pointer

Tag Archives: Wireless Network Management

Wireless Network Analysis Rapidly Becoming a Must for Businesses

Offering free Wi-Fi can be a huge asset to business establishments like hotels, coffee shops, bookstores and anywhere else people want to connect. But for guest Wi-Fi to be beneficial to a business, the connection has to work—and it has to work well.

Organizations that advertise free Wi-Fi service and offer only a slow or broken connection can actually do themselves more harm than good. Customers who come to these establishments expecting a strong connection—particularly those planning to do job- or school-related work—may grow annoyed, take their business elsewhere, and perhaps even take their frustration out on online reviews—doing further damage to the business.

A wireless network analyzer can mean the difference between retaining customers and forfeiting revenue. A top-flight wireless network analysis solution like WildPackets’ OmniPeek manages the entire life cycle of a network, including both wired and wireless segments simultaneously, ensuring optimal performance at all times. The product significantly reduces network outages by monitoring performance 24×7, 365 days per year.

Of course, OmniPeek is a game-changer for mission-critical operations within a company as well. With more companies using wireless as a primary medium for data service, a wireless analyzer that can manage both wired and wireless segments of a network to ensure the entire ecosystem is operating at capacity becomes critical. Just as customers grow frustrated with unstable Wi-Fi, employees are bothered by underperforming applications they need to do their jobs effectively.

A lackluster Wi-Fi network can adversely affect your business—but tools to avoid this issue are readily available. The bottom line is that a wireless network analyzer can save you time, money and frustration. Isn’t that worth an investment?

How-to Guide for Handling a Massive Wireless Network

When you think of Super Bowl 47, many things come to mind: the Ravens, the 49ers, Beyonce or the 30 minute blackout in the third quarter. Most of us won’t think of the massive wireless network the NFL poured money and time into creating to support 30,000 Wi-Fi users within the Superdome and the BYOD challenges that came with protecting such a massive network from rogue devices. Lucky for us network engineers, Jon Brodkin provides a great discussion of how the NFL set up and maintained the Super Bowl network in a recent article in Ars Technica.

To summarize, the NFL Wi-Fi team devised a system to handle 30,000 simultaneous Wi-Fi users. In order to make this work, they set up more than 700 wireless access points inside the stadium and 250 access points outside. To maintain wireless security, the NFL had intricate frequency coordination in place and all attendees were required to put their wireless devices through a frequency scan to be authorized. If any of these devices presented potential interference, the device was “remediated.”

Brodkin’s technical explanation of how such a large Wi-Fi network was set up and maintained is fascinating but it gets us thinking about how to maintain such a network long after the Super Bowl is over. How do you maintain a massive Wi-Fi network on a daily basis, not just for one afternoon/evening? To address this issue we have put together the following how-to guide for handling a Wi-Fi network for tens of thousands of people using multiple devices 24/7.

Planning
In a sense, you have an advantage in planning your wireless network for the enterprise because you can predict what kind of traffic will be on the network. This means that you should know how many users you will be adding, and what data they will usually access at any given time. To do this, use what you know about traffic patterns based on your baselining efforts.

As with the Superdome, you will need to determine how many access points are needed based on the number of Wi-Fi users you have. While this varies between access points (APs), the numbers should be well documented for supported simultaneous users and range. However, that’s only the starting point. Based on your policies, you may choose to allow BYOD, in which case it’s a safe bet that you can expect a total number at least twice the number of laptops, IP phones, etc., since users will bring in smart phones, tablets, and other equipment.

The physical environment itself will present some challenges, especially in older buildings with solid interior walls that absorb and distort the signal. Newer spaces tend to be wide open, with interior walls that are designed to be temporary. Fortunately, there are tools to help you with optimal placement, both on the site survey side, and on the AP side. Most modern APs use sophisticated internal antennas that actually rely on the signal bouncing around to create multiple paths for MIMO.

Once the environment is understood and an initial layout is determined, test it out at least one more time. Go to different environments and test out overall throughput and signal strength at key locations in your network. Remember that the performance is likely to be different once the office is full of people and equipment. Recently, Boeing did some Wi-Fi testing using potatoes to simulate a plane full of people. There’s likely no need to go to that extreme in your environment, but you should be mindful of where classic noise sources such as the department printer and the microwave in the break room will be located.

In larger spaces, or with larger numbers of devices, you’re going to need more than one access point. That’s where some of the challenges begin with maintaining a Wi-Fi.

Managing
The key enabler for large-scale Wi-Fi is central coordination, whether it’s through one or more controllers, or an intelligent protocol in controller-less equipment. Large-scale Wi-Fi is fundamentally different than a small network because the APs must coordinate to manage frequencies/channels, as well as user migrations between APs. The central coordination allows you as an administrator to configure your network as a large unit, as well as enabling cross-AP automation, such as automatic channel selection.

If you’re not familiar with how migration happens, it may be tempting to try to put all devices into a single L3 subnet, but remember that wireless is a shared medium. The broadcast storms that plague wired networks are especially hard on wireless, since a single L2 broadcast can be forwarded across all APs in the subnet, essentially utilizing all available bandwidth everywhere at once. Wireless vendors have methods of dealing with user migration transparently across APs, even if the user migrates onto an area with a different subnet.

We’ve written extensively on the management of wireless devices on the network. For example, check out a post about some of the security risks with consumer-grade wireless gear on your network and how you can combat the risks.

New Technologies
As Brodkin pointed out in the article mentioned earlier, one major problem facing the Superdome Wi-Fi team was the need for more channels. Most fans’ devices were only capable of operating in the 2.4GHz band. Interference is much more prevalent in that band, and the channel spacing is very small leaving only three non-overlapping channels for practical use, so all those users had to share three channels. However, the network did support 802.11n, which allows use of the 5GHz spectrum, so fans that had 5GHz capable devices were able to connect to more channels in a less noisy environment creating a much better user experience. This is an important take-away for enterprises as well.

If you’re looking at a Wi-Fi upgrade in the near future, try to make sure that as many of your devices as possible will support 5GHz. The frequency is much less crowded, which will lead to more effective bandwidth per user. However, most consumer devices still only support 2.4GHz, so you’ll probably need to support both.

The other thing to keep in mind for a future-proof network is that 802.11ac enterprise equipment should be available soon. Since it’s capable of supporting gigabit speeds, you need to think about the wired side of your network, and how much traffic the wireless will add to your core. The last thing you want is for your shiny new high-speed Wi-Fi to be bottlenecked by a slow uplink.

Why Wireless Management is Essential to Business

Who controls the wireless management initiatives at your company? Is it the employees that bring their mobile or tablet devices to work and make them a part of your network infrastructure? Or is it company policy and processes that determine what types of wireless devices can or cannot be used and how they connect to the network?

Even though it may seem virtually impossible to enforce a wireless management policy in today’s BYOD world, a top down mandate is essential for successful and safe wireless networks. Wireless is still relatively new to many organizations, and the creation of a wireless network is not something that should happen organically. It needs to be well planned, designed, implemented, and monitored, taking into account the requirements of end users (like BYOD) to reach its full potential.

And, as is already well documented, wireless can also create a plethora of security vulnerabilities for your network infrastructure if you don’t have the right practices and equipment in place from the start. Below we will discuss some potential pain points and best practices for managing your wireless system and providing users with the connectivity they expect.

Consumer-Grade Wireless Gear Can Sabotage Your Network
Many companies assume that setting up a wireless network for their business is just like setting up a wireless network for their home. This might be a less expensive option at the beginning, but it will provide plenty of headaches in the end.

The biggest issues with consumer-grade gear are configuration and management. Consumer-grade gear is designed to make it very easy for someone with no networking knowledge to get their system up and running quickly. To enable this, most configuration options are pre-determined, and are often not the best options an enterprise wireless network. Let’s take a simple example, like broadcasting the network name. Consumer-grade equipment on a home network is likely to default to broadcasting the network name, but our recommendation for enterprises is to disable this broadcast, so users need to be told by IT what the WLAN name is and how to connect to it. It doesn’t add a tremendous amount of security, but it’s just one more step that makes things just a bit harder for those looking to hijack your signal, or worse yet, hack your network.

Another issue with configuration is that consumer-grade gear may not even offer some of the configuration options you need for an enterprise network. Let’s say you want to control the power output of certain APs on your network, perhaps because they are near an exterior wall and you want to turn down the power to minimize signal leakage outside your facility as much as possible. A consumer-grade AP may just assume that this is a parameter that no home user needs to adjust. Why would they? Most home applications use a single AP and want as much coverage in the home as possible, so reducing the power is a configuration option that may only generate more support calls, so it’s left off as an option, leaving you stuck with an AP that is broadcasting farther than you desire.

Management is also an issue. Consumer-grade APs are assumed to be stand-alone devices, which is the typical home use case. But in your facilities you will most likely need multiple APs, with overlapping coverage, and achieving this requires the ability to carefully manage your WLAN infrastructure. In fact, what you really need is enterprise-grade WLAN equipment that is controller-based. Equipment of this type typically uses “thin” APs, where some of the AP functions found in consumer-grade equipment are moved to a centralized controller. Though more expensive, the benefits of such a system far outweigh the costs. Controller-based systems can make dynamic changes to the AP infrastructure, including channels and power, so that your WLAN is always operating at maximum efficiency. It can also roll out changes, like a firmware upgrade, to all APs simultaneously, making upgrades extremely simple. There are many high-quality enterprise-grade solution providers in the market, and you’re probably familiar with the brands. Be sure to scope out your requirements, and then shop around. Each vendor has a wide range of equipment, with a wide range of costs, so it should not be difficult to find a solution that’s within your budget and still meets your requirements. Also, a big added bonus is that you’ll get far superior support than what you’ll get by buying consumer-grade WLAN equipment.

Common Security Risks of Wireless
The security risks with WLANs are extremely well documented. Just do a web search and you could be reading for days. From simple eavesdropping to disruption attacks to unauthorized network breaches (see our blog on wireless penetration testing for more details), your WLAN is far more vulnerable than your wired network. For enterprise WLANs there’s only one option – use WPA2 Enterprise WLAN security. This is the only method that can truly secure your WLAN. In fact, over the coming years, you’ll see the Wi-Fi Alliance (WFA) slowly phase out certification of all other security options due to the limited protection they provide. WPA2 Enterprise provides the strongest authentication (determining who can join the network) and the strongest encryption (“scrambling” data during wireless transmission so it is not accessible to eavesdroppers) available.

This is another area where consumer-grade equipment may fall short. It may offer WPA2-Personal, but this is different than WPA2-Enterprise, which requires a back-end RADIUS server for authentication, something a home user is not at all likely to have. Enterprise networks already have a back end authentication server in place to handle wired connections, so there’s no excuse for using anything but WPA2-Enterprise.

And if you’re looking for yet another layer of security, require that all users who access corporate data, even email, use a VPN connection when on a wireless network. Though this does not add much when using WPA2-Enterprise on the corporate WLAN, your users will also want to access corporate data over other wireless networks, whether in their home, hotels, airports, coffee shops, etc. In these cases you have no control over the security of the WLAN in use, so requiring a VPN connection for any corporate access gives you back some control of the security of the wireless connection.

Wireless Needs to Be Planned
Wireless systems should not be grown organically, based on consumer-grade equipment; you must plan ahead for a multitude of factors that can create problems when users access your sensitive corporate data.

When designing your wireless network, you must look at the following:

  • The applications users are going to want to access over Wi-Fi.
  • The placement of access points, which depends heavily on your environment. Are you a warehouse, a retail store, or a hospital? Do you want access points to be conspicuous?
  • How your physical layout and networking needs affect the type of equipment you’ll need.
    • Will you want directional antennas in some areas to help deliver more range for your WLAN, and better contain signals within your facility?
    • Do you want dynamic tuning of your WLAN?
    • Do you want centralized management?

WLAN planning tools do an excellent job proposing AP placement as well as recommending specific AP hardware that may be needed to meet your unique requirements. If you have an existing WLAN, use the planning tool to verify your current network coverage and performance before planning any expansion.

Although we might draw parallels between our enterprise wireless system and our home wireless system, they are not even close to the same. To ensure that your network is secure and that users are experiencing the full potential of wireless it is important to have a plan in place and manage your system accordingly.