Each year a considerable part (up to 30% in some cases) of IT budgets is funneled towards device troubleshooting. It is no surprise therefore that after security, maintaining lean operational efficiency is the next most frequent concern regarding enabling a BYOD (Bring Your Own Device) model.
Suppose you have allowed personal devices to connect on your corporate network, and you get a helpdesk call from a disgruntled employee that can’t access certain resources. How would you go about addressing the issue? In this video, Saurabh Bhasin, Product Manager of the Cisco Prime Network Control System (NCS) – a newly launched platform for unified wired and wireless network management – answers the troubleshooting question.
Allowing personal devices on the corporate network can make any IT professional cringe. Security is naturally a top concern – and the topic of today’s blog.
One dimension of security is about enabling network access. To do that properly, you would need to design and enforce a mobile device access policy, which may include attributes such as: what the device is, who the user is, where and when access is requested, and the health (posture) of the device. Another dimension of security is about maintaining overall device integrity regardless of the network (corporate or otherwise) it connects to.
In this video we only address the first. Cisco’s solution is based on a newly launched product, the Cisco Identity Services Engine (ISE). Watch the video to learn:
What is the Cisco ISE?
Can I treat corporate devices differently from personal ones?
What about guests in the organization, do I need a separate system?
Hope you found last week’s inaugural blog on the “Tablet Welcomed.” series interesting enough to come back.
Today, I am sitting down for an interview with Brett Belding, who was instrumental in designing a mobile device access policy for Cisco, in his role as the Senior Manager of IT.
I met Brett over Cisco Telepresence one early morning (when I typically I am still asleep, let alone in the office) to accommodate his Eastern time zone schedule. For the videophile readers, I should say that I pointed my camera directly to the Telepresence screen, which is why you may notice my reflection at certain points. However, this amateur video alone could be a case study for the quality of Cisco Telepresence.
Eighteen months ago, when the original Apple iPad was announced, I posted a blog here posing a simple question: “Apple iPad, in the enterprise?” The obvious answer, to me at least, was a resounding “Yes”. Today, it seems that professionals and employers alike would agree. The former like to bring and operate their own devices at work, and the latter are buying these devices to boost employee productivity.
In this six-part blog series titled “Tablets Welcomed.” I will be posting short video clips (3 questions in 3 minutes) of interviews with Cisco leaders, that walk you through the Cisco solution for providing access to any device, securely, reliably, and seamlessly.
Today, I am talking to Tom Wilburn, Vice President of Sales for Cisco Wireless, who has experienced this market transition firsthand. Watch Tom here as he answers:
- How has the influx of new mobile devices changed IT?
- What are the consequences companies need to confront?
- What are some compelling tablet use cases?
One of the key tenets of engineering is to reduce complexity, but in doing so it is important to understand the implications. While we might try to view one technology as it relates to another to help us simplify the details, it is important that we recognise how and where they differ.
Case in point.
When it comes to wireless networks, I often talk about how there are two questions I dislike being asked more than any others:
How many clients can connect to an access point?
What is the maximum range of an access point?
The reason is that I believe they are the wrong questions. They are being asked from perspective of someone trying to relate to a wireless network as if it were a wired network. What they are really asking is “how many switch ports do I need to cover this area?”
But wireless networks are not switched networks. While each connected device in a wired network has its own physical cable, and thereby its own gigabit Ethernet link, in a wireless network, every device connected to a particular access point shares the same RF spectrum, the same total available bandwidth.
For a standard access point in today’s deployments, that means a maximum total bandwidth of 144Mbps on the 2.4GHz band with a 20MHz channel and 300Mbps on the 5GHz band with a 40MHz channel using channel bonding.
But that is an over simplification.
Those aggregate bandwidths assume each client is connected at the highest available data rate. As we increase range, however, the data rate decreases, thereby reducing the overall channel utilisation. Therefore, with fewer access points, we are not just sharing a limited amount of bandwidth with more clients, but we are actually reducing the total available bandwidth.
Interference, particularly as access points cover larger areas, becomes an even greater issue. An increase in the signal to noise ratio leads to a decrease in the maximum sustainable data rate. This again reduces the overall channel utilisation. The key here is that a wireless network’s ability to not only detect, but where possible mitigate interference is critical to its ability to sustain higher data rates and maximise the total available bandwidth in each cell.
All this assumes that the wireless clients connecting to the network are even capable of supporting those high data rates.
Most smartphones on the market today support only 802.11g in the 2.4GHz band, meaning that at most they can support 54Mbps.
Newer devices, such as the iPhone 4, support 802.11n, but only in 2.4GHz, and only with a single antenna, limiting them to a single “spatial stream”—in simple terms that means the maximum data rate they can support is 72Mbps.
This applies to tablet devices as well. While the new iPad2 supports 802.11n in both the 2.4GHz and 5GHz band, it too is limited to a single spatial stream. The Cius goes one step further with support for channel bonding in 5GHz, increasing the maximum data rate to 150Mbps.
Interestingly, we are now starting to see new access points enter the market using Atheros’ first-generation silicon supporting three spatial streams. While this increases the maximum data rate in the 5GHz band to 450Mbps, as we have just seen, this will have no impact on the multitude of mobile devices given their single spatial stream limitation.
Three spatial streams represents a key milestone for the 802.11 standard, and will become increasingly important over the next 2 to 3 years as battery technology improves and wireless chipsets incorporate better power saving designs. Of course, by that time we will be looking at access points supporting four spatial streams and 600Mbps—and again, be waiting for the mobile devices to catch up.
As we look to support these many different mobile devices entering the market today along with their high bandwidth applications, clearly the two key areas we must consider in our wireless network designs are access point density to control cell sizes, and interference detection and mitigation capabilities to ensure that we maximise the channel utilisation in each cell.
And so, I’d like to propose two different questions to consider at the start of a wireless deployment:
How many different devices do you expect to connect to the wireless network?
And what are the applications that will run across the network and what are their associated bandwidth requirements?
Wireless and wired networks fundamentally differ at the physical layer. While its not necessarily important to understand the details of RF communications, it is important to understand the implications.