WHITE PAPER White Paper: How to Keep Your WLAN Healthy Keeping a wireless network healthy and performing at peak efficiency requires timely, actionable insight into emerging problems. Escalating demand and business dependence continue to stress WLAN availability and capacity while draining network operations and trouble-shooting resources. This whitepaper describes an easy way to verify WLAN reachability and performance, proactively fixing problems before they trigger helpdesk calls.» TABLE OF CONTENTS» Introduction» Stepping up to proactive health and performance monitoring» Understanding how AHC works» How AHC produces timely, actionable data» Leveraging the power of AHC» AirMagnet Enterprise Automated Health Check» About the Author» About NetScout 1 of 5
Introduction Escalating demand and dependence continue to stress business WLAN availability and capacity while draining network operations and troubleshooting resources. According to ABI Research, Wi-Fi enabled device shipments topped 5 billion in 2012, driven by smartphones, laptops, and other consumer electronics -- many of which enter the workplace as bring-yourown-devices (BYODs). This year, new draft 802.11ac devices will push the envelope further by tripling data rates and increasing use of the wider 5 GHz band. Employers are scrambling to slake thirst for airtime with network upgrades and higher density deployments, but keeping larger WLANs healthy and performing at peak efficiency requires timely, actionable insight into emerging problems, from wireless connectivity and congestion issues to equipment misconfigurations and network outages. In a wireless-driven workplace, oldschool reactive support must evolve to proactive practices that are more efficient and scalable. In order to do this, you need to be able to automatically verify WLAN reachability and performance, helping network operators to understand their network and then be able to quickly pinpoint and fix emerging problems when they occur before they trigger helpdesk calls. Stepping up to proactive health and performance monitoring Devoting your entire support budget to fighting fires under pressure is a recipe for disaster. As your network continues to grow, reactive resources will inevitably be exhausted, resulting in costly service outages. Making modest but strategic investments in proactive health and performance monitoring can reap big payoffs. In particular, instituting periodic reachability and performance checks can alert you to network misconfigurations and performance degradations, long before these smoldering troubles flare into large outages with high business impact. However, putting this proactive practice into place requires scalable, efficient tools. Dispatching staff to manually survey every inch of a large enterprise network is expensive far too expensive to repeat frequently. Instead, you want an army of continuously-available, geographically distributed Wi-Fi clients that can be remotely-instructed to run tests at any time including just before periods of peak demand when even minor troubles can turn into major expenses. AirMagnet Enterprise delivers 24/7 wireless intrusion prevention by using a distributed network of sensors to monitor an entire airspace for operational, security, and performance events. Although AirMagnet Enterprise sensors largely listen to traffic, they can also be instructed to spring into action for example, sending Wi-Fi frames to block detected intruders. This same sensor network can also be harnessed by AirMagnet Enterprise s Automated Health Check (AHC) feature. Understanding how AHC works AirMagnet Enterprise s AHC feature verifies WLAN availability, reachability, and performance from the perspective of a wireless network user. To accomplish this, an AirMagnet Enterprise administrator uses the console to put any mix of AirMagnet 52xx single-radio sensors, Series 4 R2 dual-radio sensors, and Software Sensors Agents into AHC mode. In AHC mode, each sensor behaves like a Wi-Fi client, following a fully-automated sequence of commands to simulate wireless user activity. To get started, AHC mode sensors connect to specified Service Set Identifiers (SSIDs) and access points (APs), thereby testing WLAN service availability and individual AP reachability. Furthermore, by connecting with specified security profiles and credentials, sensors in AHC mode can verify that each AP correctly enforces per-ssid security policies and that upstream authentication server(s) are reachable and operational. Once connected, sensors using AHC can initiate post-connect messages to addresses or URLs, inside and outside the network, invoking any combination of ping, trace route, FTP, HTTP, and HTTPS requests. This flexible remote test platform can be used to assess a wide variety of health and performance monitoring needs. 2 of 5
For example, AHC mode sensors can run administrator-defined jobs to verify that: Every AP is operating with acceptable signal strength and accepting new associations; Every SSID is accepting authorized users with proper credentials while rejecting others; Users on every floor of every site throughout a network are experiencing acceptable roundtrip latency; or Users of a given SSID (and only those users) can download test files from restricted FTP and HTTP servers. These are just a the few of many ways in which AHC can be used to enable proactive service assurance, isolate failures, or demonstrate compliance with security policies that restrict access. Note that when a sensor radio is put into AHC mode, it is dedicated to running health checks, but each sensor can run up to 5 AHC jobs at once. Dual-radio sensors can even support AHC jobs with one radio while concurrently monitoring for intrusions with the other radio. How AHC produces timely, actionable data The ability to initiate an infinitely configurable battery of tests through the AirMagnet Enterprise console and have them carried out automatically by remote sensors makes AHC powerful. But AHC is not limited to one-time tests. Rather, AHC audits can be predefined and invoked as-needed or at regularly scheduled intervals to produce timely, actionable data. Data Points produced by AHC Audits SSID of the WLAN under test MAC address of the AP under test Test Start Date and Time Connection Time Authentication Time Ping Time DHCP Address Time FTP Download Time and Speed HTTP Download Time and Speed HTTPS Download Time and Speed Sample Graph produced by an AHC Audit AHC audit results (above, left) may be delivered as raw data, exported to an Excel spreadsheet for trend analysis, and automatically graphed. For example, administrators can use the AirMagnet Enterprise console to select a floor or sensor and instantly view averaged AHC results for each SSID. Or, administrators can select an AP and pull up Excel spreadsheets containing daily, weekly, and monthly graphs (above, right). Having this kind of empirical data available for troubleshooting and trending can be extremely valuable. For example, emerging problems may be noticed through visual inspection, with easy access to historical data to pinpoint when on-going delays or failures first started. However, reams of test data really only become valuable when analyzed. This is where proactive analysis and alerting come into play. AHC audits can also be configured to generate AirMagnet Enterprise alerts to immediately call attention to detected troubles, including: AP/SSID connection failure Authentication failure Insufficient signal strength DHCP failure Ping response time exceeded, and FTP/HTTP/HTTPS download speed degraded. 3 of 5
Each alert (illustrated below) contains information about the sensor performing the audit, the affected AP, the test result and any threshold used to trigger the alert, and a description of the alert and common possible causes. In this way, administrators can receive an actionable heads up when any trouble is first detected by a regularly-scheduled audit. Further investigation is supported by AHC historical data and trend analysis and the ability to repeat any audit on demand or to quickly define and run a new test focusing on a single AP, SSID, application, and/or destination. Leveraging the power of AHC This kind of fully-automated, highly-scalable, infinitely-flexible health and performance assessment tool can be used to address a wide variety of business needs. In fact, AHC creates a new readily-accessible remote audit paradigm that can be extremely helpful to staff with different responsibilities, even within the same organization and network. Network operators can use AHC to spot common configuration errors that often cause connection, authentication, and DHCP failures. For example, an AHC audit may be configured to simply connect to a secure WLAN every 5 minutes. If a connection fails, events and data are readily available to pinpoint whether the culprit was an unreachable AP (configuration issue), unreachable authentication server (upstream connectivity issue), authentication failure (security credential issue), or DHCP failure (addressing issue). Proactively spotting and quickly fixing these common errors and failures can significantly reduce user-reported troubles and total cost of operation. WLAN engineers responsible for trouble-shooting thorny and often-transient RF issues can use AHC to investigate new RF interferers. For example, an AHC audit may be configured to a simple battery of ping tests, producing latency trend graphs. When an engineer is assigned to investigate a possible RF interferer, he can pull up those graphs to visually spot when ping response times began to degrade, or when degradation patterns suggest a time of day or day of week associated with transient interference. This kind of trend data, representing a wireless user s perspective, can complement SNR and spectrum analysis graphs that illustrate RF interference but not its impact. Security staff can use AHC to proactively detect and fix network segmentation errors that would otherwise impede service availability or threaten compliance with regulations such as PCI DSS. For example, an AHC audit may be configured to connect weekly to every AP and SSID throughout a WLAN and verify that servers inside a cardholder data environment cannot be reached. Any deviations can be signaled by AHC alerts, giving security staff a chance to investigate and remediate a potentially-costly non-compliance issue before discovery during an outside audit. Moreover, internal security audits can be accomplished without dispatching staff to manually test every site. Network engineers responsible for design and capacity planning can use AHC to observe trends that suggest if and WLAN congestion will impact application performance. For example, an AHC audit may be configured to routinely measure file download time during off-hours and peak usage periods. As download times measured through a given AP approach a defined threshold, engineers can investigate AP utilization and whether an equipment upgrade should be scheduled. This user-experience-based approach to capacity planning can focus network growth and capital equipment funding where it will have the greatest business benefit. Help desk staff can use AHC trouble-shooting to triage user-reported problems and assign each trouble report to the most appropriate organization. For example, an AHC audit may be configured to connect to an SSID every 5 minutes, pinging web servers located at the same site, at the data center, and in the cloud. Emerging troubles can be routed quickly to appropriate staff, eliminating finger-pointing, speeding resolution, and minimizing user downtime. 4 of 5
For example, consider the case of a healthcare provider using Wi-Fi to enable mobile cart access to electronic healthcare records. When multiple carts at several locations were unable to connect the WLAN to retrieve electronic healthcare records, outages delayed patient care and frustrated staff who wasted time moving carts in hopes of reconnecting. IT spent weeks trying to diagnose these intermittent problems, only to conclude that a RADIUS server was periodically over-loaded, causing EAP-TLS timeouts that prevented carts from connecting, and rendering electronic healthcare records unreachable. If this healthcare provider had been using AHC at the time, a routine, fully-automated test to ping the electronic healthcare record server could have generated an AHC alert before patient care was impacted. Immediate information enabling proactive, focused root cause analysis could have reduced resolution time from weeks to minutes, maximizing IT efficiency and eliminating costly wasted effort. AirMagnet Enterprise Automated Health Check As we can see, AHC provides a readily-available foundation for fully-automated continuous measurement, early warning trouble detection, and on-demand diagnostics to enable faster, more efficient resolution - without introducing a separate performance test measurement and control infrastructure AHC can further reduce WLAN total cost or operation by improving service availability and performance, proactively reducing problem impact, enabling fast efficient trouble-shooting, and automatically verifying security compliance. To learn more about NetScout's AirMagnet Enterprise and Automated Health Check, visit www.enterprise.netscout.com or browse the technical resources found at the AirWISE Community Forum www.airwisecommunity.com. 2017 NETSCOUT. Rev: 10/13/2016 7:26 pm (Literature Id: 6000017) 5 of 5