Missing Link in ENTERPRISE NETWORKING
By: Paul Mah | 26 November 2016
How to achieve performance, security and reliability in an SMB environment
A peek inside a typical small business today will likely reveal lots of wireless devices, with little, if any, wired hardware in evidence. Problems could occur, however, if the small business deploys consumer-centric access points targeted at home users.
This lack of attention towards what is now a business-critical technology can be a threat to productivity, security and the smooth functioning of the business. Here are some important considerations that smaller businesses need to bear in mind to have a safe, reliable Wi-Fi network.
A common question often centers on the need for a business-grade access point over the many less-expensive alternatives with similar specifications. However, it is worth noting that an important premise for a business-grade access point is reliability under sustained, heavy usage, which is unlikely to be the case from an access point picked from the bargain bin.
Indeed, Wi-Fi studies have shown that even top-tier wireless access points do not perform the same when placed under heavy load. Sustained performance aside, IT professionals also know that access points can crash or lock up, which makes robust operation an important consideration.
Of course, access points that are designed for use in business environments also offer a variety of capabilities that allow for more powerful and flexible deployments. We take a closer look at some of them and explain how they can be leveraged for your wireless network.
Support for multiple SSIDs
Unlike consumer access points that typically support just one wireless network, it is often possible to create scores of wireless networks - also known as Service Set Identifier (SSID) -- on a business-grade access point. More importantly, each SSID can be assigned a different access policy for fine-grained security, such as being tagged to a different virtual LAN or configured with a different authentication or encryption options.
The most obvious advantage is the ability to support guest users without giving them unfettered access to the network. Businesses can create an Internet-enabled SSID isolated from the rest of the corporate network, and either disable it or change its passphrase to revoke access when it is no longer needed. Moreover, additional SSIDs could also be created for devices such as IP cameras, wireless speakers and IoT sensors, leaving the production network untouched.
An important capability of a business access point would be the ease of managing multiple access points, with changes to configurations made centrally and propagated immediately to the entire cluster. Some of these systems could even migrate Wi-Fi client devices from a congested Wi-Fi access point to a less busy one.
Users on Wi-Fi enabled devices are also less likely to be disconnected from latency-sensitive applications such as video streaming or voice-over-IP calls as they move around the office. This is possible thanks to various controller-managed techniques to cut down the time needed to switch between access points, including support for standards such as 802.11r and 802.11k.
PoE for power
The use of Power over Ethernet (PoE) eliminates the need to run separate power cables to individual access points and cumbersome power bricks. This serves to greatly increase reliability, as it is much easier to replace standard compliant PoE network switches or power injectors than external power adapters with their differing power output and connectors.
It is worth noting that 802.11ac Wave 2 access points typically requires 802.3at, also known as PoE+, to operate at full capacity; some capabilities may be quietly disabled or reduced when they are powered by the older 802.3af standard.
Unreliable hardware aside, the biggest bugbear to a Wi-Fi deployment is probably poor wireless performance. Despite a gradual increase in bandwidth in the latest Wi-Fi standards, available spectrum is finite, subject to external interference, and typically shared among multiple devices on the wireless network.
The increasing use of the 5GHz band and Wave 2 802.11ac access points looks set to ease the situation, though there are still fundamental steps small businesses can adopt to ensure that the performance of their Wi-Fi network stays speedy. So what are some considerations that businesses look into before capacity issues rears its ugly head?
Choosing the right access point hardware
The first step towards a high performance wireless network would probably be choosing the right access point hardware. While it would be illogical to get anything other than an 802.11ac access point today, device makers often differentiate their product lineup with varying levels of support for multiple-input, multiple-output (MIMO), which allows for access points and Wi-Fi clients to simultaneously transmit and receive multiple streams of data.
Specifically, an access point that sports a 1x1 radio/antenna chain can generally support one transmit stream and one receive stream, 2x2 supports two streams in each direction, 3x3 supports three and a 4x4 device supports four. Single-user MIMO (SU-MIMO) works with just one client device at a time, while multi-user MIMO (MU-MIMO) in Wave 2 802.11ac access points can transmit to more than one client device at a time.
Though support for more data streams is always good, support by client devices is necessary to benefit from it. Many Wi-Fi devices only come with a 1x1 or 2x2 radio/antenna chain, which means that investing in an 3x3 access point may be adequate for future proofing. MU-MIMO (Wave 2 802.11ac) access points are desirable for mid-sized or large offices if the budget allows for it.
Deploying multiple access points
Unless your office consists of a handful of users and is located within a very compact area, you will need to roll out more than one access point to properly blanket your working areas wirelessly across both 2.4GHz and 5GHz bands. Obviously, this only works with a business-centric Wi-Fi system where access points are centrally managed.
It is usually not necessary to manually choose a channel as these systems generally incorporate some form of dynamic channel management system. This entails monitoring and analyzing Wi-Fi emissions over time, switching to the least congested channel, and even ensuring that neighboring access points within the cluster are not causing interference. While most are fully automatic, some may offer some ability to make tweaks.
Position your access points properly
Often overlooked by small businesses, poorly positioned access points are the bane of a good wireless network. Businesses rolling it out themselves should avoid placing access points next to walls and other obstructions that can prematurely attenuate wireless signals.
A simple way of estimating coverage is to visualize the RF energy emanating in a straight line from each access points. Locations with multiple obstructions are likely to be wireless dead spots, and should be supported by placing another access point nearby. In this vein, mounting access points on the ceilings or high on walls is ideal given the fewest obstruction there.
Of course, organizations should probably get a professional site survey done if rolling out a large-scale Wi-Fi network. However, an installation with less than 10 access points would probably not be an issue.
Wiring up the office
Having a good underlying wired network is also crucial, in terms of both supplying sufficient bandwidth to the access points, as well as keeping them powered through PoE. While some access points support Wireless Distribution System (WDS) or a proprietary wireless mesh capability to bridge between access points, there is little reason not to do so for indoor Wi-Fi networks.
It also makes sense to ensure that printers, IP cameras and network storage devices are connected through the wired network where possible, leaving the maximum amount of spectrum available for devices that require it, such as laptops and tablets. As usual, make sure the LAN wiring takes advantage of recent standards such as CAT6 or CAT7 cables.
While some business-grade access points offer the ability to perform basic routing, businesses may want to set up an external internet router with built-in network address translation (NAT) and DHCP capability built in. Depending on the speed of the internet link, it may be possible to hook up an older Wi-Fi router with wireless disabled. Alternatively, small offices can also use a compact router to deliver internet connectivity to the access points.
As small businesses grow beyond a handful of users, it quickly becomes unrealistic and insecure to use the same static passphrase for the entire organization. The solution is to create a new SSID configured for per-user authentication, and entails selecting 802.1X under authentication for the new SSID and deploying a corresponding RADIUS server such on the backend.
User accounts could be added directly to the RADIUS database, or synchronized with a directory service such as Active Directory. This allows Wi-Fi access to be managed as a seamless part of IT, with user accounts removed as employees leave and added with new hires. To ease the switch over to the new 802.1X enabled SSID, businesses can operate the old SSID in parallel during an initial transitional period.
Finally, it is worth noting that most business access point systems are controller-based, which necessitates the use of a controller appliance to manage all access points on the network. An access point can double up as a virtual controller in some cases, though it may entail an additional licensing fee and limits to the size of the Wi-Fi network.
Alternatives would be for a non-physical controller in the form of a cloud-based dashboard for managing access points through the internet.
There is no question that Wi-Fi networks will continue to evolve as engineers and device makers seek to support ever denser deployments of wireless gadgets and IoT devices. For now, small businesses are in an excellent position to benefit from wire-free productivity with a top-notch wireless network.