Designing wireless networks requires technical expertise and attention to myriad details. These complexities boil down to four pillars:
Security services ensure the safety of the infrastructure and that wireless users are protected from each other and eavesdroppers.
Management technology provides wireless network administrators with the ability to dynamically reconfigure the network to meet changing needs.
Ease of deployment is critical in ensuring an efficient, effective rollout of wireless networking that uses automation to minimize hands-on staff time.
Bandwidth requirements continue to grow at a rapid rate. Wireless networks must support the bandwidth requirements of today and tomorrow.
Each of these four pillars is a critical component of wireless network design and should play an important role in network planning.
Securing wireless networks requires attention to four important details: encryption, authentication, segmentation and intrusion detection. Perhaps the most straightforward of these is protecting communications from eavesdropping through the use of wireless network encryption.
Wi-Fi Protected Access version 2 (WPA2) is the clear standard for acceptable wireless security. All modern wireless networks support this standard, and network engineers should always configure it in lieu of the Wired Equivalent Privacy standard. WEP encryption contains serious known security flaws and should be avoided at all costs.
Authentication ensures that only validated members of the trusted user community gain access to the wireless network. Organizations should turn to the 802.1X protocol for authentication needs and support that protocol with a back-end Active Directory or Lightweight Directory Access Protocol (LDAP) database.
Segmentation separates the networks used by different classes of users and devices, allowing administrators to apply different controls for different classes of users. For example, staff may gain full access to network resources while guests are limited to visiting Internet sites with no access to internal systems. Similarly, administrators may place restrictions on access for BYOD devices that do not apply to organization-owned devices.
The fourth component, intrusion detection systems (IDS) and intrusion prevention systems (IPS), ensures that rogue access points and their users quickly come to the attention of administrators. These are critical components of wireless security. Many wireless solutions are delivered with advanced IDS and IPS capabilities built in. IT administrators must determine optimal settings for these tools to maximize their security benefits.
Networking teams are not growing at the same pace as the networks they manage, resulting in higher device-to-engineer ratios. Managing networks in this environment requires simple management interfaces that work across the wireless infrastructure.
For example, CDW’s networking engineers experienced this firsthand when they helped build the wireless network for University of Phoenix Stadium, site of the 2015 Pro Bowl and Super Bowl for the NFL that deployed 835 access points. IT administrators could have manually monitored all of those, but that would have created a massive amount of work. Instead, they used a single management platform that gave them visibility across all the access points.
When the time came to switch Arizona’s University of Phoenix Stadium over from the Pro Bowl to the Super Bowl, this management interface proved its worth. The league wanted the Super Bowl to have a different service set identifier than the Pro Bowl. To perform this switch, administrators had to change the SSID configuration on all 835 access points literally overnight. A management platform allowed them to pervasively configure the entire solution without requiring an engineer to manually work on each access point.
Ease of Deployment
Wireless network designers should also monitor the ease of deploying wireless solutions — both in rolling out new access points and in connecting clients to the existing wireless infrastructure.
Modern tools make it easy to deploy new access points in central and remote locations. Wizard-based access point configuration tools allow the connection of new APs to an existing network in seconds.
From a client perspective, the wireless network should allow the easy connection of new users and devices. Many IT experts advocate the use of self-service onboarding mechanisms that connect users to a generic SSID and walk them through the onboarding of their device. Such capabilities make it much more automated, simple and secure to add a new device to the network.
Organizations must be able to provide high-bandwidth solutions to support devices accessing the network, as well as high-bandwidth applications, such as video. After all, many organizations are seeing network bandwidth requirements double every two to three years.
Compounding this increased demand is the fact that manufacturers are building high-quality equipment that doesn’t wear out before it becomes obsolete. Users find themselves dissatisfied with old wireless networks, but IT departments maintain the equipment because it continues to function normally.
Security, management, ease of deployment and bandwidth are critical concerns facing wireless network planners. IT workers must consider the costs and benefits of technologies supporting each of these pillars when planning new wireless network deployments and upgrading existing networks.
For more information on ways IT can keep pace with bandwidth demand, read the white paper “The Evolving Wireless Network.”