Managing Wireless Applications: Application Management Issues Are Paramount in the Wireless Revolution

With the explosion of palm computers, Windows CE devices and phones that can get Web-based information, many IT departments are faced with a client conundrum the likes of which hasn't been seen since the days when DOS, Windows, MacOS and OS/2 competed for the desktop. Yet, IT departments had better learn to deal with it because wireless networking is on the verge of a boom that will rival the Internet revolution.

• 06/01/2000

With the explosion of palm computers, Windows CE devices and phones that can get Web-based information, many IT departments are faced with a client conundrum the likes of which it hasn't seen since the days when DOS, Windows, MacOS and OS/2 competed for the desktop. Worse, IT has to worry about tiny screens, synchronization of data and bandwidth constraints on application delivery, not to mention figuring out which applications to port and which to keep firmly entrenched on the desktop.

Yet, IT departments had better learn to deal with it. According to most analysts, wireless networking is on the verge of a boom that will rival the Internet revolution of the late 1990s. According to IDC, 18.9 million hand-held units will be sold to businesses and end users by the year 2003. By the same year, more than one billion mobile phones will be in circulation, with more than 50 percent providing their users with Internet access. This represents a huge community of wireless-enabled end users that can be leveraged to improve the efficiency of enterprise applications or to extend the reach of consumer-oriented applications.

Application is the key word. Exploiting the wireless revolution requires applications that can work within the constraints imposed by the current generation of wireless networking technology and the wireless devices themselves. Wireless networks present issues of security, protocol diversity, bandwidth constraints and coverage gaps. At the same time, the diversity of wireless devices challenges application developers to come up with ways to cope with different messaging interfaces, synchronization methods and user interfaces.

Despite these challenges, many companies are already either fielding applications or preparing apps for deployment that take advantage of wireless connectivity opportunities. While there is significant variation between development approaches based on the nature of the application itself and its target end user population, application management issues remain paramount in the application development process.

The wireless-enablement of enterprise applications, a major thrust of the wireless revolution, can deliver significant efficiency improvements to business, according to Carl Greiner, Vice President and Director of Enterprise Data Center Strategic Services with META Group. He notes that wireless technology helps eliminate redundant and error-prone data entry processes by extending legacy applications, without significant changes, for direct use by field personnel. The IT manager, says Greiner, only needs to identify which applications can go untethered and which will benefit from direct data entry and update in the field.

Security may not be an issue for these applications, Greiner argues, "These applications continue to take advantage of the existing security systems of mainframes and they are operated by trusted personnel, so security may not be as problematic as with other wireless apps. With many apps, security isn't an issue at all."

Laura Manos, Computer Services Manager at the Miami-Dade County Building Inspections Department, would agree with Greiner. In December 1998, plans were formalized to wireless-enable the building inspection process to accomplish a very straightforward goal: Improve customer service.

A system already existed to capture building inspection results that involved manual data entry of paper reports submitted by inspectors in the field. The existing process required 24 hours. Extending the application to wireless devices used by inspectors in the field, says Manos, enabled the entire process to occur in near realtime, with inspection results posted to the system, then to the organization's Web site, as they were completed.

Selecting the right device for use by the inspectors was the primary challenge of the project, according to Donna Romito, Information and Permit Support Division Director. The organization turned to wireless integrator ClientSoft to develop the application and the connections to the backend mainframe database system. Then, the application was ported to several wireless handheld devices for use in pilot testing.

A test group of inspectors used the application on each of the devices in the field and voted for the device and presentation they preferred. The selected device, a Windows CE Personal Digital Assistant (PDA) from NovaTel, was chosen, based on form factor, display readability and carrying convenience, according to Romito.

The experience of the Building Inspection Office may exemplify one of the first considerations in developing, and ultimately of managing, wireless applications; meeting the needs of the user community when selecting the client device. David Hayden, formerly the Senior Industry Analyst for Mobile Insights, cites ease of use and simplicity of interface as the "number one issue."

Unlike desktop systems, which are typically used in a "controlled environment," says Hayden, "With handheld and smart phones and pagers, the user is in an uncontrolled environment. They may be in a car, trying to talk on a phone, or have only one hand, versus two, to do an operation. They may have much less time and a lower patience level. Companies have created the most feature-rich applications, but they didn't work because of usability issues."

The Miami-Dade County application also suggests another characteristic of many enterprise wireless apps; control over the number of different devices that the application must support. By standardizing on a single PDA, support requirements have been minimized. According to Carmen Suarez, Systems Support Manager within the Miami-Dade IT Department, "We are basically extending out the interface of our existing application using the NovaTel and 3270 emulation software." The gains that have been realized in terms of improved customer service, reduced data entry errors and staffing cost reductions, could well have been reduced if Miami-Dade needed to support a variety of devices in the field.

Depending on the application, supporting different PDAs may require not only the tailoring of application interface to different form factors, such as the size and number of lines on a PDA, cell phone or pager display, but also supporting the operational characteristics of each device. Carl Zetie, Senior Industry Analyst with Gigaweb, observes that there are two basic types of application architectures for wireless devices: "One type of application executes entirely on a server and the wireless device acts as a browser. In a second kind of application, the device can operate an application, while it is not connected to the server."

"But, it has its own database that needs to be synchronized with the server database [periodically], or you're relying on data that is only as recent as the last synchronization," Zetie says.

Keeping information in synch between the wireless device and the application server is a management challenge, observes Zetie, that has companies revisiting old concepts of client-server computing, "A lot of the same lessons are about to be learned all over again. Everything old is new again - except this time it's smaller and slower."

Ron Pierce, Web Developer with the financial services company, Frank Russell Company, understands the synchronization problem well. After some experimentation with wireless application development for the Palm VII PDA, Pierce says that his group seized upon the idea of wireless-enabling access to the company's contact management system. "Our agents could tap in a person or company name to get info on contacts with that person or company, travel directions to their location, etc. We took the application on the road and did 900 presentations to our business units. They did back flips. Application access was faster than with a desktop or laptop. Queries were 10 times faster."

The enthusiasm has propelled the project from the prototype to the production mode, Pierce reports. However, further development has also pointed out a few difficulties, including synching. Pierce says the application interface provided on the palm computing device, called a Palm Query Application (PQA), "is like a home page on a Web site. Users need to download the latest copy of the PQA whenever changes are made to the application. Presently, there is no way to automatically check for the latest application software then to download it automatically. That doesn't exist with the Palm [VII] yet."

Until a fix is found, Pierce says, porting applications to the Palm VII, which is currently the company's standard PDA, poses a significant management challenge. End users must be advised to "hot synch" or download the latest PQA whenever application modifications are made.

Security is also an issue for Pierce, with regard to wireless application development and a potential inhibitor to fully exploiting wireless connections to extend applications. "We are doing some things for security: When the PQA comes up, the user must enter a password and user ID and submit it to a proxy server on Palm.Net (the network established by Palm Computing for optional subscription and use by Palm wireless users). The user doesn't see it, but there is also a device ID on every Palm and that ID is also passed to the proxy server."

Pierce explains that communications between the proxy server and the company extranet server are encrypted via Secure Socket Layer. Frank Russell Company's extranet server performs a database lookup for the user ID, password, Palm ID combination and grants access if a match is found. Although this affords secure access to the application, says Pierce, "It isn't true security by our standards."

Bob Taylor, Vice President for Charles Schwab's Electronic Brokerage Enterprise understands the need for security as well, and recognizes the limitations of wireless networking.

"We are working to build applications that will allow our customers to get information and execute trades, while they are untethered from the desktop. We are building the application now and doing internal pilots with a variety of devices, including Palm IIIs and Vs, two-way pagers and smart phones. Later, we may do phones that support the Wireless Application Protocol. We want to support as many wireless devices as possible, but we are also ensuring that our customers' information will not be put at risk."

Taylor says that Schwab has turned to Aether Systems to provide secure network connections, while maintaining sensitive customer information, including customer account numbers and passwords, on their server.

George Davis, Executive Vice President and Chief Operations Officer with Aether Systems, describes the Schwab account as an illustration of his company's positioning as a wireless ASP. Using the company's network outsourcing services, Schwab can capitalize on the work that Aether has already performed in the areas of secure messaging, as well as the company's multiprotocol gateways that enable access to different networks and different devices.

Pat McVeigh, CEO for OmniSky Corporation, an Aether partner and provider of wireless POP3 and corporate e-mail integration services, says, "There are essentially two levels of security management concerns: How will end-to-end security be provided, and what happens when a device gets lost."

McVeigh notes that nearly all wireless networking protocols have some built-in security. This can be enhanced through the application of encryption algorithms to message traffic between the wireless device and the host system. Aether Systems, he notes, has applied one such encryption technology, elliptic curve cryptography from Certicom Corporation, to ensure that its customers' private information is kept private.

David Krane, Director of Marketing at Certicom, notes that there are many ways "to skin the security cat." With Aether and other wireless companies, Certicom contributes unique, public key infrastructure (PKI)-based transmission security and authentication "tailored for the mobile world." Because wireless networks are not always "on the air," Krane notes, a secure handshake must occur with each network activation to ensure that communicators are properly identified. In addition to providing this technology, says Krane, Certicom also provides encryption on every message packet using its own elliptic curve cryptography.

McVeigh says that, while end-to-end security capabilities are improving, device level security capabilities vary from device to device. "Palms have some security that can be disabled. That is why more emphasis is placed on challenge-response mechanisms [at the application level]."

Schwab's security concerns, McVeigh observes, are common among financial institutions, which tend, on the whole, to be "much more persnickety" about information privacy. He believes that the value of a wireless ASP like Aether goes beyond security to a number of more fundamental management concerns.

"We need to get to a point where we don't care about network topology, and to where we can provision over any device population," says McVeigh. Companies like Aether remove some of the management issues of wireless by providing a range of network and device connectivity options seamlessly, he notes.

Schwab's Taylor agrees, "We picked Aether to jump start our development work. They already have the carrier arrangements we need."

Aether's Davis adds, "There are all kinds of standards for network and device connectivity, which means there are no standards." He says that Aether is steadily building out support for messaging with devices that are proliferating "on a daily basis."

Davis notes that the one device approach that characterizes some internal business wireless applications is reversed in many business-to-business and business-to-consumer applications. With those types of applications, he says, the company has little or no say over what clients - PDAs, cellphones, WAP devices, or interactive pagers - the end user may be using. Barpoint.com's Executive Vice President, Jeff Sass, is keenly aware of the management challenge that device diversity raises.

BarPoint.com is in the process of fielding a wireless application that will enable PDA, WAP phone or interactive pager-equipped retail shoppers to identify the lowest price for a product they are considering for purchase. The user enters the 12-digit Universal Product Code (UPC) into their wireless device, which transmits it to a BarPoint host system. The code is submitted to an Oracle 8i database, organized by UPC, and updated via "cost bots" that collect information from more than 325 BarPoint affiliates. The application responds to the consumer with competitive pricing and other information that may facilitate an informed sale.

Sass observes that the application is a natural for wireless technology because UPCs are numeric codes that can be input readily. Plus, they are very specific searches eliciting very specific results, he says, "Unlike a Web search, where you look for 'toaster oven' and [generate] hits for the Disney film, Brave Little Toaster."

The response to the customer is tailored to the display limitations of the wireless device, with links to more and more detailed information. "For a wireless application to be successful, you can't just build on top of a Web site. The Internet provides unlimited bandwidth at little or no cost. With wireless, you need to provide the user with the means to control bandwidth utilization and cost, because he's paying for it by the megabyte."

Launched in December 1999, the BarPoint.com service currently encompasses books, audiobooks, DVDs and videotapes, and supports the Palm VII PDA. By this summer, Sass reports, 26 additional categories of products will be added, including office supplies, automobiles and pharmaceuticals. The service can only fly, if BarPoint can add to the list of supported wireless devices.

About the Author: Jon William Toigo is an independent writer and consultant, specializing in business automatin solutins. He can be reached via e-mail at jtoigo@intnet.net, or through his Web site at www.toigoproductions.com.