SMS Authentication- A Nice, Easy Way To Do WLAN Guest Auth

For wireless guest access, there are all kinds of ways to skin the cat. In a perfect world, Hotspot 2.0 will take care of authentication and encryption, and all would be sunny to everyone's satisfaction. But, that ain't happening for a while (if ever). It's becoming more popular to tie guest access to social media "credentials" (a bit of a joke to call 'em that), as there's usually some marketing hook behind that, and some networks really don't care WHO you are, like really.

But when you need to have some level of accountability on your guest network for whatever reason, using SMS-based authentication is not a bad option. You can front it with a WPA2 PSK or leave it open (everyone has different use cases, business drivers, and policy), but for answering the challenge of "make it easy on 'em but still let us have some bit of real, verifiable information to tie to a person", SMS-based auth is hard to beat. 

Years ago, I set off on a quest to find a wireless guest solution that was easy to support, easy for users to self-provision through, and that met our organizational requirement that guest sessions not just be tied to some bogus email account (the joey@asscrack.com thing is funny only so many times in a row) but to use 10-digit cell number as the "User ID". Though we were a Cisco WLAN back then, Cisco couldn't come close to fulfilling our simple requirements. Rumor was that Coloubris had a gateway that might work, but this was around when HP bought them and we literally couldn't find a human being walking the earth that could tell us anything meaningful about that gateway. Then there was Bluesocket (now ADTRAN). When I first approached them with my needs, they- like Cisco- couldn't do the self-provision SMS based thing. And like Cisco, they tried telling me that if I was willing to change my requirements, they could provide a solution. But when I pushed back, Bluesocket was willing to do a little bit of development and was able to provide something that really was ahead of it's time (we're talking like 2006 here):

 

Sure, it's not so impressive today given that there are now lots of other guest portals that do SMS, but it still works very well, and is what we continue to use at my University because it does work well. Unfortunately, you have to invest in a full-blown Bluesocket appliance to get the functionality, but even that's not all bad.  The appliance works well as DHCP, firewalling, NAT, rate limiting, quarantine, MAC exception home for odd stuff that fits nowhere else and a handful of other guest-relevant functions, but also has (and is over-priced based on) lots of Bluesocket-specific WLAN stuff you'll never use if you don't have Bluesocket APs. And the appliance hardware is pretty dated. But... on balance, this has been dynamite- and is the only off-the-shelf 3rd party gateway kind of thing  that I'm aware of that you could bolt on to anyone's WLAN and make work if you didn't like what your native solution does for guest access (Sorry Cisco, you still don't get it as far as I can tell).

Then there's Meraki's version. The SMS auth groove is new to Meraki, and they still have some development to do on it before I'll sing it's praises too loudly, but it works well. I'm about to deploy it in a unique situation, and am pretty pleased with it's slick integration to Twilio as the SMS provider, and that I pay nothing extra to Meraki for exactly the SMS auth feature I want:

 

No extra appliance needed, no additional fees, and it works so, so nicely with the rest of the magic in the Meraki cloud-managed wireless solution.  Where it is feature-thin, I can work around until they tighten it up (and I did make my wish last week, so I'm assuming the elves on Mount Meraki are almost done already). It only works with Twilio as the SMS service, but that's OK as Twilio is cheaper than cheap, and each texted password costs you a penny. (We use Message Media for the Bluesocket, is more expensive and less snappy in my experience).

Anyhow- If you've never gone the SMS path for guest access, I can vouch for it's effectiveness. Though I personally have no use for social media logins, I understand the appeal in certain markets (but would never use my own accounts for guest access- I'd rather go without). SMS is just another option to consider. Combine it with Personal PSK, and I think users and admins would both win, at least in my wireless world.

Pssst- If you have a Dashboard, Meraki is easy to try- and you get 25 free Twiio interactions so you can feel what the experience is like for texting the auto-generated password from your own easy-to-customize splash page before signing up for a Twilio account.

(I find Twilio almost as much fun to say as LaserFiche, by the way)

Bummers in WLAN Land

None of the following gripes are the industry's biggest problems. At the same time, they are nuisances and occasionally rise to the level of major headache. Some of these apply to WLANs of all sizes, others are far more applicable to bigger wireless environments. The remainder? They're just goofy. If any one of these were to be corrected or adjusted a bit, the wireless world we live in would be a little sunnier. In time, each and every one of these will "age out" and cease to irritate, but for now they are fair game to call out into the light  of day. I got me a license to bitch, and here it comes, in no specific order:

• Why are those cheap bastards at the laptop factory still putting out 2.4 GHz-only capable computers? It can't cost more than a couple bucks to provide a dual-band adapter in even the cheesiest laptop during manufacturing. Yet you have to look fairly hard, and often get into some serious upgrade dollars, to find a consumer-grade laptop (beyond Macbooks that come with dual-band 11n in all cases) that features both bands. It's almost unheard of in the "Sunday Specials" that feature prominently in the BYOD demographic. We all suffer for the side effects, and it's about time Acer, ASUS, Lenovo, and the other economy-class PC makers stepped up and became better citizens of the WLAN community.


• What's Up With Gartner's Quadrant When It Comes to Wireless Vendors? Gartner has always been a bit polarizing in their analysis of various technology sectors, but they flat out blew it with eliminating the WLAN-specific quadrant in favor of including only "unified" vendors.  It boils down to these:
  
  
  
  • Sure, some vendors make Ethernet switches and wireless APs. But in many environments, switches do little more than provide PoE for APs. Big flippin' deal.
  
  
  • When a company as radio and antenna savvy as Ruckus can't make it into The Quadrant because they don't have switches, there's something seriously wrong.
  
  
  • A Unified Quadrant isn't bad, but it's incomplete and therefor a disservice to the industry. It's time to bring back a WLAN only Quadrant, and a switching-only view IN ADDITION TO the unified Quadrant.
  
  
  
  


• Apple really missed the boat by not including 11ac in their very expensive new iPhones. The Big A should be a better steward of the client device space's future. If Samsung can do it, so can the Gods of Cupertino's Mountain of Cash. Instead of breathing life and craze into early 11ac adoption, Apple cheaped out and disappointed the fans (and wireless admins) that were hoping for more out of Apple's phone, especially for the money.


• Apple's Bonjour. Enough already. Fix it, and do your part to provide some pain relief to the wireless shepherds of the BYOD fields where your gadgets roam free.


• Cisco's Wireless Management System. It's WCS! It's NCS! It's NCS Prime! It's Prime Infrastructure! Whatever it's called this week, it's still buggy, slow, frustrating, and demanding of it's own FTE staff just to keep it breathing at times. To think about putting switches into this same management framework as wireless on very large networks as "unified" gets deeper into the management paradigm is the stuff of horror- unless we see a major overhaul soon. Too much of the WLAN market relies on this sometime-train wreck to not improve it.


• The Fallacy of Interoperability and Standards in the WLAN Space. Sure, we check our wireless devices for the famous Wi-Fi Alliance seal of approval that should mean all is well when devices need to talk with other devices, but there's a lot more to the equation. Consumer-grade stuff often doesn't play well in the Enterprise but nothing on the packaging explains the delineation. And... I can't mix and match enterprise WLAN hardware or features like I can Ethernet switches. This is arguably the way it has to be, but its also a royal pain in the butt at times. Vendor lock is real, for better or worse.

We've all got things that steam our clams when it comes to wireless networking. These are on my short list this week. The world certainly doesn't have to change on my say so, but at the same time time I can squawk about it, by golly.

Look A Bit Beyond WLAN RF

The RF part of wireless networking is often what keeps good IT folks from really getting proficient with WLAN, and many good WLAN types never look beyond the frequency ranges used in 802.11 technologies to see the bigger RF world that we live in. It's understandable, especially for those without some sort of professional or hobbyist background with signals. The world of WLAN spectrum can be hard enough to wrap your head around, but every now and then there is value in seeing the bigger "comms" picture. The more you understand about the way different frequencies behave in the most basic sense (and what services use those frequencies) the more comfortable you'll become with really understanding the more mysterious parts of both access-type WLAN and point-to-point bridging.

There are masters'-level classes on RF and radio technologies, tech training courses, and infinite online tutorials and calculators covering all the variety that falls under the broad heading of "learning about RF and RF systems". This is one of those areas that you never, ever stop learning about. And once the bug bites, it's not uncommon to become a radio-technology junkie who's interested in far more than just the goings on in the 2.4 and 5 GHz slices of the electromagnetic spectrum.

Let's look at just a bit of information on "commonly used" frequencies:

• How long are their wavelengths


• What are their natural "free space path loss" characteristics (how they "fade")


• At a common power and antenna config, how do they behave compared to each other?

Sounds like heady stuff, yes? It's really not that bad- so stay with me here.

The following frequencies have meaning to me, and certainly to many of you as well. I'll give you the wavelength of each, and tell you how much the signal fades after 1 km based on these values applied to each frequency:

• 100 mW (or 20 dBm) of power


• Simple 3 dB antenna at the transmitter and receiver

Whether the signal would be usable (any signal left after path loss)



(Table created by me, there is some minor rounding done)

Again, we see that with same power and antenna gain/sensitivity, the frequency in play makes a dramatic difference to what's available (or not) at the receiving end.

The frequency is a product of wavelength;  the lower the frequency gets, the longer the wavelength is. Lower frequencies also tend to require bigger antennas.

But this little exercise is of limited practical value, beyond helping to understand basic aspects of RF behavior at each of the frequencies I chose to show. High gain antennas, increased power levels (some technologies like Wi-Fi are limited to miniscule power levels while other technologies measure their outputs in Kilowatts), and environmental factors all influence the basic RF goings on at each frequency. Modulation types, quality of engineering, CPU and other silicon behind each given technology all also define performance of whatever technology is in play for a given spectrum. As I mentioned before, it does get complicated.

One of my favorite communications-oriented RF tutorial sites is at National Instruments. Although the American Radio Relay League (ARRL) is often thought of as a ham radio organization, they have a wealth of resources on all sorts of RF-related technologies and industry happenings.

If you've never built an antenna of some sort or another, you should. Whether it be a simple project for Over the Air TV or something weird for wireless penetration testing, its worth doing at least once. Research it, build it, improve upon it, and see how altering it changes the performance of whatever your application is (could be using a scanner to hear the local police comms or doing your own point to point wireless bridging), it's fascinating to design and build something RF-related, at least once. You'll find that seemingly unrelated wireless disciplines really do enhance the understanding of the actual wireless part of wireless networking.

Wireless Standards Just Aren't Enough

First the love:

Anyone in the wireless game, like really in it, knows that wireless networking is incredibly complicated under the hood. That the IEEE and the Wi-Fi Alliance could herd enough cats to get us to where we are today- enjoying our 11ac honeymoon- far from the days of early 802.11 is amazing.

Let's pause for a moment and think about how far we've really come, because it is impressive indeed. From a technology that was an expensive accessory at one point, with low data rates, high prices, and anemic security, to being the preferred method of access today for most of us, with rates and security features that are fitting for any environment (when installed right), wireless has grown up.  A huge thank you to everyone involved, as you've given me the best job in the world- that of a WLAN professional.

Now the lament:

As impressive as the modern WLAN is, somehow we ended up with some crazy market fragmentation and mindsets. Even though interoperability testing mostly keeps the wireless train on the rails, we still end up with enough in-place chaos to make life pretty miserable for wireless clients and support staff at times.

Maybe we try too hard for backwards compatibility. Perhaps device makers are lazy or out of touch, or could it be that the BYOD comet just hasn't caused enough pain to really get everyone's attention? For sure, the fuzzy, often-bludgeoned distinction between consumer and enterprise-grade components doesn't help matters.  Here's what I mean:

- In a world where we're talking about "Gigabit Wireless", we still have device and instrument manufacturers churning out chipsets that need 1 and 2 Mbps data rates to behave right. These devices are frequently intended for networks that aren't likely to have those rates enabled.

- Printer manufacturers have far deeper roots in the business environment than does wireless. Yet, we can't get printer makers to understand what their devices need to do for desired functionality on the "business WLAN".

- What we call BYOD is actually BYOD/T; that is bring your own device AND TOYS to the WLAN. If it works at home on the living room network, you know damn well people are going to want to use them at work. Like AppleTVs and Google Chromecasts. To the uninitiated, you look at the specs on the packaging and see "compatible with 802.11n/g" or whatever, and jump to the conclusion that it must work because that's the kind of network we're using. The  warning label that should say "check with your networking department before buying this for office use" never makes it to the packaging.

But... rather than having to explain to users why this gadget or that can't work on the WLAN, or killing ourselves to put in hyper-complex, house-of-cards-quality work-arounds, wouldn't it be nice if somehow the Community of Wireless Client Device Makers could get with the times and build compatibility for both consumer and enterprise networks in to begin with?

Just supporting enterprise security would help immensely, and likely add little to the device cost. (I'm astounded at how out of touch the business printer/projector makers seem to be). There are certainly other nuts to crack as well before everything is perfect between the WLAN and BYOD/T devices, and Apple could be an absolute leader here. Bonjour has long had it's day, as I've bitched to anyone who will listen.  "Apple TV is perfect for the boardroom" provided that you have one small flat network and one boardroom. But when you have hundreds of boardrooms/classrooms and complicated LAN topologies, devices like the Apple TV are a supreme pain in the assbone. If Apple could do right by the customers who continue to fatten the company's immense bottom line and give us something better than Bonjour for their devices in the workplace, maybe other device makers would follow suit. (Did you know that higher ed is begging Apple to provide relief from Bonjour headaches?)

Maybe we need tighter "categories" from the Wi-Fi Alliance- with devices that are labeled either "Enterprise Ready" or "Consumer Grade". This would give incentive for the lower-end stuff (including Apple's Bonjour-based devices) to step it up. It would also give a clean delineation for networkers to point to for device support. If done right, We could say "if it's got the Enterprise-ready label, we support it" and if not, don't bother bringing to us. Everyone would know where they stand, as the criteria that goes into an "Enterprise Ready" compatibility testing program would be based on far more than just whether radios can talk to each other. It's a nice thought anyways.

Ah well- end of rant. Now if you'll excuse me, I have to go explain why Chromecast doesn't work on our 802.1x-based WLAN.

How WLAN Vendors Can Solve The College Dorm Problem

Ladies and gentlemen of the WLAN industry, here are the problems with wireless networking in college dorms, and a head start on how you can develop a solution.

Problems:

1. College dorms are usually covered by the same enterprise 802.1x network used on the rest of campus, but are really more residential feeling at the operational level.
2. Wireless printing doesn't work where you have hundreds of anything-goes printers with no coordination on the same WLAN- and consumer-grade $40 printers don't support enterprise security.
3. Game consoles and Bonjoury toys also are fraught with problems and usually need yucky work-arounds on the business network usually found in dorms, or get relegated to the wired network.
4. Rogues get installed to get around what campus WLAN can't easily provide
5. Ditching the enterprise WLAN and letting students bring their own wireless routers is a recipe for chaos and angst from the RF and support perspectives.

Solution:

It's not cut and dry, and my enormous cranium hasn't yet formed the whole solution. But it starts like this:

1. Keep all the benefits of a centrally-managed solution. RF coordination, central monitoring and configs, etc- whether cloud-based or local not so important here.
2. Study PowerCloud's Skydog network paradigm. Everything about it doesn't fit the dorm challenge, but a lot of it does. If you can treat each dorm room as an apartment, with a dedicated SSID or some other compensating control (not all dorm rooms would need their own AP) we'd be off to a good start
3. Maybe use elements of Ruckus' Secure Hotspot in a way that lets a single student or roommates have all of her/their gadgets in a little "private WLAN" all somehow using the same private PSK.
4. Make sure any one student's most common gadgets can all interact in their own little WLAN space (even Bonjour toys and printers), that it's all easy to self-setup, and can be administered by WLAN admins if trouble hits. 
5. With all device types accomodated, the reasons for rogues are eliminated.
6. Make sure students can't get to each other's stuff, but allow for on-demand temporary access when sharing is desired.
7. Make sure that however it all gets put together, the RF environment is still well-coordinated.

There- that was easy. Now someone just needs to build the code and interfaces... 

 

 

Here's What I Want NOW From My Wireless Management System

When it comes to the management and security of wireless networks, I want a lot of things. I want new things, and I want legacy things that aren't going away to get better. I want slick, I want fast and I want effective. I want powerful, feature-rich, and a say in what features are worth devoting UI resources to. I want it all, baby- and here's my latest rant on the topic. You're going to love this.

Before I drop the bomb, lets set the stage.

I had the privilege of hanging out with the fellows from 7signal at the recent Wireless Field Day 5 event, and seeing how they do WLAN RF health characterization,  as well as getting a peek at what AirTight is up to. Being a long-time Cisco wireless customer, my mushy brain cant help but bring everything back to my vendor for comparison; but more on this in just a bit.

In my spare time, I've been having more fun than a person should be allowed to with the addicting Wi-Fi Pineapple (along with some tricks from the much-revered BackTrack Linux.) And at work, we're gearing up for thousands of students to flood back into the dorms, which means Rogue Hunting Season is neigh. Put all this together and feed it into the "It's Easy For Me To Demand Things From Other People That I Can't Do" engine, and out pops the following wireless support and security gem:


Wouldn't it be cool if...

• You could take one of your in-service APs and turn it into a virtual client that associates with other APs? (stay with me, I know you've heard this part before)


• Synthetic testing with said virtual client was possible: do my DHCP and RADIUS servers work? Can I reach the Internet? Can I reach other locations, from each of my SSIDs?


• The virtual client AP could report on nearby rogue networks, after I set a min threshold value, (getting closer to the money shot) and tell- Is the SSID open or protected?


• My virtual client could associate to the open SSIDs, and report back what the public IP is of the rogue?  (I could find it then through MAC or ARP tables if on my own network- doesn't need to be automated)


• Here's the LAGNIAPPE, baby- If the rogue SSID was encrypted, I'd like my virtual client to execute Aircrack-NG, Reaver, Fern, or whatever. Somehow, the power of my management system harnessed to this virtual client/pen testing-mode AP would give me a big-assed, infinite dictionary from hell and lots of power to crack. Then I could go back to the "find the public IP" step, which to me is the ultimate and definitive "game over" versus a lot of wireside detection systems that are so-so with their success rates.

I know there are lots of ways to do "wireless support", but I am enamored with the force-multiplying capabilities of a well-constructed virtual client mode for installed APs (as I imagine them working). I've been beating the drum for Cisco to consider basic virtual client functionality for years, to no avail.

But now I want even more- I want a "virtual client AP meets BackTrack Linux, and they have offspring" mode.

I'm not asking for too much, am I?

Features, Products, Services... The Differences According to Aerohive

I recently visited Aerohive's home turf as one of the delegates at Wireless Field Day 5. It was wonderful getting to meet, in person, many Bees I frequently interact with via email and social media.

My own history with Aerohive is built largely on covering their evolution from the early days, writing about them professionally in Network Computing Magazine. As with other vendors, sometimes Aerohive gets the spotlight and sometimes they get compared against when analyzing what competitors are up to. I have my own small Aerohive environment, and have first hand familiarity (not mastery, mind you) with Hive Manager and a couple of AP models.

Aerohive has been a major player in minor-but-growing cloud-managed wireless network space that includes Meraki (Cisco), AirTight Networks, and PowerCloud. 

Ah, cloud-managed networking. I've become a fan where I use it (and I do use it in a number of sites). I like that one of the running campaign themes of cloud-based networking in general is reduced hardware counts with no convoluted licensing schemes. 

Though Aerohive has done a good job with pushing the value of "here's a new feature, and you'll just get it with your next Hive Manager upgrade at no additional cost!" message to customers, I was taken a wee bit aback during the Field Day briefings on Aerohive's IDManager and Client Management services because they were called "new products" that require licensing.

Both offerings will no doubt be welcomed by existing Aerohive customers, and are easily marketed at prospective customers looking for a robust, all inclusive solution. My own little private shock at the licensing requirement doesn't detract from my overall opinion on Aerohive, and after thinking about it , I know where the surprise comes from: we've gotten so used to rich feature sets being "free" that we instinctively expect the gratis model to apply to any and all "features" Aerohive develops. Which really isn't fair to Aerohive, but is how we've been conditioned on the customer end.

I wont pretend to understand why Aerohive has "given" so many enterprise-grade services away to date that others license for, but draws the line at IDManager and Client Management. Nor do I care enough to get hung up on it, as other vendors seem to be licensing their Onboarding services as well after hearing their briefings. 

For those keeping score at home, here's a breakdown of some of what is included with Aerohive's Cloud Manager and licensed APs under the heading of "it's just in there":

• Spectrum analysis
• Application visibility and control
• Statefull firewall
• QoS
• VPN
• Partner MDM hooks
• Planner software(free to non-Aerohive customers too)
• Bonjour gateway software (also free to non-Aerohive customers)

And what you have to license seperately:

• Client Management (license blocks of 100)
• IDManager (tiered licensing, starting at 250 guests)
• StudentManager (blocks of 1000)

 

 

 

Get To Know MetaGeek, Look at Your WLAN As You Really Should

MetaGeek is one of those companies you love crossing paths with. Their staff have titles like Hacker, Geek, Firefighter, and so on. Everyone from MetaGeek I've ever met, be it at events like Interop or more recently Wireless Field Day 5, speaks with pride and openness. Their presentations and pitches never feel rehearsed, and you know that this is a company made up of believers in MetagGeek's products and future. And- they always have that "Idaho Vibe" that you gotta love, once you know how to recognize it.

At Field Day 5, I had the pleasure of meeting Chris Woerz and Stoney Tuckness, as they demoed the MetaGeek line, talked about some of the decisions that went into the specifics of their approaches, and queried us Field Day delegates  about what we would like to see in future products and feature sets. Chris and Stoney work fast building rapport with the crowd, and it's obvious that those in the room adore the MetaGeek line.

About MetaGeek's Offerings

I've used the original Wi-Spy, the freebie InSSIDer on every platform that will run it, and Eye PA in my wireless networking duties. At Field Day, Stoney proclaimed that MetaGeek likes to provide "kick ass visualizations", and I can attest that they hit that target. Whether you want to see simple spectral views on what's happening in Wi-Fi's 2.4 and 5 GHz bands, a unique, powerful visual front-end to 802.11 packet capture, or advanced interference detection integrated with Cisco's respected CleanAir, MetaGeek has you covered. Every good WLAN engineer wants there to be no mystery to what's going on with the RF in their environments, and Metegeek nicely demystifies the complex.

Cool, fairly-priced tools are one thing, but then there's general knowledge about wireless networking. I'm guessing  a fair number of MetaGeek customers aren't aware of the online forums the company provides. Here you'llfind  a wide range of information on WLAN in general, and lots of tips on using MetaGeek's stuff. It's worth the visit.

As the 802.11ac clouds gather over the WLAN landscape, things in the RF domain are about to get much busier, and more complicated. Understanding what's going on truly benefits from seeing  what your RF "looks" like through the lens of good tools. If you have no MetaGeeks' utilities in your toolbox, you're missing out on powerful magic at a fair price.

What Meru and Xirrus Need to Do

I'm not a big deal, but I know a guy who is. And- I have pulled off San Jose's most brazen balloon theft. These two facts combined qualify me to advise multi-national wireless networking companies on communications strategies. Here's my advice for Meru and Xirrus, after visiting with both companies for Wireless Field Day 5.

Both companies are headed by obviously intelligent technologists who are passionate about their product lines. Each has well-spoken customers willing to testify on the effectiveness of their gear. Both are still in business in a pretty competitive space, and hoping to grow their shares of the WLAN market. And both have unique technical stories that set them apart from their industry peers.

And here is the problem.

For years, I've listened to a number of briefings with Meru and Xirrus and always walked away with a nagging sense that each is actually a bit uncomfortable talking about their  "specialness" to any depth when dealing with Classically Trained WLAN Types. Xirrus does the array thing, and Meru rocks the single-channel architecture groove. Both companies want to talk about their bigger stories, but many of us don't feel satisfied with terse "trust us, it works" explanations on features that are radically different from industry norms. So... briefings grind to a halt because tech-analysts want to know why we should accept that these companies have actually found a different way to do things. But the companies' speakers obviously don't want to spend their camera time on these years-controversial details, and neither party quite feels great at the end of the experience.

And here's the fix.

There's certainly a fine line between disclosing intellectual property and being open with those asking pointed questions about your technology. But that line needs to be walked when you build product lines on unique technical approaches. Sam Clements and Keith Parsons are well within their professional purview to challenge Xirrus on how they can pack so many antennas into such a little box without them creaming each other, especially when other vendors sometimes bash Xirrus for their designs. And Chis Lyttle is proper in asking a few times for more info on Meru's "special sauce" even if it slows down Meru's onboarding demo. Tech people want to hear what tech people want to hear, and neither company tends to want to get into the nitty gritty that would get us all to shut up already and let them get our full attention on their latest announcements.

Each company should embrace the living hell out of their uniqueness. Lead with it, don't tap-dance around it. Stick it in our faces with good, digestible white papers and diagrams that clear up the mysteries once and for all without giving away IP. That way, when we all get together again, Xirrus and Meru can not only deliver the Message of the Day, but actually get us to listen to it instead of badgering them for information on the little things they do that many of us have been trying to comprehend for years.

We'd all be better for it, especially Meru and Xirrus.

Fictitious Bands of Silicon Valley

I'd go see any of these...

Heatsink

Chuck Chipset and The Floating Points

3dB Down

Maggie Yagi From Venus

Coaxial Maneuvers In The Dark (CMD)

Standing Wave

Kilowatt Rage

Billy Bridge and the Links

Buggy Code Rex

Rebecca Radius and the Authenticators

The Analyzers

Tommy Harmonic (featuring Feedback)

Miliwatt Flatts

Downtilt

Auntie Bracket and the Mount-notes

Samantha Spectrum

Paul Predictor and The Heatmaps

 

Wireless Is So Not About Wireless Networking Anymore

Lee you fool, you've gone mad. How can wireless not be "about" wireless? 

Before you run off to another blog, let me clarify: today, as we stand in THIS SPOT in the wireless networking universe, never has the WLAN paradigm been so complicated. Yeah, we still need to get APs out there and provide access to wireless clients, but sitting through the sessions at Wireless Field Day 5 has me waxing philosophical. 

Like frogs in a pot, we've all been slowly boiling in increasingly complex waters over the last few wireless years, and it's easy to not notice that it's happening. Having sat through excellent sessions with WLAN vendors (Aerohive, AirTight, and Motorola- with Xirrus and Meru on deck) and toolmakers (Fluke Networks, MetaGeek, and WildPackets- with 7Signal later today), it's safe to say that to be in the wireless game today means being more diversified in skills and general IT sensibility than ever before. 

As the 11ac tide starts to rise, we're all faced with decisions:

• When do we start taking our own networks to 11ac?
• When do advise our customers to move to 11ac?
• Is moving to 11ac a given for everyone?
• Is 11ac the juncture where we consider changing WLAN vendors?
• Is 11ac the juncture where we look more at cloud-managed options?"

These are easy enough to grasp, and behind each of these questions there are other questions regarding the states of our installed network wiring, what generation switches we're running, what version of PoE we're on, etc. But these issues are rather pedestrian compared to what else is afoot right now under the umbrella heading of "wireless networking".

While marketing departments still like to lead with "we have the best APs! Look how freakin' fast we are!", there is a lot more to consider as our WLANs modernize.

Along with the radio technology and bandwidth sides of 11ac, we're facing an onslaught of factors to grapple with- like:

• a slew of analytical capabilities and ways to use that data
• device onboarding that can be as nuanced as your mind can dream up
• the ability to assign access privileges to device types, user types, application types, locations, times of day, and combinations of any and all of these
•  application visibility and taking action on what you see
• the system administration of complicated management systems that frequently fall on WLAN types (somebody has to keep them up)
• the increased number of bugs that come with the floodwaters of new features
• a procession of ancillary services and servers that don't directly have anything to do with client devices talking to APs, yet each is part of the bigger picture

You can make the point that none of these really have anything to do with 11ac per se and are better suited for policy and staffing discussions, but here are my counter points to that:

• To "go" to 11ac, you likely have to upgrade code on controllers, management systems, or whatever magic is afoot in cloudland
• When you upgrade, you get lots and lots of features that you didn't ask for- you're already buying them (unless they take stand-alone licensing, which is its own story in inconstancy across vendors)
• The more features you use, the more you have to troubloeshoot, debug, define policy for, educate users and support staff on, and watch over for issues
• The ancillary services in use for our WLANs frequently take more effort to keep on the rails than the wireless environment itself does
• Almost any part of the environment has the ability to convince users that the WLAN itself is borked, when the problem may actually be off in the hinterlands of the ecosystem 

Put it all another way- 11ac makes WLAN more complicated, but the accompanying backdrops and backstories of our networks are also getting dizzyingly busier. So busy in fact that they can make talking about 11ac itself seem like the easy part of the equation.

I'm not bitching, mind you- but just taking note. These are complicated times for wireless networkers, and sometimes "wireless" really has nothing to do with wireless.

 

The Little Adapter That Could... WildPackets Gives Us First 11ac Capture/Decode

As we all sail into the 802.11ac years, we're getting antsy about tools that will support this rather complicated and nuanced standard.  How do you support and troubleshoot an environment made up of clients each using any one of dozens of permutations of spatial stream counts, data rates, and channel widths in wildly dynamic environments?

There has been a fair amount of buzz around early-shipping 11ac access points and clients with lots of philosophical buzz about uplinks, PoE requirements, and such. But not so much of substance has been said on the "and here's how you'll troubleshoot it" front. Here at Wireless Field Day 5, we spent Day 1 with a couple of network tool-makers and got perspective on where Fluke Networks and WildPackets are both going for 11ac support. Each sessions were great, with more to follow on Fluke Networks in another blog. Here's what went down at WIldPackets.

The short of it: Wild Packets provided delegates with a nifty little USB adapter that can do legitimate 802.11ac packet analysis on their latest (7.5) OmniPeek.

I recently wrote about 11ac troubleshooting and WIldPackets a bit in my Network Computing blog, and it was great to have the opportunity to sit in WIld Packets' conference room and get a demonstration from a master- Director of Product Marketing Jay Botelho.

Each Field Day Delegate was outfitted with the Linksys AE6000 mini USB adapter, the custom WildPackets driver that makes it all work with the all-important promiscous mode capabilities, and an eval copy of the latest OmniPeek. From there, Botelho showed the process of 11ac support with OmniPeek, discussed the challenges of 11ac when tackled at the packet level, and got the delegates each equipped to do their own captures.

Fellow delegate (and Wireless Jedi) Keith Parsons documented the process for getting this arrangement to work on a Mac laptop running Parallels- a very good read.

What I Hope To Get From Wireless Field Day 5

Being selected as a delegate to a Tech Field Day is a bit like winning a Golden Ticket to Wonkaland for us tech types (instead of chocolate, there is a lot of wireless fodder to enjoy). I'm pleased as can be to be going back for my second Wireless Field Day event, having attended WFD4 and soon, WFD5.

Given the Silicon Valley's prominence in the IT world, a trip there is something akin to a pilgrimage for those of us too far away (by both distance and circumstance) to get there very often. And that touches on my first goal for Wireless Field Day 5: simply being immersed in the tech-rich backdrop of the San Jose area. I'm not a tremendously spiritual person, but there is a powerful vibe afoot just under the surface "out there", and it bubbles up time and again throughout the few magic days that are Field Day.

The corny stuff aside, here's some of what what I hope to get out of my time at WFD5:

• Reconnecting with organizer Stephen Foskett and my fellow delegates. Most of the group was at WFD4, but there will be three new-to-me faces among the delegates, as well as Stephen's expanded staff. These folks are sharp, down to earth, a pleasure to do the event with, and extremely deep in wireless networking knowledge. This alone makes the trip worth it.


• In general, I'm looking forward to all of the companies that are presenting to give us a glimpse behind the curtain at what they are about to release, what they are thinking on a number of fronts, and what they want to know from us, the delegates. Expected hot topics: 802.11ac, analytics of various sorts, new tools and optimization methods.


• Speaking of tools and optimization, 7Signal is sure to be a delegate favorite. I'm guessing we've all seen at least snippets of their case studies and what they recommend to make good WLANs even better. I hope to hear clarity on this topic, and to get a sense of whether 7Signal gear is more affordable than it seems and to hear about optimization tweaks that are real-world applicable.


• With Meru Networks in the lineup, I'm guessing I'm not the only delegate hoping to walk away with a better understanding of their "secret sauce" for single-channel virtual cells, and whether there is more than just bluster to their occasional hubris (as I've covered in my Network Computing column). To a certain degree, the same goal applies to Xirrus- I've covered them a number of times but never quite got totally comfortable with the array thing. But I keep an open mind...


• For Aerohive Networks, I'm both looking forward to updates and just as much to meeting the likes of Andrew von Nagy (perhaps the most approachable and willing-to-share senior tech guy from any vendor) and his homies. Aerohive just seems to have a different culture, and it'll be nice to spend time in it for a couple of hours. (my latest Network Computing piece on Aerohive is here).


• AirTight Networks will be interesting because they are "new", at least as a wireless access player, in a very competitive market. I have a Network Computing piece on AirTight now running, and also recommend this piece by Man-of-Action and  fellow Field Day Vet Matthew Norwood.  Hearing their story in person will be pretty neat.


• MetaGeek, WildPackets, and FlukeNetworks are all fairly significant players in my wireless world for tools. I've been a MetGeek fan from the days of the original WiSpy, and also frequently use EyePA and InSSIDer for Office (best blog on this one from another fellow delegate, Sam Clements). I'm looking forward to hearing any new announcements from the tools folks (gotta be something in this mix about 11ac) and maybe picking up a tip or two about how to better use the products I already have.


• Finally, Motorola always stokes my interest because they usually have a somewhat unique story and understated approach versus the "aggressive" marketing of other industry players. I'm a fan of many Moto business units (as a radio and Android guy, that's a given), and caught up with the WLAN folks at Interop in Vegas just a couple of months ago to hear their opening 11ac story. I gotta feeling they'll have something new for us.

It'll be a busy week at Wireless Field Day, and my eyes and ears will be open. Standby for updates.

The Thing About Code

Code is amazing stuff. Good code puts people into space, runs super-colliders, and keeps the Internet ticking. Bad code on the other hand, winds up on wireless controllers.

OK, just kidding.

Maybe.

For the life of me I can't understand how vendors keep crappy code listed on their download pages, often at the top of the list, for customers to find. You know, the kind of half-baked stuff that everyone from sales engineers to tech support cringe at when you tell them what version you are running. Which often also happens to be the same code that others from the same company declare to be "the good code", and recommend that you go to to get past some other problem with earlier buggy code. Ever been there? It pretty much sucks, yet this rhythm seems to have become an operational model for some vendors.

This is where we pause, and I read minds. Quiet please..... quiet..... shhhhhh. I'm picking something up..... ah yes, got it. The "testing" fallacy- I'll address that..... wait, one more coming.... what's that? Oh, sure- the release notes thing. Let's talk about both of those.

I hear an awful lot of "test, test, test!" from colleagues and respected industry folk. And I do agree that nothing, including code, should be rushed into to. But please tell me- other than just being a mantra, what does "test, test, test!" really mean? Does it mean load the code on a test box, configure it the way you'd use in prod, throw clients at it, and then wait for smoke and screams? OK, that's acceptable. Or maybe it means that you should actually take what I just mentioned and add whatever new features that interest you into the mix, and make sure they don't create problems. Fine, yes- this too is arguably reasonable.

But guess what vendors? If you expect us (and evidently some of you do) to be your crowd-sourced QA departments, let's call it what is and put warning labels on code:

"Caution: we either don't quite know WTF this code will do in many environments, or we have some inkling, and it ain't pretty. But we're putting it out there anyways so you can be our debug squad. Stuff that has always worked now may crash, but it's worth it because this is NEW code."

We buy the hardware and code, pay for support on it all, eat the pain and suffering that comes with the shaky code, and the vendor gets to say "you really need to test new code and let us know what you find". Everybody wins- except for the customer.

We don't know what modules and packages were added and changed, and we're not programmers with access to source views to that which is causing us pain. (Funny how we don't tend to have these problems in the mobile network world.)

Then there are the release notes. Hats off to vendors that are open an honest about their shortcomings with their code. But... when the same bugs are listed for years, you start not to pay attention. And some unresolved issues sound minor, but can bring the house down. Others sound apocalyptic, but actually happen so rarely or have minimal real impact that they can be safely disregarded. But they are all listed in the same terse "you figure it out, and good luck with that" manner. The onus is unfairly on the customer to wade through it all, and that is wrong for COTS gear- would be different if this were all open source.

So how do "we" fix this?

• Stop putting out shitty code. Plain and simple. Just stop. New features aren't worth instability- client access is the key mission of the WLAN and if the WLAN is melting down from crappy code the key mission is compromised


• If code is found to be crappy on a catastrophic scale, PULL IT. Don't leave it up for others to find. And reach out to customers pro-actively like an automotive recall to let us know about it. Many WLANs these days have million-dollar plus price tags- we deserve better.

It's time to stop the code insanity.

Good Pineapple, Bad Pineapple, Educational Pineapple

Years ago, I got certified in CWSP and also taught wireless security for a while. I took an amazing class from SANS back in 2008, and had the honor of having Joshua Wright as the instructor. I've written a fair amount of wireless policy, designed networks that use 802.1x, VPN, Encryption Gateways and almost any other mainstream (or slightly off the beaten path) security method available, and have done the PCI and HIPA wireless things. I got really good at finding rogue APs through network clues, combined with "other" elements of information that many in wireless might find atypical (thank you, ten years in a fascinating Air Force career field). I like to think that even though it's not my current core competency, I generally "get it" when it comes to wireless security.

But my goodness, what a pineapple is teaching me.

OK, it's not a real pineapple- it's a cute little router warmed over with bastardized Open-WRT firmware. And it's teaching me (and reminding me of many things I'd forgotten) a lot about general wireless security.

Part of the experience, as I contemplate why I'm enjoying this evil little toy so much, is where it falls on my own timeline. My Linux skills used to be a lot stronger than they are now for lack of use, phishing is becoming commonplace, and I'm part of a society that is generally both more mobile and hyper-willing to jump on any open WLAN they can find. For me, the Wi-Fi Pineapple is providing hours of entertainment and serving as a self-guided training course of sorts in wireless security, penetration testing, and being an absolute pain in the ass to those nearby.

Once you get set up (spring for the thumb drive, it's pretty much essential), there are roughly a couple of dozen "infusions" or packages to install. Some amount to stand alone hacks/tricks, others work in concert to pull off the likes of a sophisticated phishing attack.

I'm basically working through the list, getting competent in each infusion as I go. This is accomplishing the following for me:

• making me dust off past Linux command skills


• making me think about why what I'm doing is working, or not


• taking my brain to wireless places that I don't have to think about day to day


• making me much more paranoid and careful about using public Wi-Fi


• helping me to understand the mechanics of a number of wireless attacks


• putting me in a better position to participate in, defend against, and converse about wireless pen testing by making the attacks easy to do and demonstrate


• providing great fun- who doesn't like Rick-rolling family members?

Those who are deeper into real wireless security or have good scripting skills might wave off the Pineapple as something you can do yourself for cheaper and without the pre-packaging. I don't debate the point, but I also know that I find great value in the support forums and slew of Pineapple related videos available all over the Internet. I like that the Pineapple is a starting point, and that lots of people who try to use it get frustrated- it shows that you still need to think and experiment at least somewhat. Your experience, curiosity, threshold for cheap-thrills, and general knowledge will have direct bearing on how much value you get out of the experience.

This little unit is great fun, but after playing with it I can say this: the thought of a secret army of Pineapple soldiers out among the common folks in public wireless cells is a bit disturbing. It's worth reading about, if for nothing more than knowing what kind of relatively-easy-to-use potentially bad stuff (it's just a tool, it only becomes bad when the user opts to go that way with it) is out there.

What's Up With Cisco's 5760?

So the new 5760 Controller is here. It's IOS based, it supports 1000 APs, it has 10 Gig interfaces at long last... what's not to love?

Plenty, actually. At least right now.

Cisco's wireless controllers are fairly complicated beasts, especially on large networks that use multiple SSIDs with differing feature sets across each one. With each code release, more features get unleashed, which ups the complexity in exchange for capabilities like RF Groups, application visibility and control, rate limiting, and Clean Air. This complexity pretty much demands that multiple controllers and lots of APs serving huge volumes of clients be managed by the likes of WCS, NCS, Prime NCS,  Prime Infrastructure, Supreme Excellent Unificated Management Suite, or whatever we call Cisco's wireless management platform this week. It can be challenging to stay on top of Cisco's endless parade of new features, capabilities, bugs, interface changes, gaps between CLI/Controller UI/Management UI, licensing changes and other nuances, but that is the nature of the beast. We can do complex, even quirky.

For wireless controller code, we have other challenges. Some versions are to be avoided by even Cisco's recommendations (?) while others are the darlings that we all love. If you want stable code, that's not always the same thing as the latest code. You have to talk to SEs and TAC to find out what code is preferred, and what is the other stuff. (Who uses the other stuff, and why is it even out there?) Then there is the dance between controller code, Prime Infrastructure code, and the Mobility Service Engines. They all tend to have mutual dependencies. Complex, quirky.. again, we can deal with that.

Back to the 5760 Controller.

A controller that supports 1000 APs is aimed at big environments. Big wireless networks tend to require trending, configuration templates, and reporting- you know, management type stuff. This is why we all have PI or one of it's earlier versions. But... the 5760 isn't compatible with current PI (1.3). So, for now you get real-time views of client and AP behavior at best, if you can scrape what you need directly out of the 5760.

In fairness to Cisco, they did include the fact that the 5760 would not be managed by Prime until PI 2.0 in their January 2013 announcement on the new controllers.

At the same time, SEs and sales folks that know their customers' environments arguably have a duty to say "you know... you can't manage this thing in your version of PI- are you sure you want it?" That it was even released "unmanageably" is pretty confusing to me when I contemplate trying to support thousands of clients on a 5760 with no NMS after years of running a big WLAN.

The UI on the controller itself currently looks like a knock-off of the 5508's interface (it actually strikes me as a phishing-kinda cheesy copy of a real UI). And... many of it's features are buried in the CLI, no exposure in the UI.

Speaking of features, AVC was a big thing when it came out earlier on other WLC versions- huge actually. Once you turn it on and start using it, you wonder how you did without it. On the 5760, you won't have to wonder- you will do without it as AVC (and other big-deal features) isn't in this biggest, newest controller.

Nor is preferred happy coexistence with 5508 controllers- unless you are willing to drop your 5508s back to 7.3 code, or wait for new 7.5 to come out sometime in the future. If you are on current 5508 code (7.4 train), you won't seamlessly roam your clients with 5508s.

(I won't even get into the HA thing that was touted when the 5760s were announced, that you can't leverage yet either.)

Final word: today, the 5760 is almost like a real controller that you can't yet properly manage. Things are supposed to get sunnier later in the calendar year for some of the limitations described here, but why didn't Cisco simply wait until they had a more fully baked unit to dazzle us with?

This is just a bit weird. Are IOS and the 1000 AP count supposed to be the sparkly things that distract you from all the warts? Complex and quirky are arguably acceptable. Beta-quality and incomplete are other animals completely. Don't we deserve better by now?

 Am I missing something? Would love to be wrong in my analysis...

Bluesocket Lives, Evolves Into Managed WLAN Services Offering Under ADTRAN

Back in the day, Bluesocket was THE commercial captive portal for wireless networks. As WLAN in general gained broader acceptance and the market widened, Bluesocket also started providing access points and morphed their captive portal appliance into a controller (like the WLAN big guns were starting to use with thin APs.) As this was playing out, Cisco, Aruba, and at the time Meru, were largely dominating the market and Bluesocket  didn't generate a lot of buzz anymore. But- nor were they "over".

My Own Bluesocket History

I have covered Bluesocket through the years for my column in Network Computing, like when the company introduced their initial controller offering, and then their virtual controller option. Network Computing also covered ADTRAN's acquisition of Bluesocket in a piece done by colleague Steve Wexler.

On the personal front, I helped pre-ADTRAN Bluesocket develop a new guest access feature set that perfectly fit the needs of my University when our native Cisco wireless guest option was anemic by comparison. To this day we still  use the Bluesocket portal for guests, and though it may be a bit dated, it still has amazing administrative flexibility and works great for letting guests self-sponsor or be sponsored based on cell phone number as user name. (I made more than one plea for both Bluesocket and ADTRAN to spin this off as a separate product but they didn't bite.)

Bluesocket also donated controllers that I took to Haiti on a humanitarian IT visit  that serve as the functional heart of two networks on University of Haiti campuses that me and my fellow volunteers created.

You could say I have a bit of a soft spot for Bluesocket given my history with the company and their products.  But after the ADTRAN acquisition, the already small player in the WLAN space seemed to get even quieter. But wait...

With their latest announcement, ADTRAN's Bluesocket may be on to bigger things.

Following similar recent announcements by Meraki and PowerCloud, Bluesocket is throwing their hat into into the cloud-managed hosted WLAN ring.

ADTRAN calls their new offering ProCloud, and it hopes to empower channel partners, integrators, and service providers with the ability to provide hosted enterprise-grade WLAN offerings to customers built on established the Bluesocket vWLAN magic-in-the middle.

Also announced are ProStart (installation, service, and training for customers that can't do their own wireless for whatever reason)  and ProCare (customer-selectable maintenance support options.)

See ADTRAN's page on ProCloud,     and Business Wire press release.

Wireless is certainly a competitive landscape to begin with, and the expanding managed WLAN pot is starting to simmer with interesting players jumping in.  Though I get that ADTRAN and competitors see the hosted WLAN thing as an easy service-add for partners that don't yet really offer wireless, I hope those who follow this path all don't lose site of the fact that "easy wireless" doesn't  automatically equal "good wireless" and that proper design and policy are still the cornerstones of successful WLAN.

I wish ADTRAN and my old Bluesocket friends best of luck in their new venture, and I'm sure I'm not the only one who will be following how managed wireless services will impact our industry.

Pondering WLAN Innovation

The modern wireless network, regardless of who creates the components, is certainly getting complicated. But is it innovative?

Asked another way- does sheer complexity equal innovation? And who decides what constitutes an innovative feature or component? Is it the vendor? The customer? A developer thousands of miles away from both?

Here's where I pause, and assure readers that what follows is not meant to bash any company, I'm simply pondering what innovation means to today's WLAN, and whether it couldn't perhaps be stewarded along a bit more collaboratively as the world gets increasingly more dependent on the fruits of our wireless labor and our systems get fatter with features.

There are a lot of definitions of Innovation, and some pretty fascinating reads on the topic. For the purpose of what's on my mind, I'll call innovation a good idea that serves customers well with some meaningful market duration while making the originator a profit. Simple enough. If I had to give innovation a formula, it might look like:

(Good Idea + Customer Acceptance) x (Time on Market + Affordability) =  Amount of Innovation
Or something like that.

Back to the question of who decides what constitutes innovation? If a new feature or product is marketed as "an innovative new offering", my first thought would be "how do you know it's innovative if it hasn't proven itself in the market yet?" Time judges innovation, not the person who came up with the idea. Sure, HP's TouchPad was an engineering accomplishment, but if it was really innovative, it wouldn't have tanked, would it have? Or maybe it's too harsh to say that "failed innovations weren't really innovative after all" (Perhaps some would-be innovations come along at the wrong time- again, I'm just pondering.)  Whatever- it's heady stuff to contemplate at the analytic level.

Back to wireless networking. I look at some of the systems I use (both for client access and WLAN management) and see a mix of innovation and feature bloat. Sure, there are nice aspects that bring value to the typical customer, but also ill-conceived features that obviously were never presented to a WLAN Admin Focus Group. Because they are all packaged together, you have have to tolerate the non-innovative distracting stuff to get into the innovative features, It's just the nature of the beast. Maybe this overall affect could be improved. Maybe we should start hyping BYOI as much as we hype BYOD.

What's BYOI? It's Bring Your Own Innovation- and we need more portals for it between customers and WLAN makers.

Wireless network administrators know what they need. Arguably, they can be serve as the advisory panel for features likely to be good innovations, and also judges for when an innovation has "expired" and needs to be replaced (why I am thinking of Apple's Bonjour protocol?) Sure, vendors give us hyper-complicated systems bursting with graphics and endless menus, but that doesn't mean we've been given innovation. And innovations don't have to be crazy disruptive and life-altering for the entire WLAN space, they can just be simple little changes that we'd buy more of because they are needed.

Without a clearly defined method of getting feedback and feature requests to decision makers within WLAN companies, it is my conjecture that innovation suffers. Meraki came close to getting it right with their Make a Wish mechanism (i remember being thrilled when I asked for alerting on DHCP pool exhaustion and then it showed up shortly after), but even after I made my wish, there was no way of knowing whether it was heard. Or whether others had asked for it as well. For many big companies, the culture seems to be "you the customer can just wait for us to innovate on your behalf, and if you feel like getting frustrated feel free to talk to your SE who also has no clue what's coming". Again- no bashing; the WLAN industry is generally amazing. But some of us would like to influence the innovation we pay for and help the mothership to realize when they get it wrong in the name of innovation.

Wouldn't it be cool if each vendor (or the industry itself) had a portal for  "What Admins Love and What Admins Hate About The Current System"? Ideally, it would be visible to at least other customers of the same system so we could see what our peers are also thinking. And if once a year, the feedback was aggregated, sorted, and put in a Top 5 of Loves and Hates with vendor commitment to answer them in some meaningful way ("Yes, we see that 98% of you hate the new Flash Interface, we'll try to work on that by 12-months out", or "75% of you would like to see ______ but here's why that is technically impossible" kinda stuff). Or if not a feedback dashboard, some mechanism that accomplishes the same thing.

We The Wireless People would love to have more of a hand in innovation, for everyone's benefit. We're closest to our clients, we know what we need, and we know what we don't. And if it doesn't get used, it isn't innovative.

MetaGeek inSSIDer for Office hands on

Playing with my own copy, also provided by MetaGeek- I could do no better than Sam's write up. I encourage you to read it, and have found great value over the last couple of weeks in inSSIDer for Office, even in environments that are "too big" for its intended use. This one is a keeper.

Remembering Back When Wireless Was Edgy

For those younger IT types that grew up with wireless, this quick trip down memory lane might be little more than a yawnfest. But many of us remember when wireless was new, edgy, and fraught with mystique. This piece is for us geezers.

Back in the day (that day being around the late 1990's/2001-2002ish), wireless networking had a whole other vibe. It was a relatively expensive technology, and usually served as an "accessory" to the wired network. Or it provided point-to-point bridging alternatives to leased lines. To "do" wireless, you had to understand networking and have a solid working knowledge of RF. Early access points were way too expensive (and client counts were too thin) to warrant dense deployments so you had to know your stuff when it came to antennas, power settings and how to manually manage a given RF domain.

But aside from "I do wireless for a living" aspects of early Wi-Fi, there was an adventurist culture attached to wireless networking that has arguably faded away (or maybe it's just matured, too?). Some of us got into "war driving", seeking out wireless networks for the pure joy of finding them and seeing what we could learn about them. People did unholy things to Pringles Potato Chip cans and woks and old satellite dish antennas in the name of shooting signals further and hearing them from longer distances (which was part of the overall security threat package to early wireless.) The really geeky among the wireless-curious wrote WEP cracking tools, and the rest of us felt ten feet tall when we actually made those tools work for us to divulge what their owners were trying to protect. Again, it was just a different time, and there was a lot of thrill factor associated with wireless.

So why bring it up now? Depending on how you measure such things, we've had a few generational evolutions from the good folks of 802.11ville, and the connected world has certainly "gone wireless". WiFi is so commonplace, it's no longer just the realm of specialists- though the same skills are still needed as before (and then some) to really pull off "wireless done right" in a complicated world.  Sure, the past has passed.

But, I recently stumbled across something cool on the web that got me a bit nostalgic...

Anyone remember these days? Or these? Being a "radio guy", the notion of creating your own antennas and making signals go long distances is one of the things I've enjoyed through the years. At the same time, today's systems tend to be more micro-cell-ish and so  I had somewhat put this chapter of the Book of Wireless away in my mind's library.

A couple of days ago, I was researching something unrelated when I came across the WiFi Shootout links from the the 2004-2008 time frame. As cheesy as this sounds, it was kinda like looking at a photo album of my children, or at least children that I was quite fond of.

Ah, how far our wireless baby has come, and what a thrill it has been watching it grow up. *Sniff*.

Now be honest- how many of you have a tattoo that looks like 

this?

 

Gimme A Wireless Virtual Client Function, Already!

I'll start this post with two admissions:

1. Of late, I've been interested in the capabilities of 7Signal.

2. Long before 7Signal came to the WLAN space, I've been beating the drum for my WLAN vendor (and all vendors) to deliver what I call virtual client functionality. 

On 7SIgnal, I'm struggling with sticker shock and trying to figure out where it's very cool capabilities stop and where they overlap with tools like Cisco's CleanAir (which isn't cheap either). I am hearing good things about 7Signal from current customers.

About that virtual client thing, it is something 7Signal can do (along with a slew of other cool  things). But by now, I also think this is one of those capabilities that should be built into enterprise WLAN systems. (If I'm not mistaken, Motorola comes closest to having something like this.)

Quick note to vendors- you give us one innovation after another that you think would benefit your clients. Thank you. But how about this one that is long overdue? Your customers that actually run the WLANs of the world would LOVE you for it.

Here are two versions of what I'm looking for:

Simple version:

• I can do all of this through my wireless management system
• I can schedule the function to run at regular intervals and report on it
• I choose one of my installed APs to put into "Virtual Client Mode"
• Through the wire, I can have my Virtual Client connect to each of my SSIDs and exercise the likes of RADIUS, Credential Stores, DHCP/DNS, L2 and L3 paths via ping, traceroute, etc, rate limiting, throughput tests, whatever
• All of this is coordinated in a way that doesn't disrupt the existing client environment

Advanced Version:

• All of the above, PLUS
• I can manually choose any AP within a given range
• I can tell the virtual client to test itself against every AP it can hear within a certain range

You probably get the gist. The payoff- I can "be" in buildings or at sites that I don't have to travel to. The Virtual Client would be a force multiplier, and in many situations would bring far more value than seeing pages upon pages of rogues and interfering signals from neighboring WLANs that I couldn't react to if I wanted (hallmark of many current systems).

I can't believe that I'm about to say this- I get tired of the sometime extreme feature licensing that has come to be all too common in the WLAN industry. But I'd actually pay (a fair price) for GOOD virtual client functionality. 

Am I asking for too much? Are there WLAN vendors beyond 7Signal that are natively doing this that I don't know of?

Why is Aerohive the Only WLAN Vendor On Twitter?

That's right- I don't see any other WLAN vendors on Twitter.

Like really "on" Twitter.

Sure, I see lot's of other WLAN vendors with a Twitter presence. I follow as many as I can. But it's all so much marketing and promotion of webinars and other droll foofah. Not that these communications don't have a place, but there should be so much more... like what Aerohive does.

No, this isn't an Aeorohive suck-up session. They have innovative product and a fresh story that stands for itself. But what also sets Aerohive apart is how their senior tech folks interact  with us geeks on Twitter, in a way that is not only welcome but also sorely needed in a wireless world that grows ever more hyper-complex.

When folks with titles like Chief Wi-Fi Architect, Senior Wi-Fi Architect, and Director of Product management routinely engage customers and non-customers alike on social media, the information exchange is dynamite. This is what all vendors need to be doing. Aerohive has either purposefully or without realizing it empowered their wireless power people to get the message of their solutions out as vigorously as the marketing team does- but even better, they are providing guidance and facilitating discussion on topics that customers of ALL vendors have a stake in. In other words, Folks like Devin, Andrew, and Matthew are also upstanding citizens in a fairly small wireless community, and we all benefit from it.

As we all march towards 802.11ac, more complicated feature sets, unification of everything under the wireless banner, and an immersion in the Sea of Mobility, we need more Twitter-style interactions from vendors' tech folks. Sure, it's risky letting non-marketing employees talk directly to customers and potential customers. But to those of us that read the whitepapers, do the webinars, and visit the vendor booth at the tech shows yet still want more engagement on topics that shape our thoughts and strategies, the more informal interactions we have with the tech folks are invaluable. Sometimes it's technical nuts and bolts stuff, sometimes it's theoretical or contemplative, and sometimes it's silly. But the mutual shaping of perspectives is valuable on many levels.

Come on, wireless vendors, you all have some amazing minds behind closed doors. That's evidenced by the insanely cool products and features that you put out. At the same time, we can't typically reach them- and they can't reach us. It's not your model. You give us division names for Twitter handles like "xxx mobility" and "yyy solutions"... fine, they have value. But we also want to interact with named people on occasion. Like Devin, Andrew, and Matthew. People who not only represent their employers well, but who are passionate about wireless networking and want to share that passion with others.

To balance the risk of letting your tech folks off the reservation a bit,,, you'd get better reads on what matters to those who use and manage wireless networks, we'd better understand why you chose some of your product decisions and feature sets, and powerful relationships at personal levels would get built among WLAN professionals. Yeah, it might feel weird in the beginning, but if Aerohive can pull it off (and quite nicely, I might add), so can you.

With 11ac, The WLAN Industry Owes Customers A New Kind Of Network Switch

I realize I'm beating the 11ac thing up pretty good lately, but I think I finally hit on what bugs me about the way the new hot technology is being brought to market. What I'm about to describe is more of a BAN issue (BAN=BigAss Network, where APs are counted in the hundreds or thousands) and not so much of concern for smaller environments.

802.11ac is being delivered in rather bizarre (for the customer) "waves".

• Wave 1: Data rates to 1.3 Gbps. You'll do fine (for most new first wave APs) with a single Gig uplink, and many new APs will work on 802.3af POE, not yet requiring .3at. Fine, good. No real squawks.


• Wave 2: You get the joy and cost of recabling your environment to add a second Gig uplink, doubling the number of switchports in use for the WLAN and configuring Etherchannels, and depending on what vintage switches you have- upgrading them for latest POE standard, all to help get to data rates likely to realistically be between 2 and 2.5 Gbps best case.

And this is where I say "time out". I'd like the WLAN makers to bear some of that Wave 2 logistical pain. And I want them to get creative to take the onus off of the customer. Here's what I want:

• In simplest terms- I don't want to use two cable runs. And I don't want the complexity and risk of 4000 more Etherchannels for my APs. But I still want the benefits of 11ac Wave 2.


• I would like the WLAN vendors to put their brilliant minds (and that I do mean sincerely- these guys and gals accomplish amazing, amazing stuff) to work to come up with a new switch or mid-span injector. Here's the requirements:
  
  
  
  • No feature bloat. May not even need to be VLAN aware.
  
  
  • Provides lots of PoE
  
  
  • Somehow puts 2 Gbps of uplink to an AP on a single UTP run without requiring me to configure a port channel
  
  
  • Cost effective (by customer standards), no licensing BS, and ultra-reliable
  
  
  
  

Spare me the lecture that there is no such thing as 2 Gig Ethernet, and that what I'm asking for would be based in no existing standard. The WLAN industry has long since turned it's back on standards and interoperability, which is why vendor lock prevails. Other than PoE and what comes out of the antenna (and even that can be a dubious discussion), the mention of standards is a joke in the WLAN industry as each vendor authors their own technical magic. So be it- I just want new magic and don't care that it's not exactly Ethernet in the middle.

I'm OK feeding this new component a 10 GB uplink that it then divvies up into auto-configured 2 Gbps AP uplinks of some proprietary protocol. Or feeding it 2 single-gig ports on my wireless management VLAN that it then magically muxes into a 2 Gbps, big powered uplink that connects via a single wiring run (of excellent quality, of course) to each AP. At that point, all of MY work was done in the closet, and I didn't run a slew of new wires for my wireless network.

If we don't get something disruptively creative on the wired side to go along with 11ac, pretty much any TCO discussion on new 11ac ownership presented by WLAN vendors will be incomplete at best, and poppycock at worst. I've seen both announced and unannounced 11ac products- and the prices are pretty steep (well, except for Ubiquity). But we're supposed to believe that 11ac lets us draw down the wired network considerably, and so be willing to buy into a higher premium for wireless. But... adding lots of new switchports and cabling runs (not trivial in many environments,  can add hundreds of dollars in cost to real TCO for each AP) has to be considered.

As a customer, I feel OK asking- because the customer is always right (well, except when they're wrong). So... when will my new non-standards-based 2 Gbps mega-PoE switches arrive?

Could Cabling For 802.11ac Revolutionize The Low Voltage Industry?

Caution- at first read, the following may seem a bit nutty. I'm OK with that. Let it sink in...

As I wrap another interview with a major wireless vendor, once again I hear that 11ac access points will require two Gigabit uplinks bonded as an Ether Channel to handle all of that high-rate data traffic goodness that comes with the pending WLAN standard. Let's pause for a minute- think about the wiring now in place for your APs. Most of us have a single Gigabit (or Fast Ethernet) run to each of our APs. Which means 11ac is going to MINIMALLY force us to add another wiring run per location, or redesign the whole pricey cable thing from scratch (maybe not so big of a deal in small, modern spaces- but an absolute nightmare in large environments, historic buildings, etc.).

Bottom line- UTP (that's 4-pair network wiring for the uninitiated) will be added for 11ac. Yes, you will be runnin' some wire, Jack. Here's where I want you to wander into the Land of Imagination with me.

Why just run two wires to each AP? Why not run three? If you're running wire anyways, what the heck? I'll bet you're wondering what that third wire is for, huh? It's for emergency LED lighting. Or small Crystal Eye-style CCTV cameras. Or paging/muzak speakers. Or heat detectors. Or femtocells. Or a bunch of other distributed devices that are already part of the Low Voltage landscape- except in my vision, they are now somehow integrated into the access points that are all over the place. So when you device-out a new space, you have a common cable plant and decidedly less pathway and location complexity.

How does this get done, like from the component build perspective? I don't know- I'm not that kind of engineer, So it's easy for me to simply envision it and let someone else say the words that poo poo the notion. In my mind, I take my new 11ac AP out of the box, I attach one of a dozen different low-voltage device modules, connect three wires,and I hang it. Back in the closet, two wires go to my Ethernet switch, and one patches off to an emergency lighting system. Or the third wire also patches into the switch on another VLAN for CCTV. Or for the fire system. Or whatever.

Yes, WLAN makers would have to get cozy with folks in other industries pretty darn quick to come up with this sort of model as 11ac rolls out and we all start planning for the new wiring runs needed for it. Heck, I'll even give 'em until Wave 2 to get it done.

If I'm paying through the nose for new access points AND new wiring, why not get something truly practical, innovative, and cool out of it? Architects/space designers would love it- they tend to hate all of the devices that are mandatory on the walls and ceilings of business environments.

OK, maybe it is a bit nutty. At the same time... maybe there's something to this idea.

Pre-Review of Earl- The Ambitious Tablet (from a radio geek's perspective)

I don't quite recall where I first got wind of the Earl Back-country Adventure Tablet, and it doesn't really matter. Being into a variety of radio technologies, Earl called me.. nay- Earl YELLED at me- to consider all sorts of unique features for a tablet. And Earl is pretty darned unique- but can it make a go of what it's trying to be?

Here's my early take.

If you are an Android fan, Earl is interesting. If you are the outdoorsy type, Earl is interesting. And if you are a radio hobbyist- like really into the technology of radio, Earl is interesting. Being all of these, I'm jazzed about the premise and promise behind an environmentally ruggedized tablet that's loaded with radio technology. But I also have real concerns.

Here's what Earl has under the hood that fascinates me:

• Tuners for AM/FM, Shortwave and Longwave
• Weather radio (NOAA, with local alerts)
• 802.11 b/g/n WiFi
• GPS
• FRS, GMRS, MURS "walkie-talkie" capabilities
• Solar charging (built-in panel)

There are plenty of other tablet-related things to talk about, but I'll let someone else do that. From the above list, I can talk about all of these first hand. First and foremost- just reading the list thrills me. I'm a licensed ham radio guy (KI2K, Extra Class- yes there are still many of us out there). I have a number of shortwave receivers. I actively listen to Longwave, which is just a weird band. I'm a broadcast radio junkie. I do Geocaching. I'm a trained Storm Spotter and seldom don't have access to a NOAA wether radio. I've taken solar power classes and play with the technology every chance I get. And yes, I have a pile of FRS radios... add that to my WiFi-ness, and Earl should be a match made by Marconi himself in Radio Heaven.

But here's why I'm also a bit jaded (in no specific order).

• Earl's specs say it will fully charge in 5 hours in direct sunlight. Not bad- but multiple radios in use (say GPS and FRS) along with the display and normal tablet battery-sucks all sucking on the battery teet at the same time can really drain batteries quick. And full sun in many places isn't a given. I'd probably pack an external USB-power source and not rely on the solar panel (though again, I love having it as an option.)
• Earl's specs also say you can "communicate up to 20 miles away" with the FRS/GMRS/MURS radio capabilities. To this I say "yeah, right". Exaggerated claims of range on these walkie-talkie style, stubby-antenna'd radios are legendary, and this space may actually have marketing even more outrageous than the WLAN industry. Given that Earl appears to have no external antennas, plan on pretty short range in this regard, measured more in hundreds of feet than miles. And remember- GMRS still needs a license, though FRS and MURS do not.
• Speaking of no external antennas (at least not that I see or read about provisions for),  Earl is going to be hard-pressed to do well afield, well away from broadcast towers, for AM. Usually AM radio needs an internal ferrite-core antenna or something external to get the job done. FM (and Weather radio) should work better, but could still be disappointing without provisions for an external length of wire to bring signals in when you are remote (especially in hilly terrain).
• Longwave is a bit of a no-man's land for radio, especially in the US. And those of us who do get off on odd hobies like listening to navigation beacons from far-off airports know that receiver sensitivity and proper antennas (usually hundreds of feet long) are the key to success here. Shortwave is more forgiving of antenna compromises than longwave, but sadly there is getting to be less and less to listen to as many long-running shortwave giants close up shop and take their programming to the Internet. Shortwave isn't dead, but it's a far cry from what it used to be.
•   With all of these receivers plus GPS and WiFi on board in a tiny space (Earl has a 6" screen), I hope isolation between them can be achieved. Where performance is already iffy, "birdies" (radio noise spurs) from other receivers can really suck.

All of that aside, I'm sure I'll buy an Earl if it makes it to prod. My skepticism on the radio features aside, the sunlight-taming display, glove-friendly touchscreen, Micro-SD slot, and weather-proof build alone would be wins for me, personally. I hope that Jon and Sqigle, Inc. can make a go of it, and that my low expectations of the radio feature set are proven wrong. I love the concept, and applaud the innovation.

We Might Be In The Business of Technology, But It's The People That Make It Great

For many of us, the journey to working in IT has been guided by a love of technology. Some people dig routers and interconnecting big LANs, others get jazzed by application development or wireless technology. Then there are those like myself, with wide-ranging interests and multiple specialties that we are happiest working in. I personally lay claim to the best jobs in the world, (prime wireless functionary for a large university, adjunct faculty member, and professional writer), but technology is only half the story.

It's the people that make working in technology great. The people I work for and with (a wonderful team), the students I meet in the classroom or on projects I advise on, the customers I serve as a networker, or the wide range of technology-focused people I have the pleasure of interfacing with as a free-lance media type.

Take Jeff Pulver, whose technology journey could be the subject of a kick-ass graduate class. Jeff is a VoIP pioneer and multi-dimensioned technologist, and you have to catch one of his #140 "State of Now" conferences if you have the chance. Jeff lives at the intersection of Technology Road and Human Street, and how he sees the world and social media- enabled by technology- is awesome. I saw his event in Syracuse, and recommend it.

Then there are the young men and women that I run across at a vendor's site or on LinkedIn that were once students of mine or involved with projects that I also touched. The smiles and the words spoken not only say "it's good to see you again" but they also convey an unspoken pride that sends the clear message: "I MADE IT! I'm sitting at the same big table that you are! How do you like me now?" It's great running into people in this group, and is wild just to watch the IT talent pool refresh itself with each graduating class.

Then there are the customers. Like clients that curse you because "the network sucks" that become your friends and allies when you solve whatever it was that they had going on with their device that made it feel like the network sucked. Or the sales engineer that you beat up  for licensing costs or some such, but also can't wait to hear how his kids are doing with some cool thing they are involved with. And the vendors- especially the ones that employ experts that not only shape technology, but that don't mind sharing what they know about their realms, for the greater good. 

And folks like Stephen Foskett, an accomplished tech professional in his own right, who also runs the Tech Field Day events with his army of "delegates". I'm proud to be counted as part of this family, as Foskett has a way of assembling people that are both incredibly technically-minded, but also an absolute blast just to be around. To become one of Foskett's delegates is to meet the kind of people that become "old friends" in a matter of hours, and to gain inside access to industry giants that many geeks would give their right arms for.

In my tech world, there is my editor at Network Computing Magazine, Andrew Conry-Murray. Drew is one of those rare editors that is good at what he does (like taking my stuff and polishing it up nicely before publication or making me work at being a better writer), but he also has his own IT experiences and perspectives and frequently makes compelling cases out of them in his articles. And he's a darn nice guy, to boot.

I'm sure you have your list of people that come to mind, those that really make whatever it is that you do in IT enjoyable even beyond just getting your hands dirty with the latest gear. The folks I mention are by far not the end the story for me, but just examples of those that take work that I already enjoy and really make it a pleasure. I can't end this piece without mentioning the power of social media in this regard. I have found that higher ed tech discussion lists, Twitter (mostly) and other social media frameworks have provided access to the absolute most incredible mix of experts, fellow users, smart-asses, knowledge-seekers, and sharers on all topics (sometimes all rolled into one). You know  who you are, and I thank you for the running value you bring to my own body of knowledge as well as the frequent smiles you provide. Not everybody can swiftly adapt the conversation from lofty topics like antenna technology and modulation to bacon and silly slogans, but these groups can. And I'm glad for it.

It's the people that make technology work fun.

Is It Time For A New Licensing Paradigm For WLAN Features?

Not all wireless networks serve the same types of clients, or have the same operational goals in mind. So why do WLAN vendors see all customers as the same when it comes to licensing?

I know that we all have the freedom to negotiate the deepest discounts that we can with our WLAN vendors, and in this regard large customers tend to get better discounts because they buy more stuff. But whether you are talking large or smaller customers, even "within tier" there are significant differences among environments that perhaps ought to bear on licensing costs and strategies offered by vendors for advanced features.

Here's what I mean- if I have an environment of hundreds or thousands of APs and want to do something like advanced location analytics to "monetize" my WLAN or gain workflow efficiencies to increase profits, I would expect to pay a premium for the magic that that makes that happen in the form of hardware and features from my WLAN vendor.  After all, that's an obvious investment. But if I'm a hospital or not-for-profit, or even a University or college, and my use for that same magic is more altruistic and not attached to obvious profit, should my costs for the magic be the same? Asked another way, is it reasonable to want the WLAN vendor to charge a fraction of the cost of the same magic if all I want to use it for is simple handicap-routing and no-profit mapping just to help visitors get around?

Can licensing ever be based on "what are you actually gonna do with that magic?" I know that I priced up a big, fancy locations-based analytic service for my own environment with the intention of providing it essentially for the public good- not for turning a profit off of it. But my costs come in in the hundreds of thousands of dollars- just the same way it would if I was going to make lots of money on those same services.

I know the notion of use case-based licensing is a bit weird and complicates life for the vendors, but from the customer perspective it is an idea with appeal.