Architectural Considerations

Architecture is a framework of components, concepts, and practices that acts as a guide for an underlying design. A robust architecture ensures that the actual WLAN solution meets the predetermined goal for the organization while providing sufficient flexibility to manage the various engineering and operational tradeoffs that WLAN technology requires. As such, it is important that the architecture act only as a guide or baseline and not as a blueprint. This section provides recommendations for setting realistic expectations and guidelines when defining your WLAN's architecture.

WLAN Expectations

The definition of your WLAN architecture should begin with identifying and scoping your expectations and goals. A clear understanding of the business needs for WLANs will simplify alignment between technology solutions and business requirements, and will facilitate the definition of a relevant and specific WLAN architecture. The successful WLAN architecture, therefore, relies on the business considerations, as discussed in Chapter 2, and the provisioning strategy, as outlined in Chapter 3.

When you define your WLAN architecture, focus on two distinct technology alignment challenges:

• Alignment with business requirements

• Alignment with user requirements

To support the business, the WLAN architecture should facilitate and support the generation of a net positive value in the form of strategic, operational, or technological benefits. To effectively support the user, the architecture needs to take into account parameters such as usability, convenience, access, availability, and support. If the WLAN is not easy to use, is subject to poor coverage or uptime, or has little user support, the total WLAN experience will not be positive, resulting in little or no use of the infrastructure investment.

Key Components for an Effective WLAN Architecture

WLANs are justified by benefits such as providing mobility to the workforce, reducing the cost of infrastructure for sporadically used locations, and increasing productivity by keeping mobile users connected. As highlighted in Chapter 2, the business case for WLANs relies on your ability to identify the organizational benefits that WLANs can enable. Identifying which services and applications the WLAN must support is key to building a robust, relevant, and sustainable architecture.

Without a thorough understanding of what is demanded from the wireless communications infrastructure, there is a high probability that you will either undershoot or overshoot supply. Your WLAN architecture thus becomes the vehicle that guides and ensures proper alignment between infrastructure demand and supply. The key components for the step-by-step development of a successful WLAN architecture are

• Determining the goal of the WLAN

• Defining the scope of your WLAN

• Developing your timeframe to deploy

• Considering IT security requirements

• Identifying the types of users and devices you want to support

• Establishing an operational support structure and process

The following sections describe each of these considerations in more detail.

Determining the Goal of the WLAN

Because of increased adoption, more applications and services are being layered onto the WLAN. However, the number of applications utilizing wireless transport is not the only factor that is changing. The characteristics of the applications themselves are changing as well.

Traditionally, WLANs in enterprises were intended only for data traffic. The key applications were typical business productivity tools such as e-mail, web browsers, calendaring tools, and messaging. These applications produce network traffic that is irregular and noncontinuous. Periods with high network utilization are followed by periods of low network utilization, and the duration of both these periods is unpredictable. The applications are considered "bursty" as they load the network in bursts.

As WLANs became more prevalent, they started to become the preferred means of network connectivity. This resulted in bandwidth-intensive and potentially latency-sensitive applications such as video also migrating onto the wireless medium. The challenge created by these applications is that they demanded a different type of service by the network. Best-effort service became insufficient as these applications required high throughout and deterministic behavior.

A common issue with networked applications is that they are developed with little or no consideration for the resources they require from the communications infrastructure. Application developers take into consideration the notion of the network but typically fail to consider bandwidth and latency implications. The (false) assumption is that the network is always available, that bandwidth is unlimited, and that congestion and delays do not occur. As such, even though the applications and the network are tightly coupled, they are typically developed and deployed as independent components.

It is exactly this decoupling that creates the burden of carefully planning your WLAN if you want to successfully support the extension of your applications to the wireless environment. Hence, you should start with the premise that the average application is not aware of the transport medium it is using. They treat the networkwired or wirelessidentically.

The challenge of applications not being aware of the network is compounded with WLANs. Indeed, most applications are developed for the wired environment. Specific characteristics of WLANs are their lower throughput and higher latency than their wired equivalents. This is typically not a problem for the bursty applications. However, WLANs can cause additional challenges for applications that demand high data rates or deterministic behavior.

The interaction between applications and the network is only one of the challenges that must be tackled when defining a WLAN architecture. Defining a wireless architecture to support voice and video also introduces specific problems that must be considered. The considerations include provisioning sufficient bandwidth for latency-sensitive voice and video streams, implementing a quality of service (QoS) solution, and ensuring fast roaming capabilities between cells. Refer to Chapter 4, "Supplementary and Complementary Services," for additional details on supporting voice and video in WLAN environments.

Defining the Scope of Your WLAN

The scope or footprint of your WLAN deployment is one characteristic that you can easily define from the start. However you define itsmall, limited, partial, full-scale, or ubiquitousthere is a boundary to which you can adhere. Although the scope of your WLAN deployment has a larger impact on the planning and implementation phases, it also plays a role in the architecture.

The architecture must formalize and document the coverage your WLAN provides. The formalization of the scope serves as a guide to ensure that you neither underengineer nor overengineer your WLAN solution. Underengineering occurs when you provide insufficient resources to provide the intended degree of service. Examples include inadequate coverage due to not deploying enough access points or failing to incorporate the proper IT security standards for your organization.

Overengineering is the inverse case. This happens when more resources are supplied than are strictly needed to implement your desired solution. In this scenario, you will have squandered both time and money. An example of overengineering is deploying too many access points. In this case, you could either be overlapping coverage of access points or providing coverage in areas where there is no need for WLANs.

A key consideration when determining the scope of your WLAN is how you intend to provide operational support. Today, enterprises that extend their global reach must deal with an increased number of operational issues. Examples include selecting a scalable strategy and platform for managing the WLANs RF spectrum as well as potentially hundreds of access points and thousands of client devices.

Leverage the scope as defined in the WLAN architecture as a planning tool. This structured approach makes it easier to determine how you offer support at the different levels of the fault resolution path, and how you plan to handle onsite resources for troubleshooting. Refer to Chapter 8, "Management Strategies for Wireless LANs," for operational considerations and recommendations.

Developing Your Timeframe to Deploy

The next step is to develop a timeframe for deployment. In this case, time refers not only to the time when you begin a deployment, but also to the time it takes to complete the deployment. The proper mix of time, as it relates to the preparation, planning, design and implementation, is fundamental. Two aspects of time concern WLAN architecture and design:

• Making timely decisions

• Implementing the decisions before they outdate themselves

Wireless data networking is no longer a budding technology. It has built up momentum to a point where aspects of the technology are quickly superseded by more advanced features and functions. Figure 5-1 illustrates that as the time to deploy becomes extended, the probability that technology features will make a significant jump becomes greater.

To manage the time it takes to deploy, adopt the following practices when defining the architecture:

• Stay familiar with developments in WLAN technology Set a goal of staying abreast of standards to ensure that the technology does not date itself. Establish a frequency and process that evaluates the market, and build a matrix to align the technology with the overall business direction.

• Break up requirements into sections By segmenting your business needs, you can align your technology solutions more easily and efficiently. Build a roadmap of the follow-on technologies that can be adopted without requiring a major change in the architecture.

• Remind yourself that the architecture is only a framework The architecture should not become so detailed that it impedes the growth of the network. Maintain standards but avoid defining specific engineering details in your WLAN architecture.

Considering IT Security Requirements

Many enterprises were reluctant to adopt wireless LANs because of the perceived security concerns. The main causes for worry lay in the unbound and uncontrolled nature of the RF transport medium. However, many tools and solutions have been developed that allow you to build a WLAN that is at least as secure as its wired counterpart.

The WLAN architecture plays a key role in securing your WLAN because it explicitly identifies which components must be incorporated as well as their interdependent relationships. The architecture thus effectively defines the security chain, the policies that must be adhered to, and the procedures that must be followed to secure your WLAN.

Because each WLAN component contributes in either a constructive or destructive way to the robustness of the security solution, you must first identify each of these components. Examples of the components include the following:

• Passwords

• Authentication and access methodology

• Encryption and hashing standards

• Devices and their respective operating systems

Note

Robust passwords form the foundation of security because they are used to unlock the gate to the system. They should be sufficiently strong to prevent easy guessing or hacking. Exhaustive, brute-force methods can uncover all but one-time passwords, therefore, the strategy for common passwords is to make discovery as challenging as possible. Require the use of both uppercase and lowercase alphanumeric characters in addition to special characters. Furthermore, the more characters you use in a password, the stronger it becomes. You should use no less than a 10-character password. Two examples of robust passwords are Ci$cOPr3## (Cisco Press) and G@W1re!3zz (Go Wireless).

Next, the WLAN architecture must define how all the components are interrelated. This process not only ensures that there are no gaps in the security chain, but also that weaker links can be strengthened or more actively managed to provide a holistic and robust security posture. Clearly define the authentication and access methodology, the selected encryption standard, and key management policies.

The security policy and procedures that you define in your WLAN architecture must then be applied in the design, implementation, and operation stages of your WLAN's lifecycle to ensure that security considerations are not only included but also overarching. Chapter 7, "Security and Wireless LANs," details solutions and recommendations for tackling the challenge of constructing a secure WLAN.

Identifying the Types of Users and Devices You Want to Support

An important architectural consideration is the target audience. This aspect of the WLAN architecture is directly related to the people or devices and how they use the WLAN. Every usage profile has its own distinct set of considerations that needs to be included in the architecture. To simplify the challenge of incorporating user and device considerations in your WLAN architecture, start by segmenting the WLAN user-community by identifying common usage profiles.

The concept of user classes was introduced in Chapter 3. Classifying users allows you to determine the degree of relevance of WLANs for subsets of the user community. Classification is performed by grouping users who share common attributes. These profiles are based on the users' characteristic requirements that include their primary applications, degree of mobility, bandwidth and latency restrictions, level of security, and typical hours of operation.

Chapter 3 uses the segmentation in function of mobility needs to define the different user classes. The classes are named standard, mobile, roaming, hot-desk, and guest. You can opt to use the aforementioned classes, or you could, for example, simplify classification into three classes:

• Highly mobile

• Partially mobile

• Nonmobile

Your WLAN architecture must not only identify the different user classes, but also specifically formalize how the WLAN will support each of the respective classes. Figure 5-2 shows an example of a breakout of users in function of mobility needs. A sample of job roles has been added for illustration. Note that this is an illustration only and by no means definitive. For example, a factory worker might need no mobility in one type of role (manufacturing) but require high mobility in another role (warehouse management).

In addition to the WLAN user considerations, the architecture needs to identify which devices can or must be supported. When thinking about devices, focus on physical attributes. These include tethering, battery life, interoperability, computational horsepower, durability, and control on placement.

For example, clients might be intelligent and mobile such as laptop computers, or dumb and fixed as, for instance, printers and cameras. Handheld scanners can be used for a finite amount of time before their batteries run out. Finally, the placement of PDAs is hard to control, creating potential security hazards.

Different devices have capabilities and limitations that, if supported correctly, ensure performance at the desired expectations. The architecture must frame which devices will be supported by the WLAN and provide guidelines regarding their expected performance, potential pitfalls that are unique to the wireless environment, and problem mitigation strategies.

Plan for the use of devices of different manufacture. Although standards exist, each device is certain to carry its own inherent features, which can result in future compatibility challenges. In the enterprise, where enforcement of standards can be more readily managed, it might be easy to control such issues, however, there are instances where this is not the case. A prime example is a university deployment. In providing access to its student body, a university needs to support a broad assortment of end devices, operating systems, and client software.

Have your WLAN architecture provide a framework and guideline for how you will support your heterogeneous client base in a comprehensive and structured manner. Explicitly define the different user classes and their respective application characteristics and include details on how the specific devices will be supported.

Establishing an Operational Support Structure and Process

You manage the WLAN through provisioning and operational control. Provisioning is the management of systems or devices by sending configurations down to them. You can do this actively or passively. Active provisioning is a repeat process, such as a nightly download. Passive provisioning is performed only when a change is required.

Operational control is the traditional network management whereby systems and devices are monitored. Reactive operational control is performed by waiting for an event or alert and then acting upon it. Proactive operational control is performed by examining data for trends or capturing signs of trouble before an event occurs.

Given the importance of post-deployment support, your WLAN architecture should explicitly define expectations and baseline standards for the WLAN's operational support structure. This should be the case irrespective of the actual management strategy you already have or want to put in place. Strike a careful balance between customization, complexity, and value because too much customization will likely yield diminishing returns. Refer to Chapter 8 for more details on recommended operational practices.