The Cloud - Like a first date...

/

I’ve been asked numerous times over the past few months on whether or not clients should be using the cloud.  The original “cloud” providers were web hosting organizations.  These providers provided redundant internet paths, redundant hardware, networking infrastructure, power, cooling and all the bells and whistles now touted by some of the larger cloud vendors.  They simply “rented” space on their physical hardware for a low monthly price.  Many customers chose to host their web content on external providers assuming that a dedicated provider would be able to patch and maintain a web server much more efficiently than their own staff.  While true, much of the web content hosted 10 years ago was static content, contained really no sensitive data and was accessed by relatively few individuals.

Fast forward to 2011 and the explosion of on demand services, hardware, virtual-desktops, hosted Microsoft Sharepoint & Exchange, hosted apps like SalesForce give organizations a choice between in-house or in-the-cloud.  These dynamic applications rely upon a tremendous amount of information being stored and hence the security concern.  We all understand that security is a trade-off between risk and cost.  The more money you spend on security should buy us additional security, but at a certain point the risk / reward just doesn’t make sense.  We should take the same approach to the cloud.  Many clients today are conducting SoS (Statements of Sensitivity) on applications.  Depending on the level of risk an organization is willing to undertake with specific applications may make them perfect candidates for the cloud.  For example, an e-commerce site with a limited number of products and a hosted payment page may be a perfect candidate to try out the cloud.  By completing a statement of sensitivity it may become clear that there isn’t a tremendous amount of risk or exposed data.  Why not use this as your cloud trial?

In 2010 Tiffany Bova from Gartner hosted a session and described the cloud as simply a different method of service delivery – perhaps we should think of the cloud as we did with virtualization six or seven years ago, start with some light weight, low resource intensive applications that aren’t mission critical to get comfortable with the cloud infrastructure.  Who knows?  You just might like it – just don’t wait 3 days to call it back.

Eugene N.

This post deals primarily with the concept of 'public cloud'. If you have questions or comments regarding this subject, or would like to talk to someone regarding the distinction between public, private, and hybrid cloud, please leave a comment or contact us via our contact page.

Streaming Video vs The Corporate WLAN

/

Sometimes words are just not enough, but seeing is believing.

The picture, above, shows the results of a little lab test I did to see just how much of the available wireless spectrum streaming video would consume. For this test, I recorded three seperate video sources:

  1. YouTube 1080p.
  2. Netflix using the Good Quality setting - upto 0.3 GB/hour.
  3. Netflix using the Best Quality setting - upto 1 GB/hour.

A proper explanation of everything shown in the picture is a bit beyond the purpose of this blog post, but I will try to highlight the important bits:

  • There is a noticable increase in wireless activity during each video. In fact, the duty cycle during the YouTube video was up to 73 percent! Put another way, anyone else trying to access the network via that access point would have been very annoyed.
  • Even at the Best Quality setting, Netflix was not as 'spectrum-unfriendly' as YouTube.

As we allow more and more bring your own device (BYOD) access in the enterprise, we need to make sure we have a plan or policy for dealing with this type of traffic. The spectrum available to WLANs is not limitless. Left unchecked, a few streaming videos at the office could have a major impact on the proper functioning of wireless applications and VOIP capabilities. What's your strategy for dealing with the type of traffic? Do you block it entirely? Do you block it on the WLAN and allow it on the LAN? Rate limit? Whatever you decide, you want to make sure it is you making the decision and not the BYOD devices.

Dan C.

If you have any questions, comments, or feedback, we'd love to hear from you in our comments sections.

Bonus Question: Based on the picture, can you determine which 802.11 standard was being used and what my theoretical maximum bandwidth was at the time?

Thoughts After Day 3 of Aruba WLAN Training

/

Course complete!. All the gear is factory reset, packed away, and the test has been written and passed. It was a fun three days of configuring, tweaking, and experimenting with wireless controllers, access points, and AirWave, but all fun things must come to an end.

The last day of the 3-day Implementing Aruba WLANs course was a bit like a catch-all day for the topics that didn't fit nicely into the other sections. We covered captive portals, remote APs, Adaptive Radio Management, and Spectrum Analysis. Given the wide choice of topics, it was actually a little difficult to come up with just a few thoughts based on the days activities, but here goes:

  1. As wireless vendors roll out amazing features like remote APs, which allows the office to follow the users regardless of where they are physically located, we will see WLANs positioned nicely to start displacing wires in a more permanent way at head offices and branch offices alike. The ability to control authentication, access, and encryption for wired and wireless users regardless of where they are is very empowering for organizations and I can't see how this won't be a standard offering by all wireless vendors in the very near future. I can already think of a few WLAN vendors who have rolled out remote AP offerings so, as far as I'm concerned, the flood gates have been opened.
  2. Spectrum analysis is a cool feature which can be quite handy when it comes to keeping your WLAN running optimally. However, I can't over-stress the importance of not relying too heavily on having your tools do all the troubleshooting and interpretion for you. Some decisions can be made fairly accurately by tools while others still require human interpretation. The introduction of spectrum analysis by a few large WLAN vendors is definitely a good thing but, like all things in IT, you need to take the time to learn what the tools output actually means so that you can make educated desicions regarding the behaviour and configuration of your WLAN deployment. Spectrum analysis is meant to provide more information which should help us make more informed decisions; the decisions still need to come from a trained WLAN professional though.

I would definitely recommend the Implementing Aruba WLANs course for anyone involved in deploying or administering a small to medium-sized Aruba deployment. For larger deployments involving multiple sites and controllers I suggest taking your training beyond ACMA certification and checking out the Scalable WLAN Design & Implementation course which will prepare you for the Aruba Certified Mobility Professional (ACMP) certification.

Dan C.

If you have any questions about wireless training or are planning a wireless deployment and would like to have a discussion about it, please feel free to contact us or post a comment.

Thoughts After Day 2 of Aruba WLAN Training

/

Day 2 of the Implementing Aruba WLANs course has come to a close and we have managed to make a nice mess of the room. It's amazing how quickly 6 people can fill a room with controllers, access points, cables, laptops, and courseware!

Much like the first day of the course, the second day was very educational. Focusing mainly on authentication, access control, and roles, I'd say this day represented the meat of the course. Here are my thoughts after day 2:

  1. To securely deploy a wireless network you had better brush up on your 802.1X, RADIUS, and PKI knowledge. Home WLANs are not the same thing as Enterprise WLANs; pre-shared keys (PSK) are not a scalable or manageable solution in most enterprise deployments. All SMB, or enterprise WLAN vendors support robust authentication when it comes to wireless networks so take advantage of these features.
  2. Role derivation is awesome! Having the ability to assign specific access policies and VLAN assignments to clients based on device type or group membership is a great way to avoid excessive SSID creation and provide granular control that matches the capabilities and requirements of each user/device. Regardless of the WLAN vendor you are using, I would highly recommned looking into this feature the next time you are thinking about creating a new SSID for a new business requirement. You just might save your self some configuration effort and eliminate needless wireless beacons at the same time.

Overall I'd say day 2 was a success. WLAN security is incredibly important so I was very happy to see that we spent the entire day exploring the various options available to us.

Dan C.

If you have thoughts, comments, or questions about WLAN security, please leave a note in the comments section.

Thoughts After Day 1 of Aruba WLAN Training

/

I firmly believe that the only way to stay on top of the wireless networking industry is to fully embrace the idea of lifelong learning. To me, this doesn't just mean learning new skills and products, but also taking the time to revisit and refresh the things you think you already know. That's why I jumped at the chance to sit in on a three-day Implementing Aruba WLANs course being held at my office. True, I do already have my ACMA, but I attained this back when controllers were running ArubaOS 3.x. Now that ArubaOS 6.x is out, I figured it couldn't hurt to revisit the course and make sure I'm still up to date. Here are a few observations after completing the first day:

  1. Regardless of how simple a WLAN controller is to configure, anyone involved in designing, securing, or administering a WLAN must still understand the underlying 802.11 technology. Fancy wizards and snazzy interfaces are great when things are working fine, but don't expect your WLAN to run as efficiently, securely, or resiliently if you don't know what all those knobs and dials are actually doing. That beings said, Aruba Networks has done a great job improving and enhancing their configuration wizards. These wizards do such a good job of simplifying the basics of configuring your controller(s) that someone could technically get a secure WLAN up and running with very little wireless knowledge or experience. Unfortunately, there is no WLAN Administration Wizard. Until that day arrives, hit the books and start learning the underlying technology. A good place to look for vendor neutral wireless certification is the CWNP organization.
  2. Wireless networks are at a critical, and potentially dangerous, juncture in their relatively short lives. If we spend the time to properly plan, design, and secure wireless networks they have the potential to dramatically affect the way we work and play in a very positive and reliable way. However, if we rely too heavily on the perceived simplicity of deploying wireless networks without doing our homework first, then we are setting mobile computing up for failure or, at the very least, an existence that falls very short of the true potential of wireless networking.

Overall, day one was very informative and a lot of fun. It's always great to see people putting in the time and effort required to properly implement a wireless network. So far the Deploying Aruba WLANs course has delivered what was promised and I am looking forward to sharing my thoughts on the next two days.

Dan C.

Full Disclosure: NCI is a partner with Aruba Networks.