There are a lot of important decisions that go into creating a wireless network. Zeroing in on the right wireless solutions often comes down to how you want to manage and secure your network.
Among your most critical considerations is determining which type of controller your wireless network will require. Your three primary options include:
or controllers in the cloud.
How do you know which approach is best for your wireless network? And then, depending on the choice you make, how does that impact reporting, troubleshooting and ultimately the individual user experience.
In on-premise wireless networks, a wireless controller manages a set of access points. You won’t configure the access points directly. Instead, you’ll configure the controller and the controller pushes out all of the settings to the access points. Essentially, the wireless controller handles all of the radio frequency (RF) changes on today's networks. It even does it automatically via different algorithms so that your 5 GHz or 2.4 GHz networks are optimized automatically. It can also load balance clients if too many are on one access point (AP). If you have enough AP density in a certain area, the controller gracefully shifts clients from a fully-loaded AP over to a less congested one. You’ll also have the ability to dynamically bond channels. Instead of manually configuring from 20 MHz channels to 40, or 40 back to 20, dynamic balance allocation occurs. The controller also determines if there is too much 2.4 GHz traffic in a particular area. If that’s the case, it will convert from 2.4 GHz to 5 GHz with dual 5 GHz now on one access point.
"Based on its default configuration, the wireless controller tunnels all traffic back to the controller." Ken Beck, Solutions Architect, VectorUSA
Your client connects to the AP and the AP forms a tunnel back to the controller. The client traffic will then egress out of the interface on the controller to your core switch. It's advantageous to have a controller tunnel everything back to where you have centralized policy enforcement. That’s where you’ll have all of your firewall rules, either on the controller itself, or it's going to hop on whatever segment you’re on. Regardless, it’s going to hit a firewall or an IPS and be interrogated at some point. It’s always recommended to put the firewall closest to the source traffic as possible. This will help curtail client traffic that will eventually just get dropped at its final egress point.
Virtual controllerWith a virtual controller, the APs take over the role of a controller. Because a centralized configuration is your primary concern, you won’t have the ability to tunnel all of your traffic to a central location. All of your user or client traffic now goes into the access point and out the port that the access point is connected to. You’ll still be using an on-premise configuration, but your traffic is now local to the AP. All of your policy enforcement is now done at the AP which is a good thing, however, this means that all client traffic will traverse the wired network back to the data center or back out to the Internet. This client traffic will be scrutinized on AP’s built-in firewall and then placed on the wired network. Careful consideration needs to be taken into account. Such things as QOS and how to segment Guest traffic from any production traffic gets a little more involved on the wired side. Again, it all depends on how you want to manage and secure your network.
"Typically, you want to have the firewall as close to the source as possible." Ken Beck, Solutions Architect, VectorUSA
This ensures you won’t get any of the bad traffic on your network, only to then have to interrogate and drop it. In such cases, it's also using up precious bandwidth CPU cycle upstream.
Controller in the cloud
A controller in the cloud is similar to a virtual controller running on an AP where all your client traffic is local to the AP (ingresses and egresses out of the ports connected to the AP) and it's not tunneled back to a central location. Your management is centralized into the cloud. The APs don't take on that role, the cloud management platform does. One big advantage of cloud services is that they come with basic centralized monitoring built into the subscription. There’s no need to spin up a monitoring server as needed with on-premise based solutions.
What about reporting and troubleshooting?
Based on these three controller choices, how will they affect reporting and troubleshooting logs? For wireless controllers, the controller has to send its information to an on-premise box which will then collect all the information for you to then configure your reports. The same holds for virtual controllers which are also on-premise. For a controller in the cloud, it's typically going to use the default or built-in cloud monitoring for reporting. As for troubleshooting logs with wireless controllers, you can log into the controller, add some debugs and examine the logs there. For a virtual controller, you have full access which is on-premise to do real-time logging. If you’re debugging a controller that's in the cloud, you don't have a lot of resources there because you don't have direct access to the controller in the cloud. Sometimes you won’t get real-time information. And debugging and troubleshooting a cloud-based controller can be somewhat difficult because you don't have the real-time aspect of it. Normally, if it’s a complicated issue, you’ll need to bring in the cloud company's tech support to dive deeper into the issue.
It’s all about the user experience
"No matter which controller you use as one of the critical building blocks for your wireless network, the user experience is ultimately paramount." Ken Beck, Solutions Architect, VectorUSA
In retail, for example, that might involve asset tagging, location-based or presence analytics, knowing how many customers are using WiFi, overall foot traffic, the amount of dwell time, where people are looking at a certain item, how many repeat customers they have, and so on. Once you’ve identified your user experience requirements, you’ll next need to determine the kind of reporting required. If your WiFi is customer-facing, leveraging advertising and other marketing opportunities helps drive business decisions. If you’re a stadium, you need to know how many people are on the WiFi and how easy it will be for event attendees to order food from your concession areas, etc. No matter which solution is chosen to meet the desired user experience, VectorUSA can provide the right management options for your business. Following are some examples:
After considering all of the design criteria and business outcomes:
VectorUSA can provide on-the-job training during the project to provide a seamless handoff to the engineers ultimately responsible for the new wireless solution.
If there are no engineers assigned to maintain the wireless solution, then VectorUSA offers Managed Services to ensure a consistent user experience.
VectorUSA can offer any iteration in between providing value by augmenting tasks for any requests that come our way.
Through VectorUSA Managed Services, we’ll help you maintain the user experience for the customer because firmware always needs updating and new devices come out that won’t necessarily be ready for your network until it’s upgraded. Bottom line, if you’re not focused on the wireless network and the user experience, then you need to offset that management to either VectorUSA or someone else who’s going to be thinking about that for you.