Windows on wireless: windows and wireless are rapidly converging on devices, desktops, and servers.
MICROSOFT WINDOWS See Windows.
(operating system) Microsoft Windows - Microsoft's proprietary window system and user interface software released in 1985 to run on top of MS-DOS. Widely criticised for being too slow (hence "Windoze", "Microsloth Windows") on the machines available then. XP, Microsoft Windows Server 2003, and Microsoft Windows CE .NET are the latest generation of Windows operating systems Operating systems can be categorized by technology, ownership, licensing, working state, usage, and by many other characteristics. In practice, many of these groupings may overlap. for desktops, servers, and mobile devices, respectively. Common to all three operating systems is a focus on wireless connectivity. For example, in this latest round of Windows releases, you'll find an array of new drivers, services, control panel applets, application programming interfaces (APIs) and other OS-level software components that make it easier to connect to wireless networks via Bluetooth, Wi-Fi (802.11), and to a lesser degree, cellular-based wireless networks. This article gives you a tour of the installation, configuration, and connection management enhancements that support wireless devices and networks in Windows.
Windows Zero-Configuration (WZC WZC Wireless Zero Config
WZC Wireless Zero Configuration
WZC Windows Zero Configuration ) is a key software technology that makes the process of connecting to a local wireless Wi-Fi network See wireless Ethernet and 802.11. nearly automatic. For example, Windows can now automatically poll an installed 802.11 network card for available Wi-Fi access points. If it detects an access point, Windows automatically attempts to connect to it. In cases where it detects multiple access points, the user can configure Windows to use a preferred list of connections. This user-defined list can also include settings to control encryption and IEEE 802.1X IEEE 802.1X is an IEEE standard for port-based Network Access Control; it is part of the IEEE 802 (802.1) group of protocols. It provides authentication to devices attached to a LAN port, establishing a point-to-point connection or preventing access from that port if authentication.
To promote support for WZC, Microsoft partnered with 802.11 network card vendors to further automate the steps a Wi-Fi network card follows when it associates with an access point. With this streamlined association process, the wireless network adapter See wireless adapter. and companion Network Device Interface Specification (networking, hardware, standard) Network Device Interface Specification - (NDIS) A Microsoft Windows device driver programming interface allowing multiple protocols to share the same network hardware. E.g. TCP/IP and IPX on the same NIC. NDIS can also be used by some ISDN adapters. (NDIS (Network Driver Interface Specification) A network driver interface from Microsoft. See network driver interface.
NDIS - Network Device Interface Specification ) driver software only have to supply a few key device parameters to configure how the network device should work. Following this initial configuration phase, the wireless network adapter scans for available networks and passes the list to the higher-level WZC software layer.
Upon receiving this list, the WZC service automatically configures the wireless adapter A device that adds wireless connectivity to a computer or PDA. It is attached via a USB port, PC Card, memory card or is plugged into the PCI bus inside the computer. There are three types of wireless adapters: Wi-Fi, cellular and Bluetooth. with the access point the user defined Any format, layout, structure or language that is developed by the user. as the preferred connection. Properties such as the IP address, subnet mask (SUBNETwork mask) The technique used by the IP protocol to create a subnet address. The subnet mask is a binary pattern that is stored in the client machine, server or router. , and DNS (Domain Name System) A system for converting host names and domain names into IP addresses on the Internet or on local networks that use the TCP/IP protocol. For example, when a Web site address is given to the DNS either by typing a URL in a browser or behind the addresses come into play at this phase in the connection process. If you configured and enabled 802.1X, the WZC service also applies properties for Internet Authentication Service Internet Authentication Service (IAS) provides centralized user authentication and authorization, auditing and accounting. It is included with the server editions of modern versions of Microsoft Windows operating systems. (IAS See iPlanet Application Server.
1. (computer) IAS - The first modern computer. It had main registers, processing circuits, information paths within the central processing unit, and used Von Neumann's fetch-execute cycle. ) and Remote Access Dial-up User Service (RADIUS) access.
Although the current implementation of WZC is primarily focused on Wi-Fi, support for 802.11 isn't the only type of wireless technology the latest versions of Windows make available. Windows XP The previous client version of Windows. XP was a major upgrade to the client version of Windows 2000 with numerous changes to the user interface. XP improved support for gaming, digital photography, instant messaging, wireless networking and sharing connections to the Internet. service pack 1 (and later), along with Windows CE (Windows Consumer Electronics) Microsoft's version of Windows for handheld devices and embedded systems that use x86, ARM, MIPS and SHx CPUs. Windows CE .NET superseded Windows CE 3.0. .NET, integrates native Bluetooth 1.1 support at the operating system level.
A principle theme in the Bluetooth wireless specification is the concept of profiles. A profile describes the implementation details of the Bluetooth protocol stack to support a particular user application; for example, remote dial-up access, LAN (Local Area Network) A communications network that serves users within a confined geographical area. The "clients" are the user's workstations typically running Windows, although Mac and Linux clients are also used. access, or file transfer. Several profiles have been defined in the Bluetooth 1.x specification including Dial-Up Networking, Fax, Headset, and Synchronization. Both Windows XP and Windows CE .NET support a subset of these profiles, which include the following:
* Dial-Up Networking Profile (DUN)
* LAN Access Profile (LAP)
* Object Push Profile (OPP OPP Opposite
OPP Office of Pesticide Programs
OPP Ontario Provincial Police (Ontario, Canada)
OPP Office of Polar Programs (National Science Foundation) )
* File Transfer Profile (FTP FTP
in full file transfer protocol
Internet protocol that allows a computer to send files to or receive files from another computer. Like many Internet resources, FTP works by means of a client-server architecture; the user runs client software to connect to )
It's important to note that Microsoft's Windows XP LAN Access Profile is based on Internet Protocol, version 6 (IP v6), which supports 128-bit addresses. In addition to 128-bit addressing, other benefits of IP v6 include a revised IP mobility layer that makes session management more dependable for wireless users moving between different IP networks.
Windows authorizes a Bluetooth service resource based on whether the device is Bluetooth-enabled, whether the system requires manual authorization, and whether the user has configured a passkey to support secure connections. The passkey is combined with a unique Bluetooth address and pseudo-random number to generate a link key. This key is a special code two Bluetooth devices exchange to connect to each other.
The Bluetooth profiles I mentioned earlier enable the following user applications in a Windows environment:
* File transfer over a Bluetooth wireless link
* Dial-up data functionality over Bluetooth-capable cell phone handsets
* Support for wireless input devices such as mice and keyboards that exist on the "wireless desktop" (this is covered under the Human Interface Design Profile)
* Virtual COM port for serial port emulation required to support serial-based devices over Bluetooth wireless links
* Internet applications such as Web browsers, e-mail clients, chat programs and other software that utilize the WinSock communication model.
Although Microsoft has focused its Bluetooth efforts on Windows XP and Windows CE .NET, several third-party companies have stepped up to help support earlier versions of Windows, such as Windows 2000. For example, 3COM (1) (Computer Output Microfilm) Creating microfilm or microfiche from the computer. A COM machine receives print-image output from the computer either online or via tape or disk and creates a film image of each page. , Compaq, IBM (International Business Machines Corporation, Armonk, NY, www.ibm.com) The world's largest computer company. IBM's product lines include the S/390 mainframes (zSeries), AS/400 midrange business systems (iSeries), RS/6000 workstations and servers (pSeries), Intel-based servers (xSeries) , Motorola, TDK TDK Türk Dil Kurumu (Turkish Language Council)
TDK The Dark Knights (gaming clan)
TDK Tokyo Denkikagaku Kogyo KK (TDK Electronics Co. Ltd. , and Toshiba have all developed software-based Bluetooth protocol stacks, usually to support their own Bluetooth-enabled devices and products.
Connection management on the Windows desktop or server, whether it's Windows XP or Windows 2003, is primarily an extension of network facilities that have evolved over the last several releases of Windows. In the Windows CE operating system, the NDIS model, along with the higher-level UI control panel applets, exists in a different organization and structure. In CE, these facilities have been compartmentalized com·part·men·tal·ize
tr.v. com·part·men·tal·ized, com·part·men·tal·iz·ing, com·part·men·tal·iz·es
To separate into distinct parts, categories, or compartments: "You learn . . . into a Connection Manager, a set of Connection Services, and Connection Service Providers (CSPs). The Connection Manager and the service and provider participants help automate how a user configures, establishes, and manages both wired and wireless network connections for Windows CE (figure 1).
[FIGURE 1 OMITTED]
The base Windows 2003 Server operating system See network operating system. software includes a Wireless Monitor control panel applet that lets network administrators configure a host of Wi-Fi network properties (figure 2). For example, they can view and log the network activity generated by wireless access points and clients. They can also configure the system to generate alerts when certain events occur; for example, when the network is scanned, when someone associates with an access point, or when a wireless interface is added to or removed from the Windows system.
[FIGURE 2 OMITTED]
The list of wireless access point properties that can be captured includes the network name, network type, MAC address, signal strength level, and the radio channel. Administrators can also track details about wireless clients; for example, a security administrator could use properties such as the MAC address, associated SSID (Service Set IDentifier) The name assigned to a wireless Wi-Fi network. All devices must use this same, case-sensitive name to communicate, which is a text string up to 32 bytes long. , and timestamp to monitor wireless client activity.
Wi-Fi security for the enterprise
The new wireless security features in the latest round of Windows operating systems are significant. Microsoft has taken much effort to leverage existing Windows server technologies such as Certificate Services, Internet Authentication Server (IAS), and Active Directory facilities along with newer software components, such as Microsoft 802.1X Authentication Client to establish a solid wireless security architecture for enterprise networks.
Because deploying the 802.1X Authentication Client requires a substantial Windows Server infrastructure, this software client isn't intended for casual home wireless users; instead, it's for enterprise wireless adopters wanting to deploy Windows systems that access corporate computing resources via a wireless link. Supporting 802.1X requires a RADIUS-based authentication server as well as an internal Certificate Authority (CA). Internet Authentication Service, available for Windows 2000 Server and Windows 2003 Server, satisfies the RADIUS service requirement. For network redundancy, Microsoft recommends deploying a primary and secondary 1AS system. The Domain Controller maintains the Active Directory database, which includes user accounts, computer accounts, and dial-in properties that each IAS server requires to properly authenticate credentials and evaluate authorization. The use of digital certificates always involves a Certificate Authority; and, for this, Microsoft recommends using Certificate Services available in Windows 2000 and Windows 2003 Server editions.
Although 802.1X has been promoted as a security solution for Wi-Fi wireless networks, this technology was developed for wired Ethernet networks. Several third parties have implemented their own versions of the Extensible Authentication Protocol Extensible Authentication Protocol, or EAP, is a universal authentication framework frequently used in wireless networks and Point-to-Point connections. It is defined by RFC 3748. (EAP (Extensible Authentication Protocol) A protocol that acts as a framework and transport for other authentication protocols. EAP uses its own start and end messages, but then carries any number of third-party messages between the client (supplicant) and access control ), which is at the core of the 802.1X framework. These variations include EAP-MD5 (Message Digest, version 5), EAP Cisco (Cisco's Lightweight EAP implementation), EAP-TLS See EAP. (Transport Layer Security), and EAP-TTLS See EAP. (Tunneled Transport Layer Security). Microsoft's attention to EAP has been concentrated on supporting the EAP Transaction Layer Security (EAP-TLS) and Protected Extensible Authentication Protocol
Protected Extensible Authentication Protocol, Protected EAP, or simply PEAP (pronounced "peep" (PEAP See EAP. ) variations. Microsoft has added these EAP implementations to Windows 2000, Windows Server 2003, Windows XP, and Windows Mobile 2003 operating systems.
EAP-TLS is a dual-certificate model, with one certificate assigned to fine wireless client and the other to the authentication server. This type of mutual authentication gives security-minded enterprise adopters a more secure deployment because both the client and server are being authenticated prior to the normal 802.1X key exchange process. However, this added security level requires more administrative effort by IT staff because they have to deploy a digital certificate to each wireless client.
PEAP is a computer-based certificate model that uses Microsoft Challenge Handshake Authentication Protocol version 2 (MS-CHAP v2), for authentication. The primary advantage of PEAP over EAP-TLS is the ease of deployment because it doesn't require you to deploy each wireless client with a certificate. Furthermore, you can configure PEAP to use other EAP security authentication methods, including methods that utilize smart cards. This is particularly important because transmitting credentials, which normally occurs when a network connection is first established, shouldn't be handled via clear text across a Wi-Fi network. Doing so leaves the security information highly susceptible to war-driving exploits.
EAP and wireless network policies
To automate the configuration of wireless network settings for Windows XP (service pack 1 and later) and Windows Server 2003 wireless client computers, Windows Server 2003 Active Directory domains now support a new Wireless Network (IEEE (Institute of Electrical and Electronics Engineers, New York, www.ieee.org) A membership organization that includes engineers, scientists and students in electronics and allied fields. 802.11) Group Policy extension that lets network administrators configure wireless network settings that are part of Computer Configuration Group Policy for a domain-based Group Policy object. This remote access policy lets employees wirelessly access the organization's intranet.
Windows and Wi-Fi Protected Access (networking, security) Wi-Fi Protected Access - (WPA) A security scheme for wireless networks, developed by the networking industry in response to the shortcomings of Wired Equivalent Privacy (WEP). (WPA WPA: see Work Projects Administration.
in full Works Progress Administration later (1939–43) Work Projects Administration
U.S. work program for the unemployed. )
Wi-Fi Protected Access (WPA) is complementary to the wireless security model Microsoft introduced in the latest generation of Windows operating systems for desktops, servers, and devices. The WPA technical specification includes provisions for a RADIUS server (such as an Internet/ Authentication Service or any third-party RADIUS-compliant server, such as the Funk Software Steel-Belted Radius product line). In addition, WPA is backward-compatible with WEP (Wired Equivalent Privacy) An IEEE standard security protocol for wireless 802.11 networks. Introduced in 1997, WEP was found to be very inadequate and was superseded by WPA, WPA2 and 802.11i. , so you can configure it to support clients that work with either WPA or WEP.
You can also implement WPA for home networks. This doesn't normally include a RADIUS server. You can configure wireless network cards and access points with a shared, private key. WPA support is available for Windows XP and Windows Server 2003 in the form of a client program.
Short Message Service (SMS (1) (Storage Management System) Software used to routinely back up and archive files. See HSM.
(2) (Systems Management Server) Systems management software from Microsoft that runs on Windows NT Server. )
SMS appeared commercially in the Windows Mobile OS environment starting with the Pocket PC 2002 Phone Edition and Smartphone 2002 devices. Support for SMS was carried forward with the introduction of the Windows Mobile 2003 and Smartphone 2003 mobile operating systems. In the Windows CE environment, managing SMS messages is nearly the same as managing standard e-mail messages. The SMS Messaging component is integrated with the standard Windows CE Inbox application; the interface and feature set for managing SMS is the same as for e-mail. This includes functions such as forward and reply. Also, if the device is turned off, offline, or outside a coverage area, the SMS message is store(1 at the wireless operator and forwarded when the user reconnects. Microsoft also includes a set of API calls for SMS messaging that third-party applications can use.
Wide area cellular connections now and on the horizon
Microsoft's first serious foray into the world of wireless focuses on local and personal area networks via Wi-Fi and Bluetooth support. The exception to this in Windows CE .NET, which has a Cellcore component that offers basic support for CDMA (Code Division Multiple Access) A method for transmitting simultaneous signals over a shared portion of the spectrum. The foremost application of CDMA is the digital cellular phone technology from QUALCOMM that operates in the 800 MHz band and 1.9 GHz PCS band. and GPRS (General Packet Radio Service) The first high-speed digital data service provided by cellular carriers that used the GSM technology. GPRS added a packet-switched channel to GSM, which uses dedicated, circuit-switched channels for voice conversations. . Longhorn The code name for the Windows Vista operating system. After the client version was renamed "Vista" in 2005, Longhorn referred to the server version until it was officially named Windows Server 2008 in May of 2007. See Windows Vista. , the follow-up to Windows XP, will bring wireless networking for cellular Wireless Wide Area Networks (WWANs) to the desktop and server platforms.
The best example of this new support is WZC, which in Longhorn will include a GPRS Auto-Configuration Service. As I explained earlier, WZC dynamically connects to a wireless network, based either on a user's preferences or default settings. In the same way WZC automatically selects and configures a wireless connection based on a list of available Wi-Fi access points, the GPRS Auto-Configuration Service will help users configure a GPRS handset or data modem that has been detected by Windows. In addition, other support scenarios exist which may include the capability to detect and utilize the Bluetooth capability of a GSM/GPRS handset for wireless Internet connectivity.
This expansion of wireless network integration will help users more easily manage connections in areas where they're! dealing with wireless coverage tiers. For example, in the case where both Wi-Fi and GPRS network service is available to the wireless Windows user.
Table 1: Making sense of your mobile options--Wireless features available in Pocket PC 2002 Phone Edition, Windows CE .NET, and Windows Mobile 2003. Wireless Windows CE Pocket PC 2002 Windows Feature .NET 4.2 Phone Edition Mobile 2003 Cell Phone No Yes Yes Integration (i.e., call forward) SMS No Yes Yes GSM/GPRS No Yes Yes CDMA No Yes lYes Cellcore No Yes Yes API layer SIM Card No Yes Yes Contact Manager 802.11bWi-Fi Yes Yes Yes 802.1X Yes No Yes Authentication Windows Zero Yes Yes Yes Configuration (via download) IrDA Yes Yes Yes Bluetooth Yes No Yes (OEM option)
MOBILE BUSINESS BENEFITS
Although Wi-Fi has caught on like wildfire with consumers, enterprise adoption has been slower due to Issues of security and a lack of administration tools. Microsoft hopes to remedy this with enhancements to its device, desktop, and server operating systems.
IEEE 802.1X addresses authentication, authorization, and auditing of computers and users in a Wi-Fi enterprise network environment. The802.1X security framework was developed by the Institute of Electrical and Electronics Engineers Not to be confused with the Institution of Electrical Engineers (IEE).
The Institute of Electrical and Electronics Engineers or IEEE (pronounced as eye-triple-e (IEEE) to address many Wi-Fi security issues, including protection of user authentication credentials, particularly in the early stages of the network authentication process. Aspects of the IEEE 802.1X security specification include user identification, authentication, dynamic key management, and accounting facilities. One important benefit of the 802.1X security framework is that it lets organizations reuse much of their existing network server and VPN (Virtual Private Network) A private network that is configured within a public network (a carrier's network or the Internet) in order to take advantage of the economies of scale and management facilities of large networks. infrastructure.
Windows Zero-Configuration In a Nutshell
Here are a few of the key features of WZC:
* Systems can automatically retrieve several network connection properties such as the IP address, gateway, and DNS servers. If you're using the 802.1X authentication client, WZC automatically configures the RADIUS and IAS addresses.
* WZC is integrated into the Windows XP network configuration and management control panels.
* WZC supports key management for IEEE 802.1X, WEP, and WPA.
* If several access points are available, the user can pre-define an ordered list of preferred wireless LANs WZC will select for association. This capability lets administrators or users determine which access points a Windows client can roam to.
Oss for Mobile Devices Redux Refers to being brought back, revived or restored. From the Latin "reducere."
Windows CE .NET is a component-based, real time embedded operating system An operating system used in special-purpose applications (embedded systems). Embedded operating systems are typically very compact and often designed for real time operations. See embedded Linux, QNX, OS-9, Windows XP Embedded, Windows CE, VxWorks and Symbian OS. . Many of its key components originated in the desktop version of Windows, which Microsoft ported to CE over many releases. Windows Mobile 2003 is based on Windows CE .NET version 4.2, whereas Pocket PC 2002 (along with the Phone Edition) was built based on Windows (TE 3.0 (figure 3). The Smartphone operating system shares code and components with Windows CE, but it's specifically designed for cellular handsets.
[FIGURE 3 OMITTED]
Microsoft has introduced new connection services to support Wt-Fl, 802.1X, and Bluetooth in Windows CE .NET 4.2. windows Mobile 2003, which is based on Windows CE .NET, expands the array of wireless support to include GPRS and CDMA radio protocol stacks. Table 1 shows a complete list of wireless technologies available in Pocket PC 2002 Phone Edition, Windows CE .NET, and Windows Mobile 2003.
Certificate Services--Microsoft Certificate Services offer a public key infrastructure (PKI (Public Key Infrastructure) A framework for creating a secure method for exchanging information based on public key cryptography. The foundation of a PKI is the certificate authority (CA), which issues digital certificates that authenticate the identity of ) subsystem that has been integrated into the Windows 2003 and Windows 2003 Server editions. This PKI infrastructure enables the secure exchange of information between systems on a network. You can deploy Certificate Services to an enterprise environment to verify and authenticate the validity of each user connecting to a given network resource.
Internet Authentication Server (IAS)--This is Microsoft's implementation of a Remote Authentication Dial-In User Service (RADIUS) server. IAS, which is a member of the Windows Server family, offers authentication, authorization, and accounting services for various types of clients, including wireless, VPN, and dial-up.
Active Directory--A hierarchical repository of users, servers, printers, and other network objects that serves as a directory service in an enterprise Windows network.
802.1X Authentication Client--The 802.1X client software is available for Windows XP service pack 1 and Windows 2000 service pack 3, and Windows Mobile 2003. Pocket PC 2002 support is different from Windows Mobile 2003 in that it only supports PEAP.
Kevin Wittmer works as a senior software engineer for SmartSignal Corporation, headquartered just outside Chicago. SmartSignal is a leader in early-warning predictive technology utilized in the aviation, electricity, and transportation sectors, http://www.smartsignal.com.