Choosing wireless management products would be tricky enough (see this feature), even if it weren't for the fact that users' requirements are very different.

"There is no one tool for all scenarios," says Doug Lane, marketing manager for managed services at Vanguard Managed Solutions, which deploys distributed wired and wireless networks in about 40,000 locations for various enterprises.

Retailers, for instance, primarily need configuration management and quality-of-service management, since their network activities and user base are fairly static, but they need fast response times for credit card authorisations, inventory reporting and so forth. University campuses and hospitals need more complex tools, requiring better roaming support, since they usually have several types of users with different access privileges and their workforces are much more mobile. If an enterprise uses voice-over-wireless LANs, then all these issues become critical, Lane notes.

Cisco management not enough at a hospital
St. Vincent's Hospital in Birmingham, Alabama, uses an all-Cisco network to keep its environment as standard as possible, "but we just can't manage (the wireless LAN) with the Cisco tools," says CIO Tim Stettheimer. One reason is that the client devices - from notebooks to PDAs to handheld scanners - will always come from many manufacturers. Another reason is that the Cisco tools were both less capable and more expensive than tools from Wavelink, which Stettheimer ultimately chose. He continues to use Cisco management tools for the wired LAN.

CA not up to managing audio maker's wireless
Similarly, audio equipment maker Rockford has kept Computer Associates' management tools for its wired network but is using Roving Planet tools for its wireless LANs in its Arizona headquarters and in its offices in Michigan and Germany.

"Wired tools just don't handle it," says telecommunications manager Chris Duffy. Particularly critical for Duffy is the tool's capability to centrally manage policies across its facilities and 25 access points, since a variety of users and devices access the wireless LANs: warehouse staff using wireless scanners, sales and marketing employees using notebooks and even a few users using voice-over-wireless phones. Duffy also likes the fact that the Roving Planet tools let him remotely turn off access points during nonbusiness hours, an inexpensive way to secure the network.

University needs LDAP support as users come and go
Ken Woo, assistant director of communications at Ryerson University in Toronto, had a similar experience. His wired LAN management tool provider couldn't meet his wireless needs, so he began looking at smaller companies.

Woo's wireless LAN has 130 access points with about 2,000 users. He needed his wireless LAN management tools to work with existing lightweight directory access protocol user-authentication databases, support multiple vendors' access points and handle virtual LAN tagging (which essentially combines sessions from multiple access points as a user roams while preserving a secure data pipeline).

Woo found that most network management tool vendors, large or small, were not set up to manage the kind of wireless LANs that universities typically have. Like those of hot-spot providers, university wireless LANs have lots of users who come and go, and therefore many levels of access depending on the user's role, from visitor to student to faculty member to administrative staff to security force to janitor. After evaluating eight providers, he chose Roving Planet largely because of its support for virtual LAN tagging.

Hospital ditches manual updates
San Antonio Community Hospital in Upland, California, installed its first wireless LAN in the emergency room and surgery wing. But as the network began to expand, manager of converged networks Irv Hoff realised that he couldn't manually update - using a Web interface - the 50 or so access points that he would ultimately deploy.

Access management from his first vendor, Symbol Technologies Inc., was painfully complex: Each access point had to have four wired equivalency protocol (WEP) encryption keys, an IP address, a list of all client devices' media access control (MAC) address (a MAC address is essentially the hardware serial number for a wireless card or chip) and a network identifier (called an SSID, or service set identifier).

"If an access point fails, it's not easy to configure manually," says Jan Snyder, senior telecommunications consultant. And the use of static WEP keys was inherently insecure. So Snyder deployed Trapeze Networks' tools to manage all configurations centrally, as well as change WEP keys dynamically and validate users against a central Microsoft Active Directory database. They also monitor radio signal patterns to detect environmental changes that could cause signal problems. "(The Trapeze tools) cut labor at least 50 percent," says Snyder.

Wired LAN management extends at University
Sometimes, all-in-one does work, however. One enterprise that was able to use its existing LAN management tools for its wireless operations was the University of Arkansas at Pine Bluff. The university has the same requirements as other enterprises - dynamic WEP keys, central configuration, integration with policy and authentication directories, and so forth - but found it could stick with its Computer Associates tools rather than bring in a second vendor.

Part of that is timing: although University of Arkansas director of technical services and CIO Maurice D. Ficklin first deployed wireless LANs in 2000, they were separate LANs (one for voice and one for data). Now, the two networks use the same standards and can run both voice and data. This changeover occurred in the past year and a half, over which time "you could really see the (wireless management) tools become available," Ficklin notes.

Ficklin also uses physical attributes to address some security needs, rather than relying on management tools to handle them at the data level. For example, because he had two parallel wireless LANs already in place, he dedicated one to student access and one to faculty access. He also routes all administrative communications over the wired network (including any management of the wireless access points), rather than transmit them through the wireless network.

Conclusions
Most users have to patch it together. If you find you can manage all your infrastructure with one tool, you are very lucky indeed.