Wi-Fi Direct Devices Begin Hitting Consumer Market

It was only a matter of time, but Wi-Fi Direct capable equipment is now hitting the consumer market. According to In-Stat research, over 173 million devices are expected to ship with Wi-Fi Direct in 2011. The functionality is really enabled in software, so existing devices should be able to support Wi-Fi Direct with firmware or software upgrades, but manufacturer support with legacy devices may not be a priority. Expect to see this capability mainly built into newly developed products.

A few of the notable announcement thus far include:

Eye-Fi X2 Card
I wrote about the initial announcement back in January. As I said back then:

This is a smart play by the company to leverage the increasing utilization of "smart" mobile devices by consumers to allow photo enthusiasts to immediately transfer photos from a DSLR or professional camera to a phone, tablet, or other computing device. This means less effort and complexity for photographers in the field. For the professional, this could mean immediate review for correct composition without the time required to change cameras, unpack editing equipment, or potentially miss a great photo opportunity. For consumers use, this can mean immediate upload to social networks without having to wait  until returning home which could be beneficial during travel or vacations.

See the Eye-Fi press release, Wi-Fi Net News post, and video demonstration of the capability.

HP Wi-Fi Direct Mobile Mouse
Today, HP announced a Wi-Fi Direct capable mouse, eliminating the need to use Bluetooth or an external wireless dongle, instead using a workstation's built-in Wi-Fi receiver. HP claims first to market with this type of peripheral. The mouse should also feature twice the battery life of comparable Bluetooth models.



It appears the link to the actual HP press release is down, but you can read more about it at CNET and ZDNet. Also, the actual equipment manual is available from HP's website.

Revolution or Evolution? - Andrew's Take
Wi-Fi Direct will revolutionize information sharing among portable and fixed electronics. Expect to see many more announcements this year about Wi-Fi Direct products, including printers, gaming systems, workstations, laptops, tablets, and peripherals. I also wouldn't be surprised to see it pop into other consumer electronics like connected televisions, Blu-ray players, and streaming music systems.

As a Ford Sync owner, I would also be interested in seeing it included in a future firmware update. Currently, Sync pairs with portable electronics via Bluetooth for audio and data transfer, and Wi-Fi Direct would be logical extension of the system.

Cheers,
Andrew

Cisco WLC 7.0.116.0 New Features

Cisco just released wireless LAN controller code version 7.0.116.0, which includes a laundry list of new features. Many of these new features have been in development for quite some time, and both partners and customers have been anxiously awaiting several.

Visit Cisco's website to see the full release notes for this code version.

Here are some of the notable new features and what they will mean for customers:

• WIPS Enhanced Local Mode
  This feature places a subset of Adaptive WIPS capabilities into access points operating in Local or H-REAP modes. Traditionally, Cisco aWIPS required Monitor mode APs. Now customers can get most of the benefits of an in-depth aWIPS deployment with the same access points that service client connections, without having to spend additional money on dedicated monitor APs. The solution still requires the WCS and MSE platforms, but can reduce CapEx and OpEx costs for customers. It is designed primarily for retail customers with distributed branch offices needing to maintain PCI compliance in the face of expanding mobile retail initiatives.
  
  By my count, ELM supports detection of 35 of 48 attacks available in the full aWIPS solution (~73%). The majority of missing attack detections are comprised of some RF DoS and Zero-Day attack detection capabilities, which are arguably not the most severe attacks (DoS) and are notoriously hard to baseline against false-positives / negatives (Zero-Day).
  
  Additionally, the focus of ELM attack detection is on the current operating channel of the AP, and has limited visibility into off-channel attacks through RRM off-channel scanning. This makes sense since the network infrastructure is performing double-duty serving clients and detecting attacks. This should not be an issue for larger network deployments with multiple APs covering most or all of the available channels. For smaller installations, this could present a serious problem however, and reduce effectiveness of the solution. However, this solution is arguably aimed at the larger retail deployments where the expense of deploying dedicated Monitor mode APs has been a problem.
  
  All in all, larger customers should take a look, while smaller customers will probably opt for a dedicated WIPS solution.
  
  
• H-REAP Fault Tolerance
  Cisco has been improving Hybrid REAP mode functionality in leaps and bounds in order to compete in distributed WLAN architecture scenarios, with the likes of Aerohive's Cooperative Control, Aruba's Instant virtual controller, Motorola's Adaptive APs, etc.
  
  H-REAP fault tolerance improves operation by removing the requirement for H-REAP mode APs to reboot when moving from standalone back to a connected state. Previously, H-REAP APs move into standalone mode without affecting locally-switched clients, but when re-joining a controller they were required to reboot and download a complete configuration which caused a service disruption during the fail-back process. Now the AP is able re-join the controller without impacting client service or rebooting, assuming it can verify the configuration matches.
  
  In addition, H-REAP WAN latency may now exceed 100ms (upwards of 2 seconds) provided customers use H-REAP Local Authentication of clients using the internal user list pushed to the access points.
  
  
• H-REAP Opportunistic Key Caching (OKC)
  Previously, H-REAP access points only supported CCKM key caching for fast roaming. Now it supports both CCKM and OKC, which should provide much broader support for fast roaming with many more clients in typical customer environments. Note that both CCKM and OKC still require the 802.1x/EAP key derivation to be completed through the controller. Any keys derived while the H-REAP AP is in standalone mode (disconnected) will not support fast roaming between multiple APs.
  
  I will also be awaiting 802.11r Fast BSS Transition support in H-REAP APs once broader market support and adoption are achieved through the Wi-Fi Alliance Voice Enterprise Certification (due out in 2011).
  
  
• Cisco Identity Services Engine (ISE) Support
  Cisco's next-generation ISE product provides context based access controls and integrates several services into a cohesive platform, including the Cisco Secure ACS authentication and Network Admission Control (NAC / Clean Access) products. This platform enables organizations to enforce network access policies based on a combination of user and device identity, and will be integrated into wireless, switch, and router platforms with software updates.
  
  ISE addresses customer needs for granular access control beyond VLANs and IP subnet policies, acknowledging the need for deeper insight into the context of the client session to drive policy enforcement. A common scenario for this today might be differential network and application access based on user and device, differentiating access by an employee on a laptop versus an iPad. ISE is part of the Cisco TrustSec solution.
  
  
• VLAN Select
  This feature enables pooling of multiple VLANs into a group for assignment to a single WLAN SSID or AP Group. Large wireless installations have traditionally required a single large subnet and broadcast domain to accommodate the number of wireless clients on a single SSID, dynamic VLAN assignment, or the use of multiple SSIDs which can introduce roaming latency and problems. VLAN Select allows client connections to a single SSID to be round-robin load-balanced into multiple network VLANs to reduce subnet size and broadcast / multicast forwarding concerns.
  
  Another use-case for VLAN Select is with guest termination in a DMZ environment. Large guest networks also traditionally required large subnets or multiple anchor controllers to segment the client population into smaller broadcast domains. This resulted in additional CapEx to buy more anchor controllers, since a single anchor controller could only use a single VLAN attached to a WLAN. Now, multiple VLANs can be tied to the same WLAN through VLAN Select, reducing the need for multiple anchor controllers.

I have update my post on H-REAP Deployment Guidelines and Feature Limitations to include these new enhancements, as well as a few others including security feature integration with Cisco switches. It's worth a read to review the current state of H-REAP functionality and limitations with the new 7.0.116.0 code release.

Cheers,
Andrew

A Few Wi-Fi Wish-List Items for 2011

Finally, as a wrap-up to my 2010 recap and 2011 projections for the Wi-Fi industry, here a few wish-list items that are desperately needed.

1. Voice-Enterprise Certification – the convergence of voice over IP with user mobility and smartphone adoption is leading the requirement for organizations to support large-scale VoFi deployments. However, performance of voice over Wi-Fi must be balanced with strong security based on WPA2 (802.11i) and 802.1x/EAP authentication. Predicting this need, the IEEE passed the 802.11r amendment in June 2008 to provide a method for fast, secure roaming by clients among a coordinated group of access points. This allows clients to re-use existing master key material obtained during the initial authentication during subsequent roams to other APs within the system, bypassing lengthy authentication exchanges. However, industry adoption for this feature has been almost completely absent, and the Wi-Fi Alliance has been slow to finalize the Voice-Enterprise interoperability program. This feature is such an important milestone for network performance and SLA compliance it is hard to fathom why both infrastructure and client vendors have been reluctant to implement fast roaming capability. Perhaps 2011 will be the year customers get this needed tool to increase network performance.
   
   
2. 802.11u Amendment Ratification – it’s painfully obvious that open unsecured Wi-Fi hotspots are inadequate for broad consumer use, resulting in poor data security. The problem with providing an alternative has been the complicated nature of secure Wi-Fi hotspots. In addition, there is no current mechanism for service advertisement at public locations other than creative network SSID naming. The IEEE 802.11u amendment aims to change this and remove the barriers to secure public Wi-Fi. It will do this by allowing additional information to be sent between network operators and customers for service advertisement, coordination of service delivery between Wi-Fi and external network operations (such as cellular), and provide on-demand account enrollment and customer authorization for network access. It aims to simplify the entire process for users, easing proper network identification and selection as well as gaining access through both paid and free hotspot networks. It is also unclear at this point if 802.11u will include provisions for anonymous EAP authentication and automated provider authentication (certificate validation) for free hotspots, but this function is also a clear necessity. Watch for ratification of this amendment in 2011, but manufacturer adoption and inter-network roaming agreements are likely longer-term developments.

What’s on your Wi-Fi feature wish-list?

Cheers,

Andrew