Slashdot Mirror
A WiFi-Only Office Network?
periol wonders: "I'm the sysadmin for a firm in mid-town Manhattan that is moving to a larger workspace six months from now. The new space is on one floor (100+ users to begin, 200 capacity) and is completely stripped. We've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. Does anyone have experience with this kind of setup? My calculations are that we would need one access point per 15 computers, but I don't know what kind of issues we'll run into along the way. Will we run into unexpected periods of network downtime with a wireless-only setup like this?"
"unexpected periods of network downtime"?
no.
Expect them.
200 users in a small space over wireless = problems.
"I'm a corporate snoop in mid-town Manhattan that wants to get trade secrets. The target company is moving to a newer and larger office. They've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. How long do you think it will take me to crack the WPA/EAP key, and how big of a thumb drive/media card do you think I'll need to store all that juicy information?"
Leave it unsecured so that everyone can enjoy the rewards of your hard work. Thats what all the cool kids do.
"I use a Mac because I'm just better than you are."
....on the intensity of your network activity, how many people stream the NCAA playoffs at their desks, proximity to access points, the amount of time you have to setting up the network (do it fast or do it right?), and many other things. Does your firm have more laptops vs. desktops? If more portability is necessary, then a wireless network makes more sense. If you've got more desktops than laptops, then you might be better off running cables.
Wait... if your corporate office is anything like ours, take note: WIRELESS LAGS FOR GAMES.
Funnypics
...STUPID (for reasons already mentioned sarcastically in other posts). WiFi is simply not that reliable, period. Connection stability can be absolute shit, and then you have to worry about encrypting the connection as well. It is simply just not a good idea at all.
si vis pacem, para bellum..."if you wish peace, prepare for war"
200 users in a small office is silly. Run ethernet because with that many people you'll need a real commericial solution which will cost more than a few switches and a router.
The article you linked to says they needed one access point per 10 VoIP calls. I'm not sure how you think that 15 computers sharing an access point will be a good idea. Wiring a completely stripped office space is not that expensive. For 200 users you are probably talking in the $30-40,000 range. In exchange for putting in wires, you're going to get overall throughput that will make any wireless configuration you can come up with seem archaic in comparison. To top it off, if you go all wireless you're going to have an administrative nightmare dealing with the interference that exists now, much less the interference that will come when somebody finds the next killer app that uses the unregulated spectrum that you decided to bet your job on.
Nope, for workstations in the double digits, with no walls yet in your way, you'd be silly to try wireless for anything but phones. If you do decide to bet the farm on wireless, make sure it's in licensed spectrum that you have all to yourself.
Its dead on. Plus there is the matter of other vulnerabilities. Lets say its Firm X bidding on large contract (Engineering/advertising/Media/contract manufacturing) how much do you want to bet theres going to be surprising problems with the wifi as a deadline approaches. Its just too easy if a competitor finds out for them to take a cantena and cause packet storms on the network.
Sure, you can do it.
Should you do it? Probably not.
I'm guessing your users have some sort of expectation of security. By going wireless, you should treat every user as if they are working remotely. Every connection should be treated as if it was compromised.
If you are doing anything with security in mind, assume I'm sitting on the next floor down, packet sniffing everything. I'll eventually masquerade as one of your users, and I will get through whatever layers of security you think you have in place. As far as that goes, I may on the next floor up, or in the next building with a high gain antenna pointed at one of your AP's.
For a secure corporate network, wired is the only way to go.
For a home network, where it's your kids chatting with their friends about who's dating who at school, and you browsing porn sites at night, sure wireless fine. Who cares if someone breaks into your network there.
Spend the extra bucks. Hire someone to drop lines to all the desks, and hook everything up to a good switch. Double check their work to make sure there was nothing added to your network.
Serious? Seriousness is well above my pay grade.
Why would you think that this would be easier to implement that hanging wires? If you got some of that cable cover stuff, even in a stripped office the ethernet would be invisible, and SO much easier to maintain. Of course if you get paid per call, it makes lots of sense to setup wifi, as you'd be setting yourself for lots of complaint calls (at $80-$120/hr that adds up to a LOT of cost for wireless)
Why would you want 54 meg SHARED, as opposed to 100 meg or gig with the wire??? Seems like a step back to the early 90's (10 meg hubs, baybee!)
Tv's first started wireless and are now wired.
Telephones started out wired and are now wireless.
Wireless networking is a step backwards from a switched hardware fabric. Productivity will be much faster when a file, such as a large presentation, can be trasmitted and delivered in gigabits a second, instead of potentially single digit megabits.
http://tf2.digitaljedi.com
As many others have mentioned the speed and security issues I think there are two things your not thinking of. First of all im not sure how your office is setup but most, if not all, of your machines already have an ethernet card in them. If you went WiFi you would have to buy an ethernet card for each machine which can get exspensive. The second thing is that if anyone in your office or any office around you is using anything on the 2.4ghz freq(such as a wireless phone) it can interfer with your WiFi network and cause disconnects. Its much more of a hassel to deal with WiFi and I would STRONGLY suggest to stay with ethernet.
Just toy with the idea as you are now.
First off, the Wifi routers will MAYBE handle regular surfing, but consider that nobody regular surfs.
Also, the cost of switches and wire as well as their low cost to maintain will outweigh the cost of the Wifi.
Great question. Unfortunately, the Wifi is not there yet with the costs and equipment. The support inquiries alone will bury you, not to mention the cost of said support in man hours.
DISCLAIMER:
I don't believe what I write, and neither should you.
Wireless performance is shit. Here's the problem: Sure, 802.11g gives you a theoretical peak 54 mbps. However, not only do you never get more than 50% of it, that bandwidth is shared among every user on the network and is half-duplex. It's like having everyone on a single hubbed network - once a buch of users all start communicating at once, you get collisions, and performance drops. 1 user on wireless is fine. 5 or 10 is questionable. 50 will be like molasses.
A completely wireless network is a bad idea for numerous reasons.
1) Reliability. I have yet to find a decent AP that doesn't need to be power cycled every so often to get things working again (although I haven't ever used a business quality AP)
2) Speed. As far as I know, pre-N technology hasn't been fully adopted and the best you can do is 802.11g (54Mbps) basically half of what you would get with wired (100Mbps). Granted you rarely ever get the full 100Mbps, but you rarely ever get the full 54Mbps either.
3) Management. You mentioned needing one access point per 15 computers, so you are looking at 7 APs to start and 14 after your growth. Do you or your IT department really want to manage 14 APs when you could throw in a couple of 48 port switches?
Personally, I have never seen the benefit to having a wireless card for a desktop computer when there is the possibility of wired. I have only used a wireless card in a desktop on one occasion; an apartment where it was basically impossible to run wires from room to room. Wireless technology is best suited for devices that are mobile; laptops, PDAs, etc.
My recommendation would be to go with a traditional wired network to each desk area (hopefully not cubicles). This will allow each employee to have access to the 100Mbps wired network to their desktop or laptop while at their desk.
For wireless access, I would recommend one of two solutions. If you have lots of non employees that visit your office with their own laptops, I would set up an unsecured wireless network with 2-3 APs that is on a separate network than the wired network. There is nothing more frustrating to me than having to help visitors enter a WEP key. Employees could then use VPN to connect to the secured (wired) network while on the wireless network. However, if you don't have many visitors, then you go with a WEP key (or Radius or WPA or whatever) secured wireless network and forego the VPN connection.
As my Uncle always taught me... My advice is free and worth every penny.
I'm certain that your considering an all-WiFi network or a wired one as a possible cost saver. What the cost of supporting 100-200 simutaneous VPN connections with client licensing and VPN server hardware? How does this compare with implementing a wired network?
Your also never going to get the throughput that a wired connection can provide. Another thing to consider is the cost of going wireless will be wasted money just as soon as your company realizes that doing so was a big mistake. I'd bet that they would eventually come to this conclusion.
Just use wireless where it makes sense like conference rooms and common areas and then secure the hell out of it.
Later,
-Slashdot Junky
.
Landfill Mining Co.
Managing the (Un)natural Resources of Tomorrow
I was told by a local Cisco engineer that when Best Buy built their new HQ in a southern suburb of Minneapolis a few years ago they went wireless in a bunch of the areas to save on future recabling. They put them in high density and low power... so talk to your Cisco rep and ask them about that. If nothing else they can chat with the Minneapolis office about it...
Time is the quality of nature that keeps events from happening all at once. Lately it doesn't seem to be working. -Anon
You needn't expect any network outages above and beyond the standard switch, AP, and WLAN card failure rate.
The main consideration in your plan is the 802.11 host density. The 802.11 spectrum is divided into 14 partially-overlapping channels. Each channel in 802.11g provides a maximum of 54Mbps (this is theoretical- actual throughput is closer to 25-40Mbps on a good day). Even by configuring channel selection for an even distribution, you'd still end up with at least 7 hosts per channel. Because 13 of those 15 channels would be surrounded by channels with statistically-equal amounts of traffic, you can't guarantee more than 3.8MBps per host (perfect theoretical world), or closer to 1-2MBps in practice.
While 2MBps is fine for internet downloads, you'll experience a noticable delay accessing any sizeable files on network shares, or moving email attachments around.
Additionally, because of the overlapping nature of the 802.11 channels, and the leaving-much-to-be-desired spectral filters in most 802.11 stations, when any one user is transferring a large file and maxes out their channel x, expect all the users on channel x-1, x, and x+1 to experience sluggish performance. Given at least 7 hosts per channel, and at least 2-3 channels affected per burst, any burst large traffic will impact no fewer than 21 users on the network.
In short, yes, you could do it, but count on substantially poorer performance than a wired solution.
And as with all professional-grade wireless networks, accept absolutely nothing less than a strong per-host-authenticated VPN tunnel.
Good luck!
Maybe you should. There's quite a difference.
These days, while WiFi is a standard feature on most laptop, wired Ethernet is a standard feature on almost every computer. At least 100 Mbps, and even Gigabit is commonly integrated into the motherboard. So if you go wireless, you'll probably end up having to buy a lot of extra NICs for all the desktops, not to mention the installation hassle of replacing all those NICs if you decide to deploy 802.11n or something later.
In contrast, there's probably no need for more than 100 Mbps switched Ethernet in a typical office setting. It's also easier to deploy such an upgrade piecemeal if it does become necessary. Wireless solutions usually have backward compatibility modes for your legacy devices, but they tend to really drag down performance, too.
Another thing to consider is to not only consider interference with other networks, but within your own network. Since 802.11 is a CSMA-based protocol using a single shared medium, it really only works well for communication to/from the wired LAN. Communications between wireless nodes runs into the same problems unswitched Ethernet LANs run into with access contention, even if you blanket the floor with access points.
In particular, communications between two nodes using the same access point will usually be more than twice as fast in ad hoc mode than having the access point relay the packets. A smarter WiFi standard would be able to command stations to communicate directly, or use alternate channels for send/receive to avoid contention, but that's apparently not being considered.
You can't just add access points to increase capacity... the limitation is the radio frequency space available. Remember there is only room for 3 wifi channels (1, 6, 11) in the 2.4GHz spectrum. Add a forth into the same space, and you're just stepping on the others and causing interference. Of course I'm assuming 802.11b/g here, as 802.11a has 20 distinct channels.
The other issue that people have mentioned is outside interference. Microwave ovens can be a real bummer. So can the little cordless 2.4GHz headsets executives seem to like. And you better hope nobody sets up a 2.4Ghz video sender for their security system in the vicinity. Or a nearby cell tower, or radio station. You could be working perfectly for a year, and then suddenly have your network permanently broken by something completely outside your control or ability to change.
There's a reason you don't hear of many people doing this.
-R
I provide helpdesk support for an environment with laptops that offer both wired and wireless connectivity. Attempting to authenticate to the domain, or use remote desktop software, is "untimely" at best, and nearly impossible for many occasions. A script that would take less than 10 seconds often drags on for 3-4 minutes when the target system feels the session should be routed over the WLAN.
Hey, no problem, you can connect using the IP assigned to the wired NIC, right? Good luck when the script only accepts the hostname, and that's mapped to the WLAN NIC. You can remap it by editing the hosts file, but when the system is FUBAR'ed to the point the user can't log on to read the other IP, your fix is useless. A substantial amount of troubleshooting time would be saved if wireless capability was only enabled on machines that need it.
And you want every machine to rely on the WLAN as the primary (or only) connection? It might work in a local shop, but be prepared to have users drag their machines over to you every time their system breaks.
i tried this route in my office and had no luck.. ended up wiring the place. too many problems with disconnects.
We have several offices.
We put in 100% wireless at one when we moved. Saved us a bundle of time, but there were dead spots all over the place. Lots of people had laptops and moved around with them - some offices had good connectivity, some didn't. In hindsight, we didn't have enough access points to provide good coverage. We eventually switched to wired due to user frustration.
In the next office we learnt. Fewer people have laptops and move around. Everyone fixed is wired. Laptops have the option and using IBM's s/w on the thinkpads, they seamlessly switch when you unplug to move (in fact, some choose to stay wireless all the time). We carefully chose the locations of the APs by testing. Throughput is down but not noticeably so.
What to learn:
Think of access points in terms of distance between them and coverage as well as number of people connecting. And figure this out by testing, not by reading manuals. Walk the floor with a laptop and test every office, nook and cranny - there are lots of unexpected dead spots.
Security is not a problem - WPA is a piece of cake to set up and (as yet) unbroken.
So it can work.
There are two reasons I see for going entirely wireless:
1. The ooh factor
2. Ease of installation
Reason #1 is of course no reason to do anything in a business environment, although it is often tempting. Think about things realistically, don't get too fancy and regret it later. New wireless standards will come out, and you'll want to upgrade to them. Since there is a new wireless standard brewing right now, and there is not likely to be a new wired standard for some time (10GB is probably 3-5 years away from being affordable), it would be wiser to invest your money in a stationary target.
Reason #2 is also not a good reason for doing this. You have a totally empty floor, so everything needs to be run to the various cubicles or offices that are you going to erect. That means at least power, maybe phone lines, and who knows what else. It is very little extra effort to do the networking at the same time, even taking into account that the lines shouldn't run in the same conduit. As long as a computer has to plug into a power source, which they always will, they may as well plug into a network interface as well. Sure you could also put wireless in here and there, but using it exclusively just to save on the effort of cabling is a bad move. I predict that you'll wind up buying wireless bridges for lots of things (printers?)
I'm one of the 20 laptop users in my office of 60 or so with 2 to 8 clients in our office at any one time. Our biggest issue is with the dsl going tits up at 5AM when the cranky old farts arrive in the office and stew until I arrive to reboot the dsl modem at 7AM. I put a xmas light timer on it to reboot it every night at 2AM.
The wireless is working fine for now with only me (vpn to our network) and a few clients and two printers. I'm adding two d-link range extenders this weekend to test for awhile before we move to our new office and quadruple our office space. I also expect the dropping connection to go away once I upgrade my card from a b to a newer g card.
In my experience, I've setup wpa-tsk security with a non-descript ssid and a superlong marketing phrase as the key. Had several complaints about the key being too long, I always offer to type in for them and I explain that it's for their protection. I could care less if some hacker uses a crappy dsl line to screw around, it's not connected to our network, but I would care if they got in and into the files of my clients on their laptops.
You're in midtown Manhattan and you want to use wireless for your basic intra-office connectivity? You are nuts. The moment somebody walks by with a cordless phone or some other device sharing that spectrum (and it *will* happen) your network will have problems. Not to mention the security issues. Listen to everyone else here and do real wiring.
Plan on spending an awful lot of money to get this network up and running and to keep it that way. You aren't going to be using Linksys or D-LINK garbage here if you want any kind of reliability. Look to the larger wireless AP builders - Lucent, Sonicwall and Cisco come to mind, but they might not be the best of breed, which is what you need. Expect to spend more time (and therefore money) maintaining this network compared to good old copper and a couple hundred ports of good old Gigabit Ethernet. It's up to you - pay Peter, or pay Paul, but you are going to pay.
whats your company's physical address I'll hack your network, so you'll be rewarded for your great work. It seems that you're not fully-aware with insecurity of wifi networks then I'll take over your role.
I install wireless networks professionally and I can pick out a handful of factors that will make or break your decision:
...in mid-town Manhattan ...100+ users to begin, 200 capacity... ...(probably running over VPN for security).... ...there is a web application hosted off site.
:D
1.
2. The new space is on one floor...
3.
4.
5.
Issue 1: RF Interference
Addressing item #1, how much square footage do you anticipate these 100+ people using? According to item #2, you intend to accomplish this on one floor, and given that you are in mid-town Manhattan, I imagine a small office footprint.
At first blush, this sounds like a recipe for disaster--at least as far as I understand what you are doing. First of all, just being able to service X number of wireless users per access points is not enough. You have to consider how the RF field being put out by each AP will overlap others. In the US there are 11 channels for 802.11b/g and only 3 do not overlap (at least enough for it to matter practically); too much inter-accesspoint overlap will cause a sever drop in throughput--APs will be fighting each other's RF output. You may find yourself at the very least having to dial back each AP's power output significantly just to get clients to associate reliably. Also bear in mind that given you will be on a single floor, your RF output will extend three dimensionally to upper and lower floors if you are using directional antennas. This is not just an issue for your neighbors, but also with multipath distortion.
Issue 2: Latency
You mention that your network will "probably running over VPN for security" which will add to the already high latency of a wireless network. The overhead involved in setting up a connection on a wireless network and transmitting in a timely manner is exhorbitant by comparison to Ethernet. Add to that an even higher overhead for a VPN (even hardware accelerated) and you've got a recipe for disaster on all but the most tolerant user base. Item #5--your off-site web app--is likely to cause serious headache.
Latency will be a major factor if you intend on doing any amount of VoIP or video conferencing, and this traffic will require traffic shaping too.
Issue 3: Throughput
The reality is that we are still in a "Pre N" world. The very maximum you can squeeze out of your 802.11g network is around 22Mbps overall. And here's another fact that a lot of admins don't know: as soon as you associate 1--just 1--802.11b client to that g network, your total maximum throughput drops immediately to 8Mbps. Compare this to Gigabit Ethernet in performance vs. cost.
My suggestion is to design a wireless network that will properly cover the office space, but cable Ethernet drops for key locations such as stationary offices and conference areas that are likely to see a lot of consistent use. Users should be able to roam about the office, but have a drop at their disposal if their application demands it. Your users will be happier, you will be happier, and you won't run the risk of cooking your staff with all those microwaves.
"If any part Linux was stolen, then Windows was the biggest heist in history."
You don't say why you don't want a copper plant -- but it seems like you're giving network wiring a bad rap. Do you intend to have laptops assigned to everyone, and intend for them to roam around the office all day? (I'm picturing a scene of dogs wandering around at a dog park as I write this!) If the users are primarily sitting at their desks and are using "desktop" machine, there doesn't seem to be much of an advantage to go wireless -- in fact, I'd say that you'd have more headaches.
I'm assuming that you want to do this because the userbase is mostly laptop-based.
You definitely will spend a lot of money on getting real wifi equipment to do this roll-out. At the very least, you will want to have access points that will handle WDS correctly so that people can roam around from AP to AP. You will want to have central configuration management, performance/usage monitoring, and security management. (One product off the top of my head that might be useful: WiFi WorkPlace.)
Note that with wifi, each access point acts essentially like a shared hub -- and the throughput is less than half ot the signaling speed -- so your 10 users on the same 54-Mbps AP will be on an effetive "20 Mbps" hub... Latency is higher, too. Yuck.
In order to keep the footprint of each "hub" (AP) small to ensure reasonable performance, you will need a lots of low-powered access points. And hope that your client machines are running bug free drivers --- back when I used to play with linux wlan drivers, we sometimes had a client go crazy and pump up the transmitter to max power in order to associate with the AP on the other side of the building -- and stepping on a lot of traffic in the process.
Good luck!
So if you're figuring on 1 AP per 15 users, you're going to be needing 7 APs to start with, and possibly up to 14 eventually. But if those 15 users have to share the bandwidth on that one AP, they're getting (on a really good day) about 3 Mbps of bandwidth if you go 802.11G. If you're wired for only Fast Ethernet they're going to be getting more than 20 times that.
The second question is the physical layout of the place. If it's a big empty warehouse type of place, there will be very little physical interference in the form of walls and such. If you are setting up a cube farm there will be even less, and the people will be packed fairly tightly into that space. If the APs are that close together, you're going to have lots of coverage area overlap, and with only three non-overlapping frequency ranges you will undoubtedly have roaming and AP association issues. You may plan on 15 users per AP, but that's just an average. If 30 of your users associate with one particular AP because it has the strongest signal, you will get lots of complaints very quickly.
Then there's the numerous security and cost issues which have been covered in other posts.
Why the heck was the parent modded funny? Although I disagree about the "phones going wireless is a step backwards" argument, the part pertaining to networking is dead-on. For example, when I'm grabbing the latest OS update from the local server to a client machine, downloading via ethernet is sometimes TEN TIMES faster. And when you're trying to update thirty machines at once, going over the wires is definitely a Good Thing(TM).
I think the original question needs to have a bit more specificity: what kind of general work are they doing? How critical is download speed to the operation? How big are the files they'll be working with?
Overall, I have to agree with the general consensus (so far, anyway): Though going wireless has a few advantages, and some of the old disadvantages are no longer a problem, the question of reliability is still critical for a business. Going wired is the only way to get the ultimate reliability.
All your competitor needs to do is bury a jammer in the front lawn. Presto: complete network blackout. Thousands of dollars in lost productivity until someone finds out what the heck happened. Any IT admin knows that a catastrophic network failure is bad for job security.
"Wires where you need it. Wireless where you'd like it." "It" being network access, of course. Wireless should be treated as a convenience in an office environment. It is not reliable. Especially in a high density place like Manhattan. You never know when someone is going to stomp on your channel space. And with all those radios (enough for 1 per 15 people), it will happen. Another consideration is performance.
I don't care what kind super-duper-double-data wireless standard you run, it'll never perform like a good ol' fashioned 100Mbit full duplex switched network. And you won't have the option to go 1000Mbit where you need it unless you do some ad hoc wiring, which always turns out bad.
Just spend the cash to wire the office properly with good labeling and patch panels. You won't regret it. There really isn't any room for debate here. You'd be a fool to go all wireless.
-matthew
"THERE IS NO JUSTICE, THERE IS ONLY ME." -Death
A friend of mine worked there (BB) as a consultant for a while. He said the wireless was absolute shit. Dropping the signal happened with alarming regularity (Verified by watching him constantly drop off of AIM).
I can't imagine trying to do anything that required an constant open session (SSH, etc.)
I haven't used this part of their products, but I am impressed with their wireless APs and controllers...especially for client density and VoIP.
e ases/050106a.shtml
Meru uses their radio switches and bonds multiple channels of wireless to create backbone trunks between APs. You end up with around 150Mbps full-duplex if you used 3 channels for the backbone...a bit better than 100-Base. These trunks are encrypted, and the wireless path between AP and controller are also encrypted. Keep in mind, this path is between APs and radio switches...not the actual wireless clients. Those are still a/b/g speeds.
They've had a few of their customers switch over entirely to a wireless LAN. The advantages are easy deployment for new installs or temporary installs. The disadvantages are sub-GigE speeds and typical concerns about security.
Here's the link for more info...http://www.merunetworks.com/news/press_rel
-Barkeep, a draft of your most hazardous brew, for the world is slowly stepping into focus, and I don't like what I see.
My office was migrating to wireless when I started working there. Some people are using it, but a lot of folks, myself included, won't touch the wireless network. The issue is that we work with a lot of large files that are stored on the server, and as soon as you get more than a couple people using them at the same time everyone's workflow starts slowing down. I suppose it wouldn't be so bad if Slashdot posted more articles every day, but as it stands I have better things to do with my workday than watch blue bars and beachballs.
To best secure your network you'll have to block unwanted RF getting in and out, aka a Faraday cage http://en.wikipedia.org/wiki/Faraday_cage and then all of the users will start bitching that there mobile phones don't work.
From my experance I've found wired network far cheaper in the longrun. The cable costs maybe high to lay but once in maintance and upgrade costs are low. Were with wireless support costs are high and ongoing. We only use wireless as a bandage till the wires are in.
If you want really secure wireless do it at the power switch
[sVen]
Seriously, there are several systems vendors who you should check with:
Trapeze Networks (www.trapezenetworks.com), Aruba (www.aruba.com), and Meru (www.merunetworks.com) are able to deliver wireless systems with centralized management and control. You'll be able to use extremely strong encryption and authentication, you'll have granular user control for access management & VLAN structuring, and you can even monitor the wireless frequencies to detect "attackers" and "rogue access points".
Many laptops are now equipped with 802.11a and 802.11b wireless client cards, so AP crowding is no longer a problem (there are plenty of free channels in the 5.0 GHz frequency band).
So take a look, and you'll find these vendors have put a lot of thought into the reliability & security issues
theMole
It really depends on your usage. For standard internet access you can get by with 1 AP per 20 users. Anything more than that you need more APs. 5 users per AP is more realistic for users doing more than web surfing. Wireless sucks for moving large files around. Not a problem for any single user but more if more than one tries to do it your network goes in the toilet.
You can deploy a secure WLAN infrastructure but it takes some work. Ideally you would have a wireless IDS system such as Air Defense and encryption on the "wire". Some options for encryption are Air Fortress and Cranite . Both install a layer2 encryption client. Depending on what kind of AP you are using you can set the up to only forward Air Fortress frames and ignore everything else. Another option is something Aruba Networks product. Their are centrally managed and they have integral WIDs encryption.
If your users are using laptop you should mandate some sort of file system or whole disk encryption. Laptops are cheap to replace if a user leaves the laptop in a coffee shop but losing data is not cheap.
Look at the overall costs for all of the solutions before you make a decision.
That's what I do. I let my downstairs neighbor hop on my AP and I don't even know who he is.
+++ATH0
I'm not in IT, but at least for the next 6+ months, I'd run ethernet. No jamming, no outages, no worries about needing a VPN solution just to be in the office. Heck, I'd run 2+ jacks to every cube in the place, that way even if a mobile-only AP setup goes to hell, you've always got wired.
When 802.11n comes out, I'd consider it. Better range + more bandwidth could result in far fewer APs to maintain. Who knows, it could even be robust against jamming.
Amongst the flood of valid and not so valid replies nobody seems to be mentioning 802.11a. In Europe, 802.11a is rapidly spreading. Is that a complete no-go in the States?
It doesn't perform as well as everybody on a 1Gbps Ethernet with their own port on a beefy switch, but I've seen several companies with a mix of wired networks and 802.11a available on all floors. With e.g. WPA2 and EAP-TLS it makes for quite a good solution.
I have a WiFi network in my home, and we recently got a new microwave. The new microwave is about twice as powerful as the old one, but it's only a $100 Panasonic. This thing has juice, though. It disrupts the WiFi signal throughout the entire house, and it's even difficult to listen to the radio at the far end of the house because there's so much interference. Whenever the microwave is on, the internet is unusable, and if I'm on the cordless phone, people say it sounds like I'm underwater. If I were willing to go to the effort, I'd crawl around in the attic and wire the whole house with ethernet, especially after having experienced WiFi. I love the mobility of WiFi, and I'd probably still have a node or two, but it would be nice to be able to just plug into an ethernet connection when the WiFi connection is iffy.
Much as I hate to join a bandwagon, this is the most relevant comment about wireless networking so far. I have been involved in rolling out a large-ish wireless network (some 60 Access points) and encountered the exact issues the parent describes. In an area that is likely to be larger than the office mentioned by the original poster the design spec said 12 APs. Channel overlap and interference was an utter nightmare. The solution was to turn down the transmission power to the absolute minimum and completely switch off some APs.
In short, anyone considering a wireless network in a production environment with that many users absolutely *must* aquaint themselves with these aspects of networking. Use wires for your production systems and workstations, leave the wireless for visitors and casual web browsing.
And what about security?
Are all those WiFi security technologies (WPA, WEP etc.) really strong?
Maybe Computers will never be as intelligent as Humans.
For sure they won't ever become so stupid. [VR-1988]
I could care less if some hacker uses a crappy dsl line to screw around, it's not connected to our network
You'll care when your ISP suspends your DSL line because of excessive spamming activity.
So you need to look at a VoIP PBX / phone setup with a built in switch - think a 3Com NBX plus 3000 series phones. Then you would attach the local workstation to the phone. Wifi isn't going to work for everyone, but until then, use the PBX as the reason to run Cat5 for something. Any phone location then becomes a phone + network location. PoE switches from Linksys are the best bang per buck, but keep in mind the power load on the switches isn't expandible like more expensive switches. Wifi will cover lots of people, but in the end the wired workstations will be the least troubled.
802.11x is not a replacement for wired networks. If you have any confidential or proprietary information, I'd avoid wireless like the plague, especially if security also falls under your group.
I work in state government. In our particular division, we deal with large amounts of confidential data (patient records, healthcare information, etc). We have recommended to management that currently, wireless standards for our agency should follow the DOD recommendations, which basically boil down to
A few of our people attended a SANS training class where one of the labs involved (I may not have this completely correct, but it's close) an IPSEC tunnel over wireless, with a ssh or HTTPS connection through it. They cracked open the WPA, IPSEC, and (SSL/SSH) connection in about 15 minutes.
A lot of people have correctly claimed that using wireless networking permanently for all employees is a bad idea, and they're right.
Wireless does have its place, though. You can set up a wireless network very quickly. That can be important if you need to start moving people to the new location before the contractors have finished wiring. It's also good for meeting areas where people will be bringing laptops. That is, it's good for -temporary- network connectivity. So, even if you (correctly) walk away thinking that a completely wireless office is a bad idea, don't leave wireless out of the plans completely.
Forward, retransmit, or republish anything I say here. Just don't misquote me.
There's a really neat solution available for most of the security, reliability, and speed issues involved in Wifi networking. It makes your network almost impossible to snoop without being in the same actual room with your equipment, eliminates most of the interference and frequency contention between nodes on the network by establishing redundant exclusive channels through your local area, and can boost intraoffice speeds to as much as 1Gbps with modern desktops and laptops. It does cost a little more than standard Wifi to equip an office with this technology, but if you're building an office space from nothing, it's fairly easy and inexpensive. It's called Wifi/Isolated-Redundant-Express, or WIRE.
http://alternatives.rzero.com/
We had something like that at home for a year or so, and I'd have to say, it was horrible. The one access point was located on one side of the house, while most of the machines were on the other side – it was only after we got a second one and hardwired in most of the machines that it was tolerable. Even if the machine's right next to the access point, the reliability of the connection can be pretty bad, and trust me, I would know... I'd hate to see what it would be like for an entire office.
(For the record – two NETGEAR wireless-G routers, linked together; right now, four hard-wired machines, plus three or four more wireless ones. Most of them are running Linux, the wireless ones with NdisWrapper. Your mileage may vary.)
Creative misinterpretation is your friend.
Security is not a problem - WPA is a piece of cake to set up and (as yet) unbroken.
LOL!!! You fucking n00b!!! WPA was cracked over a year ago and it is even easier to crack than WEP. Here are detailed instructions for cracking WPA. I'll refrain from posting the video demonstration of the crack. You're just too ignorant to realize that you have been pwned from the beginning. Thanks for letting me send 1.52 jiggazillion spam emails from your open (I mean Goatse, wide-ass open) network.
We installed Meru Networks wireless network and have found that you can stack the AP to give more users more coverage. The Meru Networks solution uses TDM (by telling radios when they can transmit) to eliminate RF collisions and increasing overall throughput.
Not that I'm saying that a dedicated Wi-Fi is a good idea, but whatever your Wi-Fi solution (supplemental or dedicated), Wi-Fi TDM helps performance.
(PS, I do not work for Meru.)
With 802.11g you can only serve a total of 45 users. 15 users per AP times 3 non-overlapping 11g channels = 45.
In theory you can use highend equipment with transmit power management to set up an effective microcellular network with more APs. If you want to do this, ALL hardware (clients and APs) must support automatic transmit power management. Multiple low-power APs will let you increase density, but this is difficult and expensive.
802.11a gives you 20 nonoverlapping channels to work with, but has its own issues to deal with.
Once you're talking about 802.11a gear or high-end properly placed/installed 802.11g gear for a high density network, you're better off just installing gigabit Ethernet switches and Cat5e and getting (easily) 10 times the real-world throughput or more.
retrorocket.o not found, launch anyway?
I suppose I can imagine a situation where your server has 5 or 10 nics, or it's got a gigabit pipe to the same switch you've got 100 mbit to...
But with a normal setup -- one server with one 100 mbit wire to a switch -- that's ultimately only 100 mbit full duplex vs 54 mbit half duplex. The bandwidth ends up being shared anyway.
I'm sure it's still an issue. Certainly, wireless seems to deal very poorly with interference -- the wireless I'm writing this on is practically useless in some places around the house because our neighbors have this wonderful open AP called "MSHOME". You'll also cause a lot more headaches for coworkers who just need Internet, which is lagging horribly because you're doing that kind of work.
But, the bigger issues will probably be things like competitors on the front lawn with tin cans, wireless stuff interfering, the fact that you'd probably have to run wires to your APs anyway, so why not put a switch there instead of an AP and run wires to desks?
Don't thank God, thank a doctor!
Wireless is great for convenience. I love being able to wander around somewhere with a laptop and read Slashdot. But as soon as I need to get something done, I sit down at a wired desktop. Wireless is still too slow and unreliable to be a replacement.
So, go ahead and have wireless all over, especially in meeting rooms where people are likely to bring laptops. But make sure you secure it, and use wired for anything not likely to move. Even if people are using laptops, they already have to be plugged into power to use all day -- it shouldn't be hard to plug them into ethernet, also.
Don't thank God, thank a doctor!
I implemented a wireless network of 6 AP's spread over a very large building and I didn't have any troubles with it. I would PERSONALLY run cables to desktops and let all laptops be wireless. But i f you were going to do wireless all the way, I'd use the Cisco access points and use TKIP as an authentication/encryption mechanism. You should be able to authenticate against an Active Directory server if you have one. The reason I say use the cisco's is because they are solid as a rock and have alot of security features you can implement as well as vlanning. They are nice but expensive at $600 each. Each AP should be able to safely handle 20-25 users which should reduce your AP needs to around 4. Now they may be able to handle more, I have never had them maxed out...I'd check on the limits of the Cisco before I got one.
Jason
First off, I hate wireless in all shapes of forms (Bluetooth is turned off on my phone, my laptop's wireless is permanently disabled and the only 802.11b AP that I own is for purely educational purposes). However, with that in mind, I regularly cater for small suburban schools in the Boroughs of Greater London. To give you an idea, we talking about a 10-classroom school backing onto suburban terraced houses in some quite nice areas. Lovely big fields and play-areas, main roads etc. but also a few dozen small residential buildings within a 100m radius of the school property.
The current fad (after interactive whiteboards and laptops themselves) is to have wireless "trolleys", sixteen laptops in a steel trolley that charge overnight and then access the network over a double-AP 802.11g wireless connection. Bear in mind that this costs about £20,000 all-in for a school and allows a **single** class to access websites/local cached content/their network files.
It's a nightmare. It generates something like 50% of my support calls alone for the entire school. The laptops don't get connections. Little fingers turn off the wireless switches (fixed by stapling their fingers to... I mean removing the switches). Interference from nearby house's networks (kismet is fun when run against a small suburban school's neighbourhood) and things like 2.4GHz video senders. Interference from building structure. Interference from passers-by and visitors with anything running on the 2.4GHz frequencies. Just plain damn not wanting to get a connection. Bios updates, firmware updates, driver updates, all of which interfere with the ability to get a signal. Literally having to instruct the teachers to place the AP's HERE and HERE, tweak the aerial to point THIS way and have the kids clustered HERE or you won't get a connection. Regularly having one or two machines out of the 16 that just won't hold a connection at all. The other 14/15 machines will allow you to do stuff like simple web browsing but access a single small 300x200 MPEG4 video (even from cached content) and the wireless network starts to die, kicking off machines at random.
This isn't just one school - this is at least three seperated by several miles. And what can we do about it? Zip. We've had engineers in from every company involved and there's nothing that can be done. We spent two years with the hardware trying to get somewhere (incorporating free upgrades from our supplier, rigourous control over connection procedures etc.) and never managed to make it any better. Yes, we can spend £X,000 on the new wireless kit but there are no guarantees that it will work any better at all. We can update firmware to version X on the PC's or the AP's but nothing ever IMPROVES.
And the schools are pushing and pushing to introduce more and more kit like this... one trolley works on the whole, so let's just buy another to make up for the shortcomings. So you have another 16 clients over another 2 AP's which people want to all use in the same room. Ha. Yeah, right. We couldn't get 16 working on two AP's, let alone 32 fighting for the only 3 channels you can use simultaneously spread over 4 AP's all within about 10 metres of each other.
Yeah, on a good day you can literally stick a laptop at one end of the school, the trolley with it's AP's at the other end and get a near-full bandwidth connection (in fact, they use this arrangement regularly to do assemblies in the morning, streaming video from the local cached content). But the second you introduce more clients, it dies quickly. I've never actually witnessed all 16 working simultaneously (even for just login and websites, and the network is used for auth and for internet only, applications are local) and I'm their primary technician.
Minor local interference in a suburban area can kill the network stone dead, I'd hate to think about trying this in the middle of a busy city centre full of offices, internet cafes etc. I have heard of a school in the exact same area where th
An all wireless network for a 100+ person office may be buying a lot of trouble. For example, one user running a multicast app (think "ghost") means the whole network will become unavailable. One user with a 2.4Ghz phone or someone making popcorn in the corner kitchenette and you're going to have a lot of drop outs. One user with a PDA running B and your shared 22Mb/s (max) tput G network suddenly drops to 14Mb/s or less.
I'd definitely go with wired jacks with wireless available for convinience.
If you're dead set on this, though, you might actually be ok if you want to invest in a Meru network, though. One thing that's very nice about their product line is that their access points actually use CTS/RTS to control who's talking at once to guarantee bandwidth availability, so you might not be dead. But that's not a cheap solution. They are at this time unique in the wireless industry with this functionality. They're also the only vendor in the industry we've tested where having a B radio associated doesn't significantly drop tput (our testing showed that one B radio dropped G tput to about 20Mb/s).
We did something similar... the building we moved into in February had only old 10Mb and coax wiring. In CA, if you run new cable, you also have to pay to demo the old cable. We decided to skip the cost and go all wireless. Basically we built a server room and ran two cables to each of 20 locations. There's an access point at each location and a spare cable to add more. Additionally, each was run with power-over-ethernet to avoid the electrical needs in the ceiling (oh yeah, all our APs are mounted in ceiling tiles). I assumed one AP for each 10 users, though we have only one SSID, so whether you're at your desk and wandering the building with your laptop, your SSID never changes, only your AP does. We have a 60K sq ft, two story building and 20 APs are handling it just fine. All clients have either laptops with 802.11b/g or USB WiFi cards (we went USB so we could use the same device/part number for a laptop or desktop and avoid opening up the systems). Our APs all have MIMO (we tested the building with one regular and one MIMO AP before moving in an buying our APs and found the MIMO APs worked MUCH better). The awesome thing is to run NetStumbler on my OQO (which is 802.11b only) and walk around the building seeing it switch to the best AP and always have full strength. The one thing we learned, though, was to watch out for portable phones. We moved 8 over with us... all were in the 2.4Ghz range... they were quickly replaced with 900Mhz phones and we've been fine since then.
Don't be an idiot. Do it Right. Wire the place. CAT5e or CAT6. Wireless for the PHB's - only if they ask for it.
At my last employer, they remodeled the entire office, and decided to go with "wireless everywhere". This was about four years ago. They decided to use some nice 802.11a & b equipment, put in wireless cards in all the computers, and made sure all the laptops had wireless. This was to replace an *already set up* Cat5e wired network. I cautioned them not to do it (via my supervisor, and anyone else who would listen), that others had problems doing this, etc - that it might turn out to be a waste of money. Nobody listened, and they went ahead with it anyway.
It turned out to be a near disaster - computers would connect (sometimes), "roam" a lot, or try to connect (and sometimes succeed) to an AP that was across the office, but fail to see the one just outside the door. There were major speed issues, that would fluctuate during the day. It didn't work well at all. They (the IT dept) tried everything to get it to work right, but nothing they did would solve the problems that were happenning, in all but a few cases.
Fortunately, they left in the old Cat5e and didn't strip it out (not like any company ever does that leases office space), so after enough of us (mostly software devs) pestered them, they started giving us our wired links back. They continued to use the wireless links, but only in places that needed it (conference rooms), or where they couldn't get a wired solution in place (not many of those, fortunately). Not many people even had a need for roaming access, just a few in management and CEx positions, and even they didn't use it that much.
To this day, I don't understand why they didn't even consider what I was mentioning - they could have saved a big chunk of change (ie, around $100,000). Even after I mentioned what I had said earlier after the fact, they pretended I was making stuff up, that I never said any of it, or that it was their idea to change, and that what I had said earlier didn't matter. Oh, well, their money, their company, and if they wanted to try and run it into the ground, that was their business (truthfully, $100,00 wasn't going to break them in this experiment - but likely they lost much, much more in lost productivity and such from employees fighting with the network, but little of that was tracked and quantified).
Reason is the Path to God - Anon
This is completely silly. The fact that you would propose this idea for 100-200 workstations speaks volumes about your experience with these technologies. I think your employer should contract an IT firm to manage this aspect the office move.
I guess if you do go wireless you can save *some* money on servers because they sure won't have to work as hard if each client maxes out at about 1mb.
If you are outsourcing, the cable infastructure and termination for 200 stations should cost about $15-20K. Add $3,000-8,000 for 20 24 port switches (trendnet or netgear switches will be fine, 20 of them so that you have some spares), and another couple grand for patch panels and racks and a UPS.
Save yourself and your users from headaches and slowness... just put in the CAT5! If your employers want to have computers and networking be a part of their business, they will invest appropriately to prevent future reinvestment and downtime. Then again, maybe you don't have that much to do at your job and you need to justify your existance.
If you are willing to sacrifice on cable management, wall jacks and centralized placement of switches, this network could be rolled out for under $8K in a DIY manner. Forget all the runs back to the main rack and just put 24 port switches out in the bull pen and uplink each workgroup switch with gigE to a main switch.
Take the opportunity you have to run Cat6 to the whole floor. Then you can easily hook everything up to a Gigbit switch either now or in the future. Your users will love that. Otherwise they will curse you everytime the network flakes out, even it it's not your fault. You have a great opportunity to get ahead of the mainstream for networks and do it very cheaply -- take it.
Prefab fiber cables wont cost much more then cat6 does. The only cost point is the cards for the Computers and the switches. The advantages are these:
Optical so no EFI/RF interference
High Speed - Gigabit+
More Secure - Difficult to tap anywheres other then Switch/Router
In a brand new office I'd serious consider fibre as an option now due to the security benefits along with the speed possibilities. You also have the option of starting with speed caps in place (10/100 mbps) and upgrading in the future as the technology becomes available.
Wireless is a pain. There's so much that *can* go wrong. You have a slower network, higher probability of collisions, and problems with interference, snooping, etc. On a wired you have... decades of proven technology and never a need to worry about it. You also have lower cost, every machine these days has a network port and switches/routers are cheap. What's the benefit of going exclusively wireless for machines that don't move?
Don't ask "why not go wireless", try "why go wireless"? There's an obvious benefit if there are lots of PDAs and laptops wandering around, but if you have atleast one machine that doesn't move, I'd go through the effort of wiring it.
My high-school has wireless internet access throughout with over 900 users on it at any one time. They've never had in downtime in the two years they've been running it.
I've heard some horror story on Linksys switches lately, especially the PoE ones.
(something to do with involuntary cycling due to low quality components and improper grounding)
This space for rent. All reasonable inquiries will be entertained at proprietors discretion.