Wireless Networking Challenges

Not too many people are plugging their laptop into an ethernet cable anymore. In fact, just about everyone in our office relies on wireless for their connectivity. In the past, wireless was too slow and somewhat unreliable, but it has come a long way and the convenience of not having to plug in far outweighs the performance impact if any.

Coverage is obviously one of the key elements for a good wireless deployment. It needs to work in your office, in the boardroom, in the lunch room and maybe even at the picnic table just outside your building. Ideally it should work anywhere your phone, tablet or laptop goes.

What gets missed quite often is planning for capacity. Coverage ensures there is a signal, but each access point can only service so many clients before it becomes slow, unresponsive and ultimately useless. It is also important to understand the applications that will be used over the wireless to get an idea of how many users per AP is ideal.

Some vendors make a recommendation of 20-25 users per AP. This is probably a good number if they are web browsing and checking email, anything more and I would suggest you will run into problems. In some cases, where large files are being saved to servers on a regular basis it is advisable to stick with ethernet. Overall however, I would suggest that you don’t want anymore than between 10-16 users per AP.

Interfering APs may also have an impact on your deployment. In some cases I have seen an AP detect up to 59 neighboring APs. This can cause havoc with your deployment. Site surveys prior to your deployment can certainly help mitigate this, but remember that a site survey is done at a point in time. If there is a new office building going up next door, you can expect more interference in the near future. Site surveys are good for determining the most effective placement of your APs and some tools will help you plan based on capacity as well.

When APs were standalone the deployments were much more complex than they are today with Controller based APs. The controller centralizes the configurations and pushes them out the the APs. Since the controller has a holistic view of the entire network, it can instruct the APs to make channel adjustments without affecting its neighboring APs. One of my favorite features in a Controller based deployment is the ability to detect rogue on-wire APs and even block any clients from joining them. A rogue on-wire access point is a AP that has been installed on the LAN via ethernet, but is not part of the controller based system. When configured, the controller will sent out disconnect messages to any clients that attempt to join the rogue AP.

My only complaint with a controller based deployment is that the cost is much higher than a standalone deployment. The Controller based AP is the same cost as a Standalone AP, but the controller hardware and licensing is extra.

The list of environmental challenges that can affect your wireless deployment is endless. Elevators, Microwaves, Cordless Phones, Water, Steel, Concrete, Small Rocks, you name it. They can all have an effect.

And of course security. One of the most important aspects of a good wireless deployment is ensuring only you and your staff can use it. A good deployment will have LDAP or RADIUS integration. If security is top priority then you should consider coupling the LDAP or RADIUS with a second factor, using key fobs or software that provides OTP (one time passwords).

The same AP’s that access your corporate network can also provide guest access. When providing guest access you can make it difficult so that only people you authorize can use it, or you can make it simple and provide a splash page where guest users are asked to provide an email address or simply agree to the terms of usage.

 

 

MDM and BYOD

Every once in a while a new set of acronyms come out and promise to change everything. In the early 90’s ATM (Asynchronous Transfer Mode) was going to take over as the protocol for device communications. Articles written at the time talked about how “ATM to the desktop” was inevitable. Well, ATM still exists but not in the way that was predicted by so many.

Two new acronyms – BYOD (Bring Your Own Device) and MDM (Mobile Device Management) are being marketed vigorously, promising huge savings and increased productivity. In health care and education, I see the need for a strong MDM implementation, using shared devices to perform a number of tasks securely, with the knowledge that at any time I can remove access to the device and remove any corporate data that may be on the device.

Are these actually new concepts or:
Is BYOD just be another name for RAS (Remote Access).
Is MDM is analogous to Active Directory Global Policies, or Network Access Control.

Let’s talk a little bit about what is needed from an Infrastructure standpoint to support any Mobile devices within the 4 walls of your corporation..

Start with a secure and robust wireless Network. Create at least two profiles on that network, Corporate and Guest. The Corporate network should be secured with layered authentication, ensuring that both the user and the device is a known entity. Issuing Certificates via Active Directory is a good way to accomplish this. Some organizations may use a third party Access Control method to do this by inspecting the device connecting and ensuring it meets the minimum requirements, or has a specific registry entry. However you choose to do this, you are ensuring that only devices you manage and know about get onto your corporate network. The Guest network can be secured using WPA with just a passphrase/key and additionally secured via a web redirect to an authentication page or a “terms and conditions” page. The Guest network is isolated on a VLAN that only has access to the Internet. This solution in itself is a valid BYOD solution. Promoting the use of personal devices for internet access while at work, and at the same time ensuring these devices do not compromise the security of your corporate network.

The idea of layering MDM on top of this would enable the use of these devices on the corporate network. The security policies of the corporate network do not change. You still need to ensure only the devices you authorize get on, and they still have to be inspected for compliance. This is where MDM comes in. The ability to load a corporate profile complete with Application access, Email access, block app store downloads, even block access to the camera it applicable. The features are endless…. Well not really! There are a lot of features but they vary between platform OS’s. This is sure to change as the market matures, but until it does the market is too fractured and lacks standards that will be needed to provide consistent support across all Mobile Operating systems.

BYOD and MDM individually are good ideas and quite doable. However the two together seem to be at odds. Would you, the proud owner of a new iPad hand it over to your IT department so that they can load some software on it that would allow them to erase your device? Or track your whereabouts? Or lock you out of your games? All so you can use the iPad for your work!

If a device is corporately owned I see and support the vision of MDM. If the device is privately owned I see and support the vision of BYOD. The two do not coexist, at least not today.

How do you know if you need either a BYOD or MDM Solution, maybe you need both? Either way, you have to start with the infrastructure and it cannot be an afterthought. A solid wireless infrastructure is key to the success of any mobile solution. Then you have to sit down and write a policy or two or three. What devices will you allow, who owns them, what level of access will they be granted, do your applications support all devices? Then and only then will you be able to determine what BYOD and MDM solution you need.

Surface!

OK I’ve got to admit, and maybe it’s just a great marketing engine, but the Microsoft Surface has got me sort of excited. I’m not sure what it is about it, possibly the expanded storage, the cover that doubles for a keyboard, USB expansion, light weight, bigger screen. The fact that it comes with Office does nothing for me. Now that I have discovered Google Doc’s I’m not sure I really need office any more.

Although Microsoft really took their time on this it may be a game changer.

http://www.theverge.com/2012/6/18/3094157/new-microsoft-surface-windows-tablet

I haven’t had a chance to play with Windows 8 yet, but I’ve lived through all the Microsoft products and I am still hear to talk about it, so it can’t be any worse than Vista (I hope).

I also have no idea what Microsoft has as far as an APP store. I tried to search for it and got a PAGE NOT FOUND message.

If they are going to be in the the Mobile market they had better get their act together in this respect.

iPhone vs Blackberry for the Business User

I am sure there have been many posts similar to this, but none have taken it from the perspective that I am about to take – MINE. Yes I may be biased towards one, but it will be your job to figure out which. Actually it shouldn’t be too hard as my opinions on the matter are strong and may come out as I type this out… but maybe not…

Let me start by saying the iPhone ROCKS….. Did I give it away too soon? Let me try a more subtle approach. The Blackberry SUCKS… Actually I don’t mean that at all, but I have given it away haven’t I? Being a Canadian I really should be a RIM advocate and being a PC user I really shouldn’t be an iPhone advocate, but my god, what an interface Apple has given us. Also being a Canadian I should be a Nortel fan, but I am not. Simply because I am Canadian does not mean I will support Canadian companies, as much as I’d like to, I cannot, when the products are inferior. Now don’t get all worked up over that, I was not talking about the BlackBerry, I was talking about Nortel.

Certainly the Blackberry’s physical keyboard has some advantages over the softboard of the iPhone and the filtering capabilities of the Backberry’s email are an advantage, but as far as I can tell that is where it all ends. Why else would RIM come out with the Storm???

Ah yes, there is also the battery life, which on the iPhone is not so good, but in this day and age, when do you not have access to power of some sort in a 10 hour period.

Now let’s talk about usability of both products in the business world. Certainly access to email is one of the most important aspects, and the BlackBerry has handled that quite well, but I have found that the “real” browser experience and the wealth of applications available for the iPhone has made my laptop almost obsolete, at least when I am on the road. Personally I have found the email capabilities on the iPhone excellent but that could be in the way that I use email as some of my BlackBerry collogues don’t want all their emails sent to their mobile device and they like to sort emails in ways other than the “most recently sent”. I read emails as they come in and try and respond immediately and if I can’t, mark it as unread and wait until I’m back at my laptop. This works well for me, but it may not be the way everyone else works. Perhaps these are things Apple is working on, I don’t know.

My biggest reason for being on board with the iPhone is that there is no integration software required to get it working with your Exchange server, if you have one. Simply set up Mobile access on exchange, open SSL on your firewall and presto, you have email, contacts and calendar. No BES servers, no licenses, no additional server administration and that’s the real bonus. So where does that leave us? With two products that are both amazing in their own ways, with lots of room for improvement from both RIM and Apple and with some really cool products that competitors are developing that may blow them both away….. I can’t wait for the future.