Q

Enterprise wireless connection policy: Navigating cellular vs. WiFi

Trying to decide cellular vs. Wi-Fi for mobile devices? An enterprise wireless connection policy will help steer mobile devices to the right network.

This article can also be found in the Premium Editorial Download: Network Evolution: Revisiting past predictions for networking technology:

Many of our wireless devices can connect to either a cellular data network or to a WiFi network. How do we make the cellular vs. WiFi decision for connecting enterprise devices?

Cellular (3G/4G) data networks are ideal for on-the-go connectivity over a wide area, such as when moving outdoors. However, we've all experienced weak cellular signal indoors, which can cause slow or dropped data connections. Although outdoor WiFi networks are available in some areas, most WiFi hotspots are designed to cover a well-defined indoor space, such as a hotel, conference center, airport or airplane.

As such, decisions about cellular vs. WiFi depend first on location and mobility. Increasingly, we will connect wireless devices to both network types and we may even roam automatically between them. By default, most smartphones prefer using WiFi, falling back to cellular only when WiFi is disconnected.

However, employers may want to exert a wireless connection control plan. IEEE 802.11u amends the standard implemented by WiFi clients to facilitate cellular/hotspot network roaming. In a nutshell, 11u will let clients discover WiFi hotspots, learn about the services they offer, and transparently authenticate themselves based on agreements between network operators. User preferences and IT-configured policies are expected to play a role in this; for example, letting employers prefer one operator or block use of some hotspots based on their advertised identity and services.

Although 11u should bring broader interoperability and transparency, policy control over wireless roaming isn't new. For years, cellular operators and roaming Internet providers like iPass have offered proprietary "connection managers" that can enforce preferences and rules, such as auto-launching a VPN tunnel when connecting to a hotspot.

Typical corporate network restrictions might require an active VPN tunnel, a host firewall that blocks everything else (including NetBIOS), and recently updated anti-malware. If these criteria are not met, WiFi hotspot connections may be disallowed, forcing clients onto cellular – even when doing so is slower or more expensive. Corporate policies can also be used to contain cost – for example, preventing high-bandwidth applications from connecting over cellular or blocking data when roaming onto a foreign cellular network.

These are just a few examples of corporate network restrictions placed on wireless clients, based on network type. There are many platforms through which to define and enforce policy, including connection managers, endpoint security agents, and MDM agents. But don't start with a platform – start by defining policies that reflect business needs and risks.

 

Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of networking, security, and management products for over 20 years. At Core Competence, she has advised companies large and small regarding security needs, product assessment, and use of emerging technologies and best practices. Before joining Core Competence, Phifer was a Member of Technical Staff at Bell Communications Research, where she won a president's award for her work on ATM Network Management. Phifer teaches about wireless LANs, mobile security, and VPNs at many industry conferences and webinars. She has written extensively about network infrastructure and security technologies for numerous publications, including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security, and SearchSecurity. Phifer's monthly WLAN Advisor column is published by searchMobileComputing.

This was first published in September 2011
This Content Component encountered an error

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchSDN

SearchEnterpriseWAN

SearchUnifiedCommunications

SearchMobileComputing

SearchDataCenter

SearchITChannel

Close