Cisco's Wi-Fi Challenges

By Gerry Blackwell

September 10, 2003

It's one thing to dominate the landscape of WLANs every where, but here's how Cisco Systems is using wireless to its advantage internally.

When representatives of a major vendor of Wi-Fi equipment come to you and say they have a good story to tell about how the company uses Wi-Fi in its own operations, you can be forgiven for reacting a little cynically at first.

Well, of course, they use it in their own operations. Why wouldn't they? They don't have to pay for the stuff. In the case of Cisco Systems, though, the story really is compelling.

The company started with 802.11b WLAN pilots in several offices around the world four years ago, before Cisco acquired the Aironet products it now sells so successfully. Based on the results of those pilots, the company decided in late 2001 to go with a global deployment.

"We're talking ubiquitous coverage and comprehensive entitlement," says Oisin Mac Alasdair, Cisco's Sydney, Australia-based global program manager for wireless architecture. "It was quite a significant decision."

Once the decision was made, the deployment went very quickly: four months to install 85 percent of the company's sites around the world. Today Cisco has 300 locations up and running -- with virtually every square inch of office space covered -- in 120 countries.

Every employee is offered wireless access and a wireless device. The standard issue computer at Cisco is now a laptop and all new laptops are purchased with Wi-Fi connectivity built in.

A few employees who don't need it don't use it, but with 32,000 employees worldwide, the company's WLANs actually support between 35,000 and 38,000 registered devices. Some employees have multiple Wi-Fi devices -- a laptop, plus a PDA, for example.

It's not that Cisco was looking to replace wired networks -- it also, of course, sells wired networking gear.

"We always went out with the intention that this would be complementary infrastructure that would enable people to be more productive," explains David Castaneda, the company's lead infrastructure architect for enterprise mobility.

"It's a mobility enhancement tool. We have staff that go into a lot of meetings. This allows them to be untethered but still productive."

The decision to go all out with wireless at Cisco was supported by a study the company commissioned in late 2001 from UK-based NOP Research Group. NOP interviewed companies that had implemented WLANs to find out, among other things, what kind of benefits they were seeing.

End-users interviewed claimed wireless LANs allowed them to be connected an additional 1.75 hours a day. The increased connectivity increased productivity by 70 minutes a day, for a 22 percent productivity boost on average.

NOP further calculated that, given an average salary of $64,000, the annual productivity improvement per user was worth $7,000 on average. For "the average large corporate organization," this means a productivity improvement of as much as $6.3 million a year.

Cisco, to its credit, is a little more conservative. The company has calculated that its employees have gained an extra 10 minutes of productivity per day, which translates to a cost saving of $2,852 per employee per year. Still pretty good.

The WLANs are certainly well used. Mac Alasdair's group earlier this year surveyed its internal clients. Over 90 percent said they used the WLANs on a regular basis, and 27 percent said they used only wireless for connectivity.

"The project has been a run-away success from our point of view," Mac Alasdair says. "We certainly never expected 27 percent of employees to be using wireless as their only connectivity method."

While the intent was always that the wireless networks be an overlay to complement existing wired networks, Cisco is now thinking about moving to wireless only in some smaller offices, Castaneda notes.

Right from the start, the company made bold decisions about how to implement the WLANs, decisions that could, again, be interpreted cynically because they involve deploying more infrastructure than many WLAN implementers might deem necessary.

Following from the strategic decision to go with ubiquitous coverage and universal entitlement, the company decided to ensure maximum throughput everywhere in each facility, and to strictly maintain a users-to-access-points ratio of 25:1.

It's not even possible to log in to a Cisco WLAN at less than full throughput. If a client device tries, it's blocked. There was a reason for this strict approach, Castaneda explains.

"There's a degree of social engineering involved here," he says. "By ensuring that they get [maximum throughput] you head off any potential negative user experiences. Obviously connecting at 1 or 2 Mbps is not going to give a very positive impression."

The project team also saw a clear justification for deciding to stick with a 25:1 access point-to-user ratio. "The 25:1 ratio made it easier to adopt a baseline site survey approach for every office building," Mac Alasdair explains. "It may have cost us an additional amount of money, but we recouped that money by having a more stable network in the end that didn't require as much troubleshooting later."

Ubiquitous, full-bandwidth coverage and the 25:1 capacity planning rule also reduced the temptation for employees to install rogue APs, he notes. "It may look like a higher cost item, but, again, we saved in the long run because it helped reduce the number of rogue AP deployments."

That had obvious security implications -- and not just preventing break-ins through unsecured rogue access points, Mac Alasdair points out. Undetected rogues are also often used, intentionally or unintentionally, in denial of service attacks.

Security was of course a major consideration. Cisco naturally implemented its own enhanced WEP (Wired Equivalent Protocol) technology, as well as technology for dynamically managing the distribution of WEP keys.

As in all WLAN implementations, though, security concerns had to be balanced against usability and productivity objectives. "We could have included a VPN (Virtual Private Network) overlay, for example, but that significantly reduces productivity and usability," Mac Alasdair says. "So we chose not to."

Cisco took a perhaps surprising decision on its approach to implementation. It hired "trusted third-party partners" to do the lion's share of the work.

"We obviously have highly skilled engineers in Cisco," Mac Alasdair says. "But we felt that this was not a good use of their time." It might have made sense to do it all in-house if the implementations were all in the U.S., Castaneda adds, but this project would have involved sending very expensive engineers to virtually every corner of the world.

The Cisco project team took a first cut at establishing how many access points would be needed in each facility, based on the local population, and where they should probably go in the building based on floor plans. Then the trusted partner went in and did a full site survey to establish exact numbers and positioning.

Local cabling companies were subcontracted to install necessary Category-5 cables and power. Cisco project personnel did the configuring of the access points, which were then installed by the implementation partner. Finally, the partner did a post-implementation audit to make sure everything was working as it should.

The trusted partner approach is one Cisco recommends to its customers too, Mac Alasdair points out -- even those with big IT departments. "A high number of deployments that rely on a company's own skills fail as compared with those that use skilled, experienced implementers," he notes.

One key lesson learned and applied in the global WLAN deployment at Cisco was the need to standardize. A single standard configuration for clients and access points means it's now relatively simple to push out software and firmware updates, Castaneda points out.

Another lesson: keep user expectations in line. In Cisco's case it meant making sure employees realized they would not be able to use voice on these networks or video, and that they wouldn't be able to roam from building to building without re-logging on.

Of course, nothing remains static. Cisco is already looking at adjusting the 25:1 rule precisely so that it can accommodate higher-bandwidth applications such as voice and video. It will likely move to a 10:1 ratio, Castaneda says.

Cisco does have one internal 802.11a deployment in Japan today, but is in no hurry to roll out 11a globally. The cost would be prohibitive so soon after the initial 802.11b deployment.

Cost is a factor for Cisco, but it's not the hardware costs. It's the people costs for designing networks, configuring equipment and installing it -- a combination of opportunity costs for Cisco employee time and real dollars out the door to trusted partners.

That is true for customers as well, though, Castaneda point out. "The cost of [WLAN] hardware is minimal compared to support and deployment costs."

Within the next 12 to 18 months, Cisco will migrate globally to 802.11g, a much lower-cost upgrade, and eventually it expects to deploy an 11a/g infrastructure, possibly with 11a reserved for voice and video and 11g for data.



Comment and Contribute
(Maximum characters: 1200). You have
characters left.