pointer

Monthly Archives: July 2012

3 Easy Ways to Prepare Your Network for the Olympics

Posted on by .

    With the Olympics approaching, most everyone in IT is having “World Cup Fever” flashbacks, and rightly so. When it comes to high-profile global events like the Olympics or the World Cup – we leave the biggest and best up to sports forums – internet traffic spikes, even if the end user is at work.

    For example, on June 11, 2010 (a workday) Akamai reported that news site traffic started to climb steadily at 6 am ET and peaked six hours later, reaching nearly 12.1 million visitors per minute. Regardless of if people are at or away from the office, they are going to stream news from these sites to make sure they are up-to-speed with the latest events.

    With the Olympic ceremonies this Friday, we wanted to provide some tips to prepare for more internet usage on your wireless and wired system to ensure that there will be no angry users whether they are trying to access work-centric applications or the synchronized swimming events.

    Baseline Your Network
    The only way to know whether you’ve improved your network performance is to start by knowing where it stands now in terms of network demands. Enterprises can get a sense of how their network normally acts by looking at internet connections, WLAN links, WLAN environments and the data center. A network analyzer can help organize this information into a report that can be used to not only solve issues that currently exist, but also to allow the organization to rewind the information back in time to validate performance and bandwidth utilization now versus previously, and predict future growth.

    Prune and Clean WLAN Traffic
    Remove unnecessary traffic. Devices like printers, support stacks and protocols not in use in the environment can be eliminated. Sometimes, protocols that help manage the network, like routing protocols and SNMP can be found needlessly hogging valuable bandwidth. It’s likely that there are no devices on your Wi-Fi network which require SNMP management, routing protocols, or similar network maintenance and management.

    Additionally, you may be able to recover wireless bandwidth by disabling packets between nodes. Many BYOD-class devices use local multicasts to find network services. Blocking connections between Wi-Fi clients will prevent the retransmissions of those packets, thus saving valuable bandwidth.

    Monitoring and Stomping Out Rogue Users
    Since more and more people in your office probably have tablets and cell phones, they might be using these devices rather than office provided devices to stream Olympic events. Trying to maintain these rogue devices is a multi-tier approach, and you should have a practice in place to make sure you are aware of these devices and housing them in the right place so they don’t interfere with your network.

    However, if you don’t have a plan in place like a special Wi-Fi SSID or WPA2, you will have to discover these rogue devices and make sure they do not pose a security threat to your system and are not being the bandwidth hog on your network. Again a network analyzer is good at finding these “unknown” wireless assets on your network.

    If for some reason you are experiencing latency or something else, and the devices that you are monitoring on your computer are not the issue, check to see if it’s mobile users.

    In next week’s article, we are going to cover the Olympics, but instead of looking at it from an office perspective, we’ll be looking at it from a live events perspective. How do you keep a network running smoothly at an event like the Olympics? We’ll discuss how WildPackets did just this with China Mobile during the 2008 Olympic Games. Stay tuned!

      Customizing Network Analysis and Troubleshooting with OmniPeek

      Posted on by .

        Today, most enterprise IT networks are composed of a wide range of distributed applications, wired and wireless systems. No two networks are the same, and in order to combat the rise in network complexity, IT and network administrators must rely on network analysis software that isn’t just a one size fits all solution.

        We designed the OmniPeek network analyzer with this in mind. The highly extensible architecture enables you to extend your network analysis into areas that are the most important. We have also created an array of plug-ins and add-on modules, including capture adapters and specialized analysis, which can be installed and immediately deployed without having to update your current version of the software.

        Below we discuss the different scenarios that you may currently be facing and how you can customize your network to fit these needs.

        Wireless Problems?
        You have rolled out your initial wireless network, however more users are beginning to access the network and new services, like VoIP over WiFi (VoFi), are being rolled out too. As more traffic begins to stream across your network, throughput drops during peak usage and users begin to complain about connectivity issues.

        Capturing wireless packets remotely is easy using the WildPackets Cisco AP Capture Adapter, which allows existing Cisco managed APs to be temporarily converted to packet capture devices, forwarding all of their packets back to OmniPeek via TCP/IP over the wired network. Not a Cisco customer? WildPackets also supports remote wireless packet captures for other vendors.

        Using an AP for packet capture is a simple way to improve visibility into areas that are experiencing wireless problems. It’s also a great way to extend the life of old APs: after replacing them with newer models, re-use the old AP for remote packet capture. Either keep them mounted in the old location, or deploy them on an as-needed basis to locations experiencing chronic problems.

        Once a problem occurs, remote packet captures can be started instantly and you can begin to discovered the troubled environment and troubleshoot the issue. When dealing with problems that are difficult to reproduce, it’s critical to have a tool ready on-site, rather than waiting for someone to get to the trouble spot and hoping the problem still exists.

        If you’re addressing the wireless congestion problem by adding more APs with more channels, WildPackets also helps with aggregated wireless capture for true multi-channel monitoring with roaming latency analysis. This is one of our most popular plug-ins, and it’s easy to see why, because it makes roaming easy to see.

        Need Better Visibility into Whether it’s an Application or Network Problem?
        Latency is one of the most common issues on your network, but it can be one of the most frustrating to diagnose. Detecting sources of latency: application or the network is where additional tools are needed. The Latency Monitor plug-in provides valuable insight into pinpointing whether the latency originated from the network or the application.

        For most businesses, top performance at the end-user is necessary for performing mission critical tasks. Understanding what the normal levels for Application Response Time (ART) and Network Response Time (NRT) is key to identifying abnormal response rates and determining the source of latency. The Latency Monitor graphs all of the results together in order to easily see where the problems are with the network or the applications.

        In order for network admins to make the most intelligent decisions possible about improving network and application performance, you need the most in depth information.

        How Do You Monitor What You Don’t Own?
        Today, many businesses run their important applications through browsers. If your company runs applications over the web, you will need specific information in order to troubleshoot issues when they arise. For example, if a page doesn’t load but everything comes up clear on the server-side you need to be able to retrace the request progress. The main tool for diagnosing web problems is built into OmniPeek, with the Web analysis views. These pages allow quick insight into web site performance, including information per server, per client, per page, and even down to the per-request level.

        Monitoring and troubleshooting web service issues is increasingly complicated with the trend of migration to cloud hosting. While cloud has certain advantages, it comes at the cost of decreased control.

        WildPackets addresses cloud monitoring with a pair of plug-ins: Cloud Stats and Cloud Latency Monitor. Cloud Stats uses Deep Packet Inspection (DPI) to provide dynamic name resolution for HTTP connections, greatly clarifying where the web traffic in your network is going. Rather than a HTTP connection to a numeric IP address, the Cloud Stats Plug-in will show the actual host portion of the URL.

        Cloud Latency Monitor is designed for ongoing analysis of your cloud-hosted services, using either ping or HTTP to provide continuous latency measurement. This tool is so popular, we even made it into a stand-alone tool, which you can deploy for free.

        Want to See Information, Not Just Packets?
        To ensure that you have full visibility of your network as well as the ability to go back in time to check out behavior of your network users, OmniPeek has the Compass Dashboard, which allows you to capture and visualize Gigabytes or even Terabytes of application server traffic then mine the transactions to discover any compliance or security issues. Compass provides dynamic differential visualization to go beyond the Top Talkers list, and graph individual nodes or protocols against the total traffic, or even against each other, to figure out what’s really going on.

        Compass is another tool that has been so popular, we’ve released it as a free stand-alone tool. Install it on any node you want to get visibility into any segment.

        Your Business Relies on Your Network, You Can Rely on Us
        Businesses today are multi-faceted, and it’s no surprise that networks are the same. With the decentralization of most IT environments, it is necessary to have a monitoring and analysis solution that can be adjusted accordingly.

        For a more in depth description of these as well as other plug-in capabilities, check out our blog, “Most Popular OmniPeek Plug-ins.”

          Why Wireless Management is Essential to Business

          Posted on by .

            Who controls the wireless management initiatives at your company? Is it the employees that bring their mobile or tablet devices to work and make them a part of your network infrastructure? Or is it company policy and processes that determine what types of wireless devices can or cannot be used and how they connect to the network?

            Even though it may seem virtually impossible to enforce a wireless management policy in today’s BYOD world, a top down mandate is essential for successful and safe wireless networks. Wireless is still relatively new to many organizations, and the creation of a wireless network is not something that should happen organically. It needs to be well planned, designed, implemented, and monitored, taking into account the requirements of end users (like BYOD) to reach its full potential.

            And, as is already well documented, wireless can also create a plethora of security vulnerabilities for your network infrastructure if you don’t have the right practices and equipment in place from the start. Below we will discuss some potential pain points and best practices for managing your wireless system and providing users with the connectivity they expect.

            Consumer-Grade Wireless Gear Can Sabotage Your Network
            Many companies assume that setting up a wireless network for their business is just like setting up a wireless network for their home. This might be a less expensive option at the beginning, but it will provide plenty of headaches in the end.

            The biggest issues with consumer-grade gear are configuration and management. Consumer-grade gear is designed to make it very easy for someone with no networking knowledge to get their system up and running quickly. To enable this, most configuration options are pre-determined, and are often not the best options an enterprise wireless network. Let’s take a simple example, like broadcasting the network name. Consumer-grade equipment on a home network is likely to default to broadcasting the network name, but our recommendation for enterprises is to disable this broadcast, so users need to be told by IT what the WLAN name is and how to connect to it. It doesn’t add a tremendous amount of security, but it’s just one more step that makes things just a bit harder for those looking to hijack your signal, or worse yet, hack your network.

            Another issue with configuration is that consumer-grade gear may not even offer some of the configuration options you need for an enterprise network. Let’s say you want to control the power output of certain APs on your network, perhaps because they are near an exterior wall and you want to turn down the power to minimize signal leakage outside your facility as much as possible. A consumer-grade AP may just assume that this is a parameter that no home user needs to adjust. Why would they? Most home applications use a single AP and want as much coverage in the home as possible, so reducing the power is a configuration option that may only generate more support calls, so it’s left off as an option, leaving you stuck with an AP that is broadcasting farther than you desire.

            Management is also an issue. Consumer-grade APs are assumed to be stand-alone devices, which is the typical home use case. But in your facilities you will most likely need multiple APs, with overlapping coverage, and achieving this requires the ability to carefully manage your WLAN infrastructure. In fact, what you really need is enterprise-grade WLAN equipment that is controller-based. Equipment of this type typically uses “thin” APs, where some of the AP functions found in consumer-grade equipment are moved to a centralized controller. Though more expensive, the benefits of such a system far outweigh the costs. Controller-based systems can make dynamic changes to the AP infrastructure, including channels and power, so that your WLAN is always operating at maximum efficiency. It can also roll out changes, like a firmware upgrade, to all APs simultaneously, making upgrades extremely simple. There are many high-quality enterprise-grade solution providers in the market, and you’re probably familiar with the brands. Be sure to scope out your requirements, and then shop around. Each vendor has a wide range of equipment, with a wide range of costs, so it should not be difficult to find a solution that’s within your budget and still meets your requirements. Also, a big added bonus is that you’ll get far superior support than what you’ll get by buying consumer-grade WLAN equipment.

            Common Security Risks of Wireless
            The security risks with WLANs are extremely well documented. Just do a web search and you could be reading for days. From simple eavesdropping to disruption attacks to unauthorized network breaches (see our blog on wireless penetration testing for more details), your WLAN is far more vulnerable than your wired network. For enterprise WLANs there’s only one option – use WPA2 Enterprise WLAN security. This is the only method that can truly secure your WLAN. In fact, over the coming years, you’ll see the Wi-Fi Alliance (WFA) slowly phase out certification of all other security options due to the limited protection they provide. WPA2 Enterprise provides the strongest authentication (determining who can join the network) and the strongest encryption (“scrambling” data during wireless transmission so it is not accessible to eavesdroppers) available.

            This is another area where consumer-grade equipment may fall short. It may offer WPA2-Personal, but this is different than WPA2-Enterprise, which requires a back-end RADIUS server for authentication, something a home user is not at all likely to have. Enterprise networks already have a back end authentication server in place to handle wired connections, so there’s no excuse for using anything but WPA2-Enterprise.

            And if you’re looking for yet another layer of security, require that all users who access corporate data, even email, use a VPN connection when on a wireless network. Though this does not add much when using WPA2-Enterprise on the corporate WLAN, your users will also want to access corporate data over other wireless networks, whether in their home, hotels, airports, coffee shops, etc. In these cases you have no control over the security of the WLAN in use, so requiring a VPN connection for any corporate access gives you back some control of the security of the wireless connection.

            Wireless Needs to Be Planned
            Wireless systems should not be grown organically, based on consumer-grade equipment; you must plan ahead for a multitude of factors that can create problems when users access your sensitive corporate data.

            When designing your wireless network, you must look at the following:

            • The applications users are going to want to access over Wi-Fi.
            • The placement of access points, which depends heavily on your environment. Are you a warehouse, a retail store, or a hospital? Do you want access points to be conspicuous?
            • How your physical layout and networking needs affect the type of equipment you’ll need.
              • Will you want directional antennas in some areas to help deliver more range for your WLAN, and better contain signals within your facility?
              • Do you want dynamic tuning of your WLAN?
              • Do you want centralized management?

            WLAN planning tools do an excellent job proposing AP placement as well as recommending specific AP hardware that may be needed to meet your unique requirements. If you have an existing WLAN, use the planning tool to verify your current network coverage and performance before planning any expansion.

            Although we might draw parallels between our enterprise wireless system and our home wireless system, they are not even close to the same. To ensure that your network is secure and that users are experiencing the full potential of wireless it is important to have a plan in place and manage your system accordingly.