The on-premises vs. cloud-managed WLAN architecture debate
Although on-premises WLANs and cloud WLANs both offer significant advantages, determining which approach will provide the best return depends on several factors.
Organizations needing to upgrade their legacy wireless LAN can either implement a WLAN architecture managed by on-premises controllers or one where controllers are located in the cloud. Although both offer significant advantages, determining which implementation will work better depends on several factors, including your company's structure, current network design and wireless requirements.
The evolution of WLAN architecture design
When enterprise WLANs were originally deployed, each wireless access point was configured and managed independently from other APs on the same network. At the time, this wasn't a problem, because most companies designated specific areas for wireless hotspots. These areas were typically places such as conference rooms, lobbies and outdoor patios -- any location with many users and few wired ports.
As the demand for Wi-Fi access grew within the enterprise, so did the infrastructure required to supply it. Suddenly, network administrators had to manage hundreds, even thousands, of APs in an attempt to blanket entire buildings and campuses with a wireless signal. Even more problematic, the APs couldn't communicate with each another, so technical issues -- among them co-channel interference, power adjustments and client roaming -- made many networks unstable and unpredictable.
To solve these technical issues, WLAN vendors created wireless LAN controllers to force data and management control-plane data back to a single location. The controller's job is to be a single choke point for AP configuration, communication and, in most cases, policy enforcement. The APs themselves lose their individual intelligence, and the controller becomes the brain for the entire WLAN.
This design has a couple of major advantages. First, the wireless controller oversees all the APs throughout the network and, as a result, has a complete view of the WLAN. IT staff can use the controller to make intelligent radio adjustments as needed. This enables WLAN administrators to modify wireless channels when interference occurs, change wireless signal strength when APs go offline or online, and switch clients from one AP to another.
The second major benefit is both control-plane and data-plane traffic is tunneled back to the wireless controller before it's placed onto the local data LAN. This can be both a positive and a negative from a data-plane perspective. It's a positive in the sense that wireless policies for specific service set identifiers are enforced at only one location, making policy management incredibly easy. It also offers better security, as traffic from an AP is transported in an encrypted tunnel. But the overall design can create bottlenecks and single points of failure if not planned properly.
With a cloud-managed wireless LAN, APs connect to a virtual controller, typically located in a public cloud on the internet. Control-plane information, AP management and other WLAN services are performed between the cloud controller and the local APs across an internet connection. The primary architectural difference between an on-premises controller and a cloud-based controller is how the data-plane traffic flows.
In an on-premises design, both control- and data-plane communication are tunneled back to the controller in a process called wireless backhaul. By contrast, in a cloud-controller design, data-plane information is offloaded as soon as it hits the LAN. This means any policy enforcement is performed on the AP itself, which makes cloud-controlled APs semi-intelligent, as they must locally possess and enforce policy rules.
Now, both on-premises and cloud-managed WLANs are enterprise-ready in terms of management, automated intelligence and reliability. Determining which implementation will give your organization and its Wi-Fi strategy the best return depends on a number of factors. Let's look at the benefits and best use cases of both cloud-managed and on-premises WLANs.
Future articles in this series on wireless LAN controllers will examine some of the leading vendors in this segment. Company selection was based on research data from TechTarget surveys, interviews and reports from other respected research firms, including Gartner.
The benefits of on-premises WLAN architecture
LAN architecture: The first thing to examine is the current state of your LAN. Users who already have an on-premises wireless controller may simply be looking to upgrade. From a Layer 2 and Layer 3 perspective, changing to a cloud-based system would require reconfiguring the network to permit the cloud-controlled network to offload wireless data directly to the LAN, as opposed to having it tunneled back to the on-premises controller.
Depending on the size of the network, this would take a considerable amount of time to accomplish. So, for many, simply upgrading to a next-generation on-premises controller that tunnels both control- and data-plane information back to the local controller is the easiest option.
Internet connectivity: Cloud-managed wireless LANs rely heavily on the internet in order to function properly, which can be an obstacle if your internet connectivity is spotty. In addition to communicating wireless control data to and from local APs, the cloud controller also often performs other wireless services, like Dynamic Host Configuration Protocol provisioning and authentication.
All of these services create additional internet bandwidth overhead. Therefore, if your internet connectivity is heavily utilized, unreliable or suffers from latency and throughput problems, it's best to stick with an on-premises approach that controls all of these functions locally.
WLAN complexity: In most situations, on-premises controllers offer far more flexibility when it comes to the actual design and deployment of the WLAN. This includes more advanced support for legacy Wi-Fi devices and applications and more granular control over specific wireless settings. For enterprises that use thousands of APs in large campuses, multiple on-premises controllers can work together to provide robust WLAN access and failover for clients. In these types of complex WLAN scenarios, on-premises controllers offer far greater benefits than cloud controllers.
The benefits of cloud-managed WLANs
Ease of configuration management: If your organization is geographically dispersed with hundreds, even thousands, of branch sites, a cloud-based WLAN oversight might be ideal. With a cloud approach, you have a single point of management, regardless of where IT staff is physically located. This eliminates the need to deploy controllers at each site, and network administrators don't need to worry about remote access into each site, as everything is controlled in a public cloud.
Many WLAN and Wi-Fi network vendors also offer other network devices, including cloud-managed switches, routers and firewalls. So, if your organization is global, you may want to evaluate cloud-based WLANs, as well as place all network management into the cloud.
Most vendors offer zero-touch provisioning, which means you can preconfigure your wireless network hardware before it's shipped from the manufacturer to the remote site. The AP needs to be connected to the network, powered on and have access to the internet. The zero-touch device will set itself up automatically using the preconfigured settings based on the serial number and MAC address. This means field technicians no longer have to travel to branch offices to set up wireless networks.
No controller hardware limitations: With on-premises controllers, you're limited to your organization's existing hardware. Smaller, on-premises controllers can manage up to 25 APs, while others can handle thousands. But, either way, the amount of hardware that controllers can handle is limited. New hardware must be purchased for rapidly expanding infrastructures, whereas cloud WLAN theoretically has no limits. In the cloud, your WLAN can contain anywhere from a handful to thousands of APs without being restricted by hardware limitations.
Along those same lines, as new features come out, older controllers must be manually upgraded to handle advanced capabilities, which can take a lot of time and manpower. With a cloud controller, updates are performed by the provider in the cloud.
Simplified backups and alerting: When a locally managed WLAN architecture is in place, it's the network administrator's sole responsibility to properly back up WLAN configuration files. In the event of a major hardware failure, the network administrator can restore the WLAN using the configuration backups. With a cloud-managed wireless LAN, configurations are automatically backed up as part of the cloud service, as is the ability to monitor and alert on cloud-managed WLAN components. It's no longer necessary to spend time and money building your own Simple Network Management Protocol monitoring server to alert IT staff when a wireless AP goes down. All enterprise-class cloud-managed WLAN platforms have built-in monitoring and alerting capabilities. All you have to do is supply the monitoring parameters and desired method of alerting.
There is no right answer when it comes to the on-premises vs. cloud-managed WLAN architecture debate. Each approach has its pros and cons. Before buying, evaluate the current and near-future state of your WLAN and Wi-Fi network, then gauge which factors listed above are critical to the success of your organization. In all likelihood, a clear winner between on-premises and cloud WLANs should emerge, and you can then focus on selecting the specific vendor portfolio that's right for you.
Learn about the myths and facts of cloud-managed WLANs
Learn how to install a WLAN for the enterprise
Combining wired and wireless network management in a controller-centric architecture
Best practices emerge for WLAN security