We are preparing for a global deployment of IAP using Airwave as a backend to manage and monitor these devices. We are starting to run into an issue i would describe as 'Group creep'.
I relized i would need multiple groups to manage my devices, but now i am strugling how this will be managed in the long term. We are planning to deploy to NA(USA, Canada), multiple EU countires, as well as multiple Asian locations.
So as far as i can see, i will need different groups for:
- Every regulatory domain
- Every group which broadcasts different SSIDs(branch vs corp vs guest)
- Different RF limits(wearhouse vs office)
- Different VPN configurations
I understand that we could use overrides, but this does not scale to dozens or hundreds of VCs.
How do we manage our groups so that we dont end up with so many that any change become a huge effort? If i need to update a firewall policy, and we have 20 groups that makes 20x the same task to change a rule.
Another question i have is if we are deploying to multile EU countries, do we need a group for each? Can we apply 1 regulatory domain across all EU zones, or is each country still considered to have different regulatory limits and would require it's own group? I'm worried we are going to have to have a Group for each country(dozens), and in each country we would then need 2 different group, one for guest only, one for corp and guest. So if we have 10 countries in EU, 10 in Asia, plus Canada and USA, we now have 22 regulatory domains, with 2 types of settings in each, we now have 44 groups. This just doesn't scale in my mind.
How are people managing global IAP deployments using Airwave? I am open to any advice.
I googled around and it looks like regulatory restrictions are harmonized across most of europe, so if we apply a GB regulatory domain to our group could we deploy APs in this group across europe? For 'ROW' APs, can we just put them all in one regulatory domain?
_ELiasz