Make OFDM Great Again

So 802.11ax promises to “reinvent” our dear OFDM technology and bring us to a new promised land of OFDMA. Fly your wireless networking expert flag with pride with this t-shirt!

https://www.zazzle.com/make_ofdm_great_again_t_shirt-235065886507498299

Capture

No, that ain’t me wearing the shirt sadly.

Pitch for NGFW

Cyber-crime is big business – the average cost of a breach is between $3.8 and $4M in 2016 –  and as the stakes rise, digital threats are adapting and evolving to find new ways into your datacenter. Legacy network security systems that only filter by port information at the network perimeter can no longer provide adequate protection.

Attack methods are changing on several fronts:

  • Evasive applications that hop between ports are becoming common, so if your firewall screens traffic by port number alone you are open to a lot of risk.
  • Traffic is often encrypted, making it difficult to tell if traffic is benign or malicious.
  • SaaS applications are on the rise, increasing 46% from 2012 to 2015, and they are often used without sanction by the IT department.
  • Your users are targeted through phishing schemes and seemingly innocuous emails are constantly sent that hide malicious content.

Once someone has breached your perimeter, they can install malware and move through your virtualized environment to find sensitive data. If your firewall is only located between the web and your internal network as a routing point, it will not be able to detect this threat rummaging through your data center – you may not even realize that you have unwelcome guests!

Thankfully, firewall technology has made advances to keep up with these threats and Edge Solutions has partnered with several next generation firewall providers to help keep you safe.

So what is a next generation firewall (NGFW)? An NGFW is able to inspect traffic beyond IP address and port number – it can scan all the way up to application level data! This means that if you have a malicious application attempting to hide itself as web traffic, you will be able to identify the application signature and stop it before it can break into your network.

Using this higher level of visibility and intelligence, an NGFW can implement additional services. Streams can be analyzed for viruses and attack patterns. DNS filters can be put in place to ensure that users don’t wander into unsafe territory and to keep data from being extricated to remote sites. Certificates can be installed to provide decryption services and lower the amount of “unknown” traffic. In some cases, vendors can even provide a cloud-based sandbox environment to test any unknown files for threats, providing zero-day threat resilience.

This technology can be deployed across your network – at the perimeter, the branch office, mobile endpoints, the data center, and even within your virtualized environment to provide microsegmentation – and it is often managed easily through a single software application.

If you’re interested in learning more about moving to a true next generation firewall or if you’d like a complementary personalized threat assessment of your network traffic, please contact us today!

The “Wireless Workplace”

Mobile devices are really changing everything – how we communicate, where we work, how readily we can find information, and more. The majority of people in the US own between 3 and 4 mobile electronic devices, and most of these devices don’t even have the option to use a network cable. It’s just easier not to have to plug in somewhere. What if you could free your employees to use a wireless connection as their main form of connectivity even while they are at work, while still preserving your needed network performance and security?

This is a very real possibility today. The concept is enticing on several fronts. First and most importantly, it gives your employees a lot of flexibility. Most employees are already using mobile devices, including laptops, tablets, smartphones and more. So why have them tethered to a specific desk? With a robust wireless workplace design in place, your employees can work anywhere and meet with anyone literally anywhere. Finally, if the office needs to be re-arranged, you don’t have to pay contractors to run new cables and rewire each desk!

Benefits of Working Wirelessly

This can lead to significant cost savings. For example, American Fidelity Assurance moved to mobile-first network design and saved over $700,000. California State University found that only half of their wired ports were being used across their 23 campuses and moved toward a design that emphasized wireless connectivity and saved $30 million on their network refresh.

Downsides of Working Wirelessly

People tend to like their privacy. While the wireless geek in me likes the idea of fine tuning an RF fabric to the point where wires are no longer a necessity, don’t go overboard on the “open office floor plan.” Remember that sound carries, background noise can really lower the perceived professionalism on a conference call, and everyone likes to have a place they can call their own.Just because you move to an all wireless network doesn’t mean that it’s a great idea to buy a bunch of beanbags and call it a day.

Technology Advances

An all wireless office  is possible through recent wireless advances like 802.11AC, which brings gigabit speeds to wireless clients, and 802.11AC Wave Two, which introduced MU-MIMO and made single stream transmissions more efficient. However, it’s not enough to simply put up several new access points and call it a day. Wireless technology is resilient at the core, but proper design is still critical.

Considerations for a Wireless Workplace

If you’re interested in moving to a wireless environment, there are several things to consider.

  1. You should understand that wireless is a shared medium. Think of it like a grouping of two-way radios. If someone is holding down the transmit button, no one else can speak until the channel is free again. Only one person can transmit at a time and everyone has to wait their turn! That’s exactly how an enterprise wireless system works behind the scenes. The more clients you have connected to a single access point, the less broadcast time they each will get. For that reason, it’s better to design for capacity rather than raw coverage and it’s important to have a good idea of where people will congregate.
  1. Wireless networks operate in two unlicensed spectrums – 2.4GHz and 5.0GHz (ISM and U-NII, respectively). The great thing about unlicensed spectrums is that you don’t need to pay any license fees to use them, but that means that anyone and everyone can do the same. Remember the first point that wireless is a shared medium? Well, chances are good is that there’s already RF noise in your office, especially in the 2.4GHz spectrum. It’s often generated by wireless security cameras, Bluetooth systems, microwaves, and neighboring wireless systems. I don’t say this to discourage you – issues like this can be designed around by making intelligent channel selections – but it’s important to have someone come in to your location and take measurements on the existing wireless noise so your channel plan can be built for your unique environment.
  1. While the access point selection is important, the wireless clients implemented are just as important. If your access points support 802.11AC, and your wireless clients support 802.11AC in both the 2.4GHz and 5.0GHz spectrums, you have a good shot at getting great transmission speeds. But if you have older wireless devices that can only support, say, 54 Mbps with the 802.11g standard, they will not transmit at gigabit speeds regardless of the capabilities of the access point. Instead, the access point itself will downshift to their slower standard so they can communicate. This will work without issue as backwards compatibility should be present at the AP, but it will slow down your overall performance. Be sure that you know what clients you will need to support in your environment and adjust as needed!
  1. Considering security is a must. Wireless security has come a long way since the days of the WEP standards, so chances are almost non-existent that a malicious outsider will be able to break directly in through your wireless network. However, if an authorized employee brings an infected laptop to the office and puts it on your corporate network you could still be in trouble. It’s important to define a company policy for BYOD (bring your own device) and set strict security parameters, not just around the employee but around the device they are using on your network as well. This is fully possible with a network access control platform like Aruba’s ClearPass or Cisco’s ISE.

To summarize, the all-wireless office is a very real possibility and a well-made RF fabric can be a great asset to any company, but proper design is critical. Thankfully, there are many tools available to ensure that your transition to a wireless workplace environment is painless and smooth. I hope that this article has given you a few things to consider as a starting point.

SD-WAN Solutions

Tin Can String

Below is a rough “marketing blog” that I wrote for Edge. Forgive some of the marketing speak, but I wanted to share this here as SD-WAN is a big hot topic with a lot of exciting potential. If you want to swap ideas and compare notes… hit me up!

BEGIN TRANSMISSION—–

Is your wide area network a source of stress? Office boundaries are blurring as campuses evolve and expand, more and more services are being stored in a centralized location, and just about everything is moving to the network, making wide area network connectivity a proud member of the “mission critical” realm. Without a well-designed WAN you are sure to have some headaches!

There are two predominant WAN solutions out there today – MPLS packaged with related services like VPLS, and a network of point-to-point VPN tunnels over the internet. Each has their own advantages and drawbacks. For example, MPLS can offer a higher level of guaranteed service and can host a variety of services like Metro Ethernet but it can be expensive. VPN tunnels over internet are more affordable but because they go over the internet they can be more susceptible to jitter and disruption, and managing a full mesh of VPN tunnels can be a hassle without the right hardware and an ADVPN based or similar solution. The standard “Hybrid WAN” approach balances these options by bundling the two services together and routing traffic across the links via policies, often using MPLS for critical traffic and a larger broadband link for less sensitive applications.

This standard static routing definition does leave something to be desired. First, you are still paying a substantial amount for the high performance circuit. On average, a private WAN subscription will cost 10x more per Mbps than a broadband link. Second, you are often paying for bandwidth that you aren’t using … even though a broadband pipe can be sized up to multigig speeds, it is often underutilized because it has a bad reputation for being less stable. However, broadband internet is improving and in some cases is able to offer latency that would be acceptable for mission critical applications. What if you could closely monitor the performance of that broadband link and intelligently use the excess bandwidth for your prioritized traffic, but only when the health of the pipe meets your application’s criteria? A software defined WAN could give you that capability.

The world of SD-WAN has emerged to solve classic WAN problems like the ones listed above. Manufacturers have different definitions for SD-WAN technology, but the underlying intent is the same – to simplify your wide area network administration and utilize your bandwidth more intelligently. This can be done through a variety of methods. Some manufacturers provide hardware that coordinate tunnel creation through a management platform and gather real time link health information so traffic is sent down the best path. Some companies do this via a software platform that can be installed in a public cloud like AWS, allowing for easy migration to a hybrid cloud model. Some remove all responsibility from your premises and provide peering locations on the web that take over the WAN for you and get the traffic where it needs to be. Several manufacturers are capable of monitoring each individual packet as it traverses the WAN and collecting real time telemetry, allowing for packet by packet forwarding decisions, millisecond failover between links, and session continuity even in link failure. Even better, with the level of insight and QoS that the telemetry can provide you can start moving away from expensive MPLS subscriptions entirely and instead start bundling multiple broadband links together to provide a resilient WAN. The desired result is a seamless and high performance WAN that can support the new generation of collaboration tools.

There is no “one size fits all” SD-WAN solution, as every network has its own unique set of requirements and challenges and every manufacturer has their own take on this new technology. But that’s why Edge is here to help. If you are interested in learning more about how you can use SD-WAN to lower your bandwidth bills and enhance your user experience give us a call!