Aerohive and AirTight Announce IoT “Firsts”

There aren’t too many opportunities in life to claim “we’re the first to _____!”  There’s a bit of a glow that comes with being first to market, even if the first whatever isn’t really monumental or exactly disruptive.  In the last couple of weeks, both Aerohive and Airtight (cloud-managed WLAN vendors for those of you late to the party) made a “We’re first!” announcement, each with Internet of Things (IOT) implications. Let’s take a look at both.

Aerohive- First Integration of WLAN and iBeacons

Here’s the official news from Aerohive. The nuts of it is that Aerohive and beacon-maker Radius Networks are pals, and Aerohive APs can directly host ibeacons via USB port on the access point. The notion of ibeacons (and altbeacons) is really just getting started, so this could become big and will likely ripple out far beyond it’s infancy in retail spaces. Though the companies are partners on the initiative, there’s really no changes per se to Hive Mananager that goes with having RadBeacons attached to APs.

Here’s my own coverage of the story at Network Computing. If you’d like to further the iBeacon discussion, please post comments over there.

Then there’s this:

AirTight- First Access Point with ‘IoT-ready’ WiPS

I’ll admit to being underwhelmed when I saw the press for Airtight’s new C-65 access point. Sure, any new 11ac AP is worth noting, but the up-play of it’s “IoT readiness” seemed to be a stretch. So, I asked- what makes this one so special versus the competition?

Here’s what AirTight says about the C-65 in their own words:

Two key things in IoT readiness for WIPS are system scalability andoperation scalability because of increasing device volume and diversity and growing attack variants.

1.     System scalability
o    AirTight increased the ability to monitor active wireless devices from 500 to 2000 per AP/sensor
o    On the cloud side, we increased the ability to scale to hundreds of thousands of devices being monitored across multiple geographies and customers
Scalability bottleneck in IoT will be coming from neighborhood devices that you need to track for threat detection, compliance reporting, etc, rather than your own APs that you manage in the cloud.
AirTight’s tests and customer POCs have shown that because the competition does not have this scalability today, device history is not maintained long enough; alerts are quickly purged to maintain scalability; reporting and forensics are thin; and threat detection is slow.
This happens today; what will happen tomorrow with hundreds of IoT devices in your wireless neighborhood?
2.     Operation scalability
o    The detection is behavioral based rather than signature-, rules or MAC heuristics- based
o    “Zero day protection”: no learning or adding of signatures is required
o    Minimal human intervention required
o    False alarm free
o    Reliable automated prevention without neighbor disruption
Our detection algorithm has matured over the years because of our focus on WIPS and is able to handle nuanced protocol implementations. So AirTightWIPS is better suited to handle device diversity. Other vendors are mostly doing MAC heuristics to detect rogues and have not invested in detecting all variants of threats and attacks.
Again, we have seen the impact of this in POCs and internal tests. We have seen competition raising false alarms (false positives and false negatives), along with creating large number of alerts for the administrator to sort through. Some products even discourage users from turning on automated prevention via product messages and technical documentation.
And there you have it.  Neither of these announcements is mind-blowing yet at the same time they serve as examples of where WLAN vendors’ heads are regarding IoT at this stage.
In case it isn’t obvious, we’re likely to hear a lot more about how the Internet of Things will shape wireless solutions, and how vendors think we should be preparing for the IoT onslaught. It’s gonna continue to come at us in little chunks as the seeds of IoT take root, so keep your eyes open or you’re going miss something.

The Importance of the GGOOE In Cloud-Managed Networking

If you already do cloud managed Wi-Fi or WAN/LAN, you know the value of the GGOOE. If you’re thinking about making the jump to the likes of Aerohive or Meraki for far-off sites, you better make sure you line up a GGOOE, I’ve pulled off some pretty slick networking projects hundreds of miles away and across oceans, but just as much credit goes to the GGOOE.

What’s a GGOOE, you ask? It’s the incredibly valuable Good Guy On Other End, unless it happens to be the Good Gal On Other End. 

The GGOOE is indispensable for cloud network projects, and I salute them. For me, the GGOOEs in my world are named Marco, Kevin, the other Kevin, Fabio, and Patti. They are the right eyes, hands, and minds on the other side of a cloud-managed network that make what I designed stay healthy, or in some cases, to get implemented at all.

Here’s a few real-world examples of the importance of the GGOOE factor:

  • Bringin’ it to Jolly Old. A few years back, I took a leap of faith and did a little project in London. The results have stood the test of time, and our first brush with cloud-managed networking was a smashing success. When I went over, I didn’t know the site or any of the people, but a GGOOE named Marco happened to be there. During installation, he was my right hand man. Three-plus years later, he’s the on-premise resource that shares network administrative duties and guides the day-to-day operations, responding to power issues, the rare user problem, and making sure that the network continues to serve the operational need. 
  • Rocky Mountain High. Well, this has nothing to do with the Rocky Mountains (my clever bullet point hooked you though, didn’t it?), but it is in New York’s Adirondacks. Having gotten comfortable with the benefits of cloud networking, I headed a small team that made a beautiful place a little nicer with a network environment that shines, and that can be managed from the same dashboard I use for London. The GGOOE here? A dude named Kevin (and when he’s not around, alternate GGOOE Amber). Being out in God’s Country, the site is subject to wonky power and DSL service. Kevin and Amber never hesitate when asked to reset a DSL modem, check the power status in a building, or whatever. The GGOOE keeps it going, baby.
  • Parli nuvola, bambino? In the most brash exploitation of the GGOOE factor to date, I just popped up a 5-building LAN and WLAN topology in Italy that is currently serving hundreds of clients a day.

Or did I? 

I certainly conceived the design and selected the product set, but this cloud-managed network came to life 4,000 miles away without me ever getting on an airplane. Yeah- you guessed it: there was GGOOE action on the far end. Kevin and Fabio formed the two-man GGOOE team that made my diagrams and cloud-configs come to life at the physical layer, and will provide ongoing GGOOE service as needed. Life is friggin’ sweet, thanks to GGOOEs.

The examples go on on and on. Like with GGOOE Patti in NYC who has far bigger fish to fry in her role as an Executive Director. But when we Upstate need help with our environment Downstate, it’s Patti that we go to and Patti who helps- every time. 

Make Good Choices 

Here’s what’s really cool about the GGOOEs in my world: none of them are really network people. Some of them aren’t even IT people. But they’re smart, team-oriented, and get the value of being a clear mind and directable hands where needed.

That being said, I have an obligation to make choices that enable the success of my Good Guys On Other End. If I put together a crappy solution and leave them holding the bag, I end up with F(rustrated)GOOEs.

And that’s not good for them, me, or the clients that we all support.

What about you- do you have a GGOOE that you rely on?

Fluke Networks’ AirCheck- A Growing Family

People don’t take to change easily, especially when it comes to things they love. Wi-Fi support folks are no exception, so it’s not surprising that some Fluke Networks customers are a bit uneasy with the latest versions of AirCheck. A product line that started with a wildly popular hand-held dedicated tester has grown to also include a Windows version and, most recently, an Android app. I’ve personally heard protests over the direction AirCheck is headed by those who would rather see the evolution of the tester restricted to newer versions of the stand-alone, but I personally think that Fluke Networks has got it *mostly* right after using all versions.

I reviewed the original AirCheck for Network Computing back in 2010, and then found fault with what I considered risky marketing as AirCheck was touted as a law enforcement tool of sorts, in 2011. The AirCheck is and has been a big story, and Fluke Networks did well with it through the years.

Fast forward to earlier 2014, and here’s my Network Computing write-up on AirCheck for Windows. Again, not everyone was diggin’ it, but I’ll come back to that. Now, as I write this, I’m having a great time kicking the tires on AirCheck’s Android version. Before I spill the beans on my findings, let me also point you to a piece I just did on the evolution of established networking tools making the jump to the mobile form factor. It’s bound to happen, but there are considerations to be aware of for sure.

So what about AirCheck for Android?

I’ve been spending a fair amount of time of late pondering how to quantify the wireless end-user experience, and lofty topics like “service assurance”. These are both giant topics in their own right, but all AirCheck versions have a place in these conversations. Where the AirCheck for Android shines is by bringing the basic testing that makes AirCheck what it is to Android smartphones and tablets. These functions include:

  • Site surveying
  • Device discovery
  • A battery of tests measuring key network services like:
    • Basic WLAN connectivity
    • DNS
    • Latency
    • HTTP download
    • Video, audio, and browsing performance measurement
    • Youtube

The app simply shines in it’s UI and use of the limited screen size of the tablet I’m playing with. I’m not so sure I’d feel as excited about the tool on a smallish Android phone, but I really like the performance and usability on a 7-inch tablet. This would not be my primary or only tool for WLAN support duties, but AirCheck for Android would certainly get frequent use. As a go-to “quick check” app that you can trust even lesser-skilled staff to get right, the app has it’s place.

Where the stand-alone AirCheck equates to a piece of test equipment (as in all AirChecks running same code should behave pretty similar), the Android version (and Windows version as well) is at the mercy of the device it runs on. THIS is what doesn’t sit well with AirCheck purists, but to me it brings the advantage of truly measuring what a major device type (like the Samsung S3 tablet I’m testing with) will act like on a given Wi-Fi network in a given spot. Get a few AirCheck for Android on a number of different device types, and you get a good sense of how real devices perform versus the “control set” of the AirCheck tester. They both have their place, to me.

Where my appreciation for software versions of AirCheck pales is when it comes to cost. I do agree with the traditional AirCheck die-hards that say the Windows and Android versions should be much, much less expensive than any hardware-based version. If Fluke Networks can find the right price to cover their development costs yet appeal to those who expect to pay far less when there is no hardware involved,  then an excellent tool will find wider acceptance.  That would be good news for those who support Wi-Fi networks and the clients who benefit from their efforts.

Aircheck1 Aircheck2 Aircheck3 AirCheck4

Avaya Wireless is all about SDN


Sam Clements’ take on Avaya’s recent SDN presentation at Wireless Field Day 7.

Originally posted on SC-WiFi:

After hearing about Avaya’s wireless portfolio recently, I kept coming back around to a common thread that seemed so entrenched in the core of their solution – SDN. Admittedly I’m not a Data Center or Applications kind of guy, but Avaya has an interesting take on positioning their wireless portfolio. Instead of focusing heavily on a unique set of hardware specific features in their Access Points, they focus on a ‘module enabled’ Software Defined Network strategy. Paul Unbehagen, Chief Architect at Avaya accurately describes SDN as meaning something different to everyone.
Avaya talks SDN at WFD7

At its core, regardless of vendor or implementation, SDN is meant to ease network administration and orchestration by way of software (the S in SDN). Avaya enables this by way of software running on their hardware to create Fabric Attach (FA) Elements. These elements use FA Signaling as a way of communicating amongst…

View original 361 more words

Liking One Social Wi-Fi Case Study- and Disliking Another

Depending on what niche in the WLAN space you call home, you may be very interested in goings on with “Social Wi-Fi” these days. And depending on your humor, you might really dig Social Wi-Fi, you might detest it, or you may come down somewhere in the middle. I’ll state straightaway where I stand on Social Wi-Fi: I mostly find it intrusive, lacking in full disclosure, and problematic in a number of ways. It plays fast and loose with the definition of “free”, can be downright creepy while sporting a “wow, that’s cool!” facade, and yet I don’t totally hate it.

For those who still don’t know what Social Wi-Fi is, the basic premise goes a little something like this: I offer you Wi-Fi at my business. You login through a web page with something like your Facebook or Twitter account, and through the magic of services like Oauth, you proceed to using my WLAN while in the background a thousand evil elves start eating your soul as they grind it into Big Data Elf Chow, or something thereabouts. Of course the cover story is different, and Social Wi-FI is touted as a way to better engage customers and promote loyalty.

On the plus side, I recently had the privilege of spending a couple of hours with AirTight Networks, at Wireless Field Day 7. This was my third visit at AirTight, and it’s nice to see that they are still alive and viable in a tough market, given that they were a late-comer to the WLAN access game (having made the jump from WIPS-only). Much of AirTight’s strategy seems to hinge on delivering Wi-FI access, PCI complaince, and Social Wi-Fi to small businesses (or large businesses distributed over many small sites). I did hear one case study that brought me a bit of comfort in my distrust of Social Wi-Fi (and it’s not about MY personal data, it’s about the way the whole thing is packaged, presented, and sold in ways that I don’t like as an analyst and viewer of the world), and another that gave me the heebie-friggin’-jeebies, despite the excellent delivery by perhaps the nicest guy on the planet.

Noodles, Anyone?

The Noodles & Company case study presented at AirTight was informative, and the Noodles rep obviously was happy with the level of customer engagement that using Social Wi-Fi was providing the company. For example, after opting in customers are presented the opportunity to enroll in the Noodles’ ECLub, and sufficient numbers of them do to deem it good ROI. Customers get wireless access (I cannot perpetuate the myth that it’s “free” in this example) and various offers and interactions with the company if they opt in, and Noodles gets a wealth of data on aggregate customer trends as well as information on individual customers’ habits and preferences (no mention of whether this data is ever sold, or whether customers can egress the program once they’ve opted in- and if their data is deleted once they leave).

What I liked best in this case is that those customers who opt out of the Social Wi-Fi thing are still free to use the Noodles Wi-Fi network, and with no performance penalty in the form of rate limiting.

I Love Drew Lentz, But Not Buyin’ What He Was Sellin’

Drew (of Frontera Consulting, Twitter handle @wirelessnerd) is an amazing, passionate speaker and you can tell that he loves what he does and really believes in it. He’s a techie with a big world view, and I consider him a kindred spirit in that way. At the same time, I got a bit creeped out by Drew’s presentation. Retail analytics and monetizing the customer is one thing, but there are a number of slippery slopes in this neck of the woods, says I. In Drew’s narrative, the same sort of retail analytics used in the Noodles model to tell what’s selling and when along with how long I’m staying on site to spend money are coupled with my “likes” and information on my friends, etc. from my social media accounts. By the time it’s done, the establishment “knows” what beer and music I like, knows who I hang out with and what they like, and has created it’s idea of who I am, to a certain degree.

Stop: hammer time.  Again- no mention made of:

  • If I opt in, can I opt out? (The example here is a bar- what if I’m crocked when I opt in?)
  • If I opt out, can I ask that anything to do with me personally be deleted?
  • Can I expect that anything to do with me that was sold to others in exchange for “free” Wi-Fi be deleted from those other data stores as well?
  • If it becomes common knowledge that my personal life preferences are manifesting through the establishment’s environmental reaction to my presence, how might a stalker or identify thief leverage that simply based on what they observe, even if they don’t know my name?
  • What if “the algorithm” somehow gets it wrong, and turns me into someone I’m not based on what it reads in my profiles and shares that with the outside world through interactions with me at the establishment?
  • What if the algorithm gets it wrong, and sells my flawed persona to other companies who now think I’m someone I’m not?

Granted, we only had limited time at AirTight, and maybe Drew could have answered all of these concerns to my liking (but I’m guessing not). And I’ll freely admit that at least a couple of my fellow delegates thought that Drew’s magic was pretty slick and saw value in it.

For me, there’s always more to the story than meets the eye. 10 years in the military, more years in IT security, and a lot of investigative work and interactions with Law Enforcement make me jaded on Social Wi-FI as it tends to be presented. I’ve yet to hear how users and their data are protected (opt-in shouldn’t equal “have your way with me”), how far my data is going to get sold off, what new middle-men now have access to information about users (anyone and everyone can be an MSP these days- does this new tier of unvetted data shepherds now “own” pots of data they can sell off, or drill into without legitimate reason?).

Please spare me the “but we already put lots of information on Facebook!” copout- this situation is incredibly nuanced, and that’s the first thing that has to be realized.


Sure, I’m skeptical- and I stand by that. But make up your own mind- here’s the AirTight presentations.


The Wireless Tools They Are a-Changin’

To those of us who support WLAN environments, the only constant is change. I’ve been getting both an eye and earful of those changes over the last week. As we all get comfortable with packet capture in 11ac Wave 1 (but start readying ourselves for Wave 2), we have some truths to face about the impact of more streams on what we’re used to doing for Wi-Fi analysis.

And… as we get used to to using mobile devices for more networky-style tasks, it’s reasonable to want to take some of our preferred support tools in that direction. Alas, mobile devices will be practically limited to spectrum views and some degree of measuring the client experience, but don’t have much chance of doing much for us in the packet analysis realm.

End of the road for portable WLAN packet capture?

I had the pleasure of sitting in on Wireless Field Day 7 sessions at both Wild Packets and Fluke Networks this week, and the talk about 11ac packet capture was hot at both vendors. Both vendors talked about the importance of capturing 3×3 wireless traffic and their abilities to do so, but the difficulties can’t be glossed over. In fact, at Wild Packets, it was mentioned that “we’re getting close to the end of what we’ll be able to do with portable wireless packet capture off of laptops” because of adapter limitations and processing horsepower needed for complex multi-stream, multi-channel wireless environments. We were reminded by Wild Packets that capturing from APs has advantages, and APs can function as a big-honkin’ adapter in their own right when you need them to.

At Fluke Networks, new capabilities for 3×3 packet capture by Air Magnet was announced, along with a curious new adapter to facilitate the process.



The express-card form factor of the AM C1097 was greeted with surprise (and a little skepticism) by Field Day delegates, but we also heard good news in that it is built on the same Broadcom 43460 3×3 adapter that is native to the latest Macbook Pro laptops. It was also made clear that “you gotta start somewhere” and since there are no USB 3×3 adapters yet, Fluke Networks did what they have to do in getting started with 3×3 support. Good stuff all around as 11ac gets more traction at a faster rate than was predicted before the standard was ratified.

Taking the Tools to the Mobile Device Space

We can pretty much forget about practical or effective packet capture on mobile devices- it ain’t happening. At the same time, tablets and smartphones have some value when it comes to spectrum analysis and quantifying the client experience. Here, it all comes down to price versus effectiveness in mastering the small screen. Read my commentary on migrating wireless tools to mobile devices here, at my Network Computing blog.

As WLAN technology evolves, the tools have to keep up. We’re at a pretty interesting place right now-if you haven’t freshened up your knowledge of WLAN analysis options lately, it’s time to dig in. The times they are a changin’…