A Guide to Wi-Fi Requirements.

Do you know what you want, what you really, really want?

Sometimes we need to flesh out real requirements for a Wi-Fi service.  A common request from customers is simply, “Install Wi-Fi at xyz location”.  Actual requirements start with understanding the desired outcome or performance expectations and working backwards from there.

There are relevant questions.  Such as what type of user experience is required and what density of users will be simultaneously using the Wi-Fi service. Or what existing systems does the service need to integrate with?

Business questions first.  If we don’t understand the business reasons for wireless in the first place, we won’t be able to design a solution that meets expectations.  Why is the business investing in a wireless service, what are the required business outcomes and timelines and how will the business measure the success of the installation?  What applications will they run and what type of activities do the business expect users to perform over the wireless medium?

Technical questions that address wireless functionality naturally follow. The customer may have standards that must be followed to integrate a wireless service:  user authentication, encryption, device management, reporting, logging, wireless intrusion detection (and desired responses), application performance, density of users, or different user groups.

From answers to these business and technical questions, we are able to begin noting the Wi-Fi requirements.  The discovery phase will assist here:  identifying supporting infrastructure, is there adequate bandwidth for the solution, is Quality of Service (QoS) required for application performance and which 802.11 standards need to be supported.

During the process of discovery, in some situations we may find that a Wi-Fi solution will not actually be fit for purpose!

The physical environment where wireless service will be installed prompts its own questions.  If site access for an inspection is difficult: a picture tells a thousand words.  A few well-chosen photos of the wireless environment will tell us a lot about what needs further analysis.  The environment will mandate if internal or external (weatherproof) Wi-Fi equipment is necessary, if internal or external antennas will be required, where there may be coverage challenges and so forth.  Physical security of equipment inside the environment should also be taken into consideration.

Site surveys are crucial.  We will want to know if the proposed environment is subject to wireless interference or,  if it has to contend with 50 foreign Wi-Fi networks fighting for the same channel space.  Site surveys can discover useful information that then become technical requirements that feed into the design.  For example, if a site survey uncovers heavy amounts of interference on a commonly used channel by Wi-Fi, then the design can avoid using this channel.

Most importantly: with Wi-Fi it is all about the client.  If the technology the client is using to connect to the wireless infrastructure is poor, then the experience will be poor.  No matter how good the wireless system.  If you have a mixed bag of client devices, old and new, fast and slow; all of this will affect the design.

So tell us what you want.  What you really, really want.

 

 

Inequality between friends

Wi-Fi can be thought of as two-way traffic down a one-lane street.  The two-way communication is your device on one side and the local Wi-Fi network the other.

Your device is only one-half of the story. Almost always, both sides of the Wi-Fi link have different capabilities.  The local Wi-Fi system usually has serious grunt behind it and can push signals quite far.  Your smartphone on the other hand…Not so much.

A good analogy is a concert.  You can be quite some distance from the stage where powerful speakers push the sound quite far.  Even if there were no other people at the concert, if you were a fair way back, the stage would hardly hear your voice and maybe not at all.

Say there are a couple of walls between your smartphone and the Wi-Fi network.  Your phone says it sees a clear, strong signal, right?  But the performance is not as you’d expect it to be.  Why is that?

Your phone cannot push signals as far, or through walls as well, as our friend on the other side of the link.  For an Access Point trying to receive your phone’s weaker data transmissions, it can be a challenge for it to receive everything being sent.  There can be data loss or corruption and time-consuming retries.  Essentially, there are unequal capabilities between the Wi-Fi network device and your personal device and this impacts efficient throughput of data.

There are simple ways to balance this relationship.  One way is to tune the power of your network Wi-Fi to match that of smartphones or tablets – which can be done with enterprise-grade equipment.

To sum up, similar qualities are needed for both parties to communicate well.  A one-sided relationship doesn’t last long.

Analogies galore spring to mind with that one.

A simple BYOD definition

We all know what it stands for but what is it really?

BYOD is a company defined set of policies, applied to the network infrastructure.

Together these policies or framework, control access to different areas of your company network depending on the who/what/where scenario: who’s asking, what device they’re using and the location they’re using the device at.

For example, a corporate-issued laptop accessing the network from within the office.  Usually, full access to company resources.  Personal smartphone over a public Wi-Fi hotspot?  This may have some restrictions.

For organisations, their decision to introduce a BYOD framework comes down to a balance of improved productivity vs cost of implementation/integration and the higher risk of loss of sensitive data.

 

Coverage, Capacity, Density.

Last year at a seminar, wireless coverage inside the convention centre was excellent.  The numbers of people (density) jumping on the service however, affected the capacity of the centre’s network. While accessibility was excellent, the use of the application on the service was really slow.

Enterprise wireless coverage is more than just reach. It usually has to support x numbers of users seamlessly roaming between business areas without dropping connectivity and support a connection quality to complete business activities in an expedient manner.

Wi-Fi should invisibly and reliably, work in the background.  A slow network or a blackspot area quickly becomes noticed – internal social media is often the place where problems are ‘discussed’. Plugging these gaps usually has a cost involved but the value gained from increased productivity and job satisfaction, often outweighs this.

In the wired world, coverage means both ends of the link are connected.  With wireless, the strongest device has the better coverage. The power and ability of antennas (and therefore the reach and signal quality) on a tablet or smartphone will not match that of a laptop or the wireless infrastructure.  Both ends of a Wi-Fi link should therefore be aligned in order that the quality of coverage expectations are consistent.

So what are the factors that determine our Wi-Fi service experience? Fundamentally, it is a combination of coverage, capacity, type of business activity (e.g multimedia), numbers of users and the types of devices being used. Client device selection has a measurable impact in a wireless environment; since Wi-Fi is a shared resource, too many ‘slow’ devices will lower performance for everyone.

To sum up, coverage and capacity define the infrastructure needed to deliver a certain level of service, to an expected density of user devices.  Get it right and you won’t notice the network at all.

Cease and desist

A rogue, according to the Oxford dictionary, is a person who is dishonest and unprincipled.

In the wireless industry Rogue Access Points (APs) are unauthorised wireless devices that are either connected to your internal network infrastructure (this is the part where you go white) or are performing some malicious activity against your network.

Since a rogue is a security threat to the business, how do we find them?  And if we find them, how do we stop them?

Enter the Wireless Intrusion Detection System (WIDS) or Intrusion Prevention System (WIPS).  A WIDS/WIPS takes time to setup and burn in but done right it can be a valuable asset to minimise the threat of Rogue APs.

WIDS and WIPS are easy to explain.  WIDS is a monitor, detect-only system; basically it will discover a problem and alert you to it.  WIPS will go a step further and depending on how it is configured, either begin an automated or a manual action to contain the threat.

Most enterprise wireless security offerings these days provide a combined WIDS/WIPS solution.  These commercial solutions provide reporting and an audit trail than can be useful for management and if required, legal purposes.

It is worth considering installing dedicated sensors in your network. Sensor Access Points are normal APs, but configured as ‘listen-only’ or ‘monitor-mode’.  This way they can spend 100% of their time scanning for threats (or mitigating them) and they do not interfere with the production wireless network.

Sensor APs provide a great service to the production WiFi system in two areas: they offload the task of scanning and they offload the task of containment/mitigation.  Relieving your primary, production wireless system of these tasks means it can be left alone to fulfil its primary purpose in life: service the user community.

One other useful advantage to sensor APs is that if they are of the same model as the production APs; they can be rapidly converted to production use should a production Access Point fail.

To finish up, which would you believe to be the most common Rogue AP threat to businesses out of:
a) Hackers
b) Internal staff
c) Contractors

The answer is, overwhelmingly, internal staff.  Who have no malicious intent and are probably trying to be more productive when they connect a personal AP to the internal network.

But when this happens, out the window goes the company security policies and you are left with another entry/exit point to your internal network. One that for potentially months at a time, no-one will be any the wiser.

802.11ac – Is it worth the investment? Part 2 of 2.

A brief recap:  in Part 1, I talked about what 802.11ac can provide and left it asking whether we should invest in 11ac.

If you are in a greenfield (new) situation, I would recommend 802.11ac.  Even if you do not need the technology at this stage, newer devices will have support for it and will be able to take advantage of it if it is there.  The population of client devices in your organisation supporting 11ac will only increase.  This is a natural progression, as newer standards become the norm.

If at present there are only a few laptops that support 11ac, for a small percentage of the user base, a costly redesign and upgrade exercise may not make an adequate return on investment.

I touched on caveats in Part 1.  One of these is that in order to reach the highest speeds, your environment may require that you deploy larger numbers of Wireless Access Points than what you have now.  The reason for this is that the particular speed increases that look so attractive require no obstructions (e.g. walls) between client and Access Point.  More Access Points may be required to service the same number of users today.

As each business environment is unique and by that I mean not the organisation as a whole but each location or operations within that business may have different technology in use and operate in different environments.  For example a warehouse vs an office vs on-board a train or a ship, etc.  Should a particular environment not lend itself to the performance enhancements that 11ac offers, then it may be a difficult sell to push for an upgrade.

One option is to wait for Wave 2 before any significant investment is to be made.  Wave 2 promises something Wi-Fi has not yet been able to do: deliver data to more than one client simultaneously.  It may seem that it does that already, with a group of you sharing the Wi-Fi in your office.  But what the wireless service is actually doing is slicing up the airtime at a very fast rate (in microseconds) and sharing it between you, so that it appears as if you are downloading at the same time.  With 11ac Wave 2, you actually will be.

802.11ac – Is it worth the investment? Part 1 of 2.

Why would you invest in 802.11ac technology?

It’s a good question, and a common one.  For most businesses to invest in 11ac (IEEE 802.11ac), the business value of the technology needs to be measured.  This can be hard.  To assist us, it is worthwhile to set a baseline. Before we look at that however, just what is 802.11ac?

In a nutshell, it is the latest technology advancement in the IEEE standard for Wi-Fi performance or speed. Before this, there was [IEEE 802.11] a,b,g and n.  Each amendment progressively supplies faster, more efficient service to Wi-Fi clients and consequently better performance for all over a wireless medium.  From a business standpoint, you may ask how faster Wi-Fi helps your productivity?  I will attempt to answer that below.

Back to the baseline.  The baseline can be measured in two parts.

  • First, we can look at which stage of evolution your business Wi-Fi is at.
  • Second, we note which benefits 11ac can bring to an organisation’s network and what it promises in the future.

With the first part, your business may be one of three places right now:

  1. There is no existing wireless solution but there is a new business need that requires it.
  2. The business has an existing Wi-Fi installation that is over three years old and due for an upgrade. Or it is opening a new site with no Wi-Fi and is considering deploying the latest Wireless Access Points there.
  3. The business needs cutting edge technology.  It has a relatively recent installation of 802.11n and is looking to take advantage of the latest Wi-Fi enhancements in 11ac.

The second part of the baseline is understanding that 11ac technology is essentially coming in two waves.  Wave 1, the 11ac that we can buy today, provides at least a 30% speed increase over 802.11n, sometimes even 150% – but this comes with lots of caveats – more on that later. Wave 2, where the promise of the real spectacular is (at least to Wi-Fi professionals like myself), are anticipated to be released by some enterprise wireless manufacturers sometime in 2015.

Why is the speed increase important?  More throughput usually equals higher productivity.  Users can do their work faster if they are not waiting to “use” the network.  Unlike the dedicated network cable connected to your laptop with all that bandwidth just for you, wireless is a shared medium; where only one device can talk at one time and where all devices connected to the same Wi-Fi Access Point queue up, to send and receive traffic on it.  The speed increase means that devices with faster technology use the shared medium for less time to send the same amount of data.  Basically, you’re on and off faster which means a quicker performance for everyone.

So faster speed = better productivity.  But to a business, it must examine the material benefit: if my Wi-Fi transfers data say, 50% faster than before, does that provide any real value?  If I sit at my desk sending emails, preparing documents and browsing the web, is this network performance increase going to equate to markedly improved productivity on my part?  Perhaps not.  If the Wi-Fi is doing a lot of file transfers, video/voice or other downloads, then yes. I believe it is something that only each organisation can calculate for themselves.

It all ties back to the “Should I invest” question: the answer is entirely dependent upon where your business is at in the adoption of wireless.  I will talk about this in Part 2.