Network Management Strategies for the CIOMany of our wireless devices can connect to either a cellular data network or to a WiFi network. How do we make the cellular vs. WiFi decision for connecting enterprise devices?
Requires Free Membership to View
Cellular (3G/4G) data networks are ideal for on-the-go connectivity over a wide area, such as when moving outdoors. However, we've all experienced weak cellular signal indoors, which can cause slow or dropped data connections. Although outdoor WiFi networks are available in some areas, most WiFi hotspots are designed to cover a well-defined indoor space, such as a hotel, conference center, airport or airplane.
As such, decisions about cellular vs. WiFi depend first on location and mobility. Increasingly, we will connect wireless devices to both network types and we may even roam automatically between them. By default, most smartphones prefer using WiFi, falling back to cellular only when WiFi is disconnected.
However, employers may want to exert a wireless connection control plan. IEEE 802.11u amends the standard implemented by WiFi clients to facilitate cellular/hotspot network roaming. In a nutshell, 11u will let clients discover WiFi hotspots, learn about the services they offer, and transparently authenticate themselves based on agreements between network operators. User preferences and IT-configured policies are expected to play a role in this; for example, letting employers prefer one operator or block use of some hotspots based on their advertised identity and services.
Although 11u should bring broader interoperability and transparency, policy control over wireless roaming isn't new. For years, cellular operators and roaming Internet providers like iPass have offered proprietary "connection managers" that can enforce preferences and rules, such as auto-launching a VPN tunnel when connecting to a hotspot.
Typical corporate network restrictions might require an active VPN tunnel, a host firewall that blocks everything else (including NetBIOS), and recently updated anti-malware. If these criteria are not met, WiFi hotspot connections may be disallowed, forcing clients onto cellular – even when doing so is slower or more expensive. Corporate policies can also be used to contain cost – for example, preventing high-bandwidth applications from connecting over cellular or blocking data when roaming onto a foreign cellular network.
These are just a few examples of corporate network restrictions placed on wireless clients, based on network type. There are many platforms through which to define and enforce policy, including connection managers, endpoint security agents, and MDM agents. But don't start with a platform – start by defining policies that reflect business needs and risks.
Lisa Phifer owns Core Competence Inc., a consulting firm specializing in network security and management technology. Phifer has been involved in the design, implementation, and evaluation of networking, security, and management products for over 20 years. At Core Competence, she has advised companies large and small regarding security needs, product assessment, and use of emerging technologies and best practices. Before joining Core Competence, Phifer was a Member of Technical Staff at Bell Communications Research, where she won a president's award for her work on ATM Network Management. Phifer teaches about wireless LANs, mobile security, and VPNs at many industry conferences and webinars. She has written extensively about network infrastructure and security technologies for numerous publications, including Wi-Fi Planet, ISP-Planet, Business Communications Review, Information Security, and SearchSecurity. Phifer's monthly WLAN Advisor column is published by searchMobileComputing.
This was first published in September 2011