Navigating the WLAN management maze

20 management measures every vendor WLAN should provide

With enterprise-class wireless LANs well on the way to becoming the preferred -- if not default -- access for organizations across all industries, it's imperative that the software available to manage WLAN gear is up to the task.

With enterprise-class wireless LANs well on the way to becoming the preferred -- if not default -- network access method for organizations across all industries, it's imperative that the software available to manage WLAN gear is up to the task.

Read part 2 of this series.Read the transcript from Craig Mathias's live chat where he answered readers' questions about wireless LAN management.

Historically, management software provided by individual vendors has been the vehicle of choice for almost all installations. WLAN vendors have made significant investments in their management tools, but they can certainly do more. Moving forward, we believe, WLAN management will become the key differentiator between otherwise competitive WLAN products.

Exactly what should go into a WLAN management system, and how the resulting functionality should be presented to the user, remains a matter of some debate. Most products allow some form of policy-based definition of services available to a given user, usually by grouping users into classes and then defining privileges for these classes based on such variables as traffic priority, user location, time of day, and even class of subscriber unit.

Most products implement some degree of management services in a WLAN switch or controller, but the preferred approach is to use management software running as an application on a server or ideally an appliance. Given the large number of functional units required to construct enterprise-scale WLAN infrastructure, a centralized implementation of management functionality is essential.

Because vendors use diverse combinations of management capabilities in their product offerings, it is difficult to generalize specific classes of functionality. But the following are key system management functions that should already be included in your WLAN bundle.

1.) WLAN planning tools

Most WLAN management systems allow for the importation of building layouts via .dxf or similar files, and some, most notably Bluesocket's Wireless LANPlanner, Trapeze's RingMaster, and Motorola's LANPlanner (no relation to Bluesocket's product), allow radio-propagation properties to be assigned to elements in the resulting virtual structure. Simulations, often including 3D analysis rather than simple 2D studies of radio performance, allow for the automated placement of access points.

It is of course also important at this stage to consider throughput requirements, user and application loading, and bandwidth required for time-bounded traffic, such as voice. Unfortunately, this type of preparation usually involves manually crunching current network management logs and basing access point count and placement accordingly. We see this as a major opportunity for enhanced functionality going forward.

2.) Automated deployment and operations

Auto-discovery of core functional units such as WLAN controllers and access points (and even access points at remote sites) is a common function of most base WLAN packages, as is some level of automation for initial setup and configuration of WLAN devices. This automation is particularly important when multiple controllers and many access points are involved, as the manual configuration of each element would be both time-consuming and error-prone.

3.) Monitoring and control

All WLAN management tools allow IT staff to monitor and control RF coverage and performance, access point user loads, throughput, and system performance even to the level of an individual user or station. Essentially all WLAN products do a great job of this today, but often reflect the system vendor's bias as to what variables are most important. Flexibility and ease-of-use are vital in the fast-paced world of management.

4.) Optimization and extensibility

The number of variable control points in WLANs can be quite large, so some automation in the analysis of system behavior and performance as well as some automatic tuning of the related parameters is a key capability in any WLAN management implementation. Again, essentially all vendors provide this feature, as the manual configuration of access points would be suboptimal if not in fact impossible today.

Enterprise-class WLAN management systems must also provide interfaces to external databases, including those for directory services and authorization, and allow and enable the export of management data, with appropriate security, to external network management systems and analysis tools.

Given all of these requirements for potential installation-specific connectivity, standard database (e.g., SQL Server) functionality and support for interchange file formats (like CSV and Microsoft Excel) are essential. Almost all WLAN management tools support external interfaces to varying degrees.

5.) Reporting and logs

Producing logs and management reports is a vital function of any network management system. Log entries must include all changes to configuration and recordable events as enabled by the management system vendor and designated by network operations staff. Reports reflect network behavior over time, such as number of users, throughput analysis and security events. Several WLAN management products, such as Cisco's 5.1 release of their WCS management suite, have the ability to produce regulatory compliance reports, such as for PCI (in Cisco's case) or Sarbanes-Oxley.

6.) RF spectrum management

While initial RF configuration is important, it's similarly important to be able to reconfigure RF parameters automatically should an access point fail, a new access point be added, or interference be detected. The detection of interference, and resulting actions to notify operations staff and reconfigure access points as required, is a major opportunity today. Note, however, that this involves specialized (not Wi-Fi) radio hardware to detect non-Wi-Fi interference. While we believe that interference will become an increasing challenge, no vendor today has integrated this Layer-1 monitoring into the WLAN management system – although Cisco has the technology in its Spectrum Expert product and has discussed integrating this capability into management software.

7.) Security

WLAN security management implementations across the market tend to be rather elaborate, a direct outcome of the historical and always-present concerns over wireless security. WLAN management systems universally include the ability to set security policy, and many include firewalls, links to upper-layer encryption and authentication (such as RADIUS), intrusion detection/prevention systems (which remains available in dedicated form for redundancy and auditing purposes), rogue access points and ad-hoc client detection and mitigation, and detection of spoofed SSIDs.

Note that 802.11 encryption (such as WPA and WPA2) and authentication is always supported but is not sufficient for adequate security – hence the requirement for management systems to support all of the other functionality noted here.

In addition, some products, including those from Aruba and Meru, are certified compliant with the FIPS 140-2 government-level "sensitive but unclassified" security specification, with appropriate management interfaces. This is the spec for the security of "sensitive but unclassified" information in government applications, and we encourage its use in commercial settings as well.

8.) Mobility management

This category includes tools that help IT support roaming, load balancing and session persistence. These elements are unique to WLANs, and allow connections to be maintained and optimized as users roam between access points. Note that roaming events can be defined as acceptable even over long periods of time, for example, between widely spaced geographies – hence the need for persistence.

A recent addition to this capability includes the integration of management functions for network-based applications, as is seen in Cisco's 3300-series Mobility Services Engine (MSE). The MSE actually provides a home for applications, moving them into the network in a physical-layer-independent fashion and thus making them transparently available irrespective of access. We expect significantly more upper-layer functionality to be included in WLANs in the future, redefining the services of WLAN management systems that make these work.

9.) Troubleshooting and remediation

Again, with so many possible configuration and environmental variables, support for problem detection and resolution is essential. Key features here include alerts and alarms, reliability services, and ties to external management interfaces.

As is the case with wired network management, it's important to be able to view (and log) alert messages and alarm conditions and specify how these should be handled. All of the products we've used do a good job, with the key variable being how the alerts and alarms are presented to the user.

Most enterprise-class WLANs systems can be reconfigured by their management systems in the event of the failure of a controller or access point. In the case of controller, a standby unit is required, but access points can simply and automatically be reconfigured in terms of channel and transmit power. This can result in a loss of capacity, but not coverage if the access points are spaced closely enough. This automated response to a critical condition minimizes the load on operations staff, eliminating the need for traditional troubleshooting procedures.

10.) Accessible interface

Enterprise-class management tools are increasingly being implemented as Web services, with a browser interface. This extends access even to handheld wireless devices, allowing a high degree of flexibility with (properly implemented, anyway) no compromise of security or integrity.

11.) Managing voice services

Farpoint Group believes that VoFi (VoIP over Wi-Fi) is becoming a key driver of enterprise WLAN deployments, and that this trend will accelerate driven by the increasing availability of Wi-Fi handsets and cellular handsets that include Wi-Fi and convergence functionality. While placing a relatively low data load on the installation, voice management features must include capacity planning, coverage verification, traffic monitoring, and even such capabilities as call admission control and interfaces to IP PBX and convergence services.

12.) Location and tracking

A number of techniques can be used to implement the tracking of unmodified Wi-Fi clients with good resolution – even to within a meter or two. This function is often implemented with a separate appliance, but with the management of this hardware as part of the WLAN management system itself. Like VoFi, the use of wireless location and tracking is increasing rapidly, with applications in logistics, warehousing, healthcare, assisted living facilities, and just in basic system management functions such as load balancing and determining when to hand off a voice connection to a cellular network.

13.) Visitor and guest access

These are key functions in many facilities today, and the guest access system can be used to authorize users with temporary credentials, revoke access when required or at a pre-determined time, and restrict access to certain parts of the building and (typically) external Internet service only - although printing, for example, might be also allowed. Guest access functions are implemented as an extension to policy-management functionality in many systems.

14.) Multi-site management

Larger organizations require the ability to manage WLANs across multiple floors and buildings, a campus, and even multiple sites that could easily span the planet. It’s not a big technical challenge to make this work, but it is important that the management platform scale to handle multiple servers from a single management console (sometimes called "master console" functionality).

Pushing for the future of WLAN management

WLANs are ever-changing places and management tools will need to keep up with that pace. If you want to make sure your platform will keep pace with your organization, here are six management-focused opportunities to discuss with your vendor:

1.) Automation

We've spoken with several vendors about "click to fix" functionality, similar to that implemented in PC system-verification and virus-scanning tools, with the suggested solution implemented quickly and easily. Today's management tools almost always require significant training or at least meaningful user experience for best results. Experts, wizards, and similar ease-of-use constructs are an excellent response and will likely, we believe, become a competitive differentiator.

2.) Customization

The standard interface screens may not be what a given operations team desires. Being able to customize user interface and management reports will become increasingly common. Broad customization may introduce significant challenges for vendor support teams, but making the product work like operations staff want it to – with custom menus, monitoring screens and reports – will go a long way to meeting the specific needs of a given site.

3.) Extensibility

Extending the function of the management system as might be desired by a given installation via APIs, XML or similar techniques will increase the value of the products in increasingly complex enterprise environments. We're already seeing XML being put to greater use, for example in the AirWave Management Platform (see review of AirWave platform) and in Bluesocket's management suite. We even believe that XML could begin to replace SNMP, and become the basis for the next generation of unified management tools.

4.) Extensions to 802.11

A number of Working Groups within 802.11 are developing new standards that will impact the services that WLAN management systems offer. Among the most important are 802.11v (station management) and 802.11w (protected management frames), but most upcoming additions to the standard will have an impact on WLAN management systems. The current crop of additions should be completed within two years, but we see no end in sight to activity within 802.11 anytime soon.

5.) Mobile device management

Extending network management to the very edge of the network – to the individual mobile device and its user – will also become increasingly important over the next few years. Such functions as initial configuration, configuration monitoring and verification, device security and integrity, device backup and lockdown, and even "zapping" (bulk erasing over the air) will also eventually become part of core network management systems.

The bad news is that this advance may take a while – mobile device management is implemented today as a separate and distinct function unrelated to wireless (or wired) LAN management, and vendor product managers need to look at network management as a continuum from device to server in order for this evolution to take place.

6.) Unified management

Finally, it's time to stop thinking wired and wireless LAN and focus just on the LAN with a unified management strategy. While this is a very important direction, it is difficult to achieve because of the huge range of network products on the market (or otherwise installed), the large amount of code to be written, and the need for inter-vendor cooperation, difficult to obtain in a highly competitive market like networking equipment. This problem is best resolved via an industry consortium, and we believe such an organization will eventually be formed.


As basic radio and WLAN technologies begin to mature, product differentiation will most easily derive from system architecture and management-system features. While the former can only be evaluated only via performance benefits (which can be very difficult indeed to evaluate), the cost savings realized through robust and easy-to-use management functionality can make a real difference to organizations of any size. Good management systems, again, minimize operational expense, which can be much greater than the capital expense involved in purchasing the system to begin with.

The key, then, to successful WLAN deployments, and thus the installation and operation of what is rapidly becoming the primary and default access for users everywhere, is to get operations staff involved in RFP creation and equipment evaluation as early as possible. And what's key to them? Why, WLAN management, of course.

Mathias is a principal with Farpoint Group, an advisory firm specializing in wireless networking and mobile communications. He is an internationally known consultant, author, and analyst, and serves on the advisory boards of three industry events. He is also a regular columnist for two publications, including Computerworld, and his blog, Nearpoints, resides at Network World. He can be reached at

NW Lab Alliance

Mathias is also a member of the Network World Lab Alliance, a cooperative of the premier reviewers in the network industry each bringing to bear years of practical experience on every review. For more Lab Alliance information, including what it takes to become a member, go to

From CSO: 7 security mistakes people make with their mobile device
Join the discussion
Be the first to comment on this article. Our Commenting Policies