Wireless gateway vendor Vernier has updated its software to match, according to the company, the security and control of wireless-specific switches.
The advantage of version 4 of its CS6500 Control Server software over competing products from, for instance, Trapeze (see review) and Symbol (see review) is that they do not require proprietary access points.
The new product includes a central console to manage security policies, having associated each user with a MAC address. This approach, which handles access control at layer 3, is less labour-intensive than managing access control lists, said director of marketing Dominic Wilde. "Otherwise it's a real kludge," he said. "You don't get granularity of control. We identify users on the network." Having forced authentication, the user's credentials are tied to an IP address and a MAC address. "We keep the security authorisation tied to the MAC address and user ID."
The Vernier product, which is also re-sold by HP, segregates Wi-Fi access points from the wired network, and is usually classified as a gateway along with product from vendors such as Bluesocket (see Bluesocket WG-2100 review). It is based on a central control server, along with access manager boxes with power-over-Ethernet, into which access points are plugged.
As well as claiming more customers than all the switch start-ups combined, Wilde says Vernier's distinction is to link access points at Layer 3 not Layer 2 for routing and access control. "Our product is more scalable, and access points do not have to be connected directly to it," said Wilde. Companies such as Symbol have to use VLANs to segment traffic, he said, leading to workarounds such as having multiple MAC addresses in one access point. (The Layer 3 is probably not unique of course, as Chantry makes a similar claim to use IP routing.
The new release also includes a virus filter, which stops denial of service attacks within the company. "Instead of stopping all ICMP traffic, it returns the user name and MAC address of the system affected," said Wilde. Any user with an infected laptop will get detected; IT managers can set it up so that any attempt by an infected system to use the network will be redirected to a page that includes advice on applying a patch. "The IT manager has not had to trawl through logs to find where virus is," said Wilde. "He can clean it up without even getting out of his office."
Other features include the ability to limit wireless access from particular locations and times, and a detailed set of logs with a reporting tool that can mine them for useful statistics.
Although Vernier's box supports any access point, Wilde would not be drawn on the controversial issue of using cheap access points instead of enterprise ones costing hundreds of pounds: "We are completely agnostic". Although Bluesocket has a plan to use the Propagate RF management software to build cheap Netgear access points into an enterprise system, Wilde dismisses this as a move driven by Bluesocket's desire to get into the switch market. "It is a cheap version of wireless switches," he said.
"We have chosen to stay away from RF management," he said, adding that access points will quickly develop functions that RF management specialists and wireless switch vendors currently arrogate to themselves. "A lot of it will be done by pinging the MIBs on APs [access points]," he said (MIBs being the SNMP management information bases by which all network devices can be managed).
Although very software-oriented, Vernier has no plans to abandon hardware, as wireless management specialist Roving Planet has done, said Wilde.
The whole Wi-Fi space is still new and hard to define. Vernier's products currently fall outside some analysts' definitions of the wireless market but Infonetics Research plans to include them in future studies. For more on the wireless architecture debates, see our overview article on the different approaches to Wi-Fi architecture for the enterprise.
Vernier was founded in March 2001, as a spin-off from the Packet Design company founded by former Cisco luminaries Judy Estrin and Van Jacobson, with the idea of hooking up the then-new 802.11 products into a cellular network in the office.
As well as from HP, the Vernier product is available in the UK from Global Secure Systems.