Leveraging the Wireless LAN

Contrary to expectations, wireless LANs have not yet let users roam throughout a corporate campus while remaining on the network.

Technical, security, and management issues have restricted users to one floor of a building or, at best, to within a building in a corporate campus. For example, users will lose their IP connection as they roam because they have to change their IP addresses when moving from one segment to another. And security is a myth—the 802.11b standard has serious security problems, and analyst firm Forrester, Inc., Cambridge, Mass., said Wi-Fi's security layer has "suffered several breaches and does not provide for default installation of strong 128-bit keys."

Yet corporate wireless spending will exceed 20–30 percent of telecom budgets in 2001, according to the Report on Knitting Together Mobile Broadband compiled by Forrester analyst Chris Kozup. The ability to roam between subnets and buildings while maintaining access to corporate services is important, Kozup said.

Enter ReefEdge, Inc., Fort Lee, N.J. Its ReefEdge Connect System software suite enables campus-wide roaming without restrictions, security with single point sign-on, authentication, and management capabilities. "You have persistence of your IP session," said ReefEdge CEO Inder Gopal. The ReefEdge Connect System works like the handoff in a cellular phone system, Gopal said. It works with "all emerging wireless LAN standards" and various wireless protocols, including 802.11b, 802.11a, Wi-Fi, Bluetooth and HyperLan 2, Gopal said.

The ReefEdge Connect System supports direct authentication using SSL and SSL-based Web browsers, as well as a single sign-on mechanism for Microsoft Windows clients, said chief technology officer Sandeep Singhal. Through APIs, ReefEdge supports additional authentication mechanisms such as SecureID or other biometric services, Singhal said. The APIs also let ReefEdge become a point of single sign-on to access other applications, Singhal said.

Users sign on at the first access point managed by ReefEdge's system but cannot do anything until they are authenticated. Once a user is authenticated, he gets a set of permissions as to which servers and Internet hosts he can communicate with. The authentication is preserved as users move throughout the system so they are provided the same set of access controls while roaming throughout a corporate campus, Gopal said.

For encryption, ReefEdge supports the use of IPSec on the client and the virtual private network gateway. ReefEdge is working with partners like Certicomm to ensure compatibility of their IPSec tunnels with its infrastructure.

Management tools let I.T. departments configure the ReefEdge system, initializing and prioritizing bandwidth according to quality of service rules. The current release, v1.2, lets I.T. managers control access privileges through a Web-based interface. A future release will let I.T. restrict any category of users to only a specific set of resources, Gopal said.

ReefEdge's APIs let application developers customize applications to the user's location. For example, the system can be used to send an instant message to all staff at a particular location, such as a conference room, Gopal said. That is possible because ReefEdge centrally monitors users' locations, Gopal said.

For more on Integration, go to:

About the Author

Richard Adhikari is a widely published high-tech writer based in Silicon Valley. He can be reached via e-mail at [email protected].