By Brett Verney, Senior Systems Engineer, Data#3
[Reading time: 3:30 mins]
One of the biggest challenges in a multi-tenanted environment is the ability to separate tenant data flows from one another. The problem is ensuring that you still provide a high level of security without having to encrypt every bit of traffic that traverses the network.
Do you deploy a single network and make use of the various flavours of virtual routing and switching technologies available on most enterprise networking products of today? While these technologies work great for the wired network, there traditionally hasn’t been too many options available in the wireless space.
This typically means that each tenant is left to deploy its own wireless network infrastructure regardless of how the wired network was setup.
Essentially, any environment that leases out its floor space to other occupants faces this challenge and it’s a bigger problem than you may realise.
Forget the additional infrastructure, deployment and management costs; as a passionate wireless engineer, I am concerned about the effects this has on your wireless performance!
One of the biggest limitations with the wireless medium (and you can blame the laws of physics for this one) is that it is a ‘shared’ medium. This means that on any given wireless channel, only one mobile device can be transmitting or receiving data at any given time. Each Wireless Access Point (AP) operates on a single channel per radio. There are mechanisms built into the wireless protocols that attempt to avoid collisions and retransmissions for these lightning fast transactions, so well designed networks shouldn’t experience a degradation in performance.
However, with a finite number of RF channels available for each AP radio and no control over what your neighbouring tenants are doing, the wireless medium can quickly become very congested. In fact, there is a laundry list of variables that effect wireless throughput, but I won’t go in to these here.
Aruba have just released a long awaited software update on their Mobility Controller platform in ArubaOS 8.0. The release is one of the hottest topics within the wireless community right now. While it brings a number of very impressive features, MultiZone is definitely my favourite amongst the list, and is certainly a game changer.
Aruba’s MultiZone architecture is built on top of their ‘mobile-first’ platform and allows multiple tenant independent wireless networks (SSIDs) to be created on a single set of APs while allowing each SSID and its associated data tunnels to terminate on separate customer owned Aruba Mobility Controllers.
You no longer need to deploy multiple networks to have multiple networks!
Figure 1 – Aruba MultiZone
This solution not only separates tenant data flows using the same infrastructure, but it also allows a single Mobility Controller to manage things like the APs RF channel selection and transmit power levels allowing complete control over the wireless medium. While each tenant can completely manage their own wireless networks, they have no control or visibility of those settings that could have negatively affected the wireless experience for everybody in the vicinity using solutions of the past.
MultiZone is also a great solution for ‘guest’ wireless networks too! Corporate or trusted networks can terminate on a controller hosted within your internal network, while the guest network terminates on a controller hosted within your DMZ ensuring your corporate wireless data is safe and secure.
To discover more about the MultiZone architecture, or any of the great mobility solutions Data#3 and Aruba can provide you, contact us today!
In the meantime, head over to Aruba and check out the rest of the mobile-first platform.