This blog is the third in a four-part series that will walk you through the “whats” and “hows” of making successful Wi-Fi network deployment decisions.
By Rich Watson
The combination of the iEverything explosion with the speed and reliability of 802.11ac has 
created a compelling case for Wi-Fi as the primary access layer. Unfortunately for the WLAN buyer, there is no longer a single architectural model from which to choose, and legacy vendors may obscure underlying issues as they seek to retain their revenue base.
In order to make the right decision for your network, you should consider the following areas to ensure that the WLAN you choose will satisfy immediate requirements while enabling you to be prepared for the future:
(1) Management and Deployment of BYOD and Company-owned Consumer Devices
Your WLAN must be able to enforce corporate policy based on user identity and fingerprint of their device
Business case: Although consumer-level devices used to be thought of as exactly that – consumer level – public and private cloud computing as well as technologies like desktop virtualization have enabled these devices to become productivity tools for corporate operations.
Onboarding these to the network needs to be as straightforward as a login from any corporate laptop, and policy enforcement needs to be automatic so as to ease any operational headaches or unnecessary support calls to the help desk.
Additionally, if a guest device or a device of a non-employee is allowed on the network, it is important that their communication be secured. Examples include students in a school that require privacy, or a contractor in an enterprise that, while not an employee, still deals with sensitive, company confidential information.
Requirement: The optimal WLAN will have the inherent capability to tie to corporate LDAP services and automatically fingerprint the device coming on the network. Security and quality of service (QoS) policies should be established based on the users’ context (identity, device type, location, and application) and not solely on the type of connection (wired, wireless, SSID, etc.).
Further, dynamic, configurable pre-shared keys that are unique to each guest and can be configured to expire should protect guest connections. These features together will provide context-aware policy enforcement and safely onboard devices to the network. Determine the services required for your BYOD environment, as you may want to extend guest management capabilities even further.
(2) Deployment, Installation, and Maintenance: Your WLAN should have a single consistent architecture that scales in both capital and operational costs
Business case: As discussed in a previous installment, different WLAN approaches have different implications on how data forwarding and control traffic are handled. The impact of how the architecture is implemented can very quickly increase the cost of deployment and maintenance.
Some vendors offer as many as three different architectures – large controller, virtual controller, and small APs – that simply bridge traffic blindly. The problem is that the cost of implementation and maintenance varies based on the size and geographic location of each site. Which do I use where? Controller? Virtual Controller? How large a controller to buy?
If each site has a different architecture, what will licenses cost at each site? When the IT admins troubleshoot a problem at a site, all the same questions must be asked every time, because each architecture will require a different methodology for problem isolation and resolution based on the network deployed.
Requirements: The optimal WLAN will use a single network architecture regardless of size and still provide reasonable costs. Whether the deployment features a single AP at a small site, 10 APs at a medium site, or 1000 APs at a large site, the basic underlying architecture should be the same. This allows the advantages and ROI of repeatability of network deployment and maintenance.
(3) Cost: Your WLAN must feature predictable capital expenditure
Business case: When considering capital expenditures, it is tempting to look at only the cost of the access points, but this is not the whole story. If a central controller is part of your considerations, examine what it will cost to enable your current deployment. Then consider how the same equipment will fare if you double your user count, increase your traffic load or move to more space. Is a larger controller required? If so, is it still cost effective?
Also consider the number of sites your organization has. If considering a controller-based WLAN, does each site need a controller? If so, what size and what if that site grows or moves? What about redundancy? Don’t forget to double your controller count.
Another consideration is that of feature licenses. Often the base hardware solution does not actually enable the firewall, security, QoS or policy features that you actually need.
Requirements: Ask for a full list of equipment and licenses required to handle your Wi-Fi networking needs today. Then double the deployment and see what hardware and licenses would need to be added. If there is a controller and there is a point at which the controller you are looking at will need to be amended, find out what that point is.
4) Security: Your WLAN must feature enterprise class security
Business case: The iEverything explosion has enabled incredible business productivity, but it has also created a myriad of new openings for network security threats. In order to be truly enterprise-class, your WLAN must have comparable security to that found in your wired network. Advanced security is considered a feature by some vendors and licensing for it comes at a cost; you must ensure that these features are included in your initial estimate, along with any costs for upgrades and expansion.
Requirements: The ideal solution must enforce advanced security features, and these features must be included in the initial cost overview.
- Wireless Privacy and Key Management – using keys to encrypt and secure traffic transmitted across the air.
- Authentication – identifying users as they come on the network. This means authenticating employees as well as guests and contractors. Also determining whether RADIUS, Active Directory or LDAP is used for authentication. Your WLAN solution must ensure consistent security at all times.
- Identity Based Access Control – using the identity of a client to provide access to the correct VLAN, and allow or deny access to specific applications or resources.
- Device Physical Security and Data Storage – ensuring the networking platform itself is securely implemented so that it cannot be compromised – even if stolen.
- Application Visibility and Control – having complete layer 7 awareness at the edge of the network ensures that mobile devices utilize productive applications only.
Business case: No one knows where the next network threat could come from, or when it will hit. Your WLAN must therefore have security enabled at all times, and for all traffic types, security must remain consistent and in place even if the WAN is down. It should not be sacrificed for the appearance of a lower cost.
Requirements: Ensure that any solution under consideration provides consistent security at all times. If the vendor is pitching distributed or local forwarding, make sure that you understand what security features, if any, are omitted when traffic bypasses the controller. If a branch or cloud-based controller solution is dependent upon the WAN for security applications, be sure to fully consider what features will fail if the WAN does.
(5) Scalability
Business case: When WLANs were considered a convenience network, scalability was not a large factor in choosing the right equipment. As Wi-Fi moves into the primary access method, however, the WLAN must scale. Consideration of scalability applies both to increasing the coverage of a deployment and increasing the load on that deployment. 
You should also look at what is necessary to deploy remote or branch locations. If this requires the deployment of a new controller, or makes the branch subject to variability in the WAN connection, it may not be the best solution for you. It is also important to consider feature licenses as part of the cost and complexity; as a solution scales it could complicate operations significantly
Requirements: The WLAN should scale predictably, including hardware and software. New deployments should offer consistent features. You should also examine what is required to scale a deployment up in terms of operating expenses.
In my next blog, I'll discuss how to use the RFP Process to choose your WLAN.
~~~~
All blogs in this series:
Wireless LAN Buyer's Guide Part 1: Things to consider
Wireless LAN Buyer's Guide Part 2: Which architecture is best?
~~~~
Richard Watson has worked as a senior product marketing manager and product manager with 18+ years’ experience in the Wi-Fi market. He has worked for major networking and wireless companies including Meru, 3Com, Motorola, and Symbol Technologies where he contributed to development and release of numerous wireless solutions. He authored a book on FMC, has contributed to trade journals writing on leading edge topics on wireless VoIP and participated on panels at industry shows.