Mitigating Wireless Chokepoints
*Metaphors aside, it probably goes without saying that office workers are running on more bandwidth these days. More than ever, in between bouts of actual office productivity, desk jockeys are using their systems and mobile devices to shop, play games, stream movies, music and more.
But what happens when personal entertainment habits begin to trump actual work-related office apps when it comes to competing for office bandwidth? It could mean an important executive videoconference call only functions in fits and spurts. Or perhaps it’s elongated wait times during a WebEx presentation that’s being viewed by 100 potential customers.
On a wired network, this problem can be easily rectified by throwing more bandwidth at the problem and providing LAN users dedicated gigabit links to their desktops to remove competition at the chokepoints. In catastrophic situations and worm outbreaks, IT personnel know exactly which Ethernet cable to pull. But it gets a little trickier when a wireless network is inserted into the equation.
“The requirements have changed in terms of data needs,” says Koroush Saraf, Fortinet senior director of product management. “The challenge is that, as more devices are getting on wireless, especially with the proliferation of new devices such as tablets and smartphones, wireless has gone from being a nice to have, to essentially a necessity.”
But problems arise when everyone is competing for the same piece of the wireless network pie.
“The new wireless phenomenon harkens back to the early 90s where we had Ethernet hubs,” Saraf says. “The problem with those hubs was that as network demands increased, there was not enough bandwidth to carry all the data that enterprise wanted to carry.”
Fifteen years ago, an organization’s wired network could add throughput by transitioning away from shared to switched Ethernet to provide dedicated bandwidth to each user and increase performance.
“With wireless, because it is always a shared space, that approach doesn’t apply,” Saraf added.
In fact, the overall impact to wireless networks is that they often become bogged down or “choked,” resulting in latency that can cost organizations precious productivity time, and translates into an endless source of frustration for workers.
The good news is that there are ways to mitigate the problems created from the increasing slew of bandwidth-hungry applications and armies of app-happy users in a wireless environment, Saraf says.
To meet increased bandwidth demands, organizations could create more access points and user channels—an endeavor that promises to be costly, time consuming and challenging to troubleshoot for any company.
A more cost effective approach involves visibility and awareness provided by some type of application control technology, Saraf maintains. Organizations need a way to assess which applications are traveling over the wireless network as a basis for setting subsequent rules and policies. Once that traffic is assessed, IT administrators will then need the tools to allocate it to the appropriate channels. For example, if a user’s WebEx or remote desktop traffic is hampered because someone else is watching a Netflix movie, then rules could be created that would prohibit or limit movies and games during business hours and give strict priority to business traffic.
“In the old days, it was common for people to say the network is slow, but we hear that less and less for wired LAN” Saraf says. “With wireless, people say the network is slow because of all the stuff that’s happening on the network. IT has to ensure the right bandwidth is being allocated to the right person and right application.”
Visibility is also an important factor when mapping out wireless network strategy. Being able to see into every corner of their IT environment allows an organization to truly assess what is running on their network and ensure unfettered access to business-critical traffic while restricting or limiting all other unnecessary apps.
“The ability to detect all of the applications running on the network helps IT see what kind of applications are coming through and who is sending them,” Saraf says. “Built-in application packets can be applied that will raze unwanted applications and keep bandwidth to business applications.”
If someone takes exception to those rules, then IT needs to have the tools readily available to allow a particular user, or group, to do things differently, he adds.
The same concept applies to malicious applications, often accessed unintentionally, by workers on the corporate network. Historically with wired networks, organizations could mitigate security issues by pulling a cable. But over the wireless network, organizations will need to rely on blacklisting and location tracking technologies that will automatically block any harmful traffic and pinpoint the location of the offender. Meanwhile, intrusion prevention is also crucial in detecting any abnormal behavior–such as a huge spike in traffic that would spur a DDoS attack–and mitigating threats in real time.
“To be able to have high confidence in application visualization, the wireless controller needs to employ DPI deep packet inspection technology, and apply packet shaping to each wireless session. Also a dynamic dashboard is needed to point out the top sessions and users for your management,” Saraf says. “It’s more than just IP connectivity.”