In the third part of this series, we discussed WLAN architecture considerations for a mobile workforce. In this fourth part, we explore critical questions to ask wireless
LAN vendors when assessing WLAN solutions.
After developing a mobility and application plan, IT professionals should address the following list of critical questions with WLAN vendors when evaluating WLAN.
What capabilities does the vendor offer in its WLAN solutions? Today's WLAN offerings fall into two basic types -- controller-based and controller-less (fat access points). Controller-based solutions require a controller node to manage a group of access points (APs). At some point, adding more APs means adding more controllers. The more intelligence a vendor can push to the AP, the more APs each controller can support.
Controller-less solutions are just that -- without controllers, because all the software and hardware required to create the WLAN has been put into the AP. This type of architecture is ideal, which is why all WLAN vendors are moving toward it (some are already there and others are slightly behind). Having all of the intelligence in the AP scales well, as opposed to needing new controllers as the AP set grows. Employees can be given fat APs to take home and still have central policy applied to them over a secure VPN connection, which is ideal for telecommuting.
- Who are the vendor's key partners? Most vendors augment their product lines through partnerships, e.g., with cloud providers for hosting and integrating Software as a Service (SaaS) management functionality. Certified partners and value-added resellers (VARs) can reduce implementation headaches, increase delivery speed and generally provide superior support.
What are the delivery models? The actual APs and/or controllers is hardware that needs to be on-premises, but this doesn't mean WLAN vendors aren't offloading equipment from enterprises whenever possible. Specifically, WLAN vendors, whenever possible, are working to do away with expensive, function-specific appliances for much more flexible virtual appliance or cloud solutions.
More from Philip Clarke
Read the rest of his tips on evaluating enterprise WLAN considerations
Some functions, like deep packet inspection (DPI), still generally require a dedicated appliance. Virtual appliances allow enterprises to add capabilities like firewalls and VPNs in a modular fashion without the expense or lock-in of dedicated appliances. Some vendors are putting these functions in the cloud, as SaaS offerings, further reducing cost and complexity on-site. In some cases, enterprises can purchase solutions that are hosted in the WLAN vendor's or a cloud partner's data center.
What standards does the provider support? Vendors accomplish the increasingly complex task of building WLAN solutions through a wide variety of standards, pseudo-standards and fully proprietary technology. At the bare minimum, IT professionals should ensure their WLAN solution uses a fully ratified 802.11x standard. Vendors have notoriously released solutions based on pre-ratification versions of standards, and certain -- though often minor -- capabilities became accidently vendor-specific.
Other capabilities enterprises should look for include an excellent authentication, access and identity framework (802.1X is ideal), tunneling/VPN technology (most vendors support SSL/TLS, SSH and IPSec) and easy integration with existing back-end directory systems via LDAP. Steering clear of proprietary solutions helps prevent vendor lock-in.
- What options are available to manage the solution? Centralized, easy management of the WLAN is important to the IT department's ability to successfully provide secure, robust services. Proactive features such as configuration management and regular performance testing reduce IT's overall workload while helping deliver higher performance, reliability and security. Management can be done on-premises or through SaaS. A cloud solution can simplify multisite management and make it easier to administer the network even when off-site.
- What capabilities are there to support mobile policies? Again, WLANs and mobile devices are intertwined. WLANs define the capabilities of mobile devices in the enterprise, and mobile devices are the primary reason WLANs need to be revamped today. Many WLAN vendors offer NAC controls and captive portals designed for BYOD and guest devices; this is of particular importance if you expect a large number of devices to touch the enterprise WLAN. You want to enable mobile devices to support the mobile workforce while ensuring that the devices are used in compliance with company policies.
- What security controls does the vendors offer? The security controls of the WLAN are highly important since the WLAN is the point of entry for most devices. The basic functionalities that WLAN solutions should include are encryption, rogue detection, etc. Again, the more proactive and/or automated the solution, the better. You don't want to be operating reactively to a major breach of your WLAN.
- How does the WLAN integrate into existing and forthcoming applications? Given the large number of apps -- particularly mobile apps -- that enterprises are deploying today, WLAN solutions need to properly support app access, management and optimization. Companies with a large number of remote-accessed/virtual desktop infrastructure (VDI) apps, for example, need to use QoS and possibly optimization tools because VDI is very latency and throughput sensitive. Additionally, find out if the vendor has tools that support band-steering, flow control and even adaptive antenna techniques specific to the requirements of apps.
- What can you do to help me build a business case? While the business case for WLAN isn't necessarily backed by hard metrics, WLAN deployment and plans to increase capacity are highly correlated with mobility success. More quantifiably, comparing the expense of a traditional capital-intensive controller-based system to a controller-less, Opex-based solution can be compelling to budget committees. This is especially true given flat overall IT budgets and unsure macro-economic conditions. Building a mobile and app strategy first can help provide a solid basis for creating a comprehensive WLAN plan. You'll find WLAN vendors will be much more amenable to spending time developing business cases and scenarios with you if you are well-prepared, regardless of the size of your company.
- How does the vendor support external WLANs? In most solutions, the particulars of one WLAN are likely ignored on the other side of the wide area network (WAN) firewall. To ensure that the optimizations, QoS and routing commands are passed into the WAN, most companies have to buy WAN QoS through their MPLS provider. Alternatively, WLAN vendors offer products that include protocols similar to generic routing encapsulation (GRE) to tunnel traffic through and maintain QoS across different networks. It is a good idea to ensure that WLAN vendors are using QoS, and everything else in their power to ensure that your QoS rules are maintained, but intermediate networks generally make their own rules.
About the author:
Philip Clarke is a research analyst at The Nemertes Research Group Inc., where he is a co-leader of the wireless and mobility research track, advises clients on wireless topics, writes key trends and thought leadership reports, conducts statistical analysis and develops research reports.
Read the fifth part of this series where we discuss how to evaluate wireless LAN requirements in order to deploy a WLAN solution in your enterprise.
This was first published in January 2013