Monitoring Wireless Capacity

In my last post, I talked about wireless network challenges, what to look for and how to plan properly for a deployment. I talked about planning for capacity to ensure you don’t go over a certain number of users per AP.

So, the next challenge becomes, how do I ensure that as I grow I don’t begin to exceed the optimal number of users per AP.

This is where advanced network monitoring can help mitigate issues before they become a problem. In the past a network monitor would poll or ping an access point to ensure it is available on the network. Although this is helpful it does nothing to monitor capacity.

Capacity planning is critical to any network management system. Bandwidth, CPU and Memory needs to be monitored on all your network devices. Each configured with a baseline that will alert you when that baseline is exceeded.

Recently we added some new capabilities to our Network Management System to cover Wireless Capacity Monitoring. Our monitors allow me to set the number of associated users threshold to the number of my choosing, either per AP, per Controller or any combination thereof. If the threshold is reached I can either send an email, log, open a ticket in our system, run a WEB service to another system, run a SPROC or do any combination of the above.

For our customers this will ensure a positive wireless experience. For us, it will help cut down on calls to our NOC regarding wireless performance issues, because we will be dealing with them before they become an issue.

This kind of monitoring is critical in less static environments like boardrooms, public areas with guest access and retail environments. In static environments where you know the number of users it may be less critical, but as users may move around, change their daily patterns, or over time you hire more staff, these changes can overload one AP, affecting the user experience and possibly productivity.

Setting all of this monitoring up may be time consuming in the short term, but can save you hours and hours of troubleshooting in the future.

Wireless Networking Challenges

Not too many people are plugging their laptop into an ethernet cable anymore. In fact, just about everyone in our office relies on wireless for their connectivity. In the past, wireless was too slow and somewhat unreliable, but it has come a long way and the convenience of not having to plug in far outweighs the performance impact if any.

Coverage is obviously one of the key elements for a good wireless deployment. It needs to work in your office, in the boardroom, in the lunch room and maybe even at the picnic table just outside your building. Ideally it should work anywhere your phone, tablet or laptop goes.

What gets missed quite often is planning for capacity. Coverage ensures there is a signal, but each access point can only service so many clients before it becomes slow, unresponsive and ultimately useless. It is also important to understand the applications that will be used over the wireless to get an idea of how many users per AP is ideal.

Some vendors make a recommendation of 20-25 users per AP. This is probably a good number if they are web browsing and checking email, anything more and I would suggest you will run into problems. In some cases, where large files are being saved to servers on a regular basis it is advisable to stick with ethernet. Overall however, I would suggest that you don’t want anymore than between 10-16 users per AP.

Interfering APs may also have an impact on your deployment. In some cases I have seen an AP detect up to 59 neighboring APs. This can cause havoc with your deployment. Site surveys prior to your deployment can certainly help mitigate this, but remember that a site survey is done at a point in time. If there is a new office building going up next door, you can expect more interference in the near future. Site surveys are good for determining the most effective placement of your APs and some tools will help you plan based on capacity as well.

When APs were standalone the deployments were much more complex than they are today with Controller based APs. The controller centralizes the configurations and pushes them out the the APs. Since the controller has a holistic view of the entire network, it can instruct the APs to make channel adjustments without affecting its neighboring APs. One of my favorite features in a Controller based deployment is the ability to detect rogue on-wire APs and even block any clients from joining them. A rogue on-wire access point is a AP that has been installed on the LAN via ethernet, but is not part of the controller based system. When configured, the controller will sent out disconnect messages to any clients that attempt to join the rogue AP.

My only complaint with a controller based deployment is that the cost is much higher than a standalone deployment. The Controller based AP is the same cost as a Standalone AP, but the controller hardware and licensing is extra.

The list of environmental challenges that can affect your wireless deployment is endless. Elevators, Microwaves, Cordless Phones, Water, Steel, Concrete, Small Rocks, you name it. They can all have an effect.

And of course security. One of the most important aspects of a good wireless deployment is ensuring only you and your staff can use it. A good deployment will have LDAP or RADIUS integration. If security is top priority then you should consider coupling the LDAP or RADIUS with a second factor, using key fobs or software that provides OTP (one time passwords).

The same AP’s that access your corporate network can also provide guest access. When providing guest access you can make it difficult so that only people you authorize can use it, or you can make it simple and provide a splash page where guest users are asked to provide an email address or simply agree to the terms of usage.



Meraki and Cloud Management

The cloud is taking over IT…. What are we all going to do when everything is cloud managed? Will we all be out of a job?  It is true the the Cloud is becoming a big thing, but like all changes in technology the devices and applications in the cloud still need to be managed and maintained by someone.

Meraki have taken the Cloud  a step further by providing a Cloud Managed Network. This is a great concept and can really simplify the deployment process. The Piece that is missing from this concept is that the Cloud doesn’t actually manage the network. The skilled technical folks that have that ability to isolate a problem and solve it are still required, regardless of the platform for Management. Meraki have made it easier and certainly the less technical would find some benefits in the Meraki approach, but like so many technologies they are sometimes too complex to simplify, or the process of simplifying the technology leaves it missing some key elements.

Cisco’s purchase of Meraki  shows that Cisco really believe in the Cloud, but I am curios how they plan to integrate, if at all. Cisco’s attempt at moving down market with Linksys was a mistake, as I think most Cisco savvy folks would balk at any Linksys Product.

In looking at Meraki’s  products, it would appear that they are well ahead of any Linksys product and slightly behind Cisco Traditional IOS products from a feature standpoint  but obviously well ahead of any Cisco product from a Network Management standpoint, an area that I think Cisco have always struggled with. It will be interesting to see if Cisco try and merge their IOS into Meraki’s cloud Management.

Either way, this has next to no effect on the business of Network Management, as these networks still require Management, regardless of the management platform in which they reside.


Wireless Surveys

Wireless networks these days are very common and for the most part are easy to design and deploy in a small office environment. When we get into bigger deployments site surveys must be done to ensure full coverage of the environment. This is when the design is a little more difficult and the outcome is not always desireable. The difficulty is not in providing a comprehensive site survey, but in convincing the customer that it is required and must be paid for. As always the delicate balance between the cost of the hardware for a project and the cost to deploy the project is skewed by the complexity of the technology.

It is a hard thing to swallow, but the reality is that the cost of planning design and deployment can often be more than the cost of the hardware itself.

Consider the outdoor access-point coverage, required for a shipping yard, lumber yard, car dealership etc. For outdoor deployments there is less interference – that’s a good thing, but the distances are increased and the antenna mounting locations can be difficult to control. To really understand the amount of coverage a wireless survey is required and this survey is pretty much equal in effort to a full deployment.

At a minimum two people are required to perform a site survey. One to position the access point and the other to check the coverage area and perform signal testing. For each coverage area this process must be repeated until the desired coverage is achieved. This can become difficult if you do not have the right equipment to do the job. A wireless survey kit can go a long way to making the job easier. Cisco use to sell survey kits for the old AP350’s but I don’t think they have kits anymore. You can easily build your own – it’ll cost you a few bucks but only once. Here is a quick list of what would go into a kit.

1. Access-Point with External RP-TNC connectors pick the model that has all capabilities built-in – A,B,G and N

2. A couple of different Antenna’s – Omni, Yagi and Wall Mount.

3. Antenna Cables – different lengths so you can mimic a production environment. You can also use an attenuator to mimic the cable loss.

4. Some sort of power source that will last for the entire survey period.

5. Survey Software – Not a requirement but it will make your life a lot easier. You want to check signal level and signal quality, but you also want to run some data just to make sure the integrity of the data is maintained. As more and more companies are running voice over wireless this is a critical step.

 Even after the survey is complete, leave room for change orders – until it is fully deployed you won’t know what gaps may exist.

One Vendor PLEASE…..

As I was responding to a request from a prospect for a Network Audit and Clean Up, I realized that in order to save a few dollars on the front end this customer had put themselves in a position that made everything else they do more expensive. Mixing vendor technologies is nothing new, and for the most part is an accepted practice, but as technology has converged and blurred the “line in the sand” between servers, infrastructure and applications it has become a difficult task to manage and maintain a multi-vendor network.

This is not to say that everything technology related must be from the same vendor, as we all know not one vendor does everything, nor does one vendor have the best solutions in all technologies, but people PLEASE PLEASE do a little more research before going out and buying the cheapest Ethernet Switch you can find.

I bring up Ethernet Switching because of it’s new and more critical role in the network. In he past a switch was just placed in the network and forgotten about, but in the new world, where we have the convergence of Voice, Video and Data along with the new requirements for compliance – i.e. PCI, SOX, HIPA and more, these switches are not just a critical part of the network, they are now controlling access and quality of service for the entire infrastructure. So when someone tells me they want an Network Audit and Clean up and their switching infrastructure consists of a multi-vendor switched network, I go straight to the Clean Up….. Now, I am a fan of Cisco switches and my perspective will be from that view, however if you are anti Cisco that’s your choice. I just ask that you go with a reputable vendor and not one that comes in at a tenth of the cost and “claims” to do all that the Cisco will.

I always got a kick out of new vendors that told me their switch/router/firewall was better than Cisco’s and then proceeded to tell me that they have a utility that makes their command language similar to Cisco’s IOS….. Well, if your product was better, then you shouldn’t have to change anything. The only reason to emulate Cisco’s IOS is because it is the best.

So, even if you network today is simple and you don’t think you need to worry about any of these things, think again. But don’t just ask yourself “will this product do it”, ask yourself “will this product do it when working with this other product”.

This is not just all about interoperability though. Imagine your network is made up of Dell and HP switch’s, a Fortigate Firewall and SMC access-points and your company, whatever it does, is about to land a big contract with a large Hospital or School Board. A requirement to landing that business may be that you network meets or exceeds Privacy legislation. This will require logging all of your infrastructure components to one server. An additional requirement may be that these logs are reviewed and a report generated to ensure compliance. All of those products support logging to a syslog server, but now you have 4 different logging formats and even if you could get the formatting to match, you will have 4 different Vendor Codes for the same message type. Now you need to spend time and resources writing code that will, hopefully, allow you to consolidate those logs. But wait, just when you were about to finish you had to upgrade the Firewall and now the format in that firewall has changed again…… You think I making this stuff up? No, I’ve see it and lived through it.

That is just one example of the many issues I have run into in a multi vendor network. The one other top issue is “finger pointing” and although you will never be able to get away from it totally, having one throat to choke can certainly make your life and mine easier.