Simplified WLAN Analysis: The AirMagnet Attraction Part 3

Last week, in Part 2
of our analysis
, we showed how AirMagnet can be used for site surveys and
to improve existing WLAN installation. Now that
we’ve seen AirMagnet in action, it’s time to talk to an actual WISP that uses
it, and to learn about future AirMagnet products.

Rapid growth

According to CEO Dean Au, over 500
paying customers have purchased AirMagnet. Not bad for a small startup, founded
under two years ago, with nine months on the market. Customers include some very
big names in the vertical markets that are driving WLAN deployment. A few
examples:



  • manufacturing (e.g., GM, Toyota)
  • retail (e.g., Nordstrom, McDonalds)
  • entertainment (e.g., Ticketmaster, Harrahs)
  • financial (e.g., Federal Reserve, Mastercard)
  • medical (e.g., Stanford Medical Center, Independence Blue Cross)
  • transportation (e.g., Delta, Hertz, FEDEX)
  • energy (e.g., Chevron-Texaco)
  • education (e.g., UCLA, Johns Hopkins)
  • government (e.g., CDC, DoD)
  • defense (e.g., Boeing, Lockheed-Martin)


“McDonalds is looking at using our combo tool to do internal IT assessments,”
said Au. “Harrahs have 26 properties. They purchased four units to start, and
plan to deploy about 50 units, primarily for performance and security analysis.
FEDEX is using AirMagnet to survey and analyze performance in their packing
distribution center hub.”


Network equipment and technology suppliers, systems integrators, and
consulting firms are also drawn to AirMagnet. Industry heavyweights like Cisco,
Agere, Intel, Microsoft, Motorola, EDS, IBM Global Services, and KPMG have all
purchased the product. AirMagnet is working with one consulting firm to equip
300 field technicians with AirMagnet, literally clipping units onto workbelts.


Carrier and service provider customers include NTT, AT&T Wireless,
Spring, Verizon, Swisscom Mobile, and Cox Communications. According to Au,
Sprint and Verizon are probably using AirMagnet initially for internal WLAN
administration. NTT/DoCoMo is using AirMagnet for hotspot site surveys.


According to AirMagnet CTO Chia-Chee Kuan, another hotspot operator just
purchased 10 units for use by field technicians. Techs run through a checklist
of about 65 steps at each new venue. “They use AirMagnet to spot and log SSIDs and signal trends
during the initial site survey. On routine spotchecks, they identify any
problems and collect information about SSIDs and APs (not necessarily theirs)
to know how crowded the area is.” Logged results are fed into central database
that is used to make business decisions.

Case study: Covansys

To dig deeper, we contacted another customer, Covansys, a global technology and consulting
services company. Covansys employee Jeff Peterson evaluated several analyzers
last summer before choosing AirMagnet as part of his team’s technology toolbox.

“We use AirMagnet for data collection and audit functions in our wireless
technology consulting services,” explained Peterson. “This mostly involves
security audits and wireless infrastructure planning/implementation. Because
keeping our consultants well-trained on emerging technologies can be a
challenge, we need tools they can utilize that are powerful, intuitive and have
a wide range of functionality.”


“The way data is collected and presented within AirMagnet makes determining
signal strength and noise a very simple process,” added Peterson. “When we are
mapping out a location for a wireless infrastructure, AirMagnet is quick and
easy to use. Based on results from our initial surveys, using AirMagnet for
access point placement, antenna type and power levels, we have great results
every time.”


“From a technical point of view, the most important feature is the ability to
work in conjunction with Cisco‘s LEAP wireless architecture,” said
Peterson. “I am not aware of any other products similar to AirMagnet that have
the ability to interoperate both with Cisco’s LEAP architecture as well as
‘standard’ encrypted and open 802.11b networks. Because the majority of our
clients are early adopters of LEAP, we require [this feature] to meet the needs
of our clients.”


Peterson considered other wireless tools on both Linux and Windows platforms,
including freeware like NetStumbler (for discovery), Kismet
(for throughput analysis), and Ethereal (for packet analysis), and
commercial analyzers like WildPackets‘ AiroPeek and Network Associates
Sniffer
Wireless
. “Without going into a head to head comparison of these tools, the
single biggest decision factor for us was cost,” said Peterson. “This makes a
big difference to budget constrained IT departments (and consulting firms!). We
feel that, with AirMagnet, there is much more value for the IT dollar.”


The handheld form factor was another a key for Covansys. “All our consultants
have laptops that most of the other tools available would run on, but it is
quite uncomfortable to lug a laptop around in a site that encompasses a few
acres just to record some signal propagation characteristics,” argued Peterson.
“The handheld is the perfect tool for this application.” AirMagnet’s form factor
was rather unique when Covansys made its selection last summer, but several
other handheld analyzers are now available, including YellowJacket by Berkeley
Varitronics Systems
, Fluke Networks‘ WaveRunner, and a Pocket
PC version of Sniffer Wireless.


“One of the most effective ways to ensure a wireless network is as safe and
secure as possible is to perform regular scans,” said Peterson. “AirMagnet makes
this simple plus provides the functionality to drill down into more onerous
problems when they arise. We would feel comfortable handing an AirMagnet
platform to a person with average system admin type skills and getting them to
be productive with it in just a few minutes for some of the basic chores of
maintaining wireless network security and performance.”


Of course, no product is perfect. Peterson cited the same sore spot identified
during our evaluation: tight-coupling with PC cards. “For the most part, we
use the Proxim card that came with the package, although to use the LEAP features,
a Cisco card is essential,” said Peterson. “I rely on my Orinoco (Lucent) card
when I am using other (Linux-based) wireless tools. The point is that I end
up with three cards and all their associated drivers and configuration settings.
It’s kind of a pain, but until there is just one chipset out there, it’s something
that is going to happen. We have to be ready for anything that our clients may
have, from Linksys access points to Cisco Access Control Servers.”


Reprinted from ISP-Planet.

Peterson noted that many of the “missing” features he originally wanted have
since been incorporated into new versions, including external antenna support,
ongoing monitoring (now possible with AirMagnet Laptop), and support for other
802.11 standards (now possible with AirMagnet Duo). Still on Peterson’s wish
list: support for other 802.1X EAP types, use of additional
wireless NICs,
and the ability to use AirMagnet with a VPN client. In ISP-Planet
tests, we had no trouble using AirMagnet and VPN client software like Certicom‘s
movianVPN on the same Pocket PC, but were unable to do so simultaneously. This
could inhibit end-to-end ping testing in WLANs protected by VPN tunneling.

Looking ahead

AirMagnet products have moved
from handheld to laptop, from 802.11b to 802.11a. An obvious next step would be
timely support for 802.11g. Kuan believes that hybrid networks are going to be
around for awhile, and that concurrent dual-band support enables more efficient
administration. “For example, you only need to do a site survey once with Duo;
you don’t have to survey 802.11b, then survey again for 802.11a,” said Kuan.
“Today, if 802.11g shows up, we will see it as 802.11b. In the future, we will
have a patch to label these APs as 802.11g. We will treat at least high-speed
802.11g as a different media type.”

Support for additional adapters and chipsets (e.g., Agere) can also be
expected. “Initially, we felt that [card] binding was a better way to deal with
differences in drivers and to provide a better product,” said Au. “Long-term, we
will move away from being tied to specific cards; we are now looking at models
for doing this. For example, laptops and Pocket PCs will have built-in cards,
and we want to be able to use these.”

Plans to support additional EAP types are unclear. According to Kuan, “If you
run EAP-TLS now, it can be configured outside of AirMagnetAirMagnet controls
802.11 authentication options, but not higher layer authentication options.”
Nonetheless, we’d like to see AirMagnet analyze other EAP types as thoroughly as
LEAP, and we’d like to be able to select from available EAP types when using
tools to trouble-shoot connections.

We also expect to see AirWISE alarms expand over time. Several new alarms
were added in the last release, recognizing new attacks that have heightened
concerns but are not yet often encountered in the wild. Some other analyzers
have the ability to define custom alarms, based on user-specified conditions.
AirMagnet does not. Many built-in alarms have configurable thresholds (e.g.,
number of De-Authenticate frames that constitute a flood). But if you want an
alarm not in the current list, you’ll need to suggest an AirMagnet feature
enhancement.

The bottom line

We agree with Peterson: most
tasks we attempted with AirMagnet could be performed by anyone with basic
understanding of the UI, but little or no RF expertise. Hotspot
operators could easily send a field technician to a customer site to gather
data, bringing home saved captures, exported objects, and logged survey records
to be crunched by RF designers back at the home office. In our opinion, it is
not that AirMagnet does more than a traditional network analyzer. (In some cases
it does, but in many cases it does not.) The key difference is that AirMagnet
feels more approachable, and that translates directly into improved staff
productivity.

A few knobs could be clearerfor example, it is easy to confuse exporting
data with exporting profiles. Help is good, but context-specific help would be
even better. These are relatively minor nits in a product that is otherwise very
intuitive. AirMagnet’s drill-down, go-back approach keeps the user from getting
lost or being overwhelmed at high levels, yet makes detail available as needed.
Recording results for later offline analysis is essential; AirMagnet does this
reasonably well in ad hoc mode, but automated export would make 24×7 monitoring
much strongerfor example, forwarding high-priority alarms to the NOC.

We believe that most WLAN admins can benefit from having AirMagnet in their
toolbox. Organizations on a tight budget will find AirMagnet more pricey that
shareware, but then again, AirMagnet does much more than NetStumbler et al.
Systems integrators and consultants that install and debug WLANs every day
really need professional tools. When compared to commercial software, AirMagnet
is competitively priced. Being able to use the same PDA for AirMagnet and other
applications makes it more economical than dedicated analyzers. Those using
AirMagnet on both platforms should purchase a Combo package to trim the
pricetag. Requiring a specific PC card and yet another tool for higher-layer
analysis are total cost of ownership disadvantages.

At the end of our evaluation, we asked ourselves:


Would we use this product? Our answer is a resounding “Yes.” We often
fire up AirMagnet to quickly debug a glitch. It’s not the only tool we use,
but we’d definitely miss having it around. The essential question that hotspot
operators (HSOs) must ask themselves: Is AirMagnet worth the price? HSOs
operating on razor-thin margins hesitate to spend anything unless return-on-investment
is clearly demonstrated. In the end, each HSO must make its own analysis. But
in our opinion, HSOs (and other organizations) with multiple sites can probably
justify purchasing at least one portable WLAN analyzer, and should take a good,
hard look at AirMagnet.

News Around the Web