If you were considering a wireless solution – what would you consider?

If you were considering a wireless solution – what would you consider?

— Chris McDonald (@chrismcd53) December 19, 2013

I can’t possibly answer that question in tweets, so I thought I’d scribble my response here.  Hopefully Chris will find it useful, and others may stumble across it too.

Firstly why do you need a wireless network? What is it’s aim? How will it enhance the learning experience?

If you are looking at class sets of laptops or a 1:1 tablet scheme you need to consider the density of your devices.  30 laptops logging in at the same time will cause any access point to struggle.  If you’re looking at BYOD (and who wouldn’t these days?) you need to look at 100% site coverage.  Lower density to start with perhaps, with expansion in mind. Some of my previous BYOD thoughts here.

Think about getting survey done by a decent company.  It may cost you, but gives you a clear understanding of what is needed.  Talk to them about your plans, so they understand the deployment.  If you don’t survey the school correctly, your scheme (and budget) need to be more flexible.

Think about your wired network.  Potentially, you are going to be adding a great deal of traffic. Can your back bone cope?  Have you got spare wires where they are needed? Do you need to look at access points that can also connect to a wired pc?  Have you got PoE, or will you need power installing in the cabinet or near the access point?

Is your network going to be safe?  Can you separate the wireless traffic & more importantly the BYOD traffic.  Are you able to set up access lists, vlans and different dhcp scopes to cope with this? How will you route the traffic once your network is segmented.  Could you firewall networks from each other?  How many networks (& VLANs) do you think you’ll need?

Will data be safe? How do you ensure devices which can leave site don’t carry sensitive information?  What services and information will be accessible to wireless users?

How do your current devices connect to the internet? Proxy servers cause real issues when adding unmanaged devices to a network.  How will you help your users to get connected?

Is your technical team onsite all week?  Have they time for the project? Do they have time to help users long term? Do they have access to a range of devices to test their network?

Will the wireless network authenticate users? Will it get the user ID’s from a system the school already run?

How will you log who owns each device, their use of internal services and the internet?  How will you ensure devices don’t get passed around once authenticated.

Can you track rogue devices, networks and access points.  What if a user logs onto a malicious copy network?

Do you need a/b/g/n? 2.4Ghz & 5Ghz? 802.11ac?  Will any of your devices use those frequencies /standards? Will they in the future?  What authentication methods can your devices handle – WEP, WPA, WPA2?

These are exactly the questions I asked myself and my school in 2010 when we fitted our campus wireless system.  At the same time we replaced our wired switches throughout the high school to cope with the increased traffic.  We currently run a 25 access point Ruckus system and have opened our network to sixth form BYOD.  We regularly have 150 staff and sixth form devices connected to our network in addition to the ~60 school owned devices.

Pupils authenticate using their active directory account, and get a unique password to their BYOD network (using the ruckus dynamic-PSK feature).  That password is locked to one device and expires after a month currently.  We monitor how many devices each student is authenticating.

Each BYOD SSID is in it’s own VLAN, with access lists applied.  The internet is filtered accordingly based on which SSID/VLAN/IP range the device is connected to.  All wireless controller and DHCP logs are kept in a syslog server so they can be cross referenced with our internet filtering/monitoring logs if required.  We launched the scheme orginally using our LEA’s proxy server – it wasn’t a great success.  Since moving to our own provision, without a proxy server take up has been much higher.

I have also lead projects on wireless networks in a number of primary schools.  Some using Ruckus, and others Ubiquiti Unifi.  Some using BYOD, and others school owned devices only.  Unifi doesn’t have all the features of Ruckus, but in conjunction with a radius server can prove to be a very cost effective solution.

I’ll come back and update this post when I remember things I almost definitely will have forgotten.