Category Archives: Mobile Data

Oh Say Can You See- What’s Driving Up Your Small Site Data Costs?

One of my small rural customers was frustrated. A site I’d not yet been involved with has a single PC that runs a specific agricultural application that occasionally checks into a web database used by all of their sites. And since the problem location is in the boonies, they had no options beyond 4G for Internet service. The frustrations:

  • Huge data bills that weren’t making sense for a single PC
  • No sense of what was going on at the site over the network
  • Getting to the site isn’t exactly a quick drive

I researched the agricultural application and found that it shouldn’t be using but a few MB at a time when it synchronized, yet usage was well into the GB per day. It was time to visit the site, and to do some sleuthing.

More Than Just One PC After All, Other Oddities

The notion of Network Policy can be hard to formalize in small businesses where everyone knows everyone, and it’s as much like family at times as it is a business. When I first  got to this site to do my investigation, I confirmed with the site chief that yes, there was only a single computer. And a time clock, behind the 4G connection. That was all that was officially in service operationally. When I got into the 4G modem though, I could see multiple Wi-Fi clients connected to the 4G hotspot… <the plot thickens>. It also turns out that the fairly lightweight application- the only reason the 4G link was being funded to begin with- had it’s own story.  And… the data plan itself was pretty pricey as it had not been freshened up in years.

The Fix(es)

To get the costs under control, and to remove all mystery about what was going on here, I did the following:

  1. Calculated what the application should need, along with Windows updates, etc. then found a newer, more generous plan than what they were on. I recommended 12 GB/month plan for $80, which should provide fixed cost and at least 300% headroom on my estimated usage. (The bonus, Verizon throws in an extra 2 GB per month on this plan.)
  2. Had the application vendor audit the application behavior. What was taking 600 MB per day was dialed down to around 60 MB by changing from continuous sync to a 4-hour interval (which still met the owner’s needs).
  3. Reigned in the 4G rogue client use. On this modem, the Wi-Fi can’t be disabled. But I changed the SSID and password, lowered the number of allowed users to 1 (the minimum) and instructed the owner to tell the staff that this network is off-limits even if they can figure out how to get back on,  along with a message that “the IT guy monitors everything!”
  4. Both eliminated any mystery and took control of the bad habits associated with the PC by installing a Meraki Z1 Teleworker appliance between the 4G modem and the PC and time clock. Weedsport3

With the Z1, I was able to accomplish a number of things:

  • Use traffic analysis to remotely see what else was going on with the PC, besides the ag application
  • Use firewall rules and application controls to put an end to all non-authorized applications
  • Provide a client VPN-endpoint so I can access the environment for troubleshooting if need be
  • Monitor data usage and get automated reports on what’s going on in the small environment
  • Get alerted should either the PC or time clock go offline
  • Make myself the heavy in the situation, and take that title off of the owner

After the changes, I’m seeing total site usage of only around 80-90 MB per day in an operational paradigm where I’ve budgeted for around 400 MB per day. As I see recreational traffic pop up, I can quietly block it remotely, without the owner constantly needing to re-enforce the rules (staff here have specialized skills, they can’t just be replaced). And I’ve given the owners a 3rd-party they can turn into a bogey man if they need to should anyone complain (this in itself has value).

Bottom line- this was a fun one to solve. We were able to contain costs, remove any mystery, and provide remote monitoring and alerting. Also- by using the Z1, the time clock can benefit from site-to-site VPN back to the main site where another Meraki MX is in use with the Time and Attendance server.

Though I have used many Meraki wired and wireless products, this was my first outing with the Z1. It’s an impressive little gem, and very much “feels” like it’s big brothers, the MX line.

 

Is It Just My Perception, or Are We Getting a Bit Screwed Here?

Warning: pissing and moaning ahead- if you’re not in the mood, click away now.

My daughter was lamenting today that her iPhone keeps filling up, no matter what she does to try to keep it’s storage lean. We’ll talk about that in a minute, as Rant #1. For Rant #2, I want you to to think about your mobile data plan, and the notion of paying for content you don’t want and have little control over.

Come on now, who do you, who do you, who do you, who do you think you are,
Ha ha ha bless your soul
You really think you’re in control?
Well, I think you’re crazy
I think you’re crazy
I think you’re crazy
Just like me
– “Crazy”, Gnarles Barkley

Back to the iPhone. If you think that when you buy a 16 Gig iPhone, you’ll have 16 GB of storage for YOUR files, you’re sadly mistaken. If you think that 32 GB equals 32 usable Gigabytes on a mobile device, again you are wrong. Basically these numbers are agreed upon lies perpetuated by Apple and other gadget vendors (yes, Android too) and visited upon We the Sheeple who adoringly pay what they say and question little about the shiny new devices that we just gotta have. And if we find that we only get about 3/4 of the device capacity that we think we paid for because the rest is used by fat operating systems and installed bloatware apps, well that’s just our problem.

Or is it?

I ran across this article that talks about Apple being sued by users who have had enough of numbers that you can’t trust and vendors who don’t seem to care about how much of OUR drives they squat on. We’ll see if it actually goes anywhere, but I’d be happy with two outcomes:

  • An end to the industry wide practice of flat-out lying to people about what they are buying (don’t tell me it’s in the fine print)
  • A separate partition on the on-board storage that delivers what the vendor is promising- some amount of storage that truly is yours to junk up as you so choose, that comes absolutely empty. No OS, no bloatware- that goes in another partition.

Data plans have so many bullshit aspects to them it’s just sinful. I don’t know how you fix this one, but for those of us who like to get what we pay for, it’s a travesty. Let’s say you pay $50 a month for a data plan that’s only so big, and when you exceed that usage, you pay overage fees. That’s not unreasonable, right?

Where we have a problem is that you reasonably assume that YOU will decide how your data plan gets used. Ah, you sweet naive kid.

You know all those apps that come on your phone? The ones that you have no use for and can’t uninstall? Some of them are sizable- and so are their updates that eat into your data plan. Think about how many times you open CNN or Reuters and an inline commercial or add kicks off- you’re paying for those too. If you’re saying “so what? I have commercials on cable TV and on my home Internet” then you’re forgetting that those subscriptions are not metered like your cellular data plan is. But there is all kind of force-fed content that helps itself to your data plan regardless of your interest.

The only defenses? Use Wi-Fi as much as possible, root the device to remove the apps you don’t want, or buy some kind of ad-blocker software (you’re still going to get a lot of video that just starts playing when you open web pages). But should consumers really have to go to these lengths to not have their data usage squandered by applications they didn’t invoke or ask for?

So… we got devices that aren’t as big as they claim to be and data plans that will never be ours alone to control, despite that they are ours alone to pay. And “the industry” couldn’t be doing better these days.

So is it me, are are we not in fact getting screwed?

Cradlepoint Introduces a Beauty

(Quick edit, 8/17/15)

Of late, I’ve had a few opportunities to learn more about the mobile edge router space and the really powerful feature sets that exist in this market. I’ve been briefed by the big players on how their gear is winning over traditional networking in a variety of scenarios, and how slick tools like cloud management and SDR (software defined radio) make mobile edge gear pretty advanced in capability. Read more on the general topic of 4G edge-routing developments with a piece I wrote for Network Computing.

Cradlepoint’s latest announcement provides a great example of the impressive tech in play in this unique realm that creatively puts networking in a variety of interesting places, from public transportation fleets to retail kiosks that pop up and disappear as events come and go to permanent locations like restaurants and gas stations. The new product is the AER3100, and with it’s specifications and flexibility, it’s going to fast find it’s way into all of the markets that Cradlepoint serves with micro-branch/mobile and small branch style offerings.

Here’s the quick view, stolen from Cradlepoint’s web site:

AER3100

This is light-years past simple personal hotspot kind of 4G modem kit. If you ever get an opportunity to take a briefing with Cradlepoint, you’ll realize that the businesses using these sorts of components have a lot to lose by making poor choices with their networking, from lost revenue to data breeches. Cradlepoint seems to have covered all of the bases with robust security, multi-carrier support, and legitimate enterprise network feature sets (including 11ac support on the WI-Fi side) in small components that just happen to get their ISP connectivity generally via 4G.

Give the Tech Specs a look, and see if you’re not as impressed as I was when I first got familiar with them:


Technical Specifications

WAN

  • Integrated 4G LTE (with 3G failover) Multi-Carrier Software-Defined radio
    • Verizon, AT&T, Sprint, Europe, and generic models available
    • Dual integrated modem option
    • Dual SIM slot in each modem
    • Most models include support for active GPS
  • 13 10/100/1000 Ethernet ports (WAN/LAN switchable)
  • WiFi as WAN (only on AER3100)
  • Failover/Failback
  • Load Balancing
  • Advance Modem Failure Check
  • WAN Port Speed Control
  • WAN/LAN Affinity
  • IP Passthrough

LAN

  • 13 10/100/1000 Ethernet ports (WAN/LAN switchable); Supports four ports of PoE (9-12) for class I, II, or III devices (up to 15W) or two ports high power PoE for class IV devices (up to 30W)
  • LLDP support
  • VLAN 802.1Q
  • DHCP Server, Client, Relay
  • DNS and DNS Proxy
  • DynDNS
  • Split DNS
  • UPnP
  • DMZ
  • Multicast/Multicast Proxy
  • QoS (DSCP and Priority Queuing)
  • MAC Address Filtering

MANAGEMENT

  • Cradlepoint Enterprise Cloud Manager¹
  • Web UI, API, CLI
  • GPS Location
  • Data Usage Alerts (router and per client)
  • Advanced Troubleshooting (support)²
  • Device Alerts
  • SNMP
  • SMS control
  • Console Port for Out-of-Band Management

¹Enterprise Cloud Manager requires a subscription
²Requires CradleCare Support

ROUTING

  • IPsec Tunnel – up to 40 concurrent sessions
  • OpenVPN (SSL VPN)¹
  • L2TP¹
  • GRE Tunnel
  • OSPF/BGP/RIP¹
  • Per-Interface Routing
  • Static Routing
  • NAT-less Routing
  • Virtual Server/Port Forwarding
  • VTI Tunnel Support
  • NEMO/DMNR¹
  • IPv6
  • VRRP¹
  • STP¹
  • NHRP¹

¹–Requires an ECM PRIME subscription or an Extended Enterprise License

SECURITY

  • RADIUS and TACACS+
  • 802.1x authentication for Wireless and Wired Networks
  • Zscaler Internet Security¹
  • Certificate support
  • ALGs
  • MAC Address Filtering
  • CP Secure Threat Management²
  • Advanced Security Mode (local user management only)
  • Per-Client Web Filtering
  • IP Filtering
  • Content Filtering (basic)
  • Website Filtering
  • Real-time clock with battery backup for CA certificate validation

¹–Requires Zscaler Internet Security License
²-Requires a CP Secure Threat Management license

PORTS AND BUTTONS

  • 54V DC Power
  • 13 10/100/1000 Ethernet LAN
  • Console port
  • Two cellular antenna connectors (SMA)
  • GPS antenna connector (SMA)
  • Lock compatible
  • External USB port for USB modem and/or firmware updates
  • Factory Reset

TEMPERATURE

  • 0° C to 50° C (32°F to 122°F) operating
  • −20° C to 70° C (−4°F to 158°F) storage
  • Redundant internal fans for reliable cooling

HUMIDITY (non-condensing)

  • 10% to 85% operating non-condensing
  • 5% to 90% storage non-condensing

POWER

  • 54VDC 2.25A adapter
  • 802.3af (15W) or 802.3at (30W) PoE capable

SIZE

  • 12.2 in x 10.6 in x 1.75 in (310 mm x 270 mm x 45 mm)
  • 1U height for rack mount

– See more at: https://cradlepoint.com/products/aer-3100#!specs


I’m new to this space when it comes to looking at it to any real depth. What I’ve seen so far makes me think beyond my own typical wired ISP approach to certain branch environments, and it does get fascinating when you contemplate robust networking being enabled anywhere you have halfway decent 4G coverage. I’ve really just skimmed the surface of a pretty big story here, and I look forward to learning more.

Do you work with Cradlepoint gear or competing mobile edge solutions? I’d love hear your take, and examples of success or failure with kind of solution.