Showing posts with label Wireless. Show all posts
Showing posts with label Wireless. Show all posts

Wednesday, 18 December 2013

Wi-Fi Certification: CWNP vs Cisco

I thought I'd do a quick blog on WLAN certification paths...

Firstly, I'd like to say how great it was to begin reading the CWNA and CWDP study guides.  As a wireless engineer if you only ever read two books read these...  You'll be a great engineer if you apply that knowledge to business.  If you follow the past and present CWNP guys on twitter you'll find that they are not only hugely talented WLAN geeks but also very intuitive business people.  This comes across in the CWNP literature and exams.  They are steeped in foundation knowledge of the standards and protocols, plus deployment strategies aren't tied to a vendor.

Moving onto Cisco... From a career perspective Cisco hold a huge majority and Cisco Partners want you to have Cisco accreditation. You'll be sought after in the partner world if you can provide exams that enable Wireless Specialisation for resellers.  This is the reason my Cisco certs came first.

My main gripe with the Cisco wireless exams is that lots of questions are product and version specific. It's almost like there is an element of presages knowledge that Cisco feel needs to be understood by engineers.  For example, how many clients does a 2500 WLC support?  The unwritten rule is that the engineer needs to know which version the exam was written for... Make sure you keep those old data sheets and configuration guides - these numbers change!

Here's a CCNP Mobility question that made me laugh. "You have wireless clients and wireless tags supporting CCX, do you need to buy an AeroScout license to track them?"  The answer is no... you'll know this if you've sold/deployed it.  But is it really a question that defines a good engineer, or a sales checkbox?

I'm about to begin the CWAP and CWSP, and very much looking forward to it.  I'll then be aiming to get my CWNE by the close of 2014.  A qualification that I already consider to be a mark of a top-class wireless engineer.

A final thought... Now that I'm doing the hiring.  I have a CWNP qualified guy and a Cisco qualified guy.  Who will get the job?

Tuesday, 20 November 2012

Cisco acquires Meraki



Cisco's acquisition of Meraki is an interesting prospect for customers, partners and competitors.  Meraki are an unknown quantity to many, so I thought I would share my opinion on what this means to the WLAN industry.

As a WLAN engineer that has been working with Cisco for 10 years I'm pretty happy about it.  I have been looking at Meraki for a while and picked up one of their AP's a few weeks ago.  If you read my blog about BYOD you'll see I have a lot of love for the Meraki product.

Meraki have taken the controller to the cloud, they look after it.  You choose upgrade windows and never have to pay for resiliency, new hardware, software upgrades or power bills.  You can also buy switches and security gateways for the full feature set.  All are cloud managed through a clean and simple web GUI.  The main selling points of the solution are as follows:
  • Plug and play access points (DHCP to Internet is all you need)
  • Switch and security gateway appliances for additional features
  • Feature-rich WLAN services - URL filtering, firewall, VPN
  • Slick cloud-based management GUI
  • BYOD out of the box - including the illusive trusted CA (see Building BYOD blog part 2)
  • Free MDM for iPhone, Android, Windows, OS X
  • Layer 2-7 stats and reporting


Cisco's ageing WLC-centric infrastructure has been struggling to compete in the SMB channel for a while now.   For the last few years companies like Aruba, Aerohive and Ruckus have been turning heads.  However, they will now lose many of their (compelling) arguments against Cisco's previously appliance-heavy infrastructure.

The $1.2bn price tag will be questioned, but I feel that this acquisition is vital to Cisco's strong position in the WLAN industry - and worth the investment.  By acquiring Meraki, Cisco will be able to wade back into the SMB market.  I can only see them expanding their customer base.

Cisco partners will be saying "Awesome, now we can offer BYOD and MDM at low cost".
Cisco competitors will be saying "Damn... We had them on the ropes...".
Meraki partners may be saying "Meh… Now we're going to lose out to Cisco Gold partners"




What does it mean for Meraki products and customers?

Anyone who has recently bought into the Meraki revolution might be worrying about what this acquisition means to them.  If it is anything like the Airespace acquisition it will go like this:
  • Cisco will rebadge the Meraki products and maintain current pricing.
  • Cisco will honour all current support contracts.  Support will be migrated to Cisco TAC.
  • Cisco will phase out the Meraki hardware for Cisco hardware, then offer migration deals.

We're all trying to envisage what Cisco will attempt to do with Meraki.  They may leave them to operate in isolation.  As is stated by Meraki here http://www.meraki.com/company/cisco-acquisition-faq

I don't think cloud networking will extend into the Cisco product set quickly.  However, there is nothing to stop network appliances being offered with 'local' or 'cloud' firmware.  Much the same as autonomous or lightweight AP's today.  However, Cisco will need carefully manage how they offer these products  to customers.

The shift from where Cisco are now with their 'tin' approach to where Cisco could be with an 'IaaS' approach is huge.  This conversation goes way beyond my WLAN blog....

Final word... I'm fortunate enough to be a member of the Cisco Mobility PVT.  So I hope to be able to report back about the good things are going to emerge from Cisco in the near future.  Watch this space...

Mental note! Get CCIE before Meraki technology is added to the exam...

Thursday, 15 November 2012

Building BYOD part 4 - Choosing the right vendor



A Little History… 

2005 - Aruba and Cisco hit the market with "captive portal" technology that is prevalent in hotspots today.  Aruba's product was better.

2009 - iPhone arrives… Amigopod (soon to be acquired by Aruba) are the first company to market with a BYOD gateway with PKI integration, but it only supports iOS devices and requires SSID switching for client on-boarding.

2010 - Mobile Device Management solutions arrive offering alternative to WLAN vendor solutions for mobile devices.  Smooth profile delivery mechanisms. MobileIron, Airwatch, Good, Zenprise.

2011 - Cisco release Identity Services Engine, but are still behind Amigopod on development.  Other vendors introduce MDM through partnerships.  PPSK was been introduced as a better alternative to web login by Aerohive and Ruckus.

In 2009 vendors succumbed to the fact that there is a world beyond Windows.  The behaviour of mobile devices also made WLAN vendors realise they needed to find an alternative to web login… A raft of new MDM vendors also emerged.  The recent challenge has been to develop web-login portals that integrate with MDM agents to support multiple device types, operating systems and user databases.  The goal for all vendors it to be able to push EAP-TLS profiles and certificates to a wide range of OS - Windows, OS X, iOS, Android, Windows phone, etc.  But also to be able to support traditional web-login or PPSK solution for non-compliant devices and users.

BYOD portal technology is a logical progression from the basic web-login solutions of 2005.  The ideal BYOD portal product offers the following:
  • Single point of entry for all users
  • Highly customisable walled garden website
  • Traditional web-login for visitors
  • BYOD on-boarding options for employees
  • Client agents for profile delivery
  • Support for multiple OS
One thing I feel that is lacking in most vendor offerings is the ability to customise the portal for corporate branding and content delivery.  This is an important part of corporate identity that vendors haven't made enough effort to accommodate.  This may be explained by the aggressive recent development of BYOD.  In reality, vendors have struggled to develop their own BYOD solutions.  Several have partnered with BYOD solution vendors, or simply referred customers who want BYOD to MDM solutions.  

BYOD Vendor Options

Product maturity is the big question.  Not just in terms of the breadth of device OS support, but also through software development.  As you can see from the timeline, Aruba have a mature product with PKI integration.  Cisco have invested heavily in the ISE product and only in recent releases has the feature set and functionality become comparable to Amigopod.  

Both Aruba and Cisco offer BYOD focused security appliances with a multi-purpose captive portal with BYOD integration for IOS and Android.  Aerohive have also recently developed their own portal that offers MDM integration via the JAMF solution for Apple devices.  Meraki have stormed into the BYOD market with a multi-OS BYOD solution that offers an MDM/client app covering all major platforms (Win, OS X, iOS, Android).  This cloud-based "free MDM" approach is so easy to setup in comparison to all other vendors that the cost-savings are huge, not just in MDM costs.  My concern here is that traditionally WLAN vendors aren't focused on MDM.  Will they stay on top of development around bugs, security alerts, OS updates, etc?  Will their support teams be on-par with an MDM vendor?

A note on PPSK - Both Aerohive and Ruckus offer PPSK which is a big improvement over web-login.  This is going to be a great solution for most companies.  Though if tight security is a concern, I would be interested to know if they are able to tie a user to the client session for litigation against Internet misuse.



In Summary


For the last few years Aruba Amigopod and MDM have been the leading BYOD options.  There has also been an IOS exclusivity in the WLAN vendor space until recently.  Cisco have caught up somewhat with Aruba and other vendors are offering well-rounded solutions with less painful deployments. 




Finding the right solution for an organisation will be about taking all the info on board from this and previous blogs, putting it all together and cross referencing agains the vendor solutions.  Not an easy task... 

I do think that SME customers will quickly move away from vendors with appliance-heavy architecture.  Cisco and Aruba should be worried about innovative and agile vendors like Aerohive, Meraki and Ruckus coming in cheaper and winning customers.

Wednesday, 3 October 2012

Building BYOD pt 3 - User Experience & Productivity

In part 1 we looked at BYOD requirements, then part 2 addressed the security of BYOD service as a whole.  In this blog I'm going to cover User Experience & Productivity.

User experience is generally defined by 'BYOD groups'.  Group membership will be dictated by both the user role and device support.  Users are generally split into two parent BYOD groups; domain users and non-domain users.

Domain users - Domain users should get a smooth process that automates the delivery of the WLAN profile.  This may require agreement to T&Cs regarding use and disk encryption, strong password, remote-wipe, etc.

Non-domain users - Non-domain users will accept that they need to be authorised by a sponsor before being on-boarded.  So they will wait for that to be done, or if arriving for an event would hope it was done in advance by the organiser.  In most security conscious businesses the trade-off is to get some contact details for the user.  Ideally their credentials are sent to them via SMS, guaranteeing a valid contact number.  Alternatively, and more commonly the credentials are emailed or printed.  An important note for non-domain users is that their account should be time-limited.


Perfect BYOD
  • Use a captive portal landing page for new users.
  • Use device profiling to define the user's device.
  • Use Active Directory to validate domain users. 
  • Use an MDM client-side app to auto-configure profiles and manage device security.
  • Use 'non-domain' Certificate Services for WLAN security.
  • Assign employees to VLANs by AD security groups.
  • Use a single SSID and Change of Authorisation (CoA) to apply VLAN ID.
  • Apply QoS using WMM, DSCP and L7 application awareness.

The above approach is a 'perfect world' scenario.  However, not many WLAN vendors offer ALL of this and you will need to review both your WLAN and MDM vendor before finding the right solution and price for your chosen BYOD model.  Pen-testing is also likely to be a prerequisite for selection in high-security organisations.

As I'm writing this I have realised that I should really write another blog on the different WLAN vendor approaches, look out for BYOD blog part.... 4!


Productivity

"BYOD improves productivity" we see this mantra everywhere in Wi-Fi.  However, BYOD doesn't necessarily improve productivity.  Many organisations have introduced better workflows through mobile apps and systems that work just fine over 3G/4G.  

The question sometimes becomes "How will BYOD improve upon existing 3G/4G productivity?".  Well, BYOD improves productivity over 3G/4G in these scenarios:
  • My signal is terrible, there isn't enough throughput in areas where signal actually exists.
  • Most of our BYOD users have Wi-Fi only.
  • I want to use voice or video apps, I have a local VoIP gateway that supports SIP clients.
  • I want to use Bonjour services - AppleTV in meeting rooms.
  • I want my trusted WLAN devices to access local file and print servers.
Many organisations see BYOD as a logical next step up from guest services, and often use the same DMZ for BYOD - pushing traffic directly to the Internet.  In my opinion, BYOD must offer LAN access to maximise productivity and truly differentiate from 3G/4G.  3 out of the 4 scenarios require LAN access.

The key takeaway here is that access to local networks is a game changer.  For employees, having access to printing, file shares and media services is where BYOD makes headlines.  So, it's important to get the blend of usability and security right… remember, execs want Apple TV in the boardroom - just make it happen.

Here are a few tips for a productive BYOD design:
  • Consider traffic flows.
  • Decentralise WLAN architecture for trusted devices.
  • Don't over-engineer device security.
  • Develop tablet optimised corporate apps.
  • Develop a secure cloud service for mobile focused apps.

The Social Media Meltdown

Finally, the elephant in the corner…. Social media.  Is it a threat to productivity?  I hear mixed opinions on this… 

Access to social media via the corporate network depends on the culture of the business, and many businesses encourage the use of Twitter and Facebook.  Though I do think it's fair to say that many employees will see BYOD as an avenue to their 'personal' digital lifestyle.  This could result in the loss of a fair few hours of productivity if staff begin spending an inordinate amount of time in the toilet... Which is why I have patented the 'Simkins Faraday Cubicle' in 65 countries :)

Joking aside, using a L7 aware security appliance and profiling you could create profiles based on security groups for approved Twitter and Facebook users.  Then limit standard users to say 30 minutes per day.  But is that really necessary?

Thanks for reading!  Next blog will cover the WLAN and MDM vendor options for BYOD.

Thursday, 19 April 2012

Do you need 802.11ac?

802.11ac Intro

It's a new standard from the Wi-Fi Alliance, requiring new radio hardware - new access points, new client chipsets.  802.11ac products are faster and more reliable than the old 802.11a/g/n products.  

802.11ac will remain backwards compatible with 802.11a/n devices. So your new 802.11ac clients will be able to use any current 802.11a/n wireless networks. 

The two main benefits for enterprise are speed and reliability:

  • 5GHz only and operates in cleaner airspace.
  • New modulation typically supporting up to 200 Mbps*.

* Common use with single-antenna, single-stream mobile devices in a 40MHz enterprise environment.


Real Throughput

802.11ac will offer higher bandwidth and more spatial streams. Access points will support up to 8 spatial streams (double what 802.11n can achieve) and 256-QAM modulation (four times .11n).  So the theoretical maximum goes up from 600Mbps to nearly 7Gbps.

Before you get too excited, the theoretical maximums aren't realistic.  These headline 8-channel/8-spatial stream figures aren't going to be supported in the enterprise.  Here's why:


  • Spectrum is limited, there isn't enough frequency to allow radios to bond 8 channels (160MHz) in a multi-AP environment.  Designing for 2 channel bonding (40MHz) is the de-facto.
  • Devices don't support 8 spatial streams as that would need 8 antennas (read on...).

Further reading on Wikipedia 802.11ac


802.11ac Deployment

AP Placement
802.11ac range is no different to 802.11an so you are likely to swap-out your 802.11n models for 802.11ac when the time is right, or simply add an 802.11ac module.  

Switches
You'll need Gigabit switches to support the speeds achieved by 802.11ac access points.  The access points also draw more power to run the additional radios.  So your access switches will ideally support PoE+ or 802.11at with power up to 20Watts per port. However, the AP can reduce it's capability to run on standard PoE at 15.4Watts.


MIMO and MU-MIMO


Using MIMO you can add more radio-chains or 'spatial streams' to an access point.  This effectively multiplies maximum bandwidth. You'll see the MIMO and spatial stream support written as axb:c where a = transmit antenna, b = receive antenna and c = spatial streams.  802.11n access points are labelled as 2x2:2, 2x3:2, 3x3:3, 3x4:3, 4x4:4 (or simply 2SS, 3SS, 4SS).  The headline 802.11n figure of 600Mbps comes from a 4SS configuration where both the access point and client support 4SS and achieve 4 x 150Mbps.  In reality the majority of 802.11 clients are 1SS phones, tablets and netbooks. Laptops offer 2SS and 3SS, there are no 4SS clients! 
The reason there are no 4SS 802.11n devices out there is to do with throughput requirements, power requirements and antenna spacing.

802.11ac takes the MIMO theory applied to 802.11n and grows it up to 8SS.  We can assume 8SS clients will be scarce for the same reasons there are no 4SS clients.  So to make use of the extra radio streams the vendors are going to have to develop ways of maximising the AP performance.


I am interested to see how vendors will approach the MU-MIMO capability of 802.11ac Wave 2.  The idea here is that your bandwidth can be split between clients, which will be a first for Wi-Fi.  I like to think of this as the wireless hub becoming more like a switch.

Why Invest in 802.11ac?

If your 802.11an network is meeting expectations then you may not NEED to adopt 802.11ac infrastructure.  
Reasons why organisations would consider migrating to 802.11ac:
  • The access points cost the same as previous 802.11n models
  • They have high bandwidth requirements for LAN based services.
  • They want to future proof their WLAN. 
  • They have Gigabit LAN infrastructure.
  • They have PoE+ or 802.11at support on their switches.
  • They are migrating from legacy 802.11ag infrastructure.

Reasons why organisations may prefer to put 802.11ac on the back-burner:
  • They have 802.11n infrastructure which meets their current requirements.
  • They don't have Gigabit LAN infrastructure.
  • The cost of hardware refresh is prohibitive.


Final Thoughts


MU-MIMO will speed up the network in general and in busy environments will bring RF utilisation levels down - because devices spend less time transmitting and receiving.  So it's all good and hopefully those 802.11ac clients will proliferate the environment to achieve that goal.

Since Cisco decided to bring out the 3700 AP at the same price as the 3600 AP the decision around 802.11ac adoption is simple for top-end customers.  Lower-end customers may not want to deploy it based on the cost.  However, current 802.11n clients will achieve throughput speeds of over 20Mbps at the cell edge (16-QAM at around -71dBm).  So realistically, the 802.11n infrastructure will support 99% of customer needs.

Thanks for reading and feel free comment!

Rob



Some further info on 802.11ac:

  • 802.11 foundations and 802.11ac review by WildPackets. 
  • Network World article on 802.11ac by GT Hill from Ruckus.

Wednesday, 21 March 2012

Wi-Fi Location Services for Healthcare

It's fairly common for customers to be unaware of what can be achieved with Wi-Fi location services.  I've designed and deployed several large-scale Cisco / AeroScout solutions for UK healthcare in the last few years.  So I thought I would elaborate on the technology behind these types of solution.

I refer to this technology as 'Wi-Fi location services' although you will also hear it described as Wireless Tracking, RF Identification (RFID), Real Time Location Services (RTLS), Asset Management and Context-Aware Services.

There are several vendors in this space, so I apologise if this blog doesn't cover all the options.  However I've researched this field in depth and am confident that I'm covering the front-runners (Ekahau might like to argue that point).



Architecture Overview

There are three general layers to be considered for the deployment of your Wi-Fi location service.
  • Devices - RFID tags, Wi-Fi clients.
  • Network Infrastructure - Access points, WLAN controllers, chokepoints, positioning engines and management platform.
  • Asset Management and Context-Aware Services - Clever server applications....



The diagram below is a good representation of the interaction between components.



Radio Frequency Identification (RFID) Technology

In simple terms RFID is like a barcode whereby a unique ID is used to define an object.  However, RFID is effectively two technologies and "Which type of RFID is right for me?" is usually the question I'm asked.

There are two types of RFID, 'Active' RFID is different to 'Passive' RFID:
  • Active RFID uses larger more expensive tags which transmit 802.11 beacons over several metres and make use of the WLAN infrastructure.  Devices are located by triangulation, think of Google maps with 3G phones being located using signal readings from several nearby masts.  You can get accuracy to a couple of metres if you design the WLAN correctly.  Active RFID tags require 802.11 transmitters and a battery, so at smallest they are the size of a matchbox or  a 10mm thick credit card.  Depending on the tag configuration the battery will last between 3 and 4 years if the tag is set to be fairly idle whilst out-of-motion (yes they also have motion sensors).   
  • Passive RFID uses low cost tags which are detected using short-range, low-frequency scanners.   Passive tags are battery-free and attached to the object like a sticker, they are flat and inconspicuous.  Note that passive RFID doesn't work on a WLAN, it requires it's own 'reader' infrastructure.  Think of this technology like security tags in clothes stores using security scanners in the doorway.  You can get accuracy to the nearest reader point or to an area you have define by reader 'gateways'.
Active RFID makes most sense for organisations who want an infrastructure that offers multiple services, e.g. a location system with Wi-Fi data and/or voice.  Passive RFID usually comes as a complimentary solution for objects that pass a given point, such as bed-space or a storage area.  For healthcare I found that the short-range nature of passive RFID didn't meet the requirements to track objects to within a few metres anywhere in the hospital in a cost-effective manner.  To do this with passive readers would mean readers on every doorway - too expensive.  Passive RFID is more in competition with barcode technology for things like patient and blood bag tracking (think NFC).


Network Infrastructure

So let's assume you have chosen Wi-Fi for your location tracking solution, how do you begin to make this location data work for you?
  • Tracking the position of a Wi-Fi device requires a location-ready WLAN and a positioning engine with some scaled floor plan images.
  • The WLAN access points then need to report the RSSI of the beacons received from the 802.11 device to the positioning engine.
  • You need to calibrate the positioning engine through fingerprinting exercises to get those extra few metres of accuracy.
  • The positioning engine uses the client RSSI data from a minimum of 3 surrounding access points to produce the coordinates of the object.  Which can then be displayed on the map by the management server.  See below for an example of how the triangulation works.


Key Fact! You don't need RFID technology for RTLS.  All Wi-Fi adaptors can be tracked by their radio MAC address.

Key Fact! The positioning engine isn't responsible for accuracy the site surveyor is!  High accuracy is achieved through careful WLAN design and implementation.  Map segmentation, site survey methodology, scaling of maps, access points placement, map calibration of both frequencies.  If you don't get all of this right you won't get the high accuracy you are looking for.


Asset Management

The positioning engines usually have an API which allows the Asset Management solution to draw information from the system.  The Wi-Fi MAC address of the client is used as the unique ID for the asset database.  Essentially Asset Management is achieved through the addition of meaningful information to the object, for example:
  • MAC: 'aa:bb:cc:dd:ee:ff'
  • Serial: 'S247462'
  • Tag type: 'T2000'
  • Asset ID: '0012346'
  • Category: 'Wheelchair'
  • Sub-category: 'Type 4 Child Buggy'
  • Department: 'Paediatric'
  • Asset Description: 'Sunshine buggy aged 6-10'
Before you add assets you must configure the system with zones, categories, departments and users.  This will enable asset logic.

The asset logic depends upon the features and functionality of the asset management solution. Within AeroScout MobileView you have things like location of devices by name, category, description, current location and status.  You can also generate events like zone entry/exit, status change, par-level by area, proximity, dwell, out-of-sight and low battery.  These events can in turn trigger alerts such as system notifications and messaging.  'Context-awareness' is the term used to describe the ability to be aware of the assets behaviour and state.  Some examples:

  • Location
  • Status
  • Temperature/humidity
  • Motion
  • Directional motion
The screenshot below shows context-awareness using an RFID tag with MobileView.


The Cisco/AeroScout solution is impressive and has the ability to offer huge benefits to healthcare.  I've written business case justifications and these type of systems can pay for themselves within a couple of years with even the most basic deployment model.  Primarily it saves staff search time, it allows assets to be maintained on time and avoids loan costs or fines for missing maintenance targets. 


Context-Aware-Services (CAS)

Some asset management solutions provide a basic service around the information they gather.  However if you want an advanced business system that is tailored to your requirements you will usually need to find a third-party vendor who integrates with the API of the asset management solution.

One great example I came across was Nervecentre, which is able to integrate the location of assets with portering systems, nurse call, bleep systems, etc.  This is mostly achieved through CUCM, whereby the Cisco 7925 or smartphone running Cisco Mobile has further asset info.  Using this approach the user's phone becomes their location tracker and can also be used for process management apps.

The following scenario is for a 'porter call' system using a voice and location capable WLAN with Contect-Aware Services.

A nurse raises a porter request for a Sunshine buggy from an app on her smartphone.  The system will locate the closest available sunshine buggy to the nurse and send the nearest 5 porters to the buggy a smartphone notification for a 'porter call', when a porter accepts the job he can use the app to track down the buggy.  Once he confirms he has picked up the buggy he will be given the location and phone number of the requesting nurse.  If he likes he can initiate a call to the nurse to make sure he has the right item and where it should be delivered.

The cost savings that the above scenario delivers are difficult to quantify.  There are certainly time savings for staff.  More importantly, there are cases where 'clinical incidents' occur because equipment can't be found in a timely manner - they incur large fines that could be avoided.  You also need to consider the happiness of staff and patients who can become demoralised when vital pieces of equipment can't be located for extended periods of time.  In some cases staff begin 'hoarding' equipment to ensure they can use it when they need it, this is costly behaviour that we've proven can be reversed.


In Summary

The scenario I described above is achievable and is very close to production in a leading UK hospital I have designed for.  The technology gap is currently the Workforce Management applications that integrate the   Context-Aware-Services with things like porter systems, patient systems, nursing systems and VoIP telephony systems.  There is a huge demand for mobile applications in healthcare that improve efficiency.  Nervecentre are one of the early adopters in the UK for this area and I wish them well as they are a great company.

My final thought here is that some customers will be put off by the technical complexity of the solution and the fact that it isn't cheap.  But I have evidence that the cost-benefits far outstrip the TCO... so why not invest in a futuristic and efficient 'context-aware' hospital?

Sorry! Final, final thought for customers out there... Don't try and save money on the site survey it's the most important part of the design.  Find a professional outfit with experienced engineers and expect them to want to perform their own site surveys.  This has bitten many customers before!

Wednesday, 14 March 2012

Hotspot 2.0

First generation Wi-Fi hotspots haven't been popular.  They are generally used in an emergency only.  Users dont want to make credit card payments to multiple providers as they move around.  The Pay-As-You-Go billing model never matched up with 3G which uses Mobile Operator contracts to make payment, and roaming easy.  With the introduction of 4G (LTE) offering Wi-Fi speeds the Mobile Operators had pushed PAYG Wi-Fi into a corner.

In addition to the introduction of LTE, many Mobile Operators are looking to provide 'small cell' 4G which effectively works like a Wi-Fi access point. It's an OFDM radio offering data connectivity to the Evolved Packet Core.  These "pico cell" access points are being installed to high streets and they have the benefit that interference is unlikely as each installation must be registered with the RF regulator.


Consumers are much more likely to add a 4G package to their contract than use PAYG Wi-Fi.  This change in consumer behaviour means that Wi-FI will be used where there is no mobile coverage.  Or where the user density was too great for the cellular mast to meet demand.


So, lets talk about Hotspot 2.0


What is Hotspot 2.0?
Also known as Wi-Fi Certified Passpoint, Hotspot 2.0 is a new approach to public access Wi-Fi.  The idea is for mobile devices to automatically join a Wi-Fi subscriber service whenever the user enters a Hotspot 2.0 area.  The intention is to provide better bandwidth and services-on-demand to end-users, whilst also alleviating mobile carrier infrastructure of traffic overheads.

How will it work?
Hotspot 2.0 is based on the IEEE 802.11u standard.  Which is a new set of protocols to enable cellular-like roaming.  If your device supports 802.11u and you are subscribed to a Hotspot 2.0 service you will automatically connect and roam.

Where will I get it?
I would expect early adopters will be the current Wireless ISP's (BT Openzone, the Cloud, etc) and mobile carriers (T-Mobile, Vodafone, etc).  There is already a significant footprint for WISP services in event venues, hospitality, etc.  So for example, if I am a T-Mobile subscriber and they have a partnership with BT Openzone my handset will automatically join BT Openzone HS2 locations.  The consumer contracts are held by the mobile carrier, so I would assume that the data offload would be cross charged to T-Mobile.

When will it arrive?
The word on the street is of late 2012 for Wi-Fi Alliance ratification and device support and early 2013 for usable services.
  There is certainly a demand from Wi-Fi owners (who will generate income) and end-users (who get better bandwidth and services).

How is it setup?
It's a bit too early to tell, but I would speculate that the Wi-Fi Internet Service Providers (WISP) will need a Hotspot 2.0 'integrator' to audit the WLAN for readiness.  Once everyone is happy that the WLAN meets minimum standards the integrator will configure the WLAN edge infrastructure for a single service which uses cloud-based AAA to authorise the client.  The best thing about 802.11u is that a single SSID is broadcast and carries information for multiple subscription services, so the airspace remains clean.  The client devices will be authorised using 802.1X with EAP (TLS, TTLS or SIM).  This is likely to need an app on the client side to act as a dot1x supplicant.  A key feature within 802.11u is the ability to pre-associate and test Internet availability.  This should avoid 'stranded clients' when faults exist.

Conclusions
Hotspot 2.0 is great in concept, a secure 'turnkey' guest service is what customers want.  They also want to revert to a third party for the 'onboarding' of user accounts.  This solution also offers revenue for the Wi-Fi owner and a free service for visitors. 'Everyones a winner' as they say.... 

The technology champions have a big task ahead to get this kind of collaborative service into production.  However, there seems to be a strong appetite and early trials are under way.  So we can assume that there are few core organisations driving progress.  Hopefully we'll see a 'Hotspot 2.0 forum' of top-level SP's who offer roaming services, with international agreements for roaming abroad.

We can also assume that there will be a minimum requirements spec for WISPs to adhere to.  From an RF design perspective the goal will be to support high-density client counts.  However this will be difficult to define, for example a football stadium is vastly different to a hotel.  So from layer 1 up there will be challenges to ensure Hotspot 2.0 services meet expectations.

I'd be interested to see how Hotspot 2.0 competes with 4G/LTE for HD environments like outdoor sports and event venues?  If anyone has compared these two technologies please feel free to comment!

Marcus Burton from CWNP has also written a great blog on this topic

Friday, 6 January 2012

Blog Background

A little background on the blog...

Who am I?
I'm a network architect / engineer / consultant from the UK. After writing a paper on WLAN security for my dissertation in 2003 my career in WLAN began.  I've progressed from autonomous access points to large-scale enterprise WLAN solutions.

Why am I blogging?
My intention is to feed into the already excellent Wi-Fi professionals blogging community that exists.  I will be sharing my experiences on WLAN design, deployment and support.  This will mostly be Cisco from a vendor perspective and hopefully some cool emerging technologies.

I hope you find the blog useful :)