Monthly Archives: June 2015

Three Best Practices for Maximizing Wireless Network Performance

Last month, we launched the Pakedge WK-1,  a 802.11ac high performance wireless access point (WAP). Like the Pakedge W7x WAP before it, the WK-1 supports devices that operate on both the 2.4 GHz band and the 5.0 GHz bands.

A common question we get from our customers, especially those coming from single band (2.4 GHz) systems, is how do I take advantage of the high performance offered by the WK-1? How do I know if I am utilizing the WK-1 to its fullest capabilities? In this article, we will offer best practices for better performance for your dual band W7x and WK-1 access points.

Before we start, let’s understand the advantages and disadvantages of the 2.4 and 5.0 GHz bands. The 2.4 GHz band has been in use for many years, beginning with the 802.11b standard. As a result, many wireless and mobile devices, including laptop computers, streaming AV devices, control system devices, security cameras, etc. still operate on and support this frequency. The 2.4 GHz signal can penetrate walls and other obstacles and offers a better coverage range than the 5.0 GHz signal. Unfortunately, the 2.4 GHz band is also congested, has three non-overlapping channels and susceptible to degraded performance due to interference. In addition to sharing the band with the many wireless 802.11 based devices, it must also share the band with other non 802.11 based devices, including microwave ranges, cordless telephones, baby monitors, Bluetooth based devices, and Zigbee based devices. In contrast, the newer 5.0 GHz band has 23 non-overlapping channels  and enjoys an uncongested RF environment as there are currently few devices that operate in this spectrum (for now). However, the 5.0 GHz signal doesn’t offer the same coverage and range, nor does it penetrate walls and objects as well as the 2.4 GHz signal.

wireless_interference

Illustration by geek.com

Though Bluetooth, which runs on the 2.4 Ghz band, operates on a frequency hopping spread spectrum to reduce interference it does still impact the RF environment. As Bluetooth becomes more common, this minimal interference adds up. Illustration by geek.com

With an understanding of the differences between the 2.4 GHz and 5.0 GHz bands, let’s proceed to the best practices.

Best Practice #1 – Assign different names for your 2.4 GHz and 5.0 GHz SSIDs.

A common practice among network technicians is to set all the WAP SSIDs within a project site to the same name. This enables you to connect to “one” network, and allows you to move from access point to access point throughout the site with one set of login credentials. The client device selects which access point to connect to on the basis of signal strength. As the mobile device roams from one spot to another spot, it detects the new signal and compares it against the signal strength of the existing access point it is connected to. If the signal strength of the new access point is stronger than the other, the device will disconnect from the old one and connect to the new one. In areas where the signal strength between the two access points are nearly the same, the device cannot always decide and may alternately connect to one, and then the other.

This is further complicated in dual band networks when technicians assign the same name to both the 2.4 GHz SSIDs and the 5.0 GHz SSIDs. While this facilitates connecting to “one” network, the user has no control and visibility of which access point the device is connected to, as well as which frequency band it is operating on. For example, the user may want to connect the device to the 5 GHz SSID but is unable to because he sees only one SSID for the entire network. The choice of the which access point, and which frequency band to connect to, is then left to the device. Many of the wireless performance problems can be traced to the device’s improper selection of the frequency band.

In order to regain control and visibility, it is best to assign different names to the 2.4 GHz and 5.0 GHz SSIDs.

Best Practice #2 – Move compatible devices to the 5.0 GHz band.

Imagine driving home from work and getting caught in a traffic jam. No matter how fast your car is, you can only go as fast as the car in front of you, and the car of in front of that car, and so on. Now imagine if you get on the same highway during rush hour, but there is a dedicated traffic lane only for you, and no one else. With no one in your lane, you can go as fast as your car (and your driving abilities) will allow you to go.

In a wireless network, the number one cause of slow performance is interference. Putting a device on the 2.4 GHz band is like driving a car on the highway during rush hour. Putting the same device on the 5.0 GHz band is like driving on your own dedicated traffic lane, free from other traffic.

Whether you are installing a new wireless network or managing an existing one, it is important that you put the devices on the right band. Identify all 5.0 GHz compatible wireless devices, and set them to connect to the WAPs at that band. Although some devices only operate on the 2.4 GHz band, identifying and moving the 5.0 GHz compatible devices will allow the devices to operate more freely.

Best Practice #3 – Design your wireless network around the smaller footprint of 5.0 GHz band.

In order to take advantage of the performance gains offered by the 5.0 GHz band, design the network around its smaller coverage footprint to ensure full wireless coverage throughout the project site.  A typical 5.0 GHz optimized network requires 1.5 times more WAPs than a corresponding 2.4 GHz network for the same coverage area. For example, if 10 WAPs are required to cover the site operating at 2.4 GHz, then approximately 15 WAPs are needed for an all 5.0 GHz band network. The actual number may be reduced somewhat through smart design and layout, but the fact remains that more WAPs are needed to support an 5.0 GHz optimized network.

If you design the wireless network around the 2.4 GHz band and its larger coverage footprint, it will leave coverage gaps when you try to operate devices in the 5.0 GHz band. As a result, these devices will never reach their true performance capabilities because they are operating in a suboptimized environment.

Network Security Audit/Checklist

This is a supplementary resource for our Best Practices for End-to-End Network Security Webinar which aired on 6/25/2015. The following link is a replay of that webinar.  The Network Security Audit/Checklist is shown below.

If you have any questions, please contact us at:

(650) 385-8702  |  sales@pakedge.com

Guiding Principles

  • There is no magic silver bullet that fixes all the security vulnerabilities.
  • Security protection is not a “once and done” thing. It is a process that needs to be continuously evaluated, updated and implemented.
  • Think about security holistically – protect against all four vulnerability areas, not just the technology aspect of it.
  • Think about security protection in layers – some things are basic, some more intermediate, and some advanced. Some things should be done now before other things can be done.

When approaching problems and searching for solutions consider people, processes, and technologies.

  • People – Who has access? Are they educated about best safety practices? Should I only give them limited access?
  • Processes – annual security audit, update firmware, update passwords, enforce policies
  • Technologies – hardware, software, applications

compromised-networks

Network Security Audit/Checklist – Beginning

  • Review inventory against last recorded list of equipment. Verify brand, model, serial number, MAC address and IP address (if known) of equipment.
  • For equipment added since your last visit (that is not on your list), record brand, model, serial number, MAC address, IP address (if known), and what port it is connected to.
  • Review your port list, and verify that the port/device are unchanged. If they have been changed, record it and check to see if it is on the proper VLAN.
  • If this is the first time making an audit, record the following:
    • Device type, brand, model, serial number, MAC address
    • What network device it is connected to, port on network device it is connected to, VLAN device is on, IP address
    • Firmware version
    • Location and wall port reference number
    • Date of audit

Hardware Check:

  • Check and update firmware on equipment as necessary.
  • Review the list of latest firmware versions available on the Pakedge dealer portal (for Pakedge network equipment only).
  • If there is no firmware update and equipment is known to be vulnerable, replace equipment with newer model.
  • Check and review hardware. Replace with new equipment if functionality requires it, if it is obsolete from a security perspective, or if support is no longer provided by manufacturer.
  • Check wall ports and unused ports in network equipment. Verify that they are connected to what you expected or to devices that were on your last documented list. Verify no new devices on unused ports.

Configuration Check:

  • Update website access control lists (whitelists, blacklists) as necessary.
  • Block unauthorized devices.Scan and identify wireless network for “rogue” devices and block access to network.
  • Update port forwarding.Review, add and remove devices that require port forwarding as needed.
  • Update Dynamic DNS (including Pakedge DNS) as needed.
  • Update Demilitarized Zones (DMZ). For routers with DMZ capabilities, review and update any devices to be placed in the DMZ.
  • Scan the network for unauthorized or rogue devices. Remove or block as necessary.
  • Disable unused ports. Switches, routers and wall ports.
  • Password protect sensitive files and folders. Review and identify files that are sensitive, and compartmentalize those to protected storage devices. Encrypt and password protect those files. Move them over to removable storage device that can be disconnected from the main network as needed.

Usernames and Passwords. Review User Administrator Profile information on devices (routers, switches, access points) and update your security on your devices (i.e. username and password information)

  • On 60C and/or 60D router models: verify that User section only has needed User Profiles set up for SSL & PPTP access.
  • On WAPs – update passwords as needed.
  • Guest networks (wired and wireless) – update guest network username and passwords.
  • Update VPN policies and passwords (as needed).

Verify devices connected to guest networks.  Confirm that devices meant for guest usage (desktop computers, terminals, televisions, etc.) are still connected to the designated guest ports. If those devices have changed locations, it may be necessary to reassign the ports or update the wiring connection at the switch to the guest ports.

  • Determine if guest access is necessary. If not needed, disable guest access.
  • Review firewall configurations and reports. Re-subscribe to existing anti-virus, intrusion protection and other security management services (if needed).

Client Awareness:

  • Discuss security network upgrade needs with customer, including:
  • Is there any consumer grade equipment in network that may require upgrading for better and scalable and performance, security or increased reliability?
  • Will the site be expanding in the next six months? Any construction planned?
  • Will the network be supporting more devices in the next six months?
  • If there have been more wireless devices being used, consider upgrading to later model WAPsto support the increased wireless connectivity needs.
  • Project may need to utilize multiple VLANs – evaluate a change to managed switches if there is multiple home automation systems and devices integrated into the network.
  • Discuss network security maintenance needs and planning with customer:
  • Review checkup results with customer
  • Discuss any security monitoring and maintenance needs, including any automated monitoring needs (with BakPak Cloud Management System).
  • Develop, update and add security audits and checks to your network monitoring and maintenance plan.

Using Remote Management Systems to Scale

AV integrators struggle to differentiate and diversify with managed services.

Over the last decade industry experts counselled that the future of AV integration was inextricable from information technology and that the ability to adapt to AV/IT convergence would make or break businesses. We now live and work in this era of AV/IT convergence and those competitors who failed to listen now teeter on the edge of extinction. Congratulations to those who succeeded and adapted, but now is not the time to relax.

“Margins on equipment sales – long the staple of traditional AV integration – are razor-thin or non-existent thanks to commoditization,” says Dawn Meade (CTS), an AV Nation Board Member and Director of Marketing at Net-AV.

“For decades, integrators have been giving away their time and services to make money on the equipment. Having trained customers of traditional AV to expect super-cheap labor and free engineering, it is near impossible to shift gears and still compete without some major shift in both internal-facing corporate mind-set and external-facing product offerings and marketing efforts,” adds Meade.

So how do integrators recover this loss of revenue? If you’ve been listening and paying attention to industry news for the last couple of years, you’ll know the answer is recurring revenue streams and managed services. If you’ve been missing out, read the 2015 CI: State of the Industry Report.

In an interview with InfoComm International two years ago, Sean Goldstein, Vice President of Marketing for Crestron Electronics said, “A lot of small and midsize businesses, all the way to the enterprise, are outsourcing what they term non-critical business functions, including IT. Why not AV and environmental systems? We think it’s a big opportunity. People are asking us for it because their clients are asking for it.”

In that same article Brian Grimes wrote that AV companies needed to differentiate their business by offering “a comprehensive suite of services.” More traditionally this could be achieved by physically providing on-site services where the AV firm’s employee might work at the client’s site, either full time or on-demand, and manage or service the client’s AV system. However, thanks to remote management systems, AV integrators have the means to provide support, monitor, troubleshoot, and manage networks as a service without having to send out a technician.

Meade explains that Net-AV began transitioning away from traditional AV integration back in 2013 and began to rebrand as a technology services provider specializing in AV.

”Over the past two years, we’ve been laying the necessary groundwork to make this transition a viable, profitable reality for the long-term growth of our company. Part of that groundwork was evaluating managed service offerings from various manufacturers to determine which products and offerings best fit our corporate philosophy and our clients’ needs.  One of the offerings we are including in our managed service product line is thePakedge BakPak,” said Meade.

pakedge large image

The BakPak Cloud Management System is robust and offers many features that have simplified installation and management and helped provide Net-AV customers with peace of mind, according to Meade.

“The dashboard, alert system, and customizable reporting allow us to give our clients useable metrics on their systems’ performance and a means to see the value in our services. This visible ROI for customers makes selling additional managed services and recurring contracts much easier.  Plus, we know that the BakPak will easily communicate with the other Pakedge products we use on projects – routers, switches, managed power, etc. – so we don’t have to worry about compatibility issues,” she added.

The Net-AV director of marketing described how the Pakedge cloud management service gave Net-AV a competitive edge by empowering their networks with device self-healing, detect & repair, auto discovery and mapping. Services such as these obviously require some investment – for example the Pakedge BakPak requires a NP-36 network patroller and licenses – but these costs can be rolled over to the clients as managed service subscriptions.

“It is intelligence that really sets BakPak apart from other cloud management systems,” said Dr. Marc Ilgen, Vice President of Software Development at Pakedge. “We’re trying to incorporate the same type of computational intelligence used in aerospace and intelligence technologies and give it purpose for everyday uses. The best part about BakPak is that all of that all of this comprehensive tech is accessible in a really attractive, clean, user-friendly interface.”

Though seasoned AV integration executives who understand the value of service will have designated a special department separate from their installation team, they might not offer full-fledged managed services. “Top-tier AV integrators understand that they need a recurring revenue stream and that it requires investing a decent amount of money,” explained Rob Gilfillan, President of Cenero, a service based AV integration firm in an InfoComm report.

If dedicated, AV integrators could make major returns on investment with managed services, but too many are still afraid to take the leap and struggle to understand how to scale in this direction. But with products like the Pakedge BakPak and resources like those available on InfoComm International or in Commercial Integrator’s White Papers and webcasts, integrators have little excuse.

For more steps on how to begin scaling with managed services check out The Case for Managed AV Services or begin by inquiring about remote management systems like Pakedge’s BakPak.

Check out Pakedge’s BakPak resource page for more information about the Cloud Management System.