envelope-ofacebook2linkedinsearchtriangle-downTwitter_Logo_White-on-Bluetwitter

Internal Network Guidance

After you have planned your broadband upgrade, the next task is ensuring all your schools have robust internal networks and Wi-Fi coverage. It can be a daunting task to purchase, implement, and maintain a wireless network. However, by taking some time to thoroughly plan your upgrade and make smart purchasing decisions, you can perform an effective upgrade on a reasonable budget.

Designing a Network

  1. Determine whether you want to manage the network internally or outsource this in the form of a managed service.
    Recently, Managed Wi-Fi has become a more prevalent service; this can be a good option for districts lacking a tech staff. If you choose this service, this shifts design and operation responsibilities to your vendor while you still provide the requirements for the network.
  2. Design from the top down, but install from the bottom up. FIRST:
    Think about your users such as students and staff. What quantity and types of devices will they be using? What educational and business applications will be used? Additionally, think about the different grade levels, their class schedules, and where they congregate the most. This will help you figure out what type of Wi-Fi infrastructure you need, which will determine your wired network requirements, and finally determine structured cabling requirements. This is what it means to have a ‘Top Down’ design approach – ensuring that every decision made along the way are always centered around the needs of the users.THEN:
    Build it from the ‘Bottom Up’: structured cabling, switching/routing/security, wireless. Of course, you can implement each part in parallel as part of the same project. The point is to ensure that each part of the network is reliable and not a bottleneck before implementing another part that relies on it.

    This design process is very similar to another one you’re likely familiar with. When your district is going to build a new school, they first think about what grades will be there, how many students and staff it should hold, and what type of curriculum will be going on. The school is then designed around those needs. Once construction commences, the foundation is laid, the building is framed, walls and floors go up, the interior is built out and furnished, then finally people move in. A network is the same way: structured cabling and wired equipment are the foundation of a good wireless network. The latest APs are not going to perform very well if plugged into outdated cabling and obsolete switches.

  3. Wireless Access Points
    In order to choose the right wireless APs and controller for your needs, you need to ask yourself a few questions:

    • What kind of wireless system do I have now? (enterprise, consumer, or mix)
    • Is it easier to access recurring (cloud-based) or one-time (hardware-based) funding
      in my district?
    • How do I figure out how many access points I need and where they should be installed?
    • What materials is my school constructed from? (e.g. concrete, lathe and plaster, etc.)
    • What wireless standards do your current clients use?
    • What is the refresh cycle of devices?

    The answers to these questions will ultimately help you decide what type of APs to purchase. As of mid-2018, the current standards are:

    However, the important takeaway here is that your device lifecycle and what type of network traffic is being generated should drive the type of APs you purchase. This methodology applies regardless of the year or current 802.11 standards.


    Demystifying the buzz around MU-MIMO
    Before 802.11n was released wireless APs typically just had 2 antennas: one for transmitting data and the other for receiving data. Despite not being called it at the time, this is known as single input and single output (SISO). The release of 802.11n introduced a feature called Multiple-Input Multiple Output, or MIMO. This allowed wireless APs to have more than 2 antennas (sometimes 3 or 4) to help transmit and receive more data at the same time, thereby improving efficiency and performance. While MIMO was an improvement on SISO, it still only supports one user device at a time (albeit much quicker than before).
    In 802.11ac, an updated version of MIMO was introduced called multiple-user MIMO, or MU-MIMO. This simply updates the MIMO standard by allowing the wireless AP to serve more than one client device at a time.


    After figuring out the type of APs to purchase, you might be wondering how many you need and where they should be placed in your building. This is determined by a wireless site survey. This is a process where an engineer determines the ability of wireless signals to be transmitted throughout a building based on a number of factors. The important thing to know is that a site survey is absolutely necessary to determine the correct quantity and placement of APs! By skipping a site survey, you risk buying more than you need and spending more time and money to fix coverage problems after the upgrade is completed.


    Further reading on site surveys
    When planning a Wi-Fi upgrade or a brand new installation, two things must be determined: how many access points are required for necessary capacity and coverage and where they should be mounted. This can be a tough thing to figure out since many things can impact the quality of a wireless signal. Number of users, bandwidth of applications, other wireless signals, building materials, and type of Wi-Fi hardware can all impact performance. Wi-Fi technology improves and changes at a staggering rate, so swapping out new access points for your old ones does not guarantee good performance.

    A Wi-Fi site survey figures all of this out for you. A site survey is a set of procedures and analysis that determine the optimal design and placement for hardware in a Wi-Fi installation based on the previously mentioned factors. The two main types are predictive and manual. A predictive site survey has an engineer load the building floor plan into the survey software and using as much information about the building as possible, the software does its best to predict coverage patterns and optimal access point configuration and placement. A manual site survey has an engineer actually come on-site and do a physical walkthrough of the building. While on-site various tests are performed and measurements taken to get an accurate reading of the environment and ultimately a more accurate quantity and placement of access points. In a proper installation, a pre-installation site survey is done to determine quantity and placement then a post-installation site survey is done to ensure the hardware has been installed and configured properly.

    These days, some are skipping site surveys due to access points now being equipped with self-configuring feature sets that automatically adjust their power levels or channels. However, these features are meant for optimizing access point operation in an ideal environment. These features are not a replacement for a proper site survey and will not help very much if the access points are poorly installed. At the very least, a predictive site surveys should be performed. You will save yourself a lot of time and troubleshooting headaches by doing it right the first time.

  4. Wireless Controllers
    Cloud managed Wi-Fi equipment has become ubiquitous in recent years. There are many options for cloud based wireless controllers or the proven on-premise controller. The one you choose for your district is purely up to you and your needs. It is important to work with your vendors to pick the right switch for your network. Take time to sit through vendor presentations and ask lots of questions.

    On-premise Controller Cloud Controller
    Benefits
    • Proven architecture
    • Local control
    • More choice in technical support plans and feature sets
    • More resilient
    • Simpler to install, maintain, and scale
    • Straightforward purchasing model as everything is included with cloud license
    Considerations
    • True resiliency requires two controllers in separate locations
    • Controllers may have a limit to the number of APs it can support
    • Can be more complex to manage
    • Requires stable Internet and WAN connections with sufficient bandwidth
    • Cloud licenses introduce a recurring operational expense
    • Cloud dashboards may have less features available for configuration

    Further explanation of controller architectures
    Modern wireless networks all implement the concept of centralized control of the APs. The centralized control can be done via a physical device on your network or a cloud-based controller. There are two types of traffic between the controller and the APs: the control plane (management and configuration traffic) and the data plane (user data traffic). These two types of traffic are treated differently and can take different routes to reach their destination, depending on the controller configuration.

  5. Structured Cabling
    Structured cabling in a building refers to two different types: copper cabling between devices and switches (also referred to as Ethernet cabling or Cat5e/Cat6 runs) and fiber cabling between IDFs and the MDF.When it comes to copper cabling, two factors need to be considered: cable type and drop availability. Cat5e cabling is typically the most common cabling found in buildings today. While this is no longer the modern standard, it will be sufficient for many low bandwidth, network smart devices. High bandwidth devices such as wireless access points and security cameras will likely require a new run due to bandwidth and POE requirements. You may also require new drops in places that previously didn’t have them (for example, in your boiler room for the management interface of a new building management system).

    In each IDF, fiber is the only way to handle all the bandwidth being aggregated to the MDF. It is important to install fiber if it doesn’t exist. If existing fiber does not support at least 10 Gbps, it should be replaced.


    Do you still need 4+ drops in every classroom?

    Historically, every room in a school would have 4-6 network drops that would all be in use. Despite the existence of high speed Wi-Fi and vendors no longer putting wired jacks on laptops and tablets, many IT and facilities departments still cable up schools with the same quantity of drops as a safety net in case the wireless fails. This isn’t a recommended design methodology because cabling jobs are incredibly expensive. While cabling is eligible for E-rate, it is very easy to spend your entire Category 2 budget on a cabling job. Even if the cost isn’t an issue, you still have to deal with the operational side of having jacks everywhere (for example, a user plugging a device into an empty jack in their room and then calling for support when it doesn’t work because the jack wasn’t patched to a switch). Before spending a considerable amount of time and money on a new cabling job, consider the following:

    • Devices in each location that need to be on the network
    • What devices could be put on Wi-Fi, including those with both Wi-Fi and a network port
    • Quantity and type of drops in each location
    • Speed, purpose, and POE requirements of devices you are considering plugging in

    If you can’t think of a reason to put more than 1 new drop somewhere, then you are likely wasting money that could go towards more robust wireless and switching equipment. Investing more in reliable wireless will result in not needing the failsafe of wired drops everywhere. In the extreme cases where you may need to resort to a wired network, existing Cat5e drops will still function just fine. It simply does not make sense to spend the money on replacing them.

  6. Wired Network Switches
    These are the backbone of your internal networks. As mentioned in the wireless controller section, there are countless manufacturers and models. It is important to work with your vendors to pick the right switch for your network. Take time to sit through vendor presentations and ask lots of questions. At a minimum you should make sure that your switches have:

    • 1 Gbps ports for users and devices
    • 10 Gbps (minimum) fiber uplink ports
    • PoE+ support
    • Support for multiple VLANs
    • Link aggregation support
    • Non-blocking backplane (switch can handle all port bandwidth simultaneously at full capacity)

    Edge device between WAN connection and LAN
    These devices are typically one of the last pieces of equipment in your network as they route the traffic out of your internal network eventually to the internet. This device can take many forms such as a dedicated router or a layer 3 switch. It is standard practice in today’s environment to have dual power supplies for redundancy. It is also very important to remember to avoid bottlenecks by choosing a device that can scale with any upgrades in bandwidth.

    Uninterruptible Power Supply (UPS)
    These units are very “situation specific” and each implementation can be very different. Take time to really think about your power requirements. How reliable is the power in my building? What devices are critical and can never be down? How long do I need to keep my non-critical devices running in the event of a power-outage? These are just a few questions to ask yourself when thinking about power. Remember that UPS equipment is expensive and bulky. UPS units can even be hard to fit in some of your closets.
    Backup Time = Dollars + Size — As backup time increases so does the cost and size!


    Considerations for cloud managed network equipment

    While cloud managed Wi-Fi platforms have been common for a while now, many of these same vendors have started offering cloud managed wired network equipment such as switches and firewalls. This can be a significantly different experience than the traditional ways of managing this equipment. There are a number of differences between the two models that isn’t just limited to management. Factors such as cost and technical support also come into play.

    Consideration Cloud Traditional
    Cost In addition to the hardware, a cloud license must be purchased in order to manage the device from the cloud dashboard. Licenses are typically sold in single or multi-year increments. Optional technical support plans can be purchased with the hardware. If certain equipment is not deemed mission critical, money can be saved by not purchasing support for it.
    Feature sets There may not be as many specific or granular features to configure from the dashboard. Generally, you can configure any feature available on the particular model of equipment.
    Deployment Zero touch – once equipment is powered on it will download its settings from the cloud dashboard. You must manually configure each piece of equipment or setup your own systems to automate the process.
    Management Dashboards have built in monitoring, alerting, and analytics. Additionally, if you buy Wi-Fi, switches, and firewalls from the same vendor then you manage them all from the same centralized dashboard across all sites. You have the flexibility to deploy your systems of choice for management, monitoring, alerting, and analytics.
    Accessibility Cloud dashboards are available from anywhere provided you have Internet access. You must setup some type of remote access into your network such as a VPN in order to login to your equipment.
    Software updates and patches Updates can be automatically pushed out to all equipment. You can strategically plan your updates in your preferred way.
    Technical support You don’t have to spend anytime shopping for various types of coverage – cloud licenses automatically include all technical support. You have the choice to pick and choose what levels of coverage you want for each piece of equipment.

    To summarize, cloud managed equipment is focused on a unified platform for all network equipment meant to simplify operations. Traditional on-premise equipment is focused on providing rich, configurable feature sets and the flexibility to choose more of your own systems.

  7. Security
    There is always going to be some level of security on every network, typically in the form of a firewall and content filter between the Internet connection and rest of the network. However, it is incredibly difficult to make specific security recommendations that apply to everyone and are also helpful. Necessary features can vary based on many things such as applications being used, authentication systems on the network, and even the lifecycle of your hardware. Security needs have become so specific that now there are vendors and engineers who specialize in network security.It may be a good idea to discuss security needs with your vendors or even get a security audit performed. An audit will assess what needs to be improved based on your existing network and future plans. This will help you get a good idea of what you may need to implement. While good network security is absolutely necessary, it is not necessarily cheap. More advanced features such as DDoS mitigation, IDS/IPS, and client VPNs will cost more and it is important to remember that advanced security functionality is not eligible for E-rate. Be strategic and assess your needs before spending a good portion of your capital budget on expensive hardware.

    Some basic tips about security to keep in mind:

    • You must implement content filtering to be eligible for E-rate funding, though the hardware, software, or service you use to do it is not eligible for funding itself.
    • Firewalls and content filters should have port speeds and throughput that can scale with projected IA bandwidth.
      • Throughput metric is important! Just because a firewall has 1Gbps ports doesn’t mean the throughput is also 1 Gbps! Certain features like IPS can lower the possible throughput significantly.
    • Basic firewall service is eligible for Category 1 E-rate funding in certain scenarios as explained here.