Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

On-premises vs. cloud-managed WLAN: Which is right for you?

Networking expert Andrew Froehlich lays out the differences between on-premises and cloud-managed wireless LAN.

For any IT enterprise looking to upgrade its legacy wireless local area network, one of the main questions that crops up is whether to implement a WLAN managed by on-premises controllers or one whose controllers are located in the cloud. Depending on your company's structure, current network design and wireless requirements, one architecture will likely trump the other.

Let's first look at the evolution of WLAN networks and point out some key differences between an on-premises WLAN and a cloud-managed WLAN.

The evolution of WLAN design

When enterprise WLANs were originally deployed, each wireless access point was configured and managed independently from other APs on the same network. At the time, this wasn't a problem because most companies designated specific areas where wireless hotspots were used. These areas were typically places such as conference rooms, lobbies and outdoor patios -- any location with many users and few wired ports.

One challenge with on-premises controllers is that you are limited to your organization's existing hardware.

As the demand for wireless access grew within the enterprise, so did the infrastructure required to supply it. Suddenly, network administrators had to manage hundreds -- or even thousands -- of APs in an attempt to blanket entire buildings and campuses with a wireless signal. Even more problematic, the APs had no ability to communicate with each another, so technical issues like co-channel interference, power adjustments and client roaming rendered many networks unstable and unpredictable.

To solve these technical issues, WLAN vendors created wireless LAN controllers to force data and management control-plane data back to a single location. The controller's job is to be a single choke point for AP configuration, communication and, in most cases, policy enforcement. The APs themselves lose their individual intelligence, and the controller becomes the brain for the entire WLAN.

This design has a couple of major advantages. First, the wireless controller oversees all the APs throughout the network and has a complete view of the WLAN as a result. IT staff can use the controller to make intelligent radio adjustments as needed. This allows WLAN administrators to modify wireless channels when interference occurs, change wireless signal strength when APs go offline/online, and switch clients from one AP to another. The second major benefit is that both control-plane and data-plane traffic is tunneled back to the wireless controller before it is placed onto the local data LAN. This can be both a positive and a negative from a data-plane perspective. It's a positive in the sense that wireless policies for specific SSIDs are enforced at only one location, making policy management incredibly easy. The design, however, can create bottlenecks and single points of failure if not planned properly.

With a cloud-managed WLAN, APs connect to a virtual controller, typically located in a public cloud on the Internet. Control-plane information, AP management and other WLAN services are performed between the cloud controller and the local APs across an Internet connection. The primary architectural difference between an on-premises controller and a cloud-based controller regards the flow of data-plane traffic. In an on-premises design, both control- and data-plane communication is tunneled back to the controller in a process called wireless backhaul. By contrast, in a cloud-controller design, data-plane information is offloaded as soon as it hits the LAN. This means that any policy enforcement is performed on the AP itself, which makes cloud-controlled APs semi-intelligent, as they must locally possess and enforce policy rules.

Now, both on-premises and cloud-managed WLANs are enterprise-ready in terms of management, automated intelligence and reliability. Determining which implementation will give your organization the best return depends on a number of factors. Let's look at the benefits and best use cases of both cloud-managed and on-premises WLANs.

Benefits of on-premises WLANs

LAN architecture: The first thing to examine is the current state of your LAN. Users who already have an on-premises wireless controller may simply be looking to upgrade. From a Layer 2 and Layer 3 perspective, changing to a cloud-based system would require reconfiguring the network to permit the cloud-controlled network to offload wireless data directly to the LAN as opposed to having it tunneled back to the on-premises controller. Depending on the size of the network, this would take a considerable amount of time to accomplish. So, for many, simply upgrading to a next-generation on-premises controller that tunnels both control- and data-plane information back to the local controller is the easiest option.

Internet connectivity: Cloud-controlled WLANs rely heavily on the Internet in order to function properly, which can be an obstacle if your Internet connectivity is spotty. In addition to communicating wireless control data to and from local APs, the cloud controller also often performs other wireless services like Dynamic Host Configuration Protocol provisioning and authentication. If your Internet connectivity is unreliable or suffers from latency and throughput problems, it's best to stick with an on-premises approach that controls all of these functions locally.

WLAN complexity: In most situations, on-premises controllers offer far more flexibility when it comes to the actual design and deployment of the WLAN. This includes more advanced support for legacy Wi-Fi devices and applications, and more granular control over specific wireless settings. For enterprises that leverage thousands of APs in large campuses, multiple on-premises controllers can work together to provide robust WLAN access and failover for clients. In these types of complex WLAN scenarios, on-premises controllers offer far greater benefits than cloud-controllers.

Benefits of cloud-managed WLANs

Ease of remote management: If your organization is geographically dispersed with hundreds or even thousands of branch sites, a cloud-based WLAN might be ideal for you. With a cloud approach, you have a single point of management, regardless of where IT staff is physically located. This eliminates the need to deploy controllers at each site, and network administrators no longer need to worry about remote access into each site, as everything is controlled in a public cloud. Many network vendors also offer other network devices, including cloud-managed switches, routers and firewalls. So, if your organization is geographically scattered, you may not only want to evaluate cloud-based WLANs but put all network management into the cloud as well.

A benefit of cloud-managed WLAN hardware is the fact that most vendors offer zero-touch deployments. This means you can preconfigure your wireless network before it is even shipped from the manufacturer to the remote site. The AP need only be connected to the network, powered on and it will set itself up automatically using the preconfigured settings based on the serial number and MAC address. This means field technicians no longer have to travel to various branch offices to set up their wireless networks.

No controller hardware limitations: One challenge with on-premises controllers is that you are limited to your organization's existing hardware. Smaller on-premises controllers can manage up to 25 APs, while others can handle thousands. But either way, the amount of hardware that controllers can handle is limited. New hardware would have to be purchased for rapidly expanding infrastructures, whereas cloud WLAN theoretically has no limits. In the cloud, your WLAN can contain anywhere from a handful to thousands of APs without being restricted by hardware limitations.

Along those same lines, as new features come out, older controllers must be manually upgraded to handle advanced capabilities, which can take a lot of time and manpower to accomplish. With a cloud controller, updates are performed by the provider in the cloud.


There is no "right" solution when it comes to the on-premises versus cloud-managed WLAN debate. Each approach has positives and negatives. Before buying, evaluate the current and near future state of your network, then gauge which factors listed above are critical to the success of your organization. In all likelihood, a clear winner between on-premises and cloud WLANs should emerge, and you can then focus on which specific vendor portfolio is right for you.

Next Steps

Learn about the myths and facts of cloud-managed WLANs

Learn how to install a WLAN for the enterprise

Combining wired and wireless network management in a controller-centric architecture

Best practices emerge for WLAN security

This was last published in August 2015



Find more PRO+ content and other member only offers, here.

Buyer's Guide

Wireless LAN technology: A buyer's guide

Join the conversation


Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

Does your organization think locally managed WLANs offer more control than cloud-based WLANs?
Good article. Couple of comments:-
LAN Architecture:- Lot of solutions that are cloud managed, support standard layer-2 tunneling mechanism from the AP (L2oGRE, L2TPv3) etc. With this, the AP can tunnel all the traffic to a head-end, without needing to expose all the VLANs in the wired network. The tunnel terminator can be standard router instead of requiring the vendor's controller to support the proprietary tunneling methods.

Internet connectivity: Some cloud managed solutions push most of the services to the edge - pretty much the entire control plane is distributed to the AP. I have not personally seen a deployment where the DHCP is run from the cloud. Almost always, the DHCP is from the local wired network. The authentication is also never performed by the cloud. Its usually the APs that directly talk to the RADIUS servers. What will be unavailable during connectivity loss, is management of the APs and possibly any guest service if the captive portal is hosted in the cloud. Most vendors have highly redundant and available cloud architecture - the probability of the cloud itself being down is very low. For practical purposes, the only reason why an AP would not be able to communicate to the cloud would be because of WAN connectivity loss. But if the WAN is down, there is anyway no point in providing guest service? If the WAN is down, distributed deployments with controllers at the NOC providing centralized management also suffers from the same problem as the cloud.

WLAN complexity:
Again this goes back to my earlier point of pushing all the control plane functions to the edge. I agree, currently the controller based architecture might be one step ahead in terms of being able to provide granular tweaks on RF related settings, but it's not something that cannot be solved by cloud managed APs. However, most vendors that have APs managed on the cloud provide as much sophisticated RF tweaks as the controller architecture.