Apple Sets Wi-Fi on Fire

Cons:

Consider this scenario: An ad-hoc workgroup of twenty developers needs a private LAN with strongly-encrypted Wi-Fi access, an Ethernet print server, and secure network-connected storage for the source trees, documentation, project data and home directories they’ll sync to their notebooks for off-line use. The group will borrow contractors for the project, but the contractors can only use machines the company issues to them and they’ll only be allowed to connect during scheduled working hours. It’s your job to set them up. Oh, and the company has wisely allowed group members to use the platform of their choice, so make sure that Windows and Mac users are served equally well.

If you can’t identify with an ad-hoc workgroup, then substitute a small business, sales team, branch office, LAN party or what-have-you. Just put yourself in the position of having to pull together the infrastructure, and configure clients and provision the server resources needed to fulfill this tall order in short order. Apple has a solution in mind: AirPort Extreme. This unit is no bigger than a box of chocolates, it has no moving parts and it costs $179. Leave one on the workgroup leader’s desk, take an early lunch and return a hero.

AirPort Extreme is a Wi-Fi base station that works as a secure LAN/WAN gateway or bridge, a four-port 10/100 Ethernet router, a network access controller and a file/print server. No, really, this Wi-Fi box does file and print. Jack USB external hard drives and printers into AirPort Extreme’s USB port and they pop up on your LAN and WLAN as Windows and Mac volumes and networked printers. Not only that, but any Windows or Mac user can choose to auto-mount the device when it’s within range. For all of this, there is zero server administrative overhead because there’s no server. AirPort Extreme’s file/print isn’t as guarded and configurable as Windows 2003 Server. It won’t serve all purposes. But think of all of the printers and third-tier storage managed today by cast-off PCs. You can dump them and get Wi-Fi to boot, and if you drop an AirPort Extreme wherever these ratty servers sit now, Apple’s base stations will join together, with no wires and no configuration hassles, to extend your WLAN’s coverage area.

When do we get to the good part?

Hold onto your hat, friend, because that’s just the first course. Apple supplies a rich client management utility with real-time logging and monitoring that operates identically from Windows PCs and Macs, and permits management over wired and wireless connections. That’s true and quite cool, but I’m teasing. What everybody wants to read about AirPort Extreme is that it implements the IEEE 802.11n Wi-Fi draft standard. Apple claims that AirPort Extreme tests out at five times the top speed of 54 Mbps standards 802.11a and 802.11g, and that it can maintain speeds equal to 54 Mpbs standards’ best at twice the distance. Apple is taking care to be conservative with its numbers, which is wise. I tested AirPort Extreme in ugly conditions and found that in places where the previous AirPort Extreme model (the one with the pointy head) couldn’t see my MacBook Pro eval notebook at all for impediments structural and human, the new AirPort Extreme bathed me in bandwidth.

You’ll have to decide which of these capabilities to get most excited about while I lay out a bit more detail. As for me, I’m grabbed by the whole package, and this is one of those rare circumstances in which the package could readily fetch more than the price asked.

Is there a draft-n here?

If you’ve heard of 802.11n, the method by which Apple drives AirPort Extreme and 802.11n-compatible clients to stratospheric speeds, it may have been in the context of some controversy. 802.11n is not yet ratified by the IEEE. It has been baked but not served for so long that most Wi-Fi users don’t know what they’re missing. Apple is not the first network product vendor to leapfrog the IEEE in customers’ interest. There are readers who will regard my take as heretical, but I don’t care. There are a few countries outside the US, including the United Kingdom, where the 5 GHz spectrum used by 802.11n is regulated in such a way as to preclude the Multi-Input, Multi-Output (MIMO) method used by 802.11n. I’m not in one of those places. I’ll take mine now, and they can get theirs when it comes around. Apple ensures that AirPort Extreme does the compliant thing when it’s operating in a regulated territory.

I’m not worried about how 802.11n might change between the draft and ratifaction. Big names, including Intel, have jumped on the 802.11n train. This has the earmarks of being a standard that’s ratified by the public before the standards body can get itself off the dime.

Mac users get it

Apple is unique in having baked 802.11n directly into nearly all of its client product line: All Core 2 Duo iMac desktops (except for a discounted, education-targeted model), MacBooks, MacBook Pros, and Mac Pros ordered with the AirPort Extreme add-in, have shipped from day one with 802.11n baked in, but locked out in firmware. The CD that comes with AirPort Extreme includes an installable package that will unlock the 802.11n feature in an unlimited number of n-capable Macs, and any unlocked Mac stays n-enabled forever. If you want to use 3rd-party 802.11n base stations with your Mac, Apple sells the “802.11n enabler” for $1.99.

In addition to the majority of the Core 2 Duo Mac client lineup and AirPort Extreme, the Apple TV digital media hub (I call it the “iTunes terminal”) shares the same implementation of the draft, and Apple tests for compatibility with other network hardware vendors’ 802.11n support. Apple won’t say which vendors play along, but there are only a few vendors at the top of the network semiconductor heap.

Here I am

AirPort Extreme supports the 2.4 GHz 802.11b and 802.11g standards as well as 802.11n and its neighbor in the 5 GHz spectrum, 802.11a. While 802.11n-enabled Macs sniff out WLANs in both bands, AirPort Extreme only operates in one or the other. The administrator chooses the band at configuration time and can change it at will. The fact that Macs, like most multi-standard clients, hunt base stations (or access points) across bands is key to AirPort Extreme’s wireless manageability. The AirPort Utility app that’s on the AirPort Extreme install disc–don’t misplace this disc because you can’t download any part of it from Apple–uses Apple’s Bonjour zero-config, multicast name server networking protocol to announce the base station’s presence. You don’t have to memorize the device’s IP address or add it to your domain’s name server, and if you need to flip AirPort Extreme from one band to another, any multi-protocol PC or Mac will do the trick. Apple’s Bonjour client for Windows is automatically set up when you install the AirPort Utility.

In similar fashion, AirPort Extreme’s attached disks and printers advertise themselves using Bonjour, and this enables one of AirPort Extreme’s best features. That all-important install CD includes AirPort Disk Utility. Once installed on a Windows or Mac client, it maintains a list of Bonjour-advertised volumes and allows users to choose to auto-mount them whenever AirPort comes into range. It’s quite resilient to dips in network signals, and it doesn’t require a trip to Network Neighborhood or Finder to locate and mount the volume.

The administrator uses AirPort Utility to determine which USB disks are shared and sets an authentication policy that requires either the entry of the base station’s administrative password (a bad idea) or a user ID/password combination taken from a simple list of users defined in a table stored in AirPort Extreme’s non-volatile memory. The base station won’t authenticate users for disk and printer shares against Active Directory or LDAP; that’s asking a bit much. But users have to make it through wireless security and user/password entry to get at the resources. It’s not Fort Knox, but for less sensitive data, and for data like OS X disk images that are already encrypted, it’s pretty amazing and the price can’t be beat.

Members only

In terms of security, AirPort Extreme’s baseline characteristics are common to all late-model base stations: Network address translation, port mapping and encrypted authentication and data. As required by present Wi-Fi standards, AirPort Extreme implements WPA2 (Wi-Fi protected access; IEEE 802.11i) as well as WPA. The base station still offers WEP (wired equivalent privacy) for clients that can’t deal with WPA2, but WEP being as secure as a wet paper fence, its use is discouraged.

WEPers aren’t the only ones you want to keep outside the castle wall. Apple has implemented an ingenious Bluetooth-style pairing approach to authorizing clients for connection to AirPort Extreme. When activated from AirPort Utility, AirPort Extreme will enter a special mode that identifies a new client for authentication. It can either capture the client MAC address from the very next client connection attempt, or allow a client to use a PIN key to associate. If a client passes this test, the administrator can limit wireless access from a newly-authorized client to 24 hours, enough time to allow access to safe resources while wiring the user into protected ones. Individual authorized clients can also be placed on an ongoing schedule of access restrictions tied to time of day and day of week.

It’ll hang with you

The new AirPort Express bears no resemblance to its pointy-headed predecessor (it had the shape of a slightly-melted Hershey’s kiss) in appearance or, far more importantly, capabilities, speed and manageability. The unit’s white polycarbonate case is not a style statement; it’s made to become invisible regardless of its location. There is, however, one flaw in the device’s physical design: As ideally suited as it is to business building and meeting space use, there is no way to mount AirPort Extreme to a wall or a post without adhesive. That’s no matter for casual use, but if you’re deploying fifty of these things, how you hang them without destroying your landlord’s walls becomes an issue. There is a cutout for a Kensington lock to help keep an AirPort that’s within reach from walking away.

Its hangability aside, AirPort Extreme’s suitability to commercial deployments of small to medium scale should be obvious. Its unmatched drop-and-go capability, long throw antenna and low power DC adapter make it perfect for floating mob scenes like LAN gaming parties and neighborhood micro-nets. There is a powerful home market for this device as well. A home with only one or two client machines might seem a waste of AirPort Extreme’s extreme capabilities when basic needs seem to be met by a cheaper device. But look at it this way: The disposable, insecure, unconfigurable wireless gateways that cable modem and DSL providers foist on their customers cost $100 to $200, and not one of them is wired for disk and printer sharing. In business or at home, you may change broadband providers and client machines, but AirPort Extreme will be with you until we all agree that 300 Mbps isn’t fast enough and that the equivalent of a box of chocolates is too much desk space to set aside for Wi-Fi, file and print. I think AirPort Extreme will tide us over for a while.