Wireless Access Points: Through Thick And Thin
Thick routers are the old familiar Cisco variety, running their own command-line operating system with thousands of parameters to tweak and tune. Thick routers need plenty of expertise to manage and maintain, which is why an entire cottage industry has been created to help people get their Cisco certification. Because of their complexity and popularity, you can now find classes teaching IOS and routing concepts,even at the high-school level. I should know: I actually taught the equivalent of one last year at my town's local high school. (Well, almost: The courseware, developed by 3Com, was vendor-neutral, but we still got into many of the same concepts about routing and networks.)
Thin routers are also becoming familiar. These are the things I called "frhubs" in my Home Networking Survival Guide book published two years ago. They are a combination firewall, router, hub and even switch all in a small, usually plastic package the size of a large book.
Netgear, Linksys, D-Link and others have all become quite fat from selling these thin routers. They don't have all the features of their cousins,in some cases they don't do much more in the way of routing than network-address translation and the most rudimentary of packet filtering. And they don't require lots of expertise. In most cases, the default settings will do the job just fine. Should you need to change something, you don't have to fool around with the messy syntax of command lines. Instead, you can just fire up a Web browser and a few mouse clicks will do the job. Usually, thick routers cost more than thin ones.
There are even routers that are semi-thin, such as the ones from WatchGuard and SonicWall. They offer many of the thicker features, but are easier to manage and don't require command-line gurus to set up. As you would expect, these routers cost somewhere between the expensive thick routers and the cheaper thin ones.
Thick routers are better for enterprise-class deployments than thin ones. They have more controls, more flexibility and can be managed as a group far better, too. Thin routers are best for SOHO applications, or where there is little to no IT staff around to deal with them. The semi-thin routers, in some cases, can also be easily managed centrally.
Apples To Oranges?
The concept becomes a little harder to explain when we talk about wireless APs. According to Metzler, a thick AP has a radio, adds routing features and handles authentication and encryption as well as overall management of the network clients. The thin AP just has the radio and rudimentary features, and is designed to work with external software tools to manage authentication and encryption elements.
You would think that the way I have explained things, thick trumps thin on the wireless AP side as well, but that isn't always true. In fact, it is usually the exact opposite of the router situation. Thick APs can be harder for enterprises to manage as a collective group, especially as users try to roam among different wireless subnets as they move about a campus and go in and out of coverage between different APs. Because each AP does its own authentication, it is a lot more work for a network administrator to maintain overall network security, which is why most wireless APs have their security turned off and why it is so easy for anyone with a wireless laptop to get access to the random urban corporate network these days.
So thin APs, because they are thin, off-load the authentication and encryption management to something else (this is where vendors like Trapeze and Chantry Networks come into the picture, in case you were wondering), and this something else is a centralized network control point that sits at the core of the network. The idea here is that you collect APs into several logical subnets that can be managed centrally in the data center rather than having to send your IT staff or consultants roaming around your campus and fiddling with each remote wiring closet or AP. I want to spend some more time trying out these products before I give you any further advice, but it is worth some additional thought.
Another company to watch is SonicWall, which has done well in the semi-thin router market and is now branching out into the semi-thin wireless AP market as well with a new product called the SOHO TZW. The company offers a secured separate network for the wireless users, which is a neat solution and something I will be looking into more when I get my hands on a unit.
Cisco's Story
Of all the networking companies around these days, I think Cisco has the most interesting story to tell, especially when you consider its pending acquisition of Linksys. Cisco can claim products in all four areas,thick and thin routers, and thick and thin APs. Well, almost. I have a hard time figuring out which of its APs are thick and which are thin as the company transitions its Aironet product line.
Take a look at two Cisco APs: the 1100 (which lists for about $599 and only does 802.11b right now) and the 1200 (which lists for about $1,399 for both 802.11a/b frequencies). The 1100 runs Cisco's IOS, the operating system that is found throughout its router product line. The 1200 runs on VxWorks, the embedded OS that Cisco received with the Aironet product line. Which one is thin and which one is thick? Both are somewhat in the middle.
Both wireless APs will eventually cover 802.11g frequencies later this year, according to Cisco representatives. How do they differ from APs that cost much less? The biggest difference is in how they implement their security features. Inexpensive APs support Wired Encryption Privacy (WEP) keys, but that isn't much of a step forward for enterprises concerned about security. After all, WEP is easily cracked. Instead, it's much better to integrate with an enterprise's RADIUS or other whole-house authentication system, and to have the ability to authenticate particular MAC addresses from clients on the wireless network and set up a separate virtual LAN for all the wired users. Both Cisco APs do this, while most of the lower-priced spread does not.
Some of the other nicer features of Cisco's APs include the ability to be powered directly from the Ethernet wiring, as well as the ability to scale down transmitter power so that the APs play nicely with other APs in the same campus. Of course, to really tune this feature, you will need a great deal of radio frequency knowledge, something that the folks at Trapeze and Chantry are trying to help out with, at least according to their product specs.
Still, the trouble with determining the relative thickness of wireless APs is that, unlike router pricing, it is harder to tell the thickness of a wireless AP based just on price. Part of the problem is that the radio is probably the most expensive part of the product. With the blooming 802.11 standards, many companies are hedging their bets by including multiple radios in their APs. That quickly drives up cost. And companies that have been on the lower-end of the scale, like Netgear, are now selling wireless APs that are combined with its thin routers, making it harder to figure out what is going on.
Maybe differentiating thick and thin wireless APs isn't such a good idea. But certainly this product space is getting a lot of play, and I look forward to seeing more products in the coming months. What's more, all of this is good news for wireless network administrators who are trying hard to secure their networks from unauthorized users.
David Strom is technology editor at VARBusiness. You can reach him at [email protected].