The manufacturing industry has unique key components. The network acts not only as a transport, which people use to send data, but also as a business process enabler. Many functions of the WLAN are independent of general network access. Such examples include factories, the machinery that builds products, and inventory or material goods that reside in warehouses. This case study outlines some of these situations while still focusing on the typical office considerations. Key points discussed here fall into three categories: technology, process, and policy. This chapter also outlines the business considerations that help justify the use of WLAN and the future state as seen through the eyes of the manufacturer.
The manufacturer interviewed for this case study chose to remain anonymous; however, a brief profile will provide perspective for this chapter. The company is a member of the Fortune 500 and is the market leader in its specific industry. The company employee base is more than 50,000 people with a global presence in excess of 100 office locations in more than 20 different countries. Relative to other companies of their size, this company is taking on a new direction in the way it provides infrastructure services and can be considered an early adopter of wireless networks. Other companies in this space and of this size take a more cautious approach because the resulting cost to implement will sometimes severely impact both operational expenditures (OPEX) and capital expenditures (CAPEX). The revenues for this manufacturer exceed 20 billion U.S. dollars, which equates to more than 2 billion dollars in profit.
The company’s adoption of WLANs as a technology was based on the initiative to help increase user productivity, adopt Radio Frequency Identification (RFID), provide an alternative to physical cabling in the factory floors, and as an inventory control mechanism in the warehouse.
The company’s use of WLANs had to fulfill two main goals:
First and foremost was the need to provide adequate documentation supporting the ability to secure the transmission of data in the wireless medium.
Additionally, with the arrival of Sarbanes-Oxley, it had to be reviewed for compliance.
The compelling story that supported the business case for deploying WLANs was the result of a time (use) study. The goal of the study was to prove a financial benefit to deploying WLANs. Those employees who participated were asked to record their time daily.
This employee test bed consisted of three small groups composed of 15 to 20 individuals. They were grouped into two user categories—mobile and nonmobile—which were then further classified into three groups as follows:
No laptop
Laptop with no access to WLAN
Laptop with access to WLAN
Mobile users were defined as individuals who work more than 15 hours a week away from their desk while still in a company facility.
The results of the study from each user group were compared to each other to subjectively support the need for WLANs in specific areas.
Initially, the company did not encourage the use of the WLAN as a primary means of network access because of cultural issues specifically, work patterns and concerns about security.
The time study focused on people productivity; however, the company had an additional hurdle to cross. It was time for them to migrate their manufacturing and factory facilities from the older 900-MHz systems to a more current 2.4-GHz (802.11) infrastructure. This would allow them to take advantage of the emerging technologies and products coming into the market. Especially important was the ability to take full advantage of RFID and cost avoidance and to provide flexibility. This is covered later in this chapter.
The company is conducting a post-WLAN implementation follow-up study using the same individuals to validate the assumptions and provide the needed data that would show a positive ROI.
The architecture for the WLAN was initially based on three components:
As the chief technical concern, security had to be addressed to meet the existing company policy on wireless technologies. As a precaution before the WLAN project kickoff, the company instituted a moratorium on WLAN use. This proved to be well founded because security standards for WLANs continued to evolve.
The security architecture was built on the Cisco SAFE Blueprint. As is good practice, decisions related to security were based on a risk assessment. Each deployment (that is, site) required a local policy based on the findings of this assessment and business needs. This then led to a more formal practice where a policy could be enforced. Each policy was built on four factors:
Threat analysis—. What the potential threat is and what damage an exploit could cause, typically formed around financial losses.
How to secure—. Which type of security would or would not be allowed.
What to encrypt—. What value the information being protected holds.
Which IP policy to use—. Whether the IP addresses used would be public (routable) or not.
You can find more information about Cisco SAFE, including the white paper, “SAFE: Wireless LAN Security in Depth - version 2,” at http://www.cisco.com/go/safe.
The actual design employed throughout the enterprise was in line with the published Cisco recommendations. This included the Lightweight Extensible Authentication Protocol (LEAP) with Wired Encryption Protocol (WEP) and Dynamic Key Rotation, migrating over time to LEAP with Cisco Key Integrity Protocol (CKIP). The support infrastructure for authentication and validation was provided through the use of Cisco Access Control Server (ACS) and the company’s Local Directory Authentication Protocol (LDAP) services. Each system was strategically placed local to where the deployed services would be installed.
The intent of the WLAN was to give access only where it might be most used. The company culture directed this approach. This meant that during the initial deployment, not all areas in the office facilities were provided with WLAN coverage. They were limited to conference rooms or other group meeting areas (for example, cafeterias). The deployment up to this point was successful because the company policy and culture did not encourage an extended use of the WLAN for network access. The technology, however, has seen consummate adoption at all levels and functions of the employee chain. This desire for ubiquitous wireless access has since changed the WLAN from being a convenience to a required service resulting in an enterprise-wide deployment.
Even with this change in direction, the design was focused on providing proper coverage as opposed to providing a fixed throughput. Today, the WLAN-enabled areas still remain unchanged—emphasis and priority are given to more formal meeting areas—but the general office population receives the service as a byproduct of the signal bleeding into other areas.
The entitlement of wireless and mobile devices such as laptops and PDAs is not ubiquitous in the enterprise.
The company’s direction is that the WLAN will not be a replacement for the wired office. It is simply an overlay network of convenience. Furthermore, no compelling argument has ever been made to support the need for roaming; therefore, WLANs are confined to “roaming domains” such as a factory or single building.
Factories, however, do have additional conditions to meet—primarily, the need for dynamic modification of the physical layout on the factory floor. This condition drove the need for more flexible designs and installations. The WLAN in the factory had to support an environment that had physical churn. Physical layout changes occur to a point where changing the traditional wire infrastructure would become cost-prohibitive. In essence, within the factory, the WLAN became a replacement for traditional wired access.
A constant hurdle in the factory and warehouse is that they are typically filled with wireless obstacles. Factories tend to be filled with large metal machines that perform specialized functions such as processing and metal machining through the use of robotics. This fact alone made the effects of multipath, attenuation, and interference very serious factors to contend with. Certain systems on the factory floor also could be hampered by the WLAN (RF interference on existing systems) because they, too, operated in the unlicensed 2.4-GHz band—although they were not tied to the 802.11 protocol. To overcome these hurdles, one key difference in the design for the factory was the use of directional antennas, which played a major role in the factory WLAN design.
Several factors came into effect concerning the throughput over the WLAN:
Policy
Cost
Coverage
Mobility did not dictate the use of WLANs, and as we previously mentioned, the culture did not encourage the use of WLANs. Today, and like other companies, the change in work behaviors from “heads down” to more “open collaboration” has since changed the stance (policy) that the company takes toward mobility in the workplace.
Even though WLANs are becoming more of an accepted enabling technology, the cost still needed significant justification. The cost of the infrastructure in an environment where WLANs were initially not used as a primary access method to the network meant that strategic placement was done in a manner where “the most bang for the buck” could be realized.
Both policy and cost forced the IT organization to provide maximum coverage—versus highest throughput—with a minimal investment in infrastructure. This design dictated that data rate shifting be allowed because it would allow users to associate with the WLAN from greater distances at the expense of throughput.
As a result (either directly or indirectly), performance and availability issues arose. It has been shown that allowing for dynamic changes in the WLAN (data rate shifting), in an often-unpredictable medium can become counterproductive in the long run. This practice might change in the future.
The deployment was handled primarily by internal resources. This method was aided by the fact that the deployment was limited, but additionally it worked as a catalyst to build awareness, ownership, and skills within the team. In the general deployment, the only aspect that was handled outside of the company was the cabling. The local IT team did site surveys, installation, and configuration. The exception was factories, where professional third-party companies were employed for site surveys.
Enterprises often initially struggle with the added financial burden of deploying, managing, and operating WLANs; over time, their growing dependence upon the service makes it unacceptable to have interruptions. What initially begins as an overlay network becomes a top priority when broken because of the sheer number of employees relying on the WLAN. In the future, as services grow in demand or as advanced technologies are added onto the original WLAN architecture, the company will wrestle with the growing need for access and the subsequent financial challenges.
Now that the WLAN is finding its way into the general office population, the need for additional services such as guest access and voice are becoming part of the general architecture. Being highly security-conscious, the company must also identify a mitigation plan for rogue device detection.
At present, the company does not provide guest access as a common practice. Much of the need did not exist initially, but as the market adoption starts to climb, this added-value service becomes more realistic. The company sees the use of guest access not only as a convenience but also as an additional layer of security.
Today, the company is currently adopting Cisco VoIP to offset climbing telephony costs and to take advantage of business-enabling applications and services that can be provided through a converged solution. One of the VoIP technologies used is Cisco IP Communicator, which is the software-based solution that makes the PC a fully functional IP phone. Over time, the wireless-enabled PC will need to be supported by a voice-enabled WLAN.
Many challenges lie ahead for this company when it comes to delivering a voice-enabled WLAN. Issues about telemetry and location services that allow a phone to be located in case of emergency will be a major focal point. Most important, the re-architecture of the WLAN to support better throughput, quality of service (QoS), and roaming—both Layer 2 and Layer 3—will need to be completed to support applications and services that continue to emerge.
Rogues APs comes in two flavors: those that are friendly and those that are not. Friendly rogues are not malicious, but they are also not wanted. Unfriendly rogues are considered malicious and not wanted.
Without a plan in place to identify either one, the company has no mitigation option available. Additional work is being carried out to manage the threat of rogues in the enterprise. The variety of tools and management systems that exist on the market today are being evaluated to address this issue.
The manufacturing company examined in this case study uses WLANs to improve productivity (office) and business process (factory). Like many companies that adopt technologies early, the financial restrictions and company culture that existed forced the deployment to be limited in scope and scale. The due diligence done in the discovery and initial deployment proved successful in driving the acceptance of WLAN as a viable and financially justifiable solution. In addition to having to work within financial limitations, the company was challenged with finding a solution that could provide a sufficient level of security. A WLAN also proved beneficial in the factory by helping to reduce cost and allow for flexibility. Looking forward, further uses of the WLAN, such as voice and RFID, continue to be examined.
18.220.200.30