Subscribe
Get new articles the day they are written. You can subscribe by:
- Email
- RSS Feed
About the Author

Wilde on Mobile and Embedded

As CTO and Chief Software Architect of Aton International, Inc., Charles Wilde envisioned and orchestrated the development of Aton’s current line of mobile and embedded device products and services. The high quality results reflect his unique understanding of how to combine software with devices to satisfy business requirements.
Tags
.net activesync Apple iPhone Aton International company news connect donwload font host install Intel Atom internet explorer iPhone keyboard Mobile Application Development network Nokia Open Source Mobile Platform pocket gear profiles registration shortcuts SSL Certificates start Symbian timeout trial vpn Windows Mobile
Categories

Why Can’t I Connect (To My Wireless Network)?

by Charles Wilde at January 5, 2005 10:14 am

It seems like such a simple set of operations:
Step 1, select the web site or intranet,
Step 2, click on it to connect,
Step 3, watch it connect, and
Step 4, see the site.

Steps 2 and 3 seem to be the areas of most difficulty.

One of the great challenges to realizing the potential of mobile devices for business use is making a wireless connection. In general terms, problems in making a successful connection resolve to three broad areas:

1. Access to wireless media issues, be it a cell phone medium such as GSM/GPRS, or CDMA, or wireless LAN, typically a variant of 802.11. Wireless media often provide only intermittent connectivity, especially when you are physically moving around with the mobile device. The wireless carrier signal can just be unavailable in your current location.

2. Security issues, including incompatible VPN server and clients, wireless security access point requiring security standards not implemented in the mobile device, firewall blocks to protocols used by applications in the mobile device, etc.

3. Mobile device configuration issues. Mobile devices now include multiple connection methods. Correct device configuration is essential to a successful connection attempt. Other configuration issues revolve around communication link timeouts, which for certain cell phone carriers need to be set to higher values.

Dialing Up

Reality: Access to wireless media is inherently less reliable for mobile devices than wired connections. Simple movement of a mobile device can easily disrupt a wireless connection, be it WLAN (802.11) or cellular. Even if the mobile device is temporarily stationary, a marginal, weak signal connection can be rendered inoperable by external influences such as passing vehicles and changing weather conditions.

What To Do: Test in multiple locations. Test at different times of day. Voice coverage and data coverage may not be identical.

Reality: Another issue is contention between services running on the same mobile device, such as voice, data and SMS. Under certain conditions, data connections can be automatically suspended when a voice call is made or received. The ability to simultaneously support voice and data traffic is a function of the particular mobile device as well as support provided in the carrier network. A particular carrier may support simultaneous voice and data traffic, or give priority to either voice or data. A carrier may automatically shunt voice calls to voice mail if a data connection is in use. Alternately, the carrier may pose a question to the user of the mobile device for answering a incoming voice call, which will temporarily suspend data transfer for the duration of the voice call.

What To Do: Check with your cell phone carrier for what to expect with your mobile device. In the best case, some cell phone services such as UMTS allow voice and data service simultaneously.

Reality: Seamless transfer between WLAN and cell phone service is an emerging capability.
It promises to ease the data connectivity interruptions for newer versions of the Windows Mobile Pocket PC Phone Edition and other mobile devices.

What To Do: Test, test, test.

What’s Going On With Your Data?

Simplified Protocol Stack

The actual connection between the two systems is at the Data-Link layer. The data flows down in packets from the Process layer through the Transport, Network and Data-Link layers, across the physical network to the other Data-Link layer, up through the Network, and Transport layers to the other Process layer.

The network “plumbing” is designed in layers to make its complexity more manageable. Each layer is a software object with defined interfaces and protocols for each layer. A protocol is a set of rules and conventions between the communicating units.

A data packet starts at the top of either stack and travels down, across, and then up again. Each layer communicates with the layer above it and the layer below it on the same side. At each layer, a header is added to the data packet which is used to communicate with its peer on the other side of the data link. When the data packet reaches the other side of the physical link, the data packet travels up the stack with each layer removing its header until the original data packet reaches the Process layer.

VPN — No Magic Bullet

Access to enterprise data normally requires various security considerations to ensure that the data become available only to authorized mobile users. VPN or virtual private networks have been the traditional choice to ensure network security for mobile users. A VPN link provides a secure data link over public or unsecured data transmission channels.

There are a wide variety of VPN methods and client software available to meet various needs. Because there does not appear to be an industry consensus on a single VPN standard, VPN usage can be a significant hurdle to successful mobile device connections.

Currently there exist four major categories of VPN protocols: PPTP, L2TP, IPSec, and SSL. Each has its pros and cons:

PPTP is the oldest VPN format and operates at the data link layer of the OSI protocol stack. PPTP creates the “tunnel” or virtual private network, but data security is provided with additional protocols such as Microsoft Point-to-Point Encryption (MPPE) protocol or other user selected means.
L2TP also operates at the data link layer of the OSI protocol stack. It provides more security features than PPTP, but also can be more difficult to implement due to the requirement for digital certificates.
IPSec can be used as security protocol for L2TP, or as a complete VPN solution in itself. IPSec also operates at the network layer of the OSI protocol stack and commonly relies on digital certificates.
SSL VPN links are a relatively recent development, and offer some significant advantages. The client software is often just the web browser, and SSL has been well tested over time with secure web servers used for Internet commerce and enterprise intranet access. SSL VPN links operate at the Session (Process) layer of the OSI protocol stack.

Not all of these VPN methods are available for all mobile devices. And, for a given method, the client software on the device needs to be chosen carefully to be compatible with the VPN server software. Once the client software is installed, careful coordination with the enterprise IT staff may be needed to configure the client software and install any necessary digital certificates.

Getting the Device Configuration Right

Beyond the requirements of a VPN, successful connections between mobile devices and enterprise servers require proper configuration of various communication related parameters. With Windows XP on a notebook or Tablet PC, this configuration is minimal, normally only requiring installing a driver for a wireless networking card. Often even this process is not required for the more popular networking cards. Once the driver is installed, configuring the driver to match the wireless access point security parameters is usually required.

With the Windows Mobile Pocket PC, configuration is more complex, requiring attention to each wireless communication method available on the Pocket PC. With recent Pocket PC Phone Edition devices, this can include cell phone, WLAN (802.11), Bluetooth, and IrDA infrared communication methods. To help manage all of these methods, the standard Pocket PC operating software comes with an application called “Connection Manager”. In addition, the manufacturer of the Pocket PC device may add an additional application to extend the management facilities to configure features unique to the device.

The Pocket PC Connection Manager categorizes connections into “Work” and “Internet” categories. This distinction is made to allow applications to select between two communication methods available to the Pocket PC. The “Work” connection may be set to communicate over a VPN connection to the enterprise LAN. The “Internet” connection can then be set to use a direct path to the Internet, bypassing the VPN.

Careful attention to configuration, both in the Pocket PC Connection Manager, and in a device manufacturer’s custom communication application is required to create a successful connection scenario. In particular, configuration changes may be required to cause the Pocket PC to select the VPN connection if an Internet or DNS style host name (one with “name.com”) is used in lieu of a NetBIOS style host name (one with “name”, no dots).

Getting Into the Right “Port”

Other configuration issues revolve around “ports”, which are subclasses of communication used to a single IP address. If a port number is blocked anywhere along the route between the mobile device and the enterprise server, communication will fail. Web browsers in unsecured mode typically use port number 80 which is most often open end to end. When moving to secure web browser communication, FTP or Telnet communication, or other specialized services including email, different port numbers will be employed.

To successfully connect using these services, you must work with your IT department to ensure that the appropriate ports are not blocked anywhere along the communication path between the mobile device and the server. Specialized software tools are available to determine where communication paths are blocked. Examples are IP Toolkit for the Pocket PC and “ping” and “tracert” for the Windows XP based mobile device.

Where Do You Start?

With an understanding of the underlying reasons why connections fail, here’s how to proceed to locate your connection problem and resolve it.

Step 1 - The first step in troubleshooting a connection problem is to focus on getting web browsing to public Internet web servers working. This resolves the first category of issues – connecting to the wireless media. You may also need to adjust the device configuration, such as adjusting the timeout.

Step 2 - Once you can get this to work, then the next step to enabling a connection to your enterprise server is to contact your company IT staff. They can advise you on items you will need: for example, the correct VPN client software, any required digital security certificates, proper port numbers, host names or IP addresses, DNS server addresses, communication protocols available, etc.

Step 3 - With the necessary communication client software installed and configured to the specifications from your IT department, the next step is to use software tools to trace the connection hops from device to communication nodes and then to the enterprise server. Tools like “ping” and “tracert” and IP Toolkit for the Pocket PC will identify where communication is likely blocked. Collaboration with your IT department will be necessary to work through these issues.

Comments RSS Trackback URL

No Comments »

No comments yet.

Aton International, Inc.

Subscribe

About the Author

Wilde on Mobile and Embedded

Tags

Categories