Slashdot Mirror
A WiFi-Only Office Network?
periol wonders: "I'm the sysadmin for a firm in mid-town Manhattan that is moving to a larger workspace six months from now. The new space is on one floor (100+ users to begin, 200 capacity) and is completely stripped. We've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. Does anyone have experience with this kind of setup? My calculations are that we would need one access point per 15 computers, but I don't know what kind of issues we'll run into along the way. Will we run into unexpected periods of network downtime with a wireless-only setup like this?"
"I'm a corporate snoop in mid-town Manhattan that wants to get trade secrets. The target company is moving to a newer and larger office. They've been playing around with the idea of completely wireless office, with no ethernet except to the access points (probably running over VPN for security). Email and files are all accessed locally over the network, and there is a web application hosted off site. How long do you think it will take me to crack the WPA/EAP key, and how big of a thumb drive/media card do you think I'll need to store all that juicy information?"
Wait... if your corporate office is anything like ours, take note: WIRELESS LAGS FOR GAMES.
Funnypics
The article you linked to says they needed one access point per 10 VoIP calls. I'm not sure how you think that 15 computers sharing an access point will be a good idea. Wiring a completely stripped office space is not that expensive. For 200 users you are probably talking in the $30-40,000 range. In exchange for putting in wires, you're going to get overall throughput that will make any wireless configuration you can come up with seem archaic in comparison. To top it off, if you go all wireless you're going to have an administrative nightmare dealing with the interference that exists now, much less the interference that will come when somebody finds the next killer app that uses the unregulated spectrum that you decided to bet your job on.
Nope, for workstations in the double digits, with no walls yet in your way, you'd be silly to try wireless for anything but phones. If you do decide to bet the farm on wireless, make sure it's in licensed spectrum that you have all to yourself.
Its dead on. Plus there is the matter of other vulnerabilities. Lets say its Firm X bidding on large contract (Engineering/advertising/Media/contract manufacturing) how much do you want to bet theres going to be surprising problems with the wifi as a deadline approaches. Its just too easy if a competitor finds out for them to take a cantena and cause packet storms on the network.
Sure, you can do it.
Should you do it? Probably not.
I'm guessing your users have some sort of expectation of security. By going wireless, you should treat every user as if they are working remotely. Every connection should be treated as if it was compromised.
If you are doing anything with security in mind, assume I'm sitting on the next floor down, packet sniffing everything. I'll eventually masquerade as one of your users, and I will get through whatever layers of security you think you have in place. As far as that goes, I may on the next floor up, or in the next building with a high gain antenna pointed at one of your AP's.
For a secure corporate network, wired is the only way to go.
For a home network, where it's your kids chatting with their friends about who's dating who at school, and you browsing porn sites at night, sure wireless fine. Who cares if someone breaks into your network there.
Spend the extra bucks. Hire someone to drop lines to all the desks, and hook everything up to a good switch. Double check their work to make sure there was nothing added to your network.
Serious? Seriousness is well above my pay grade.
Tv's first started wireless and are now wired.
Telephones started out wired and are now wireless.
Wireless networking is a step backwards from a switched hardware fabric. Productivity will be much faster when a file, such as a large presentation, can be trasmitted and delivered in gigabits a second, instead of potentially single digit megabits.
http://tf2.digitaljedi.com
As many others have mentioned the speed and security issues I think there are two things your not thinking of. First of all im not sure how your office is setup but most, if not all, of your machines already have an ethernet card in them. If you went WiFi you would have to buy an ethernet card for each machine which can get exspensive. The second thing is that if anyone in your office or any office around you is using anything on the 2.4ghz freq(such as a wireless phone) it can interfer with your WiFi network and cause disconnects. Its much more of a hassel to deal with WiFi and I would STRONGLY suggest to stay with ethernet.
Wireless performance is shit. Here's the problem: Sure, 802.11g gives you a theoretical peak 54 mbps. However, not only do you never get more than 50% of it, that bandwidth is shared among every user on the network and is half-duplex. It's like having everyone on a single hubbed network - once a buch of users all start communicating at once, you get collisions, and performance drops. 1 user on wireless is fine. 5 or 10 is questionable. 50 will be like molasses.
You needn't expect any network outages above and beyond the standard switch, AP, and WLAN card failure rate.
The main consideration in your plan is the 802.11 host density. The 802.11 spectrum is divided into 14 partially-overlapping channels. Each channel in 802.11g provides a maximum of 54Mbps (this is theoretical- actual throughput is closer to 25-40Mbps on a good day). Even by configuring channel selection for an even distribution, you'd still end up with at least 7 hosts per channel. Because 13 of those 15 channels would be surrounded by channels with statistically-equal amounts of traffic, you can't guarantee more than 3.8MBps per host (perfect theoretical world), or closer to 1-2MBps in practice.
While 2MBps is fine for internet downloads, you'll experience a noticable delay accessing any sizeable files on network shares, or moving email attachments around.
Additionally, because of the overlapping nature of the 802.11 channels, and the leaving-much-to-be-desired spectral filters in most 802.11 stations, when any one user is transferring a large file and maxes out their channel x, expect all the users on channel x-1, x, and x+1 to experience sluggish performance. Given at least 7 hosts per channel, and at least 2-3 channels affected per burst, any burst large traffic will impact no fewer than 21 users on the network.
In short, yes, you could do it, but count on substantially poorer performance than a wired solution.
And as with all professional-grade wireless networks, accept absolutely nothing less than a strong per-host-authenticated VPN tunnel.
Good luck!
You can't just add access points to increase capacity... the limitation is the radio frequency space available. Remember there is only room for 3 wifi channels (1, 6, 11) in the 2.4GHz spectrum. Add a forth into the same space, and you're just stepping on the others and causing interference. Of course I'm assuming 802.11b/g here, as 802.11a has 20 distinct channels.
The other issue that people have mentioned is outside interference. Microwave ovens can be a real bummer. So can the little cordless 2.4GHz headsets executives seem to like. And you better hope nobody sets up a 2.4Ghz video sender for their security system in the vicinity. Or a nearby cell tower, or radio station. You could be working perfectly for a year, and then suddenly have your network permanently broken by something completely outside your control or ability to change.
There's a reason you don't hear of many people doing this.
-R
We have several offices.
We put in 100% wireless at one when we moved. Saved us a bundle of time, but there were dead spots all over the place. Lots of people had laptops and moved around with them - some offices had good connectivity, some didn't. In hindsight, we didn't have enough access points to provide good coverage. We eventually switched to wired due to user frustration.
In the next office we learnt. Fewer people have laptops and move around. Everyone fixed is wired. Laptops have the option and using IBM's s/w on the thinkpads, they seamlessly switch when you unplug to move (in fact, some choose to stay wireless all the time). We carefully chose the locations of the APs by testing. Throughput is down but not noticeably so.
What to learn:
Think of access points in terms of distance between them and coverage as well as number of people connecting. And figure this out by testing, not by reading manuals. Walk the floor with a laptop and test every office, nook and cranny - there are lots of unexpected dead spots.
Security is not a problem - WPA is a piece of cake to set up and (as yet) unbroken.
So it can work.
There are two reasons I see for going entirely wireless:
1. The ooh factor
2. Ease of installation
Reason #1 is of course no reason to do anything in a business environment, although it is often tempting. Think about things realistically, don't get too fancy and regret it later. New wireless standards will come out, and you'll want to upgrade to them. Since there is a new wireless standard brewing right now, and there is not likely to be a new wired standard for some time (10GB is probably 3-5 years away from being affordable), it would be wiser to invest your money in a stationary target.
Reason #2 is also not a good reason for doing this. You have a totally empty floor, so everything needs to be run to the various cubicles or offices that are you going to erect. That means at least power, maybe phone lines, and who knows what else. It is very little extra effort to do the networking at the same time, even taking into account that the lines shouldn't run in the same conduit. As long as a computer has to plug into a power source, which they always will, they may as well plug into a network interface as well. Sure you could also put wireless in here and there, but using it exclusively just to save on the effort of cabling is a bad move. I predict that you'll wind up buying wireless bridges for lots of things (printers?)
I install wireless networks professionally and I can pick out a handful of factors that will make or break your decision:
...in mid-town Manhattan ...100+ users to begin, 200 capacity... ...(probably running over VPN for security).... ...there is a web application hosted off site.
:D
1.
2. The new space is on one floor...
3.
4.
5.
Issue 1: RF Interference
Addressing item #1, how much square footage do you anticipate these 100+ people using? According to item #2, you intend to accomplish this on one floor, and given that you are in mid-town Manhattan, I imagine a small office footprint.
At first blush, this sounds like a recipe for disaster--at least as far as I understand what you are doing. First of all, just being able to service X number of wireless users per access points is not enough. You have to consider how the RF field being put out by each AP will overlap others. In the US there are 11 channels for 802.11b/g and only 3 do not overlap (at least enough for it to matter practically); too much inter-accesspoint overlap will cause a sever drop in throughput--APs will be fighting each other's RF output. You may find yourself at the very least having to dial back each AP's power output significantly just to get clients to associate reliably. Also bear in mind that given you will be on a single floor, your RF output will extend three dimensionally to upper and lower floors if you are using directional antennas. This is not just an issue for your neighbors, but also with multipath distortion.
Issue 2: Latency
You mention that your network will "probably running over VPN for security" which will add to the already high latency of a wireless network. The overhead involved in setting up a connection on a wireless network and transmitting in a timely manner is exhorbitant by comparison to Ethernet. Add to that an even higher overhead for a VPN (even hardware accelerated) and you've got a recipe for disaster on all but the most tolerant user base. Item #5--your off-site web app--is likely to cause serious headache.
Latency will be a major factor if you intend on doing any amount of VoIP or video conferencing, and this traffic will require traffic shaping too.
Issue 3: Throughput
The reality is that we are still in a "Pre N" world. The very maximum you can squeeze out of your 802.11g network is around 22Mbps overall. And here's another fact that a lot of admins don't know: as soon as you associate 1--just 1--802.11b client to that g network, your total maximum throughput drops immediately to 8Mbps. Compare this to Gigabit Ethernet in performance vs. cost.
My suggestion is to design a wireless network that will properly cover the office space, but cable Ethernet drops for key locations such as stationary offices and conference areas that are likely to see a lot of consistent use. Users should be able to roam about the office, but have a drop at their disposal if their application demands it. Your users will be happier, you will be happier, and you won't run the risk of cooking your staff with all those microwaves.
"If any part Linux was stolen, then Windows was the biggest heist in history."