Windows Zero Configuration
Last Post: December 20, 2006:
-
Hi Guys, Hi G T Hill,
Have not posted for a while since everything has been running smoothly. However, I have two questions so I am calling on the experts here to weigh in.
Question 1.
For cost purposes, my company is moving from Funk's Odyssey Wireless Client to Windows Zero Configuration Wireless Client (comes free with XP); but I hear that there are some security issues connected to the Windows client, so I am asking for input from you all.
Question 2:
Is anyone familiar with Aruba's wireless products? We are thinking of switching to their thin access points and controllers. What I need to know is product performance, support, response time, and general satisfaction with the product and company. So far, they sound good, but in this business one has to do due diligence. Would appreciate any and all input.
Thanks, -
Hi
Answer 1:
I have used the WZC client for many deployments and have generally found that it is not as reliable as the Odyssey client. From a cost perspective it is alot cheaper but if you are running any mission critical apps over Wireless, you may be able to justify the cost. With regards to security, my understanding is that XP SP2 resolves any security holes and I think there may have been a patch after this aswell - Search the microsoft site. With SP2 you can also use the config utility to help you roll out a single config to multiple clients using a neat little script - Or you could use AD.
Answer 2:
I have worked extensively with Aruba and definately recommend their products. The boxes take some getting used to as they offer many configuration options to allow you to tweak the system for your every need. I carried out a 5 month vendor selection for a very large client and Aruba came out technically superior in the majority of categories including Performance and security. I have worked with more than just Aruba products so this is not a biased assessment!
Regards, -
Just to help avoid some confusion as to the MS update the one typically referred to is 893357, but it has been updated by 917021 at this link.
http://support.microsoft.com/kb/917021
Also, in my experience if you are in an AD environment then WZC is almost essential. I also would appreciate hearing what sort of security issues you have been hearing about? Thanks in advance. -
One of the simple secuity problems was that Windows transmitted Probe requests for all SSID's in the preferred network list. HiJack'm baby!
The other flaw was/is that if your AP's are hiding their SSIDs then sometimes the client has trouble connecting unless it is at the top of the preferred list or sometimes it has to be the only SSID in the list.
These problems may all be fixed, but I'm not sure.
Getting rid of Odyssey Client!!! Well, if the decision is already made then no reason to cry over spilt milk. *BOO HOO* :(
The new client Odyssey Client has great new feature, one of which is "disable upon wired connect". That is a must have in a secure Wi-Fi environment. Some card drivers have the function, but it is rare to have the function enterprise wide.
I have never used Aruba, but I like everything I hear about them from my students. Don't expect to save any money, but I think they will try very hard for your business.
Nice to hear from you! :) -
Oddly enough, I just got an email from one of my former students. He said that his new Aruba gear took 15 hours from out of the box to up and running (replacing Cisco AP's). He said that included uploading floor plans and all. Oh, that was setting up PEAP successfully as well. Sounds great to me!
You know, now that I think about it maybe it went so well for him because of the exceptional training he received... :) -
Thats pretty impressive! Do you know how many APs were deployed? I am currently working on a project to deploy just over 700 APs across 2 buildings using the Aruba 6000 chassis controllers. The design phase is over and we are currently working on the config documentation. As I said in an earlier thread, there are many configuration options and multiple ways to do things depending on the requirements. This may seem daunting to a newbie to Aruba products but its simply because the boxes offer you so much flexibility. Ive been able to get other Centralised management solutions up and running in a couple of hours due to their simplicity and this is fine for a small/medium corporate WLAN but when it comes to hardcore requirements with multiple users and high demand, Aruba are the product for you.
-
GTHill Escribi?3:
Oddly enough, I just got an email from one of my former students. He said that his new Aruba gear took 15 hours from out of the box to up and running (replacing Cisco AP's). He said that included uploading floor plans and all. Oh, that was setting up PEAP successfully as well. Sounds great to me!
You know, now that I think about it maybe it went so well for him because of the exceptional training he received... :)
Whatever. It's because I read so many books and Aruba tries and make this stuff easy for gearheads like me. ;-)
The aruba controllers (we have the 2400's) are pretty nice, and their GUI is quite intuitive. They come with a CD that was a few hundred page PDF that explains things very nicely. Add a DNS entry for aruba-master that points to your loopback, and then APs can find the controllers anywhere on your network, from any VLAN.
I scanned in about 40 maps for my campus, and that part is done. PEAP took a little doing because our certificate was expired and that was a bear getting the server team to actually do some work and get their CA back up and running so I could gen a new cert and put it into to ACS to enable PEAP.
I only have 2 AP's out now, one at my desk and another one across the floor. We have a lot of client side issues, and plus we're entering into the year-end freeze, so I won't be able to get it totally up and running until end of January/February.
We still have a few complications to run around, mainly the fact that we don't have 802.3af switches to power the AP/AMs, so I will have to buy some power injectors. There will be a lot of cabling to do still, and finding the existing Aironets in the ceiling and swapping them out.
So, 15 hours to do the infrastructure and migrate from EAP-FAST to PEAP. Who knows how long the rest will take. -
Thanks guys, you gave me some good things to chew on; I really appreciate the response from everyone, which leads to the following additional questions.
Sdandeker: Can you tell me if Cisco APs were among the products in your five-month vendor selection project?
M/Q: The security risk I hear is that WCZ sends user credentials in clear text. Have not yet verified if this has been fixed. Thanks for the Microsoft link ?¡é?€?¡° very helpful.
G T Hill: Yes, I am crying over the potential loss of my beloved Odyssey. We do have the latest one with all the bells and whistles, and it is hard to bid farewell to such an outstanding product. Kudos to your teaching skills GT; I am a product of that.
A little background on my wireless network. We currently have a total of 103 Cisco 1131 and 1231 fat APs managed by the WLSE. Unfortunately the WLSE is not a very good product so we have a love-hate relationship. We will be adding another 100 APs and another location, hence the request for a better-centralized management tool with thin APs.
Thanks again guys; will keep you posted.
cforbes -
cforbes Escribi?3:
Thanks guys, you gave me some good things to chew on; I really appreciate the response from everyone, which leads to the following additional questions.
Sdandeker: Can you tell me if Cisco APs were among the products in your five-month vendor selection project?
M/Q: The security risk I hear is that WCZ sends user credentials in clear text. Have not yet verified if this has been fixed. Thanks for the Microsoft link ?¡é?€?¡° very helpful.
G T Hill: Yes, I am crying over the potential loss of my beloved Odyssey. We do have the latest one with all the bells and whistles, and it is hard to bid farewell to such an outstanding product. Kudos to your teaching skills GT; I am a product of that.
A little background on my wireless network. We currently have a total of 103 Cisco 1131 and 1231 fat APs managed by the WLSE. Unfortunately the WLSE is not a very good product so we have a love-hate relationship. We will be adding another 100 APs and another location, hence the request for a better-centralized management tool with thin APs.
Thanks again guys; will keep you posted.
cforbes
You're where I was about 4 months ago, except your WLAN is much larger than mine. I agree, the WLSE is pretty much useless. It requires a lot of configuration and all it does it act like a air monitor interface.
My choice was between Aruba and Cisco. I could keep my existing 1231's and buy some servers and put WCS with Location tracking on them, or I could go Aruba. I chose Aruba because of their focus. They do more than wireless, but their product line is built around wireless and remote access, versus Cisco, which tries to do everything. Plus Cisco tech support is pretty sub-par.
So far, I'm pretty pleased with the Aruba stuff. I just deployed an AP41 acting as an air monitor, and everything is going well so far. Now I need to put my cablers to work and get my floor lit up.
I love Odyssey too, I paid for my version out of pocket. We have Intel clients on our corporate image, and it blows (excuse me, it's not very well put together). Too bad you have to move away from it!
Chris -
cforbes - Yes Cisco were part of our vendor selection. The Cisco centralised solution (ex airespace) not fat APs. I have worked with them before and think its a good product but just not as advanced or as flexible as the Aruba kit.
I agree about the comments on WLSE and its abilities to manage the fat APs. Cisco always knew this was only a short term solution for managing growing WLANs though. That why they bought Airespace. I dont see them continueing to develop the WLSE product. I think they will concentrate on the integrated WiSM solution for large enterprises and the smaller WCS products for small/medium enterprises. The FAT APs wont die out though becaude they stilkl have teir place.
bmwracer: Where is your location? Forgive my ignorance if 'The OP' is a known location!