How Much Is "Networking As Usual"
Costing Your Business?
by Keerti Melkote
Co-founder and Vice President of Marketing - Aruba Networks

As enterprises equip employees with laptops, they are bringing wireless technology into the enterprise whether or not a wireless LAN infrastructure is actually deployed. The existence of wireless technology is a threat to interior network security. Typical laptops, with default operating system configuration, will often connect to any access point they can find - inside or outside the enterprise network. This exposes the "trusted" interior network to intrusions or information loss.

Interior Security and the Disintegrating Perimeter
The trend toward increased laptop deployment also means that employees have become more mobile and want access to network resources such as email from virtually anywhere. It is quite common today for an employee to connect a laptop to four or five different outside networks each week - at home, airports, hotels, cafes, and at offices of other companies where they may be visiting. Everyday, everywhere in the world, employees bring threats into corporate networks, endangering the entire business. What went wrong?

The enterprise network was built with a security perimeter, consisting of specialized appliances such as firewalls, anti-virus gateways, VPN concentrators, and more. This security perimeter, however, is placed between the Internet and the internal network, and was designed for a time when employees primarily used desktop computers that never left the office. Increased user mobility is now causing this perimeter to disintegrate.

Ubiquitous Mobility and the Move to Wireless
For these employees, their actual desk may be only a place to drop off a coat on their way to the first meeting of the day. For these mobile workers, untethered access to data and voice networks is critical. Huge productivity increases are possible when, for example, an employee can respond to an important email while waiting for a meeting to start rather than at the end of the day. This type of office is the ideal location for wireless LAN deployments, as it provides both ubiquitous mobility and vastly improved security. Today, enterprises with a high number of mobile employees have even made the move to using wireless as the primary connection to both the voice and data networks. Network analysts everywhere agree that this trend is likely to continue - a trend now made possible through innovative new grid architectures.

The Age of Wireless Grids
Just over a year ago, making wireless the primary network connection was next to impossible as legacy wireless LAN products were unable to provide the performance or reliability required. Today, wireless grids solve both issues while radically lowering installation and ongoing operational costs found in traditional wireless deployments. In a wireless grid, traditional access points are replaced by inexpensive, multifunction grid points. Grid points are deployed at floor level, rather than above ceiling tiles, and utilize existing structured cabling. This eliminates pulling new power and Ethernet cabling to support wireless access points in the plenum. Grid points are configured, managed, and secured by a centralized grid controller responsible for automatically providing an ideal RF environment for the wireless network. Grid deployments, made possible by Aruba's breakthrough RF management technology, result in increased performance, increased security, and increased reliability, enabling true ubiquitous mobility and drastically lower TCO.

Port Consolidation, or "How to Get Wireless for Free"
Most enterprise offices provide between two and eight Category-5 cables (the average being four) to each user's office or cubicle. Of those cable runs, typically two of them are connected to the enterprise data network. This generally requires closet Ethernet switches with high port densities - usually high-end chassis based switches. Moving to wireless as a primary connection means that much fewer of these ports are required - as much as a ten-fold reduction in closet ports is possible. This results in immediate cost savings through elimination of moves, adds, and changes, this represents a significant line item in the IT budget.

Universal Authentication
One of the promises of "networking as usual" was the enabling of network-wide authentication of users through the 802.1x protocol. Unfortunately, reality has not lived up to the promise. To enable 802.1x, many vendors have required expensive upgrades, forklift or otherwise, to closet switches. Those enterprises choosing this upgrade path soon discover that 802.1x must be deployed everywhere at the same time. Client devices must also all be upgraded and configured to support 802.1x. Those that can't support 802.1x are now excluded from the network.

Additionally, authentication in closet LAN switches is not tied to authorization - an employee who authenticates is placed into whatever VLAN is tied to the physical port and then given the access privileges of that entire VLAN. Aruba is the first vendor to provide universal authentication. Universal authentication is the ability for any device, wired or wireless, to authenticate using any number of different methods. Once authentication has been accomplished, security and access policies appropriate to the user are enforced by the network. This achieves true compartmentalization of all network devices - enforced by the network.

As these trends become normality, Aruba Networks is primed as the vendor of choice to deliver wireless and mobility to the enterprise. Aruba is an infrastructure company enabling the Mobile Edge, an evolutionary new network architecture that addresses three top concerns of IT managers - mobility, security, and convergence. Aruba manufactures and markets a complete line of fixed and modular mobility controllers, controlled wired/wireless access points, and an advanced networking software suite.

Visit Aruba Networks at: www.arubanetworks.com