by Thomas Wailgum

An Inside Look at the World’s Largest Corporate Wi-Fi Installation

May 02, 20087 mins

Microsoft claims that its gigantic Redmond campus as well as its offices in 60 countries has created the world's largest private wireless LAN. Here's how Microsoft's Jim DuBois manages it all, and stays sane and secure.

Just off State Route 520 in Redmond, Wash., you’ll find Microsoft’s headquarters. To be sure, it’s not the typical software vendor’s corporate address—the beige building found in today’s suburban office park never too far from a strip mall.


The Security Plan for Your Wireless LAN

Airline Wi-Fi Set to Take Off

Deciding When to Upgrade to 802.11n

Rather, Microsoft’s HQ looks and feels more like a huge university with dozens and dozens of buildings where some 30,000 or so workers take up millions of square feet. In fact, in the Puget Sound area alone, Microsoft has more than 35,000 employees working at 113 sites covering more than 11 million square feet of office space. (Worldwide, the company has nearly 80,000 employees at 565 sites covering 24 million square feet.)

But it is, actually, what you cannot see at the Redmond campus and all of the other Microsoft offices that’s even more remarkable than the totality of its physical operations: the wireless local area networks (WLANs) that blanket nearly every square foot.

To all employees the Wi-Fi network in Redmond looks and acts no differently than the Wi-Fi network set up in any other Microsoft office. “It’s the same standards, the same connectivity, which makes it seamless for somebody traveling to Redmond, or to our offices in Tokyo, London or New York,” says Jim DuBois, general manager of information security and infrastructure services. “They walk into the building, and it automatically connects like the way it does here.”

All Microsoft employees also see the same security measures, even though most of it is running in the background. “Today, our end users don’t even realize that’s happening in the background when we provision new machines that are connected to the network,” he says. (See “The Security Plan for Your Wireless LAN” for more on wireless security.)

Security is even more complicated because, as DuBois points out, when you add in the number of assorted vendors and contractors using the wireless network, the number of provisioned accounts on Microsoft’s Active Directory reaches 145,000. To connect all those users, Microsoft utilizes a total of 11,000 access points in all of its buildings.

As to its claim to fame of being the world’s largest Wi-Fi network, DuBois says, “We haven’t found anyone that has a bigger private wireless network.”

A History of Wireless Access

In December 1999, Microsoft started formally rolling out IEEE 802.11b wireless networks for employee use and as an alternative to wireline-attached laptops on the Redmond campus. “Though we had it in pockets even before that,” DuBois says. The campus started out with 2,800 wireless access points.

A historical overview of Microsoft’s WLAN program notes that Microsoft initially offered wireless connectivity as a “supplement to the ubiquitous wired connectivity. It was not designed to be an end-user’s primary network connectivity device.” However, the WLAN service soon “became a highly desired connectivity choice enabling impromptu discussions, software demonstrations, and ability to take your work with you to meetings, all of which had a positive impact on worker productivity.”

Today, Microsoft employees report in internal surveys that the wireless network gives them as many as five extra hours each week, “in just time they would spend connecting and reconnecting to the network,” DuBois says. And that’s up from just one and a half hours of extra productivity in survey data from a few years ago.

“If they have a meeting or they’re grabbing people from the hall to go in to a room to collaborate,” DuBois says, “they can stay connected [to the network] as they undock from their docking station and then just seamlessly connect to the wireless network.”

Aberdeen Group’s Philippe Winthrop and Stephen Walker note in an August 2007 research brief that with the rise of competitive pressures in today’s marketplace, many organizations are turning to a wireless LAN network to improve workforce flexibility and productivity. Research from a June 2007 Aberdeen report, called “Measuring the Real Value of Wireless LAN Deployments,” found that best-in-class organizations achieved a 21 percent increase in their workforce’s productivity from using a WLAN—a rate 71 percent higher than all other organizations in the survey.

At Microsoft, DuBois reports that 75 percent of the employees use the WLAN regularly. “We see 50,000 concurrent users on some days,” he says. When asked if users would revolt if they couldn’t have wireless network access, DuBois says, “Absolutely. If it’s not working somewhere, we get complaints immediately.”

One unintended consequence is that because wireless has become so ubiquitous at Microsoft, “people don’t carry around the wired cords, and we don’t have [cables] in the conference rooms anymore,” DuBois says. So when a wireless access point (AP) goes down and there’s not another one in the area that can provide coverage, DuBois’s help desk will hear about it from employees instantly—which is usually before IT staffers get a chance to respond to the WLAN monitoring alert.

Microsoft’s Wireless Security Plan

Wireless security surveys annually show that most every company’s number-one concern with Wi-Fi networks is security. With its size, Microsoft has had its share of security challenges.

Right from its initial deployment of 2,800 wireless access points and 19,000 wireless network adapters, Microsoft “had to deal with issues of security and scalability from the start,” states the historical overview. For example, “Microsoft realized that MAC address filtering and early VPN solutions would not be a scalable final solution to support a global WLAN.”

Today, DuBois says that wireless networking technology has evolved and is much better than before. Microsoft has deployed a public- and private-key infrastructure that uses certificates to authenticate remote access or special access to the network. IT has to provide an 802.1x certificate to every laptop “before they can get onto the wireless network,” DuBois says. “And you actually need to be connected to the wired infrastructure to get the certificate the first time.”

In addition, because Microsoft has offices all around the globe and next to other companies (including competitors), the IT teams need to ensure that the wireless “bleed” is protected and secured. “We think we’ve solved this with our 802.1x infrastructure,” Dubois says, “and that gives us the security that we need.”

Microsoft also offers a wireless network for its guests that is kept separate from the corporate network. That’s because “having a separate guest network is actually more secure than having your guest connect to your corporate network and be able to have access to anything there,” DuBois says. “This really does give us the ability to provide Internet access to any of our guests without opening up any access to our corporate network.”

As for the future of Microsoft’s WLAN, DuBois reports that the company is piloting tests with products using the 802.11n standard, the next generation of wireless networking that will give users more bandwidth and greater speeds (up to 300Mbps) for streaming HD video, downloading and sending big files, and using voice applications over Wi-Fi networks. (That is, of course, when the standard is finally ratified. See “Deciding When to Upgrade to 802.11n” for more on this troubled standard.)

DuBois is excited about 802.11n’s effect on unified communications applications at Microsoft. For example, employees who are talking on their smart phones will be able to switch back and forth between the cellular networks and Microsoft’s wireless network, thus saving money on cell phone charges when employees are in the proximity of Microsoft wireless networks.

Eventually, everybody’s desk phone will be a smart phone, DuBois says, “so that if anybody calls me, it’ll be able to can find me in any one of our buildings or outside the buildings.”

There are sure to be more people calling him: judging by the new construction at Microsoft’s Redmond campus—six towering cranes dotted the skyline in mid-April and hard hats were everywhere—Microsoft will be adding more square footage to its sprawling campus. For DuBois, that will surely mean more wireless access points and more wireless network users.