Archive for the ‘WLAN networks’ Category

Restaurant Wi-Fi Primer – On-demand Webinar from Hospitality Technology Magazine

March 3rd, 2014

Last week we participated in the Restaurant Wi-Fi Primer webinar with Hospitality Technology Magazine, Boston Market and Spartan Computer Services.

Kevin McCauley presented on best practices in retail Wi-Fi analytics and social media integration. To view the webinar on demand, go to Hospitality Technology (free registration required).

You can also view AirTight’s slides on SlideShare.

HT’s latest research indicates that restaurants are planning to increase their IT budgets in 2014, and investments in networks and telecom are one category that’s steadily on the rise. A well-designed Wi-Fi network, such as the one Boston Market is currently deploying, can allow restaurants to roll out a variety of enterprise applications, ranging from mobile POS to networked kitchen tools, and can also draw in customer traffic.

View the webinar to learn about:

  • Leveraging the network for analytics and social engagement
  • Network design tips and considerations
  • Common installation pitfalls to avoid
  • Controlling customer traffic
  • Measuring ROI for your install

Best practices, PCI, Retail, WLAN networks

Get in the Game with Wi-Fi Managed Services

November 12th, 2013

This is part 1 on our two-part MSP series. Part 1 focuses on the basics of the MSP delivery, while part 2 will discuss how to make this model work for you.

Nothing’s much has changed since I last blogged about Wi-Fi managed services almost a year ago, other than that I now work for a different manufacturer. The reason for the longer-than-expected ramp-up time is that Wi-Fi manufacturers (in general) haven’t yet adequately equipped their channel partners to take advantage of this market trend. The slow ramp-up is over, and it looks like it’s a land grab of epic proportion… starting… NOW.  For those of you waiting on the sidelines, it’s time to get in the game.

Market Drivers for MSPs

msp-datacenterAs the challenges of delivering high-performance wireless access networks in the face of exploding user demands become ever more daunting to the average IT guy, midmarket CIOs are still having a difficult time of adequately staffing their IT organization. Gartner and I both still believe that midmarket companies should consider using Managed Service Providers (MSPs) to solve this problem.

Engineers who are well-trained and experienced in designing, deploying, troubleshooting, and maintaining enterprise-class Wi-Fi networks are still fairly scarce and expensive. MSPs can offer high-end engineering skills, paired with economies of scale (leveraging shared resources), to midmarket customers who would otherwise have to hire their own expensive, dedicated engineers; the alternative being to try their luck with general IT installation contractors that may not have the right Wi-Fi expertise in-house or the ability to adequately support the installation once it’s done.

The decreased costs and lower risks of outsourcing to an MSP, in combination with attractive SLAs, may in many cases be a significant competitive advantage to midmarket organizations.

How is an MSP Different from a VAR?

If you’re unfamiliar with MSPs and how they differ from your garden-variety value-added reseller (VAR), I’ll briefly explain. Your local VAR will happily sell you a Wi-Fi network (making a little profit in the process), and their hope is to add services (hence the “value added” portion of the name) around the sale of the equipment. Those services could be anything along the lines of design, surveying, installation, configuration, optimization, maintenance, troubleshooting, reporting, and more. These services can be offered as prepaid (for a certain amount of man hours per month/quarter/year with additional time being paid hourly/daily) or it could all be an hourly/daily rate.

With managed services, you may still have the option of buying/owning the network hardware/software (called a capex sales model, short for “capital expenditure”), but there’s often the option of an opex sales model (short for “operational expenditure”, more commonly known as “leasing”) as well. The most common question that arises with the opex sales model is “who is doing the equipment financing?” More on that topic later.

The real differentiator offered by an MSPs is in the level of service provided. MSPs do everything for the customer throughout the lifetime of the network (as it relates to the service they are providing) while VARs most often perform tasks on an as-requested basis. MSPs therefore often provide the customer with a Service Level Agreement (SLA) contract stating exactly what they will/won’t do and what the adverse ramifications (to the MSP) of not performing those tasks (as stated in the contract) will be.

Scope design, installation, configuration, light helpdesk all of that plus full responsibility for on-going operation of the network, often including applications riding on top of it
Pricing Models primarily 1x costs (capex) with small (~10%) annual maintenance fee can also offer opex-only model, on per-user or per-network-node per month basis, as an alternative to capex + operational fee model
Guarantees typically commit to performance metrics at final acceptance of network install; maintaining network performance over time is customer’s responsibility offer service-level agreements (SLAs) for install time, network uptime, and possibly other performance metrics

MSPs will be managing, monitoring, and troubleshooting the network remotely (in the large majority of cases), they must choose technology solutions that lend themselves to this scenario.

How Can a Manufacturer Support You in this Model?

Manufacturers differentiate themselves in a number of ways:

  • Specializing on various aspects of the technology, such as performance, architecture, ease-of-use, or cloud services
  • Having a broad product portfolio: Wi-Fi, switches, firewalls, and routers
  • Offering varied sales models, from standard capex to 100 percent opex
  • Focusing on assembling solutions for vertical markets, rather than selling “horizontally” across various markets

Channel partners – distributors and resellers – are also looking for additional ways to differentiate above-and-beyond the manufacturer’s own technical or business-related advantages. Given the model’s inherent advantages, one valuable way to set themselves apart from the crowd is to additionally offer Wi-Fi as a managed service, either in a capex + service or even full-opex sales model.

  • In a capex model, the customer buys the equipment from the MSP and then additionally pays the MSP for their services (design, survey, install, integration, optimization, reporting, troubleshooting, etc.).
  • In the opex model, there are a variety of nuances of how an MSP might go about a sale, but most commonly, the APs are “leased” to the customer for a contract period (with periodic payments), and the customer is then charged for those same services (as previously mentioned) – either up-front or rolled into the periodic payments.

In part 2 of this post, we will discuss how to determine if a Wi-Fi solution is ready for the MSP model, how to get started, and how to sell the model to your customers. 

Managed Service, WiFi Access, WLAN networks

Hunting down the cost factors in the cloud Wi-Fi management plane

October 3rd, 2013


Mature cloud Wi-Fi offerings have gone through few phases already. They started with bare-bones device configuration from the cloud console and over the years matured into meaty management plane for complete Wi-Fi access, security and complementary services in the cloud.

CostAlongside these phases of evolution, optimizing the cost of operation of the cloud backend has always been important consideration. It is critical for cloud operators and Managed Service Providers (MSPs). This cost dictates what end users pay for cloud Wi-Fi services and whether attractive pricing models (like AirTight’s Opex-only model) can be viable in the long run. It is also important to the bottom line of the cloud operator/MSP.

Posed with the cost question, one would impulsively say that cost is driven by the capacity in terms of number of APs that can be managed from a staple of compute resource in the cloud. That is an important cost contributor, but not the only one!


What do the cost models from cloud operation reveal?


We have monitored cloud backend operation costs for past several years. Based on that data, we have built some cost models. These models have led to the discovery of factors that are significant cost contributors. Identifying the cost component is a major step towards reducing it. The cost reduction is often implemented by the combination of technology and process innovations.


Draining the cost out of cloud



This one is no brainer for anyone with head in the cloud. Scalability generally refers to number of APs that can be managed with a unit of compute resource. Higher scalability helps reduce the cost. Enough said.


As the customers of diverse scales (10 APs to 10,000 APs) are deployed in the cloud and at diverse paces, it often results into unused capacity holes in the provisioned compute resources. The capacity holes are undesirable, because the cloud operator or MSP has to pay for them, but they don’t get utilized towards managing end user devices.

The unused capacity problem needs to be solved at two points in time: Initial provisioning and re-provisioning. Clearly, when new customers are deployed, you try to fit them in the right sized capacity buckets. Assuming they love your product, they will then deploy more and start to outgrow their capacity buckets (but you also cannot over-provision, else there will be capacity hole from the beginning). This is the re-provisioning time. At that time, the cloud architecture and processes need to be able to seamlessly migrate customers to bigger capacity buckets.


The very reason customers have chosen to go with cloud is because they want plug-n-play experience. As such, the patience level of the cloud customer is often lower than the one choosing the onsite deployment option. This necessitates higher level of plug-n-play experience to avoid support calls.

There are various points in the life cycle that have high tendency to generate support calls.  One point in time is when devices connect to the cloud, or let’s say, not able to connect to cloud. Another critical time is during software upgrades. The issues also often arise during re-provisioning as discussed above when customers are migrated between compute resources. The cost of attending to support calls can be a significant factor if these experiences are not super smooth. Additional complexities arise when APs are sold through channel, but cloud is operated by vendor or another MSP.

The pricing logic behind reducing personnel cost at MSP is as follows. The end user is eliminating the onsite personnel cost by migrating to cloud, and hence paying less on TCO basis. When the experience is not smooth, this cost is transferred to the personnel at the cloud operator or MSP. The cloud operator and MSP cannot make money if they pick up significant part of this cost on their head.

Latent Resources

Certain features such as high availability and disaster recovery have potential to give rise to latent resources. Latent resources are different from capacity holes discussed before. Latent resources are like insurance in that they don’t get utilized most of the time, but they need to be maintained in great shape. Brute force implementation of these redundancy features has been found to be significant cost contributor to cloud operation.

For any cloud services platform, the above pain points are exposed after years of operational experience and teething pain with diverse customer deployments. That is why, it would be appropriate to say that there are two parts to the viable cloud operation – one is the computing technology that enables complete management features and the other is operational maturity. You overlook any one of them and the cloud can become unviable for operator/MSP and customers in the long term.


Additional references:

Wireless Field Day 5, AirTight Cloud Architecture video

Aruba Debuts Bare-Bones Cloud WLAN at Network Computing by Lee Badman

Next generation cloud-based Wi-Fi management plane

Controller Wi-Fi, controller-less Wi-Fi, cloud Wi-Fi: What does it mean to the end user?

AirTight is Making Enterprise Wi-Fi Fun Again

Different Shades of Cloud Wi-Fi: Rebranded, Activated, Managed


802.11ac, 802.11n, Cloud computing, WLAN networks , , , , , ,

MU-MIMO: How may the path look like from standardization to implementation?

September 26th, 2013

In earlier blog posts on 802.11ac practical considerations, we reviewed 80 MHz channels, 256 QAM and 5 GHz migration. Continuing the 802.11ac insights series, in this post we will look at some practical aspects of MU-MIMO, which is the star attraction of the impending Wave-2 of 802.11ac.


MU-MIMO mechanics and 802.11ac standard


Illustration of 802.11ac MU-MIMO

Illustration of 802.11ac MU-MIMO

At a high level, MU-MIMO allows AP with multiple antennas to concurrently transmit frames to multiple clients, when each of the multiple clients has lesser antennas than AP. For example, AP with 4 antennas can use 2-stream transmission to a client which has 2 antennas and 1-stream transmission to a client which has 1 antenna, simultaneously. Implicit requirement to attain such concurrent transmission is beamforming, which has to ensure that bits of the first client coherently combine at its location, while bits of the second client do the same at the second client location. It is also important to ensure that bits of the first client form null beam at the location of the second client and vice versa.


What does 802.11ac standard offer for implementing MU-MIMO

  •  The standard provides Group ID Management procedure to form client groups. Clients in a given group can be considered together for co-scheduling of transmissions using the MU-MIMO beamforming.
  • To be able to perform peak/null adjustments in MU-MIMO beamforming as described above, the AP needs to have knowledge of Tx to Rx antennas channel matrix to each client in the group. For this, the standard provides well defined process for channel learning wherein AP transmits sounding packet called as NDP (Null Data Packet) to which clients respond with channel feedback frames (this is called explicit feedback mechanism).


 What the standard does not specify


There is more to MU-MIMO implementation that is outside of the scope of the standard. The true promise of MU-MIMO is also dependent on these additional implementation factors:

  •  AP has to identify clients that can be co-scheduled in a group. How to form these groups is implementation specific. It is dependent on prevalent channel conditions to different clients. AP will have to make smart decisions on group formation.
  • AP has to keep track of channel conditions for clients in different groups by sending regular sounding packets and receiving explicit feedback to the sounding packets from the clients.  Various implementations may differ based on how frequent channel learning is required in them. Frequent learning increases channel overhead, but may result into cleaner (non-interfering) MU-MIMO beams. Slow learning can result in stale information thereby causing inter-beam interference during concurrent transmissions.
  • When channel conditions change, re-grouping of clients is required. Implementations can differ based on re-grouping triggers and method of re-grouping.
  • Implementations can also differ based on how total antennas on AP are used for beamforming within any given group.
  • The performance of MU-MIMO also depends to some degree on the client side implementation. For demodulating the MU-MIMO signal, clients can implement additional techniques such as interference cancellation to eliminate inter-beam interference.
  • The formation of MU-MIMO groups at physical/MAC layer has to also coincide with traffic and QoS requirements of the clients at higher protocol level.

Practical impact

Practical implementation aspects of MU-MIMOThe above considerations are at practical implementation level. Many of them are in the domain of chip design. How well different chip vendors address them could differentiate them from one another in the MU-MIMO era.

They can also impact Wi-Fi chip design paradigm, which traditionally used similar designs for AP and client radios. With MU-MIMO, there will be bulk of tasks that will be performed at AP, resulting in significant design differences between AP side chipset and client side chipset.

Due to all the nuances of implementation and sensitivity to channel conditions, comparing different MU-MIMO implementations in practical network is difficult task. Notwithstanding, I can imagine MU-MIMO becoming table stake in RFPs after Wave-2 arrives, to which everyone will answer “yes” without heed to the exact implementation details. :-)

One radical thought

Given the cost and complexity of chip level tasks required in MU-MIMO, could there be some chip family which may just use all antennas on the AP to form beam to single client at a time. That is, sequential SU-MIMO, instead of parallel MU-MIMO. What will be pros and cons? Will MU-MIMO be only incrementally or significantly better than sequential SU-MIMO? Time will tell.

Devil is in Detail!


Addition Information:


802.11ac, Best practices, WiFi Access, WLAN networks , ,

Get Soaked in the Future of Wi-Fi

September 5th, 2013


AirTight Networks is armed with Wi-Fi of the future, and blasting the message out through social media.


Have you ever noticed that there always seems to be a disconnect in the Wi-Fi industry whereby vendors build and sell their products based on hardware capabilities, tech specs, and geeky feature sets while customers ultimately evaluate products based on how the solution fits with their organizational objectives? That’s a problem.


The Wi-Fi market is on the cusp of a second-wind of tremendous growth that will be driven by focusing product solutions on the tailored needs of customers in every vertical market.  However, this is a departure from the status-quo as historically the Wi-Fi market has grown by pushing products (not solutions) based on the latest hardware enhancements and improvements in speed that have come with each iteration of the 802.11 standard. But that model is breaking down as the technology matures, and hardware differentiation alone is very minimal. And customers are demanding more tailored solutions as their own markets evolve into a mobile-enabled workforce and customer experience.

|WiFuture tweet


What’s exciting is that AirTight is already delivering Wi-Fi of the Future (#WiFuture if you’re following along on Twitter). We provide tailored solutions that include social Wi-Fi integration that enable retailers to engage consumers and provide enhanced customer service, presence and location analytics to understand and adapt to customer behavior in-store, and the most robust wireless security solution on the market to secure data well beyond basic PCI compliance requirements. And that’s only the beginning.


AirTight is building solutions that enable the Wi-Fi of the future through:


A Software-Centric Approach – leveraging the rich data analytics available through an intelligent access network, and software defined radios that enable flexibility of hardware use for client access, security monitoring, and performance analysis.


|Intuitive User Experiencemaking Wi-Fi simpler to deploy and troubleshoot so the network isn’t broken or under-performing.


Operational Expense Model – enabling customers to acquire the latest solutions without breaking the budget.


Mature Cloud – that is truly elastic with both public cloud and private cloud options, enabling easy expansion to meet growing network demands without causing unnecessary retooling or plumbing of the existing network. Mature cloud offering also enables the coming wave of Managed Service Providers (MSPs) who will serve the mid-market.


A Culture of Listening – to customers, partners, and industry experts in various industries so that we understand the business drivers for technology solutions and ensure we build products that deliver on those needs.



@AirTight: Soaking the Industry in the Future of Wi-Fi!


WiFuture SuperSoaker|

We are also building an incredible team of industry experts to blast this vision to the market through social media.  AirTight is armed with Super Social experts, kind of like those old Super Soaker water gun blasters we all loved from a few decades ago (has it been that long already!). The tank is full of energy and innovation, and the social media team at AirTight is at the trigger!


So, are you ready to blast away your Wi-Fi woes? Don’t get stuck on the wrong side, soaked and wet in yesterday’s technology.




802.11ac, 802.11n, WiFi Access, Wireless security, WLAN networks ,

11 Commandments of Wi-Fi Decision Making

September 4th, 2013


Are you considering new Wi-Fi deployment or upgrade of legacy system? Then you should be prepared to navigate the maze of multiple decision factors given that Wi-Fi bake-offs increasingly require multi-faceted evaluation.


Follow these 11 “C”ommandments to navigate the Wi-Fi decision tree:


  1. Cost

  2. Wi-Fi CommandmentsComplexity

  3. Coverage

  4. Capacity

  5. Capabilities

  6. Channels

  7. Clients

  8. Cloud

  9. Controller

  10. 11aC, and last but not least …

  11. seCurity!


|hemant C tweet


1) Cost:


Cost consideration entails both “price and pricing” nuances. Price is the size of the dent to the budget and everyone likes it to be as small as possible. Pricing is the manner in which that dent is made – painful or less painful (I don’t think it can ever be painless!). One aspect of pricing is the CAPEX/OPEX angle. Other aspects such as licensing, front loaded versus back loaded, maintenance fees etc. have been around for a long time, so I won’t drill into details of those other than to say that they exist and need to be considered. Enough said on cost.


2) Complexity:


Complexity consideration spans deployment, configuration and ongoing maintenance. One pitfall to avoid is to “like complexity in the lab and then repent it in the production”. Too many knobs to turn and tune, excessive configuration flexibility and exotic features are some of the things that can add to complexity. That said, complexity considerations cannot swing to the point of being simplistic. Rather, the balanced approach is to look for solutions that have mastered complexity to extract simplicity to meet your needs (borrowing from Don Norman’s terminology here).


3) Coverage:


When you hear terms like neg 55, neg 60, neg 65, you know people are reconciling coverage expectations to the number of access points. There’s no explanation needed for how important the coverage is for your wireless network, but the important factor is that the coverage determines the number of access points needed to cover the physical area. At the planning stage, RF predictive planning comes in handy to estimate the coverage BOM (a site survey can complement it for sample areas during the evaluation stage).


4) Capacity:


While coverage determines how far, capacity determines how many or how much. Capacity determines how small or large cells can be. Using practical models for Wi-Fi usage, capacity objectives can be set and network design can be evaluated against these factors. Capacity also determines the number of access points needed to provide the desired capacity in the physical area. RF predictive planning tools can be invaluable during the evaluation phase for capacity estimation.


5) Capabilities:


By capabilities, I mean feature set. This is one of the most important aspects because this is where you ask the question: “Will the Wi-Fi serve the needs of the business?” This is very industry specific. Some features are extremely critical for one vertical, but won’t even be noticed in others. So, it’s important to identify both the features you care about and also those for which you don’t.  Once identified, you move on to thoroughly evaluate the ones you care about.


6) Channels:


One aspect of channels is making decision on how the RF network will be provisioned along the lines of 2.4 GHz and 5 GHz operation. There are advantages to 5 GHz operation, but 2.4 GHz is not EOL yet. How applications are split between the two bands determines the number and type of radios required in the design. Tools and techniques that are needed to plan, monitor and adapt to the dynamic RF environment are also an important consideration.


7) Clients:


Much of what is achievable in Wi-Fi network depends upon the capabilities of the client devices that will access the wireless network. One set of considerations is mainly around the radio capabilities of clients such as 2.4 GHz/5 GHz operation, number of radio streams, implementation of newer standards in clients etc. Another set of considerations revolves around the applications they run and the traffic profile these applications generate. Yet another set of considerations centers around the level of mobility of the clients. BYOD is another consideration that has become important in the the clients arena.


8) Cloud or 9) Controller:


Today, we see pure cloud architecture, pure controller architecture and also architectures confused between the two concepts. While vendors and experts spar over which is the right architecture for today’s and tomorrow’s Wi-Fi, evaluators should focus on comparing them based on their derived value. It is also important to understand what cloud and controller concepts actually mean from the data, control and management plane perspective. Cloud and controller are distinct ways of organizing overall Wi-Fi solution functionality.


10) 11aC:


Making judicious decisions on “what to deploy today or whether to upgrade now” is a tricky one. There are many views around it. One reason is because of how the features of 802.11ac are split between Wave-1 and Wave-2. It is also important to note that immediate 802.11ac benefits are application and vertical specific. Several practical network engineering considerations exist beyond the casual description of the new 802.11ac speeds that are often marketed. So, listen to vendors, listen to business needs, listen to experts, analyze yourself, and in the end, do what is the best for your environment and situation. Speed is nice IF it can be leveraged in practice!


11) SeCurity:


Any information system sans security is worse than worthless – especially today. That said, level of security required by the wireless environment depends on factors such as the value of information at risk, compliance requirements and enterprise security policies. Desired security level determines the right mix of data inline security (encryption, authentication) and security from unmanaged devices (WIPS). Talking of WIPS, the biggest red flags to watch for are trigger happy solutions that generate false alarms, boast long list of ”popcorn” alerts and require excessive manual involvement in the security process.

letter spoonfull|

My hope is that these “C”ommandments will help serve as guidelines in your Wi-Fi decision making process. You can follow them in any order you like to ensure holistic evaluation of options before you. Every vendor, big or small, has sweet spots on some dimensions and not so sweet spots on others. So, despite what they tell you, nobody scores all A’s on all C’s. Hence one has to work on the evaluation criteria until the palatable scorecard is achieved consistent with requirements and budget.


Additional References:


802.11ac, 802.11n, Best practices, WiFi Access, WLAN networks, WLAN planning , , , , ,

AirTight is Making Enterprise Wi-Fi Fun Again

August 19th, 2013


Anyone who knows me knows that I’m always looking way ahead, and it’s my opinion that AirTight Networks is uniquely positioned to take advantage of a major confluence of forthcoming Wi-Fi market changes and requirements. With

1) a scalable, plug-n-play, API-enabled, elastic cloud,

2) controller-less technology,

3) innovative and industry-leading security offerings, and

4) cost-effective, high-performance, feature-rich access points,

no other vendor is as well-positioned to take on managed services, plug-n-play enterprise Wi-Fi, and a wide variety of cloud services.

The need for uncompromising, flexible, and robust security (without the complexity that’s normally associated with it) has become a top-of-mind issue, and AirTight is the unmistakable leader in this area.


Why are so many enterprise Wi-Fi networks so broken and under-performing? The exact list is long, but the #1 reason, far and away, is that they are too complicated.

  • Complicated - Simple sign  Too complicated to learn.
  •   Too complicated to design.
  •   Too complicated to configure.
  •   Too complicated to deploy.
  •   Too complicated to monitor.
  •   Too complicated to upgrade.
  •   Too complicated to optimize.
  •   Too complicated to troubleshoot.


Who doesn’t constantly ask that their Wi-Fi system be more simple to deal with?  Come on, you know I’m right. Don’t even think about arguing with me on this one. I’ve posed this question to so many customers, VADs, VARs, and consultants that I’ve lost count. Too complicated usually means broken in one way or another.  How many single-AP Apple Airport networks do you come across that are completely messed up?  What… 0.000001%?  Why?  There’s hardly anything to misconfigure, and what little that is in the configuration interface is so intuitive that my mother could figure it out.

In a manner of speaking, I want my enterprise Wi-Fi to be much the same way (too easy to screw up), and of course, it should “just work”.

My friend Bradley Chambers likes to call it the 7S model:


 Simple - easy to design, configure, deploy, use, and troubleshoot

 funky orange wifi symbolSocial - integrated social media

 Smart - intelligent, cooperative network edge and cloud management system

 Secure - this applies to the cloud management and the product security features

 Scalable - unlimited is the only acceptable description

 Stable - adequate testing is done before product release, and it “just works”

 Sensible - cost effective and reasonably priced


Since most enterprise Wi-Fi networks are overly complicated, people make mistakes in the design, deployment, configuration, and so on.  Network managers do not have the time (and rarely the inclination) to spend most of their day messing with the Wi-Fi network. They have other things to do.

It’s easy enough to say “we simplify”, but to be honest, everyone has a different definition of what the word simple means. Simple is relative. I think that making a Wi-Fi system simple falls short. As a vendor, I think you know when you’ve arrived when your customers find your system downright fun. Fun to configure. Fun to monitor. Fun to upgrade.  And of course if something goes south, fun to troubleshoot.


Just imagine the scene…


“Hey Mike, we need to deploy three more SSIDs today.”

 ”Sweet! (fist pump)”


No more flailing about in Wi-Fi UI hell. Experience the end of Wi-Fi as we know it. With its cloud-based simplicity, security, and automation,  AirTight is making Enterprise Wi-Fi fun again.

And, by the way, AirTight just launched a free AP trial for those of you tired of complex WLAN solutions.  Experience secure, cloud-managed Wi-Fi for yourself. 


AirTight: Wi-Fi that loves you back. 



802.11ac, 802.11n, WLAN networks, WLAN planning ,

Pleading the fifth at Wireless Field Day 5

August 15th, 2013


AirTight R&D and support teams, based in Pune (India), tune in live to watch WFD5.

AirTight R&D and support teams, based in Pune (India), tune in live to watch WFD5.


It’s not often that you get a group of Wi-Fi independent thought leaders together in the same room.  Last week, we had the privilege to address such a group at Wireless Field Day 5 (WFD5).  This was the first time that AirTight presented at the semi-annual event.  We’re hoping to be invited to the next one in February.


AirTight Networks to Make its Live Tech Field Day Debut at Wireless Field Day 5 in Silicon Valley


What made this event all the more interesting is that our session was streamed live over the Internet. An AirTight video archive was then created and can easily be referenced at any time from the Tech Field Day site.  In fact, all vendor presentations can be found here.

|The AirTight session started off with a welcome by CEO David King.  His talk provided a view into the richness and depth of the wireless industry and even included a reference to Dilbert Wi-Fi.  Following are a few tweets that reflect the sentiment around David’s introductory remarks.


wirelessguru tweet

Keith R Parsons tweet





Stephen Foskett tweet


Next came a demonstration of the AirTight user interface and ease-of-use by Dr. Kaustubh Phanse, principal wireless architect and chief evangelist, and an analytics and social Wi-Fi demonstration by Sean Blanton, senior systems engineer.

These two demonstrations were then followed by a technical presentation on the AirTight cloud-based Wi-Fi management plane by Dr. Hemant Chaskar, VP of technology and innovation.  For more depth around what differentiates a cloud-based Wi-Fi management plane from traditional architectures, you’ll want to read this @CHemantC  blog post.


AirTight WFD5 picture archive by Jennifer Huber


There was no shortage of questions for each of the presenters and it seems that the candor of AirTight answers was well received. The WFD5 delegates waste no time in voicing their opinions.  This blog post by Blake Krone was published a few minutes after the final ‘innovation’ presentation by CTO Pravin Bhagwat.  Ryan Adzima later published a post titled NMS UI and the product managers that hate us.




Each WFD5 delegate was given an AirTight C55 AP to test drive via AirTight’s cloud service.  If you’d like to experience AirTight cloud Wi-Fi for yourself, request your free AP today.

|Free AP Banner


Enquiring Minds Want To Know …


The delegates are a very social bunch and their questions and comments light up Twitter as the sessions progressed.  Their curiosity knows no bounds and it seems that nothing is off limits. There were even tweets asking about the meaning of the tattoo on Sean Blanton’s forearm.  If AirTight is invited to WFD6, Sean might be convinced to show them the one on his back …

And while we’re on the topic of questions, we’re wondering whatever happened to the AirTight “5”? We think that Lee Badman knows … but he’s pleading the fifth.


More on WFD5 and the complicated world without wires



802.11n, WiFi Access, WLAN networks, WLAN planning ,

The WIPS Detective

August 13th, 2013


With the ever increasing importance of Wi-Fi as the de facto access technology, WIPS plays a key role in overall enterprise network infrastructure security.


wips detective with listThe U.S. Department of Defense (DoD) recently created a separate category for wireless intrusion detection/prevention in its approved product listing for deployments in defense agencies.

Gartner now recommends including WIPS as critical requirement in all new RFPs for wireless technologies.

Drivers for WIPS such as PCI compliance for retailers and BYOD for enterprises are compelling.

Secure Wi-Fi is also seen as medium to increase efficiency of government and public services. UK courts recently announced a program to install secure Wi-Fi in 500 court rooms. WIPS is required to make Wi-Fi secure.


Evaluating any information security solution has always been difficult due to the comprehensive coverage of tests required to fully validate the solution. Though there is no substitute for thorough testing, there are some obvious clues which indicate the level of security and operational feasibility of a particular WIPS solution.  As long as you know where to look …  The WIPS Detective reviews some of the tell tale signs starting with Rogue AP protection.  Other signs are addressed in subsequent posts.


Rogue AP Protection


Rogue AP protection – protection from unmanaged APs connected to the enterprise network – is one of the most critical features of WIPS.

If you are deploying WIPS, then solid Rogue AP protection is the first thing you want out of it. Rogue AP protection is also one of the most important requirements for wireless PCI DSS compliance. While certain types of Rogue APs are trivial to detect, certain others are extremely difficult to detect. Also, there are many caveats to workflow for Rogue AP protection in large enterprise networks.

To the extent these aspects are addressed by different solutions, there is a wide spectrum from checkmark to genuine value. Below are some simple clues that help gauge the level of rogue protection obtained from a specific WIPS solution.


Clue #1: Automatic Rogue Containment


Some WIPS systems show a legal warning when you attempt to activate automatic rogue protection.


Cisco WLC-Fluke aWIPS verion 7.4

Cisco WLC-Fluke aWIPS verion 7.4


WIPS detective red flagThis means that “rogue on wire” detection is false alarm prone.  In other words, the system can incorrectly tag friendly neighborhood APs as rogues on wire (called “false positive”). With that possibility, it is impossible to automate rogue containment, since the user would otherwise be taking the liability of neighbor disruption on his head. Seriously, how many users would feel comfortable proceeding after reading this legal disclaimer?  

Accordingly, possibility of any false positive (there isn’t any leeway here) = automatic containment not practical due to liability of neighbor disruption.


Clue #2: Rogue Detection via Wired / Wireless MAC Relation


The most primitive rogue connectivity detection is to look for numerical relation (numerical neighborhood of 2 and 64 are common) between APs’ wired and wireless MAC addresses.  In fact, many run-of-the-mill WIPS actually do that to get their rogue detection checkmark in the product with the least amount of depth.

|Rogue detection via wired _ wireless MAC relation


WIPS detective red flagSaying that WIPS detects rogues on the wire using MAC relations is the same as saying that it fails to detect rogue APs which do not possess any relationship between their wired and wireless MAC addresses.  When it is known that some configurations of rogue APs are outside of the system’s scope for network connectivity detection, the entire neighbor AP list is suspect.

It is like old classic game of minesweeper where every unturned tile is a suspect. Playing minesweeper is fun, but manually examining thousands of APs to ensure that there is no undetected rogue among them is not fun!

 In short, partial “rogue on wire” detection (called false negative) = mountain of manual work to ensure there is no undetected rogue and high risk of lapses.


The 2 clues outlined above illustrate that the writing is on the wall and reflect on the level of robustness of the underlying security platform - in a particular for a WIPS solution. I will cover many more of these tell tale clues in this rolling blog series. Stay tuned.


Additional Information:


802.11n, Best practices, PCI, WiFi Access, Wireless security, WLAN networks

Next generation cloud-based Wi-Fi management plane

August 7th, 2013


In early days of cloud Wi-Fi, incumbents used to say that cloud Wi-Fi was just about moving traditional controller appliances to centralized data centers. As time progressed, it became clear that this was a gross mischaracterization of cloud Wi-Fi. In the first dimension, cloud Wi-Fi would differentiate from traditional architecture by decoupling the data plane from the control plane (also called “local switching”). However, this alone wasn’t adequate since tying the control plane to centralized controllers created an inefficient architecture. Accordingly, the second new dimension consisted in moving the control plane to the edge of the network (also referred to as “smart edge APs”).

There is also a third dimension where “true cloud Wi-Fi differentiates even further from the traditional architecture. This dimension is not easily visible to the end user, though it results in substantial differences in the operation efficiency of the cloud backend. Eventually, these efficiencies pass on to the end user either as cost savings or features. This third dimension is about how the Wi-Fi management plane is implemented in the cloud – this is the topic of this blog.




The benefits of virtualization are many and varied. Full virtualization of the Wi-Fi management plane gives greater speed and efficiency in provisioning and re-provisioning the cloud resources. It allows for taking advantage of the rich features of the virtualization OS, which are geared towards better cloud implementations. As a result, fully virtualized cloud backend for the Wi-Fi management is a big step beyond the blades and appliances provisioned at the data center.


Resource Sharing


Multi-tenancy is an essential feature of a true cloud management plane. Multi-tenant servers in the cloud can concurrently host sandboxed workspaces for different customers. This provides benefits of sharing the high end computation resources across many customers.

However, there are also other resource sharing benefits that can be achieved in the cloud management plane.

Let’s take the example of disc storage. Virtualized instances can derive benefit from SAN (Storage Area Network) disc arrays as opposed to discs attached to appliances and blades. Apart from being more reliable than appliance based discs, they also allow for use of efficient disc redundancy techniques such as RAID5 (with 3 discs and intelligent parity based redundancy, it causes only 50% storage overhead), compared to RAID1 (which requires 2 discs and does brute force data mirroring with 100% storage overhead) of appliance based systems.

Another example would be that the fully virtualized management plane can be deployed in (N+1) redundant fashion. This is possible because virtual machines can be quickly and automatically moved from any of the N running instances to the standby instance – in the event that any of the N instances were to fail.  With appliance based systems, you are mostly constrained to legacy (1+1) redundancy which increases the overall cost of solution. That being said, virtual instances can also be deployed in (1+1) redundant fashion if so required for specific deployments (N = 1). Because of the way in which AirTight cloud is implemented, it offers a sliding scale of redundancy for customers to choose from; ranging from the best value to the extreme redundancy.


Horizontal Scalability


This is not something that you will get just by virtualization, though virtualization can be leveraged for better horizontal scalability. Horizontal scalability (also called “elastic cloud”) is a concept that is application specific and applications need to be architected to permit it. In the Wi-Fi management context, horizontal scalability could mean seamless expansion of the management resources at the data center to subsume increasing demand in the end user network. This typically happens when deployments grow as more APs are added, and especially when they start overflowing capacity of single server instances. How each vendor handles this is unique to the vendor. In the AirTight cloud, we have our own way of resource pooling to provide horizontal scalability to enable single pane of glass management in AirTight’s HTML5 management console for very large deployments and for managed service providers. We also have elastic analytics engine that can grow horizontally as the data set continues to grow.


Multiple Layers of Fault Tolerance


True cloud Wi-Fi implements multiple layers of fault tolerance. For example, at the AP level, APs need to be able to operate autonomously with no reliance on the management server for traffic forwarding and for offering services such as handoffs, captive portals, firewall, etc. For deployments which also care about security, the AP/Sensor should be able to perform full WIPS functions without reliance on the manager. In the AirTight architecture, we refer to this as “standalone” operation, which ensures that the service at the edge is not disrupted at all – even if the Wi-Fi management server is unreachable. In addition, a resilient service discovery network with geographically replicated databases ensures that the connected edge device will quickly and reliably find its home in the cloud from anywhere. Fault tolerance on the server side is provided via redundancy techniques I’ve already discussed. Additionally, features of a virtualization OS, such as snapshotting are useful to add an additional layer of protection during upgrade processes.


Good Things in the True Cloud Wi-Fi Management AirTight Cloud ServicesPlane


These are some things that can only be found in the Wi-Fi management plane that is designed bottom up to be hosted in the cloud. While these things may not be directly visible to the end user, they are important for the cloud operator and also result in indirect benefits to the end user. Simply hauling Wi-Fi management servers to the data centers does not allow for these benefits. So, we now have one more dimension by which to compare true cloud Wi-Fi with traditional architectures – the good things found in the cloud-based management plane!




Want to hear more about this topic?  Tune into Wireless Field 5 (live on August 8th from 8-10 am PT, or watch from the TechFieldDay archives). You can also follow the Twitter discussion with the WFD5 hashtag.

WFD5 tweet from Gestalt IT


AirTight Networks to Make its Live Tech Field Day Debut at Wireless Field Day 5 in Silicon Valley


802.11n, Cloud computing, mobile device management, WiFi Access, WLAN networks , , ,