Download Good morning, and welcome to this, the third Cisco LiveCast

Cisco LiveCast – 31.01.06
Transcript
Good morning, and welcome to this, the third Cisco LiveCast. This session is entitled, enabling the
mobile work-force. My name is Andy Oldfield; I am the manager of the Wireless Technology
marketing team, responsible for European and emerging markets at Cisco Systems. This session
is a live session, it works very well if you all ask questions, bare in mind that your questions can
only be seen by us, not by everyone else viewing, so please feel free to ask anything you like.
When we talk about mobility, the first thing that people think about are mobile phones. In the UK
we’ve had high penetration of mobile phones in both business and consumer for a long time. In
fact it’s been said that everyone who is going to buy a mobile phone in the UK has already bought
it, and is widely acknowledged as a good business tool. We are also seeing it, as apart from usage
of it as a voice tool that it is starting to be used as access to data, primarily for web access, with 3G
services. We also see that items like the Blackberry are being used more and more for
downloading email and other devices that can access data back on a corporate network; they are
really a truly mobile device. When we really look at mobility what we are thinking about in a
business environment is Wifi, also known as Wireless LAN. This is driven primarily by the access
to the network from clients. There are clients in every type of device now; it is probably not
possible to buy a laptop, or even a desktop that doesn’t have a Wifi client.
When you buy a broadband service at home you’d probably receive a wireless networking device
on it. So we can look at this as being client driven. And primarily starting from the consumer end of
the business and now moving into the true business environment. What at first became just a toy
for access, an easy method of moving about the building, has now become a true business tool.
This tool delivers several advantages. So productivity being one, access to information when
you’re not at your desk, when you’re in a meeting or moving around the building, at a very simple
level, this can be a real productivity gain. This helps us to extend the network, previously we
looked at Wifi or Wireless LAN as just a pure overlay network but now it is becoming more and
more an extension of the wired network.
Some of the questions coming in are:
“Why do I need a wireless network when I have already wired my building?”
If you think about how you wire a building you look at where people’s desks are and possibly some
common areas, although that is pretty rare. So when people are moving into meeting rooms or
other common areas they don’t have access to data. If you have an element of wireless in your
building then it will allow areas that are not wired to be covered, otherwise you would have to
totally flood wire every area of your building. This is very much true for data, but if you were to look
over voice over wireless networking, then of course this becomes even more important. Simply
because you would have to wire everywhere for voice, whereas if you were using voiceover
wireless LAN, then very simply you can use wireless technology to cover common areas, rest
rooms, printer areas etc.
Some other questions:
From Francis: “I’m looking to order a pocket PC, is this the same as a Blackberry?”
A Blackberry is a very specific device that is marketed and sold as a service to allow you to
download your emails. A pocket PC is, as the name implies, a small form factor PC, that will
possibly have wireless connectivity and you can run Window’s operating system or other
applications, so you could in fact access data with a web browser, you could in fact run a small
email client on there to access your emails.
Simon: “Cisco tends to supply solutions to large companies, what can you provide for my small
business?”
The great thing about wireless networking is it covers the whole gambit from consumer all the way
through to very large enterprise and service providers. So the type of network you deploy is very
much dependent on the size of your company and what you are trying to achieve. A wireless
network, consists very basically of an access point, which is the radio, that’s then connected onto
the wired network and then your client, which can be, as we discussed, in many form factors and
either has a Wifi client card built into the motherboard, it may be an option card inserted into a PC
or it can be a USB wireless client card that you can plug into a USB port. So we can offer solutions
that cover a whole range of complexity and scale for any network.
Next question from Stuart: “Are wireless networks secure?”
Well interestingly enough this is probably one of the biggest perceived barriers to adoption for a
wireless network is the risk of security breaches. In the past when wireless networking was being
evolved there was a limitation on the type of security that could be employed on a wireless
network. This lead to some well-publicised hacker tools being made available that would allow
wireless networks security to be breached. A couple of years ago, the industry came up with a
much much stronger solution, that allowed secure authentication, that’s the determination of, is the
user allowed on this network and also encryption to allow the information that’s being transferred
over the air from a client to an access point to be encrypted. This information is fully secure now
and we can safely say that wireless networks are secure. Of course the big problem and many
breaches that occurred were due to the fact that people did not enable the security. This is very
much like sitting in a car with a seat-belt and not wearing it. So the truth is that most breaches will
occur because security is not implemented rather than the technology not being available to allow
it.
So we now build an extension to the network that’s secure. If you are looking at security then it’s
an end to end solution. You have to have security from the client, through the access point, onto
the wired network and all the way through to the server. So when you are evaluating wireless
networking, make sure you look at the whole of the connection, make sure that there are no weak
points in the chain. All of the network as to be secure and it all has to be working in a coordinated
manner.
Next question, from Jay Jay: “We use WEP, that’s Wireless Equivalent Protocol, for our wireless
network, one of my geek friends says this isn’t secure. Is he right?”
Well, WEP is a protocol that can be potentially breached. However, there is a stronger version of
WEP that is 128bit, so what I would say is that if you are going to deploy a wireless network then
the strongest security that you can deploy at that stage is better than no security. So if you are
going to use WEP please use the 128 bit version. Potentially it could be insecure, but that would
require someone to be launching a specific attack and capturing the information to be able to crack
the security. This in general is not what occurs, as I said before, people tend to go for networks
where security isn’t enabled. When we look at extending the network further we should look at
some of the advantages that we get from wireless networking. So if we think about access, access
to data, what does that give us? Well, it gives us the ability to go and access a common source of
information, one of the biggest problems as a business we can have is inaccurate information, or
missing information. In fact inaccurate information is probably worse than no information at all. If a
business has paper based or book based, or whatever format of information lying around, then it is
very difficult to control. Businesses these days tend to be moving towards a centralised repository
of information that can be electronically updated. Of course this is great if you are plugged into a
wireless network, sorry this is great if you are plugged into a wired network, but if you don’t have
access to that wired network then a wireless network is the answer.
If you have maintenance engineers or a mobile work force this becomes even more important.
We’re use to wireless networking at home, we see wireless networking being deployed within
business, but we also have access to public hot-spots. These are provided by service providers,
BT Open Zone for example, T-Mobile etc, that are held in airports, hotels, coffee shops of various
brands etc where you can access a public network from your mobile device, Laptop or PDA etc.
The ability to be able to get access to your corporate network is key here, because you want to be
able to get information that you wouldn’t be able to get to in a normal environment.
The big question, Tim asks: “How can security be maintained from public WiFi hotspots?”
The point about it is you are then on a public network, so you’re accessing that network from your
device over a shared and open medium, which is the air, onto a public internet access. If you want
to connect back to your corporate network, the best way it to establish a VPN session. This is a
Virtual Private Network session. This is effectively a secure tunnel, from your device, your laptop
or whatever, through the public Internet, into your corporate network. This means that that session
is completely encrypted and completely secure for yourself and only for your use. And in this way
you can access securely your corporate data knowing that no-one else can access that data as it
transits for public network.
Charles asks a question: “I find it painful connecting in different locations, including Europe, any
advice?”
This depends very much on how you’re accessing the network, so typically what happens is there
are a number of networks available throughout Europe and the UK and you have to subscribe to
each individual one. So you can go to a site where they have a BT network, another site will have
Swiss mobile network, Swiss Com network etc, and so each one you have to connect to it and pay
a premium price to be able to use that network. One way around this is to look and see if there are
any virtual service providers that you can subscribe to, that will effectively, you pay them one fee,
or a usage fee and they sort out the back-end payment to the service providers that you are going
to access if you are travelling. This is very important to allow easy access; the challenge is to find
a virtual service provider that covers as many of the national service providers where you are going
to visit. So it’s important to work out what services you are going to need to access and then talk
to the service provider about how they can help out.
Nigel asks a question: “Can people see my shared folders if I am connecting on a public hot spot?”
They cannot see your shared folders if you are tunnelling securely through the public Internet onto
your corporate network. If you are accessing that as just a pure Internet access then all of the
restrictions and security caveats apply, in that anyone who can access that session on the Internet
can see what you are doing. This is why we recommend that you tunnel through in a secure
manner, to your corporate network or to your home network. You will find that many of the
wireless access devices that you deploy at home now have the capability to become a VPN
termination device. This means that you can establish a VPN client through to that device. The
other thing is to look at is SSL. This is whenever you are on a website, if you are buying
something on a website you will notice there is a little padlock in the lower right hand corner of your
web browser this means you have established a secure session through to that website. That is an
encrypted session and therefore no one else can see that, so either SSL or something like an IP
sec VPN, I know this is all acronyms but this is the way the industry describes it. A virtual private
network will allow you to have a secure session.
Question; “Is the VPN rate cost-effective for a small business?”
There are two ways of deploying a VPN, you can take a VPN service from a service provider,
which is what I presume Tim is referring to here and that is going to depend very much on usage
and where you access from. It is very similar to a mobile phone; in terms of if you are roaming
abroad then the VPN can be more expensive. It also depends on the amount of usage you make
and the sort of deal that you can establish with your provider. The other alternative is to do it
yourself and it’s not that complex to do. As I mentioned, many of the consumer class products
actually have VPN capability in it, Cisco itself of course sells VPN solutions built into either its
routers or as a stand alone device that cover from small to medium businesses all the way to very
large enterprises. So there are easy solutions for you to deploy, in either a consumer or a business
class solution.
Peter asks a question: “Can a public wireless network be used for voice phone-calls?”
This refers to a technology called Voice Over Wireless LAN. It uses Voice Over IP. So firstly
obviously a GSM or 3G mobile phone cannot be used on a public wireless network because it is a
totally different radio technology. There are several ways that you can use Voice Over a public
wireless network, for example many people use SKYPE or similar Internet based telephony, this
uses Voice Over IP and if you have wireless networking as your transport medium rather than
being plugged physically into a broadband line then of course you can use that. You can also buy
specific devices that are also Voice Over Wireless LAN IP based. The challenge here of course is
these devices are typically tied into a corporate telephony system and use a specific protocol, so
unless you can establish a connection through the Internet to your corporate network then of
course it’s going to be rather difficult to establish a voice call.
We are also going to be seeing the release of dual mode phones, so these are GSM phones with
WiFi in them. Again, the WiFi, or Wireless LAN piece is really a enterprise or business class tool
that will require connection back to corporate network. If you are going to use Internet based
telephony then there are a few things you need to take into consideration. First and foremost will
be quality of service. There is no quality of service on a public Internet. So therefore your
challenge will be not only the same as when you are on a wired broadband linked to the public
Internet but also if you are on a public hot spot then there are other users on that hot-spot vying for
the bandwidth that is being used by that access point. So your quality may deteriorate and you will
have no control over it. The other area that we have talked about is security, so you need to
consider how you will be able to secure your voice calls that are going across the public Internet.
This is again a similar issue to wired but again you are in a far more hostile environment if you are
in a public hot spot, because there are other people sharing that bandwidth.
Sam asks a question: “How do I tell if there is unauthorised wireless in my business?”
That is a very good point. Access points can be deployed on any wired network and an access
point is the radio piece that connects into the wired network, as soon as you’ve done that you’ve
effectively left open a wired port for anyone to access, especially if as discussed security is not
enabled. The key thing here is, the only way to really detect wireless is with a wireless network.
So what you’ll find the difference with business class wireless networks, they have the capability to
do intrusion detection and also intrusion prevention. The specific thing we are talking about here is
called rogue access point detection. Basically you can deploy a wireless network that is available
for both access by clients and at the same time can be scanning the airwaves to check whether
there are any unauthorised access points on the network.
Even if you determine that your business will absolutely not allow wireless in the building or on the
network at all you should still protect yourself by deploying a wireless network in intrusion detection
mode, so that you know that all the time the airwaves are being scanned to ensure that no access
point has been put on the network, illegally I guess is the best way to put it. It’s all very well to go
around with a hand scanner and check whether there is wireless there but unless you have people
continuously walking around and continuously scanning then there is always the chance that
someone will put an access point on but maybe for the very best of reasons, just a short time to
make their life easier while they are moving around, and then they’ll take it off again and you wont
know. If the security is not enabled then you’ve left a wide open network.
Matt asks the question: “Can you use a mobile phone on a Wifi network?”
As discussed earlier, no you can’t. A mobile phone uses either GSM or 3G technology and this is
a very different radio technology to that which is used on a WiFi network. A WiFi network uses two
frequency’s to deliver different classes of performance. You can have 802.11b and g this is used
in 2.4 Giga Hertz or you can have 802.11a which is 5 Giga Hertz. The difference between them is
the through put that can be delivered.
If there are any more questions please keep them coming. In the meantime let’s talk about what
else we can use a wireless network for. We mentioned about access to data, we’ve mentioned
about roaming use, so pure access either within the office environment or outside the office. What
we are seeing also being deployed is guest services; this is where a network is made available to
visitors to your company. It is a virtually segmented network, so it can run on the same wireless
infrastructure as you deploy for your own corporate use, but it only allows them access to specific
areas. Take for example many people have contractors or outsourcers working in their company
and they don’t want to give them access to the corporate information because of course the
corporate network holds the crown jewels of your business, i.e. your corporate data. But to be able
to carry out their job these contractors or consultants need the ability to access the Internet either
for research or to tunnel through the Internet as described by the VPN session to their own
corporate network to retrieve data. Guest access allows you to deploy this sort of solution and is
built into the Cisco solutions so that you can specify that they an only connect to the public Internet
and they cannot get access to your corporate data.
We also find that many company’s like to offer this service to visitors to their premises. So if you
are in a type of business where you have many visitors coming in and attending meetings, events
seminars etc you may want to offer this service as a benefit to them coming to see you or in fact
you could outsource this to a service provider who could run it as a viable business. Also, we are
finding that various vertical businesses are homing in on what’s called location based services.
This is the ability to be able to track an active Wifi client, whether that’s a laptop, a Wifi phone, or a
RFI de Tag that can be attached to a device or a person. For example in a healthcare environment
they need to be able to track the common equipment that’s requires, that’s very expensive and
also pretty rare, so efficient usage means that you have to be able to find it quickly and then bring it
to the site where it is required, so that you don’t have to over-equip. Also a lot of this equipment
and in many other industries has a very high maintenance schedule. Equipment needs to be
maintained on a very regular life-cycle but finding equipment to start with often takes longer than
actually maintaining it.
So the ability to be able to connect a location based service in with your work schedule will give
true benefits. For example in hospital we are told that to maintain expensive equipment, often it
takes three to four hours to find the equipment and one hour to maintain it. So this means that an
immediate benefit, productivity benefit can be gained if we hook one WiFi based location in with
the maintenance application.
Taking that thought a little bit further we also have the ability to be able to push content to a
specific device based on where its location is. One of the problems once you have a Wifi
extension to your wired network is that you can end up with too much data. All of the information
that is available on the wired network now becomes available on your portable device. The
problem will be that getting to the information whilst you are mobile is crucial for you to do your job
will take more time then will be saved by accessing the information. By using location based
services, what we can do is determine where the person is, and for example if it’s a maintenance
engineer going to say maintain a lift, they get to the lift and they will be able to pull up the
maintenance records of that lift, they will be able to pull up the maintenance manual, they will be
able to pull up all sorts of spares information for that device. And that’s all that they need at that
stage, they don’t need the information about what’s on in the staff canteen that day and all the
other extraneous information that is sitting around on your corporate network.
A question here from Dave: “You mentioned a health-care environment, are Wifi devices safe to
use with medical equipment?”
One of the reasons why WiFi is being deployed widely in healthcare is because of the issues with
using GSM in a hospital environment. The band width and frequencies that a GSM device uses,
that’s your normal mobile phone, can actually interfere with medical equipment. Because Wifi uses
a different frequency then it is non-interfering with other devices, so one is the safety aspect of
healthcare, the other reason is if you look at the problems that are trying to be solved then you
have some very key people and assets that you need to be able to contact and find where they are
and get them to specific places at certain times. So this could be emergency theatre nurses,
consultants, doctors etc, you need to be able to find them quickly and move them around.
However, most hospitals are large campuses with many buildings and often the wards are spread
apart. So Wifi enables us to be able to reach all of those areas that would not be cost effective to
do with a wired network.
Another question coming in: “Can Wifi networks interfere with each other?”
Yes they can, quite simply because it is a free medium. The area is an open medium to everyone,
however, what this means is that when you come to deploy your wireless network, then you treat it
as any other network, so you properly project manage it, you ensure that it is conforming to your
security policy and the difference with wireless as opposed to wired is you need to do a radio
frequency survey. This RF survey will determine what areas will be covered by the wireless
access point and make sure there is no interference between access points. So there are various
channels which the access points can be tuned to so that they don’t interfere. But a professional
site survey with RF equipment is absolutely essential if you are going to put a robust and reliable
network together.
As we can see we’ve looked at a number of different alternatives here as to how you can deploy a
wireless network. The key thing is to consider now that wireless is a mature and secure
technology. It brings business benefits in terms of productivity, flexibility and adaptability. If you
are going to roll out a network then you can often do it quicker with wireless than you can with
wired. If you have an environment that is not cost effective for wired or there are restrictions
because of building construction, or restrictions because of other types of building constraints, it
may be a listed building for example, then wireless can often be the only solution. What we need
to say is that whenever you are considering deploying a new application, whenever you are
considering extending your network then wireless should be part of your project plan. Please
make sure that you deploy wireless the same way that you deploy wired. That it is considered, its
project managed and that you get a proper site survey done. If all of this is taken care of then you
will end up with a network that is reliable and secure and brings you some real business benefits.
We’ve now reached the end of our LiveCast, thank you very much for listening, thank you very
much for all your questions. To listen again click on the link which appears and go to the website
you can download a Pod cast or transcript of today. Once again, thank you very much and happy
wireless. Goodbye.