A multi-industry initiative or framework for automating many of today's manual Wi-Fi tasks, HS 2.0 is being driven by the Wi-Fi Alliance (for certification under the Passpoint program) and organizations such as the Wireless Broadband Alliance (for interoperability). The shared vision for HS 2.0 is compelling: turn the Wi-Fi user experience into one that mirrors the cellular phone by establishing a Wi-Fi connection experience that is secure, automated and conforms to user/operator policy.
With Hotspot 2.0 it's now possible to link a huge network of effectively random Wi-Fi access points through a web of interconnections so users can seamlessly move between Wi-Fi networks from almost any location.
It achieves this through a truly revolutionary overhaul of the Wi-Fi connection procedure. Using the new IEEE 802.11u protocols, HS 2.0 allows the Wi-Fi client and infrastructure to have a pre-association "conversation" about the capabilities and AAA interconnects of a particular Wi-Fi network. The client then makes an automatic decision about whether to connect to this Wi-Fi network or not, or potentially to another that is also in range.
The selection process can be influenced both by user preference and operator policy. Automating this manual configuration and decision-making process eliminates huge hassles for both users and network operators, and increases the use of Wi-Fi service. Another important benefit of HS 2.0 is the implementation of advanced WPA-2 airlink security and client isolation to effectively automate security.
But while HS 2.0 has been developed and promoted predominately by carriers and equipment suppliers, this new technology looks to have its greatest impact and appeal within the enterprise.
Yes, the enterprise. Here's why.
People use Wi-Fi mostly indoors. And when they are indoors they are in some building, somewhere. And somebody else typically owns that building and most often the network infrastructure inside. That somebody else is usually an enterprise. A more recent phenomenon is the widespread and growing use of Wi-Fi across public venues. Such venues include hotels, schools, malls, retail outlets, public transport, etc. [Also see: "Two services that help protect public Wi-Fi users"]
In these locations service providers want to automatically connect their subscribers to their own "branded broadband" service using the venue's available high-speed Wi-Fi network, which they neither own nor operate. Hotspot 2.0 makes this possible by allowing user devices to automatically connect to any Wi-Fi network that has an interconnection with their "home" service provider. These back-end connections might be direct, but more likely will be indirectly provided through third-party "hubbing" services.
This represents an unprecedented opportunity for any enterprise to wholesale their existing wireless LAN capacity to myriad operators by charging them recurring fees for Wi-Fi network access. Enterprises can effectively turn their WLANs, often burdened by large capital and operational expenses to begin with, into profit centers while underwriting the costs to build more industrial-strength wireless network the improves their own users' experience.
Where it gets really interesting is when Google, Facebook and Amazon.com come into the picture at home provider, using HS 2.0 to authenticate users anywhere against their own databases.
[ ANOTHER VIEW: How to improve the smartphone experience inside the enterprise ]
Hotspot 2.0 in a nutshell
The initial work done on HS 2.0 (release 1) primarily focused on the foundational work of network discovery and automatic authentication, using a variety of credentials. Much attention has been given to the ability to use a smartphone SIM (subscriber identity module) as the HS 2.0 credential. HS 2.0 also supports client-side certificates or username/password pairs for authentication. Regardless of the specific credential used, HS 2.0 will eliminate the need for the user to fiddle with their device in order to associate to the hotspot. No more "SSID surfing" or having to ask the barista for the Wi-Fi passphrase.
The ability of the mobile device to "learn" about Wi-Fi network capabilities pre-association will completely transform the Wi-Fi user experience, making connecting to a Wi-Fi network effectively transparent. It will also completely change the nature of a Wi-Fi SSID (Service Set IDentifier).
In the past, users and devices had to "remember" SSIDs that have provided connectivity in the past, so that they can be accessed again in the future. These are typically SSIDs for which they have credentials or which provide open access.
With HS 2.0 the importance of SSIDs is reduced. What really matters is if the visited AP has a roaming arrangement with the user's "home" network provider. In fact the notion of having an AP advertise many different SSIDs for different purposes will also be greatly reduced in favor of Hotspot 2.0-based advertisements. This should also enhance the performance of mobile networks, as it reduces the airlink traffic associated with the beacons and probe responses generated by these additional SSIDs.
Release 2.0, currently in the testing phases, incorporates online sign-up for non-SIM devices as well as operator policy for network selection.
Operator policy helps handsets select the best carrier network to choose based on a variety of options. For instance, the device will be able to select the "best" visited network, based on roaming agreements, service level agreements or any number of other criteria. The good news is that the enterprise is oblivious to all of this as the infrastructure is now smart enough to figure it all out.
Online sign-up targets Wi-Fi-only devices that don't have SIM cards such as laptops and tablets. Online sign-up allows the infrastructure to transparently place a credential (e.g., x.509 PKI certificate) on the device, giving the user the option to "sign up" one time to register for a Wi-Fi service.
Equipment vendors are already supporting HS 2.0 in software that can literally be turned on with new and existing equipment and most handset vendors supporting the technology within their operating systems. In other words, enabling Hotspot 2.0 will require only software upgrades to exiting infrastructure and user devices.
With HS 2.0, there looms a massive opportunity for enterprises to create agreements with carriers of all shapes and sizes to wholesale Wi-Fi capacity. But doing this will dramatically change how enterprises need to build out their wireless LAN networks -- driving new requirements for higher capacity and more industrial-strength equipment.
Hotspot 2.0 puts much more pressure on enterprises to build Wi-Fi networks that can stand an order of magnitude more user capacity. While carriers will see a triple bonus of offload, keeping customers on "their" networks and providing their customers with automatic access to the Wi-Fi networks they (the customers) want to be on. As mobiles join the Wi-Fi network automatically, venue owners can realistically expect to see about a 10x increase in the number of sessions.
How Hotspot 2.0 will work in the enterprise
A single SSID will be used to advertise automatic authentication to a large number of "home" service providers.
The Access Network Query Protocol (ANQP) is then used to let the devices know which providers have roaming arrangements with the local venue. Some providers will be included in the ANQP advertisements from the AP, while the mobile device may request the complete list. Providers may be listed using any or all of the following identifiers:
- PLMNID: Mobile Operator Country Code (MCC) + Network Code (MNC)
- NAI: Network Address ID (i.e., domain name), e.g., btwireless.com
- Roaming Consortium Organization Identifier: This is assigned by IEEE to a single entity or group of entities with pooled authentication
An essential element in the roaming process, the HLR (home location register) is the database within a GSM network that stores all the subscriber data. If the home provider is a fixed operator, the request could be cleared through their RADIUS infrastructure and subscriber management system. AAA accounting records can also be provided from the local WLAN to the home provider AAA server for billing purposes.
The Generic Advertisement Service (GAS) protocol provides for Layer 2 transport of an advertisement protocol's frames between a mobile device and a server in the network prior to authentication. The GAS protocol transports ANQP elements between clients and APs, allowing a mobile device to query an AP prior to association to determine the network's capabilities and reachability information.
Up to three providers' organization identifier (OI) can be advertised in the roaming consortium element found within the beacons and probe responses. These would be cached in the AP.
If the client requests the full list of providers, the ANQP/GAS request would be forwarded by the AP to a GAS server function in the network. If there are a limited number of providers, the GAS server function could exist on the controller. In the longer term, as HS 2.0 becomes more widespread, the GAS server function will be centralized and service the entire Wi-Fi network.
Taking the tech talk out of it all, what this means is that any enterprise venue will be able to use their existing WLAN network to offer capacity to carriers that are looking to give subscribers a seamless Wi-Fi experience -- just like they have today with their cellphones but without broadcasting numerous Wi-Fi SSIDs.
With HS 2.0, enterprises venue owners and operators can now begin to better monetize their Wi-Fi network investments through these roaming arrangements and the settlements that they entail.
Now the big question is, when does all this become real? The answer is more muddy than clear. While the technical aspects of HS 2.0 have been proven and demonstrated, the business models and framework for implementation still need to be fleshed out. Most expect that this will happen in late 2013 and early 2014. But get ready; with Hotspot 2.0, enterprise Wi-Fi will never be the same.
Read more about anti-malware in Network World's Anti-malware section.