How to set up and maintain a wireless workplace
- 30 September, 2011 08:14
Wireless networks aren't just a convenience anymore; they've become an essential part of business culture. It's nearly impossible to walk into a workplace that doesn't use Wi-Fi in some fashion. For the millions of portable wireless devices--from traditional laptops to smartphones and tablets (including Apple's iDevices and the ever-expanding menagerie of Android-based gear)--that people carry with them today, Wi-Fi is the great connector, providing an industry-standard communication layer for untethered devices.
Making your organization Wi-Fi-friendly is good business. Wireless support can foster goodwill among visitors, enable the workforce to stay connected to the company while on the road, and provide network access in areas that are either too expensive or too inconvenient to reach easily with traditional network cabling. But pulling off a successful Wi-Fi deployment can be tricky. For instance, it may seem like a good idea to buy the lowest-cost access point (AP) and stick it in a corner, but such a minimalist approach is unlikely to yield the results you're looking for.
When Wi-Fi Isn't Enough
Before embarking on a company-wide deployment, you should make sure that Wi-Fi will meet your needs. If you want to give laptops, tablets, and other devices wireless support for Web surfing, Wi-Fi is a great fit. It's also good for asymmetric application access--that is, for situations where users consume bandwidth in just one direction.
The chinks in Wi-Fi's armor become evident, however, if you try to use it with non-Web-based line-of-business applications, such as "fat" client/server applications. Also, software packages that can't deal with occasional communication glitches are less than ideal for Wi-Fi. When I attempted to run a popular small-business accounting package over Wi-Fi, I ran into trouble continually because the software couldn't tolerate occasional momentary lapses in connectivity. Though a Web browser would never even notice such minor issues, applications that send a lot of traffic and can't handle communication errors are poorly suited to Wi-Fi.
Likewise, if you try to stream multimedia content via Wi-Fi, you may encounter difficulties. Depending on your setup and on the quality of your AP, users may be disappointed, especially on densely populated APs. Cheap, low-cost APs typically work fine for a few users, but they can't keep up when you scale to ten or so.
The latest Wi-Fi specification is 802.11n. Like its predecessors 802.11b and 802.11g, 802.11n travels over a 2.4GHz radio signal. The 802.11n spec uses a multiple-antenna system that provides greater range than 802.11g, and it can transfer data at speeds of up to 300 mbps, compared to 802.11g's maximum rate of 54 mbps. And since 802.11n devices are backward-compatible with 802.11b/g devices, there's no reason to look at any APs other than 802.11n devices unless you're bound by a previous purchasing contract.
Location, Location, Location
A successful Wi-Fi installation involves more than just tossing a few APs around and hoping for the best. To start with, you should consider where to place the APs, what the interior walls are composed of, and how many APs need to be installed. Locating the Wi-Fi APs is a critical aspect of the wireless deployment. One option is to use centrally located APs through the floor to provide "inside out" coverage; another is to go "outside in" by placing the APs in corners and along outside offices, with the APs looking in to the user area. If your building setup doesn't permit placing APs in the user space, you can use high-end outdoor APs to "light up" the building from outside the physical walls; this is particularly useful in multiple-tenant situations. Of course, you can always combine approaches to get the exact coverage you need. I've found that, except in the case of floor plans where the center of the building is filled with elevator shafts or other equipment, an inside-out approach provides the best coverage and is easier to deploy.
It may sound obvious, but make sure that you've planned for a sufficient number of APs. I've seen many Wi-Fi installations fail because the company used too few APs to cover the user space, with some overlap. in the open, a typical AP can cover a radius of approximately 300 feet. Indoors, 50 to 100 feet is the usable maximum.
The composition of your walls plays a big role in how far Wi-Fi travels indoors. Wood construction is best; walls attached to steel studs are bad; and concrete walls with steel rebar are the worst. One or two walls can greatly reduce a Wi-Fi signal. And if the path to an AP traverses a wall at an angle, the signal is likely to degrade even more. A number of tools--from handheld scanners to iPhone and Android applications--are available to help admins check wireless signal strength at various points in a building. Use these tools to achieve optimal AP placement.
Bring It Back
As you distribute APs around the building, you need to consider another detail: How do you connect all of the APs to the network backbone? If you plan to place APs in offices or locations that have existing network jacks, you're in good shape. But if the chosen locations are remote from any existing cable run (say, in a drop ceiling), you'll have to make some choices. By far, the most preferable method is to use a physical network connection to tie the APs to the network backbone. But if you want to park the APs in exotic spots, there is another way.
Some higher-end APs are dual-band-capable; that is, they have a 5GHz 802.11a radio signal as well as a 2.4GHz 802.11b/g/n radio signal. You can use a technique called WDS (for "wireless distribution system") over the 5GHz signal as a way to connect to the LAN, while using the 2.4GHz signal for client access. Theoretically, you can do both on a single band; but if you do, overall performance will suffer greatly.
Power to the People
Remember to plan how to get power to the access points. If there's an electrical outlet nearby, no problem. For relatively remote locations, such as in drop ceilings or where a network jack is available but an electrical outlet isn't, you have another option. Power over Ethernet (PoE) provides 48vdc to the AP over standard copper network cabling. The DC voltage travels over an unused pair in the ethernet cable either through a stand-alone PoE injector or from a PoE-enabled ethernet switch. Either way, PoE makes deploying an AP possible in the absence of a readily available AC outlet.
Once all of your APs are in place, you (or your IT staff) need some way to manage them effectively. If you have a small coverage area and just a handful of APs, managing each access point individually is easy and cost-effective. For deployments that cover multiple floors or whole buildings, a centralized management platform such as a Wireless LAN controller is the way to go.
Wireless LAN controllers are appliances (sometimes built into firewalls or other security devices) that allow you to configure and manage an entire wireless network from a single Web-based user interface. Their job is to push out a common configuration to each AP, thereby eliminating the need to set up each one manually. Some controllers can also automatically change Wi-Fi channels to avoid radio congestion. The primary benefits of using a wireless LAN controller are quick deployment and automatic optimization, without requiring network staff to monitor APs constantly. And when you have dozens or even hundreds of APs to keep track of, you need all the automation you can get.
Another management feature to consider is an AP's ability to classify traffic based on VLAN (virtual LAN) or QoS (quality of service) tagging. Not all APs have these features, which is another reason to stay away from non-business-grade access points. IT can apply a VLAN tag to a specific group of users and segregate the wireless traffic for that group, providing better control over which resources they can access and which are off-limits. For example, VLANs can force all Wi-Fi traffic out to the Internet only or to the corporate Web portal, preventing it from accessing internal file servers. Similarly, a QoS tag can ensure that business-critical traffic such as voice over IP gets the bandwidth it needs, while noncritical traffic such as Internet radio doesn't hog the bandwidth. This approach lets admins classify wireless traffic at the access point, so that they can apply bandwidth management at the source. Managing VLAN assignments and QoS tagging from a wireless LAN controller makes overall administration easier and helps eliminate human error during configuration.
In any wireless network, security should be paramount. Permitting unsecured APs on the enterprise can allow casual users access inside the network. Even for controlled guest access, such as a walled garden, it's still a good idea to require all users to secure their connections by using a passphrase at the encryption level, or at least a username and password at the Web portal. Access points support various encryption algorithms, including WEP, WPA, and WPA2-Enterprise. All are better than no encryption. But unless you have a specific reason for using it, avoid WEP, which is relatively easy to break and is no longer viewed as a secure encryption method.
High-end access points can support more than one SSID (the name of the wireless network), allowing admins to match an SSID to a VLAN. This simplifies the task of placing users in a security profile or even in a specific network. Being able to define multiple SSIDs on an access point allows your IT staff to control how your Wi-Fi network is displayed to the public. For example, one AP can handle secure corporate traffic, while at the same time presenting a public-access SSID that allows only Internet access. By matching SSIDs to VLANs and network access, admins can maintain control over Wi-Fi traffic and users.
That kind of control is the key to a successful Wi-Fi deployment: a secure, high-performing environment, where you can regulate access and usage, while keeping users productive and happy.