Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player

Content on this page requires a newer version of Adobe Flash Player.

Get Adobe Flash player


Home Perimeter Security Control Rooms Company Introduction Wieless Infrastructure Fibre Optics Vulnerability Assessment Access Control Integration CCTV Time & Attendance Contact Us

WIRELESS BEST PRACTICE

Back

Planning considerations

With a vision and funding, you are ready to start planning the WLAN deployment. It is critical to understand and validate the WLAN requirements in detail. To ensure you’re delivering the highest quality WLAN experience, it’s a good practice to map out the following:

If the WLAN is mission-critical, you will need to factor in the requirements for fault tolerance, load management, and a comfortable performance margin. Keep in mind that with a reliable wireless service, you may find your user population rapidly adopting it as their primary service vehicle. Who and where is the potential wireless population to be served? What is the size of your user population? Where are they located? How and when are they likely to use wireless? Knowing as much as possible about your wireless users will help you synthesize design requirements for access, performance and the scale of your WLAN infrastructure. What services will the WLAN support?

Will wireless be an overlay to the existing wired network or will it be the primary network?
If the WLAN is mission-critical, you will need to factor in the requirements for fault tolerance, load management, and a comfortable performance margin. Keep in mind that with a reliable wireless service, you may find your user population rapidly adopting it as their primary service vehicle. Will it be ready? To assess performance requirements, it is important to determine the applications and services that may be used over the WLAN. Will you support applications with real-time, latency sensitive traffic such as video and voice? Real-time services demand guaranteed delivery times; furthermore, video can consume a great deal of bandwidth. You must determine the extent to which your population will use these services, during what times and in what geographic locations.

Will you serve outdoor spaces as well as indoor? Deploying outdoor Wi-Fi requires additional considerations including the WLAN’s proximity to the wired network, topography and the potential AP locations/mounting options. Outdoor WLAN equipment is expensive and deployment requires personnel with RF expertise. Experience has shown that many buildings enclose outdoor areas of interest, making it possible to serve an outdoor space from an indoor window. This can greatly reduce the cost and complexity of providing outside coverage.

What is your security policy?

Security can be a mixed bag. Everyone wants it but many are not willing to tolerate the overhead it imposes on access or IT administration. You must determine the trade off that your organization is willing to make. Most likely, some form of network access control will be required. Standards such as 802.1x enable per user access control of wireless users through external authentication servers such as RADIUS or Active Directory (AD). Guest access is a desirable service, giving temporary and limited authorization to select users whose access time is bounded. Typically a captive portal is used as a convenient, web based front end to provide guest credentials.

More often than not, access control is not enough. Some form of encryption “over the air” is desired to insure the integrity and privacy of the wireless content. Again, Wi-Fi link layer encryption can provide the answer through standards such as WPA and WPA2, depending on the desired strength. These encryption methods require a pre-shared key to be given out to each WLAN client. Key administration is an overhead that needs to be factored into the ongoing operational cost of the WLAN.

Have you really looked into the future?

Don’t underestimate the user appetite for wireless. If your
coverage is not ubiquitous on day one, at least spend time up
front to verify that your WLAN design is scalable to provide
ubiquitous access when the need arises. Don’t underestimate the user appetite for wireless. If your coverage is not ubiquitous on day one, at least spend time up front to verify that your WLAN design is scalable to provide ubiquitous access when the need arises. Multimedia support may not be a current concern. However, applications and devices are converging. It is just a matter of time that the network will be tasked to support converged services — video, audio, graphics, interactivity, etc. Fortunately, 802.11n, a new Wi-Fi standard for delivering several times the capacity of current 802.11g is available in business class 802.11n products. Nevertheless, a solid QoS implementation is always a necessary insurance that the network can support diverse traffic types, applications, devices and users.

WLAN design

With the detailed requirements in hand, you can now design a WLAN that meets your capacity, coverage and performance goals today with a path for expansion whenever the business demand arises.

Determining the required capacity

In general, a typical wireless user consumes no more than 250Kbps bandwidth on average. Here are some typical service rates:

SAMPLE BANDWIDTH RATES

Network Need   Sustained Data Rate
Casual Data   1 Mbps
Mission Critical Data   10 Mbps
Voice/Video   20 Mbps

Voice doesn’t take much bandwidth but it requires guaranteed bandwidth. Video on the other hand will create a major impact on bandwidth consumption. Surveillance video requires less bandwidth as frame rates and resolution are typically much lower. However, low cost surveillance cameras do not have the latest compression technology so the bandwidth required is not insignificant either.

A good assumption to use in AP capacity planning is 1-2 Mbps per user for data and 5-10 if you think video will dominate. The average TCP throughput of 11g APs is approximately 20-30 Mbps, while an 11n AP can often deliver 75 Mbps or more in a typical open office environment. However, the average TCP throughput is much lower, depending on the number of clients on the AP.

Determining coverage area Like a cellular base station, each AP defines coverage geography with a maximum radius determined by available signal power and signal attenuation from objects that block the communica- tions path. If the user population exceeds that in a given geography, the only way to increase the capacity is to add more APs into that geography. This must be done in such a way that each AP does not interfere with its neighbor.

A good way to accomplish this is to set a different operating frequency for each AP within an area. For 802.11b/g there are three non-overlapping frequencies, channels 1, 6 and 11. For 802.11n there are 23 non-overlapping frequencies.
Select the appropriate frequencies for each AP to allow increased capacity with minimal interference between the APs.

Security integration

If you already support a centralized AAA (authentication, authorization and accounting) service, you’ll probably want to integrate it with your WLAN infrastructure. I3S Security Solutions recommends making use of hardware that supports 802.1x allowing for authentication handoff to standard centralized AAA services such as RADIUS or Active Directory. Examples of popular RADIUS servers include FreeRADIUS and Juniper’s (previously Funk) SteelBelt RADIUS. Most new hardware systems comes standard with internal authentication database features that has a limited authorized users capacity.

I3S Security Solutions recommend that this crucial factor needs to tie in with the requirements of the client.
For encryption and key administration are recommendations, the technology should provide the ability to automatically configure each client device with the requisite wireless settings including a unique, dynamically generated encryption key. This eliminates manual key administration while assuring the integrity of the encryption system.

Sighting for Optimization and Installation

It should be considered that the reality of deployment must provide a great deal of margin to make up for moderate differences between the design and the real environment into which the APs are deployed.
Nevertheless, it’s always a good practice to walk through the planned deployment sites before installation. There can be variations in construction not specified on floorplans, variations in building materials, obstructed access to proposed AP locations and certainly concern for esthetics.

Variation in building materials can affect the propagation of RF signals causing it to deviate from your planned coverage. For example, an AP designed to cover three or four rooms may work just fine through sheetrock walls.

However, if those walls are made of concrete, the AP signals may not propagate beyond the walls on which the AP is mounted. Lastly, building construction may prohibit AP placement where originally planned. Physically sighting AP placement will identify these issues before the installation to save time and money.

I3S Security Solutions suggests the following placement guidelines you should follow to maximize AP performance. All APs should be mounted as high and as visible as possible. Try to avoid any obstructions, especially those in close proximity to the AP. An obstacle half a meter to a meter from the AP will have a much more detrimental effect on performance than one located 5 meter away.

Indoor coverage

The ideal orientation of an AP is ceiling mount (especially if power or network cables are easily available there). AP’s can also be placed horizontal, i.e., flat-side down, on top of the highest office cubicles or mounted high on the wall using the horizontal wall-mount plate supplied with each AP. Wall mounting the AP vertically, i.e., with the dome pointed sideways, should only be done on the “outside” walls as this orientation creates a shadow behind the flat-side of the AP.

Outdoor coverage

If you need to provide Wi-Fi access outdoors, consider the possibility of extending the WLAN coverage from inside. Placing an AP next to a window may be adequate for the desired coverage without the added expense of outdoor mounted APs. It also makes the AP much more accessible for servicing. Experience has shown that many buildings enclose or adjoin outdoor areas of interest making this a viable option. Make sure to verify the type of window glass through which your signals will travel. Older buildings may have glass that contains lead which can affect signal propagation.

3rd party interference

Wi-Fi uses license-free RF spectrum. This means that any interference occurring within that spectrum must be tolerated. In other words, you can’t control interference from other devices legally sharing your radio spectrum. Examples for such devices are cordless phones, microwaves, adjacent APs, and Wi-Fi clients. If Propriety networks are used the bandwidth and frequency can be altered within the spectrum by making use of a spectrometer to determine the interfering frequency. During your walking tour, determine all potential sources of interference. By adjusting AP placement you’ll likely eliminate much of the interference.

System Pilot and Installation It’s best to test your environment with one or two pilot APs before proceeding with the entire installation. As RF can be affected by many variables, your actual performance may vary from the planned design. If you’ve done a thorough job gathering require- ments and sighting the installation, that variation should be minimal. In any case, it’s much less costly to find and correct problems in the design before you roll out the entire installation. A pilot will also help to wring out any integration issues with the wired network that may have been overlooked during the design. Select an area to pilot that best pushes the limits of the design. It is also an excellent opportunity to test the support tools such as software upgrades and the management dashboard.

Once you’ve achieved a successful pilot, starting a systematic production rollout is prudent. You may still encounter site-specific problems.

System Operation, Maintenance and Growth During operation, you’ll need tools to assist with monitoring your wireless network’s performance. Without the correct tools the task can be daunting. In addition, there are a variety of excellent third- party online tools available at a minimal cost or for free. For example, there are two outstanding open source offerings known as AirSnort (based on the popular Snort package) and Kismet. AirMagnet offers tools for debugging RF problems in the field as well as tracking down offending APs or wireless clients. WildPackets and Cognio offer a line of Wi-Fi analyzers that monitor RF spectrum plus capture and analyze individual wireless packets or protocol dialogs. Other excellent free tools are NetStumbler and Wi-Spy.

Experience has shown that checking the performance and availability of your WLAN from the clients’ perspectives gives the ultimate indicator of your system’s health. Taking a proactive approach allows you to find problems before your users do and will help you maintain high availability in your wireless network.

When it comes to growth, a big advantage for a centralized WLAN is that it scales very well. When set up correctly, high end equipment will reject connections before they run out of capacity. Online tools will help you monitor, set thresholds then inform you when connections are being rejected indicating the need for more capacity. Adding that capacity is now a matter of placing additional APs in the geography.