WLAN standards and integrating WLAN into SAP hardware infrastructures

How much have wireless technologies changed in recent years? Have they undergone rapid development in bandwidth and use? In this section, discover how wireless technologies are having an influence on adaptive SAP hardware infrastructures, and learn how to determine the best locations for Wireless Local Area Network (WLAN) nodes when considering an adaptive SAP hardware infrastructure.

Adaptive Hardware Infrastructures for SAP

Adaptive Hardware Infrastructures for SAP
Chapter 11: Local Area Network Solutions

How much have wireless technologies changed in recent years? Have their bandwidth and their usage increased? In this section, discover how wireless technologies are influencing adaptive SAP hardware infrastructures, and learn how to determine the best locations for Wireless Local Area Network (WLAN) nodes when considering an adaptive SAP hardware infrastructure.

Adaptive hardware infrastructures for SAP, Ch. 11

Table of contents:
How to attain high availability for SAP and local networks
Configuring wires and fibers in adaptive SAP hardware infrastructures
WLAN standards and integrating WLAN into SAP hardware infrastructures

 Chapter 11: Local Area Network Solutions

11.4 Wireless Networks

Wireless technologies in recent years have undergone rapid development in terms of both their bandwidths and their increased use. In 2004, 42 % of all notebooks were already equipped with Wireless LAN (WLAN) functionality, and, according to estimates from the IDC market research institute, this percentage will rise to 98 % by 2007.

11.4.1 WLAN Standards

Wireless local networks (Wireless LAN, WLAN) are defined in the norms IEEE5 802.11 and ISO CD8802-11. After an initial 2Mbps in the first 802.11 standard without additional letters at the time, 802.11b followed with 11Mbps and 802.11g followed with up to 54Mbps (~30Mbps net) with three channels on the 2.4 GHz frequency. Some manufacturers already provide systems with transfer rates of 100 Mbit/s, with the assurance that modifications resulting from a standard that will subsequently be introduced can be imported in the form of a software update. Contrary to this, 802.11a and 802.11h each have eight channels in the 5 GHz band at their disposal. However, this band is also used by radar systems and earth observation satellites. A certain detection threshold in the interaction with Dynamic Frequency Selection (DFS) is supposed to ensure that these radar systems and satellites are not disturbed by WLAN.

This excerpt from Adaptive Hardware Infrastructures for SAP by M. Missbach, P. Gibbels and others is reprinted here with permission from SAP Press; Copyright 2005.

Download a pdf of this chapter.

 The 802.11 alphabet also knows a range of other letters, which reflect modifications made according to country-specific regulations or modifications made for functional enhancements.

For example, variant 802.11h was introduced to comply with the requirements of some European countries for a automatic adaptation of the transmission power (Transmission Power Control, TPC), which is supposed to further reduce the probability of interferences. Without TPC and DFS, 5 GHz radio networks in Europe can be subject to very rigid obligations that limit the operation to ranges of less than 20 meters in buildings.

The letters e, l, and f, are used for function enhancements. IEEE 802.11f defines the Inter Access Point Protocol (IAPP) for roaming between Access Points of different manufacturers. The 802.11i standard is supposed to protect wireless networks against unauthorized access by implementing encryption processes and user authorization. The 802.11e attempts to enable a prioritizing of certain applications such as voice-over IP (VoIP) in the WLAN. However, no bandwidth can be guaranteed here; rather, the access point tries to implement the different priority levels in as far as possible.

Standard 802.11a uses Orthogonal Frequency Division Multiplexing (OFDM) for transmission with up to 12 channels depending on the country, while standard 802.11b is based on Direct Sequence Spread Spectrum (DSSS). The development of 802.11g was made possible after the Federal Communications Commission (FCC) had released the OFDM technology in the 2.4 GHz band.

In addition to the 802.11 family, the IEEE has ratified norms for even higher speeds. 802.16a or Wimax6 uses the frequency range of 2 to 11 GHz for transfer speeds of 70Mbps with coverage of almost 30 miles, while 802.16b is supposed to enable even 134.4Mbps in the frequency range of 10 to 66 GHz. The Wimax Forum7 aims to have an unlicensed band for 802.16a with 5.8 GHz and two licensed bands with 2.5 and 3.5 GHz. Other bands are to follow later. The radius of a cell should realistically be set to 20 miles, regardless of whether there are obstacles between the sender and the recipient. Market researchers expect a wide availability of these technologies by 2008.






While using WLAN for mobile applications is indispensable, the rapid development of radio technologies to ever-increasing bandwidths and the growing use of laptops with integrated WLAN interfaces beg the question of whether avoiding cabling altogether, for stationary work centers as well, is a real possibility. There are, however, some constraints to consider that you won't typically find in the manufacturers' brochures.

Due to physical laws, at a given transmitting power, the bandwidth is dependent on the distance. As you can see in Table 11.1, the rules are as follows: The larger the distance, the lower the actual bandwidth. For increasing frequencies, obstacles cause mounting problems to electromagnetic waves.




 Table 11.1:

   A Practical Example of WLAN
In the feeder railway of a lignite mine, information about shunting tasks, the sequence of wagons, wagon data, and the currently covered length of shunting tracks is transferred to the handheld PCs of shunters and locomotive drivers via 802.11b WLAN.

To minimize the number of access points, the antennae were aligned along geographically defined lines of sight, and the locomotives were equipped with an access point repeater that ensures radio coverage for the shunter's handheld in the area of his shunting unit. In addition, the locomotive drivers enter operating data such as engine and compressor runtimes, or the fuel consumption directly through pocket PC and WLAN on the driver's console.

Correlation between WLAN Coverage and Bandwidth
  11Mbps 5.5Mbps 2Mbps 1Mbps
Open country 70 yds. / 66 m 100 yds. / 91 m 135 yds. / 125 m 187 yds. / 171 m
In buildings 30 yds. / 28 m 38 yds. / 35 m 47 yds. / 43 m 58 yds. / 53 m



In addition, all WLAN protocols cause considerable overheads, so out of a bandwidth of up to 11Mbps, approximately only 7Mbps can be used for user data and this can only be reached when you are close to the transmitter (i.e., access point).


ISM band Most WLAN products use the ISM (industry, science, and medicine) band in a range of 2.4 GHz. However, the transmitting power in the ISM band is limited to 500 mW so the highly sensitive medicinal diagnosis systems don't get disturbed. For this reason, mobile telephones that have an essentially higher output power must not be used in hospitals, and you should resist the urge to download your latest email to the computer via your cell phone while sitting in the waiting room of the intensive care unit. The low transmitting power reduces the range correspondingly. Similar restrictions also apply to the 5 GHz band.


In addition, a basic disadvantage of radio networks is that all participants must share the available bandwidth. It is precisely because the ISM band is license-free that it is also used by many other systems. Examples of other systems include the wireless control of erection cranes and the hobby area. RC cars and planes are therefore potential sources of inferences for WLANs. The Bluetooth short distance radio technology, which allows mobiles, headsets, handhelds, and printers to communicate with each other, uses also the 2.4 GHz ISM band. Even a microwave can pose a possible source of disturbance since it also often works in the 2.4 GHz range.


Like the 2.4 GHz range, the 5 GHz band is similarly utilized by radio applications. However, because of the higher number of channels, more users can share a radio cell.


All end devices set to a specific channel necessarily share the bandwidth. Therefore, the 11Mbps that exist on paper can easily become only 600 kbit/s in actuality, and even this cannot be guaranteed. In certain circumstances, this leads to drastically increased response times for an SAP user who is connected to an SAP system through WLAN if a coworker is currently loading a large email attachment on the same channel. If access points are used as radio bridges, the range increases but not the bandwidth as the traffic from the neighboring cell also has to be transferred.


In order to cover larger areas and user numbers, more cells must be installed. The access points required for this, in turn, need a conventional cabling, which means that you cannot avoid providing a fixed cabled network. Practice has shown the benefit of equipping power users with both stationary work centers and a fixed cable network connection, and a hotspot for the shared desk area in the office.


11.4.2 Installation Guidelines for Wireless Networks

In order to determine the locations for WLAN access nodes (so called WLAN basis station), the construction drawings for the building should be inspected for hidden metal constructions such as steal reinforcement and water pipes, which shield the radio waves like a Faraday cage and therefore disrupt the WLAN connection. But, even a larger number of people have a negative influence on the performance of a radio network (the high water content of human beings damp the radio waves). Due to starkly reduced prices for access points, you can simply install some of them on a trial-and-error basis.






The steel racks and the steel reinforced concrete walls in high-bay racking, however, absorb the transmitting energy of omnidirectional antennae. Directional antennae that radiate into the warehouse alleys can ensure a stable connection.

Using the Direct Sequence Spread Spectrum (DSSS) technology, the IEEE 802.11b standard provides 13 channels for transmission; however, because these channels overlap each other, they can't be used in direct proximity (side by side). At the end, there are three triples (channels 1, 6, and 11; channels 2, 7, and 12; and channels 3, 8, and 13), which don't overlap each other.

This means that in an ideal scenario a maximum of three access points with a total bandwidth of 33Mbps can cover a room without any disturbance. Anyone can send and receive on a different frequency without any interference provided there's a sufficient distance between the sender and the receiver. To ensure complete redundancy, the radio field of an access point must also be covered by the radio field of a second access point.

Channel Layout for WLAN

For larger WLAN installations, you must ensure that access points, which are situated next to each other, are configured with different channel numbers. Otherwise, they would mutually disrupt each other. Here you must consider that access points necessarily radiate through several floors. As the individual radio channels also partly radiate into neighboring frequencies, for instance, when node A transmits on channel 1, the directly adjacent access node B should be set to channel 6, and node C should be set to channel 11. Therefore a carefully designed channel layout is necessary for larger WLAN installations.

In larger office buildings that are used by several companies, there are also problems if the WLANS of individual companies overlap and thereby cause interferences. If services in the form of hot spots are provided for third parties, in some countries a concession is required, which is currently still free of charge.

Experience has shown that many WLANs are insufficiently secured. According to a study by Ernst & Young from 2003, over 50 % of users do not change their default passwords to access points, 25 % configure the Service Set Identifier (SSID) in such a way that it reveals the network name, and in many cases, even the company name or the IP address. But, at least 48 % of WLAN users use a Virtual Private Networking (VPN) to protect their data. Only a third of users implement a firewall between wired LAN and WLAN. In total, WLANs are included in only 33 % of the companies in the technical and regulatory regulations for the security concept.




WLANs also Threaten Wired Networks



In addition to encryption, the access procedure can also enhance security. Each WLAN has Service Set Identifier (SSID) as a name. So clients can communicate with the radio network, they must know this SSID and enter it when logging onto the radio network. In hot spots, the SSID is often sent out as a broadcast. If this is prevented, the clients must already know the SSID in order to be able to create any connection. All other participants are excluded from communication with this WLAN.

However, during the authentication process, each client sends the SSID in plain text to the access point, which can easily and most assuredly be eavesdropped on by an attacker. Unfortunately, this is unavoidable, because several different radio networks can exist within one footprint.

Some manufacturers have integrated access control lists (ACL) in their access points so they can only permit those clients with known MAC addresses to communicate in the WLAN. Although this excludes participants with unknown MAC addresses from using the network, this mechanism can also easily be overcome by attackers with simple methods. During communication in a radio network, the MAC addresses must be transferred unencrypted. This enables the attacker to tap valid MAC addresses, which they can then configure in their own WLAN cards by using the corresponding software.

Technologies like Wired Equivalent Privacy (WEP) which the key is stored in the access point and the notebook, generally do not provide sufficient security, because they can be relatively easily cracked by scanning the data traffic. Therefore, we advise you not to implement any WLAN-based encryption; instead, you should establish a secured connection between the client and the firewall with a powerful IPSec encryption in a VPN. In addition, an overall concept from authentication, authorization, accounting, and encryption is necessary.

In "typical" access point concepts, only the WLAN-side "air interface" of the access point is encrypted while the data in the cabled part is transferred unencrypted. So called WLAN switches can be positioned in such a way that their network port is logically immediately connected to the firewall or the VPN server. As data traffic on the cable route between the WLAN switch and the antenna systems is encrypted in the same way as in the air interface, security is guaranteed from one end to the other without the end user having to install a VPN client.

For big installations, a large number of access points means that configuration and administration becomes time-consuming and costly. These difficulties were overcome on classic, cabled networks by automatic, rule-based switching on network levels 2 and 3. For WLANs, there are corresponding concepts of Wireless LAN switching.

To do this, a WLAN switch is installed (for example, from HP, Nortel, Extreme Networks, or Proxim), from which access points and access to the network can be administered centrally. Thus, the decentrally installed access points become pure antenna systems that convert only radio signals to Ethernet packets. The "intelligence" of the WLAN is concentrated in the wireless switch. In general, access points don't even need an IP address. Their power supply can be ensured through "power over Ethernet" according to the 802.3af standard, so that, apart from the Ethernet cable, no further installation is necessary.

For real mobile users, which roam within a WLAN network between the footprints of different access points, a wireless switch provides a single sign on (SSL) and roaming times that are typically under 30 seconds. However, strictly speaking, this is not the kind of roaming we know from mobile phones that roam between the networks of different providers. Instead, it is an interruption-free handover from one radio cell to another.

Furthermore, many WLAN switches offer functions such as automatic channel selection—where the layout of the radio cells is automatically optimized—and preemptive roaming (wireless load balancing).

11.4.3 Ad-Hoc Networks

Ad-hoc network technologies such as Bluetooth8 were developed to Bluetooth enable a dynamic connection establishment between mobile devices such as wireless DECT phones, laptops and PDAs. Recently, this list has been complemented by hands free speaking systems and headsets. Originally, the Bluetooth concept was only intended to replace the cables between the phone handsets and their peripheral devices with a radio connection. However, the user spectrum was very quickly expanded to include the world of the personal computer. The developed is controlled by the Bluetooth Special Interest Group.

While WLANS require a fixed configuration, ad-hoc networks are based on a master-slave system where a master device controls the changing connections in a Piconet cell. As the type and number of devices in the cell can change unexpectedly, the routing protocol used by Bluetooth must be capable of dynamically reconfiguring the network "on the fly."

The designers of Bluetooth, too, have decided to use the license-free 2.4000 GHz–2.4835 GHz ISM frequency band. Since this band is already used by so many other wireless services, Bluetooth uses an Advanced Frequency Hopping Technology (AFH) to avoid interference problems, which have made life difficult for other ISM band users. The AFH concept uses 79 different radio channels from among which it switches 1.6 times per second. Thus, a channel is used only for 625 microseconds before the switch is made to the next randomly selected channel.

Bluetooth currently allows a transfer rate of up to 1Mbps which corresponds to a real throughput rate of approximately 720 kbit/s. Power management in Bluetooth is divided into three different performance classes: Class-1 devices work with 100 milliwatt (mW) and have a range of up to 110 yards (100m). Class-2 devices work with 2.5 mW and have a range of up to 10 yards (10m). Class 3 manages with 1 mW and reaches between 5 inches (10cm) and 1 yard (1m). This relatively short range has the advantage that the transfer channels are not blocked by Bluetooth devices operating from a greater distance.

11.4.4 Mobile Communications

For the mobile business applications, in particular, which are provided by SAP with its NetWeaver product, the data services of mobile communications providers are an interesting alternative for replication—that is, replication between the mobile client (mostly a Personal Digital Assistant, PDA), and the SAP Mobile Engine Infrastructure Server. The data quantities to be transferred are typically so small that the mobile technologies currently available have no problems with them. However, even these relatively small volumes of data, which are usually ignored when designing a network, can become an issue, especially when it comes to connection costs.

11.5 Voice—Data Convergence

One area in which the infrastructure consolidation has rapidly developed in recent years is the merging of voice and data services. After all, this is not very surprising because the transmission of information through electronic signals is really integral to both concepts.

One of the reasons why Ethernet has become more popular than technologies such as TokenRing was the development of 10BaseT by Hewlett-Packard, where, instead of coaxial cables (10Base2 and 10Base5), twisted-pair cables of category 3 could be used, which at the time corresponded to the existing telephone cables used in the US.

American-type phone cable consists of two pairs of separately twisted wires. Alternatively, the telephone cables predominantly used in Europe consist of four wires that are twisted together (see Figure 11.6). This structure results in a stronger crosstalk that obstructs a usage for the Ethernet.

American and European Telephone Cables

Meanwhile, at least in company networks, the quantity of bytes for data transfers has exceeded that for voice communication by far. It is no longer about transferring data via a modem through proprietary telephone networks, but rather about transferring voice through open IP infrastructures (Voice over IP, VoIP). Here, one advantage is that, due to suitable compression algorithms (codecs), the necessary bandwidth for a telephone conversation is so low that it can be easily "saddled" on the normal Ethernet connection of an SAP user. However, the particular requirements of language services must be considered here, especially with regard to latency. Therefore, the use of VoIP technologies depends on the constant availability of Quality of Service (QoS) in the IP infrastructure of a company.

Another important difference between language and data networks is that in conventional telephone systems the end devices are generally provided with the necessary operational voltage through the connection cable. Even if a PC with headset was perfectly sufficient (and offers substantially more functionalities), experience shows that users don't like to be without their familiar phones on their desks; admittedly, these phones don't have to be booted. These problems can be solved through patch fields, which superimpose a direct voltage on the high frequency data signals (Power over Ethernet, PoE) to supply power to the IP telephones. If, on top of that, the IP phones are also daisy chained into the connection of the PC, only one Ethernet connection per user is necessary.

In this way, the consolidation of voice and data transfer can drastically reduce the costs for the local network infrastructure. However, we know from experience that, in order for VoIP to be accepted by the users, availability must be guaranteed, which is akin to that of the familiar telephone, and it can only be achieved with the concepts described above.

11.6 Summary

Modern LAN technologies provide sufficient bandwidth to connect a large number of users to an SAP system. However, there are certain requirements to be considered regarding reliability:


  • Design the network backbone as redundant, but be aware of the threats caused by network loops.
  • Implement highly available network clusters and error-tolerant meshed networks together and patch intelligently.
  • Do not forget to equip all network cabinets with an uninterrupted power supply.
  • For connections between buildings and in the rising mains area, all fiber optics cables are required due to their lack of sensitivity to lightning strokes and ground loops.
  • The quality of the installed cables and the proper installation has a significant impact on the performance of your network which is usually underestimated. The wiring of a floor or entire building is a major investment. Using low quality cables or unqualified installers can void this investment to a great extend, leading to significant cost in future. A wiring investment should be planned as carefully as a hardware investment project.
  • The cabling for power supply also plays a pivotal role for disruption-free operation. Neutral wires and protection wires should never be used together (PEN); between building parts with different grounding potential, only fiber optics cables should be used.
  • Radio networks are suitable for connecting individual mobile SAP applications. For large numbers of users, a distribution across several access points is necessary, which requires a well devised channel layout plan.
  • WLANs must be integrated into the security concept of the company.
Directional Antennae for Improved Radio Coverage in Warehouses
In warehouses and manufacturing, wireless mobile terminals with bar code readers are frequently used to compile data along with the mobile data entry interface of SAP Materials Management (MM-MOB).
For companies, the growing use of notebooks with built-in WLAN connectivity increased the likelihood that the security of their networks was being compromised. The reason behind this was and is that badly configured notebooks function as WLAN access points when they are connected to a company LAN by cable without disabling WLAN functionality. In most cases users are not aware of this security hole and breach security unintentionally.


Dig Deeper on SAP selection and implementation