Professional Documents
Culture Documents
Executive Overview
The combination of central Intel IT developed a new management and support structure for wireless
IT engineering expertise, a LANs (WLANs). We consolidated first-level support and centralized the WLAN
set of global guidelines, and a engineer workgroup as well as device management. We manage the WLAN as
centralized management platform an integrated service that enables centralized control of the WLAN, using global
allows us to deliver a highly tools for centralized monitoring, reporting, and configuration. This approach
provides all stakeholders with a common view of the components of the WLAN
available service with minimal
service and the network.
support staff.
Our centralized WLAN management system inventories and wireless adoption trends,
offers several benefits to IT. to IT and other Intel groups, supporting
informed business decisions.
• Increases efficiency. Previously, local
WLAN configuration changes required • Enables us to be supplier-independent.
five minutes per access point; the central The system’s simple user interface allows
WLAN management system reduces non-specialists to monitor and diagnose
this to just five minutes per building. simple WLAN problems without learning
Replicated across 150 sites, we can supplier- and equipment-specific commands.
greatly improve efficiency. We can add new equipment and OS versions
with minimal retraining of personnel.
Mike Mauch • Uses global configuration templates.
IT Manager, Intel IT Common templates apply to the entire Our WLAN management system is the first
global network, which enables us to wholly centralized managed service within Intel
Gary Veum efficiently make configuration changes, IT. The combination of central IT engineering
Network Specialist, Intel IT verify configurations, and monitor for expertise, a set of global guidelines, and a
unauthorized configuration changes. centralized management platform allows
us to deliver a highly available service with
Mario Vallejo • Enables reporting. Provides useful
minimal support staff.
WLAN Service Owner, Intel IT information, such as WLAN device
IT@Intel White Paper Managing a Global Wireless LAN
2 www.intel.com/IT
Managing a Global Wireless LAN IT@Intel White Paper
Central access to the WLAN management INDEPENDENT OF SUPPLIERS, EQUIPMENT Because our central WLAN management
Web interface allows valuable WLAN MODELS, AND ARCHITECTURES system is supplier-independent, if we determine
expertise to be applied across the entire Our central WLAN management system that a new supplier’s WLAN equipment offers
network. Because the WLAN depends on can accommodate multiple connectivity advantages, we can add that new equipment
many technologies and components, it is standards, suppliers, generations of with minimal retraining of those responsible
critical to give support engineers an end-to- equipment, and architectures, as shown for monitoring or troubleshooting the WLAN.
end view of all functionality. in Figure 2. The management view of the network remains
unchanged for the support engineers.
Master Console
Administrator
Connects to master console
or any individual server
Figure 1. All network functions are routed through management server clusters to the central wireless LAN (WLAN) console.
Site A Site B
Autonomous Access Points
WLAN Controller
(no controller)
Figure 2. Our system supports multiple suppliers, architectures, and connectivity standards. All network activity is routed to a single set of management servers.
www.intel.com/IT 3
IT@Intel White Paper Managing a Global Wireless LAN
DEVICE CONNECTION The central WLAN management system troubleshoot issues. Previously, identifying a
Each WLAN device on the network is organizes geographic sites into folders. user’s WLAN controller and AP could take 15
connected to the network manager using It is possible to set permissions so that minutes or more when the support engineers
Simple Network Management Protocol some regional network engineers can make had to connect to WLAN devices directly, but
(SNMP), Telnet, and/or Secure Shell (SSH), changes to only certain sites, although they with the central WLAN management system
and sends status updates through SNMP can see all sites. it takes just a minute or two.
trap alerts. We use SNMP to retrieve most If the Service Desk’s first-level support Support engineers can also use the WLAN
software and configuration information, team cannot resolve a problem they feel management tools to isolate issues for more
although some information requires using SSH resides in the WLAN infrastructure, the team accurate escalation. For example, a problem
and a command-line interface (CLI). Software escalates a trouble ticket to the network with authentication may involve the client,
upgrades and configuration changes use the operations group—a team of individuals a configuration issue, RADIUS, or even the
same combination of CLI and SNMP. who are the point people for day-to-day WAN. Support engineers can now diagnose
WLAN installations, management, and the problem’s subsystem and subsequently
SERVER REQUIREMENTS troubleshooting. If network operations needs escalate the problem to the correct specialist
WLAN management software is processor- assistance, they in turn escalate to the support group.
and RAM-intensive, so we refreshed our service owner, who is also responsible for
The system also helps first- and second-level
management servers to use Intel® Xeon® training, planning, and new deployments. The
support engineers close the greatest number
processor X5570. Taking advantage of this WLAN engineering team is the final step
of tickets possible, rather than escalate. Tool
processor’s built-in intelligent performance within Intel IT; however both the service
usage data indicates that support engineers,
and power management features enables us owner and WLAN engineering can open
as well as the service owner and WLAN
to regulate power consumption and minimize tickets with WLAN suppliers if necessary.
engineering team involved in escalations, now
the number of servers needed to run the
On average, from the almost 200 trouble depend on the WLAN central management
management software.
tickets that the Service Desk opens annually, to view user connection details and historical
only 3 to 5 percent are escalated to the service associations when dealing with a new
Managing a Global Network owner and WLAN engineering. Out of this 3 to problem—a trend that does not occur for all
The WLAN is Intel IT’s only centrally
5 percent, we further escalate about 5 percent Intel IT management consoles.
managed global network service. Other
of tickets to suppliers for additional support.
services have local management systems We plan to enhance the interface to the
or none at all. Additionally, the WLAN is trouble ticket system by providing a quick
SERVICE DESK method to cut and paste information for use
the only service that provides an instant
From the global scope and comprehensive in trouble tickets.
inventory, with all components, switches, and
network view that the central WLAN
APs enumerated on one screen and easily
management system provides, Service Desk Solving connectivity issues
available for detailed reports.
engineers can determine whether their current The most common WLAN-related Service
Role-based administration of the central ticket is an isolated instance or part of a Desk calls at Intel are related to connectivity
WLAN manager allows for multiple views wider pattern. issues. The central WLAN management
of the WLAN:
Additionally, the system’s global search system is especially helpful in diagnosing
• Global Service Desk engineers engine and graphical data representation help WLAN connectivity problems, as it provides
• Regional network engineers, who engineers identify a user’s location, media a view of all supporting systems. Figure 3
provide installation, day-to-day support, access control (MAC) address, client machine shows an example of a diagnostic screen
and alert consolidation information, current AP and roaming history, after a user reported poor performance. The
and other relevant information. The ability root cause was initially unclear, and neither
• High-level users, including the WLAN
to capture this information quickly, with a the client software nor the WLAN controllers
management group, WLAN engineering,
minimum of user interaction, has improved were able to provide any data pointers to help
and the service owner
the ability of Service Desk engineers to with troubleshooting.
4 www.intel.com/IT
Managing a Global Wireless LAN IT@Intel White Paper
However, the WLAN central management a local support engineer, who must find the Host Configuration Protocol (DHCP), and
system showed the client AP association rogue AP. The accurate location on a floor our Domain Name System (DNS), it is often
history and the low signal levels at which plan of each rogue AP helps the local person, difficult to determine the root cause of
the user was connecting. The support who may not be an IT engineer and therefore problems. In many cases, a single problem
engineer was then able to recommend that may not readily recognize Wi-Fi devices, find causes multiple alerts that obscure the
the radio frequency (RF) power levels of the the offending APs. original outage, and false alerts are also a
existing APs needed to be increased and problem. The central WLAN management
that 802.11a radios needed to be added Managing alerts screen consolidates related alerts so they can
to the existing APs due to the excessive Because the WLAN is dependent on so be double-checked for accuracy.
interference in the 2.4 GHz band from APs many subsystems, such as RADIUS, Dynamic
in surrounding buildings.
site that allows lab Wi-Fi users to register User Count on AP User Count on Radio
a cohabitation agreement, allowing them 802.11g 6 0
to use certain RF channels and service set 802.11n (5 GHz) 5 5
802.11a 1 1
identifiers (SSIDs). Local support engineers
802.11b 1 0
validate cohabitation agreements, which are Total 13 6
valid for 12 months, and the appropriate
information is electronically exported to the AP Information
central WLAN management system. Name: AL1
Uptime: 10 days 21 hrs 20 mins
Once the rogue AP list has been limited
Location: -
to suspicious devices, the central WLAN Type: Model X
management system applies simple filtering Controller IP Address: XX.X.X.XXX
www.intel.com/IT 5
IT@Intel White Paper Managing a Global Wireless LAN
Alerts are escalated from the central WLAN configuration control and global inventory
Trigger
management system to the Service Desk management as well.
Type: AP User Count
central event console—the point at which
Severity: Normal
Normal LAN, WAN, RADIUS, DHCP, WLAN, and other Limiting the number of standard designs
Duration: Warning
Minor
alerts are consolidated and parsed. Our WLAN design was developed by the
e.g. ‘15 minutes’,
‘45 seconds’, ‘1 hr 15 mins’ Major WLAN engineering group and is based on
Critical WLAN alerts are crucial to enabling the WLAN
four evolving WLAN generations. Limiting
Conditions support engineers to respond to WLAN
the number of standard designs allows
Available Conditions: User Count issues before they affect users. For example,
the engineering team to thoroughly test
if too many users are connected to one AP,
Add New Trigger Condition and understand each design prior to site
performance can degrade rapidly. To avoid
installations. Troubleshooting is easier, too,
this scenario, the central WLAN management
Option Condition Value because we have instituted a global set of
system can send out an alert if more than
User Count >= 25
configuration parameters.
25 users connect to an AP, as shown in
Figure 4. The network team can then Table 1 summarizes our current WLAN
Trigger Restrictions
evaluate AP coverage in that area and add design. Although we are transitioning to the
Folder: Top
an additional AP if needed. This proactive 802.11n standard, we manage the current
Include Subfolders: Yes No
approach minimizes support calls and three designs simultaneously because it
Group: - All Groups
increases user confidence in the WLAN. would be cost prohibitive to upgrade all
Alert Notifications sites whenever a new design is introduced.
Another important type of alert relates
Additional Notification Email Our central WLAN management system
Options: NMS to information and network security. Our
enables us to efficiently and successfully
Select All - Unselect All
central WLAN management system collects
manage several designs because it provides
WLAN user information that is then stored
NMS Trap Destinations: XX.XX.X.X a consolidated view of the entire WLAN,
in our configuration management database.
Select All - Unselect All including all equipment and software.
If suspicious activity is detected on the
Sender Address: network, operations can monitor the time
Centralizing revision control
Enter multiple email addresses of the form and origin of connection. If the suspicious
user@domain separated by spaces, commas, Managing three designs at the same time
or semicolons.
activity is related to a specific file, the user’s
can cause difficulties, because each design
historical record shows the amount of data
Recipient Email Addresses: is subject to its own operational bugs,
downloaded, which can then be tied to the
upgrade requirements, and hardware revisions.
size of the suspicious file.
Centralizing revision control allows at-a-glance
Logged Alert Visibility: verification of the many different components
STANDARD SITE DESIGN AND
underlying each configuration model, whether
Suppress Until Acknowledged: CHANGE MANAGEMENT
we are installing a new WLAN site or making
A global management system is a
revisions to an existing site.
requirement not just for our global WLAN
support organization, but for revision and
Figure 4. Specific situations trigger the
wireless LAN (WLAN) management system Table 1. Standard Intel IT Wireless LAN (WLAN) Designs
to generate automatic alerts, supporting
proactive problem management. Generation Variations
2 • Supplier A’s autonomous access point (AP) model using 802.11g with 802.1x, with no WLAN controller
6 www.intel.com/IT
Managing a Global Wireless LAN IT@Intel White Paper
36
Peak Demand
30 Off-Peak Demand
Users in Thousands
24
18
12
0
January March May July September November January
Figure 5. Usage reports can highlight where the wireless LAN (WLAN) is congested. For illustrative purposes only.
• New WLAN sites. The final step in Centralized WLAN management has also Engineers who spend more time trouble-
commissioning a new WLAN site is to enabled us to implement standard templates shooting WLAN issues take the WLAN
add the devices to the central WLAN for operational configuration. Rather than supplier’s, installer’s, or maintainer’s courses,
management system. Registration with setting parameters locally at the AP, the as appropriate. They also receive a four-hour,
and verification by the central WLAN template resides on the central WLAN instructor-led course on the central WLAN
management system allows the WLAN management server and all changes are management system.
service owner to check the configuration programmed and enforced network-wide.
Both training courses specifically address two
against the standardized configuration and The system’s auto-repair application runs
issues that can be problematic:
design. The system flags discrepancies overnight, checking that site configurations
for correction. Registration is the critical have not been changed locally. This • Timestamps. To provide global support,
difference between autonomous and central synchronizes sites with the templates and all timestamps must be consistent. The
control, and forces compliance checks that discourages local reconfiguration; changes system sets all timestamps to Greenwich
might otherwise be circumvented. not made through the central management Mean Time (GMT), which can be confusing
system are automatically reversed. to local support teams at first.
• Existing WLAN sites. We manage
software revisions centrally, using • Mindset. Engineers need to become
the network manager’s subsystem to TRAINING SUPPORT ENGINEERS accustomed to using a remote network
schedule and update each site and deliver We offer in-house training to support manager to obtain information from a
reports showing snapshots of all sites engineers and also encourage them to take local WLAN controller
and current revisions. This has allowed training courses from suppliers.
revision management to become a routine, Providing Reports and
We developed a two-hour, self-paced, Web-
controlled process rather than a highly based course for people who use the WLAN
Statistics
cumbersome engineer-intensive and management system infrequently and don’t The central WLAN management system
error-prone exercise. need comprehensive information. This course collects and summarizes WLAN usage
is targeted for management station views statistics, allowing support engineers
Prior to implementing the central WLAN
of the network rather than the intricacies of to easily prepare reports on bandwidth
management system, even a minor
each WLAN controller or AP type. The course utilization, simultaneous users, and usage
configuration update could take five minutes
uses an intuitive user interface and a simple trends. One trend is shown in Figure 5.
per AP. But our central WLAN configuration
reduced this to only five minutes per building. conceptual management model independent WLAN statistics are also useful to other
Replicated over 150 sites, this represents a of the underlying hardware generation. groups at Intel:
considerable potential for savings.
www.intel.com/IT 7
• Several teams have asked for wireless • Improved network security with easy
adoption trends, turning to Intel IT for access to user connection data. ACRONYMS
indicative statistics. • Ability to quickly troubleshoot WLAN issues, AP access point
• Site inventory reports are used frequently, regardless of where they occur geographically. CLI command-line interface
providing the number of APs or controllers • Ability to proactively resolve WLAN issues DHCP Dynamic Host Configuration
of a particular type or model. before they affect WLAN users. Protocol
• When planning upgrade cycles, the service • Ability to obtain a holistic view of overall DNS Domain Name System
owner can determine how many sites are WLAN health. GMT Greenwich Mean Time
running each WLAN model, allowing each
MAC media access control
site to make informed financial decisions
and use their resources effectively. RADIUS Remote Authentication Dial-In
This paper is for informational purposes only. THIS DOCUMENT IS Intel, the Intel logo, and Xeon are trademarks of Intel Corporation in the
PROVIDED “AS IS” WITH NO WARRANTIES WHATSOEVER, INCLUDING U.S. and other countries.
ANY WARRANTY OF MERCHANTABILITY, NONINFRINGEMENT, FITNESS
* Other names and brands may be claimed as the property of others.
FOR ANY PARTICULAR PURPOSE, OR ANY WARRANTY OTHERWISE
ARISING OUT OF ANY PROPOSAL, SPECIFICATION OR SAMPLE. Intel Copyright © 2010 Intel Corporation. All rights reserved.
disclaims all liability, including liability for infringement of any proprietary
rights, relating to use of information in this specification. No license, express Printed in USA Please Recycle
or implied, by estoppel or otherwise, to any intellectual property rights is 0410/JLG/KC/PDF 322971-001US
granted herein.