Wireless and Ethernet DAQ: A Beginner's Guide to IT Vocabulary

Have you ever heard of an IT professional who measures strain gages or an automotive engineer who manages remote authentication dial-in user service (RADIUS) servers? The line between these once mutually exclusive roles is beginning to blur as PC-based technologies familiar to the IT sector find their way into measurement applications. This is more apparent than ever with advances in networking and wireless technology. As Ethernet and IEEE 802.11 (Wi-Fi) have become commonplace in enterprise networking, their performance, reliability, and security have matured to make these technologies viable for data acquisition applications. Ethernet and Wi-Fi data acquisition (DAQ) devices from National Instruments simplify remote measurements by using widely available networking infrastructure. However, most of that infrastructure is typically managed by an IT department, and most IT departments have different priorities than engineers or scientists.

The key to creating synergy between IT and engineering groups is communication. And to communicate effectively, you must understand the IT vernacular. The following guide provides an overview of the key components you should consider when working with your IT department to add Ethernet or wireless measurements to your data acquisition application.

 Ethernet Networking

Ethernet is as ubiquitous in the PC industry today as USB. It enjoys such wide acceptance because it is easy to understand, deploy, manage, and maintain. When you plug in an Ethernet cable, it just works. For data acquisition applications, Ethernet offers an extended range (up to 100 m per segment) for highly distributed or remote measurement applications.

Network Topology

The distribution of your measurements is most effectively realized when you use the existing network infrastructure, such as existing enterprise networks. The typical corporate network topology is similar to that shown in Figure 1.

Figure 1. The typical IT network consists of clients, switches, and routers.

 

One of the most common points of confusion in networking is the difference between hubs, switches, and routers. All three devices share the same physical appearance (a box with RJ45 jacks on the front or back), but their internal functions are quite different:

•         Hub – An Ethernet hub is nothing more than a repeater. It collects incoming traffic (TCP/IP packets) from each port and repeats the traffic to all other ports, whether the traffic is addressed to those ports or not.

•         Switch – An Ethernet switch is a more intelligent device than a hub. It inspects each incoming TCP/IP packet before sending it to an appropriate destination, based on its media access control (MAC) address. This reduces packet collisions and unnecessary traffic on the local area network (LAN).

•         Router – Routers are designed to join multiple area networks together. A router serves as an intermediate destination for packets traveling between LANs in a corporate network or between a LAN and the Internet. In a small office or home office (SOHO) network, you can use routers to share one broadband Internet connection between multiple clients. Most routers also provide a firewall to limit the traffic passing into and out of the LAN.

Network Addressing

Physically connecting all of your devices is only the first step in designing a network; all devices must also have an address, so they can communicate with each other. When you plug an Ethernet DAQ device, such as the NI ENET-9215, into a switch on a corporate network, it first attempts to obtain an IP address from a dynamic host configuration protocol (DHCP) server. A DHCP server maintains a pool of available IP addresses for clients attached to the network. These addresses are “dynamic,” meaning they have an expiration date and may change, depending on network administration. If no DHCP server exists or the Ethernet DAQ device is unable to communicate with it, the DAQ device uses a link-local IP address (169.254.1.0–169.254.254.255) to establish communication within a LAN.

You or your IT department may wish to assign the Ethernet DAQ device a “static” IP address instead, which you must enter manually using NI Measurement & Automation Explorer (MAX), as shown in Figure 2.

 

[+] Enlarge Image

Figure 2. You can configure all IP address settings using MAX.

 

Figure 2 also shows “Subnet Mask,” “Gateway,” and “DNS Server” settings. If your corporate network has a DHCP server, these fields populate automatically. If not, you must work with your IT department to fill them in appropriately:

•         Subnet mask – A subnet is a logical segmentation of a larger network, and it is important for managing the amount of traffic in a LAN. In most networks, a subnet is defined as all the clients and switches connected to a router. The subnet mask splits an IP address into two parts – the network address and the host address. All clients in the same subnet share the same network address but have a unique host address.

•         Gateway – A gateway is also typically associated with a router and serves as a connection point to networks outside the LAN. When a node (client, switch, or router) on a LAN has to send a packet outside the LAN, it forwards the packet to the gateway node. The gateway either connects directly to the destination network or continues to pass the packet to the next gateway.

•         DNS server – Domain name system (DNS) servers translate user-friendly domain names (or host names) to IP addresses.

Many corporate IT departments employ additional utilities to improve the performance, security, and scalability of their networks. A managed Ethernet switch (MES), such as the NI MES-3890, provides quality of service (QoS), authentication, and virtual LAN (VLAN) features through a programmatic (SNMP) or configurable (Web page) interface. Learn about the top five questions for configuring an MES on a corporate network. 

Wireless Networking

Wi-Fi is an extension of the LAN to the wireless domain (WLAN). Wi-Fi technology has simplified the installation and distribution of networking infrastructure by replacing wire cabling with low-power radio waves. Because it is standards-based, it is widely available and integrates seamlessly with existing Ethernet networks. For wireless data acquisition, Wi-Fi is an easy way to tie into existing corporate infrastructure without special gateways or converters. With the most current ratified IEEE standard, IEEE 802.11g, it also provides ample bandwidth (54 Mb/s) for streaming dynamic waveform data.

Figure 3. Adding Wi-Fi connectivity to a wired network requires a wireless access point, such as the NI WAP-3701.

 

Security is foremost on the minds of network administrators when implementing Wi-Fi in a corporate environment. Because Wi-Fi transmits data over radio waves, there are few means for physically restricting network access. Generally speaking, there are three levels of wireless security, all of which are supported by NI Wi-Fi DAQ. The three levels are Wired Equivalent Privacy (WEP), Wi-Fi Protected Access (WPA), and Wi-Fi Protected Access 2 (WPA2, also known as IEEE 802.11i). WEP is considered too weak for almost all IT networks; most use WPA or WPA2 instead. The differences between these standards are in how they implement the two key components of wireless security – encryption and authentication.

 

Security Standard	Encryption	Authentication
WEP	64-bit key (RC4 cipher)	64-bit key
WPA	128-bit TKIP (RC4 cipher)	802.1X and EAP
WPA2 (IEEE 802.11i)	128-bit AES	802.1X and EAP

 

Table 1. There are three levels of Wi-Fi network security to consider when implementing Wi-Fi in a corporate environment.

 

Encryption

To effectively protect wireless transmissions, a wireless DAQ device must use a strong encryption algorithm and some form of key management. Two encryption standards widely used today are the Temporal Key Integrity Protocol (TKIP) and the Advanced Encryption Standard (AES). The IEEE 802.11i task group introduced TKIP as a stopgap for existing, insecure WEP networks. The major difference between WEP and TKIP is in their encryption key management. The key is the “secret” that both a Wi-Fi DAQ device and a wireless access point share to decode messages. Unlike WEP, TKIP uses a different encryption key for each data packet by incrementing a serial number associated with the key each time a new packet is sent.

The most secure wireless standard, IEEE 802.11i, employs AES as the preferred encryption algorithm for Wi-Fi networks. AES uses a 128-bit cipher that is significantly stronger than the RC4 cipher used with TKIP and WEP, and there is no known crack for AES. In fact, AES is so strong that the National Institute of Standards and Technology (NIST) chose it as the encryption standard recommended for United States government installations. All NI Wi-Fi DAQ devices are compatible with WEP, WPA, and WPA2.

Authentication

Network authentication is essentially a means of controlling which clients have access to a network. The WEP encryption key also functions as a password to authenticate with a wireless access point. Because most hackers have learned to exploit this behavior, WPA and WPA2 use IEEE 802.1X port-based access control and the Extensible Authentication Protocol (EAP) instead.

IEEE 802.1X includes three main components – a supplicant, authenticator, and authentication server. The supplicant is the wireless DAQ device attempting to access the secured network, the authenticator is the wireless access point that controls what a supplicant can access, and the authentication server provides an authentication service (usually RADIUS) to the authenticator. The authenticator (wireless access point) blocks ports that provide access to the secured network until a supplicant (wireless DAQ device) has authenticated with the server.

The process by which an NI Wi-Fi DAQ device authenticates with an authentication server depends on the type of EAP method deployed by your IT department. EAP defines a framework for authentication, rather than a specific step-by-step protocol. As a result, there are multiple EAP methods, but the most common include lightweight EAP (LEAP), transport layer security (EAP-TLS), tunneled TLS (EAP-TTLS), and protected EAP (PEAP). You can configure a Wi-Fi DAQ device to use any of the aforementioned encryption or authentication protocols using MAX software.

 

[+] Enlarge Image

Figure 4. MAX provides pull-down menus for wireless security configuration.

 

Note that different EAP methods require different user credentials. You must ask your network administrator for the appropriate user name, password, and/or certificate(s) you need to authenticate a client with your corporate network.

Adding Wi-Fi and Ethernet Measurements to Your Network

Industry-standard Wi-Fi and Ethernet technology provide remote measurements beyond the reach of traditional PC-based data acquisition hardware. However, using an existing corporate infrastructure for measurement applications may require the approval of an IT department. NI Wi-Fi and Ethernet DAQ devices incorporate features familiar to both IT and engineering personnel. Once you understand how to communicate, working with your IT group can greatly simplify the addition of wireless and Ethernet measurements to existing networks. Just don’t be surprised if IT shows up to your next team meeting.

– Charles Stiernberg

Charles Stiernberg is an NI data acquisition product engineer. He received his bachelor’s degree in electrical engineering, with a focus on embedded systems and VLSI design, from The University of Texas at Austin.

Watch the six-minute Wi-Fi DAQ guided tour. 

Reader Comments | Submit a comment »