Archive

Archive for the ‘Cloud computing’ Category

Management System Diversity: “Manage WLANs from Anywhere Using Anything!”

April 2nd, 2014

So much competitive marketing noise has been made over the last half dozen years about managing WLANs that vendors are now trying to manage WLANs from anywhere using everything. It wouldn’t surprise me in the least to hear a vendor say that they can now manage a branch WLAN in France from the comfort of their kitchen’s refrigerator’s management widget. It has gotten downright silly. I thought I would recap just how diverse the WLAN management scene has become: first for a good laugh, and second as a reference for those newcomers to the Wi-Fi industry.

You may be thinking, “why are there so many ways to manage a Wi-Fi system?” There’s a variety of answers to that question, such as:

  • Cost
  • Differing use cases
  • Partner eco-system
  • User preference

Not every vendor provides each of the management methods described below, but rest assured that every vendor will tell you that you don’t need anything other than what they sell. Can I get an amen? Below, I have offered a visual reference of the seven prevalent methods of managing a Wi-Fi infrastructure. It’s important to note that I will not address Wi-Fi client management methodologies in this post.

WLAN-management-diversity

WNMS in a Virtual Machine (VM)

One of the most popular methods of deploying a true WNMS today is as a VM. It’s a low-cost, flexible, scalable option that is profitable, easily updated, and easily distributed for vendors (since it’s only software). Customers love it because almost every organization has a VM infrastructure these days. Those who don’t typically use…you guessed it…the cloud. VM-based WNMS systems are classified as true WNMS because they can manage multiple elements across multiple locations, they usually handle policy-based management, compliance/reporting, location services, configuration/monitoring, planning, and much more.

WNMS in an Appliance

A WNMS in an Appliance is simply WNMS software that has been installed onto an appropriately-chosen hardware platform by the vendor. A set of recommended specifications are then documented by the vendor that informs user about the maximum number of devices that should/can be managed with the platform. Sometimes the vendor security-hardens the platform as a value-add.

Wireless Network Management System (WNMS) in the Cloud

Cloud management is all the rage. In fact, if you’re a vendor and don’t offer it, I dare say that you’ve fallen dreadfully behind the times. Cloud management is especially appropriate for users with distributed environments, remote or home-based workers, and those who prefer an OPEX-based (subscription-based) payment strategy.

Do not confuse putting a hardware or software controller (or set of controllers) in a data center for cloud management. A cloud management system is a multi-tenant system whereby system resources can be allocated and provisioned to various customers leveraging economies of scale. A cloud system is flexible enough to grow when/where needed and is essentially unlimited in scale. Vendor marketing departments love to cause confusion around cloud offerings when their company does not offer cloud management as an option, so be sure to ask your vendor to explain what their cloud is and how it works.

The term Public Cloud means pretty much the same thing across all vendors who use the term, but the term Private Cloud has varying meanings across vendors. It’s for that reason that I wanted to clarify the two prevailing definitions for Private Cloud:

  • Definition #1: WNMS (Appliance or VM) in a private data center
  • Definition #2: Dedicated (versus the normal shared) server space within a cloud infrastructure

Customers should ask their vendors to clarify what they mean when they use the term Private Cloud.

Application-based Management

Some vendors have chosen to put their configuration interface into an application, and these applications are now beginning to show up on mobile platforms (e.g. iPad). Application-based management software for mobile platforms is often a subset of the desktop version or controller-based management interface and is meant to offer the user an exceptionally good experience. Mobile applications are renowned for their simplicity, beauty, and flexibility. These applications are heavily focused on configuration, and are likely to have very little in the way of monitoring, reporting, location services, planning, etc.

Such management applications tend to be element managers rather than policy-based management systems, and are often not sophisticated. Their benefit lies in their simplicity and flexibility.

Controller-based Management

The reason that I don’t give controller-based management the moniker of WNMS is that controllers were never designed for full-scale management. You can think of the CLI or GUI within a controller as being designed in the original likeness of an autonomous AP. Autonomous APs had (and still have) an integrated GUI (and some had a CLI) designed primarily for configuration. While configuration is part of management, autonomous AP GUIs/CLIs had few monitoring, reporting, planning, mapping, or other management functions within the interface. Likewise, when the industry moved to controllers and controller-based APs, the controller became the original point of configuration.

While a reasonable amount of monitoring sophistication has been added to controllers over the years, controller-based management is still element-based (meaning that it only monitors itself) and contains almost none of the common enterprise-class, large-scale WNMS features.

Controller-in-Software Management

Yes, vendors actually do this. The make a software controller and run it as an application or within a VM. Either way, it acts exactly like a controller appliance and has all of the management shortcomings thereof. However, it may be offered to customers at no charge, which is a strong benefit. You still have to consider the cost of the hardware that the software must be installed onto, but that could well be a sunk cost already or minimal because it’s a set of shared commodity hardware within your data center. A saving grace of this approach is that with it being a pure software play, it’s possible for such platforms to morph more quickly into a true WNMS.

Master Access Point (AP) based Management

We have seen systems come and go over the years that sported this feature. Some vendors have installed the feature and then taken it back out again because they felt like it took away from their ability to sell other types of management (e.g. cloud). Managing a set of APs via a single Master AP can be very simple, free, and yet is always scale-limited by design. Depending on the vendor, this choice can be feature-rich or feature-poor, but it’s often great for small mid-market customers who have a single location or have a qualified administrator at each location.

Like Controller-based Management, the interface found in Master APs is usually highly geared toward configuration. There may be some modest amount of monitoring capability, but it’s not comparable to a WNMS. Further, other WNMS important features such as reporting, location services, and planning are missing. It’s for these reasons that I do not call this form of management a WNMS.

Summary

There are just so many….take your pick(s). Some are free. Some are crazy-expensive. Some are CAPEX-based, and some are OPEX-based. Most vendors offer at least two methods of managing their Wi-Fi infrastructure, and some vendors purposefully don’t offer specific types of management interfaces out of fear that it will cannibalize certain others that they sell. Some vendors go all-out and provide everything with the hope that their flexibility will win out in the end. There’s probably no best approach, so you should decide for yourself.

When you get into today’s frequently-overheard conversation about unified wired/wireless management (among the large campus enterprise vendors) the proper choice of WNMS becomes even more important. Should you go with a single-vendor or multi-vendor system? Some vendors have used multi-vendor WNMSs to woo customers away from their competitors over the years, and the strategy has worked remarkably well in some cases.

I could go on and on about management systems, but I think that gives you a good primer. What are your thoughts? Want to share any insights?

Best practices, Cloud computing, WiFi Access, WLAN planning

Hunting down the cost factors in the cloud Wi-Fi management plane

October 3rd, 2013

 

Mature cloud Wi-Fi offerings have gone through few phases already. They started with bare-bones device configuration from the cloud console and over the years matured into meaty management plane for complete Wi-Fi access, security and complementary services in the cloud.

CostAlongside these phases of evolution, optimizing the cost of operation of the cloud backend has always been important consideration. It is critical for cloud operators and Managed Service Providers (MSPs). This cost dictates what end users pay for cloud Wi-Fi services and whether attractive pricing models (like AirTight’s Opex-only model) can be viable in the long run. It is also important to the bottom line of the cloud operator/MSP.

Posed with the cost question, one would impulsively say that cost is driven by the capacity in terms of number of APs that can be managed from a staple of compute resource in the cloud. That is an important cost contributor, but not the only one!

 

What do the cost models from cloud operation reveal?

 

We have monitored cloud backend operation costs for past several years. Based on that data, we have built some cost models. These models have led to the discovery of factors that are significant cost contributors. Identifying the cost component is a major step towards reducing it. The cost reduction is often implemented by the combination of technology and process innovations.

 

Draining the cost out of cloud

 

Scalability

This one is no brainer for anyone with head in the cloud. Scalability generally refers to number of APs that can be managed with a unit of compute resource. Higher scalability helps reduce the cost. Enough said.

Provisioning

As the customers of diverse scales (10 APs to 10,000 APs) are deployed in the cloud and at diverse paces, it often results into unused capacity holes in the provisioned compute resources. The capacity holes are undesirable, because the cloud operator or MSP has to pay for them, but they don’t get utilized towards managing end user devices.

The unused capacity problem needs to be solved at two points in time: Initial provisioning and re-provisioning. Clearly, when new customers are deployed, you try to fit them in the right sized capacity buckets. Assuming they love your product, they will then deploy more and start to outgrow their capacity buckets (but you also cannot over-provision, else there will be capacity hole from the beginning). This is the re-provisioning time. At that time, the cloud architecture and processes need to be able to seamlessly migrate customers to bigger capacity buckets.

Personnel

The very reason customers have chosen to go with cloud is because they want plug-n-play experience. As such, the patience level of the cloud customer is often lower than the one choosing the onsite deployment option. This necessitates higher level of plug-n-play experience to avoid support calls.

There are various points in the life cycle that have high tendency to generate support calls.  One point in time is when devices connect to the cloud, or let’s say, not able to connect to cloud. Another critical time is during software upgrades. The issues also often arise during re-provisioning as discussed above when customers are migrated between compute resources. The cost of attending to support calls can be a significant factor if these experiences are not super smooth. Additional complexities arise when APs are sold through channel, but cloud is operated by vendor or another MSP.

The pricing logic behind reducing personnel cost at MSP is as follows. The end user is eliminating the onsite personnel cost by migrating to cloud, and hence paying less on TCO basis. When the experience is not smooth, this cost is transferred to the personnel at the cloud operator or MSP. The cloud operator and MSP cannot make money if they pick up significant part of this cost on their head.

Latent Resources

Certain features such as high availability and disaster recovery have potential to give rise to latent resources. Latent resources are different from capacity holes discussed before. Latent resources are like insurance in that they don’t get utilized most of the time, but they need to be maintained in great shape. Brute force implementation of these redundancy features has been found to be significant cost contributor to cloud operation.

For any cloud services platform, the above pain points are exposed after years of operational experience and teething pain with diverse customer deployments. That is why, it would be appropriate to say that there are two parts to the viable cloud operation – one is the computing technology that enables complete management features and the other is operational maturity. You overlook any one of them and the cloud can become unviable for operator/MSP and customers in the long term.

 

Additional references:

Wireless Field Day 5, AirTight Cloud Architecture video

Aruba Debuts Bare-Bones Cloud WLAN at Network Computing by Lee Badman

Next generation cloud-based Wi-Fi management plane

Controller Wi-Fi, controller-less Wi-Fi, cloud Wi-Fi: What does it mean to the end user?

AirTight is Making Enterprise Wi-Fi Fun Again

Different Shades of Cloud Wi-Fi: Rebranded, Activated, Managed

 

802.11ac, 802.11n, Cloud computing, WLAN networks , , , , , ,

Next generation cloud-based Wi-Fi management plane

August 7th, 2013

|

In early days of cloud Wi-Fi, incumbents used to say that cloud Wi-Fi was just about moving traditional controller appliances to centralized data centers. As time progressed, it became clear that this was a gross mischaracterization of cloud Wi-Fi. In the first dimension, cloud Wi-Fi would differentiate from traditional architecture by decoupling the data plane from the control plane (also called “local switching”). However, this alone wasn’t adequate since tying the control plane to centralized controllers created an inefficient architecture. Accordingly, the second new dimension consisted in moving the control plane to the edge of the network (also referred to as “smart edge APs”).

There is also a third dimension where “true cloud Wi-Fi differentiates even further from the traditional architecture. This dimension is not easily visible to the end user, though it results in substantial differences in the operation efficiency of the cloud backend. Eventually, these efficiencies pass on to the end user either as cost savings or features. This third dimension is about how the Wi-Fi management plane is implemented in the cloud – this is the topic of this blog.

|

Virtualization

|

The benefits of virtualization are many and varied. Full virtualization of the Wi-Fi management plane gives greater speed and efficiency in provisioning and re-provisioning the cloud resources. It allows for taking advantage of the rich features of the virtualization OS, which are geared towards better cloud implementations. As a result, fully virtualized cloud backend for the Wi-Fi management is a big step beyond the blades and appliances provisioned at the data center.

|

Resource Sharing

|

Multi-tenancy is an essential feature of a true cloud management plane. Multi-tenant servers in the cloud can concurrently host sandboxed workspaces for different customers. This provides benefits of sharing the high end computation resources across many customers.

However, there are also other resource sharing benefits that can be achieved in the cloud management plane.

Let’s take the example of disc storage. Virtualized instances can derive benefit from SAN (Storage Area Network) disc arrays as opposed to discs attached to appliances and blades. Apart from being more reliable than appliance based discs, they also allow for use of efficient disc redundancy techniques such as RAID5 (with 3 discs and intelligent parity based redundancy, it causes only 50% storage overhead), compared to RAID1 (which requires 2 discs and does brute force data mirroring with 100% storage overhead) of appliance based systems.

Another example would be that the fully virtualized management plane can be deployed in (N+1) redundant fashion. This is possible because virtual machines can be quickly and automatically moved from any of the N running instances to the standby instance – in the event that any of the N instances were to fail.  With appliance based systems, you are mostly constrained to legacy (1+1) redundancy which increases the overall cost of solution. That being said, virtual instances can also be deployed in (1+1) redundant fashion if so required for specific deployments (N = 1). Because of the way in which AirTight cloud is implemented, it offers a sliding scale of redundancy for customers to choose from; ranging from the best value to the extreme redundancy.

|

Horizontal Scalability

 

This is not something that you will get just by virtualization, though virtualization can be leveraged for better horizontal scalability. Horizontal scalability (also called “elastic cloud”) is a concept that is application specific and applications need to be architected to permit it. In the Wi-Fi management context, horizontal scalability could mean seamless expansion of the management resources at the data center to subsume increasing demand in the end user network. This typically happens when deployments grow as more APs are added, and especially when they start overflowing capacity of single server instances. How each vendor handles this is unique to the vendor. In the AirTight cloud, we have our own way of resource pooling to provide horizontal scalability to enable single pane of glass management in AirTight’s HTML5 management console for very large deployments and for managed service providers. We also have elastic analytics engine that can grow horizontally as the data set continues to grow.

 

Multiple Layers of Fault Tolerance

|

True cloud Wi-Fi implements multiple layers of fault tolerance. For example, at the AP level, APs need to be able to operate autonomously with no reliance on the management server for traffic forwarding and for offering services such as handoffs, captive portals, firewall, etc. For deployments which also care about security, the AP/Sensor should be able to perform full WIPS functions without reliance on the manager. In the AirTight architecture, we refer to this as “standalone” operation, which ensures that the service at the edge is not disrupted at all – even if the Wi-Fi management server is unreachable. In addition, a resilient service discovery network with geographically replicated databases ensures that the connected edge device will quickly and reliably find its home in the cloud from anywhere. Fault tolerance on the server side is provided via redundancy techniques I’ve already discussed. Additionally, features of a virtualization OS, such as snapshotting are useful to add an additional layer of protection during upgrade processes.

|

Good Things in the True Cloud Wi-Fi Management AirTight Cloud ServicesPlane

|

These are some things that can only be found in the Wi-Fi management plane that is designed bottom up to be hosted in the cloud. While these things may not be directly visible to the end user, they are important for the cloud operator and also result in indirect benefits to the end user. Simply hauling Wi-Fi management servers to the data centers does not allow for these benefits. So, we now have one more dimension by which to compare true cloud Wi-Fi with traditional architectures – the good things found in the cloud-based management plane!

|

#WFD5

 

Want to hear more about this topic?  Tune into Wireless Field 5 (live on August 8th from 8-10 am PT, or watch from the TechFieldDay archives). You can also follow the Twitter discussion with the WFD5 hashtag.

WFD5 tweet from Gestalt IT

 

AirTight Networks to Make its Live Tech Field Day Debut at Wireless Field Day 5 in Silicon Valley

|

802.11n, Cloud computing, mobile device management, WiFi Access, WLAN networks , , ,

Different Shades of Cloud Wi-Fi: Rebranded, Activated, Managed

February 10th, 2013
-

Did you know that all cloud Wi-Fi’s aren’t created equal?

-

The race is on to put cloud in Wi-Fi

Currently, the cloud managed Wi-Fi space is expanding rapidly. Naturally, Wi-Fi vendors, traditional and emerging, want to be in the cloud Wi-Fi game. Nobody wants to be without a “cloud” solution!  Controller-less Wi-Fi vendors have explicitly built cloud managed Wi-Fi from the ground up, while controller Wi-Fi incumbents have repositioned traditional offerings in the direction of cloud Wi-Fi.
-

The word “cloud” in the name doesn’t tell the whole story, one has to dig deeper. Here’s why.

-
When vendors associate the word cloud with their Wi-Fi solutions, they can be referring to completely different things. This is quite apparent in light of some recent developments.
-
Controllers over WAN REBRANDED as Cloud
-

Cloud computing, WiFi Access, Wireless security, WLAN networks , , , ,

How AirTight’s new network+security console tames distributed Wi-Fi

January 14th, 2013

As Wi-Fi deployments extend into large distributed environments, management of these Wi-Fi networks poses unique challenges. It could be the clinic-wide deployment for the medical facility running into 100’s of sites, branch-wide deployment for the bank running into 1000’s of sites, or store-wide deployment for the fast food restaurant running into 10,000’s sites. The network and security management needs for such deployments are very different from the traditional campus Wi-Fi. Accordingly, the network management console has to deliver on a number of fronts. Read more…

Cloud computing, WiFi Access, Wireless security, WLAN networks , , , , , ,

Cisco’s recent acquisition shows exciting times ahead for the lead players in the cloud Wi-Fi space

November 28th, 2012

Barely two weeks after I posted my last blog discussing benefits of the true cloud Wi-Fi over the controller over WAN architecture using Cisco FlexConnect as example for the latter; news of Cisco acquiring Meraki broke out. I got a kick out of it since it showed that my inferences on Cisco FlexConnect and other controller centric offerings were dead on spot, that they can never become real cloud Wi-Fi by incremental touchups and jargon experimentation. I also got a kick out of its timing — 1.2B acquisition barely 2 weeks after I wrote that post! There are several takeaways for the future of cloud Wi-Fi from this big event. First and most obvious is that the cloud Wi-Fi market is expanding rapidly. Another takeaway is that for the vendors already committed to the controller centric WLAN architecture, migration to cloud architecture is not incremental, but it is disruptive. Cisco could not do the migration in-house even after trying for few years with incremental changes like REAP, H-REAP, ELM, and FlexConnect. As I said in my last blog, cloud Wi-Fi is not about throwing controller over WAN, but is needs to be architected differently from the bottoms up. Finally, it also shows that with the standardization of access point platforms, differentiation in mainstream enterprise Wi-Fi will come from innovations in the application space such as network management, security, and integration with other services.

AirTight envisioned value of the cloud managed Wi-Fi solutions way back in 2008; when it was the first to launch wireless intrusion prevention (WIPS) and wireless PCI compliance solutions from the cloud (cloud used to be called SaaS at that time). It saw wholehearted acceptance from customers for Wi-Fi security and compliance applications. Having seen the benefits of the cloud Wi-Fi security offering, those same customers then wanted Wi-Fi access bundled with security in the AirTight cloud offering and AirTight answered their call in 2010. AirTight’s cloud managed Wi-Fi access with built in PCI compliance, saw tremendous success in the market. Riding on this second wave of success in the cloud strategy, AirTight then launched cloud managed enterprise grade Wi-Fi access with its highly acclaimed, absolute best-in-class WIPS buit into it.

Due to strong security posture, extreme scalability, and unique management capabilities, AirTight Cloud Services™ are not just for the midmarket, but also fit very well into scale many times as big. No wonder, organizations even as large as multiple 10,000’s distributed locations have selected AirTight cloud Wi-Fi over all competing Wi-Fi solutions! I am excited to see the cloud Wi-Fi market ignited by Cisco right at the time when AirTight has reached great level of maturity on its cloud Wi-Fi offerings over all these years.

Cloud computing, PCI, WiFi Access, Wireless security , , , ,

Is your cloud Wi-Fi genuine, or is it controller over WAN imitation?

November 7th, 2012

With rising popularity of the cloud Wi-Fi in the distributed Wi-Fi deployments, there is also an attempt to pass off the legacy controller technology as the cloud Wi-Fi by deploying conventional controllers over the WAN. Realizing that it is infeasible to deploy many smaller controllers in the distributed Wi-Fi deployments such as retail, remote offices, etc., the controller over WAN architecture deploys bigger controllers at the HQ and calls it a cloud Wi-Fi. However, the controller over WAN Wi-Fi does not measure up to the true cloud Wi-Fi for many reasons as outlined below. We will use example of Cisco’s controller over WAN architecture to illustrate these differences. Earlier, Cisco called it H-REAP and ELM, now it calls it FlexConnect, but does changing terminology get controllers to measure up to the true cloud? Let us find out. Read more…

802.11n, Cloud computing, WiFi Access , , ,

3 things to consider in selecting 3×3:3 MIMO Wi-Fi access points

October 18th, 2012

Currently, market is inundated with announcements from vendors on 3-stream MIMO APs. Sure enough AirTight has also launched one being at the forefront of Wi-Fi technology. But what sticks out of some of those announcements is lopsided mention of high speed wireless connectivity, even to the extent of misleading claim of 900 Mbps for the dual radio 3-stream APs albeit with a sneaky word “upto” before the number. While connectivity speed is important consideration (actually now a commodity available out of 3-stream Wi-Fi chipsets), that consideration alone does not help to come up with a good game plan for deploying 3-stream Wi-Fi. A more holistic thinking taking into account real world performance, security, and next generation Wi-Fi architecture is required when selecting 3-stream MIMO APs. Read more…

Cloud computing, WiFi Access, Wireless security , , ,

Live Demo – Secure Wi-Fi Armed to Defend Your Network

September 13th, 2012

With AirTight Wi-Fi™, enterprises now have a truly secure Wi-Fi solution that is armed to defend your network from wireless threats 24/7.
Join AirTight on September 19 at 11 AM Pacific for a live demo. Find out how easy it is to deploy, manage and secure AirTight’s cloud-managed Wi-Fi. AirTight Wi-Fi Benefits: •Simple to deploy and manage with limited IT resources •Fully user-customizable HTML5 UI to improve IT efficiency •Get your Wi-Fi up and running quickly without the need for extensive training and certifications •Infinitely scalable to grow the WLAN deployment over time •Provides high performance 3×3 MIMO within the 802.3af power budget •Top rated WIPS to automatically detect and block threats •Provides automated BYOD policy enforcement including device onboarding.

Register now: http://airtightnetworks.adobeconnect.com/wifilivedemo9-19/event/event_info.html

Cloud computing, WiFi Access, Wireless security, WLAN networks , , , , , ,

Why retailers embrace cloud for Wi-Fi access, PCI and wireless security

June 26th, 2012

Retailers are increasingly looking to deploy Wi-Fi in their stores. They want to provide guest Wi-Fi to their patrons and also want to deploy in-store applications such as wireless POS and printers, wireless kiosks, wireless digital signage, and HQ network access over Wi-Fi. Coupled with these business drivers there is also a wireless PCI compliance requirement to protect credit card transactions. Retailers however face some unique challenges which were hitherto not met by traditional autonomous or controller Wi-Fi solutions. Now cloud managed Wi-Fi has made it quite feasible for them to achieve these goals.
Read more…

802.11n, Cloud computing, PCI, WiFi Access, Wireless scanning, Wireless security, WLAN networks