All networks work great, until people start using them. It\u2019s especially true for wireless networks where known and unknown variables \u2014 configuration, placement, and usage \u2014 affect how well people can communicate, and ultimately, how well virtual meetings can function. It\u2019s difficult enough to conduct effective meetings when Wi-Fi works well, and nearly impossible when it doesn\u2019t. This article reviews the best practices to help get the most out of your networks.<\/p>\n\n\n\n
IT admins know \u201cthe look\u201d when they\u2019re called into a meeting where connectivity has been spotty. People often don\u2019t judge tech teams based upon what goes right: only when they encounter problems. Being proactive and ensuring that the stage is set for a robust<\/em> network goes a long way to avoiding those awkward encounters and establishing confidence in you and your team.<\/p>\n\n\n\n Three Areas of Focus to Ensure Network Success:<\/p>\n\n\n\n These activities are not mutually exclusive and the best performing networks are well-managed ones. The following presents the fundamentals of how to quickly achieve success on each of these pillars.<\/p>\n\n\n\n There are several different deployment models for enterprise Wi-Fi networks: <\/p>\n\n\n\n These systems may be managed in-house or by your communication service provider (CSP) and can vary in coverage from small offices to entire corporate campuses. It\u2019s important to note that while these systems may be configured perfectly, they can still experience problems. So using the correct equipment and settings is your starting point. <\/p>\n\n\n\n For an example, let’s assume that you\u2019re using a consumer-grade router within a small office space. These are good enough for many small businesses and CSPs have vastly improved their offerings, so long as you\u2019ve traded up your equipment (you\u2019re paying for it anyway). Unfortunately, self-managed routers aren\u2019t \u201cset it and forget it\u201d: they always require active maintenance. <\/p>\n\n\n\n These are the basic settings to be aware of:<\/p>\n\n\n\n More advanced systems will utilize a WLC to centrally manage many access points through a single egress\/ingress. This makes it possible for users to roam around a corporate campus and (theoretically) not lose their connectivity through strategic placement of APs and directional antennas (where necessary). WLCs also support external authentication, which is discussed in more detail below. <\/p>\n\n\n\n Controllerless solutions are similar but require less IT overhead to install. They will designate an AP to be the \u201cmaster\u201d and \u201cmember\u201d APs will be managed through it over a web interface. The settings are also similar except controllerless solutions may have the capacity to \u201cself-heal\u201d when problems arise and sniff out sources of interference and bandwidth hogs.<\/p>\n\n\n\n Wi-Fi networks aren\u2019t infallible and are only as good as the hardwired infrastructure that they\u2019re built upon. Some of the common problems relate to: <\/p>\n\n\n\n Some of the causes\/solutions are obvious, but others are only clear to IT administrators who have extensive experience troubleshooting networks as they evolve or grow over time. In my previous organization, a small to medium-sized enterprise (SME), we experienced all sorts of network issues. In general, these issues are universal no matter the size of the business and could be unrelated to the Wi-Fi network. <\/p>\n\n\n\n Here are some example scenarios:<\/p>\n\n\n\n Other issues were less obvious and took some more sleuthing to uncover. For instance, our firewall was a bottleneck, because it had a limitation on how quickly it could process SSL traffic. I\u2019ve also encountered sites where the connection between the building and roadside was degraded. Upgrading to an expensive high bandwidth subscription isn\u2019t going to resolve these types of issues. Even the best designed network won\u2019t function well with bad infrastructure.<\/p>\n\n\n\n There was still more work to be done even after the network itself was deemed \u201csolid.\u201d As mentioned above, some applications are more network sensitive than others, and users can gobble up valuable bandwidth. There\u2019s still more diligence required to ensure a positive experience for your users and to secure access to your organization\u2019s assets.<\/p>\n\n\n\n A firewall can be your best friend by simply prioritizing certain types of traffic or apps (such as your web conferencing apps) and blocking others. Quality of Service (QoS) settings are recommended<\/a> by service providers. You only need a basic understanding of firewalls to accomplish this. Apps, such as torrent clients, can consume vast amounts of bandwidth and some firewalls specify which apps to block and even throttle traffic to video\/entertainment web properties. Some higher-end consumer-grade routers also have QoS settings that you can deploy.<\/p>\n\n\n\n However, that\u2019s not the end of it. The IT team before me would rotate passwords to discourage bandwidth hogs, but people are people and soon everyone knew the newest password. To solve this, one option is to use a WLC or controllerless device to \u201cwhitelist\u201d IPs by MAC address. This is a time-consuming process (a new phone means a revised \u201crule\u201d) that\u2019s not entirely secure. A RADIUS server combined with IPSEC and network segmentation (VLANs) are the best and most scalable approaches to conserve bandwidth for what matters most. These typically require additional server infrastructure and advanced firewall settings, but it\u2019s possible to deploy these capabilities with less time, expense, and effort by using JumpCloud.<\/p>\n\n\n\n Also note that some applications that use VoIP will drop calls or experience degraded service when you roam around a facility on Wi-Fi. It\u2019s never completely seamless. Meetings are best conducted in a designated space that also have LAN jacks available as a backup solution.<\/em><\/p>\n\n\n\n These steps may appear far afield from your video conferencing needs, but even the most ideal implementation of the settings above won\u2019t prevent rogue user\/device behavior. Rogue behavior can easily inundate networks during peak hours, leaving IT admins scratching their heads when managers are screaming, \u201cthe Wi-Fi still<\/em> doesn\u2019t work!\u201d. Getting it right from the onset preempts support tickets, but only if you have the appropriate resources.<\/p>\n\n\n\n JumpCloud\u2019s RADIUS service uses a combination of certificates and directory user management to ensure that only authorized users get access to your network. This article outlines<\/a> how that can be accomplished. This is important for reasons more than just bandwidth: it keeps unauthorized users (and devices such as the rogue router that my employee brought from home) out of your systems and makes on\/offboarding easier. <\/p>\n\n\n\n We also strongly recommend using a designated \u201cguest\u201d network for visitors. Many routers include this feature without requiring additional services. It also separates business traffic from nonessential, or potentially harmful, traffic. VLANs are an additional step to cordon off sensitive information from the remainder of your network traffic.<\/p>\n\n\n\n Your infrastructure may permit you to set up VLANs using a firewall: it\u2019s your preference and your budget<\/em>. However, not every SME can afford high-end network devices. That\u2019s where JumpCloud comes in by providing Wi-Fi VLAN Assignment<\/a>. VLANs place users into network segments that best meet their roles and needs, and can be used to separate expensive equipment and IT systems from other users. This is a significant security consideration, because not every resource should be accessed by everyone<\/em>. It also helps to reserve bandwidth for applications that need it most. You can also ensure that only compliant devices<\/a> can access your network through policies.<\/p>\n\n\n\n\n
Basic Device Management<\/h2>\n\n\n\n
\n
\n
Okay, But I\u2019m Still Having Trouble<\/h3>\n\n\n\n
\n
\n
\n
\n
\n
Optimizing Your Configuration for Meetings and Security<\/h2>\n\n\n\n
RADIUS Secures Access to Wi-Fi<\/h3>\n\n\n\n
VLANs Are Virtualized, Independent Networks<\/h3>\n\n\n\n
Try JumpCloud<\/h2>\n\n\n\n