How to boost your business Wi-Fi
Eight steps to a trouble-free Wi-Fi upgrade
There's a sense in many offices that Wi-Fi represents a great break for freedom as if your old Ethernet infrastructure was some kind of authoritarian dystopia. There's something romantic in that idea, but it's apt to turn sour when the realisation dawns that an overloaded or poorly configured wireless network can be every bit as flaky as a wired one.
Indeed, the experience can be even more disagreeable if you don't understand what's going on. I've seen one business resort to adding more and more DSL lines and Wi-Fi-enabled routers, to try to resolve an issue where wireless users were intermittently losing internet access. Nothing helped: in the end, it turned out that the wireless network itself was working fine. The problem was the ISP rotating its live DNS servers in some baroque plan to knock out hackers or spammers.
So lesson one is: before you start planning to upgrade your wireless provision, first of all, ask yourself what the problem is you're trying to solve, and then investigate whether it could conceivably be caused by bugs or bottlenecks elsewhere on the network. If that's the case then a large, expensive Wi-Fi upgrade project may be no help to you at all. You might get better results from simply spending a few quid to replace old trampled patch leads.
1 - 'Boosting' does not mean buying a new router
When people talk about "boosting" their Wi-Fi, they're usually referring to improving the overall speed of the network. However, there's no single way to do this.
In fact, the solution will heavily depend on individual circumstances. It may be that you'll need to strip out and reinstall your entire setup, or it might be case of isolating a misconfiguration that's forcing all your machines to display their busy cursors.And that's assuming the problem is even connected to the network. It could be that an outside device, such as an arc welder that's capable of generating RF interference, is causing your internal network to go haywire. If that's the case, upgrading your router won't solve the problem.
It's important to remember that a robust network is not just a fast one it needs to provide your business with the functions it needs. For example, it may be that you need to manage guest accesses, or control the bandwidth of internal staff, or you may even want to create a honeypot machine to divert hackers away from your main network. Whatever the additional needs of your business, it's likely these will exceed the capabilities of a standard router.
If you're thinking of 'boosting' your business Wi-Fi network, think more broadly than a slightly better, more expensive router.
2 - Remember, it's radio, not X-rays
If you're ready to upgrade your wireless network - or to set one up for the first time - then you should start by taking a look at your premises. You need to work out how you can achieve reasonably uniform coverage. You can do the basic research by just wandering about the building holding a smartphone loaded with a free signal-strength metering app.
There are much more satisfyingly complex devices than that, of course. These may become useful when you have the problem of a wireless footprint that overlaps with that of your neighbours. The issue might be overcrowded channels, or it might be down to the general weirdness of RF signal propagation, which can mean that you get horrific interference from a next-door network that, by rights, ought to be weak and distant.
Almost never is the solution to boost the transmission power of your APs. Turning the power down on your base stations and installing more of them, in collections that make best use of wired back-links and collective operation, is much more likely to fix dead spots and interference than a single huge, throbbing, white-hot emitter in the corner of your office.
3 - Wi-Fi over a single cable
Once you start shopping for business-grade Wi-Fi gear, you'll quickly encounter Power over Ethernet (PoE). This can be a convenient solution for devices that don't draw much power and don't necessarily want to be situated right next to a mains socket.
However, PoE can also be a dangerous temptation to the rookie network designer. "Look, it just runs off one wire - without the annual testing and safety considerations of a 240V mains connection!"
The catch is that the power still has to come from somewhere - most often a PoE-capable switch. This might be a convenient way to work if you want to run 24 access points from a single wiring cupboard with one (rather hot) Ethernet switch carrying the load. But very few businesses require that kind of density of access points. It's more likely you'll have only a few PoE devices.
So for your medium-sized office, you'll probably end up acquiring and setting up additional PoE switches alongside your main LAN hardware - which is hardly any simpler or cheaper than using mains power. It also brings up the situation of having your wireless estate on one VLAN and everything else on another.
4 - Strength in numbers
More APs is almost always better than trying to increase signal strength. It does have implications for management, though.
Businesses taking their first steps beyond a traditional single-line DSL router often have a hard time converting to a setup where access control and data routing are entirely separate jobs from the business of managing radio signals, advertising services and exchanging certificates.
How you handle it depends - at least partly - on what sort of access points you've chosen. Some firms opt for sophisticated devices that can do all sorts of things for themselves, while others favour tiny dumb boxes with barely more than an LED and a cable port.
The larger your network grows, the more sense the latter type makes: you don't want to be setting up a dozen APs individually, you want them all to be slaves to a central management interface. That's especially so if you need to service a site with peculiar Wi-Fi propagation, handle a highly variable load or deal with a large number of guests wandering in and out of the office.
5 - The temptation of SSO
Single sign-on (SSO) is something of a holy grail in IT. The idea is that users should only have to identify themselves once during a normal working day, no matter how many systems they access.
It's not too hard to achieve when it comes to Wi-Fi access, but it's not a very slick system, on either the network side or the clients'. The bit of the Wi-Fi login cache that handles SSO, and decides if a password saved in a web page can be used to sign in to a particular WLAN, is also the bit that gets sniffed by hotel Wi-Fi systems to tag a single location as "definitely my home" and overcome all other applicants for the tag: set this attribute on your Wi-Fi for guests at your peril.
And while it sounds attractive to have to enter just a single password - after which a portfolio of machines, routers and cloud services will recognise your user as already validated - the reality isn't as great. For one thing, people are used to typing in passwords these days: it isn't a scary techie ritual any more. You don't need to shield them from it.
Then there's the continual and unresolvable fight between vendors as to who owns the authentication database itself. Nobody with a real job to do could possibly keep up with the in-depth technical mastery required to shift from one authentication mechanism to another - but that doesn't stop various players from trying to tempt you to take up their system or proprietary architecture. The result is an unwelcome chunk of extra complexity for you to master.
6 - Beware compatibility gotchas
On the subject of proprietary approaches, it's a fact that many base stations and Wi-Fi enabled devices just don't work together.
Sometimes the problem is about range, or about contention (how many devices in total you can get into one repeater) or concurrency (how many devices can communicate at the same time). Other times it's an idiosyncratic firmware issue, or some quirky issue with certificates on one side of the conversation, which renders the other side effectively mute.
I've seen plenty of firms run into these problems, and the result tends to be cardboard boxes full of phones, still with months on their contracts but unable to connect to the company WLAN since the last upgrade. It's not a good look for the IT man in the spotlight: "You've broken the Wi-Fi!" is an accusation that always seems to come from the best-connected, least calm member of your company.
The real solution is to acknowledge the reality of compatibility issues, and plan for them. You don't have to delve into the technical minutiae of your shiny new service, but you do need to work out how, and for how long, you need to keep the old one running in parallel to sidestep any generational problems. Thus, your warehouse barcode readers can keep connecting to the old SSIDs, while new tablets and laptops can take advantage of the new Wi-Fi.
If users are educated about this "sunset management" then hopefully they'll feel their needs are being respected, and legacy devices can be upgraded at a manageable pace and at a convenient time.
7 - Manage those guests
One pervasive idea about Wi-Fi is that it can and should be "free". It's a lovely vision, and it has perhaps helped push the telephone companies to cheapen up roaming data access - but within a business it's a needless indulgence that makes it difficult to fully secure your IT portfolio. After all, it's your responsibility not to get hacked, nor to facilitate someone else's hack; opening up your network to all and sundry, with no questions asked, is hardly a good start.
That doesn't mean you can't let visitors use your network at all - but it does mean you should give them managed guest access. Think about how much bandwidth you want guests to have, and what resources you want to let them access. Do you want to treat staff and their personal devices as if they were visitors, or do they get a different level of service?
8 - What about cloud management?
The bigger your network grows - the more users, APs and network resources it embraces - the more important management becomes. And it's not just about convenience but, again, security.
Our own Jon Honeyball became a fan of Cisco's cloud-based Meraki management service when it enabled him to see that over 3,000 new devices had tickled his wireless perimeter in a week. It's a statistic that makes for instant decisions in boardrooms. It's very unlikely that all of these contacts were malicious. Most were probably just cars driving past with Wi-Fi-enabled phones.
Spotting the difference is where threat-detection systems really start to sort themselves into sheep and goats, and that's something you can operate in-house: you don't absolutely have to run all your devices from a vendor's cloud service layer. Your local resources, like separate DSL lines and routers, already sit behind cloud-aggregated, collectively managed base stations.
If you're in a business that doesn't touch the Wi-Fi from one year to the next, cloud management may hardly matter at all. And while a cloud-based solution may seem to offer security advantages, it's still necessary to protect your own network, so it's not as if you can forget about security. Advanced password management for both users and administrators should be an absolute must for any cloud-managed Wi-Fi campuses.
9 - Upgrade your devices
Upgrading your wireless infrastructure is well and good, but all the top-end networking hardware in the world isn't going to make much of a difference if the devices your employees are using can't take advantage of it. Not all wireless technology is created equal, and newer standards like 802.11ac and MU-MIMO allow for much higher theoretical speeds than the older 802.11n standard.
If the fancy new wireless kit you've invested in isn't delivering the breakneck speeds that it promised, there's a decent chance this is why. If the adapters are wireless cards that your endpoint devices are using to access it are beyond a certain age, they simply won't be capable of reaching the network's maximum speed threshold.
Of course, there's no guarantee that they'll reach the theoretical maximum even if they do use the most recent standard - that can depend on factors like the number of antennas, the range and the signal interference - but if they're on an older standard, then you've got no chance.