AirMagnet Enterprise Doesn’t Miss Much in WLAN and Cell Analysis

What separates good, secure wireless from under-performing wireless or an RF space that actually works against the organization’s best interests? Frequently, the differences lie in murky corners where network managers can’t see reality, for a number of reasons. Keeping a busy WLAN both healthy and in compliance with policy can be a daunting task, and one that certain environments simply can’t afford to get wrong. Sure, native tools built into enterprise WI-Fi gear have some ability to characterize the RF goings on where they provide client access but these feature sets are usually limited in scope and are of varying degrees of  quality. I recently had the chance to play with AirMagnet Enterprise from Fluke Networks, and I can say I was pretty impressed with what this purpose-built solution can do.

During my trial of AirMagnet Enterprise (AME), I was able to quickly bring a robust monitoring and reporting framework to life across multiple sites thanks to the cloud-hosted AME server. I can’t stress how much I value not having yet another server to feed and care for. The response times of the interactions between the cloud server and my local sensors was generally good enough that I eventually just stopped thinking about the distributed architecture.

I had a mix of sensor types at my disposal, and though my primary scope of responsibility tends to be WLAN, I was impressed by the ability to monitor cellular activity in my areas with AME.

I spoke with Fluke Networks about scenarios where cell monitoring is important (calls being made where none should be, jamming, signal quality, etc), and they identified prison environments and DAS performance verification as among the main use cases.

On the Wi-Fi side, there is just an absolute slew of information gathered, displayed, and reported on with AME. I contrived a number of security and interference exercises as I got more familiar with the WIPS tools– like this one:

The official list of WIPS capabilities reads like this:

Powerful WIPS Protection and Architecture

• Continuously scans every Wi-Fi channel, including all 200 in 5 GHz band to detect every rogue device
• Detection, monitoring, and remediation of spectrum activity in a broad frequency range that includes 3G, 4G LTE, and CDMA. Activity by cellular devices like cell phones and jammers is tracked and reported on.
• Alerts when rogue APs are on wired network or inside premise for quickest focus on most dangerous cases while blocking unwanted connections and devices
• Protects against latest vulnerabilities automatically via DTU
• Detects over 120 security threats, including Karmetasploit, AirPWN, 802.11 fuzzing and WPS brute force attacks
• Compliance reports for PCI, HIPAA, FISMA, DoD 8100.2, Basel II and others
• Scales to over 1000 sensors with a single server cluster in a data center
• Powerful local processing to enforce security policy even if connection is lost to server
• Automated forensic capture simplifies deep analysis

The AME reporting module feels a bit dated in appearance, but the details provided are simply incredible. There are dozens of reports that can be drilled into for hundreds of key metrics, and all can be scheduled, exported, etc.

Veteran Air Magnet customers will recognize the very effective Infrastructure View for each sensor in play:

This consistency with other AirMagnet tools speeds the AME learning curve, and information gathered from multiple sensors can be combined in reports simply by having multiple sensors highlighted when invoking the report. Each sensor can also be tapped for live packet capture and decode, remote monitoring of spectrum and specific channel activity, and all the functionality of  both AirMagnet Laptop and Spectrum XT programs per sensor :

The capabilities of AME are comprehensive, and moving between sensors and interacting with the cloud server was pretty smooth for me. Aside from the impressive wealth of information provided by the sensors, you also have the option of leveraging performance testing (Automatic Health Checking) from each sensor to gather metrics on general network feel:

When you put it all together, AME is certainly far-ranging in capability and impressive in what it can quantify. The centralized control and monitoring of distributed sensors is very empowering, and allows for a small team to cover a lot of analysis ground without leaving the office. I’m a longtime fan and user of a number of AirMagnet products (note that I hardly consider myself a fanboy here, there are certain AirMagnet tools that I really like, others not so much), and AME does impress me very much.

My trial was an absolute blast in that it was easy to stand up test sensors and just dig in playing at harvesting the important RF and WLAN data that AME was built for . A real AME deployment would take a lot more work, and interaction with Fluke Networks, to determine the right number and placement of sensors. The sensors themselves are very much like WLAN APs in that they need cabling and power. And even with the advantage of the cloud-hosted server, AME is still another system to keep up, use, and to stay proficient on. That being said, it’s pretty easy to envision the AME payoff in environments that simply must have secure, high-performing Wi-Fi and automated threat reporting. Where regulatory compliance is critical, AME is a force multiplier. The entire suite is well-executed, and when used properly leaves very little to the imagination when it comes to what’s really going on in your WLAN (and cellular) environments.

A Six-Pack Of WLAN Industry Developments

Things are always shaking in Wi-Fi Land. New stuff, company goings on, regulatory drama… it’s never boring. Here’s a quick bundle of interesting hits to consider.

1. Meraki Founders Quit Cisco. I’m not only a Meraki user, I’ve been following the company for years under the brim of my analyst’s hat. I delighted when Meraki came out with their MX line, and later when switches joined the lineup. There’s a lot of power in the Meraki magic, so I can’t say I was totally surprised when Cisco bought them for north of a billion dollars. At the same time, I had my concerns. Far be it for anyone not in the loop to speculate on why Meraki’s Founding Three have opted to split, but it does fuel all sorts of speculation depending on your frame of reference.
   

   ---

2. Xirrus Has Announced a Cloud-Managed 11ac Wallplate AP. This is an industry first (as far as I know) and I hope other vendors follow soon (are you listening, Meraki?)
   

   ---

3. Meru also has new product offering: Xpress Cloud. With 2×2 11ac APs managed via cloud subscription, aimed at SMBs. (Meru ain’t dead, folks.)
   

   ---

4. Fluke Networks’ Air Magnet Enterprise gets an upgrade.  Quoting my brief: “The new version of AirMagnet Enterprise includes several major security enhancements, new 802.11ac functionality, the industry¹s first “No Wireless or Cellular Zone” capability, new PCI 3.0 compliance features,  and more. Enterprise is already unique with its Automated Health Check and Dynamic Threat Update capabilities, but these new features make it even more powerful, and a crucial solution for organizations that can¹t afford to have wireless security loopholes.” Alas- it’s still an overlay…
   

   ---

5. Ruckus Ups Their Smart Wi-Fi Game. A laundry list of beefy feature goodness is aimed at improved Wi-FI calling, among other enhancements.
   

   ---

6. Eero. Interesting promise and premise. We’ll have to see how this one plays out- but promising people that you can solve dead spots in the home without running wires will get attention.
   

   ---

I don’t typically favor scraping press releases into a digest blog, but this mix of topics struck me as a bit profound in showing just how dynamic the Wi-Fi world is at many tiers. Exciting, thought-provoking stuff that can be hard to keep up on.  Don’t blink, things change quick around here!

 

Fluke Networks Enables Drone-Centric Tower Operations

The drone thing keeps coming back to this blog like a bad penny… Well, not really a bad penny as in “that sucks” bad. In this case it’s more like baaaad. As in dope, tight, righteous, Michael-Jackson-shamone bad. And again Fluke Networks is front and center on this drone-related discussion, like they were a few months ago.

Some background: those radio station and cell towers that dot the American landscape are marvelous pieces of communications infrastructure. But they also have a way of ruining lives when gravity meets carelessness or equipment failure. Despite the dangers, every tower is an ecosystem unto itself that needs upkeep, inspection, hardware and frequency inventory, and the occasional changing of mounted equipment. Though human beings will always be needed at tower sites, Fluke Networks sees a better way to take care of many of the tasks that climbers would otherwise need to do.

Enter the drone.

No, Fluke Networks is not coming out with a drone (but if they did, it would no doubt be kick-ass). But everyone’s favorite wireless toolmaker is taking their Wireless Work Advisor to the air with a coming-soon drone version as mentioned at the OSP Expo earlier this month. Think lightweight Windows tablet doing frequency verification with AirMagnet Spectrum ES as payload on a decent-quality drone that loiters around a tower, taking high resolution photos and video (inspection, inventory).

Rather than sending a tech up the tower for every little task, Wireless Work Advisor Drone promises to handle a variety of chores. I don’t do a lot of tower work except on the occasional ham radio project, but I’ve been high enough off the ground on tall metal sticks to know that less time spent “up there” is better. Drones can’t mount antennas or hook up cables, but there’s potentially an awful lot they can do if the uses of Wireless Work Advisor and Spectrum ES are incorporated properly. This is one of those good ideas that military mission planners call a “force multiplier”.

And sure, this has little to do with Wi-Fi and this is a mostly Wi-Fi blog. At the same time, some of us do point-to-point bridging, and/or host carrier cells on our properties. I like that Fluke Networks is taking a seemingly holistic look at the drone paradigm and seeing it for what it is in the IT/communications space- everything from a potential security threat to a handy tool that should reduce tower-related incident statistics by keeping more technicians on the ground.

I still don’t see an official release on Wireless Work Advisor Drone yet, but have been given the all-clear to mention it so it should be out soon.

Update- also see the article on same topic running at Network Computing. Thanks for reading and commenting.

 

 

 

The Wireless Tools They Are a-Changin’

To those of us who support WLAN environments, the only constant is change. I’ve been getting both an eye and earful of those changes over the last week. As we all get comfortable with packet capture in 11ac Wave 1 (but start readying ourselves for Wave 2), we have some truths to face about the impact of more streams on what we’re used to doing for Wi-Fi analysis.

And… as we get used to to using mobile devices for more networky-style tasks, it’s reasonable to want to take some of our preferred support tools in that direction. Alas, mobile devices will be practically limited to spectrum views and some degree of measuring the client experience, but don’t have much chance of doing much for us in the packet analysis realm.

End of the road for portable WLAN packet capture?

I had the pleasure of sitting in on Wireless Field Day 7 sessions at both Wild Packets and Fluke Networks this week, and the talk about 11ac packet capture was hot at both vendors. Both vendors talked about the importance of capturing 3×3 wireless traffic and their abilities to do so, but the difficulties can’t be glossed over. In fact, at Wild Packets, it was mentioned that “we’re getting close to the end of what we’ll be able to do with portable wireless packet capture off of laptops” because of adapter limitations and processing horsepower needed for complex multi-stream, multi-channel wireless environments. We were reminded by Wild Packets that capturing from APs has advantages, and APs can function as a big-honkin’ adapter in their own right when you need them to.

At Fluke Networks, new capabilities for 3×3 packet capture by Air Magnet was announced, along with a curious new adapter to facilitate the process.

 

The express-card form factor of the AM C1097 was greeted with surprise (and a little skepticism) by Field Day delegates, but we also heard good news in that it is built on the same Broadcom 43460 3×3 adapter that is native to the latest Macbook Pro laptops. It was also made clear that “you gotta start somewhere” and since there are no USB 3×3 adapters yet, Fluke Networks did what they have to do in getting started with 3×3 support. Good stuff all around as 11ac gets more traction at a faster rate than was predicted before the standard was ratified.

Taking the Tools to the Mobile Device Space

We can pretty much forget about practical or effective packet capture on mobile devices- it ain’t happening. At the same time, tablets and smartphones have some value when it comes to spectrum analysis and quantifying the client experience. Here, it all comes down to price versus effectiveness in mastering the small screen. Read my commentary on migrating wireless tools to mobile devices here, at my Network Computing blog.

As WLAN technology evolves, the tools have to keep up. We’re at a pretty interesting place right now-if you haven’t freshened up your knowledge of WLAN analysis options lately, it’s time to dig in. The times they are a changin’…

AirMagnet Changes It Up- With a WLAN Security Overlay

(OK, so it’s a Performance and Security overlay…)

I was an AirMagnet fan long before Fluke Networks bought them. I’m sure that I’m not alone in appreciating the long line of excellent tools that have come from AirMagnet, from the software-based utilities to the likes of AirCheck. But for some reason I was also a bit surprised to get wind of Air Magnet Enterprise as a big old’ overlay- think AirTight for security, and 7Signal for performance.

First Impressions, Having Never Tried It

For me, Enterprise is just different from all of the AirMagnet tools that you can hold in your hand. It gives me a bit of discomfort, because there’s yet another server or two to upkeep as part of the solution. There are sensors to deploy that have to be kept up in parallel with installed APs. There’s yet another system to learn, while you learn to ignore those same functions that are part of the system you probably already own… These mushy feelings of concern have nothing to do with Air Magnet, but rather they come from having well  over a decade of running and managing many small and very large WLANs and suffering pain, a la:

• Managing a WLAN is a lot of work, managing the boxes that manage the WLAN can suck
• When you make a significant investment in the likes of CleanAir (or anybody’s native equivalent) it’s hard to get a clear read on what yet one more system will do for you as a delta, and how that delta is worth the usually steep accompanying price
• Dashboards full of rogues and interference sources that you often can’t do anything about (thousands of ’em sometimes) because you are located in an urban setting become visual noise that get ignored
• Auto-containment sounds nice- until you lay waste to a network switch or an important client after putting faith in a tool that promises not to do the bad thing that it just did
• Trying to figure out how your WLAN security posture might be so deficient with your own vendor’s native capabilities (that you spent big, big coin on) that you still need an expensive overlay is a miserable task

But I realize that these are MY issues. Again, no reflection on AirMagnet (or 7Signal, or AirTight).

What immediately looks nice with Air Magnet Enterprise:

• Can be set set up in VM
• Uses a mix of pretty sweet looking hardware sensors and software agents
• Transactional stuff feels like it might be 7Signal-esque
• Hardware sensors can do wireless backhaul where wiring is difficult/cost prohibitive (yes!!)
• Full-time security scanning versus APs that only do that as a small percentage of their operational time
• Scales well for large environments
• It’s Air Magnet- which implies maturity of feature set and good design (to me, at least)

It’s hard to say much more about it without trying a tool like this. And if you’re busy or don’t feel obvious performance or security pain, it’s hard to make the time or case for something as involved as an Enterprise trial done right. At the same time, WLAN is the preferred mode of access for a growing number of complicated environments with PCI/HIPPA/etc. concerns that are also likely BYOD hornets’ nests that might be distributed over a number of sites that aren’t easily covered by limited IT staff- and so I can picture a client base (but it’s likely to be a small fraction of the number of WLAN environments that have bought other AirMagnet products).

Personally, I’d love to see a major WLAN vendor or two completely scrap their own performance/security suites and partner with specialists like Air Magnet or 7 Signal for that side of the total solution.