Managed Security Service Providers (MSSPs) are used to getting calls for help from their customers. Whether it’s an issue of printers not being accessible, user logon problems, Office365 assistance, system backup and file recovery, there are some great tools to help MSSPs identify and resolve the customer issue in a timely and cost-effective manner. However, some of the most difficult calls to deal with are, “I can’t get onto the Wi-Fi” or “The Wi-Fi is slow” or worse, “I think we’ve been hacked.”
Why are these calls so difficult to deal with and diagnose to the root cause of the problem? For MSSP as with most businesses, time is money. Time spent diagnosing Wi-Fi issues costs the MSSP resources and the client time and money. It shouldn’t be so difficult. Wi-Fi is easy, right? At home, don’t I just have to plug in my router, add a password or two, and violá – a working network!
Unfortunately, as many have discovered in today’s COVID-19 work-from-home environment, Wi-Fi isn’t easy. Coverage is often poor. The Wi-Fi performance when the client device is near the router seems fine, but in the office at the back of the house, not so much. And even when working from the corporate offices, calls drop, throughput can be slow, and security? An afterthought.
So, the challenge for MSSPs and clients alike is that to solve most ongoing Wi-Fi-related issues often requires taking a step back first. What I mean by that is that to meet the very real needs of growing Wi-Fi demand, Wi-Fi networks need to be planned. The sad truth is that not only are few Wi-Fi networks planned correctly, once installed the performance is never verified. However, there is some good news: it’s never too late to correct the problem.
To get started, the following is a process that every Wi-Fi network design should start from:
1. Site Surveys
There are two aspects to site surveys that should be performed: predictive surveys and on-site surveys:
- Predictive Surveys: Predictive surveys occur up front - before a single access point is purchased, before cables are run, or even switches purchased. Their purpose is to estimate coverage and performance of the proposed Wi-Fi network. This is where helping the client understand what their Wi-Fi requirements really are is critical.
- On-Site Surveys: There are actually two types of on-site surveys – an on-site visit as part of the predictive survey process, and a validation site survey. The on-site visit is very important. While dimensional drawings provide a starting point for the design, the drawing is literally 2-dimensional. What’s needed is supplemental information (e.g. Does the actual build-out match the drawings? Are the building materials consistent throughout, or do they vary? Are there any unusual features not noted on the plans?). The validation site survey occurs after the network build-out has occurred. As the name implies, the validation site survey tests the performance of the network and certifies that the implementation meets the design objectives and criteria.
2. The Hardware Discussion
Just like there are specialized shoes for running versus hiking (ever tried to run a marathon in hiking boots?), so it is with Wi-Fi access points. I can’t tell you how often I have seen a Wi-Fi network with a single type of access point deployed. This generally leads to problems down the road. Why? Business and performance needs change. For example, the lunchroom today becomes the conference room tomorrow. DO you really need to spend the $$ today for conference room-level performance that may (or may not) be needed in the future?
3. The Security Discussion
Why is security not considered important till after the loss? Wi-Fi security is integral to overall network security. Which side of the firewall does the Wi-Fi provide access to after all? Planning for the type of security to be implemented means more than just the passwords that will be used. Most company networks, large and small, should be using WPA2-Enterprise for client authentication. Yes, that means the client will need to add a RADIUS server to their network (another MSSP chargeable service), but most integrate seamlessly with today’s directory services, meaning set-up and user maintenance are very straightforward. No more Wi-Fi passwords on sticky note – woohoo!
However, security is more than just password management. All wireless networks today are susceptible to attack from any of six Layer Two Wi-Fi threat categories. The way to prevent them is with a properly implemented wireless intrusion prevention system (WIPS). Do the research online to find the companies whose WIPS actually works against these threats. As an MSSP, there is no reason not to charge for these services as well. If you want a start for where to look for additional information on Wi-Fi security, check out www.TrustedWirelessEnvironment.com.
- A Troubleshooting-Optimized UI: Let’s face it, as I mentioned earlier, the quicker an MSSP can track down a Wi-Fi issue for a customer, the happier everyone involved in the process becomes. Most Wi-Fi products on the market today are targeted toward flexibility in letting you configure the network. Unfortunately, configuration isn’t troubleshooting. What MSSPs really need is a product that makes the cause of the issue apparent in the least amount of time and with the fewest keystrokes. Fortunately, there are already a couple products on the market that help immensely with that task.
There are more, but you get the idea. Troubleshooting is a challenge at any time, but the longer it takes, the more frustrating it becomes for both the MSSP and client alike. The ability to identify, isolate, and resolve issues remotely without a truck roll saves time and money.
As I mentioned at the outset, Wi-Fi design and operation aren’t simple or easy. However, MSSPs have an opportunity to clearly differentiate themselves by choosing the right products and the right tools for troubleshooting. Wi-Fi isn’t going anywhere. MSSPs that understand the complexities and the process of design and implementation stand to clearly improve their profiles and grow their businesses. WatchGuard’s expert Wi-Fi design team will help you using a predictive simulation that shows the approximate number of access points and install locations – all you need to do is have your Wi-Fi requirements handy.
Jim Steinbacher is Wi-Fi Technical Evangelist for WatchGuard Technologies. Read more WatchGuard guest blogs here.