware that wireless trafficcould leak company data. Security couldn't tellif an AP had been set up insecurely.Anotherdanger of older WLANs was that an accesspoint could be stolen whereby access codesand encryption keys could be compromised.Surprisingly, many companies still do not applyeven the standard security provided byWLANs. A 2005 study by netSurity found thata third of firms in the City of London hadunsecured WLANs.Workers aware of the benefits of wireless access are often temptedto attach unauthorised equipment to the corporate LAN, without realising this is a serious breach of security.These rogue access points are the source of most of theunsecure WLANs found in netSurity s survey.CENTRALLY MANAGEDCurrent wireless networks, based on cen-tralised switches, eliminate these issues. OlderAPs had to be adjusted individually, but in acentralised system, the APs communicate witha central management function and respondautomatically to central commands.Wirelessconnectivity is thus integrated into the corporate infrastructure and managed with the same tools that are used to manage thewired network.Also, the site survey can be automated. Forexample, 3Com s Wireless LAN MobilitySystem works from office floorplans, takinginto account the radio frequency characteris-tics of walls and partitions and the likely levelof demand in different areas. It then producesdetailed installation instructions.When a modern WLAN is in operation, theaccess points also act as monitors, constantlycommunicating the health of the WLAN to the central management system. Interferencecan be detected and diagnosed automatically,and access points can be reconfigured to usedifferent frequency channels, without humanintervention.COST SAVINGSPlanning and management functions describedabove have slashed the installation costs ofWLANs, but they go further.A WLAN canreduce the overall costs of the entire infra-structure, wired and unwired.WLANs can reach places that would otherwise be too costly to wire up for example the emergency rooms and operating theatres ofMathias hospital (see Case Study page 4).Wireless networks are now reliable enough to replace wired networks in many offices.Instead of maintaining a wired network, withtwo or three cables to each desk, only a limited number of access points need to beconnected into the infrastructure.One access point can support up to 20 userscomfortably fewer if they all require higherbandwidth.This allows a network to support2THOUGHT LEADERSHIP ZONE:MANAGED MOBILITYIn May 2005 in the US, sales oflaptops finally outstripped those ofdesktop machines, and the samemilestone is predicted everywhereelse. IDC predicts that by 2008,more than 50 percent of the PCsin use will be notebooks.All newnotebooks support wireless networking with Wi-Fi.Pioneers such as RIM s BlackBerryhave mobilised around 1 percentof the world s 650 million corporate email accounts. Nokia predicts that most of the rest willhave some form of mobile accesswithin the next three years.With a notebook, an employeecan work at home, in the office,or while travelling, and using Wi-Fior cellular data cards, connectsecurely across the Internetthrough a secure VPN.PRODUCTIVITYin association withFor more managed mobility resources go to www.itleadershipforum.com/mobilityUntitled Document3THOUGHT LEADERSHIP ZONE:MANAGED MOBILITYAn unsecure wireless network hasbeen described as the equivalentof connecting an Ethernet cable to the corporate network, anddangling it through the window.A wireless network penetratesthrough walls, so the signals canbe detected outside the building.If no security is applied, maliciousor opportunistic users can eavesdrop on those signals, or, byposing as a legitimate client ornetwork device, introduce theirown data into the network tosubvert it.  It is even possible tosimply jam a wireless networkwith spurious signals.Early WLANs could encrypt traffic, but it was easy to decode,and the wireless equipmentshared keys in insecure ways.Tighter security protocols werepublished in the IEEE802.11i security standards.These havebeen adopted by equipment manufacturers, and products bearing the WPA or WPA2 certificate from the Wi-Fi Allianceare secure.A WPA-certified Wi-Finetwork will not leak data todrive-by hackers.ENCRYPTIONin association withFor more mnanaged mobility resources go to www.itleadershipforum.com/mobilitymore users on fewer wired ports, so the wirednetwork can be collapsed and simplified, withless equipment in wiring closets and fewerwires to maintain around the office. Adds,moves and changes were a major IT cost onconventional wired networks without built-inintelligence. If a worker changed roles ormoved office, a new network port and accessto applications and data had to be assigned.With employees moving on average once ayear, this became a major cost in a large organ-isation, varying from 50 to 500 per move.A WLAN can greatly reduce this, becausewireless access will work in any part of thebuilding, and access rights are no longerassigned by network port.Finally, voice over IP on the WLAN can reducethe cost still further. Running voice traffic overthe same wireless network eliminates anotherset of cables, as well as cuts out the costs ofmobile calls made while roaming in the office.SECURITYWireless security measures have progressedsignificantly, so that now there is no reason for an unsecure WLAN. More importantly,security worries are no excuse for ignoring the potential benefits of WLANs. In fact, aWLAN can actually increase the overall security of a corporate network.In modern Wi-Fi networks, the links betweenAPs and client devices such as notebooks arekept secure by standard measures that areeasy to apply. Users and their machines areauthenticated, and the traffic between them is powerfully encrypted. Passwords are generated and kept private according to well-defined techniques.Furthermore, centralised WLANs also include technology that will boost overall security by preventing other wireless attacks.Business-grade, centralised WLANs includefirewalls that screen traffic from the wirelesssegments of the network.They can also act as an intrusion prevention system for wireless attacks.A centrally managed WLAN detects and prevents the operation of rogue APs, andsimultaneously reduces the risk of usersinstalling them. If users have access to thewireless service they want, they will not break security policy by attempting to installtheir own.Finally, centrally managed APs do not need to contain usernames, passwords or other network access codes, so if they are stolenthey will not provide any information which a hacker could use to gain access to the corporate network.Untitled Document4THOUGHT LEADERSHIP ZONE:MANAGED MOBILITY1 Originally only suitable for specialist offices,WLANs arenow appropriate for any kind of office.2 If staff are mobile within thebuilding, or if there is a highturnover of temporary staff,WLANs can reduce the costs of providing IT services.3 Staff will be more productive if they can be connected wher-ever they are in the building.4 Over time,WLANs can take the place of wired connections,saving investment in physicalinfrastructure.5 Without centralised manage-ment, a wireless network is asecurity risk.6 WLANs can locate key staff and assets, saving money.7 Mobile phones and PDAs areappearing that can access Wi-Fi.These will be able to operateon the WLAN, saving moneycompared to cellular traffic.8 Voice over IP on wireless networks will offer real savingsover cellular voice.CONCLUSION & RECOMMENDATIONSin association withFor more managed mobility resources go to www.itleadershipforum.com/mobility 3Com 2006.All trademarks used are the property of theirrespective owners Founded in 1851, Mathias Hospital has a longhistory but knows the importance of keepingits technology up-to-date. Over the last tenyears, the 460-bed hospital near D sseldorf,Germany, which treats 18,000 patients amonth, has made the move from a paper-basedorganisation to an electronic enterprise.Operating without paper doesn t just savecosts, it also reduces human error.  Data isonly entered once, and not copied to and from paper. It also saves lives by making thehospital more responsive: data is available assoon as it is captured, not when staff has achance to re-key it.The network is the nervous system that drives all this, but by 2003, the war on paperhad reached a stalemate.  Despite a moderncentral network core, there was no way to get wired access into all the patient rooms and operating rooms.The cost of wiring themwas prohibitive.Nurses and doctors working in those areas still had to enter data twice. Manual recordstaken at the bedside had to be re-keyed at the nursing station, and the only way to viewan x-ray or chart at the patient's bed was toprint it out and carry it there.The hospital had a fully redundant GigabitEthernet core, with 3Com 4060 Gigabitswitches connected by 3Com s XRN technology, and SuperStack 4400 edge switchesat the nursing stations.There was only onething that could extend the hospital s nervoussystem right to where it was needed: wireless.The characteristics of the building meantMathias needed a top-notch planning application to ensure there was full coverage.T o meet the requirements of German law,Mathias had to keep all the information on the LAN confidential, so it needed security.The system would have to encrypt data, and be able to detect any rogue devices that mightbe listening in.Mathias selected a wireless solution with helpfrom its value-added reseller, Ketchum.Thehospital implemented a system based on802.11a and 802.11b/g, which gives up to20Mbit/s of real data throughput, using 3Com sWX4400 WLAN controller and managedaccess points.The system included a strongdesign application and managed access pointsthat can be controlled centrally, reducing thetime taken to manage the network.Now doctors can roll terminals on carts to the bedside and access patient data and diagnostics directly, saving lives and passinginformation instantly to others in the health-care team. Hospital staff use the Orbis HospitalAdministration program to access patient data,and the Baxter pharmaceutical application tomake prescriptions at the bedside.These are transmitted instantly to the hospitalpharmacy, where the prescription is automati-cally prepared and labelled with the minimumhuman intervention. Patients can also accesstheir own records and order meals over the WLAN, with their diets automatically registered and catered for.CASE STUDY: MATHIAS HOSPITAL