Cisco unveils services approach to enterprise mobility

Cisco unveiled a network appliance Wednesday that is intended to reshape enterprise wireless LANs by collecting device data and making it available for use by higher-level applications.

Slideshow: Inside Cisco's Mobility Services Engine

The Mobility Services Engine (MSE) runs software programs that collect, store and manage data from wireless clients and Cisco access points and controllers. The MSE can use this data itself for jobs like rogue radio detection, and share it with higher-end Cisco security, access control and network management applications. MSE also can share data with third-party mobility applications, such as wireless asset tracking, cellular-to-Wi-Fi voice roaming, and RFID data management.

The appliance is part of Cisco's larger plan to create a unified software layer that spans different physical networks and the mobile clients that use them. Mobile devices such as laptops, RFID tags, dual-mode smartphones, embedded devices and sensors could be using any combination of access networks – including wired Ethernet, Wi-Fi, passive RFID, cellular, WiMAX, Ultra Wideband, and wireless sensor networks such as Zigbee. The MSE is the start of collecting and coordinating data about all these clients, in large numbers, across these different types of networks, and feeding it via a XML/SOAP-based API to other applications. (See Craig Mathias' take on the announcement.)

"What it shows is that Cisco is finally realizing, although they don't overtly state this, that networking is no longer [about] LAN, WAN and PAN [personal area network]," says Ken Dulaney, a vice president with research firm Gartner. "Networking is converged among wired, wireless, personal, business. The next step to watch is how they deal with security, which is still fragmented. Will they have a more unified vision for security on top of [this vision] of the converged network?"

Today, applications from WLAN vendors typically run on their controllers. (Compare enterprise WLAN products.) Third-party applications, such as asset tracking via Wi-Fi tags, run on separate computers and have to collect data from separate wireless sensor networks or by directly contacting individual controllers or access points. MSE offloads the application processing from controllers to a dedicated device, creating what Cisco executives call a "services plane." It's a smart move, according to some analysts.

"Its significance is that it's a product that is really separating the network and services layers, and it's open," says Ellen Daley, a vice president at Forrester Research. "This means [software] developers, and groups within Cisco, can leverage or use network resources more easily."

Enterprises, for example, could leverage the data for unified communications – a grab bag of technologies that vendors are trying to stitch together into a single communications interface for users' e-mail, voice, instant messaging and the like.

"This won't do much for those outside Cisco environments," says Gartner's Dulaney. "But for Cisco clients, it will provide an element of control for security, context [information, such as location], and roaming, which are foundation technologies for next-generation unified communications. That's an important battleground for Cisco against Microsoft with Office Communication Server."  

The first model of the Wireless Services Engine is the high-end 3350, a rack-mounted unit with dual quad-core processors, 8GB of RAM and 137GB of disk storage. Disks and dual power supplies are hot swappable. The list price is $19,000. Cisco plans to create several other lower-priced models.

Once installed in a data center rack, the MSE software uses a new Cisco protocol, dubbed Network Mobility Services Protocol (NMSP), to discover and communicate with all the wireless controllers on the WLAN. As the controllers collect data about their attached access points, and about the wireless devices associated with those access points, the MSE software can harvest and store it. Using the standardized API, separate applications can then access this data and process it.

With an enterprise message bus architecture, a number of MSEs can work as one, and be treated as a single appliance by Cisco's WLAN management application, called Wireless Control System, which also administers the software programs running on the appliance.

Cisco is announcing four software programs that the 3350 will host, but only one of them will be available when the appliance ships in June. The others will become available starting in the fall. The four programs, which Cisco calls "services" to distinguish them from the higher level applications that make use of them, are for:

* Context aware data: Due to ship June 3, this service works with WLAN data that gives information about a particular wireless client or device, such as location, time, identity or telemetry data about physical attributes such as motion, temperature and vibration. It replaces Cisco's previous model 2700 Location Appliance and can process location data for as many as 18,000 Wi-Fi devices and tags (compared with 2,000 previously). It features a new technique, called Time Difference of Arrival, which Cisco added to its existing method of measuring radio power levels to triangulate a transmitter's position.

* Mobile intelligent roaming: Due to ship in the fall, this service handles data that lets dual-mode smartphones shift seamlessly between a WLAN and a cellular network. The program makes use of signal strength and location data to measure whether a Wi-Fi signal is strengthening or fading and to fix a client's location and direction. Via the MSE API, this data can be passed to Cisco Call Manager or a third-party convergence application such as Agito Networks' RoamAnywhere Mobility Router.

* Adaptive wireless IPS: Due to ship by year-end, Cisco's adaptive wireless intrusion-prevention system is a completely reworked IPS, now intended to compete with dedicated wireless IPS products from vendors such as AirDefense, AirMagnet and AirTight. The program offers centralized, WLAN-wide event processing, analysis and management along with radio frequency scanning and analysis, using the Cisco Wireless Control System as its front end.

* Secure client manager: Due to ship in the first quarter of 2009, the secure client manager is an administration program for 802.1x-enabled clients -- in particular for those running Cisco's Secure Services Client code -- and an intermediary to back-end systems such as Cisco Access Control Server (ACS). Added to the Secure Services Client is the Secure Client Manager Agent. When the device powers on, the agent connects to its MSE counterpart, which manages the client's security profile and coordinates tasks such as device classification, credentials provisioning and unified client license management. Via the MSE API, this software program can work with third-party software such as device management and software updates.