Aruba Wireless Networks claims to have stolen a march on the rest of the market with support for the newly ratified 802.11i security standard, while Cisco is reported to be preparing WLAN products with AES encryption, a key feature of 802.11i.

Both companies are taking their cue from the recent completion of 802.11i, a major step forward for the wireless industry, which has struggled to assure customers of adequate security. Vendors have introduced their own additional security measures, and the industry created the stopgap WPA (Wireless Protected Access) while awaiting 802.11i, but until last month there was no standardised way of ensuring sufficient protection for WLANs.

The standard is expected to fuel a boom in wireless networking in enterprises and government bodies. "We've been waiting for this for the past three years, really," said Ovum analyst Graham Titterington. "It has got to help the industry in the long term."

The Wi-Fi Alliance will launch interoperability certification testing for 802.11i in September under the brand name WPA2, but Aruba said it is already in field trials with customers, and will begin beta testing in August. The company won't be able to claim 802.11i compliance until it completes testing, but promises it will be able to offer 802.11i before its rivals because of a centralised architecture.

While most WLAN equipment makers will implement the standard in each access point, Aruba will carry out all encryption in a centralised, software-programmable hardware engine, the company said. "This provides investment protection to our customers as well as giving us a time-to-market advantage with new features such as 802.11i, since we don 't need to wait for our radio suppliers to release new drivers," said Aruba chief technology officer Merwyn Andrade.

Centralisation speeds up network performance and allows companies to combine encryption with functions like authentication and security policy enforcement, Aruba said. It also means that traffic stays encrypted across the network until it reaches the Aruba system, and that encryption keys don't need to be exchanged across the network or stored on access points. "Serious concerns still exist regarding the exchange of encryption keys that are flying around corporate network, completely unprotected," said Farpoint Group analyst Craig Mathias.

Aruba's system won't be for everyone, however, said Ovum's Titterington. Customers will have to decide whether it's necessary to use a dedicated engine for encryption and other security functions instead of simply upgrading access points. "It would only make sense for installations that are quite large and quite centralised," he said.

One of the most important aspects of 802.11i is AES, or the Advanced Encryption Standard, which uses an encryption algorithm developed in Belgium and chosen by the US government as the new Federal Information Processing Standard in 2001. Wireless chip makers Atheros and Broadcom have been shipping AES-enabled silicon since early 2003. Now Cisco is preparing to add AES to the popular Aironet AP1200 access point, according to a report in industry journal eWeek.

Support will be added by the end of this year via an 802.11a module code-named "Kodiak", which will be 802.11i compliant, the report said, citing sources familiar with Cisco's plans. One version of the module will have an integrated antenna and another will include connectors for remote antennas, eWeek said. Software upgrades will add AES support for the 802.11g AP1100 and AP1200 access points, the report said.

AES support would be a boon for large organisations that have standardised on gear from Cisco, a dominant force in the networking world. Cisco told Techworld it would not comment on unannounced products.

If Cisco has lagged on AES support somewhat, it may be due to some confusion in its overall approach to wireless security, said analyst Titterington. "They've had a bit of a muddled stance," he said.