Slashdot Mirror
A WiFi-Only Office Network?
periol wonders: "I'm the sysadmin for a firm in mid-town Manhattan that is moving to a larger workspace six months from now. The new space is on one floor (100+ users to begin, 200 capacity) and is completely stripped. We've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. Does anyone have experience with this kind of setup? My calculations are that we would need one access point per 15 computers, but I don't know what kind of issues we'll run into along the way. Will we run into unexpected periods of network downtime with a wireless-only setup like this?"
"I'm a corporate snoop in mid-town Manhattan that wants to get trade secrets. The target company is moving to a newer and larger office. They've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. How long do you think it will take me to crack the WPA/EAP key, and how big of a thumb drive/media card do you think I'll need to store all that juicy information?"
The article you linked to says they needed one access point per 10 VoIP calls. I'm not sure how you think that 15 computers sharing an access point will be a good idea. Wiring a completely stripped office space is not that expensive. For 200 users you are probably talking in the $30-40,000 range. In exchange for putting in wires, you're going to get overall throughput that will make any wireless configuration you can come up with seem archaic in comparison. To top it off, if you go all wireless you're going to have an administrative nightmare dealing with the interference that exists now, much less the interference that will come when somebody finds the next killer app that uses the unregulated spectrum that you decided to bet your job on.
Nope, for workstations in the double digits, with no walls yet in your way, you'd be silly to try wireless for anything but phones. If you do decide to bet the farm on wireless, make sure it's in licensed spectrum that you have all to yourself.
All you people complaining about interference with microwave ovens need to get microwaves that don't suck. Leakage from a good microwave should be approximately nil.
Its dead on. Plus there is the matter of other vulnerabilities. Lets say its Firm X bidding on large contract (Engineering/advertising/Media/contract manufacturing) how much do you want to bet theres going to be surprising problems with the wifi as a deadline approaches. Its just too easy if a competitor finds out for them to take a cantena and cause packet storms on the network.
Sure, you can do it.
Should you do it? Probably not.
I'm guessing your users have some sort of expectation of security. By going wireless, you should treat every user as if they are working remotely. Every connection should be treated as if it was compromised.
If you are doing anything with security in mind, assume I'm sitting on the next floor down, packet sniffing everything. I'll eventually masquerade as one of your users, and I will get through whatever layers of security you think you have in place. As far as that goes, I may on the next floor up, or in the next building with a high gain antenna pointed at one of your AP's.
For a secure corporate network, wired is the only way to go.
For a home network, where it's your kids chatting with their friends about who's dating who at school, and you browsing porn sites at night, sure wireless fine. Who cares if someone breaks into your network there.
Spend the extra bucks. Hire someone to drop lines to all the desks, and hook everything up to a good switch. Double check their work to make sure there was nothing added to your network.
Serious? Seriousness is well above my pay grade.
Why would you want 54 meg SHARED, as opposed to 100 meg or gig with the wire??? Seems like a step back to the early 90's (10 meg hubs, baybee!)
As many others have mentioned the speed and security issues I think there are two things your not thinking of. First of all im not sure how your office is setup but most, if not all, of your machines already have an ethernet card in them. If you went WiFi you would have to buy an ethernet card for each machine which can get exspensive. The second thing is that if anyone in your office or any office around you is using anything on the 2.4ghz freq(such as a wireless phone) it can interfer with your WiFi network and cause disconnects. Its much more of a hassel to deal with WiFi and I would STRONGLY suggest to stay with ethernet.
I'm certain that your considering an all-WiFi network or a wired one as a possible cost saver. What the cost of supporting 100-200 simutaneous VPN connections with client licensing and VPN server hardware? How does this compare with implementing a wired network?
Your also never going to get the throughput that a wired connection can provide. Another thing to consider is the cost of going wireless will be wasted money just as soon as your company realizes that doing so was a big mistake. I'd bet that they would eventually come to this conclusion.
Just use wireless where it makes sense like conference rooms and common areas and then secure the hell out of it.
Later,
-Slashdot Junky
.
Landfill Mining Co.
Managing the (Un)natural Resources of Tomorrow
I was told by a local Cisco engineer that when Best Buy built their new HQ in a southern suburb of Minneapolis a few years ago they went wireless in a bunch of the areas to save on future recabling. They put them in high density and low power... so talk to your Cisco rep and ask them about that. If nothing else they can chat with the Minneapolis office about it...
Time is the quality of nature that keeps events from happening all at once. Lately it doesn't seem to be working. -Anon
You needn't expect any network outages above and beyond the standard switch, AP, and WLAN card failure rate.
The main consideration in your plan is the 802.11 host density. The 802.11 spectrum is divided into 14 partially-overlapping channels. Each channel in 802.11g provides a maximum of 54Mbps (this is theoretical- actual throughput is closer to 25-40Mbps on a good day). Even by configuring channel selection for an even distribution, you'd still end up with at least 7 hosts per channel. Because 13 of those 15 channels would be surrounded by channels with statistically-equal amounts of traffic, you can't guarantee more than 3.8MBps per host (perfect theoretical world), or closer to 1-2MBps in practice.
While 2MBps is fine for internet downloads, you'll experience a noticable delay accessing any sizeable files on network shares, or moving email attachments around.
Additionally, because of the overlapping nature of the 802.11 channels, and the leaving-much-to-be-desired spectral filters in most 802.11 stations, when any one user is transferring a large file and maxes out their channel x, expect all the users on channel x-1, x, and x+1 to experience sluggish performance. Given at least 7 hosts per channel, and at least 2-3 channels affected per burst, any burst large traffic will impact no fewer than 21 users on the network.
In short, yes, you could do it, but count on substantially poorer performance than a wired solution.
And as with all professional-grade wireless networks, accept absolutely nothing less than a strong per-host-authenticated VPN tunnel.
Good luck!
These days, while WiFi is a standard feature on most laptop, wired Ethernet is a standard feature on almost every computer. At least 100 Mbps, and even Gigabit is commonly integrated into the motherboard. So if you go wireless, you'll probably end up having to buy a lot of extra NICs for all the desktops, not to mention the installation hassle of replacing all those NICs if you decide to deploy 802.11n or something later.
In contrast, there's probably no need for more than 100 Mbps switched Ethernet in a typical office setting. It's also easier to deploy such an upgrade piecemeal if it does become necessary. Wireless solutions usually have backward compatibility modes for your legacy devices, but they tend to really drag down performance, too.
Another thing to consider is to not only consider interference with other networks, but within your own network. Since 802.11 is a CSMA-based protocol using a single shared medium, it really only works well for communication to/from the wired LAN. Communications between wireless nodes runs into the same problems unswitched Ethernet LANs run into with access contention, even if you blanket the floor with access points.
In particular, communications between two nodes using the same access point will usually be more than twice as fast in ad hoc mode than having the access point relay the packets. A smarter WiFi standard would be able to command stations to communicate directly, or use alternate channels for send/receive to avoid contention, but that's apparently not being considered.
There are two reasons I see for going entirely wireless:
1. The ooh factor
2. Ease of installation
Reason #1 is of course no reason to do anything in a business environment, although it is often tempting. Think about things realistically, don't get too fancy and regret it later. New wireless standards will come out, and you'll want to upgrade to them. Since there is a new wireless standard brewing right now, and there is not likely to be a new wired standard for some time (10GB is probably 3-5 years away from being affordable), it would be wiser to invest your money in a stationary target.
Reason #2 is also not a good reason for doing this. You have a totally empty floor, so everything needs to be run to the various cubicles or offices that are you going to erect. That means at least power, maybe phone lines, and who knows what else. It is very little extra effort to do the networking at the same time, even taking into account that the lines shouldn't run in the same conduit. As long as a computer has to plug into a power source, which they always will, they may as well plug into a network interface as well. Sure you could also put wireless in here and there, but using it exclusively just to save on the effort of cabling is a bad move. I predict that you'll wind up buying wireless bridges for lots of things (printers?)
You're in midtown Manhattan and you want to use wireless for your basic intra-office connectivity? You are nuts. The moment somebody walks by with a cordless phone or some other device sharing that spectrum (and it *will* happen) your network will have problems. Not to mention the security issues. Listen to everyone else here and do real wiring.
I install wireless networks professionally and I can pick out a handful of factors that will make or break your decision:
...in mid-town Manhattan ...100+ users to begin, 200 capacity... ...(probably running over VPN for security).... ...there is a web application hosted off site.
:D
1.
2. The new space is on one floor...
3.
4.
5.
Issue 1: RF Interference
Addressing item #1, how much square footage do you anticipate these 100+ people using? According to item #2, you intend to accomplish this on one floor, and given that you are in mid-town Manhattan, I imagine a small office footprint.
At first blush, this sounds like a recipe for disaster--at least as far as I understand what you are doing. First of all, just being able to service X number of wireless users per access points is not enough. You have to consider how the RF field being put out by each AP will overlap others. In the US there are 11 channels for 802.11b/g and only 3 do not overlap (at least enough for it to matter practically); too much inter-accesspoint overlap will cause a sever drop in throughput--APs will be fighting each other's RF output. You may find yourself at the very least having to dial back each AP's power output significantly just to get clients to associate reliably. Also bear in mind that given you will be on a single floor, your RF output will extend three dimensionally to upper and lower floors if you are using directional antennas. This is not just an issue for your neighbors, but also with multipath distortion.
Issue 2: Latency
You mention that your network will "probably running over VPN for security" which will add to the already high latency of a wireless network. The overhead involved in setting up a connection on a wireless network and transmitting in a timely manner is exhorbitant by comparison to Ethernet. Add to that an even higher overhead for a VPN (even hardware accelerated) and you've got a recipe for disaster on all but the most tolerant user base. Item #5--your off-site web app--is likely to cause serious headache.
Latency will be a major factor if you intend on doing any amount of VoIP or video conferencing, and this traffic will require traffic shaping too.
Issue 3: Throughput
The reality is that we are still in a "Pre N" world. The very maximum you can squeeze out of your 802.11g network is around 22Mbps overall. And here's another fact that a lot of admins don't know: as soon as you associate 1--just 1--802.11b client to that g network, your total maximum throughput drops immediately to 8Mbps. Compare this to Gigabit Ethernet in performance vs. cost.
My suggestion is to design a wireless network that will properly cover the office space, but cable Ethernet drops for key locations such as stationary offices and conference areas that are likely to see a lot of consistent use. Users should be able to roam about the office, but have a drop at their disposal if their application demands it. Your users will be happier, you will be happier, and you won't run the risk of cooking your staff with all those microwaves.
"If any part Linux was stolen, then Windows was the biggest heist in history."
So you need to look at a VoIP PBX / phone setup with a built in switch - think a 3Com NBX plus 3000 series phones. Then you would attach the local workstation to the phone. Wifi isn't going to work for everyone, but until then, use the PBX as the reason to run Cat5 for something. Any phone location then becomes a phone + network location. PoE switches from Linksys are the best bang per buck, but keep in mind the power load on the switches isn't expandible like more expensive switches. Wifi will cover lots of people, but in the end the wired workstations will be the least troubled.
A lot of people have correctly claimed that using wireless networking permanently for all employees is a bad idea, and they're right.
Wireless does have its place, though. You can set up a wireless network very quickly. That can be important if you need to start moving people to the new location before the contractors have finished wiring. It's also good for meeting areas where people will be bringing laptops. That is, it's good for -temporary- network connectivity. So, even if you (correctly) walk away thinking that a completely wireless office is a bad idea, don't leave wireless out of the plans completely.
Forward, retransmit, or republish anything I say here. Just don't misquote me.
Wireless phones have been a step forward only in convenience. The quality of the service they provide is a huge step backward. Back in olden days, there was a huge marketing campaign credibly focused on the promise that you could even hear a pin drop at the other end of the (fiber) line. Today one of the biggest telecom campaigns is built around a guy repeatedly asking if the person on the other end of a wireless connection can hear him at all. I carry a wireless phone out of professional necessity, but when I actually want to carry on a conversation, I wait until I can do it on a landline.
http://alternatives.rzero.com/