Wi-Fi is on its way to become the dominant access network technology. Modern smart devices no longer have an RJ45 connector. You just can’t connect a network cable to an iPad. Period. Not everything is a bed of roses, though. As with any rapidly evolving technology, the pitfalls abound. Here are some of the issues I see out in the field on a regular basis.
Most organizations could deploy an access network entirely based on Wi-Fi technology, with levels of security, robustness and manageability matching, or even surpassing the ones found in traditional LANs. When considering a Wi-Fi project three major elements are involved: the radio frequency environment, the access network and the Wi-Fi clients. Poor planning or an incomplete design can result in serious issues in any of these areas, with effects on security and performance. Let’s review some of the most common issues and misconceptions we run into every day:
Lack of design – amazing as it is, some Wi-Fi networks are
deployed with little to no design at all. Access points are
bought, installed and activated with no consideration to the
specifics of the environment, the applications to be accessed or
the performance and reliability desired. This explains why some
vendors still find buyers for 2.4 GHz 802.11g-only access points
(limited to 54Mb/s and, at most, 3 channels). It also explains
why there are still so many bad experiences in Wi-Fi adoption.
Recommendation: Design is everything. It is the first step in a successful Wi-Fi implementation.
It’s all about the clients! – Your Wi-Fi network will be just as fast and manageable as your clients allow it to be. Like everything else related to personal computing platforms, we can be in difficult territory. At the risk of oversimplification, we can say that your clients (meaning the Wi-Fi adapters on desktop, notebooks and mobile devices) may or may not be compatible with 802.11n. That matters a lot. Even if they are 802.11n capable, they may be restricted to using the 2.4 GHz band (this happens, for instance, with older iPhone models). A large number of the client devices currently in operation have either one of those limitations. Unless carefully considered in the design, those restrictions can negate a lot of the benefits of modern Wi-Fi networks. Special care must be taken in environments where most client devices are outside the organization’s control, such as in a school campus on in public venues.
Recommendation: Consider what type of client devices you have when designing your network. Select vendors whose technologies offer you ways to deal with these potential restrictions. Airtime fairness is a technique that prevents old, slow devices from monopolizing the communication channels. Band steering is another technique that directs dual-band devices to move to the 5 GHz band, alleviating congestion on the 2.4 GHz band (which many devices default to).
Wi-Fi networks everywhere – the coexistence of separate Wi-Fi networks and multiple SSID’s in the same environment can be a serious problem. For historical reasons or because of vendor misinformation, some organizations have opted to deploy physically separated Wi-Fi networks (sometimes from different vendors!) according to user type (one for employees, one for consultants, one for guests) or application (one for data, one for voice, one for video). Not only is this no longer necessary – modern Wi-Fi technology allows for separation, prioritization and treatment of traffic streams based on user, device, application and localization, all within the same SSID – it will actually create deep performance degradation, as each Wi-Fi network will see the other(s) as harmful interference and will spend much of its resources trying to avoid or combat it rather than serving users.
Recommendation: design and deploy a single network for all your Wi-Fi needs including data, voice and video, and use the appropriate mechanisms to segregate and prioritize traffic.
Outdated access switches – 802.11n dual-radio Wi-Fi access points are capable of reaching close to 1 Gb/s in aggregate throughput. Connecting them to 100 Mb/s switch ports is a sure way to waste investment and create user frustration. It’s also very common.
Recommendation: Consider upgrading your access switches as part of your Wi-Fi project.
BYOD-Hysteria – Regardless of what you and your organization think the Bring Your Own Device trend, the consumerization of IT is a fact. Sooner or later, one way or another, someone – the expensive consultant, the visiting executive or the geeky board member – will require that their ‘iSomething’ be given access to the corporate Wi-Fi network, and the floodgates will open. Better plan for it from the start. Consider that each individual today has at least one Wi-Fi-capable personal device.
Recommendation: Include in the Wi-Fi network design the capabilities required to authorize and onboard personal devices according to corporate policies.
Signal Leakage – Some customers are worried about the Wi-Fi network leaking into the street! It is good to be concerned with security, one needs to understand the correct ways to protect a Wi-Fi network. The best protection is still an Intrusion Prevention / Detection System (IPS/IDS) tightly integrated into the network. Blocking the signal is often impossible, very costly and adds little in terms of security. Remember a good number of attacks come from within the organization.
Recommendation: Make sure the technology you select has a solid IPS/IDS implementation.
AND MY PERSONAL FAVORITE….
I can’t give you access to our Wi-Fi because the lady who authorizes it is not back from lunch yet – true story. Many organizations spend a lot of money to set up a Wi-Fi network only to remain tied to outdated, slow and unpredictable internal processes when it comes to giving access to external parties such as guests and temporary workers. In most cases, a consultant who needs Wi-Fi access will depend on someone to manually create that access. This wastes precious resources and creates security exposures, as a huge pile of user accounts (that should have been temporary) accumulates over time. A lot of the value of a Wi-Fi network resides on its being a single, universal access network to all parties. A network that is hard to access might as well not exist.
Recommendation: make sure your Wi-Fi technology has the means to automate the authorization of access for third parties in a fast and safe way. In my company, a self-service terminal at the reception allows guests to sign up for access and get their credentials seconds later by SMS. The accounts are automatically deleted after a few hours or days, depending on the case.
The famous Danish physicist Niels Bohr once said that forecasting is very difficult, especially about the future. We can’t say a lot about what the future corporate IT devices will look like, but it seems safe to say one thing: they definitely won’t be getting their network connection through a cable.
Written by Roberto Motta, Channel Account Manager
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.