802dotMe

Caffeinated thoughts about wi-fi and our world

Resource Unit Allocation for Downlink OFDMA

Previously, we examined the method used by 802.11ax access points to communicate OFDMA resource unit (RU) assignments to client devices for uplink transmission of data. This post will explore RU assignments for downlink communication—that is, from the AP to the to the clients.

Because multiple STAs are intended as recipients in downlink OFDMA, the AP must coordinate which RUs are assigned to which STAs, and how those RU assignments are organized in the frequency domain. The SIG-B field in the HE_MU_PPDU contains two subfields used for this purpose:

  • Common Field: Used to communicate how RUs are organized within the channel, using an 8-bit binary code. A table for decoding this assignment for a 20 MHz channel is shown below. The Common Field also contains subfields for communicating the use of the center 26-tone RU in 80 and 160 MHz channels, as well as subfields for the CRC and tail.

  • User-Specific Field: As you might guess, this is where per-STA info is held (STA-ID, MCS, etc.)

Example:

An OFDMA AP using a 20 MHz channel has data for four OFDMA STAs. In the RU Allocation subfield of the Common Field within the SIG-B field of the HE_MU_PPDU, it sends 00111000, meaning that the channel will be sub-divided into four RUs: Two 52 tone RUs, a 26 tone RU, and one 106 tone RU. The User Specific Field of the HE_MU_PPDU would further specify which STA is assigned to each RU, along with the STA-ID, number of spatial streams used, whether transmit beamforming applies, the MCS, etc.

A matter of time

This is fairly straightforward and easy to understand, but there’s another interesting aspect of OFDMA worth considering. In 802.11ax, we have to maintain backward compatibility with non-OFDMA capable STAs. This means communication must not only be aligned in the frequency domain, but also in the time domain—meaning that STAs share the same time allocation. Consider that that legacy (OFDM) STAs will still contend for the channel using CSMA. Supposing that a STA participating in a downlink OFDMA transmission was set to receive more data than the others, if the RF energy dropped to near the noise floor in the other RUs as data transmission ended, it’s reasonable to imagine that a legacy STA might not detect enough energy on the channel near the end of the time allocation and begin to transmit, causing a collision. OFDMA STAs are allowed to aggregate frames to fill the time slot, as well as employ fragmentation, but this still doesn’t prevent mismatched ending of data transmission among STAs. To avoid a potential collision in this scenario, padding bits must be transmitted at the same transmit power as the data bits though the end of the time allocation. I’ve created an animation depicting the addition of padding bits to a data transmission below.

Finally, Quantitative Wi-Fi Signal Quality Information Visible in iOS

A couple of people I know have already posted online about this topic, but I had already started this post when I saw those so I decided to go ahead and finish. But definitely don’t let that stop you from visiting those sites, such as My80211 by George Stefanick. He has a lot of great insights in WLANs from his widespread experience managing some pretty challenging Wi-Fi environments.

Nearly 45% of all web traffic in the Internet originates from mobile devices, and 40% of the North American smartphone market is iOS. This makes the iPhone a really important device when it comes to design and validation of WLANs, but until now, our options for “seeing the network” from the iPhone’s perspective have been very limited and cumbersome.

But Apple dropped an unexpected surprise for Wi-Fi professionals with the release of iOS 13: The ability to install a system diagnostics profile, which lets you see connection details such as channel and width, signal strength in RSSI, security parameters, latency to the gateway and Internet, and more. A system profile is typically used in managed enterprise and educational environments to configure and enforce device settings and behavior to conform to organizational policy. In this case, however, the profile is a way for Apple to “bring to the surface” some otherwise hidden system features. While it requires a few steps to setup, it’s not difficult, and doesn’t cost anything. This post walks through the profile installation process, and offers a bonus downloadable Apple Shortcut to keep it handy in the future.

Prerequisites:

Instructions:

  1. From your iOS device, tap here to login to the Apple Developer Program site and download the profile. You’ll be prompted to login, for two-factor authentication, and be asked to trust your current browser. Tap "Trust.”

  2. You’ll be prompted that you’re downloading and installing a device management profile. Tap “Allow” to continue.

  3. If you have an Apple Watch, you’ll be asked on which device the profile should be installed. Choose.”iPhone.”

  4. Once the profile downloads (it only takes a second or two), you’ll see a notification that the you can review the profile in the Settings app. Tap “Close” to continue.

  5. Your browser will look like it’s stuck, with a spinning wheel. This is normal; just ignore it and open your Settings app from here. On the main page of Settings, just under your Apple ID login, you’ll see a new line item that indicates a profile has been downloaded. Tap here to view the profile. If you’ve previously installed it, you’ll see an option to remove it here.

  6. Tap “Install” to continue. You’ll be prompted to enter your iPhone passcode.

  7. Almost there! On the next screen you can review the consent form, which explains that the Wi-Fi Diagnostics Profile you’re about to install generates various log files that may contain information such as the BSSID for your wireless associations, which may be sent to Apple with your approval. You also consent to Apple’s privacy policy, and are warned not to redistribute the profile. In this case, we’re only linking to the profile on Apple’s web site, not redistributing it, so there’s no violation of the agreement. One other important note: The profile will expire after 31 days, so you’ll need to reinstall. it every month, or as needed. More on that below.

  8. You’re finished! That was easy.

Using Wi-Fi Diagnostics

Once the profile is installed, you’ll see a new line item in Settings under the Wi-Fi called Diagnostics Mode. This is where you would save the log files if you were sending data to Apple Support. Ignore this.

  1. In the Settings app, under Wi-Fi, tap on the associated SSID (diagnostics are only available for the associated SSID).

  2. Tap “Diagnostics” to access real-time statistics about the connection. Information here is read only, and there’s nothing you can drill into for more information, but it’s a wealth of data compared to what we had before and more than we can easily get from most client devices.

About That 31 Day Expiration Thing…

IMG_0855.jpg

As mentioned previously, the profile will expire after 31 days. You can’t change this, so the only option is to periodically re-install it. The good news is that once you’ve done it the first time, it’s easy to do the next time. For a little added simplicity, you can use another new-ish Apple feature to put a shortcut on your home screen to the profile so you don’t have to mess with a bookmark in your browser. It’s also a nice reminder to re-install the profile periodically. I’ve provided a link to install this below:

NOTE: The link I’ve provided installs a pre-made Apple Shortcut created by me. There’s not much to it, and you can alternatively just use the Shortcuts app to create one yourself. If you download the one above, however, you’ll need to tell your iPhone to allow untrusted shortcuts. Before you can do this the first time, for some reason Apple makes you launch the Shortcuts app one time and run a shortcut (any shortcut). From there, you can open Settings, scroll down and open Shortcuts, and enable “Allow Untrusted Shortcuts.”

OFDMA Resource Unit Mapping: Where exactly is that client's transmission?

Wi-Fi 6 (802.11ax for the purists) ushers in several improvements related to the efficiency of Wi-Fi. One of the most notable is the introduction of Orthoganal Frequency Division Multiple Access, or OFDMA for short. OFDMA in Wi-Fi is adopted from 4G/LTE technology, which has used it for several years, and is a method of modulating data onto a frequency band by sub-dividing a channel into smaller resource units (RUs) in order to allow transmission to or from multiple client stations at one time. For a detailed, technical explanation of OFDMA, as well as the other improvements to Wi-Fi in the 802.11ax amendment, refer to this white paper by Aruba Networks. This post will focus on RU allocation for uplink data (from Wi-Fi 6 clients to the AP)—specifically, how to determine where in the channel a specific client device is transmitting during a transmit opportunity.

A Wi-Fi channel is made up of tightly spaced subcarriers, or tones, which can be used to modulate data, used as pilot tones, or used as guard bands. Until now, (with OFDM) a single station at a time would contend for and win a transmit opportunity (TxOp), and occupy the entire channel width even if it didn’t need it. In an OFDM 20 MHz wide channel, the are 64 subcarriers—52 of which can be used for data. With OFDMA, the number of subcarriers increased by a factor of four to 256, but the spacing between them also decreased by a factor of four, maintaining the channel width. OFDMA organizes data subcarriers into RUs for both uplink and downlink transmission, so that when multiple Wi-Fi 6 client devices are associated to a Wi-Fi 6 BSSID, each client can use a different RU instead of the entire channel which facilities the frequency multiplexing that allows for simultaneous channel access. The minimum RU size is 26 tones, and 52, 106, and 242 tone RUs are available as well with 20 MHz channel widths. 40 MHz wide channels offer a maximum RU size of 484 tones, and 80 and 160 MHz channel widths additionally allow for a 996 tone RU. On a 20 MHz channel, using the smallest 26 tone RUs, up to 9 client devices could simultaneously send or receive at the same time (with 2 MHz of channel bandwidth each). The AP makes the decision about how to allocate RUs to clients, as well as which RU size to allocate to each client, and these can change from TxOp to TxOp. As a bit of a side note, the amendment allows each AP manufacturer to decide how it will allocate RUs, so it will be interesting to see how manufacturers are able to refine their algorithms to find competitive advantages.

Once RUs are allocated, assignments are communicated to client devices in either the HE MU PPDU for downlink communication (a topic I will cove in a separate post), or in a trigger fame to coordinate uplink communication. We can examine trigger frames to see the RU allocations by looking at the User Field, which contains the information unique for a responding uplink multi-user STA. It starts with the STA ID (assigned by the AP at association), followed by the RU allocation, coding type (BCC or LDPC), and the MCS the STA should use to transmit the PPDU. The RU allocation subfield is the most interesting part (at least for this blog post) and consists of a 7 bit binary encoding. This code maps to a specific, relative location and RU size within the channel, regardless of frequency or band. I’ve created RU allocation maps for 20, 40, and 80 MHz channel widths* below. Feel free to use these as a reference for your frame analysis and troubleshooting work as needed. High-resolution versions can be downloaded as well at the bottom of the page.

*An RU map for a 160 MHz channel gets pretty unwieldy in term of size. RUs can be derived the same way, and I may revisit this later if I find a way to make the map readable on a single sheet of paper or screen.

20 MHz RU Map

40 MHz RU Map

80 MHz RU Map

Example: An AP wins the TxOp, and issue a trigger frame to initiate uplink OFDMA communication on a 40 MHz channel from three associated Wi-Fi 6 clients. Looking at the User Field, we see that there is an RU allocation for each as follows:

Client       RU Allocation
Client 1     0111101
Client 2     0111011
Client 3     0111100

Referring to the 40 MHz RU Allocation Map above, we can see that Client 1 has been assigned a 242 tone (20 MHz) RU on the lower half of the channel. Client 2 and Client 3 have each been assigned an 8 MHz RU on the upper half of the channel. You now have a physical point of reference when comparing frame captures to signatures in a spectrum analysis, for example. Pretty cool. Let me know if you have any thought or comments.

Beacons Beckon in the Next Generation of Customer Experience

Aruba Atmosphere is one of the coolest geek experiences to be had. Conference organizers go out of their way to ensure attendees are engaged, entertained, and educated from the moment they leave their hotel rooms for breakfast until they drag themselves back late at night (or the next morning). Not many convention facilities can accommodate the world’s largest mobility conference—especially when extra plans are made for a VR gaming arcade, extra space is reserved for tables of delicious hors d’oeuvres in the technology exhibit areas, and live, professional musicians open keynotes and perform in common areas during breaks. 

Atmosphere 2017 was held at the Gaylord Opryland Resort in Nashville, which was the perfect venue in terms of size and amenities. But the Opryland Resort is huge. Bigly. Seriously, if you haven’t been there, it’s difficult to describe its enormity. Multiple, giant, atriums are connected by a maze of corridors to accommodate nearly 3000 guest rooms, 15 restaurants, 85 event rooms, and ballrooms as large as 150,000 square feet. Pleasing your Fitbit is the least of your concerns. 

For HPE Aruba, who seems to relish opportunities to prove the mettle of its solutions in high risk/reward situations, the Opryland Resort was the perfect facility to showcase how much progress has been made with Meridian Apps in wayfinding and customer engagement.

The Meridian mobile app platform, which Aruba acquired in May, 2013, is the industry leader in indoor, location-based services using Wi-Fi and BLE beacons. It aligns tightly with the company’s vision for enhancing user experience at the mobility edge by providing accessible and easy-to-use tools to create and improve mobile apps that engage users and the mobile devices they’re already carrying.

At Atmosphere 2017, not only were Meridian-driven solutions freely available to attendees, they were arguably indispensable. In my case, it took over twenty minutes to briskly walk from my guest room to the ballroom where the keynote presentations were held, and that’s only if I took the most direct route. With a mind-numbing maze of hallways, atriums, bridges, escalators, and staircases, it was quite easy to find one’s self lost or late.

Prior to the conference, Aruba’s planning teams created a custom conference app for iOS and Android that contained not only highly detailed (yet easy to read) maps of the entire property, they included blue dot wayfinding. This created an equivalent to “indoor GPS” via the placement of dozens—of not hundreds--of Aruba Beacons throughout the resort. Within an hour of my arrival, I gave in to temptation and installed the app. From any non-guestroom area (presumably as an attendee safety measure beacons were off-limits near rooms) my location was nearly pinpointed, and by typing in a search term or selecting a point of interest from a list, turn-by-turn directions were at my fingertips to ensure I didn’t miss a minute of the action. By integrating conference registration databases on the back end, I could even locate my friends and colleagues if they chose to share their location! Need the hours or menu for a restaurant? Meridian Apps make it easy to incorporate contextual data based on location. Not sure where to catch an Uber or Lyft? Just ask the app.

Not every retail or hospitality organization shares Opryland’s complexity driver for location-based services, but Aruba has made Meridian’s tools easy enough to use that much of the work can be handled by non-IT staff. 

Meridian Editor has a new look if you haven't seen it in awhile.

Meridian Editor is a cloud-based hub of sorts that organizes and updates content for Meridian-powered solutions.  Within Editor, AppMaker lets users customize templates to create cross-platform mobile apps in hours instead of the weeks it takes using traditional “from scratch” development methods. In addition to wayfinding, frameworks are built-in to provide quick roll-out of directories, list pages, calendars, web pages, etc. As such, the apps can transcend turn-by-turn directions and become discovery portals that surface rich, contextual content when and where users find it useful. 

This combination of ease of use and flexible functionality presents practical use cases for a broadening set of entities. Retail stores could take advantage of Meridian’s analytics to measure the success of display racks, better understand traffic patterns, or use push notifications to promote targeted campaigns. Hospitals could build easy-to-use apps for guests to locate patients and loved ones to track vital, up-to-date information. Schools could provide easily updatable directories of facilities and navigation assistance to new students. For those who have already invested in mobile apps, the Merdian SDKs allow developers to incorporate these powerful features without starting over. 

One caveat: Wayfinding drained my iPhone 7+ battery at an alarming rate, and several other attendees I spoke to noticed the same thing across multiple mobile platforms. Radio use represents a significant power consumption challenge for mobile devices (one of the main reasons we don't see more advanced Wi-Fi chipsets in our phones and tablets), so this wasn't entirely surprising. Still, the average user will be taken aback by a 20% battery drain in 30 or so minutes, so efforts to make this technology more power-efficient will be required for it to become truly mainstream. 

Overall I was won over by the usefulness of Meridian Apps at Atmosphere and convinced of its potential in the market. I look forward to Meridian Apps solutions appearing in app store updates at an increasing rate over the next few months, and can’t wait to see how some of the more creative minds out there keep us engaged.

Cloud Management Central to Aruba’s Future

A recurring theme at Atmosphere 2017 was that innovation at the Mobile First edge is occurring at a breathtaking pace, and the keynotes, sessions, and demo opportunities showcased that mindset everywhere I looked. This year I was part of a team privileged to attend several deep-dive sessions presented by HPE Aruba business units, and the developments around Aruba Central are too compelling not to mention.

For those unfamiliar with Central, it’s Aruba’s cloud-based platform for management and monitoring of its access-layer network solutions—specifically Aruba Instant access points and certain switch models. It’s a rather straightforward solution: Simply have the equipment shipped to a location where Internet access is available, and provide basic guidance to someone on-site (no engineer required!) on connecting the devices with patch cables, and within a few minutes the devices check-in with the Central cloud. Configuration can occur remotely via any modern web browser. The only other real ingredients required are DHCP and some reasonable firewall allowances.

Once configured, switches and access points are monitored with much of the same visibility as AirWave. In fact, Clarity has been incorporated into Central as a tab, providing rich insights into performance of devices and behavior of users on both the wired and wireless networks. If guests are having trouble connecting via a captive portal, or if DNS is having problems (because it’s always DNS, right?), Clarity surfaces those issues in a way the clearly identifies the issue and organizes the data so it’s actionable. Clarity also brings synthetic testing of the wireless network by allowing an access point to pose as a client device in order to gauge performance and test connectivity remotely before the real client devices even attempt to attach. These features are tremendous additions for many targeted users of Central: Network administrators who need to deploy and manage networks at scattered, remote locations such as retail stores, field offices, clinics, etc.

A Reporting tab allows a flexible array of reporting on network trends. These reports include network performance, PCI compliance, and security. They can be generated on-demand, or setup to run periodically and sent to a one or multiple email addresses.

Notifications can be configured to alert network admins to configured events of interest. These might include an access point going offline, rogue access point detection, or an attack on the network infrastructure.

One of my favorite features is integrated console access. Web management consoles are cool, and make life much easier when trying to summarize and visualize data or configure multiple devices via policy or template. But nothing replaces the good, old command line interface when it comes to sinking your teeth into a problem. And, no… menu-selectable commands don’t measure up (I’m looking at you, AirWave). Console cables don’t extend well over the Internet, however, so Aruba’s inclusion of an embedded, virtual console scores high marks in my gradebook of essential features. Without leaving Central, the command line is presented in most of its glory, without wading into flow control, stop bits, or parity.

As a big fan of web-based administration of infrastructure, the best part of Central from my perspective is that it represents the future of Aruba’s management, monitoring, and business insight solutions interfaces. Expect the things you love most about AirWave to continue finding their way into Central, and with Aruba’s massive investment in third party integrations via APIs, eventual connectivity with other great solutions that extend and improve functionality around guest access, security, and analytics. 

You can read more about Aruba Central here, as well as sign up for a demo account where you can add your own devices and experience it yourself. Let me know what you think!

Niara Represents a Strategic Shift in Network Security for Aruba

For years, network and security teams have faced an ever-vexing problem: Fighting threats using policy-based detection always in a permanently reactive posture. There is always a delta between the time a new threat is discovered and the time a policy can be deployed to guard against it. Heuristics have been used with varying degrees of success to help identify malicious files as they emerge in the wild, but this is an inconsistent approach in today’s context of ultra-mobile and IOT devices, BYOD strategies, and cloud computing. In fact, policy (think “definitions”) based approaches to security have become arguably less effective in recent years because of the contextual evolution of computing. Security Information and Event Management (SIEM) methodologies are increasingly adopted among larger and more sophisticated security teams as a result. A subset of SIEM solutions is one that focuses on gathering data about behavior of users and devices on the network and analyze them using machine learning and data analytics rather than attempting to match snippets of data streams against stored databases of fingerprinted threats. This is referred to as User Behavior Analytics (UBA).

The Niara dashboard

Until now, the mostly Hadoop-driven deployments of UBA solutions have been accessible only to organizations with deep enough wallets to deploy large, complex systems and employ large, erudite teams of security analysts. HPE aims to democratize information security with Niara, a which it acquired for an undisclosed sum within the last few months.

Niara differentiates itself from other UBA solutions with its ability to process network flows in real-time, rather than relying on log-file analysis after the fact. It’s analogous to detecting smoke from the ignition of a match versus scanning the call log from the fire department. In today’s security milieu, seconds can mean the difference between critical data being safeguarded or smuggled out the back door of the network. At Atmosphere 2017, I was part of a team privileged to attend several deep-dive sessions presented by HPE and Aruba business units, and Niara was one of the more impressive. It was apparent that their efforts to streamline, contextualize, and dynamically score network flows in a way that can be easily interpreted by employees who aren’t experienced security analysts will usher in a level of threat containment and data loss prevention to a much broader range of organizations. Niara’s dashboard presentation of individual user behavioral scores, along with the ability to quickly take action on them via ClearPass, was demonstrated during an entertaining keynote session as well.

HPE is already a consensus leader in network access control with ClearPass; additionally, the ability for Niara to natively integrate with the Aruba mobility components lays a peerless foundation for a consistent and actionable security posture--desperately needed as our devices become more diverse and less centrally manageable and the borders of our networks become more nebulous. As the integration of Niara with Aruba’s MobileFirst platform matures, we’ll soon see smaller organizations with leaner security teams deploying world-class SIEM solutions that would have recently been out of reach. Learn more about Niara here, and post back with comments if you’d like to discuss this topic further.

Machine Learning and the Future of Wi-Fi Management

While attending Aruba Atmosphere 2017, I was privileged to be a part of a team of Atmosphere Insiders who attended several deep dive sessions on emerging technologies within the Aruba Mobile First platform. Machine learning and analytics were on full display at Atmosphere, and it’s clear Aruba considers them to be central to the future of their formula for success.

One of the sessions that stood out most to me (as well as several of the other engineers in our group) featured RASA, a recent acquisition that started out as a company that deployed sensors to aggregate critical data points about the RF environment form disparate locations within a building or campus in order to make recommendations about controller and AP settings to improve performance. After being acquired by Aruba last year, the RASA team gained access to analytics gleaned from direct integration with the access point hardware itself, and the results should give pause to every enterprise Wi-Fi competitor in the market.

Why? For years, Wi-Fi manufacturers have developed and refined algorithms to gather and process data points about physical layer performance seen from the perspective of the access point (and to some degree, from associated client devices) in order to make decisions about radio transmit power and channel selection. In the Aruba world, this is known as Adaptive Radio Management (ARM). While ARM works really well in many scenarios, its decisions are based solely on the viewpoints of individual access points. As we know, that’s really only part of the equation when it comes to tuning RF parameters. Client devices often see things very differently down among the bodies and furniture where they operate, and those characteristics can change dramatically as the clients move around through the coverage cell. Good wireless engineers are adept at looking at the network from the perspective of client devices as well, and making further adjustments to compensate. Engineers also can begin to aggregate info from multiple APs and cells, but that data and resulting decisions are only valid until the environmental or situational variables change. It doesn’t take long for a new source of interference or a new usage pattern by a group of end users to invalidate many hours of predictive modeling by an engineer.

RASA offers to not only automate the data gathering and decision process that takes an engineer hours of manual work, but to aggregate it constantly and simultaneously across broad swaths of real estate and wireless spectrum. With millions of data points to examine, much better decisions can be made at both a local cell level and more macro levels as well. Of course, this kind of analysis and feedback is only possible with advanced levels of machine learning, and Aruba has positioned itself to do some pretty incredible things in the near future as a result of its forward-thinking investment in RASA.

As the 802.11x standard emerges in the coming months, the hardware and software will be asked to make increasingly granular decisions in order to benefit from the performance potential that will be no doubt be heavily marketed. Only manufacturers who embrace the promise of machine learning and analytics will be able to truly deliver on them. Aruba is demonstrating its leadership in this realm, and I can’t wait to see what’s next.

Aruba Is Killing the Maintenance Window

On March 1, 2017, over two thousand engineers, technicians, executives, and sales professionals attending Atmosphere 2017 witnessed the first public salvo in Aruba’s campaign to destroy the enterprise Wi-Fi maintenance window. In the boldest display of live demo confidence many of us in attendance had ever witnessed, Aruba CTO Partha Narasimhan and Director of Product Management Peter Lane announced--about 24 minutes into the keynote presentation--that a live upgrade to ArubaOS was occurring on the conference center’s wireless infrastructure as they spoke (and were literally streaming live video over wireless).

Nearly 2,000 client devices connected to three mobility controllers and 192 access points were unaffected as clients were dynamically moved between groups of APs across different controllers while firmware was delivered and applied, and devices rebooted. While the initial reactions of everyone I spoke to that day generally centered around the audacity of challenging the live demo gods so brashly, along with quiet murmurs about the obviously stellar level of confidence Aruba has in ArubaOS 8, the larger message was loud and clear: The infamous “network maintenance window” has been put on notice and its days are numbered. The innovations of the past few years have combined to deliver an unprecedented level of service and reliability that leap beyond mere enhanced user experience. We can more confidently than ever deploy wireless into scenarios with the strictest demands for uptime and reliability.

Aruba calls it Live Update, which conjures memories for me of long days and nights spent monitoring Symantec anti-virus definition rollouts in my younger days, but the moniker is perfect for what’s taking place on Aruba’s wireless infrastructure. It’s now possible in enterprise Aruba wireless environments to upgrade access points, controllers, and supporting software components without somewhere between zero and negligible impact on end users.

There are many obvious scenarios for which this is a game changer, but my thoughts immediately go to the healthcare customers I support—particularly hospitals and other 24x7 patient care facilities. Even in smaller hospitals, emergency rooms operate all day and night. The frailty of human life has no regard whatsoever for an IT department’s need to periodically flash firmware on an access point or ten, which has historically led to both a reluctance to use Wi-Fi for life-critical systems, and notoriously difficult maintenance windows that call in IT staff for 3 AM planned outages whenever they’re granted. While Live Update won’t eliminate maintenance windows for other systems such as network switches or specialty patient care systems, it removes one more significant obstacle in the network management lifecycle and potentially brings wireless into a service level class on par with virtualized, redundant data center systems.

Live Update is made possible by a few recent ArubaOS innovations you may already be familiar with. Just like in the data center, clustering provides a coordinated set of control plane appliances. AirMatch gives Aruba a superior level of radio resource management to provide a healthy environment in which to selectively upgrade and reboot access points. Backup “copies” of client sessions are kept on multiple controllers for allow for a seamless end user experience. ClientMatch further ensures the seamless experience by facilitating unprecedented visibility into how client devices “see” and use the network so controllers know the best way to selectively move clients from one AP to another.

As other mobility innovations settle into place over the coming months, including 802.11ax, as well as security and network intelligence analytics from Aruba’s recent acquisitions of Niara and Rasa, enterprise wireless will further evolve from the access medium of choice into the access method of trust. Over the next few weeks, I’ll explore some of these exciting developments, and what they mean for enterprise Wi-Fi.

What NetWare Taught Me About AirCheck Upgrades

I have learned a few tricks over the years to make my life a little easier by way of managing change. My pastor used to refer to the wisdom of "older players" who had learned to avoid making life unnecessarily difficult for themselves. One professional example of this (learned the hard way on a couple of occasions) is to be careful about when and how I apply firmware or software updates to critical systems and tools. I cut my teeth professionally as a server admin for a couple of big energy companies years ago, and learned all about change management in a very demanding environment. To this day, no matter how excited I am to try newly released code, experience has taught me to wait until I'm finished with the current project, report, or deadline before pressing the launch button. But good maintenance habits go beyond scheduled outage windows, and at times a relatively trivial procedure can remind us that best practices are best practiced with minimal exception.

What Happened

By the end of the week I was more than ready to check out the new features in the AirCheck G2 firmware version 1.1.0.1374 released a few days prior. I decided to wait until my usual Friday night window for personal device maintenance. This upgrade was a nice reminder why that patience is a good idea, and why even more patience almost always pays for itself.

To upgrade a NETSCOUT AirCheck G2, you connect the unit to a Windows computer running AirCheck G2 Manager software via the supplied USB cable, which in addition to facilitating device updates, allows you to download saved session files, backup device profiles, and offload screenshots. When I connected the AirCheck and clicked the Help button on the lower left, I browsed to the Device Info > Firmware Update section just to double-check the process. It's straightforward enough: Browse to http://www.netscout-f.com/downloads for the latest firmware download file and click the Update AirCheck G2 Firmware button in the Manager software's Device Info tab. Follow the instructions and don't do anything stupid like interrupt the process. Got it.

Latest Aircheck G2 downloads

Latest Aircheck G2 downloads

When I browsed to the download site, I also picked up a new copy of AirCheck G2 Manager (version 1.1.372), the release notes, and a copy of the latest Vendor MAC Prefix file. Insert ominous foreshadowing sound effect here.

Ummm... Something's up. There's ALWAYS a lot of Fi in my house!

Ummm... Something's up. There's ALWAYS a lot of Fi in my house!

The firmware update process seemed to go as planned with no indication of any problems. The instructions tell you to wait for the AirCheck to reboot, wait for it to update, let it reboot again, let it update a little more, and then wait for it to return to a connected status with the Manager software. After that you should be able to disconnect the AirCheck and move along your merry way. After my unit re-established its connection to Manager, I went ahead and transferred the new Vendor MAC Prefix file, which is nothing more than a plain text mapping of MACs to manufacturer organizationally unique identifiers. It never hurts to be up to date. When I disconnected from my laptop, however, something was immediately amiss.  The AirCheck didn't appear to be scanning, and the AutoTest and Ethernet Test buttons were grayed out.

Firmware updates being what they are, I reminded myself I had an entire weekend to roll back or find a fix. I referred to the release notes, which suggested that if those very two buttons were grayed out after an upgrade, a simple reboot would restore order to the AirCheck's world. Unfortunately, a couple of attempts later I found myself still scratching my head and wondering what my best, next options were. I re-downloaded the firmware file, reconnected the AirCheck, and tried again. Rinse and repeat; no luck. The Manager software showed the new firmware version applied, but my device seemed, for lack of a better term, hung or frozen. It was then I remembered that I'd violated one of my own principles of systems management: Whenever updating critical components, do one thing a time if at all possible. Nothing warned me against applying the new Vendor MAC Prefix file before disconnecting my unit after the firmware update, but "older players" should know better. 

“...the same principles apply as when I was doing Saturday morning patches and DSRepairs on Novell file servers at Conoco 15 years ago.”

Digging though my downloads, I also noticed that my Prefix file had been automatically renamed by my file system due to a duplicate file name. In the abundance of caution that inevitably prevails in the wake of a sideways upgrade, I saved the previous copies to another directory, re-downloaded the file (just in case), re-connected the AirCheck, and applied the update. A few seconds later everything was back to normal, and I could check out the cool new features in version 1.1.

The 802dotKey

The real point of this post isn't about the firmware and Vendor MAC Prefix file updates of NETSCOUT's AirCheck G2. I can't even say for certain whether I uncovered the true root cause--it may have just been a fluke (no pun intended). I only included all that detail in case it does help others if they find themselves in a similar situation. My true motivation was a quick reminder to myself and others to practice good system management and maintenance habits at all times. This may have been just an update for a personally owned wireless analysis tool, but the same principles apply as when I was doing Saturday morning patches and DSRepairs on Novell file servers at Conoco 15 years ago. Be deliberate. Be precise. Give yourself recovery options. And don't make things more complicated than they need to be. Not only does this reduce the likelihood of encountering problems along the way, it significantly simplifies the troubleshooting process when something unexpected does take place. All these years later I still occasionally need that reminder, but I'm thankful this time it was gentle and confined to the scope of my own anxiety. One of these days maybe I'll carry the more permanent wisdom of an older player.

Frontera's Wi-Fi Stand Reframes Temporary WLAN Deployments

It seems like I could begin every blog post by referring to the growing demand for ubiquitous access to Wi-Fi, and every day there seems to be less hesitation to ask for wireless access everywhere a few people might gather. At times, wireless professionals are tasked with deploying a network in a temporary location for conferences, large public meetings, outdoor festivals, etc., and very few good solutions to properly securing and orienting an access point have existed until now. Based on some hands-on time with the this product, that changes with the introduction of the Wi-Fi Stand by Frontera Consulting

What Exactly Is It?

Wi-Fi Stand is actually not a full, adjustable height stand. Rather, it's all the "hard parts" about temporarily mounting an AP assembled into an easy to store and deploy solution that you can attach to the style and size of stand of your choosing.

The frame consists of 1/4-inch industrial-grade PVC plastic, cut to outer dimensions of 12 inches by 8 inches, with an inner opening of 10 inches by 6 inches. On the inside-top, they've attached and aluminum 24mm rail designed to replicate the most common acoustical ceiling grid rail sizes. This clever design allows easy attachment of most enterprise-grade access points with minimal effort, as nearly all of them include either built-in clips or a simple add-on bracket to facilitate such installation. The bottom of the frame includes a vertically, oriented, female-threaded cylinder that allows for quick attachment to a 1/4-inch #20 male thread found on a wide-range of collapsable tripod stands

I happen to own a couple of 12-foot tripod stands that were designed for photography lighting, but would be well-suited for an indoor or outdoor WLAN setup for a day or three. For my hands-on review, I opted to just use a common, 60-inch camera tripod, to which the Wi-Fi Stand attaches in seconds. Keep that in mind for smaller, lower-density scenarios when suspension of an access point well-above head-level isn't required. One Wi-Fi Stand and a lightweight tripod may be all you need.

How Does It Hold Up?

In short, it holds up very well. When I first heard about the Wi-Fi Stand I knew I was immediately interested, but I was also anxious to get my hands on one to check out its stability and durability. This had nothing to do with any suspicion of manufacturing quality. I was curious to see how Frontera Principal and Solutions Architect Drew Lentz and his team balanced an RF friendly design with sufficient strength and stability under a real-world load. Let me explain a bit further: The Frontera team clearly knows a thing or two about successful RF design and implementation, and one thing wireless professionals are very careful about is keeping foreign metal objects away from an access point whenever possible to avoid attenuation, scatter, and reflection problems. By choosing a rigid frame of PVC plastic, and using aluminum only for the mounting rail and tripod connector, the Wi-Fi Stand takes great care to avoid any such potential issues. 

I tested the Wi-Fi Stand using two enterprise-grade access points that would be considered well-suited for temporary wireless deployments: Aerohive's AP130, and Cisco's AP-1832i. At one end of the size and weight spectrum, the relatively diminutive AP130 is an 802.11ac 2x2 access point that measures a mere 4.5x4.5x1 inches, and weighs in at 1.14 pounds. It's built-in grid-ceiling mounting clips fit nearly perfectly on Wi-Fi Stand's 24mm mounting rail, which allows for easy attachment and removal without any sense that the AP could accidentally come loose and fall.  By contrast, the 3x3 MU-MIMO Cisco model checks in at 8.3x8.3x2.6 inches, and a hefty 3.69 pounds (including the required ceiling grid mounting bracket). The larger AP1832i still attached and removed without much trouble, although the most secure attachment will require adding an additional screw to the Cisco grid ceiling bracket after it's affixed to the Wi-Fi Stand rail. Neither access point exhibited an unexpected amount of wobble--either at the attachment rail or the tripod stand connector. 

I carried the full assembly with each access point around a large room to get a feel for how everything holds together when everything isn't standing perfectly still and upright. With the smaller Aerohive AP130 this was no problem, but I recommend a little more care with heavier equipment. While the Cisco 1832i never came free, bent, or broke anything, over time I can foresee lateral stress on the mounting screws between the 24mm mail and the PVC frame becoming loose if carelessly moved around with a large AP attached.

Should I Own One?

Overall, I found the Wi-Fi Stand  to be a very usable solution for most temporary Wi-Fi deployment scenarios. It's ability to securely accommodate a wide range of enterprise access points at an affordable price, without a large halo of signal-mangling metal, offers a great option for wireless pros needing to provide access where permanent mounting solutions are not possible or practical. If this describes you, go ahead a purchase one (or as many as makes sense). 

Wi-Fi Stand ★★★★
Frontera Consulting
www.wifistand.com
$36

This was an unsolicited review of a product I purchased. I was not compensated in any way, and have no business relationship with Frontera Consulting. That said, Drew Lentz is a pretty good dude, and you should get to know him.

Video Blog: ESS Quick Tip - Easy Single-Image Exports

Occasionally, I will post video-blogs when I have something on my mind and (as is often the case) a lot of time staring out my windshield. Today I offer some thoughts on an easy way to quickly export higher-quality heat maps of large area drawings from Ekahau Site Survey while driving to southwest Colorado for the weekend.

How to easily get high-quality single-image exports of large drawing areas from Ekahau Site Survey .

WLAN Professionals Conference Awards

In this newbie's opinion, they represent something bigger than glass plaques

In case you missed the announcement by Keith Parsons at the conclusion of the Wireless LAN Professionals Conference, two awards were presented. Andrew VonNagy was named WLPC Person of the Year, and Devin Akin was given the WLPC Lifetime Achievement Award. Both were met great applause, and both are far more than merely deserving of the honor. 

In a way, I feel a bit awkward writing this post, as most of the people in the wireless community have known Devin and Andrew on a more personal level, and for much longer, than me. In another way, however, I think it's okay, and in trying to explain why I hope I'll drive home my point about why a couple of hundred people were so happy to see them recognized. 

Devin may be the very reason I decided to focus my career on Wi-Fi. A few years ago, while he still worked with Aerohive, I reached out to him via Twitter in sort of a Hail Mary attempt to help a customer. My company, a VAR in Oklahoma City, had recently become an Aerohive partner and our team was... Let's just say we were all trying to "get up to speed" as fast as we could with a new wireless product line. Internal red tape kept us from getting lab gear in a timely manner, and we were trying our best to implement for customers while figuring things out on their gear as we went along. I was feeling pretty frustrated, and knew if we could just get some better hands-on time with our own equipment we'd be miles ahead.

I don't remember what exactly I asked Devin, and he probably doesn't even remember this interaction. But I do remember to this day exactly what he said back in a direct message: "Hey, Josh. Send me your home address. Expect a box at your house in a couple of days." Like clockwork, I arrived home about 50 hours later to a box on my porch with three access points, a USB stick, and a license key to HiveManager. The equipment and licensing did the trick. We labbed some APs, and figured out some things in short order. Much more significantly (for me, anyway), I discovered in that moment of generosity a community of people unlike anything I have encountered in my 20 years in technology. 

Andrew, to me, is sort of a wireless prodigy who has forgotten more about 802.11 than many of us will ever know. I do know that I enjoyed meeting in person this week someone I've seen over and again share mountains of information about how this stuff works, and isn't afraid to equally encourage and admonish people in the WLAN community for the sake of moving everyone forward. I have no idea how many hours/days/weeks he's spent developing capacity planners and writing whitepapers, but he didn't have to do any of it. It would have surely been easier to keep it all to himself and cash big checks for being a Wi-Fi wunderkind.

Most importantly, Andrew and Devin represent perfectly what makes the WLAN community so special. That dozens of engineers from around the world regularly go out of their way to inquire, contribute, brainstorm, debate, and collaborate for the good of an industry (and each other) is not only remarkable, it's almost mythical. You just don't see it other places. The best part is, it's self-perpetuating because of its openness. Long before I ever met most of these people in person, they were answering my questions and encouraging me to contribute what I could as well. This not only ensures the long-term success of the community, but for many of us inspires us to do more to develop our craft and push our own boundaries. (And thanks, Lee Badman, for talking about this at the conference.)

My place as a relative newcomer (I sat in the shadows on Twitter for a couple of years before I ever engaged, and this was my first WLPC) doesn't qualify me have an opinion on the merits of either honoree. But I think it does speak directly to the larger theme: The WLAN community is great because of the word "Community," and not "WLAN."

Much thanks to all of you, who I look forward to learning from and helping where I can. And hats off to Devin and Andrew for all that you represent.