Wireless Standards Just Aren't Enough

First the love:

Anyone in the wireless game, like really in it, knows that wireless networking is incredibly complicated under the hood. That the IEEE and the Wi-Fi Alliance could herd enough cats to get us to where we are today- enjoying our 11ac honeymoon- far from the days of early 802.11 is amazing.

Let's pause for a moment and think about how far we've really come, because it is impressive indeed. From a technology that was an expensive accessory at one point, with low data rates, high prices, and anemic security, to being the preferred method of access today for most of us, with rates and security features that are fitting for any environment (when installed right), wireless has grown up.  A huge thank you to everyone involved, as you've given me the best job in the world- that of a WLAN professional.

Now the lament:

As impressive as the modern WLAN is, somehow we ended up with some crazy market fragmentation and mindsets. Even though interoperability testing mostly keeps the wireless train on the rails, we still end up with enough in-place chaos to make life pretty miserable for wireless clients and support staff at times.

Maybe we try too hard for backwards compatibility. Perhaps device makers are lazy or out of touch, or could it be that the BYOD comet just hasn't caused enough pain to really get everyone's attention? For sure, the fuzzy, often-bludgeoned distinction between consumer and enterprise-grade components doesn't help matters.  Here's what I mean:

- In a world where we're talking about "Gigabit Wireless", we still have device and instrument manufacturers churning out chipsets that need 1 and 2 Mbps data rates to behave right. These devices are frequently intended for networks that aren't likely to have those rates enabled.

- Printer manufacturers have far deeper roots in the business environment than does wireless. Yet, we can't get printer makers to understand what their devices need to do for desired functionality on the "business WLAN".

- What we call BYOD is actually BYOD/T; that is bring your own device AND TOYS to the WLAN. If it works at home on the living room network, you know damn well people are going to want to use them at work. Like AppleTVs and Google Chromecasts. To the uninitiated, you look at the specs on the packaging and see "compatible with 802.11n/g" or whatever, and jump to the conclusion that it must work because that's the kind of network we're using. The  warning label that should say "check with your networking department before buying this for office use" never makes it to the packaging.

But... rather than having to explain to users why this gadget or that can't work on the WLAN, or killing ourselves to put in hyper-complex, house-of-cards-quality work-arounds, wouldn't it be nice if somehow the Community of Wireless Client Device Makers could get with the times and build compatibility for both consumer and enterprise networks in to begin with?

Just supporting enterprise security would help immensely, and likely add little to the device cost. (I'm astounded at how out of touch the business printer/projector makers seem to be). There are certainly other nuts to crack as well before everything is perfect between the WLAN and BYOD/T devices, and Apple could be an absolute leader here. Bonjour has long had it's day, as I've bitched to anyone who will listen.  "Apple TV is perfect for the boardroom" provided that you have one small flat network and one boardroom. But when you have hundreds of boardrooms/classrooms and complicated LAN topologies, devices like the Apple TV are a supreme pain in the assbone. If Apple could do right by the customers who continue to fatten the company's immense bottom line and give us something better than Bonjour for their devices in the workplace, maybe other device makers would follow suit. (Did you know that higher ed is begging Apple to provide relief from Bonjour headaches?)

Maybe we need tighter "categories" from the Wi-Fi Alliance- with devices that are labeled either "Enterprise Ready" or "Consumer Grade". This would give incentive for the lower-end stuff (including Apple's Bonjour-based devices) to step it up. It would also give a clean delineation for networkers to point to for device support. If done right, We could say "if it's got the Enterprise-ready label, we support it" and if not, don't bother bringing to us. Everyone would know where they stand, as the criteria that goes into an "Enterprise Ready" compatibility testing program would be based on far more than just whether radios can talk to each other. It's a nice thought anyways.

Ah well- end of rant. Now if you'll excuse me, I have to go explain why Chromecast doesn't work on our 802.1x-based WLAN.

How WLAN Vendors Can Solve The College Dorm Problem

Ladies and gentlemen of the WLAN industry, here are the problems with wireless networking in college dorms, and a head start on how you can develop a solution.

Problems:

1. College dorms are usually covered by the same enterprise 802.1x network used on the rest of campus, but are really more residential feeling at the operational level.
2. Wireless printing doesn't work where you have hundreds of anything-goes printers with no coordination on the same WLAN- and consumer-grade $40 printers don't support enterprise security.
3. Game consoles and Bonjoury toys also are fraught with problems and usually need yucky work-arounds on the business network usually found in dorms, or get relegated to the wired network.
4. Rogues get installed to get around what campus WLAN can't easily provide
5. Ditching the enterprise WLAN and letting students bring their own wireless routers is a recipe for chaos and angst from the RF and support perspectives.

Solution:

It's not cut and dry, and my enormous cranium hasn't yet formed the whole solution. But it starts like this:

1. Keep all the benefits of a centrally-managed solution. RF coordination, central monitoring and configs, etc- whether cloud-based or local not so important here.
2. Study PowerCloud's Skydog network paradigm. Everything about it doesn't fit the dorm challenge, but a lot of it does. If you can treat each dorm room as an apartment, with a dedicated SSID or some other compensating control (not all dorm rooms would need their own AP) we'd be off to a good start
3. Maybe use elements of Ruckus' Secure Hotspot in a way that lets a single student or roommates have all of her/their gadgets in a little "private WLAN" all somehow using the same private PSK.
4. Make sure any one student's most common gadgets can all interact in their own little WLAN space (even Bonjour toys and printers), that it's all easy to self-setup, and can be administered by WLAN admins if trouble hits. 
5. With all device types accomodated, the reasons for rogues are eliminated.
6. Make sure students can't get to each other's stuff, but allow for on-demand temporary access when sharing is desired.
7. Make sure that however it all gets put together, the RF environment is still well-coordinated.

There- that was easy. Now someone just needs to build the code and interfaces... 

 

 

Here's What I Want NOW From My Wireless Management System

When it comes to the management and security of wireless networks, I want a lot of things. I want new things, and I want legacy things that aren't going away to get better. I want slick, I want fast and I want effective. I want powerful, feature-rich, and a say in what features are worth devoting UI resources to. I want it all, baby- and here's my latest rant on the topic. You're going to love this.

Before I drop the bomb, lets set the stage.

I had the privilege of hanging out with the fellows from 7signal at the recent Wireless Field Day 5 event, and seeing how they do WLAN RF health characterization,  as well as getting a peek at what AirTight is up to. Being a long-time Cisco wireless customer, my mushy brain cant help but bring everything back to my vendor for comparison; but more on this in just a bit.

In my spare time, I've been having more fun than a person should be allowed to with the addicting Wi-Fi Pineapple (along with some tricks from the much-revered BackTrack Linux.) And at work, we're gearing up for thousands of students to flood back into the dorms, which means Rogue Hunting Season is neigh. Put all this together and feed it into the "It's Easy For Me To Demand Things From Other People That I Can't Do" engine, and out pops the following wireless support and security gem:


Wouldn't it be cool if...

• You could take one of your in-service APs and turn it into a virtual client that associates with other APs? (stay with me, I know you've heard this part before)


• Synthetic testing with said virtual client was possible: do my DHCP and RADIUS servers work? Can I reach the Internet? Can I reach other locations, from each of my SSIDs?


• The virtual client AP could report on nearby rogue networks, after I set a min threshold value, (getting closer to the money shot) and tell- Is the SSID open or protected?


• My virtual client could associate to the open SSIDs, and report back what the public IP is of the rogue?  (I could find it then through MAC or ARP tables if on my own network- doesn't need to be automated)


• Here's the LAGNIAPPE, baby- If the rogue SSID was encrypted, I'd like my virtual client to execute Aircrack-NG, Reaver, Fern, or whatever. Somehow, the power of my management system harnessed to this virtual client/pen testing-mode AP would give me a big-assed, infinite dictionary from hell and lots of power to crack. Then I could go back to the "find the public IP" step, which to me is the ultimate and definitive "game over" versus a lot of wireside detection systems that are so-so with their success rates.

I know there are lots of ways to do "wireless support", but I am enamored with the force-multiplying capabilities of a well-constructed virtual client mode for installed APs (as I imagine them working). I've been beating the drum for Cisco to consider basic virtual client functionality for years, to no avail.

But now I want even more- I want a "virtual client AP meets BackTrack Linux, and they have offspring" mode.

I'm not asking for too much, am I?

Features, Products, Services... The Differences According to Aerohive

I recently visited Aerohive's home turf as one of the delegates at Wireless Field Day 5. It was wonderful getting to meet, in person, many Bees I frequently interact with via email and social media.

My own history with Aerohive is built largely on covering their evolution from the early days, writing about them professionally in Network Computing Magazine. As with other vendors, sometimes Aerohive gets the spotlight and sometimes they get compared against when analyzing what competitors are up to. I have my own small Aerohive environment, and have first hand familiarity (not mastery, mind you) with Hive Manager and a couple of AP models.

Aerohive has been a major player in minor-but-growing cloud-managed wireless network space that includes Meraki (Cisco), AirTight Networks, and PowerCloud. 

Ah, cloud-managed networking. I've become a fan where I use it (and I do use it in a number of sites). I like that one of the running campaign themes of cloud-based networking in general is reduced hardware counts with no convoluted licensing schemes. 

Though Aerohive has done a good job with pushing the value of "here's a new feature, and you'll just get it with your next Hive Manager upgrade at no additional cost!" message to customers, I was taken a wee bit aback during the Field Day briefings on Aerohive's IDManager and Client Management services because they were called "new products" that require licensing.

Both offerings will no doubt be welcomed by existing Aerohive customers, and are easily marketed at prospective customers looking for a robust, all inclusive solution. My own little private shock at the licensing requirement doesn't detract from my overall opinion on Aerohive, and after thinking about it , I know where the surprise comes from: we've gotten so used to rich feature sets being "free" that we instinctively expect the gratis model to apply to any and all "features" Aerohive develops. Which really isn't fair to Aerohive, but is how we've been conditioned on the customer end.

I wont pretend to understand why Aerohive has "given" so many enterprise-grade services away to date that others license for, but draws the line at IDManager and Client Management. Nor do I care enough to get hung up on it, as other vendors seem to be licensing their Onboarding services as well after hearing their briefings. 

For those keeping score at home, here's a breakdown of some of what is included with Aerohive's Cloud Manager and licensed APs under the heading of "it's just in there":

• Spectrum analysis
• Application visibility and control
• Statefull firewall
• QoS
• VPN
• Partner MDM hooks
• Planner software(free to non-Aerohive customers too)
• Bonjour gateway software (also free to non-Aerohive customers)

And what you have to license seperately:

• Client Management (license blocks of 100)
• IDManager (tiered licensing, starting at 250 guests)
• StudentManager (blocks of 1000)

 

 

 

Get To Know MetaGeek, Look at Your WLAN As You Really Should

MetaGeek is one of those companies you love crossing paths with. Their staff have titles like Hacker, Geek, Firefighter, and so on. Everyone from MetaGeek I've ever met, be it at events like Interop or more recently Wireless Field Day 5, speaks with pride and openness. Their presentations and pitches never feel rehearsed, and you know that this is a company made up of believers in MetagGeek's products and future. And- they always have that "Idaho Vibe" that you gotta love, once you know how to recognize it.

At Field Day 5, I had the pleasure of meeting Chris Woerz and Stoney Tuckness, as they demoed the MetaGeek line, talked about some of the decisions that went into the specifics of their approaches, and queried us Field Day delegates  about what we would like to see in future products and feature sets. Chris and Stoney work fast building rapport with the crowd, and it's obvious that those in the room adore the MetaGeek line.

About MetaGeek's Offerings

I've used the original Wi-Spy, the freebie InSSIDer on every platform that will run it, and Eye PA in my wireless networking duties. At Field Day, Stoney proclaimed that MetaGeek likes to provide "kick ass visualizations", and I can attest that they hit that target. Whether you want to see simple spectral views on what's happening in Wi-Fi's 2.4 and 5 GHz bands, a unique, powerful visual front-end to 802.11 packet capture, or advanced interference detection integrated with Cisco's respected CleanAir, MetaGeek has you covered. Every good WLAN engineer wants there to be no mystery to what's going on with the RF in their environments, and Metegeek nicely demystifies the complex.

Cool, fairly-priced tools are one thing, but then there's general knowledge about wireless networking. I'm guessing  a fair number of MetaGeek customers aren't aware of the online forums the company provides. Here you'llfind  a wide range of information on WLAN in general, and lots of tips on using MetaGeek's stuff. It's worth the visit.

As the 802.11ac clouds gather over the WLAN landscape, things in the RF domain are about to get much busier, and more complicated. Understanding what's going on truly benefits from seeing  what your RF "looks" like through the lens of good tools. If you have no MetaGeeks' utilities in your toolbox, you're missing out on powerful magic at a fair price.

What Meru and Xirrus Need to Do

I'm not a big deal, but I know a guy who is. And- I have pulled off San Jose's most brazen balloon theft. These two facts combined qualify me to advise multi-national wireless networking companies on communications strategies. Here's my advice for Meru and Xirrus, after visiting with both companies for Wireless Field Day 5.

Both companies are headed by obviously intelligent technologists who are passionate about their product lines. Each has well-spoken customers willing to testify on the effectiveness of their gear. Both are still in business in a pretty competitive space, and hoping to grow their shares of the WLAN market. And both have unique technical stories that set them apart from their industry peers.

And here is the problem.

For years, I've listened to a number of briefings with Meru and Xirrus and always walked away with a nagging sense that each is actually a bit uncomfortable talking about their  "specialness" to any depth when dealing with Classically Trained WLAN Types. Xirrus does the array thing, and Meru rocks the single-channel architecture groove. Both companies want to talk about their bigger stories, but many of us don't feel satisfied with terse "trust us, it works" explanations on features that are radically different from industry norms. So... briefings grind to a halt because tech-analysts want to know why we should accept that these companies have actually found a different way to do things. But the companies' speakers obviously don't want to spend their camera time on these years-controversial details, and neither party quite feels great at the end of the experience.

And here's the fix.

There's certainly a fine line between disclosing intellectual property and being open with those asking pointed questions about your technology. But that line needs to be walked when you build product lines on unique technical approaches. Sam Clements and Keith Parsons are well within their professional purview to challenge Xirrus on how they can pack so many antennas into such a little box without them creaming each other, especially when other vendors sometimes bash Xirrus for their designs. And Chis Lyttle is proper in asking a few times for more info on Meru's "special sauce" even if it slows down Meru's onboarding demo. Tech people want to hear what tech people want to hear, and neither company tends to want to get into the nitty gritty that would get us all to shut up already and let them get our full attention on their latest announcements.

Each company should embrace the living hell out of their uniqueness. Lead with it, don't tap-dance around it. Stick it in our faces with good, digestible white papers and diagrams that clear up the mysteries once and for all without giving away IP. That way, when we all get together again, Xirrus and Meru can not only deliver the Message of the Day, but actually get us to listen to it instead of badgering them for information on the little things they do that many of us have been trying to comprehend for years.

We'd all be better for it, especially Meru and Xirrus.

Fictitious Bands of Silicon Valley

I'd go see any of these...

Heatsink

Chuck Chipset and The Floating Points

3dB Down

Maggie Yagi From Venus

Coaxial Maneuvers In The Dark (CMD)

Standing Wave

Kilowatt Rage

Billy Bridge and the Links

Buggy Code Rex

Rebecca Radius and the Authenticators

The Analyzers

Tommy Harmonic (featuring Feedback)

Miliwatt Flatts

Downtilt

Auntie Bracket and the Mount-notes

Samantha Spectrum

Paul Predictor and The Heatmaps

 

Wireless Is So Not About Wireless Networking Anymore

Lee you fool, you've gone mad. How can wireless not be "about" wireless? 

Before you run off to another blog, let me clarify: today, as we stand in THIS SPOT in the wireless networking universe, never has the WLAN paradigm been so complicated. Yeah, we still need to get APs out there and provide access to wireless clients, but sitting through the sessions at Wireless Field Day 5 has me waxing philosophical. 

Like frogs in a pot, we've all been slowly boiling in increasingly complex waters over the last few wireless years, and it's easy to not notice that it's happening. Having sat through excellent sessions with WLAN vendors (Aerohive, AirTight, and Motorola- with Xirrus and Meru on deck) and toolmakers (Fluke Networks, MetaGeek, and WildPackets- with 7Signal later today), it's safe to say that to be in the wireless game today means being more diversified in skills and general IT sensibility than ever before. 

As the 11ac tide starts to rise, we're all faced with decisions:

• When do we start taking our own networks to 11ac?
• When do advise our customers to move to 11ac?
• Is moving to 11ac a given for everyone?
• Is 11ac the juncture where we consider changing WLAN vendors?
• Is 11ac the juncture where we look more at cloud-managed options?"

These are easy enough to grasp, and behind each of these questions there are other questions regarding the states of our installed network wiring, what generation switches we're running, what version of PoE we're on, etc. But these issues are rather pedestrian compared to what else is afoot right now under the umbrella heading of "wireless networking".

While marketing departments still like to lead with "we have the best APs! Look how freakin' fast we are!", there is a lot more to consider as our WLANs modernize.

Along with the radio technology and bandwidth sides of 11ac, we're facing an onslaught of factors to grapple with- like:

• a slew of analytical capabilities and ways to use that data
• device onboarding that can be as nuanced as your mind can dream up
• the ability to assign access privileges to device types, user types, application types, locations, times of day, and combinations of any and all of these
•  application visibility and taking action on what you see
• the system administration of complicated management systems that frequently fall on WLAN types (somebody has to keep them up)
• the increased number of bugs that come with the floodwaters of new features
• a procession of ancillary services and servers that don't directly have anything to do with client devices talking to APs, yet each is part of the bigger picture

You can make the point that none of these really have anything to do with 11ac per se and are better suited for policy and staffing discussions, but here are my counter points to that:

• To "go" to 11ac, you likely have to upgrade code on controllers, management systems, or whatever magic is afoot in cloudland
• When you upgrade, you get lots and lots of features that you didn't ask for- you're already buying them (unless they take stand-alone licensing, which is its own story in inconstancy across vendors)
• The more features you use, the more you have to troubloeshoot, debug, define policy for, educate users and support staff on, and watch over for issues
• The ancillary services in use for our WLANs frequently take more effort to keep on the rails than the wireless environment itself does
• Almost any part of the environment has the ability to convince users that the WLAN itself is borked, when the problem may actually be off in the hinterlands of the ecosystem 

Put it all another way- 11ac makes WLAN more complicated, but the accompanying backdrops and backstories of our networks are also getting dizzyingly busier. So busy in fact that they can make talking about 11ac itself seem like the easy part of the equation.

I'm not bitching, mind you- but just taking note. These are complicated times for wireless networkers, and sometimes "wireless" really has nothing to do with wireless.

 

The Little Adapter That Could... WildPackets Gives Us First 11ac Capture/Decode

As we all sail into the 802.11ac years, we're getting antsy about tools that will support this rather complicated and nuanced standard.  How do you support and troubleshoot an environment made up of clients each using any one of dozens of permutations of spatial stream counts, data rates, and channel widths in wildly dynamic environments?

There has been a fair amount of buzz around early-shipping 11ac access points and clients with lots of philosophical buzz about uplinks, PoE requirements, and such. But not so much of substance has been said on the "and here's how you'll troubleshoot it" front. Here at Wireless Field Day 5, we spent Day 1 with a couple of network tool-makers and got perspective on where Fluke Networks and WildPackets are both going for 11ac support. Each sessions were great, with more to follow on Fluke Networks in another blog. Here's what went down at WIldPackets.

The short of it: Wild Packets provided delegates with a nifty little USB adapter that can do legitimate 802.11ac packet analysis on their latest (7.5) OmniPeek.

I recently wrote about 11ac troubleshooting and WIldPackets a bit in my Network Computing blog, and it was great to have the opportunity to sit in WIld Packets' conference room and get a demonstration from a master- Director of Product Marketing Jay Botelho.

Each Field Day Delegate was outfitted with the Linksys AE6000 mini USB adapter, the custom WildPackets driver that makes it all work with the all-important promiscous mode capabilities, and an eval copy of the latest OmniPeek. From there, Botelho showed the process of 11ac support with OmniPeek, discussed the challenges of 11ac when tackled at the packet level, and got the delegates each equipped to do their own captures.

Fellow delegate (and Wireless Jedi) Keith Parsons documented the process for getting this arrangement to work on a Mac laptop running Parallels- a very good read.