This article can also be found in the Premium Editorial Download "Computer Weekly: The problems of legacy IT in banking."
Download it now to read this article plus other related content.
We’re living in a mobile world. Smartphones and tablets are increasingly the predominant devices on our networks, moving traffic away from wired to wireless and changing the way we need to design and manage our networks. Things get even more complex when we have to factor in users’ desires to bring their own devices to work. How can we find a balance, and how can we simplify the increasingly complex management task?
Currently mobile devices and their networks are managed by a mix of different tools, all with their own user interfaces and idiosyncrasies. You are likely using a tool like Microsoft’s System Center Configuration Manager or its cloud service Intune to manage devices, with Windows Network Access Protection controlling access to network resources – while using proprietary tools to push configurations to network equipment. That is a complex mix of tools and technologies, and one that requires several different skill sets.
Modern wireless access points are powerful devices, capable of supporting large numbers of simultaneous high-speed connections to smartphones, tablets and laptops. That also means supporting a wide selection of different applications, with as wide a range of bandwidth requirements – from low bandwidth document access to delivering HD video streams to devices with 4K screens. That makes the wireless environment increasingly complex – and that is before we introduce users bringing in their own devices (if you’re supporting BYOD) or visitors expecting guest access.
Aerohive’s cloud-hosted Mobility Suite is a response to this growing complexity, bringing that mix of tools into one application. It starts with a client-management tool, which lets you distinguish between devices that are part of your corporate fleet, BYOD devices, and untrusted guest devices. Administrators get a one-stop shop for configuring policies and monitoring network usage, while employees get a self-service portal where they can register devices and manage their wireless access.
Guest devices are controlled via an ID manager tool that handles user authentication for different types of guest user – and delivers log-in credentials via SMS. There is also the option to use kiosks and web portals to register guest devices. If you’re using an existing MDM, there is also the option of using it with Mobility Suite, using it to push device agents and software.
There’s one issue with tools like this: they require using only one source of Wi-Fi access points. Aerohive’s solution depends on its HiveOS AP tools to manage access and devices from the cloud.
Read more about enterprise Wi-Fi
While that is not likely to be an issue for larger enterprises that standardise on suppliers quickly, it can be an issue for smaller businesses that may have a mix of Wi-Fi hardware. Getting the right AP for your business is an important part of the purchasing process, as you’ll need to ensure you have the right technology for your needs.
Matthew Gast from Aerohive talked us through some of the features of a modern AP, as the radio front end and antenna design are as important to delivering a successful network as the management tools.
“It’s all up to the infrastructure supplier design,” he said. “Some of it is the antenna, but a lot of it is the amplifier so it can feed a clean signal.”
While Aerohive’s cloud-management tools mix device and network management, Xirrus’s Mobilize is more of a network-management tool for its devices, delivering profiles to APs and helping design networks.
Getting wireless network design right is important in the transition from 802.11a/b/g/n to 802.11ac. Improved beam forming means newer wireless technologies can deliver the same coverage from fewer APs. However, that doesn’t mean networks are immune to capacity problems; something Xirrus’ Application Control tools are designed to help manage.
Like Aerohive, Xirrus is best known for its enterprise Wi-Fi solutions. First and foremost a hardware supplier, it also offers a range of network management tools and services that take advantage of its hardware capabilities.
A key component of its management tooling, Application Control, is intended to reduce the load on networks of BYOD and personal devices. Users have come to expect wireless networks will perform as well as wired. Unfortunately, even with fast 802.11ac networks that remains a problem – especially with high bandwidth HD video.
By using access points to inspect the packets they’re transmitting, it’s possible for Application Control to block or apply quality of service restrictions to unwanted apps.
Application Control takes a profile-based approach to policy, with profiles for more than 1,200 applications. You can use those to build appropriate policies, or just to track what’s in use, and how much bandwidth is being used in a central dashboard. If one specific app starts causing problems, or perhaps may not meet the requirements of an acceptable use policy, it can be throttled or blocked.
Putting deep-packet inspection on the edge of a network in an AP makes a lot of sense. It’s a low-impact way of distributing network management, reducing bottlenecks and putting wireless management where it belongs: with the wireless devices.
Read more about enterprise mobility
Bandwidth-hungry apps can be blocked quickly, so your users updating their iPhones won’t stop your CRM system from giving the sales team customer contacts, or your ERP system from sending orders to suppliers. You can even route individual applications to specific VLANs, keeping user traffic and unapproved applications separate from your central business systems and services.
Both Aerohive’s and Xirrus’ tools go some way to unifying wireless network and device management, but they are still not the one stop shop a modern network needs. What you are getting with tools from network device vendors is just improved network management, and while that may reduce the number of tools you need to manage your wireless network, it’s not the panacea you might hope for.
If you are going to deliver a corporate app store, or deliver device monitoring agents, you are still going to need a MDM. These are also enterprise tools where large physical estates need to be covered by managed wireless networks, rather than tools for SMBs which rely on off-the-shelf hardware and built-in management tooling.
While it’s clear we’re not in a place where wireless network vendors can solve the management problem, it is not actually a bad thing. Those networking vendors are best at giving you the tools you need to run your network, whether it’s handling device registration like Aerohive or network usage like Xirrus.
Building full enterprise-grade system management tools that can determine the capabilities of different versions of Android or iOS is a distraction from delivering the fast, high capacity networks we expect, and it’s not what those wireless network vendors are delivering.
So if you’re waiting for a tool that helps you manage everything on a wireless network from one screen, sadly you’re going to have to wait a little longer.
This was first published in March 2014