Another Controller-less Wi-Fi Solution

AirTight-LogoI was looking over the list of vendors that are presenting at the upcoming Wireless Field Day 5 and decided to do a little more research on a few of them. I’m familiar with Metageek, Aerohive, Fluke, and Xirrus. Motorola is somewhat familiar since I work for a Brocade reseller, and Brocade rebrands the Motorola wireless product as their own. WildPackets I know as a performance monitoring company via their OmniPeek product. Which brings me to the remaining 2 companies. 7Signal and AirTight Networks.

I’ve looked at the 7Signal product and really like what they are doing in the performance monitoring space. It’s probably not for everyone, due to what some people have told me in terms of its cost, but I think there is a place for it. I’m really interested to see their presentation and what the WFD5 delegates will ask or comment on during their presentation. Unfortunately, I will be out of town working during the week of WFD5, so I won’t get to see the presentation streamed live since I will be full engaged throughout the day with my regular job.

That brings me to the final vendor and I am really bummed out that I won’t get to see their presentation streamed live. My first thoughts of AirTight Networks were that they were a decent security play in the wireless space, but not too much more. I must have been living under a rock the past year, because AirTight Networks is so much more than that.

Another Controllerless Wi-Fi Vendor

I’ve had a good relationship with Aerohive over the past few years. In addition to seeing them present at Wireless Field Day 1 and Wireless Field Day 2, my company also sells their product. I’ve done several Aerohive installs and even use their AP’s for my home network. I’m very happy with their controller-less based approach to Wi-Fi and my biggest issue seems to be ensuring we get to pitch it to a potential customer before another reseller gets in and beats us to it. For those of you in the value-added reseller(VAR) space, you know that deal registration is everything and it is very often first come, first serve.

There’s also Meraki, who is pretty close to being controller-less as well. Looking back, I think Cisco made a wise decision in purchasing them. It allows them to compete even more in the mid-market and I find that people who need switches, firewalls, and access points in a bunch of different locations are pleased with the Meraki solution.

Now, there’s a third option in the space. It’s been there for almost a year, but I haven’t really noticed it until now. AirTight Networks is no longer a security play. They have controller-less access points as well. While it might be easy to dismiss them as no big deal, I think it is worth considering what they are doing different than other wireless vendors.

Wireless LAN Architecture Overview

For those of you not well versed in basic wireless LAN(WLAN) architectures, here’s a brief overview.

There are three basic “planes” of traffic when it comes to wired and wireless traffic. They are management, control, and data.

The management plane is simply traffic that is involved with the management of the devices. SNMP, SSH, Telnet, HTTP, and other protocols are what are used to manage the actual devices. In a network using WLAN controllers, this management plane traffic occurs between the controllers and a management station, which could either be a dedicated monitoring box, or whatever local machine you are using to interact with the controllers in order to configure or monitor the wireless environment.

The control plane is used for traffic that handles how data plane traffic moves from device to device. On the wired side, this would be things like routing protocols. It can also include communications between multiple WLAN controllers for the purposes of roaming. I’m simplifying this greatly, but for the purposes of this discussion, that should be sufficient.

The data plane traffic is the actual traffic sent between wireless access points or controllers and the end stations themselves. For example, when you access a web site via your wireless tablet, the data from the web server to your tablet is considered data plane traffic.

In addition to the three planes of traffic, there are three basic models of how WLAN networks are built these days. I’m purposely avoiding the concept of “mesh” networks, be they indoor or outdoor, because that will just muddy the waters here. It uses the same kind of traffic, but the logical flow looks a bit different depending on the setup. I also did not mention the standard autonomous AP implementation that most vendors support due to the lack of any control plane like functions between groups of autonomous AP’s.

First, we have the central switching model. As you can see in the picture below, there are one or more WLAN controllers. All three planes of traffic flow through the controller. The AP’s take their orders from the controller for most operations. There are some minor things that the AP’s themselves do, but the overwhelming majority of operations occur on the WLAN controllers.

WLAN Mode - Centralized
Next, we have the distributed or local switching model. The WLAN controllers still handle management and control plane operations, but the actual data plane is terminated locally on the switch. This is especially useful at remote locations where the WLAN controller is located back in a data center somewhere. To avoid sending the data traffic across a WAN link, you can switch it locally instead. Imagine printing something from a wireless device at a remote office. Instead of sending that print job across the WAN link to a controller, and then back across the WAN link to the printer, you can dump off that data traffic on the local network at the remote site and save some bandwidth. Multiply that by hundreds or thousands of similar operations and you can see why local switching is a good feature. Although features vary from vendor to vendor, most of these local switching models can still support clients if the WAN link goes down. Often, there are some features lost when that happens, but as time progresses, these features lost are dwindling.

WLAN Mode - Distributed
Finally, there is the controller-less approach. All control, data, and management plane operations are handled by the AP’s themselves. The AP’s are able to talk to each other via cooperative protocols and handle all operations that a WLAN controller would normally take care of.

WLAN Mode - Controllerless
Now that we have covered basic WLAN architecture, I need to mention a few things before discussing AirTight Networks:

1. I have never used their wireless access points.
2. I have not seen anything other than a demo of their access point setup off their website.
3. I am taking all I know about them from their product sheets and website, which could possibly lead to incorrect assumptions on my part.
4. Some of the things mentioned below don’t apply to all AP models, but the capability is there, so it bears mentioning.

What Makes Them Different?

A few things differentiate them from the other Wi-Fi vendors. The big thing I see is their concept of software-defined radios. Now I know that the greater IT industry is overrun with “software defined” everything right now, but their use of the term actually means something that is relatively easy to understand.

With AirTight’s software defined radios, a few things can happen. First, their AP’s have internal antennas as well as external antenna connections. This means you don’t have to have separate AP models depending on the coverage pattern needed. With a simple flip of a software based switch, the AP can use external antennas vs internal ones. This is a big deal as it gives you a little more flexibility with your design choices. This is especially helpful if you didn’t get to perform a full site survey with RF measurements and just had to guess with regards to AP placement. We don’t live in a perfect world where site surveys are always able to be done properly. This is especially relevant in the mid-market and smaller customers where cost is king.

A second feature of the software-defined radio is that you can program it to work in either 2.4GHz or 5GHz or run in monitor/WIPS(Wireless Intrusion Prevention System) mode. You can mix and match all you want. If you want an AP to run 2.4GHz for clients and have the other radio operate as a WIPS sensor, you can do it. If you would prefer the AP run 2.4GHz for clients on one radio and 5GHz on the other for clients, you can do that as well. The key is flexibility. AirTight mentions on their website, that the ability to run one radio to serve clients and the other to function as a WIPS sensor is an industry first. I know that the Cisco 3600 series AP can run with a separate monitoring module(WSSI) to handle WIPS functionality, so we may be splitting hairs here with that claim since it requires another component to make it work in a similar fashion as the AirTight AP does.

Other Stuff

In addition to controller-less Wi-Fi and integration of their well known WIPS capability, AirTight is also providing useful data for retailers through its Wi-Fi analytics engine. This seems to be similar to what Cisco is doing with their MSE appliance. This service is designed to provide a bit more intelligence around what customers do when inside retail stores and increase the chance of making the sale via coupon pushes, etc.

Social media has been incorporated into their captive web portals as well. Imagine being able to gain guest Wi-Fi access using your Facebook, Twitter, Google+, or LinkedIn account to login. It goes beyond that though. The goal is to get you to opt-in to marketing communication from whoever is providing the guest wireless or just allow you to advertise for them once you have logged in with the various social media platforms. I foresee this as someone logging in with Facebook and being pestered to “like” the particular store or to use Twitter to tweet out your location or some other marketing message.

Mobile device management is available as well. They have agents for Windows XP, Windows Vista, Windows 7, Windows 8, iOS 4 and up, and Adroid 2.2(Froyo) and up. Pretty much everything except for people using MacBooks and BlackBerry devices. Not sure if my often ridiculed Windows phone falls within the Windows 8 realm. Probably not.

With the mobile agent, there are a variety of things that can be done. Here are a few of them:

1) Control which wireless networks can be accessed. For example, if you don’t want a device to access a non-secure or low security Wi-Fi connection, that can be enforced. Think WEP or open authentication networks.
2) Location based behavior enforcement. For example, the device might have different controls based on whether it is connected at a corporate site vs a home network.

3) Lock down interface usage on a device. For example, if you don’t want someone to connect to the corporate network and run a mobile hotspot at the same time, you can prevent that.
4) BYOD on-boarding allows the end user of the device to download and install the mobile agent as well as detect devices without an approved mobile agent and block them from accessing the network.

Finally, each AP has a built-in firewall and supports QoS.

In the interest of post length, I left out a number of things that I learned from their website. Feel free to dig in here:

Cost

I found a GSA pricing list courtesy of Google, and see that the MSRP on the C60 dual-radio, 3×3:3 AP is $895 USD. That’s pretty cheap for list price. One year maintenance for that AP is listed at $161 USD MSRP. Not sure if those prices are accurate or not, but the price list is from May of 2013, so I suspect it is. However, there appear to be several options regarding the cost of an AirTight Networks Wi-Fi solution. They list three models:

Full OPEX
Full CAPEX
Hybrid

I am going to assume that if there is a full OPEX model, that I can essentially lease the hardware on an annual or monthly basis. I’ve seen this in an APM vendor(AppNeta) recently, and thought it was a pretty cool idea. There might be more to it, but I suspect that will get explained during their Wireless Field Day 5 presentation.

Closing Thoughts

If the hardware is decent and can perform well under load, I would say that Aerohive has a problem on their hands. AirTight seems like it could be a pretty attractive player in this controller-less space. The interface looks clean in the same way that Meraki’s does. The AP’s seem to be able to do things that other competitors cannot, but again, I have no idea how they perform under load. Might be great. Might be poor. The security piece that they are so well known for is baked into their AP’s. Mobile device management isn’t farmed off to a third party vendor or cobbled together from an acquisition(that I know of).

If you’ve made it this far, I saved the best part for last. Their product demo on their website was what really got me interested. I can’t exactly embed the video on my site, so just click on the link here and then click on the “AirTight Wi-Fi – Quick Installation Video in the middle of the screen.

I don’t know what the future holds for AirTight Networks Wi-Fi. So far it looks promising. They just landed $10 million USD in series D financing, so apparently this thing has legs. I will be VERY interested to see what all the Wireless Field Day 5 delegates think and say when AirTight Networks presents on August 8th out in California. I’ll have to catch the Twitter chatter and videos a few days afterwards since I will be heads down on a project, but my guess is there will be lots of interest around this.

What do you think? I’d be interested to hear your comments or feedback on AirTight Networks. Even better if you are an existing reseller or end user of the product.

This entry was posted in airtight networks, wireless. Bookmark the permalink.

3 Responses to Another Controller-less Wi-Fi Solution

  1. Chris Lyttle says:

    Actually Motorola has had the software defined ability to put one radio into WIPS mode for quite a few years. They even put out a 7000 series AP that had 3 radios in it so you could have one as WIPS, 2.4 and 5GHz. So not really a first, but I’m interested to see their presentation for WFD5 as I’m in the same boat as you and not familiar with their products.

  2. Pingback: AirTight Demos on Demand and WFD5

  3. Pingback: Studying for Wireless Field Day 5 | daleswifisec

Comments are closed.