Buyer's Guide to Enterprise WLAN Controllers
Treating wireless APs as independently-managed elements is impractical. Enter WLAN Controllers, which often centralize both administration and processor-intensive control tasks.
Now that wireless LANs have matured as a technology, many enterprises are ready to pursue broader mobility initiatives. Contemporary WLANs use 802.11n (Wi-Fi) technology to deliver high-speed access to business systems throughout buildings, campuses or an entire enterprise. In many locations, WLANs have started to replace wired Ethernet as the primary access method for both mobile and fixed client devices, from laptops and phones to printers and cameras.
Enterprise WLAN products sold by market leaders Cisco, Motorola and Aruba all use WLAN Controllers to supervise access points (APs) deployed throughout coverage areas. Controllers were pioneered by Airespace and Symbol to facilitate scalability in early enterprise WLANs. As APs grew in number and complexity, treating each as an independent network element became impractical. WLAN Controllers were introduced to centralize administration and processor-intensive tasks, simplifying "thin APs" and reducing expenses.
Although "controller-less" alternatives have since emerged, controller-based WLANs are commonly deployed today to meet a variety of enterprise mobility needs. The specific business needs of each enterprise and site may differ, but the following factors, capabilities and requirements should be considered when purchasing any enterprise WLAN Controller.
Start by identifying how each prospective WLAN product line would fit into your enterprise network, paying close attention to the role played by WLAN Controllers.
- Data plane: Wireless APs can be used for access, bridging or backhaul. Design your WLAN topology by selecting AP models and determining how to pair them with Controllers by considering users per site/segment, local vs. remote traffic flows, aggregate throughput,and acceptable latency. Estimate uplink requirements from AP to Controller and from Controller to core network, keeping in mind that local data can often be forwarded by APs directly. Look for scenarios where Controllers participate in the data path for example, VPN tunnels or hybrid Controller/APs to identify potential bottlenecks.
- Control plane: Contemporary WLAN Controllers usually focus on control plane tasks: real-time decisions related to network operation, routing, security, quality of service, etc. For example, Controllers may enforce policies related to radio resource management, authentication, traffic filtering and prioritization. However, task distribution between Controllers and APs or WLAN Managers can vary. Flag any dependencies on centralized systems that could prevent remote Controllers or APs from operating at full functionality.
- Management plane: Today, enterprise WLAN vendors offer network management products to centralize non-real-time administrative tasks, such as provisioning, firmware update, fault surveillance and security monitoring. However, Controllers still serve as a conduit for communication between NOC WLAN Managers and distributed APs. Furthermore, WLAN Controllers often perform some local management tasks solo. For example, a branch office Controller might support guest registration or store AP firmware for local deployment. Examine per-site management needs to identify related Controller requirements.
Don't assume that any given WLAN Controller provides only control plane functionality -- or that every "thin AP" cannot operate in the absence of a Controller. As architectures evolved to meet high-throughput and real-time network demands, once tidy divisions blurred. Many vendors sell branch office products that perform data and control plane functions in a single box. So don't get hung up on product names focus on their capabilities, mapped to each site's requirements.
When evaluating any product that claims to deliver WLAN Controller functionality, what are the key capabilities and features that should be considered?
- AP discovery and provisioning: Most enterprise WLAN Controllers use discovery protocols like CAPWAP to let APs find nearby Controllers, join a WLAN, and be automatically provisioned for operation. Additional capabilities may include support for AP load balancing, Controller clustering, and "zero touch" AP deployment aids.
- Radio resource management: WLAN Controllers can usually assign channels to APs statically and dynamically in response to co-channel and RF interference. Controllers may also adjust transmit power to reduce interference and optimize cell size. Further capabilities may include algorithms to fill coverage holes when an AP goes down, minimize impact of channel changes on real-time applications like voice, and AP-based RF spectrum analysis.
- Authentication: WLAN Controllers often support a variety of authentication methods, from MAC ACLs and captive portal web login to user/group PSKs and 802.1X, by consulting a local user database or enterprise directory. Additional capabilities may include guest management, PSK rotation, RADIUS accounting, NAC integration and session admission limits or load balancing.
- Encryption and Roaming: WLAN Controllers frequently play an on-going role in 802.11i security through pairwise master key caching or opportunistic key caching, helping clients to roam faster between APs under the same Controller. Many products also support secure layer 3 mobility by letting clients roam across subnets without session disruption by tunneling their data through and between Controller(s).
- Firewall and VLAN: WLAN Controllers can often enforce centrally-defined policies related to traffic inspection and segmentation, such as controlling traffic allowed to pass between WLAN segments and the core network or mapping WLAN traffic onto VLAN trunks. Additional capabilities may include SSID and/or RADIUS-based VLAN tag assignment, role-based traffic inspection, and traffic reporting.
- Quality of Service: WLAN Controllers may enforce centrally-defined policies related to 802.11e WMM QoS prioritization and admission, 802.1p/DSCP QoS mapping, traffic shaping, and bandwidth management. Some enterprise Controllers offer application-aware QoS capabilities, such as proprietary voice prioritization protocols or multicast optimizations for video.
- Surveillance: Most enterprise WLAN Controllers play a role in AP fault and security surveillance. For example, Controllers may report on the operational status of APs through a local GUI, to an upstream WLAN Manager, or both. They may also report on nearby rogue APs which have been detected by authorized APs that perform periodic or background channel scans. Additional capabilities may include integrated Wireless Intrusion Prevention (WIPS) or AP-based network troubleshooting.
- Built-in network services: Some Controllers provide built-in network services, such as DNS, DHCP, FTP, or VPN. Such services can turn a WLAN Controller into a complete "branch in a box" solution by eliminating external dependencies. Some Controllers can also be used to host higher-level mobility services like locationing.
- Integrated network hardware: Some Controllers incorporate wired or wired network devices, such as 3G WAN cards, 802.11n APs, or Ethernet switches. For example, 3G may be included for high-availability (failover from LAN to WAN uplink). Integrating an AP and a few Ethernet ports not unusual for an entry level / branch office Controller.
According to Gartner, 2010's top-selling wireless LAN infrastructure vendors were Cisco Systems, Aruba Networks, and Motorola Solutions. Other vendors offering enterprise WLAN Controllers which fit into this category include Meru Networks, 3Com, Enterasys, Ruckus, Juniper (Trapeze), Xirrus, and Bluesocket. Note that a few vendors have also begun to offer WLAN Controller "cloud" services, including Meraki and D-Link (PowerCloud).
To better illustrate the breadth of products in this category, EnterpriseNetworkingPlanet will profile a few WLAN Controller products lines over the next few weeks, including the Motorola RFS 4000 Integrated Services Controller, Aruba 600 Series Branch Office Controllers, and Cisco 5500 Series Wireless Controllers. So stay tuned!
Lisa Phifer owns Core Competence, a consulting firm focused on business use of emerging network and security technologies. An avid fan of all things wireless and frequent contributor to Wi-Fi Planet, Lisa has reviewed, deployed, and tested 802.11 products for nearly a decade.