|

CWNP (Certified Wireless Networking Professional) is widely recognized as the IT industry standard for vendor neutral enterprise Wi-Fi certification and training.  CWNP publishes videos, white papers, blogs, and other materials that assist the networker in learning Wi-Fi technologies and preparing for CWNP certification exams. The WiSE article series is one of these CWNP thought leadership content initiatives.

|

About the WiSE Article Series:

|

Wireless is inherently complex; its study spans at least two engineering disciplines: Electrical Engineering and Computer Science. Add to this the nuances of various standards, vendor implementations, RF environments, and protocol interactions, and it is not uncommon to feel a little lost in understanding the various aspects of Wi-Fi network operation. In this series of short articles, we explain various Wi-Fi subtleties, to work toward a better understanding of Wi-Fi network deployments.

The WiSE article series editor is Tom Carpenter and the first 5 WiSE articles feature AirTight Networks wireless subject matter experts as CWNP guest bloggers.

|

1) Wi-Fi Throughput Algebra – Simplified

Author: Bhaskaran Raman, PhD.     Read WiSE article 1

In this first article in a multi-part WiSE Article Series, Bhaskaran Raman explains the formulas you can use to estimate throughput on WLANs. This article simplifies Wi-Fi throughput algebra, to give a rule of thumb for what throughput to expect when taking into account at least the first order factors which affect all environments and tests.   Read WiSE article 1

|

2) Wi-Fi Subtleties Explained (Parameters that Matter)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 2

This second article talks about parameters that impact Wi-Fi throughput. You may be surprised to learn that it’s not all about the lower layers (Physical and Data Link), but the TCP communications have a significant impact as well.   Read WiSE article 2

3)  Wi-Fi Subtleties Explained (Channel Bonding)

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 3

In this third installment of the WiSE article series from AirTight Networks, channel bonding is considered. Some surprising results will cause you to rethink your network design plans and possibly how you will implement newer 802.11 technologies.  Read WiSE article 3

|

4)  Wi-Fi Subtleties Explained (Quality of Service [QoS] Controls)

Author: Hemant Chaskar, Ph.D.     Read WiSE article 4

Quality of Service (QoS) is another aspect of the network performance that is relevant for applications such as VoIP over Wi-Fi. In this context, QoS is provided by prioritizing the packets belonging to specific applications such as VoIP over others so that they encounter minimal latency in transit. It takes three different sections of the data path to use three different techniques for the end-to-end handling of wireless QoS-sensitive packets, as discussed below. The idea of this article is not to provide overview of standard Wi-Fi QoS mechanisms such as WMM, but to point out some subtleties in using them in the network.   Read WiSE article 4

5)  Interference from Non-WiFi Sources, Part 1

Author: Bhaskaran Raman, Ph.D.     Read WiSE article 5 – part I

RF interference is an important concern in Wi-Fi networks. Such interference can come from two types of sources: Wi-Fi or non-Wi-Fi. In this and the follow up article, the focus is on subtleties pertaining to non-Wi-Fi interference sources.  Read WiSE article 5 – part I

Full list of CWNP WiSE articles

Check back often as new articles are published on a regular basis.

|

About the AirTight WiSE authors:

|

Bhaskaran Raman is a scientist at AirTight Networks, working on high performance Wi-Fi architecture. Bhaskar received his M.S. and Ph.D. in Computer Science from the University of California, Berkeley, in 1999 and 2002 respectively, and his B.Tech in CSE from IIT Madras, India in May 1997. He was a faculty in the CSE department at IIT Kanpur from 2003-07. Since July 2007, he has been a professor at the CSE department at IIT Bombay. His research interests and expertise are in wireless and mobile communication networks. Bhaskar was a recipient of the IBM Faculty Award in the year 2008. He has published research papers in various IEEE and ACM conferences and journals, and is on the editorial board of ACM Computer Communication Review.

Hemant Chaskar is VP for Technology and Innovation at AirTight Networks. In this role, he looks after AirTight’s technology R&D and also performs roles in product design, business development, and various customer facing activities. At AirTight, Hemant has been working on Wi-Fi networking and security for the past 8 years; and has held positions at Nokia Research and Lucent Technologies prior to that. He holds Ph.D. in Electrical Engineering from the University of Illinois at Urbana-Champaign.

Additional Information

Follow CWNP on Twitter

Contact Tom Carpenter – WiSE Article Series Editor

More information on CWNP certifications

Follow Airtight on Twitter

Contact Bhaskaran Raman and Hemant Chaskar at AirTight Networks

Pravin Bhagwat 802.11ac, 802.11n, Best practices, Wireless scanning, Wireless security, WLAN networks, WLAN planning CWNP, Tom Carpenter, WiSE

By Hemant Chaskar

The building of the bill of materials (BOM) is an important factor in the Wi-Fi project plan. The cost of APs and the cost of other components in the Wi-Fi architecture contribute to the overall BOM. There are two types of large Wi-Fi deployments that we often see: distributed and dense. Examples of the distributed deployment are clinics, insurance offices, bank branches, retail stores, hospitality providers, etc. The number of sites in the distributed Wi-Fi can run into 100’s, 1000’s, or as in case of some of our retatil customers even 10,000’s. Dense deployments are typical of campus environments in which there are few campuses – each with large number of APs. There could be 100’s, or 1000’s of APs that may be required to cover a few campuses.

To compare and contrast BOM for different types of AP platforms for large distributed or dense deployments, we can think of these deployments in units of sections. For the distributed deployment with a number of sites and a few APs per site, the section can be a site such as insurance office, bank branch, retail store, etc. For the dense AP deployment, the section can be a floor of a multi-storied facility, part of the floor (e.g., East, West, North, South sections of floor plan), etc. For each such section, one can compute the number of APs which can be deployed in each section to stay within the overall Wi-Fi budget (the budget also has to account for the cost of Ethernet drops required for APs). For apples to apples comparison, let us say that the customer can negotiate the same street price for different types of APs. The tables below show how much functionality can be achieved with a given number of APs, in each section, and for different types of APs. Conversely, one can also think of it as how many APs per section are required to achieve certain functionality within each section.|

1) Dual radio APs without support for dedicated scanning radios (where only background scanning is supported)

|

2) Band-locked dual radio APs which can be either AP on both radios or WIPS sensor on both radios

|

3) Band-unlocked dual radio APs with per-radio AP or per-radio dual band WIPS sensor configuration option

|

|

Clearly, for secure Wi-Fi deployments, the dual radio AP platform with each radio independently software configurable as AP or as dual-band WIPS sensor gives maximum value for the given BOM in terms of both traffic capacity and security. This mode of operation is only possible with specialized AP platforms with band-unlocked radios. Let me elaborate below on what it means for the radios to be band-locked versus band-unlocked.

Dual radio APs with band-locked radios: Most dual radio enterprise APs are dual band, dual concurrent, but have band-locked radios. What it means is that one radio is configured for 2.4 GHz operation and the other for 5 GHz operation at boot time. So, once one of the radios is configured as AP in one band (say 2.4 GHz band), the other radio cannot scan channels in the 2.4 GHz band for WIPS functionality. The other radio can only scan 5 GHz channels as it is band locked to 5 GHz. As a result, these AP platforms cannot support the most efficient option 3) described above and it is then required to dedicate one full dual radio device for WIPS with one radio scanning 2.4 GHz channels and the other scanning 5 GHz channels for security monitoring (i.e., degrade to BOM inefficient option 2) described above).

Dual radio APs with band-unlocked radios: Some differentiated dual radio AP platforms such as AirTight APs allow each radio to be independently software configurable as AP or as dual-band WIPS sensor.  So when one radio is configured in one band as AP (say 2.4 GHz band), the other radio can still scan both 2.4 GHz and 5 GHz bands. It takes RF expertise to design such APs. Such APs can support all of the above three deployment options, and in particular, uniquely support the most efficient option 3) described above.

|

|Follow AirTight Networks on Twitter

|

In addition to AP platform consideration, there are additional Wi-Fi architectural factors which also affect total cost of solution:

|

a) Controller vs controller-less architecture: This is particularly important in distributed deployments. Controller architectures, originally designed for campus deployments, require per-site controllers  to achieve full functionality of AP. Deploying centralized controllers at headquarters talking to APs over WAN links does not offer robust functionality in distributed environments. See my earlier blog post: Is your cloud Wi-Fi genuine, or is it controller over WAN imitation? Per-site controller requirement increases the total BOM, particularly when the number of APs per site is small (can you imagine 100 controllers for 100 site deployment with 3 APs per site!). On the other hand, controller-less Wi-Fi with smart edge APs does not incur this additional cost.

b) Centralized control as add-on versus built into solution: Large deployments require centralized console for configuration, management and reporting. Wi-Fi architectures with controllers embedded in APs, originally designed for small localized deployments, are not adequate for large deployments. These AP-embedded controller solutions require additional on-site management server assets for centralized control and may even require appliance controllers to fill the functionality gap between AP-embedded controllers and appliance controllers. These additional on-site server components add to overall cost. On the other hand, cloud managed Wi-Fi does not incur additional cost for centralized management. I have discussed differences between true cloud managed Wi-Fi and Wi-Fi solution with mere word cloud in it in one of the earlier posts: Different shades of cloud Wi-Fi: Rebranded, Activated, Managed.

c) Security as add on versus integrated into architecture: Some AP vendors offer WIPS as add-on to Wi-Fi infrastructure. These architectures require additional WIPS appliances and licenses to enable WIPS which can cause BOM to go up. On the other hand, if WIPS is built into solution it does not require additional appliances and licenses.

|

|As we saw, there are several factors such as AP capabilities and overall Wi-Fi architecture which can cause BOM for large Wi-Fi deployments to vary over a range as much as 2X. By making the right choices on each of the above fronts, the BOM can be significantly reduced, while obtaining the maximum value from the deployed Wi-Fi infrastructure. AirTight secure Wi-Fi can help to meet these goals – with band-unlocked dual radio APs, smart edge controller-less Wi-Fi architecture, HTML5 based central management console in the cloud, and the only top rated WIPS built into the solution.|

Hemant Chaskar 802.11ac, 802.11n, Best practices, mobile device management, WLAN networks, WLAN planning

By Kaustubh Phanse  – AirTight Chief Evangelist

|

If predictions from leading technology analyst firms are to be believed, the worldwide Wi-Fi market will continue to grow.

Dell’Oro estimates the Wi-Fi market to grow to $9.9 billion by 2016 of which the enterprise WLAN segment alone is estimated to be over $5 billion in revenues.

Gartner anticipates an even faster growth for the enterprise WLAN segment, with spending expected to reach $7.9 billion in 2016.

Here are a few trends (some of which are already happening!), which will go hand-in-hand with this next wave of massive growth in the enterprise WLAN market.

Distributed Wi-Fi, Centrally Managed

A growing number of enterprises will want to extend their Wi-Fi rollout across remote locations, e.g., branch offices, retail stores, distribution centers, restaurants, and the list could go on. The key challenge then would be to have centralized visibility and management of the entire deployment—ideally from a single console.

This trend will make the traditional controller-based architecture outdated sooner than later because it was not designed to manage Wi-Fi networks across geographically distributed sites. It’s too complex, costly, and does not scale. The change of guards is evidenced in the number of recent announcements by controller-based WLAN vendors. Some are hiding the controller in the cloud, some are hiding them in arrays, some are saying that they are giving customers a “choice” to turn it off (without telling them what functions will stop working without it!), while some are simply giving their marketing a “controller-less” spin. Unfortunately, you can’t turn a fork into a spoon overnight to eat soup instead of spaghetti! Or maybe you can!

Naturally, an increasing number of enterprises are looking for an alternative that:

Linearly scales to tens, hundreds or thousands of distributed locations, but can be managed centrally from a single console;

Enables literally plug-and-play installation and true zero-touch configuration of access points (APs) at remote sites without IT staff;

Is fault-tolerant by design so the full wireless network and security functionality continues to work without depending on access to a central management server;

Supports a new paradigm of network and security management and role-based administration of distributed locations in the context of locations and not in the context of “SSIDs” alone.

WLAN as a Managed Service

That brings me to my next trend, which will redefine how enterprise Wi-Fi networks are managed: Cloud! Enterprises have adopted cloud technologies in recent years to replace software applications that they once ran on their own network. But in 2013 and beyond, an increasing number of companies will look up to the cloud to manage their distributed Wi-Fi networks and related services such as wireless security and compliance. And in many cases, they will outsource their network and security management to managed service providers (MSPs). In fact, we have seen a significant growth in our partnerships with MSPs wanting to host cloud-managed WLAN services. But, not all clouds are made equal. So providers looking for cloud partnerships should carefully assess how cloudy is the cloud before making the leap. Only a true multi-tenant cloud solution will allow them to manage hundreds of customers in a cost-effective way, i.e., without having to host a server (appliance or VM instance) for every customer!

 |

Follow AirTight Networks on Twitter

Bring Your Own Device (BYOD)

The BYOD trend, with employees using personal smartphones and tablets at work, has significantly driven Wi-Fi adoption and evolution over the last couple of years. It has also led to a growing trend of other unauthorized Wi-Fi devices, e.g., Rogue APs, Soft Rogue APs and mobile Wi-Fi hotspots, on enterprise networks. While mobile device management (MDM) and NAC vendors have tried to market themselves as the silver bullet for managing BYOD, neither of them have complete visibility into the Wi-Fi activity of these personal devices and hence cannot provide comprehensive access control for BYOD. Naturally, questions are being raised on whether MDM is really needed or is it dead?

A growing number of enterprises are opting for a reliable wireless intrusion prevention system (WIPS) – either as an overlay on top of existing WLAN solutions or as a built-in feature with their WLAN solution – to provide them with 24/7 wireless monitoring and policy enforcement, including BYOD. Automatic and accurate classification of Wi-Fi devices detected in the enterprise airspace, automatic fingerprinting and onboarding of smartphones and tablets onto the enterprise network, and the ability to reliably block any unauthorized devices or those violating security policies will be crucial to minimize security exposure and ensure compliance with regulatory requirements, while avoiding excessive burden on the IT security staff.

A New Standard, Higher Speeds!

Last, but not the least, 2013 is also expected to see the ratification of a new Wi-Fi standard in the form of IEEE 802.11ac, nicknamed as Gigabit Wi-Fi! 802.11ac uses wider channels (80 MHz and 160 MHz) as compared to 802.11n (20 MHz and 40 MHz) in the relatively clean 5 GHz frequency band and enables data rates up to 1.3 Gbps. Some pre-standard 802.11ac products are already in the market, with the approval of the standard expected in late 2013. Like it was the case with 802.11n, the early 802.11ac rollouts will be mainly access points. This year has already seen some rumors and some announcements of 802.11ac support in mobile devices. However, widespread adoption of 802.11ac is expected only by 2014-2015 when majority of Wi-Fi clients will support the standard. Till then, enterprises are likely to postpone the investment in an 802.11ac upgrade of their WLAN infrastructure to maximize the ROI.

Listen to the ebook

Additional Information:

Kaustubh Phanse 802.11n, BYOD, mobile device management, WiFi Access, Wireless security, WLAN networks

Did you know that all cloud Wi-Fi’s aren’t created equal?

The race is on to put cloud in Wi-Fi

The word “cloud” in the name doesn’t tell the whole story, one has to dig deeper. Here’s why.

Hemant Chaskar Cloud computing, WiFi Access, Wireless security, WLAN networks AirTight Wi-Fi, Aruba Activate, cloud managed, cloud Wi-Fi, controller-less

• Cisco Warns of Vulnerabilities in Wireless LAN Controllers by Mike Lennon Managing Editor at Security Week

• Cisco Wireless LAN Controllers Wireless Intrusion Prevention System Denial of Service Vulnerability via Cisco Vulnerability Alert

Particularly interesting is Cisco’s proposed workarounds which state:

Proposed workarounds for vulnerabilities in Cisco wireless LAN Controllers

Read more…

Hemant Chaskar 802.11n, Wireless security, WLAN networks Cisco aWIPS, DDoS, security alert, skyjacking

As Wi-Fi deployments extend into large distributed environments, management of these Wi-Fi networks poses unique challenges. It could be the clinic-wide deployment for the medical facility running into 100’s of sites, branch-wide deployment for the bank running into 1000’s of sites, or store-wide deployment for the fast food restaurant running into 10,000’s sites. The network and security management needs for such deployments are very different from the traditional campus Wi-Fi. Accordingly, the network management console has to deliver on a number of fronts. Read more…

Hemant Chaskar Cloud computing, WiFi Access, Wireless security, WLAN networks ap tagging, ap tags, cloud Wi-Fi, console, GUI, Network management, WIPS

With AirTight Wi-Fi™, enterprises now have a truly secure Wi-Fi solution that is armed to defend your network from wireless threats 24/7.
Join AirTight on September 19 at 11 AM Pacific for a live demo. Find out how easy it is to deploy, manage and secure AirTight’s cloud-managed Wi-Fi. AirTight Wi-Fi Benefits: •Simple to deploy and manage with limited IT resources •Fully user-customizable HTML5 UI to improve IT efficiency •Get your Wi-Fi up and running quickly without the need for extensive training and certifications •Infinitely scalable to grow the WLAN deployment over time •Provides high performance 3×3 MIMO within the 802.3af power budget •Top rated WIPS to automatically detect and block threats •Provides automated BYOD policy enforcement including device onboarding.

Register now: http://airtightnetworks.adobeconnect.com/wifilivedemo9-19/event/event_info.html

Della Lowe Cloud computing, WiFi Access, Wireless security, WLAN networks cloud, secure WiFi, Security, Wi-Fi, WiFi access point, Wireless security, WLAN

Retailers are increasingly looking to deploy Wi-Fi in their stores. They want to provide guest Wi-Fi to their patrons and also want to deploy in-store applications such as wireless POS and printers, wireless kiosks, wireless digital signage, and HQ network access over Wi-Fi. Coupled with these business drivers there is also a wireless PCI compliance requirement to protect credit card transactions. Retailers however face some unique challenges which were hitherto not met by traditional autonomous or controller Wi-Fi solutions. Now cloud managed Wi-Fi has made it quite feasible for them to achieve these goals.
Read more…

Hemant Chaskar 802.11n, Cloud computing, PCI, WiFi Access, Wireless scanning, Wireless security, WLAN networks

This month, AirTight Networks’ flagship product, SpectraGuard® Enterprise, achieved FIPS 140-2 validation from the National Institute of Standards and Technology (NIST) of the United States and the Communications Security Establishment of Canada (CSEC).

 These standards and guidelines are issued by NIST as Federal Information Processing Standards (FIPS) for use government-wide. NIST develops FIPS when there are compelling Federal government requirements such as for security and interoperability and there are no acceptable industry standards or solutions. See background information for more details.

Simultaneously, AirTight’s SpectraGuard Server passed TIC tests for inclusion on the DISA UC APL. The DISA UC APL is the single consolidate list of products that have completed interoperability (IO) and information assurance (IA) certification. Use of the DoD UC APL allows DoD Components to purchase and operate UC systems over all DoD network infrastructures.

AirTight’s products are deployed worldwide in many of the most security sensitive United States government and defense organizations to assure security and compliance with requirements such as DoD 8420.01, FISMA and guidelines from the National Institute of Standards and Technology (NIST). Because AirTight products are always kept up-to-date with certifications such as FIPS 140-2, Common Criteria and DISA; government and defense agencies can take advantage of the powerful wireless security technology provided by AirTight.

Della Lowe 802.11n, Compliance, DISA UC APL, Federal Government, FIPS 140-2, Wireless security, WLAN networks 802.11n, DISA, FIPS, WIPS, Wireless Intrusion Prevention, Wireless security

Join AirTight wireless and security experts to learn how deploying a cloud-based Wi-Fi solution can meet your  business objects with the fastest deployment, lowest cost and minimal management overhead, while maintaining the security of your network and meeting PCI wireless scanning requirements.

AirTight can show you how to be up and running with a Guest Wi-Fi network and captive portal in a matter of minutes.

Be sure to visit AirTight at booth 2227 at the NRF 101st Annual Convention & EXPO, January 15-18, 2012 at the Jacob K. Javits Convention Center in New York City. We will have experts and top executives on hand to answer your questions.

Monday, January 16, 2012: 9:00am – 6:30pm
Tuesday, January 17, 2012: 9:00am – 5:00pm 

Featured Product:

AirTight Cloud Services™ – AirTight Cloud Services for Wi-Fi Access and Security is the first and only VVi-Fi solution managed from the cloud that offers VVi-Fi access PLUS full time rogue detection and prevention for wireless security and PCI compliance in a single device.

If we have your interest, contact us at sales@airtightnetworks.com to set up a meeting with our wireless experts.

Della Lowe Cloud computing, PCI, WiFi Access, Wireless security, WLAN networks