Wireless Access

I'm thinking about a new wireless network design for a small company. The goal is to create the best next gen mobile experience possible. Wired Access is not desired if it can be avoided.

To meet capacity and coverage goals a total of 5 APs will be sufficient. In addition to that a couple of remote APs will be useful to provide access for home offices, on the road, etc. Throughput requirements at the remote AP side can be ignored.

Let's assume 5x AP205H for the remote locations and 5x AP335 for the central office.

I see two general approaches:

1)

Instant AP335s at the central office, 7005 controller (perhaps 2 for master-redundancy) in the DMZ for RAP-termination and configuration => cost effective, campus controller sizing is not relevant, no single point of configuration and monitoring, lack of some centralized controller features for campus aps.

2)

7005 controller in DMZ for RAP-termination, 7005 master controller and redundant local 70xx Controllers at network core for termination of AP335 => looks like a total overkill, local controller sizing does matter, more money, single point of configuration and monitoring, central pef, rba and other controller features are available.

If we assume 100 client devices (30 x 802.11ac staff laptops, 30x smartphones for VoIP, 40x BYOD or guest devices) equaly distributed over the APs and the ap utilization is moderate to high, lets say 0,5-1Gbit/s per AP on the wired side: Which is the local controller model to go with? The 7010 has 4Gbps and the 7030 has 8Gbps firewall throughput. With the assumptions given, I have to choose the 7030 or 2x 7010 in active/active mode to avoid a bottleneck..

Are there other approaches I have missed? Is there a solution in between the two mentioned above?

Using the DMZ 7005 controller for rap-termination and as a master could be an option. Not sure if this is recommended from a security perspective.

To summarize: The problem is the combination of enterprise requirements/density with remote APs vs. small site/costs.

Do you came across a similar conflict?

Any input is highly appreciated.

Thanks!

Michael

Any ideas on this topic?

The way you describe it, either one would do, but you mention "the lack of centralized controller features" in #1 would make me favor #2.

Without knowing any more about the users, I would say #2, if those were my only choices.

Without knowing what type of business the user is running and where the main resources like email and files are located (on premise vs. off premise), there is nothing more to really comment.

Thank you for your comment.

All resources and services are centralized at the central office. Remote users have to access these resources to. Typical office applications and unified communication (thinking about skype for business) are the main use case. There is the need to occasionally copy large files (multiple gigs) between servers and client and between stations.

Would you agree with my controller sizing thoughts (based on the assumptions made earlier)?

Is using the dmz-controller for rap-termination and as a master for local-controller management an option or should one go with a dedicated master-controller?

It depends.  a DMZ controller is typically selected based on security requirements.  If firewalling and WLAN are typically run by different engineering groups or there is a specific security requirement to terminate VPN connections in the DMZ, you would have a separate DMZ controller.  Technically, it would work either way, but it is easier to separate equipment and functions based on security requirements and how the company is managed.