The Radicati Group pegs the penetration of Wi-Fi in the enterprise at 50 percent by 2008. Cut that number in half and it's still huge. So now that Wi-Fi is becoming a standard part of enterprise infrastructure, it's time to get serious about security and management.

Yogesh Gupta, chief technology officer of Computer Associates, lays out the problem enterprises face: authenticating users and monitoring Wi-Fi access points and clients at a single site is relatively easy. Picture instead a large retail chain with 1,001 stores, and with each store having anywhere from 50 to 200 APs.

That adds up to 100,100 APs to configure with SSIDs (service set identifiers), radio settings, and data encryption keys. When deployed, each of those APs must be updated with the latest firmware and their security keys must be changed. Plus, client devices must be updated each time the infrastructure changes. And then there are new client applications, anti-virus updates, and patches - not to mention ongoing performance monitoring.

Unfortunately, if you've got a thousand locations and only 10 percent of the stores have issues, you should consider yourself lucky.

Martin Brewer, a senior product manager at WaveLink, says that when the WLAN network grows, management solutions have to be policy-driven. You can't do it manually for each AP or client device. If specifications aren't met, there needs to be at least a notification process in place.

What if someone in the Birmingham store puts up a seven-foot display that suddenly creates RF interference? Obviously, performance takes a nose dive and the help desk gets a phone call (or an alert is automatically sent; take your choice). An alert alone, however, doesn't solve the problem.

Suppose we have 100 alerts per day coming into the IT help desk, each one signalling one kind of performance issue or another. Just because I like numbers: 100 alerts in an eight-hour day equals 12.5 alerts an hour or one alert every 4.8 minutes. And, of course, I'm assuming your help desk is trained to handle WLAN situations. It is, isn't it?

The issue you must confront as you plan your WLAN roll-out is architecture. Should it be centralised, local, or a combination of the two?

The answer might depend on how reliable your network is. If losing WAN connections back to a centralised system is going to be an issue, you might want local RADIUS servers. If that's the case, though, and the RADIUS server is integrated into your directory services, do you really want to locally replicate, say, your Active Directory as well?

As Cisco senior manager Ann Sun points out, most companies want consistency - a standard architecture. They don't want to customise for each locality with different networks or management platforms.

The solution is not to get locked in to a hardware or software system that is limited. Ann Sun says that, over time, probably everyone in the company will want wireless access to data. Eventually this will extend to the benefits of VoIP as well.

Consider this: I did a story two years ago about how UPS was deploying wireless LANs across its 1,700 locations. Two years later, the company's CTO estimates that the project is about 25 percent complete.

So if you haven't done so, start planning now. My advice? Think big and act accordingly.