2/13/2018

Pay attention to security, bandwidth and application visibility when rolling out a wireless network upgrade

Upgrading your wireless network requires a lot of attention. Although there are many ways to configure and use Wi-Fi, best-in-class organizations should apply these five strategies to get the most out of their networks.

1. Predict changes

There’s nothing riskier than a Wi-Fi network that is left unattended. Over time, people are added, moved, or replaced. Desks and other furniture in the environment change. A wireless network that isn’t maintained to keep up with these changes degrades over time and provides less-than-exceptional service to users.

However, the chipset power embedded into each access point allows today’s wireless LAN (WLAN) infrastructure to be very fault-tolerant. A good WLAN can survive the loss of access points and the addition of new ones. Radio interference would be proactively managed minimizing the effect. All complex configurations and dynamic management of radio channels would be addressed in every AP.

2. Use intelligent wireless products

Gone are the days when you had to manage and configure each wireless access point manually and separately. The tedious job of continuously adjusting power levels, channel assignments or enabling hot spare APs has gone the way of the Dodo bird.

Today’s distributed intelligence Wi-Fi technology can handle mobility, keeping an IP address and connection alive while a user on a VoIP call walks between rooms, floors and even buildings. You should invest in a Wi-Fi network that not only handles mobility, but also handles all kinds of traffic including voice and video conversations, document and screen sharing and team collaboration with a bunch of people working on the same document at the same time.

3. Understand the application and prioritize

In most networks, as soon as the WLAN network is turned on, every smartphone in the building is automatically connected to the network. These devices continue to consume bandwidth, even when no one is using them. Add to that applications working in the background (such as automatic backup, software updates, application updates, voice recognition software) and you end up with a wireless network near capacity without a single active user!

The solution isn’t to prohibit casual use. It is to make sure that mission-critical applications, (such as VoIP/unified communications, video collaboration, document sharing, transaction processing, and business uses), get priority over non-business and casual use. Look for Wi-Fi solutions that provide application visibility and control, such as the Alcatel-Lucent OmniAccess® Stellar wireless portfolio, so you can throttle bandwidth depending on specific rules, automatically and dynamically.

4. Develop a guest access policy

Supporting guest access is generally a given in today’s enterprise wireless installations. Guests commonly have a legitimate need to connect to the Internet while visiting an organization. Although some road warriors may use alternative technologies, such as 4G or LTE to bypass local Wi-Fi networks, it is important to plan if and how other guests will connect to the organization’s WLAN.

Of course, these guests shouldn’t require much access to anything inside the normal enterprise network — printing, perhaps, being the occasional exception. Therefore, securing connections to ensure that guest users do not gain elevated privileges is important.

Common alternatives, such as requiring guests to preregister Media Access Control (MAC) addresses or obtain a temporary user name and password, tend to be cumbersome and should be avoided. One bad result of a guest policy that is poorly developed or difficult to follow is that staff members might spend valuable time trying to get their visitors logged on to the wireless network. Or, even worse, a staff member might share his access with a guest to connect directly to the internal wired network to bypass issues with the guest access rules and process.

Guest policies must balance requirements for accountability and prevention with the goal of making it simple and quick. There are a lot automated systems able to deliver this, however the best and most secure way to get this done is to have an intelligent WLAN system which understands when a guest connects, throttle the bandwidth depending on the application used and tunnel the traffic up to the router for the internet connection.

5. Maximum security from the beginning

Security has always been very important especially when dealing with wireless networks. There are various methods today to build it, however the best would be to have NAC (Network Access Control) not only for WLAN but for LAN users as well. One single point of management can guarantee the highest level of access security no matter the type of connection (wired or wireless) NAC meshes well with wireless deployments because the wireless authentication standard — known as Wi-Fi Protected Access 2 (WPA3 is currently under development, considering the recent vulnerabilities found in WPA2) uses 802.1X, which is a convenient method for passing NAC information between clients and servers. There are many network management systems that streamline and minimize the complexity from a NAC deployment for the network infrastructure.

These are the five basic rules to follow for providing users with the best experience while keeping the administrator happy with short and relatively simple configurations. The network infrastructure itself will take care of the most cumbersome and boring tasks needed for the optimal operation of the network infrastructure.

For more information about an access point solution that addresses these issues, read about the Alcatel-Lucent OmniAccess Stellar WLAN solution

Tags - Mobile Campus, Security

Browse Blog Posts
Browse Blog Authors
About the author
Marco Piazzalunga

Marco Piazzalunga

Networking Solution Architect, Alcatel-Lucent Enterprise

Marco Piazzalunga has over 15 years of experience in the telecommunications industry and has held the role of Solution Architect in networking, voice and applications in several software and hardware companies. Born in Italy, he holds a Bachelor of Science, Telecommunication Engineering from Politecnico di Milano. Before moving to telecommunication companies, he was a full time Professor of Telecommunication and System Automation for Italian National High School (ITIS). Currently Marco manages opportunities in the EUSO region (Italy and central Mediterranean countries) for channels, verticals and cloud.

Twitter
 
About the author
Mauro Rizzi

Mauro Rizzi

Network Business Development Director, Alcatel-Lucent Enterprise

Latest Posts
2/26/2018
Blog 1200x299 Students foresee the future of communications

Students foresee the future of communications – and it’s not yet another tool!

4/25/2016
Blog 1200x299 How secure are your network switches?

Anyone with even a little familiarity with IT knows that data security is a big deal, and with good reason.

9/8/2017
Blog 1200x299 ALE didn't WannaCry

How ALE managed the WannaCry cyber attack and our Service Desk experience using Rainbow cloud based Communication platform.

Industry Perspectives