Trapeze Networks outlines a sample wireless LAN RFP
Even in the current economic climate sales of wireless LANs (WLANs) have remained strong. In fact, the arrival of the first 802.11n products last summer sparked a new wave of adoption and deployment.
When you're preparing to make a significant investment in WLAN technology, the real "gotchas" are the unknown unknowns, the things you don't know that you don't know.
WLAN supplier Trapeze Networks has drawn on it's wealth of market experience to collect and catalog a comprehensive list of questions anyone responsible for acquiring WLAN technology should consider. Trapeze is making this RFP available to the readers of Network World because the company believes the fewer "unknown unknowns" lurking in the shadows of inexperience, the better it is for everyone.
The technical requirements outlined here are designed to raise the bar on the functional capabilities needed to meet today's demands on connecting wireless users to network applications anywhere, anytime.
The sample data included here is confined to the technical requirements of an RFP. A full RFP obviously would also outline the existing WLAN infrastructure (if any) with which the vendor would have to integrate, address information about warranty, support and maintenance contracts, and define the goals, objectives and timelines of the project.
WLAN Technical Requirements
1. Architecture Overview and System Technology
1.1. Provide a brief overview of the wireless system architecture and elements (i.e., is it an integrated system with a centralized intelligent device or a series of autonomous access points, or APs?
1.2. Does the system allow me to designate the way data is forwarded (either centralized at the controller, or distributed at the AP) for different applications and types of traffic?
1.3. Can traffic be restricted, permitted or prioritized by user, group of users, SSID, application, source/destination IP, protocol and CoS?
1.4. Does the system future-proof my investment by allowing me to implement 802.11n without having to upgrade my switching infrastructure?
1.5. Does the system use the thick (autonomous) or thin (centralized) AP model?
1.6. Please describe any aspects of the architecture that help the network scale on the following attributes:
1.6.1. Throughput
1.6.2. User and system control
1.6.3. Management
1.6.4. Increasing total traffic
1.7. What kind of antennas do the APs support?
1.8. Is there an outdoor access point (AP)?
1.9. Do the outdoor APs support the same functionality and features as the indoor APs? If not, what are the limitations of the outdoor APs?
1.10. Do all APs (indoor and outdoor) have mesh technology to link to each other wirelessly?
1.11. What kind of antenna options are available with the outdoor AP?
1.12. What are the environmental specifications for the outdoor AP?
2. Planning and Design
A significant concern is how the wireless LAN will be planned and designed, incorporating both current coverage and capacity needs and also future expectations. The questions below are focused on understanding the planning process for the proposed system.
2.6. To what extent are site surveys required both for initial installation and for when a floor plan or office layout is changed?
2.7. Does the system allow the integration of CAD drawings for floor plans (e.g. DXF, DWG file formats) to spatially determine the number and placement of APs?
2.8. How do the planning process and tools determine the number and placement of APs to deploy? Describe how bandwidth requirements are incorporated into this design. Please highlight where processes are automated.
2.9. Describe how "what-if" scenario planning is handled. Describe the ability to handle network designs requiring more or less bandwidth capacity, various radio technologies, and differences in office layout or other potential RF obstructions.
2.10. How do the planning process and tools determine the various APs' RF channel assignments, power levels and association rates? Please highlight where processes are automated.
2.11. How does the system help plan for redundancy?
2.12. We have a large and complex facility with many physical obstacles but we want to run voice over Wi-Fi. How does the system ensure seamless RF coverage in such an environment? Can the system validate the RF measurements from a physical site survey with the built-in virtual site survey?
2.13. We plan to deploy our wireless LAN beyond a single campus. How can we scale security and services to our branch offices without creating a management problem?
2.14. Does the system assist VAR/ reseller personnel by generating work orders for the location and install process of access points? Please highlight where processes are automated.
2.15. How do the planning process and system tools support third-party APs?
3. Deployment and Configuration
3.6. It is critical to understand the deployment and configuration processes of the proposed system. In particular, the following questions seek to capture the costs to configure, deploy and maintain the wireless system, especially as needs evolve and the environment the WLAN serves changes.
3.7. Please describe how the system plan becomes incorporated (configured and deployed) into the actual equipment. Please highlight where processes are automated.
3.8. Does system provide automated configuration verification?
3.9. Are there configuration changes needed on aggregation or edge switches and routers? Please detail.
3.10. Do your APs automatically configure themselves for optimal channel and transmit power when they become operational?
3.11. How does the system simplify the deployment of wireless services such as voice and security to branch offices?
4. VLAN Support
A significant concern is the preservation of existing network engineering in the form of VLANs already deployed on the wired network. The questions below are focused on understanding the VLAN implementation of the proposed system.
4.1. How does the system support multiple VLANs over the air?
4.2. Does the WLAN system support 802.1X dynamic VLAN policies?
4.3. Does every VLAN have to be accessible on every subnet supporting an AP for the WLAN?
4.4. Does the system allow IT managers to limit multicast traffic in the WLAN?
4.5. What is the maximum number of VLANs, APs and users that can be supported in a single WLAN controller? In a system of controllers?
5. Security – AAA, Encryption, Traffic Isolation
A significant concern is the breadth of security measures supported by the proposed WLAN system. The following questions are designed to determine standards adherence, range of security protocols supported and future-proofing of the system.
5.1. What methods of authentication are supported?
5.2. Does the system support web-based AAA?
5.3. Which EAP protocols are supported?
5.4. Can users associated with third-party APs be authenticated?
5.5. Can your controller act as an AAA server for its wireless clients?
5.6. Can EAP processing be offloaded from the AAA server to the controller?
5.7. What encryption methods does the system support?
5.8. Where does the system store user and network data? Is there any data locally stored on the APs? Is direct access to the APs supported?
5.9. Does the system support per-user in-bound and out-bound extended access control lists (ACLs)? Per-port ACLs? Per-VLAN ACLs?
5.10. Does the system include a utility for a non-technical designee (e.g. receptionist) to supply temporary credentials to guests? If so, does the provisioning of the credentials affect the controller's configuration?
5.11. Does the system support endpoint assurance to protect the corporate network from a compromised laptop or other mobile device?
5.12. Does the system support Microsoft Network Access Protection for endpoint assurance?
5.13. Does the system enable scalability through distributed cryptography, or does it require centralized encryption of wireless data at the controller?
5.14. Does the system enable a voice-aware personal firewall policy?
5.15. Is any sensitive data stored locally on the APs? If so, what type of data is stored there?
6. Intrusion Detection and Countermeasures
One goal of WLAN deployment is to use the system as a mechanism for detecting and locating rogue access points and users. The following questions are aimed at understanding how the proposed system aids in this critical function.
6.1. Does your WLAN support wireless intrusion detection/prevention (WIDS/WIPS) or does it require a separate overlay for WIDS/WIPS?
6.2. Does your solution provide for remediation against rogue access points and denial of service attacks?
6.3. Does your WIDS/WIPS have integrated configuration and management?
6.4. Do intrusion alarms automatically roll up in your WLAN management console?
6.5. Does your management console provide a single consolidated view of intrusion alarms and WLAN status?
6.6. Do your WLAN and WIDS/WIPS leverage common hardware for APs and intrusion sensors?
6.7. Does the system perform rogue detection automatically?
6.8. What countermeasures are employed against rogues that are found?
6.9. Does the system send alerts when rogues are detected?
6.10. What types of management logs and traps for rogue activity can be shown?
7. Roaming
Wireless is all about enabling mobility and roaming. Therefore, it is critical that roaming does not complicate deployment or troubleshooting, compromise security or create unnecessary user hassle with multiple client logins and authentications. The following questions are designed to explain how the system supports roaming.
7.1. How does the system support roaming between APs or between WLAN controller when the APs or controllers reside on different subnets?
7.2. Can users maintain the same IP address as they roam?
7.3. Does a roaming user need to re-authenticate or re-login?
7.4. Does the user's subnet attributes (VLAN, ACLs, route policies) follow the user as s/he roams?
7.5. Does the system support any mechanisms to control where users can physically roam throughout the WLAN infrastructure?
7.6. For large installations, can the system perform fast-roaming (802.11i) between controllers?
8. Voice over Wireless LAN
For many organizations, there is a need to support both voice and data services over the same WLAN infrastructure. The following questions are designed to discover how the WLAN system supports voice.
8.1. How do your network management capabilities help plan for voice over wireless LAN (VoWLAN, voice over Wi-Fi)?
8.2. Describe the suitability of this architecture for supporting voice over wireless LAN. What is it about the system's architecture that may help voice service?
8.3. Does the system automatically calculate voice coverage and capacity requirements?
8.4. Does the system support 802.11e and related standards to preserve voice prioritization? If so, does it support:
8.4.1. WMM
8.4.2. WMM Powersave [U-APSD]
8.4.3. TSPEC?
8.4.4. CAC
8.5. Does the system enable seamless roaming between networks (e.g., FMC, Wi-Fi and cellular roaming)? If so, how?
8.6. Does the system support dual-mode handsets?
9. Location-Based Services
Our organization is interested in location-based tools that utilize the Wi-Fi infrastructure. The following questions are designed to understand how the system supports location-based services and applications.
9.1. As facility-wide deployments of WLANs become more common, new service possibilities are created, such as using Wi-Fi access points to track the physical location of Wi-Fi client devices and Wi-Fi tags. Describe how the WLAN system supports location-based services.
9.2. Can the wireless access points be used to track assets?
9.3. How many tags does the system support?
9.4. Does the system support choke point alerts?
9.5. Do you offer a separate location appliance?
9.6. If so, briefly describe the appliance, what location technology it employs, and its expected accuracy at different distances – e.g., accuracy at 1 meter, 3 meters, 10 meters.
10. System Capacity and Performance
A major concern is that the WLAN provide sufficient capacity for business-level application performance. The following questions will help in determining how the system helps IT design for performance vs. simple RF signal reach.
10.1. Does the system help IT design for capacity as well as coverage? Can it allow IT to set minimum or average bandwidth requirements per user?
10.2. Does the system support setup and enforcement of minimum association rates to improve system performance? Please detail.
10.3. Does the system support per-user QoS capabilities and prioritization via per-user queuing in the APs?
10.4. Does the system enable IT to control an AP's transmit power level via software? If so, is it automated, or does each AP need to be adjusted separately?
11. Management
A major concern is the ability to manage the air as a network resource. The following questions are critical to understanding the controls and performance of the proposed wireless system, and the ability to generate key user statistics.
11.1. Does the system use data from the planning process to manage and verify actual WLAN operations? If so, how often does it verify operations?
11.2. Can the management tool schedule reports for automatic generation? If so, how are the reports generated and delivered? Can they be automatically sent to the network manager via email?
11.3. What types of configuration and monitoring reports can be generated?
11.4. Does the system allow IT to force a user off the network?
11.5. Does the system allow IT to set up a user session timeout?