ZeroIT

 
 
By Andrew Garcia  |  Posted 2008-05-02 Email Print this article Print
 
 
 
 
 
 
 


While the ZoneFlex solution certainly eases WLAN deployment and management for less technical shops, Ruckus has truly set a high bar for innovation on the client side. Ruckus' ZeroIT feature truly makes it simple to deploy the strongest levels of wireless security, allowing customers to deploy WPA2 using either certificate-based authentication or dynamically pre-shared keys with a minimum of administrator interaction needed on the client machines-as long as the clients are running Windows XP with SP2.

Users configure their wireless security by first plugging into the wired network, where they log into the ZoneDirector, then download a client configuration applet. The applet ensures the client is running Windows XP with SP2, then automatically configures operating system's integrated wireless supplicant with the appropriate network and encryption settings.

I did notice that the applet does not check for Microsoft's Wi-Fi Protected Access 2/Wireless Provisioning Services Information Element (Microsoft KB 893357), a patch that adds WPA2 support to Windows XP, and that is required to enable ZeroIT to work properly.

While administrators can choose to pass through authentication requests to an existing RADIUS server or an Active Directory, ZeroIT requires users to authenticate to the local authentication server in the ZoneDirector. Still, using ZeroIT was absolutely the easiest way I've seen to deploy enterprise-grade, certificate-based wireless security, as the applet includes a certificate to client machines to use EAP-TLS. End users will need to be walked through a Windows Certificate installation wizard to complete the setup-a potentially daunting step for some users, even if the wizard only requires the user to click through the default settings to get the wireless network running.

IT administrators may instead opt for ZeroIT using Ruckus' DynamicPSK, which automatically generates a unique pre-shared key for each user. In an ordinary PSK (pre-shared key) secured network, everyone would use the same key-meaning that every computer would need to be reconfigured when the key is changed. With DynamicPSK, each user has their own key, and administrators can easily configure the key expiry interval for each user, thereby creating an automated, periodic, key rotation.

Each user's pre-shared key appears to be tied to both the client computer and the wireless adapter itself, as in tests I found I could not successfully install the applet on a PC other that the one from which I generated the applet, nor could I use a different wireless adapter in the same PC.

802.11n Support

With firmware release 3.0.1.0 build 109, Ruckus also added 802.11n support into the ZoneFlex solution. With that release, I could join and manage a new ZoneFlex 7942 802.11n access point ($699) to my ZoneFlex network in the same manner as legacy APs. In ZoneDirector, the only management difference for 802.11n was an additional field that allowed me to define whether the 11n AP utilized a standard 20 MHz channel or a wide 40 MHz channel.

Although most business-class 802.11n solutions operate in both the 2.4 GHz or 5 GHz bands, the ZoneFlex 7942 only operates in the 2.4 GHz band. Customers that want to reduce the potential for interference may therefore opt to stick with standard 20 MHz channels, which will limit their network's top-end performance. Indeed, in my preliminary performance tests, which I conducted amid the over-saturated RF in our downtown San Francisco offices, I could only squeeze a maximum of around 80 Mbps out of the ZoneFlex 7942--adequate numbers for an 802.11n solution, but far from the best I've seen.



 
 
 
 
Andrew cut his teeth as a systems administrator at the University of California, learning the ins and outs of server migration, Windows desktop management, Unix and Novell administration. After a tour of duty as a team leader for PC Magazine's Labs, Andrew turned to system integration - providing network, server, and desktop consulting services for small businesses throughout the Bay Area. With eWEEK Labs since 2003, Andrew concentrates on wireless networking technologies while moonlighting with Microsoft Windows, mobile devices and management, and unified communications. He produces product reviews, technology analysis and opinion pieces for eWEEK.com, eWEEK magazine, and the Labs' Release Notes blog. Follow Andrew on Twitter at andrewrgarcia, or reach him by email at agarcia@eweek.com.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...
 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel