20 management measures every vendor WLAN should provide
With enterprise-class wireless LANs well on the way to becoming the preferred -- if not default -- access for organizations across all industries, it's imperative that the software available to manage WLAN gear is up to the task.
With enterprise-class wireless LANs well on the way to becoming the preferred -- if not default -- network access method for organizations across all industries, it's imperative that the software available to manage WLAN gear is up to the task.
Historically, management software provided by individual vendors has been the vehicle of choice for almost all installations. WLAN vendors have made significant investments in their management tools, but they can certainly do more. Moving forward, we believe, WLAN management will become the key differentiator between otherwise competitive WLAN products.
Exactly what should go into a WLAN management system, and how the resulting functionality should be presented to the user, remains a matter of some debate. Most products allow some form of policy-based definition of services available to a given user, usually by grouping users into classes and then defining privileges for these classes based on such variables as traffic priority, user location, time of day, and even class of subscriber unit.
Most products implement some degree of management services in a WLAN switch or controller, but the preferred approach is to use management software running as an application on a server or ideally an appliance. Given the large number of functional units required to construct enterprise-scale WLAN infrastructure, a centralized implementation of management functionality is essential.
Because vendors use diverse combinations of management capabilities in their product offerings, it is difficult to generalize specific classes of functionality. But the following are key system management functions that should already be included in your WLAN bundle.
1.) WLAN planning tools
Most WLAN management systems allow for the importation of building layouts via .dxf or similar files, and some, most notably Bluesocket's Wireless LANPlanner, Trapeze's RingMaster, and Motorola's LANPlanner (no relation to Bluesocket's product), allow radio-propagation properties to be assigned to elements in the resulting virtual structure. Simulations, often including 3D analysis rather than simple 2D studies of radio performance, allow for the automated placement of access points.
It is of course also important at this stage to consider throughput requirements, user and application loading, and bandwidth required for time-bounded traffic, such as voice. Unfortunately, this type of preparation usually involves manually crunching current network management logs and basing access point count and placement accordingly. We see this as a major opportunity for enhanced functionality going forward.
2.) Automated deployment and operations
Auto-discovery of core functional units such as WLAN controllers and access points (and even access points at remote sites) is a common function of most base WLAN packages, as is some level of automation for initial setup and configuration of WLAN devices. This automation is particularly important when multiple controllers and many access points are involved, as the manual configuration of each element would be both time-consuming and error-prone.
3.) Monitoring and control
All WLAN management tools allow IT staff to monitor and control RF coverage and performance, access point user loads, throughput, and system performance even to the level of an individual user or station. Essentially all WLAN products do a great job of this today, but often reflect the system vendor's bias as to what variables are most important. Flexibility and ease-of-use are vital in the fast-paced world of management.
4.) Optimization and extensibility
The number of variable control points in WLANs can be quite large, so some automation in the analysis of system behavior and performance as well as some automatic tuning of the related parameters is a key capability in any WLAN management implementation. Again, essentially all vendors provide this feature, as the manual configuration of access points would be suboptimal if not in fact impossible today.
Enterprise-class WLAN management systems must also provide interfaces to external databases, including those for directory services and authorization, and allow and enable the export of management data, with appropriate security, to external network management systems and analysis tools.
Given all of these requirements for potential installation-specific connectivity, standard database (e.g., SQL Server) functionality and support for interchange file formats (like CSV and Microsoft Excel) are essential. Almost all WLAN management tools support external interfaces to varying degrees.
5.) Reporting and logs
Producing logs and management reports is a vital function of any network management system. Log entries must include all changes to configuration and recordable events as enabled by the management system vendor and designated by network operations staff. Reports reflect network behavior over time, such as number of users, throughput analysis and security events. Several WLAN management products, such as Cisco's 5.1 release of their WCS management suite, have the ability to produce regulatory compliance reports, such as for PCI (in Cisco's case) or Sarbanes-Oxley.
6.) RF spectrum management
While initial RF configuration is important, it's similarly important to be able to reconfigure RF parameters automatically should an access point fail, a new access point be added, or interference be detected. The detection of interference, and resulting actions to notify operations staff and reconfigure access points as required, is a major opportunity today. Note, however, that this involves specialized (not Wi-Fi) radio hardware to detect non-Wi-Fi interference. While we believe that interference will become an increasing challenge, no vendor today has integrated this Layer-1 monitoring into the WLAN management system – although Cisco has the technology in its Spectrum Expert product and has discussed integrating this capability into management software.
WLAN security management implementations across the market tend to be rather elaborate, a direct outcome of the historical and always-present concerns over wireless security. WLAN management systems universally include the ability to set security policy, and many include firewalls, links to upper-layer encryption and authentication (such as RADIUS), intrusion detection/prevention systems (which remains available in dedicated form for redundancy and auditing purposes), rogue access points and ad-hoc client detection and mitigation, and detection of spoofed SSIDs.
Note that 802.11 encryption (such as WPA and WPA2) and authentication is always supported but is not sufficient for adequate security – hence the requirement for management systems to support all of the other functionality noted here.
In addition, some products, including those from Aruba and Meru, are certified compliant with the FIPS 140-2 government-level "sensitive but unclassified" security specification, with appropriate management interfaces. This is the spec for the security of "sensitive but unclassified" information in government applications, and we encourage its use in commercial settings as well.
8.) Mobility management
This category includes tools that help IT support roaming, load balancing and session persistence. These elements are unique to WLANs, and allow connections to be maintained and optimized as users roam between access points. Note that roaming events can be defined as acceptable even over long periods of time, for example, between widely spaced geographies – hence the need for persistence.
A recent addition to this capability includes the integration of management functions for network-based applications, as is seen in Cisco's 3300-series Mobility Services Engine (MSE). The MSE actually provides a home for applications, moving them into the network in a physical-layer-independent fashion and thus making them transparently available irrespective of access. We expect significantly more upper-layer functionality to be included in WLANs in the future, redefining the services of WLAN management systems that make these work.
9.) Troubleshooting and remediation
Again, with so many possible configuration and environmental variables, support for problem detection and resolution is essential. Key features here include alerts and alarms, reliability services, and ties to external management interfaces.
As is the case with wired network management, it's important to be able to view (and log) alert messages and alarm conditions and specify how these should be handled. All of the products we've used do a good job, with the key variable being how the alerts and alarms are presented to the user.
Most enterprise-class WLANs systems can be reconfigured by their management systems in the event of the failure of a controller or access point. In the case of controller, a standby unit is required, but access points can simply and automatically be reconfigured in terms of channel and transmit power. This can result in a loss of capacity, but not coverage if the access points are spaced closely enough. This automated response to a critical condition minimizes the load on operations staff, eliminating the need for traditional troubleshooting procedures.
10.) Accessible interface
Enterprise-class management tools are increasingly being implemented as Web services, with a browser interface. This extends access even to handheld wireless devices, allowing a high degree of flexibility with (properly implemented, anyway) no compromise of security or integrity.
11.) Managing voice services
Farpoint Group believes that VoFi (VoIP over Wi-Fi) is becoming a key driver of enterprise WLAN deployments, and that this trend will accelerate driven by the increasing availability of Wi-Fi handsets and cellular handsets that include Wi-Fi and convergence functionality. While placing a relatively low data load on the installation, voice management features must include capacity planning, coverage verification, traffic monitoring, and even such capabilities as call admission control and interfaces to IP PBX and convergence services.
12.) Location and tracking
A number of techniques can be used to implement the tracking of unmodified Wi-Fi clients with good resolution – even to within a meter or two. This function is often implemented with a separate appliance, but with the management of this hardware as part of the WLAN management system itself. Like VoFi, the use of wireless location and tracking is increasing rapidly, with applications in logistics, warehousing, healthcare, assisted living facilities, and just in basic system management functions such as load balancing and determining when to hand off a voice connection to a cellular network.
13.) Visitor and guest access
These are key functions in many facilities today, and the guest access system can be used to authorize users with temporary credentials, revoke access when required or at a pre-determined time, and restrict access to certain parts of the building and (typically) external Internet service only - although printing, for example, might be also allowed. Guest access functions are implemented as an extension to policy-management functionality in many systems.
14.) Multi-site management
Larger organizations require the ability to manage WLANs across multiple floors and buildings, a campus, and even multiple sites that could easily span the planet. It’s not a big technical challenge to make this work, but it is important that the management platform scale to handle multiple servers from a single management console (sometimes called "master console" functionality).
Pushing for the future of WLAN management
WLANs are ever-changing places and management tools will need to keep up with that pace. If you want to make sure your platform will keep pace with your organization, here are six management-focused opportunities to discuss with your vendor:
We've spoken with several vendors about "click to fix" functionality, similar to that implemented in PC system-verification and virus-scanning tools, with the suggested solution implemented quickly and easily. Today's management tools almost always require significant training or at least meaningful user experience for best results. Experts, wizards, and similar ease-of-use constructs are an excellent response and will likely, we believe, become a competitive differentiator.
The standard interface screens may not be what a given operations team desires. Being able to customize user interface and management reports will become increasingly common. Broad customization may introduce significant challenges for vendor support teams, but making the product work like operations staff want it to – with custom menus, monitoring screens and reports – will go a long way to meeting the specific needs of a given site.
Cisco fears competition to its Hyperflex hyperconverged platform and kicks Nutanix out of it's Solution...
A review of 19 companies that offer free cloud storage
By forcing Windows 10 on users, Microsoft has lost the tenuous trust and credibility users had in the...
Ahead of VMWorld, VMware CEO Pat Gelsinger offered some of the most detailed comments yet about the...
Microsoft Windows isn't just a collection of products, but a series of events that helped shape the PC....
Most security tools are focused on keeping external attackers at bay. But what about the sensitive data...
As the number of ransomware demands increase, users should be aware of hollow threats.