Category Archives: Cloud Managed WLAN

Mist Systems Has an Advantage- but Also Gets a Yellow Card

Now the race is on
And here comes pride up the backstretch
Heartaches are goin’ to the inside
My tears are holdin’ back
They’re tryin’ not to fall
My heart’s out of the runnin’
True love’s scratched for another’s sake
The race is on and it looks like heartache
And the winner loses all

-Sang by George Jones

Though events like Mobility Field Day 6 may not be typically thought of as being contests, I can only imagine that those participating from the vendor side feel the competitive heat. The spotlight is on, the dollars to participate have been spent, the camera is rolling, and there is a tight window to differentiate your offerings and approach from the rest of the pack- all while a group of delegates interrupts your presentation and peppers you with questions. Success is measured by Twitter conversations, blog posts, and ultimately sales numbers. As a long-time Field Day participant from the delegate side of the paradigm, I can’t help but think that Mist still has an advantage of sorts when they present. I’ll explain that here, but will also point out that cockiness can sometimes cost you based on one comment made by Mist during MFD6.

The Mist Advantage

Mist was a late-comer to the mature WLAN industry, being founded in 2014. But those involved with starting the company are hardly newcomers to the game, and they have done a good job of making a start-up extremely relevant in a competitive market. I’d dare say they have been disruptive. And of course they were bought for a zillion dollars by Juniper. So what is The Mist Advantage when it comes to these presentation-oriented events?

Their short history.

Sure, they have decent technology, and even if you get tired of AI-everything in the company’s messaging, that is obviously working for them. But it’s what Mist DOESN’T have that’s just as significant to their appeal: they don’t have years and years of messaging fog and technical bloat to overcome. Their story is still fresh, and when you sit down to listen to them, your mind doesn’t involuntarily think about their long history of bugs, frequently changing “campaigns” and named networking frameworks, and all the ways customers have been frustrated with their licensing and support. Because… that history doesn’t exist yet.

The irony with Mist is that many of their key corporate players have come from companies that DO suffer from the effects of simply having a long history, and were likely personally responsible on some level for at least some of the baggage left behind at the companies they left. Such is life in Silly Valley, and I applaud anyone who recreates themselves and learns from the past.

How long will the Mist story remain untainted by it’s own longevity? This will be an interesting question to watch play out. But I have yet to hear of any customer switching FROM having a Mist WLAN to a legacy vendor, and the continual development of products and underlying magic is impressive on Mist’s part as evidenced by what you’ll see in the MFD videos.

Yellow Card Thrown

I recommend that anyone interested in Mist or wireless networking in general watch the Mobility Field Day videos from the company’s presentations. These folks know their stuff, and the enthusiasm is palpable. But I do have to call out one thing that didn’t set well, and sounded maybe a bit beneath the Mist Team.

The day before Mist presented, Aruba Networks showed their Wi-Fi 6E AP630, a fairly ground-breaking offering that brings real-world networking in new 6 GHz spectrum to the wireless space. For months now we’ve all been giddy about 6 GHz being made available for use by the FCC, so Aruba giving the world an early 6E AP and being able to show what it does in a controlled environment is a good thing.

I’ve heard every single vendor so far at Mobility Field Day 6, including Mist, say things like “you gotta start somewhere” or “this is just our first step towards blah blah blah”- reasonable utterances for companies who need to innovate or wither. So when the topic of 6E access points came up and Mist seemingly slighted Aruba for putting out a lowly 2×2 6E AP while Mist has nothing to show yet in 6E, it seemed a bit low-brow. The comment was noticed by a few other folks out there as well, and I’m curious your take on this if you happened to catch the dialogue.

Contemplations on Large-Scale Cloud Wi-Fi in Higher Education

For so many years, the Wi-Fi story at most campuses has been pretty similar: hundreds or thousands of access points connect to some number of controllers, and it’s all managed by a network management system. Sounds simple enough, but this basic formula of WLAN building blocks has a number of implications that many of us who keep these networks up frequently get weary of. I recently took part in a panel discussion webinar where some notable wireless network managers and architects from the higher ed space discussed these implications. Let me share what we talked about, and we’ll see if any of it resonates with you- and I’m sure that you’d agree that the topics covered here certainly apply well beyond higher ed.

Mist Systems Hosts the Panel Discussion
Mist Systems isn’t the first company to bring cloud-managed wireless to market, but they do offer some fairly comprehensive strategies for those interested in different options. During the panel session, we talked with Bryan Ward from Dartmouth College and Brian Stephens from MIT. Both of these gents are now using Mist for their respective campus WLAN environments, albeit in different topologies. Rounding out the panel was Rowell Dionicio of, Wes Purvis and Jussi Kiviniemi (Mist Product Management team), and myself. Though Rowell and I both have deep backgrounds in higher ed wireless, we joined this session as independent consultants.

The Layer 2 Elephant in the Room
Back in the day when controllers first hit the market, they gave the WLAN world a major gift at Layer 2. With “fat APs”, any VLAN in use by the access point needs to be part of a trunk on the Ethernet uplink. But when the AP is controller based, a single management VLAN can be used to encapsulate a number of VLANs using CAPWAP tunnels. Using controllers allows for a much simpler L2 paradigm from the perspective of AP-uplink switch and switchport configurations- by an order of magnitude in large environments. To me, this is perhaps one of the most significant single benefits of using controller-based WLAN, and is one potential obstacle when going to a cloud-managed model. Old L2 concerns come back to haunt us when the controller gives way to a cloud-managed management plane, and not all vendors have an answer to the dilemma.

During our discussion, we learned that Dartmouth re-engineered their LAN network and embraced configuration automation to reduce the L2 admin burden when they migrated away from their old Cisco controllers to Mist’s cloud-managed WLAN. By contrast, MIT’s timeline for WLAN upgrades required that they NOT re-engineer their L2 environment, meaning they needed a solution to the L2 dilemma.

How do you take advantage of CAPWAP/similiar tunnel terminations afforded by controllers, when you are abandoning controllers? Mist provides an appliance called the Mist Edge which allows for termination of AP-management tunnels and VLAN aggregation, while still keeping the rest of Management Plane functions out in the cloud. This option allowed MIT to quickly get their Wi-Fi moved to the cloud paradigm while preserving their legacy LAN topology.

There was a lot of good discussion about what exactly a controller is versus solutions like Mist Edge and similar building blocks from other vendors. Wes presented this graphic to guide discussion:

Why Else is the Controller Construct so Important When Considering Cloud W-Fi?
Aside from Layer 2 concerns, we heard from both MIT and Dartmouth the various ways their admin time has gotten more productive since they jettisoned controllers. We all spoke of reliability and such, and there is no doubt that a move to the cloud simplifies major administrative tasks. I’ve used cloud-managed networking in almost twenty branch locations of varying sizes for at least a decade, and I can say that not having to upkeep both controller code and quirky, feature-bloated management servers is nothing short of liberating.

The panel as a group seemed to agree that many WLAN professionals get hung up on the loss of nerd-knobs and command-line deep debug capabilities when they consider a move away from controllers to cloud. I wasn’t the only one to vocalize that often the deeper debugs we do on controllers are when we are troubleshooting controller code for TAC rather than actually trying to figure out Wi-Fi or client issues (this gets extremely old). Dartmouth’s Bryan Ward spoke highly of the ease of use and effectiveness of Mist’s API capabilities from first-hand experience when deeper-than-GUI information is needed, while MIT’s Brian Stephens reflected on the Mist interface being comprehensive enough for daily use. Both perspectives are good news for the controller-weary. Competing cloud systems have similar API functionality, and one point of analysis at evaluation time is always “is there the right balance between GUI and API?” from the usability perspective.

A Lot to Consider, Digest
For me, this discussion does scrape off a significant portion of apprehension about potentially moving a large WLAN of many thousands of access points to the cloud-managed paradigm. (In my perfect world, I’d be able to keep my existing very expensive controller-based APs and use them with another vendor’s cloud solution- but the world doesn’t work that way, and likely never really will at enterprise scale.) We covered a lot of ground, with these among some of the other details to ponder:

• Rowell asked a great question- can we make a Mist Edge in VM? Wes replied that it could be done, but most customers don’t.
• Bryan Ward pointed out that SNMP completely goes away with the Mist deployment.
• Brian Stephens made the case that so many other enterprise systems are moving to a cloud-managed model that taking Wi-Fi there really isn’t that much of a leap.
• We all talked about the “what if your Internet connection goes down?” I’ll say that your Mist Wi-Fi will be fine during the downtime, but let you hear the rest of the conversation for yourself when you watch the session.
• We also hit on how funding changes from Capex to Opex with cloud management, and the value of scripting skills for network admins

There’s a lot more to hear, and it’s better firsthand so I hope you spend an hour or so and watch it. I will close by saying this: regardless of what system you are contemplating, you really have to do an honest eval with it the way you would actually use it daily, and you also have to talk to real-world customers that have been empowered to speak freely about the good and less-than-great of the solution you’re interested in.

This panel discussion was especially useful to me because Bryan and Brian have already gone down a road I think about often, and Rowell’s insights are always right on. I’m now better equipped to think about the WLAN future of environments that I manage.

If you missed one of the embedded links above, find the webinar here.

Code, Heal Thyself: Mist Systems Brings Something Badly Needed to WLAN Market

If you do any profession long enough, you’ll experience all sorts off good and bad along the way. For me, “good” has been the honor of providing reliable Wi-Fi to hundreds of thousands of client devices through the years, and “bad” has been fending off downtime and damage to organizational reputation when code bugs hit. Why focus on code bugs? To me, they are the one huge factor in WLAN system operation that we as wireless professionals can’t control. We can get everything else right from RF environmental design to RADIUS server capacity to onboarding clients, but we can’t defend against what evil lurks in the lines of code that runs the system hardware. Nor should we have to- that’s where we expect vendors to hold up their end of the deal on hardware and software that ain’t getting any cheaper.

Oh, how I have bitched and whined and complained about code bugs through the years. There was “The Horrible Bags We Hold For WLAN Vendors“. And “Code Suck Regulation: Should We Sue Vendors For Major Code Bugs?” I got a bunch of them… and it’s not just me. One of my favorite people, Jake Snyder, laid down a really good video lament on the topic. No one can forget my own video from the Wireless LAN Professional Conference in 2017 where I detailed real-world impact of code bugs. It’s a real thing, ya’ll.

I titled one post on the topic “Will Reliability Be Prioritized Before Wi-Fi’s Whiz-bang Future Gets Here?” (a house built on suck cannot stand).  This one jumped to mind yesterday as I sat in a Juniper Networks conference room in San Jose and heard Mist Systems talk about reliability. What I heard was refreshing.

Mist CTO Bob Friday and his crew presenting at Mobility Field Day 4 detailed how the company’s AI does all kinds of things- but among the most important is finding it’s own system anomalies. The gravity of the point is fairly significant, as one vendor after another wants to put a dashboard in front of you that calls out anything and everything as a wireless problem for you to chase after, but none that I know of will raise their hand and admit “OK- I’m actually the problem here… me, the system. I screwed up… I’ll fix me so we can all move on. Beg your pardon…” But now Mist is promising that, and it’s huge.

CTO Friday not only called out this capability, but was kind enough to give me a shout out for my years of crying like a school girl about code bugs, which was thoughtful.


Well done, Mist Systems! There was a hell of a lot more to the presentation- and in the couple of hours I listened, I was impressed that Mist has managed to boil the hype off the concept of AI and actually did a decent job of explaining real-world, practical applications and benefits. There are several videos from the session, and they are worth watching.

More about Mobility Field Day 4 here.


Ubiquiti Updates- Cool Camera and a Big WLAN Offering

There is sooooo much to the Ubiquiti story. It’s just a different company, and you never know what’s around the corner for them- but whatever “Ubnt” comes up with is usually profoundly interesting. I’ve gotten quite the education over the last couple of years on many things Ubiquiti, and written about my experiences in this blog (and others). Though I don’t always agree with the company’s messaging on certain products, they are obviously doing something right as they sell a lot of product and their user community tends to speak loudly and favorably. In this blog, I have two updates regarding Ubiquiti.

Suh-weet Little Camera.

I’ve been kicking the tires on Ubiquiti’s G3 Micro camera, and it’s an impressive add to the company’s current line of video products. It’s one of those products that you take out of the box, handle a bit, and fast feel appreciation for whoever developed it’s physical construct (I get the same warm fuzzy when I handle some of Ubiquiti’s outdoor bridges). From really creative use of magnets to more mounting options than you might think possible, the G3 Micro is just a neat little wireless (dual-band) 1080p HD camera.

It fits in very well with Ubiquiti’s NVR hardware appliance or the build-your-own NVR option, and is as easy to use as the cameras in the series. Just remember- Ubiquiti NVR only works with Ubiquiti cameras and visa versa.

Some real-world screen grabs:

Jumbo Wi-Fi Is Spelled “XG”

Maybe XG stands for extremely gigantic (?) …hmmm. Have a look at this introduction to the Ubiquiti’s latest add to it’s networking portfolio.  You can mill around looking at the non-wireless stuff, as the XG switch, router, and app server are pretty interesting as well. But I want to focus on the Wi-Fi side of XG here. Check out these monsters, and their specs:

G3 Micro 5

There is a reason why Ubiquiti’s XG product page features a stadium in the background- XG is aimed at big honkin’ environments. WLAN professionals will cringe at the “1,500 Clients” spec, even if somehow that’s actually possible, and I hope Ubiquiti tones down the value it seems to see in huge counts like this. Their stuff actually tends to work pretty well, but this messaging can cast good gear in a questionable light for those who do wireless.

It is interesting to see my first ever 10 Gbps port on an AP, as shown on my beta copy of the UniFi XG access point:


G3 Micro 6

Like I said in the beginning, Ubiquiti is always working on something really interesting. At this point, the UniFi XG UFO-looking AP is only available in the Ubiquiti beta store (and at a pretty compelling price versus the specs, I might add), but that will change quickly as XG gains traction on it’s way to the larger market.

I’ll have more to talk about when I start hands-on eval of the XG.


More wirednot blogs on Ubiquiti

Open Mesh Brings Major Disruption to SMB Space, Goes Full-Stack

Another router coming to the SMB market generally isn’t that exciting, but this one is different for a number of reasons.


For one thing, it comes from Open Mesh. Those ports are part of the G200, which is the first router ever released by Open Mesh. It has a list price of $249 dollars, and it also brings the Open Mesh product line into the proverbial “full stack” domain.


Now customers can use access points, switches, and the G200 all from Open Mesh, and all cloud-managed in the excellent CloudTrax dashboard with no license costs.

Yes, you heard me right… I said “with no license costs”. If you are not familiar with Open Mesh, the operational paradigm is easy- you buy your components (routers, switches, and access points), you register them in the CloudTrax dashboard, and off you go with configuration and operation. CloudTrax is a pretty decent network management system in and of itself, and it is the only way you manage Open Mesh components. It’s simple, it’s feature rich, and given what Open Mesh hardware costs, the entire paradigm is an absolute steal compared to pricing and complexity of enterprise solutions that masquerade as SMB-friendly.

The G200 is a significant milestone to not only the Open Mesh product line, but also to the SMB market in that it seriously drops upfront costs and TCO while providing what may be the easiest to use interface among any of it’s competitors.

But what do you get for under $250 for features with the G200? A lot, actually. From a resource perspective, Open Mesh promises gigabit throughput compliments of a quad-core processor and dedicated crypto engine. The G200 has two passive PoE ports for Open Mesh APs to connect directly, and also has an SFP port for fiber uplink to an Open Mesh switch or 3rd party vendor switch. All the typical “router stuff” is onboard, from VLAN support, DHCP server and firewall to decent traffic classification, QoS, NAT functionality, user VPN, and even usage statistics. Not bad for an initial edge-router at this price point, that won’t hit you up in 12 months for a fat license fee to keep using it. Mine has been reliable as I could ask for in the couple of weeks that I’ve been testing it. One gripe- no site-to-site VPN, although that is coming.


I can’t stress how important price is for the SMB space, and I know some of my own customers are dealing with sticker shock that comes from other cloud-managed solutions that charge big and small environments the same way when it comes to licensing (or worse, they penalize the small networks for not having volume purchasing leading to better pricing). If Open Mesh continues to evolve their edge functionality and hardware offerings, this vendor could deliver a sales smack-down to the bigger players who have become license-happy to the point of ridiculousness over the last few years.

A New Access Point and Switch, Too!

I’m a huge fan of the Open Mesh A60 dual-band indoor/outdoor 802.11ac access point. It has been the top-dog of the Open Mesh access point line for several months, with a list price of $225 (again, no licensing and free CloudTrax support). Now, as part of the same product announcement that features the G200 router, Open Mesh is also bringing out it’s new A62 access point. It’s still dual-band and indoor/outdoor, but this Wave 2 AP also sports two 5 GHz radios, support for up to an estimated 150 streaming clients, and the same $225 price tag as the A60.

The latest S24 switch also breaks new ground for Open Mesh with 10 Gbps SFP+ uplink ports and a higher PoE power budget than it’s predecessor.

Let’s Do Some Math

Open Mesh has over 100,000 network customers around the world. When I think of one of my own small sites that’s up for renewal with another cloud vendor, I’m looking at trying to explain to my customer why a 3-year renewal license on old AP costs almost as much as purchasing the latest license-free AP from Open Mesh, and why a 3-year renewal license on an older security appliance costs almost twice the price of a new Open Mesh G200 router that would never need another license. These are real dollars for small businesses, and you pay the big price for the other guys whether you ever use actual support or not.

It’s time for a shake-up at this end of the market, and I think Open Mesh is the vendor to do it.


Related posts:

One Example of the Just How Clueless and Misleading Wireless Device Makers Can Be

Sigh… Stop me if you’ve heard this one- A wireless device maker sells something to an unwitting customer on, shall we say, some stretched truth. The pitch that led to the sale isn’t quite the proverbial pack of lies, but certainly left out key information that may have doomed the deal if the customer had a clue about what questions to ask (or had involved their IT staff before writing the check). A fairly limited-capability WLAN client shows up, and suddenly the network has to flex itself in unsound ways to accommodate devices that arguably shouldn’t have been purchased. Can anyone relate?

Security “Lite”… or is it Security “None”?

Here’s my current problem child.


That’s a time and attendance clock. It’s networked, and it talks to a server out in the cloud. It can use a wired Ethernet connection, or dual-band wireless (we’ll talk about that in a moment). Yay! Cloud! Yay! Wireless! Perfect for just throwing several dozen in and and off they go, because you have a wireless network- it’s a slam dunk, baby!

But it’s not a slam dunk. Because the network it’s likely to land on very well might just be an Enterprise-secure WLAN. That means it doesn’t use living room grade pre-share-based wireless security. Yet the best you will get out of this particular time clock IS living room grade security. It doesn’t support 802.1X authentication or WPA2-Enterprise CCKM encryption.

What happens if you don’t have, and don’t want, a PSK-only Wi-Fi network in a large secure enterprise environment just because someone made a questionable purchase of a WLAN feature-constrained time clock? You don’t have a lot of choices, and the couple that you do have smell and taste bad. Ah well- at least it’s DUAL-BAND WIRELESS.

Yeah… sure it is.

Radios in a Lil’ Faraday Cagey Kinda Thing

I was pleased to hear that the clock was at least an 802.11ac device. Because the environment it will work in does NOT have a PSK network and the clock can’t do enterprise security, it will go on an open guest network with MAC exception so it can bypass the guest gateway (relying on application-layer security to encrypt the data involved). So, I needed the wireless MAC address to set up the exception on the test unit. It was not printed on the clock or packaging, so I opened the device to see if I could find it inside.

I did locate the WLAN adapter’s MAC address, but had to remove the adapter to read it. The clock uses a StarTech USB433WACDB which is in fact dual-band .11ac in spec. But the environment needs to be right for wireless thingies to work to their max performance spec, and things are far from environmentally right in this clock enclosure. The little USB adapter has no external antenna that might help the situation, and sits behind a circuit board and a metal plate inside the clock, with the back of the enclosure and ultimately the wall that the clock will mount on behind it.

Given the RF-unfreiendly location of the adapter inside the clock, I was curious if it would connect at 5 GHz. Here’s where I will admit that my testing was not exactly methodical, but I’ll tell you what I saw and did.

This clock came to life about five feet away from a dual-band access point in the same room, with a couple more dual-band APs beyond other walls but still within range. It first connected on 2.4 GHz. I moved it right next to the AP, and it again connected at 2.4 GHz. I disabled the 2.4 GHz radio on that closest AP, and the clock connected to a farther away AP, using 2.4 GHz. So… it doesn’t look good for “dual band” here. I did not sniff packets to see if the clock is trying in 5 GHz, so I can’t say that maybe it’s not a driver or dodgy band-steering issue. But I can say that in initial testing the clock certainly doesn’t appear to be realistically dual-band despite the adapter spec.

And so it goes…

At the end of the day, this is far from my biggest problem. I’ll hold my nose and get the clocks to work, but it is work calling out the reality that not only are not all wireless clients ready for the business WLAN, sometimes they aren’t even what they claim to be at all in spec because of the way they have been built.

We are collectively in the 5th generation of major Wi-Fi technology with .11ac, with .11ax around the corner. Our WLAN infrastructure systems are advancing with rediculously rich feature sets beefed up with every code release, yet the client device makers seemingly operate on another planet where getting in sync with business WLAN requirements doesn’t seem all that important, given that these clocks are just one very typical example.

Ah well. I realize that nothing told in this narrative is news, but at the same time it needs to be talked about once in a while. Part of that discussion is hoping for better days on the client device front. And part of it is channeling a rant into a story that you can share with others so that they know they are not alone in their own frustrations.

Mojo Networks Touts Lower Networking Costs, No More Vendor Lock-In at Mobility Field Day 2

Mojo Networks never fails to provide an interesting presentation. Recently, I sat in Mojo’s conference room in San Jose for the fourth time in roughly as many years to hear what the company is up to, and what their vision for the future is. At Mobility Field Day 2 (MFD2) I found myself fairly riveted to CEO Rick Wilmer’s introductory session. Why? Because if Wilmer’s vision of WHAT COULD BE takes root, it could disrupt the WLAN industry (and beyond) in some profound ways.

Wilmer pulled no punches describing what the typical margin is for wireless access points sold to customers- 70%. That’s 70% per AP, times hundreds of thousands of APs generating much revenue for WLAN vendors. Wilmer sees a world where the advantage shifts to the customer when it comes to wireless access points, but we’ll get to that.

Then there’s vendor lock-in… I remember back in the early days of LWAPP (the thin AP protocol), I had very naive and childish visions of a protocol so sparkly-wonderful-special that I might be able to mix components from Vendor A and Vendor B on the same damn network. I was all a-tingle, for about 30 seconds. Then I was slapped with the reality that what comes out of the antennas might be mostly-standards-based, but there is and would continue to be zero compatibility between vendors under the hood. Ah well, I was a silly wireless child then. But Wilmer’s vision touches that as well.

If you watch the MFD2 Wilmer session, you’ll not hear a CEO harping on buzzy claims of Machine Learning and crazy wonderful feature sets. (That all comes later in Mojo’s other presentations, and even then what could be a Bucket o’ Buzzwords is really just incorporated into what Mojo does, versus the vendor hanging a bunch of impressive terminology in the air and hoping that you salivate over it.) Wilmer paints a vision of commodity-priced access points- and eventually switches and security appliances- being cloud managed in an open source framework where innovation is driven by the greater technical community instead of any single vendor’s skewed view of the feature world.

Cloud management, software-defined everything, and open hardware standards CAN replace bloated, proprietary systems as shown in different examples made by Wilmer’s team in presentations that came after his. The technical stuff is interesting, and you should watch Mojo’s story from MFD2 all the way through. But just as significant is Mojo’s idea of a new business model that flies in the face of convention, and could capitalize on the success of the Open Compute Project (OCP) in building white box data center components as that model stretches into wireless access.

It’s a fairly bold premise, and I applaud Mojo for taking a truly unique and interesting path. Hopefully they find some big allies soon to help push this vision along.

See Mojo Networks at Mobility Field Day 2 here, and catch up on all things Mojo at the company’s blog.

Some of my past coverage of Mojo Networks (and Airtight)