Guide to WLAN Management

Best practices for managing WLANs: The more you know, the more control you can have

By John Cox

A recent survey of IT managers confirmed that the more you know about your WLAN, the more you can do with it and the better you can make it.

The survey, by Aberdeen Group, compares practices and results of companies represented by 315 IT respondents. "Best-in-class" companies reported consistently higher results in performance measures compared with "industry average" companies and "laggards" in the study.

Detailed, systematic WLAN management practices were a key factor in the higher performance scores.

For example, the top performers were far more likely to have and enforce policies for centralized WLAN management, and twice as likely to assign trained IT professionals to specifically manage the wireless network. Of the best-in-class companies, 88% had policies for centralized WLAN management, compared with 58% of the average companies and 52% of the laggards. Having IT staff that know WLAN technology was the standard practice of 53% of the top scorers, but that was the case for just 30% of the average scorers and only 17% of the low scorers.

Nearly all of the best-in-class performers had manual procedures for radio-frequency site surveys, compared with 65% of middle scorers and 58% of low scorers. In addition, 44% of the top performers monitor the overall wireless network at least monthly, compared with 33% of the average performers and 25% of the lowest performers.

* Wireless nets are a specialized discipline; so is managing them. Plan on getting your networking staff trained in both, using vendor offerings, third-party services and industry/conference opportunities.

* Create a plan for managing the wireless net as a whole, over time, recognizing that the net will grow (in number of access points, users and traffic), will have to be maintained, will have to be secured against evolving threats, and may well become the primary client access to the corporate net.

* Focus your WLAN design and deployment on users. Start with a user survey that clarifies where users are, what kinds of data and how much data they need to send and receive, and what applications need to be supported. How might those requirements change over the foreseeable future?

* Frequent, live monitoring of the radio spectrum is essential to securing and optimizing the WLAN, either by means of embedded monitoring tools from your infrastructure WLAN vendor or from third parties. Evaluate the tools, train on the one(s) you choose, and use them often.

* Map the exact physical location of every access point and WLAN bridging device, and have duplicate maps available. Managing is easier when you can find the devices that need managing.

* If your WLAN makes use of RADIUS or other external authentication systems, make sure these are backed up along with their databases and links to directory services.

* Be systematic, thorough and clear in documenting for WLAN management.

* If you're thinking of running VoIP over wireless, you face a new set of management challenges, and a higher level of urgency when problems arise, if you want to ensure high-quality, reliable voice calls.

Buying tips: It's all about future-proofing your net

By John Cox

We polled a group of users, analysts, and Network World Clear Choice testers Tom Henderson and Joel Snyder for tips on what WLAN management gear to buy and how to buy it.

Some of the tips are applicable to most IT purchases. For example, when dealing with small or young specialty vendors, verify to the degree possible their financial health. This is tough with privately held companies, but you can look at "vital signs": what existing customers say about technical support quality, whether planned updates arrive on time or arrive at all, whether their customer contact reps have been stable over time or whether there's been churn.

Another is to compare the management functions and features of each vendor in-house, as far as you can. It's like comparative test drives for your next car. A checklist only takes you so far.

Some are obvious but still important: Make sure the management software will support your specific WLAN equipment, your net topology, and its planned or expected growth and changes. The clearer you are about your specific network requirements and service-level agreements, the clearer are a vendor's product and service strengths and weaknesses.

The shift to the high-throughput 802.11n standard is coming in 2008 and 2009. Find out what the vendors plan for specific, new net management features and changes to support it.

Effective WLAN management needs to connect to existing back-end net infrastructure components, such as directories, authentication, security and performance monitoring, Henderson says. Find out how and to what degree the management software makes these connections.

Bear in mind that wireless LAN management has distinct, separate components, Snyder says. Some vendors attempt to offer all. Others offer some, and sometimes partner with other vendors for the missing pieces. Evaluate each component and how well, or whether, the components work with each other.

One component is radio frequency management, which is based on hard data about such things as signal strength, noise, errors and interference throughout your entire net, says Snyder. Some vendors can dedicate one radio on a multiradio access point to this monitoring; others have dedicated "sensors"; still others switch their regular access point from traffic to monitoring modes and back. Does the software handle alerts and reports on this data, and how well does it handle them?

Related to this data is WLAN capacity management, says Snyder: Does the management system give you an accurate, consistent, up-to-date view of the level of WLAN activity in each area, and how this changes during the course of a day or week? Tools for capacity planning show you where you need to make changes in the number of access points or in coverage to optimize performance for wireless services.

How does the vendor support wireless security management? This category is a grab bag of features, says Snyder, varying widely from vendor to vendor. It can include intrusion detection/prevention features, as well as firewalls, features analogous to wired network access control and WLAN access for guests or visitors.

When evaluating device-configuration management, Snyder suggests, consider the entire life cycle of the net devices: What does it take to add access points or radios, to keep them up and running, and to retire or replace them as needed.

Snyder terms mobility management as the fifth component of managing a WLAN – how a user and his session, permissions and authentications can move through the net. With the advent of wireless VoIP, and an emerging trend to hand off VoIP calls between WLANs and cellular nets, you may need new, expanded or more robust mobility features from vendors.

Top trends in wireless management encompass 802.11n, VoIP, converged mgmt

By John Cox

As enterprise WLANs change from being merely convenient to being mission critical, there's a growing demand from network managers for more data, more control, more help in managing them.

A 2007 Aberdeen Group survey of enterprise WLAN deployments found that "best-in-class" enterprises – those reporting the highest performance and productivity gains attributable to wireless networking – consistently knew more about their WLAN, had greater control over it and enforced corporate policies on it.

Of the top performers, 88% had policies for centralized WLAN management, and 57% had IT professionals specifically trained in WLAN technology. Nearly all the best-in-class companies had manual procedures in place for ongoing radio frequency (RF) site surveys. And 44% monitored the wireless net at least monthly.

For these companies, the WLAN is no longer seen as a convenient add-on to the enterprise net but as the primary means of client access.

One developing trend is the integration of wired and wireless corporate nets, creating a single, managed infrastructure. Cisco, for example, has been talking about this for at least two years. And last year, switch vendors began some introductions of "unified" LAN switches that use new silicon and software to handle both wired and wireless clients.

But this trend is developing slowly. Much of the initial focus is on integrating higher-level management functions for such areas as security and performance evaluation. One issue to consider if you have a mixed-vendor WLAN is weighing the management capabilities offered by WLAN vendors against those offered by third-party software vendors specializing in management.

More pressing are the concerns raised by the introduction of high-throughput WLANs based on the draft IEEE 802.11n standard, which promises WLAN data rates of 300Mbps, compared with 54Mbps for 802.11g and 11a nets today. But 11n introduces new technologies and new behaviors on the 11n WLAN. At least in some cases, updated net management software is lagging the new 11n access points and updated controllers. Vendors should be racing to ensure their 11n management software and features are as complete as possible, as soon as possible, to ease this transition for enterprise customers.

The prospect of running VoIP traffic over enterprise WLANs introduces a new set of issues, because this kind of traffic is especially vulnerable to latency, which is the one-way delay between a sender and receiver on a network, and jitter, which is the amount of variation in the arrival times of VoIP packets. More vendors are introducing features to monitor and manage voice traffic.

A related development is the growing number of enterprise-based systems designed to seamlessly bridge voice calls between cellular nets and WLANs. Start-ups like DiVitas and established companies like Siemens are all getting into the act. Typically, these involve a network appliance with software and close integration with an IP PBX. But so far, there seems to be little integration of these systems with the WLAN management infrastructure.

Still in development are IEEE standards that will increase management of WLAN clients. The 802.11k standard for radio resource management specifies a radio measurement data interface, allowing the WLAN infrastructure to collect statistics on the 802.11 physical layer and media access control layer for all radios, including clients.

The 802.11v standard defines a set of common control commands and protocol messages that among other things will let the infrastructure reach out to control key parameters on client radios. The standard also provides a means to control SNMP management information bases on WLAN clients.

Some vendors are implementing early versions of these or have comparable functions.

Controlling the complexity that WLANs add to network management

By John Cox

Managing an IEEE 802.11 wireless LAN adds complexity to the network management challenges facing administrators.

Wireless LANs use a radio signal instead of a cable to link clients to the network infrastructure of access points and controllers, and that means anyone with an 802.11 wireless adapter can connect to your network. Second, the clients are no longer anchored by a cable to the net: They can and do move anywhere, crossing access points and subnets.

So, wireless LAN management, like wireless LAN security, calls for a more comprehensive and more detailed approach than conventional LAN management. You need tools to monitor and administer the physical devices that form the infrastructure – access points and controllers – but also the wireless clients, which can connect to anywhere in that infrastructure, and the radio spectrum (to the degree that that's possible).

But the basic issue is the same as with wired nets: The more information you have about the WLAN, the better you can ensure availability and connectivity, optimize performance, and support a growing portfolio of services such as voice, video and location.

All WLAN vendors have a management application for their access points and controllers. The capabilities, features, GUIs and overall design of these applications vary widely. Evaluating the specifics of WLAN management products should be a high priority for any WLAN deployment or expansion. Some analysts say that management features will be one of the main differentiators, if not the primary one, between WLAN vendors.

A comprehensive network management application has two main elements. But these might be subdivided into several different applications, some developed by the WLAN vendor, some from third-party software vendors, or licensed from them and integrated by the WLAN vendor.

First, WLAN management should let you centrally configure, monitor and administer the physical devices, as in a wired net. The goal is to centralize and automate chunks of the management challenge, making the WLAN more resilient, reducing the burden of manual intervention, and optimizing the service levels for end-user and application performance.

Many management products have been focused on real-time snapshots of the network, but this kind of data is especially valuable if stored in a data warehouse, where it can be eventually correlated with relevant data from back-end servers for authentication, IP management or services such as VoIP.

Second, WLAN management should collect and analyze real-time data about the radio environment of access points and clients. At a minimum, this means data about:

* Interference from radios in the relevant signal bands, ambient radio noise and rogue wireless devices, all for managing the radio frequencies.

* Channel utilization, number of clients per access point, a full array of 802.11 statistics such as packet errors and drops, quality of service statistics on factors such as jitter and delay to evaluate streaming traffic like voice.

* The users' experience in terms of coverage, signal strength, signal-to-noise ratio, throughput and so on.

This data is essential for maintaining and optimizing the wireless network connection, for locating legitimate clients as well as interferers or threats, for mapping radio coverage patterns, and for alerting administrators to a wide range of real or potential problems, including channel conflicts and dropped connections.

Subscribe to the Best of PCWorld Newsletter