Network management Toolkit

Deployment guidelines for WLANs

Ken Dulaney Gartner

Published: 19 May 2004 12:30 BST

What you need to know
As more vendor choices become available, wireless local area network (LAN) deployment can be a confusing endeavour. As a result, enterprises must develop comprehensive, enterprise-wide LAN and WLAN integration plans. Single vendor deployments can simplify the approach, as can overlay systems that separate basic IP connectivity from security, management and functionality. Enterprises that follow our guidelines will experience lower costs over the lifetime of a network installation.

Analysis
Many of our clients are deploying wireless LAN (WLAN) technology at various locations in diverse environments. Here, we provide guidance on several of the most-common deployment issues.

Architectural considerations:
The rapid proliferation of choices for WLAN deployment can make selection difficult. To make the correct choice, you must first develop a plan that covers factors such as costs, applications, degree of compliance enforcement, service levels, future growth needs and technology.

Small offices -- With a requirement for only several access points, stand-alone access points connected to a local switch or directly to the WAN connection are the most-appropriate option. Security can be addressed by using Wi-Fi (Wireless Fidelity) Protected Access (WPA) to the local access point, which, in turn, is connected to a private network or via a virtual private network (VPN) over an unsecured connection to a central security system. Management can be accomplished by one of many third-party tools -- or by "brute force" using internal trained personnel.

Remote midsize offices — When it is necessary to equip midsize offices with more than five access points (an approximate crossover point), it makes sense to distribute some of the functionality of a WLAN architecture to reduce deployment and long-term management costs. Two general choices are possible: One option moves the security back to a local controller with full authentication privileges; the second employs a hybrid mechanism in which authentication is done locally (typically, re-authentication only), as well as remotely. Other architectures include a distributed controller at the remote office combined with another at the head office; this design is positioned on the continuum between the first two approaches.

Deciding how much to distribute is bounded by the costs of the network back to a central resource, propagation delays, bandwidth constraints and staff aptitude regarding the management of local equipment. Centralisation is generally a better approach cost-wise, but performance issues may lead to a distributed approach.