BY DEAN BOGDANOVIC, CTO, ALEF
Private mobile networks are becoming increasingly important in today’s digital age. The growing need for mobile connections, deterministic networking, security, privacy, and customization are a necessity for businesses, enterprises, and Industry 4.0.
However, deploying a private 4G/5G network to a facility with an existing connectivity solution, such as Wi-Fi, begs a crucial question – will the private mobile network replace Wi-Fi, or are they complementary technologies? A new report from the Wireless Broadband Alliance (WBA), “Private 5G and Wi-Fi Convergence“, makes a strong case that the latter is the answer, stating, “…it is certain that 5G will need to complement and coexist with its equally powerful twin, the Wi-Fi 6.”
Specifics of the environment and sometimes use case will determine which technology is best suited for each task.
As Wi-Fi is a well-used and well-understood technology, the challenge is for private mobile networks to be viewed as another local access technology, incorporated into the enterprise using existing methodologies. The primary obstacle for co-existence, as seen by the WBA, and with which I agree, is how to handle user authentication for both networks. Today, Wi-Fi has its own method of determining who is allowed access to an enterprise network, while a new cellular-based solution brings its own course of action. Maintaining two identity management systems is an unnecessary headache for CISOs and IT departments.
Two identity management systems are an unnecessary headache for IT departments
To authenticate users, Wi-Fi networks utilize the IEEE 802.1x-based Network Access Control (NACNetwork access control, or NAC, solutions support network visibility and access management through policy enforcement on devices and users of corporate networks. Learn More More) mechanism, based RADIUS protocol for authenticating and authorizing access clients based on their username/password, certificates, or a one-time password. The authentication and authorization is part of the existing enterprise Identity and Authentication Management (IAM) system, in which all policies are defined and enforced.
Private mobile networks defined by 3GPP3rd Generation Partnership Project
A group of standards organizations that develop protocols for mobile telecommunications. More, have an IAM system, which is different from the enterprise one. Both IAMs provide the same functionality, but use different standards.
Adopting enterprise Authentication and Authorization Methods is a Necessary Step
Many private mobile network solutions today operate in a world of their own, with their individual dedicated GUI-based management system and limited APIs, and require telecom expertise. However, enterprises are reluctant to deploy technologies that are incompatible with their existing identity and authentication systems. This is likely a leading cause of the slower-than-expected adoption of private mobile networks.
What enterprises are looking for is a simple-to-use, web developer-friendly, private network APIs to complete the private mobile network integration without significantly increasing costs. These APIs should provide an intuitive and easy-to-use means to control operations after deployment and be versatile enough to monitor network performance, track resources, and provide a visual snapshot of the network.
As the WBA paper puts it, the goal is to realize that “…an access-agnostic service layer with one identity, policy, and management plane is the ultimate goal….”
We at ALEF advocate using the NAC & IAM system already in use for existing enterprise Ethernet and Wi-Fi networks for cellular device authentication and authorization. This approach provides several benefits:
- Simplified operations – eliminates the need for two different IAM systems, building different expertise in-house, while reducing the day-to-day work for IT departments.
- Reduced costs – A simplified network architecture reduces CapEx, lowers operational costs, and removes the need for increased IT training of a new system
- Lower attack surface – Dual password/security databases are twice the target for cyberattacks.
ALEF’s Authentication Approach is the Answer
ALEF has been implementing a solution that enables enterprises to connect 3GPP standards Radio Access Networks to existing enterprise networks without needing to add new interface standards. Our solution easily integrates existing mobile radio systems with enterprise networks. The mobile device will connect to a cellular access point (e.g., using CBRSCitizens Broadband Radio Service Radio frequency band between 3.5 GHz and 3.7 GHz that can be used for 5G, 4G or LTE communication. The FCC has recently opened these band to general use. Learn more about CBRS More spectrum), which connects to an Alef Edge Platform. Our Edge Platform is a distributed edge cloud platform that provides a set of tools, services, and APIs for developing, deploying, and managing mobile network applications at the edge of the network. The Edge Platform uses the same authentication and authorization method – the RADIUS protocol that is used for Wi-Fi-connected devices in the enterprise network. The Edge Platform is easily scalable, extends existing security policies and rules provisioning, and allows customers to use our APIs to do all the mobile core functions involved in creating and managing a private network in an easy-to-use model.
We have successfully provided our customers in smart spaces and the education sector with secure and reliable private cellular connectivity and mobility. For example, we enabled a school to increase its wireless capabilities by adding a private mobile network, helping students, teachers, and staff while simultaneously letting the school IT department manage the new capabilities with its existing management tools.
Conclusion
The WBA report on “Private 5G and Wi-Fi Convergence” makes a strong case that both technologies are necessary in today’s digital age, as they serve different purposes in different settings. There’s also no doubt that the number of private mobile networks will continue to grow, however the widespread dissatisfaction with having to keep parallel systems to ensure user and device security poses a significant obstacle to broader acceptance. In short, maintaining two separate methods for user authentication & authorization is inefficient. With ALEF’s Edge Platform and APIs, enterprises will enjoy the benefits of Wi-Fi and 5GThe “G” in 5G stands for generation. 5G is the fifth generation of wireless technology. 5G is characterized by bigger channels (which improves throughput), lower latencies allowing for real time applications, and the ability to connect more devices (which is increasingly important as the number of devices has grown exponentially). More, while simplifying network architecture, reducing costs, and increasing security by using a single identity and access management plan.