It’s all about the user

In my experience of the networking world people seem to fall into one of two categories: those that are all about the policy and those that are all about the user.

Actually it’s really IT folk in general and I’m very much in the latter camp. I have on IT worked in schools, non-profits and now at a university and something I’ve found almost all users have in common is they’re not interested in IT policy.

They have a job to do or something they want to achieve. If you start talking about IT policy, as a general rule, the user will see this as getting in their way.

In theory it shouldn’t be this way. Our carefully crafted ITIL compliant framework is all about ensuring users have what they need and a service catalog that’s makes it all clear.

The trouble is often what they want isn’t in the service catalog… so what then? Sure we can spend months developing a solution this fits and rolling it into the catalog, but by then the user has become deeply frustrated, rolled their own solution, or given up completely.

This comes up in our office from time to time. An excellent colleague I respect greatly will often voice something along the lines of “why can’t we just say that’s not supported?”.

Of course in some environments you can do just that. Tell the annoying user they can’t connect their stupid device to the network because it’s too crappy. Sometimes we do. There are some devices that we can’t support on our enterprise Wi-Fi network: Sonos, Philips Hue, chromecast, to name just a few and there are technical barriers to this.

However for the most part we don’t get to choose the device users buy, or control how it interacts with our network. More importantly what is our job? In the university environment we have to maintain a reliable, high performance network that supports the research and education aims of the institution. That means meeting the requirements of the academic departments, finding away to support what they need to do within the technical limitations….. and even working around those where we need to.

When dealing with people who are highly intelligent and resourceful if you don’t provide a way for them to do what they feel is necessary, they’ll find their own way. In doing so they might break things for other people and create a support nightmare further down the road.

I have spent hours messing about with crappy domestic printers bought on the high street on a credit card because I simply hadn’t dealt with issues around printing adequately.

I’m fortunate to work as part of an IT department that has an excellent reputation within our institution. It wasn’t always the case and not very long ago the standard answer to many requests was “no, we can’t/won’t do that”. It has taken years to unpick some of the systems built by departments when central IT couldn’t or wouldn’t help them and they had to find their own way.

I’m not going to suggest the user is always right because we know that’s nonsense. What I will say is put the user first. Your IT policy or administrative convenience is not more important than what the user needs to do.

Let me bring this back to Wi-Fi with an example. Our Aruba system uses centralised forwarding, where all client traffic is tunneled to controllers in the data centre. Some departments have a need for an SSUD that bridges to a local vlan. Right now we can’t support that, because we have to switch on control plane security – a major change. So we could say “no, can’t help” or find a way to do something with an additional controller or standalone AP, and that’s what I did.

You can bet that otherwise we’d see additional rogue APs popping up with departmental SSIDs that would screw with the RF space and be unsupportable. I’d much rather bend, or bin, the policy and keep better control of the network.

Home wifi and what the hell are my walls made of?

I live in a small house by UK standards, most Americans have garden sheds larger, yet getting Wi-Fi to work has always been a challenge.

Domestic Wi-Fi can be difficult, partly because all your neighbours have it too. Chances are in many homes you can pick up dozens of 2.4GHz Wi-Fi networks, which means finding a free channel is pretty much impossible. It’s all best efforts.

It isn’t much better on the 5GHz band. Quite a few ISPs configure their supplied routers 802.11ac routers to use 80MHz channels. They don’t use DFS channels either. Because quite a few of the cheaper 802.11ac routers out there only support the first four channels of 5GHz, you’re out of luck when it comes to finding a free channel.

I have a different problem. My tiny house is a terrace, built in the 1930s. It may be small, and built cheap (a single window spans two rooms upstairs at the front) but boy is it solid. Exterior walls have a cavity with brick on the outside and concrete block inside. The few occasions I’ve had to drill a hole, it’s been very hard work. The non-structural interior partition wall between the two front bedrooms is concrete block, even though it’s just supported by wooden joists.

My ISP supplied router was hopeless. Only really worked in one room of the house. I replaced this with a Draytek unit. As an aside, I really like Draytek routers for domestic or other soho uses. They tend to feel a bit dated now, but my experience is they’re rock solid and work reliably.

However Wi-Fi was still rubbish. In the end I’ve used a Ubiquiti AC-LR access point. Coverage is far superior from the same location (reaches the all important seat in the bathroom), it’s faster and it supports DFS channels so I can keep away from the neighbours.

But, despite this I was having trouble with my desktop PC. This is in the room next to the AP. Draw a straight line between them and it’s less than five metres, yet signal strength is poor and the connection unreliable.

I spent a while messing about with the Wi-Fi interface in the desktop before attention turned to that wall. That single block thickness wall. That very solid partition between two rooms.

Rudimentary measurements show 18dB drop at 2.4GHz and 25dB at 5GHz. This is why I can’t get a decent signal even though I’m not very far away.

The plus side of this is I don’t have a big problem with neighbouring Wi-Fi networks filling my channel space. I appear to live in a tiny faraday cage that’s particularly unfriendly towards 5GHz signals.

The answer will be to relocate the AP to somewhere with less of that special 1930s lead brick between it and my desktop.

Taming Aruba ARM

About 18 months ago a new building was completed on our campus. During the post install Wi-Fi survey I noticed that pretty much all the APs were using the same 5GHz channel, despite being configured for our standard radio management profile. In fact the only thing Aruba ARM appeared to have done was reduce the power of most APs to the minimum specified. So what was going wrong?

Depending on who you listen to using the automatic radio management tool in your enterprise Wi-Fi setup is either eminently sensible or complete madness. Feelings run high when it comes to radio config it seems. Whether you ultimately decide to use it or not, it’s worth understanding what it does, how it does it, and how it really behaves outside of the ideal deployment.

Your Wi-Fi vendor sales guy will promise the world; they’ll tell you their solution is the best (of course) and that it will solve any RF issues, even removing the need for costly install surveys and design because the magic radio management will just sort it all out.

This is, of course, not true.

The first thing to you should be very clear about is that no RF management will fix a fundamentally bad design. So what does it do for you?

I have the most experience with Aruba’s Adaptive Radio Management, or ARM for short. ARM has grown gradually more sophisticated over the years as ArubaOS has developed. Essentially what ARM does is attempt to stop your access points from interfering with each other, reducing co-channel interference (APs on the same channel within range of each other). ARM will change the channels used by your APs and adjust power levels. It can also disable 2.4GHz radios where it deems necessary. The latest version announced can even change channel widths, allowing you to maximise performance by switching to 40MHz channels automatically where there is sufficient channel space.

In an environment with a controller and ‘lightweight’ APs you can be forgiven for thinking the controller gathers all the information about which APs can see each other and then creates a perfect channel plan. In reality Aruba campus APs are far less lightweight than you might imagine. Most of the management traffic and RF decisions, such as radar detection, channel selection and how ARM behaves all takes place on the AP with the controller notified what channel the AP has done.

This means automatic channel selection is an iterative process. In a large building with a lot of APs it can take ARM a long time to settle down as APs move channel to avoid a neighbour, but then interfere with a different neighbour. You have all your APs moving around the available channels, trying to keep out of each other’s way. In a large deployment I reckon on this process taking about 24 hours.

So what was going on in that new building?

The settings we were running for ARM were mostly default and these are fairly conservative. APs moving channel can cause a poor user experience, so you don’t want your APs to be jumping around all the time. By default ARM won’t move channel if there’s a client associated with the radio. You can control this behaviour by disabling Client Aware and control how aggressive ARM is by adjusting the Coverage Index and Backoff Time.

By creating an “aggressive” ARM profile and applying this to the new building AP group I found ARM then worked as expected, changing channels in order to minimise channel overlap. Good job ARM. Once the iterative process had been left running for 24 hours, we reverted to our regular ARM profile and all has looked pretty good since.

Because the 2.4GHz band has few non-overlapping channels, if you install dual band APs you’ll probably want to disable the 2.4GHz radio on quite a few APs. ARM will do this for you with a function called Mode-Aware. I can’t recommend using this. The problem is that ARM doesn’t have a high level view of… anything. Remember it’s just each AP knowing what it can ‘see’ around it. So ARM doesn’t understand the layout of the building and what areas each AP are providing coverage for.

On every occasion mode-aware has been turned on, we’ve had problems. ARM has disabled 2.4GHz radios on the wrong APs, usually those closest to the majority of users. Once after a system upgrade we had complaints that previously functioning Wi-Fi was now very poor. ARM had moved which APs had the 2.4GHz radio switched off. This is a function that might improve in the future but right now when it comes to disabling radios I reckon I can do a better job myself.

There can be similar issues with changing power levels. I’ve limited the range ARM can use to adjust power. It can reduce power by about 6dB, which is quite enough.

I mentioned that ARM won’t fix a bad design. Take an example (now fixed) of an accommodation block with APs in corridors, mounted at the same point on each floor, so vertically above each other. Pretty much every AP could see every other AP. 2.4GHz was a disaster and all ARM could do was turn down the power, which it did, to the absolute minimum. That didn’t help the channel overlap, but it did mean there was no longer coverage into many of the bedrooms turning a bad Wi-Fi experience into no Wi-Fi experience at all. It turned out 5GHz wasn’t much better because there were always clients around, so several APs were stuck on the same 5GHz channel.

None of this is ARM’s fault, but as we worked to fix the problems experienced by users, the first thing we did was disable most of the ARM features because their attempts to fix the poor RF design just made things worse.

So why bother with ARM at all? Firstly there has been no appetite to manually build static channel plans for more than 2000 APs. Aruba’s config leans towards an assumption you’ll be using ARM. The administrative overhead of the necessary profiles for all the various channel options would be an unpleasant thing to deal with. Perhaps most importantly, since making some fairly small changes to ARM, and better understanding what it can do for us, it’s now a useful tool that makes running the network easier and more predictable.

Planet Computers Gemini

The Planet Computers Gemini (just launched at CES2018) is a re-imagining of the Psion Organiser from the 90s. A compact unit with a physical keyboard, coupled with the guts of an affordable mid-range smart phone. Because most of the journalists writing about this are young things, they talk charmingly about retro and harking back to the 90s, asking “Do you remember the…. scion?”

Psion Series 3a by Jonathan BarnesBecause I’m 400 years old, I can’t just remember these things existed or recall lusting after a parent’s PDA…I owned two. A Psion series 3, and later a 5MX – the crowning glory of the Psion PDA.

It’s one of very few gadgets I’ve owned that I regret getting rid of and indeed some people are still using them. Working examples in good condition can be found on eBay regularly, but because I haven’t used one for a long time I know that it would be a frustrating experience as I attempted to integrate it into my modern tech world.

Psion 5MX by Snowmanradio

I have fond memories of the Psion 5MX. In my final teenage year I would regularly make a five hour train journey to visit my girlfriend. The 5MX was my companion for reading, being connected to the internet (yes… mobile internet in the late 90s, via a Nokia 3210 and a serial cable) and jotting down some soppy thoughts about the woman I was on my way to visit. I used it for work and play and it was superb.

Which is why when I saw the Planet Computers Indiegogo campaign I jumped at the chance. I’m not a big fan of crowd funding campaigns, especially not to the tune of a few hundred pounds, but I really have been wanting a device like this for a long time. I’ve opted for the 4G version. I’m provided with a work phone and fully expect to transplant that sim into my Gemini when it arrives.

In my day job I frequently visit a command line interface, be it one of our servers, a switch or wifi controller console. Trying to type commands, accurately, on a smart phone screen is a fools errand. Yes I can do it, but it’s a frustrating and unpleasant experience. So I end up carrying a laptop around, just in case I might need it. Of course the only time I need it, I haven’t brought it. I fully expect this to become an essential work tool very quickly.

In the mobile world I’m an iPhone user, and I’ve never really liked Android, but I’m hoping the work tool benefits of having something so compact with a decent keyboard is going to outweigh the lack of iMessage on my work mobile device.