To make sure nothing slips past, it is best to have identity management integrated into the network operating system. It is also better not to rely on any single identification mechanism, but rather to include:
- 802.1x identification, and even multiple supplicant implementations.
- Kerberos Snooping for Microsoft Active directory users.
- If neither of the above applies, the user can be quarantined and restricted to a captive portal to authenticate to the network.
- Guests to be offered an open VLAN for Internet access, but ideally the access should still be controlled to allow only a selection of relevant services such as Google, e-mail or Linked In.
Here again the advantage of a unified data plane is that the identity management is deployed right at the edge of the network rather than being sent to the central controller. Ideally all the access points should support identity management features by default, and that all user identities can also be monitored centrally to see who is on the network wherever they are and whether wired or wireless.
Choice of hardware
Different situations require different physical configurations: integrated or external antennas, mounting on wall or ceiling and so on. Look for a comprehensive hardware range that includes all the features you need in all configurations.
The correct choice of wired switches is also important for supporting a unified data plane. The best wired edge switches are designed specifically for this purpose and support a single easy-to-use operating system including identity management, stacking and many other advanced edge features across the infrastructure from access point to the core without needing customisation.
A good management solution will do much to simplify management and maintenance and so reduce the operating cost of the wireless network. As well as monitoring and surveying the network, it should provide detailed diagnostic tools and deliver reports to assist the manager.
Keeping costs down
As more employees join the BYOD trend, the time and management costs may keep rising. A correctly designed network, however, with a unified wired/wireless data plane and purpose-built operating system, will not only scale seamlessly but also remains secure and manageable.
Here are the key points:
- A simple, intuitive command line interface (CLI) purpose-built for switches will simplify changes and upgrades.
- A single operating system across all devices will simplify upgrades.
- Policy-based control software will apply the same policy to every application point of the same type, saving a lot of repetitive work.
- The controller should automatically extend software updates across all the access points without requiring manual work.
- A comprehensive range of access hardware should allow you to choose the optimal access device for the optimal placement - saving installation costs and reducing waste.
- Today's more intelligent access devices and controllers employ Smart RF to automatically adjust power and channel settings for optimal performance, even allowing for outages and interference. This reduces the risk of cross channel interference and saves a lot of fiddly adjustment of individual access points.
Sign up for Computerworld eNewsletters.