Ruckus Wireless ZoneFlex
Strengths: Incredibly simple deployment, excellent wireless management facilities and access controls, sophisticated AP meshing system, very good value
Weaknesses: Zero-IT activation may not support some PC card adapters
Verdict: Ruckus makes deploying secure wireless networks a cakewalk while the new mesh feature adds valuable expansion and self-healing capabilities
Ruckus Networks' ZoneFlex wireless security system is aimed at SMEs, paying particular attention to ease of installation, simplified management and value. On review is the ZoneDirector 1000, which can manage up to 50 ZoneFlex access points (APs). You don't need to connect them directly to the appliance as they can be wired to the network at any location and will automatically locate the device to take their instructions from it.
The APs employ Ruckus's patented smart-aerial array, which incorporates 12 high-gain aerials for improved range and signal quality. We were supplied with four ZoneFlex 2942 APs, which have standard and PoE Fast Ethernet ports, and we successfully powered them from an HP ProCurve 2626-PWR switch.
Support for UPnP makes installation an absolute breeze. On a Vista system we just selected the ZoneDirector's icon menu from the networks view for direct access to its web interface. This runs through a quick-start wizard and then it's over to the main management interface. A slick dashboard view shows a system overview, detected ZoneFlex APs, clients and rogue devices, plus a running commentary on system activities such as discovered devices, their designation and the status of your own WLANs. Selecting the MAC address of any device takes you straight to a map view, where you can see its physical location.
To create a WLAN you add an SSID name, choose from WEP or WPA/WPA2 encryption and select an authentication method, which can be the appliance's local database or external Active Directory or Radius servers. Web authentication sends users to a web portal with any of these methods and you can create your own custom portal designs. Client isolation also stops wireless clients on the same SSID from communicating with each other.
You can activate the Zero-IT activation feature on selected WLANs, where you tell your users to visit a specific URL on the appliance. After successful authentication it will download a small utility that configures their wireless network settings ready to join a ZoneFlex WLAN. During testing we came across a laptop using a Belkin N1 PC Card on which the utility successfully activated the Windows wireless networking tools but was unable to configure the adapter.
To test AP deployment we added three APs that had been reset to factory defaults. We could see from the dashboard that they had joined up with the appliance, which promptly upgraded their firmware without any user intervention. Our WLAN configurations were then deployed to the APs automatically and made available to our test clients. There are plenty of guest access controls and you can decide which users are allowed to create guest passes.
To test the mapping facilities we imported a jpg of our building floor plan. The Ruckus APs use triangulation to find the position of rogues, while heat maps help position the APs for the best coverage. The system detected 24 APs in our building and identified all of them as rogues. It doesn't check to see whether they have LAN connectivity, but if you know they are safe you can mark them as known. We also tested in a residential area and were surprised when Ruckus reported that we were surrounded by 11 rogue APs when we had always thought there were four at most in the vicinity.
We kept one ZoneFlex AP back to test the new Mesh feature released in the latest firmware. Meshing allows you to increase the size of your network by adding extra APs without wiring them to the network. Meshed APs form a peer-to-peer network where they communicate securely with each other over a wireless backbone and clients associated with one AP can link to the LAN via a series of hops over each meshed AP. New APs are simply plugged in without an Ethernet cable link and, as long as they can see another AP, they will automatically join the meshed network.
Meshing is enabled via the web interface and it's a one-way-trip as to deactivate it requires resetting everything back to the factory defaults. To test meshing we plugged in an unwired AP and saw from the dashboard that it had joined the wireless network via a root AP. We then connected our laptop wirelessly using the meshed AP and set up a continuous ping of a device on the LAN. The meshed AP was unplugged and the ping timed out only once as the laptop rejoined via the nearest root AP. We also took the laptop for a wander past each AP and watched it hop from one to another, with the ZoneFlex mesh system delivering almost seamless roaming and self-healing.
Deploying secure wireless networks and hot spots just got a whole lot easier for SMEs. The ZoneFlex solution works on every level and we particularly like the new Mesh feature.