We’re so used to getting what we want, without compromise. Sometimes, though, we get forced into a one-size-fits-all approach that doesn’t sit well with anyone. How often have you seen small businesses or branch offices using consumer-grade wireless or larger organizations trying to shoe-horn a single wireless LAN solution across all of their locations? No, wireless APs aren’t exactly cheeseburgers, but there’s no reason to settle for less than the right architecture for your organization.
There’s a lot of talk in the wireless world today about architectures. Some vendors hang their entire collection of hats on a single approach. Controller based, controller-less, cloud managed? Which one should you choose? A single architecture is certainly easier to market, but customers are better served by choice. A unified ecosystem is more important than a single architecture, but more on that in a bit.
Let’s step back and think about use cases first. Maybe you need to centralize all of your WLAN traffic for precise control, or maybe you need to bridge it locally. Maybe cloud management would simplify your Wi-Fi operations, especially in highly distributed environments. Conversely, security requirements and regulations might require that WLAN management traffic never leaves your network. Ideally, no matter what your requirements, management would be straightforward and consistent, but flexibility is key. A single organization, after all, might need to support guest wireless in retail stores, BYOD on a corporate campus, and smaller scale wireless in branch offices.
There is a way to address a variety of use cases, build out heterogeneous architectures, and maintain consistent interfaces for management. Let’s take a look at the Fortinet ecosystem of wireless products for examples of how to get onions, pickles, and relish on your figurative enterprise cheeseburgers (if, that is, you like condiments).
Say you need all of your wireless traffic tunneled to a controller at the core or your network. In that case, you can manage FortiAPs from the controller integrated in your FortiGate, or use Meru APs with a dedicated controller.
You want local bridging instead? Both FortiAP and Meru APs can bridge the WLAN traffic straight onto the LAN too.
You don’t want a controller at all? In that case, you can manage the new FortiAP-S Series Access Points via the FortiCloud management system.
What if your needs change, or you change your mind? Then you can move from controller-based solutions to cloud (or vice-versa) without having to rip-and-replace your hardware.
So whether your environment needs to be controller-based, controller-less, cloud managed or a mixture of the three, the right vendor will be able to meet a wide range of requirements. This gives you the choice to select the right architecture for your specific use case, rather than trying to bend one to make it fit.
Each architecture has its own merits. Vendors and resellers will often try to sway you in one direction or another based on their own experiences and available products. For example, some vendors claim that controllers create network bottlenecks. This can be addressed by appropriate hardware like Fortinet’s custom FortiASICS that perform CAPWAP tunnel offloading and, in fact, are used in the World’s Fastest Wi-Fi Controller, the FortiGate-3700D. The 3700D provides over 100Gbps of CAPWAP tunneling throughput. Controller architecture certainly still has its place, as long as the controller doesn’t create a bottleneck.
In the same way, some vendors will tell you that security in cloud-managed wireless environments may be compromised because of the inability to run sophisticated security processing on the AP hardware itself. Not to pat ourselves on the back too hard, but we solved that problem by embedding our network security technology into the FortiAP-S series APs, and having them Secured by FortiGuard.
Whether you want to tunnel it all, bridge it, or manage it from the cloud, it’s your choice and you shouldn’t have to compromise