School WiFi Is Hard

Eleven years ago, school networking was all about putting hardwired data drops into classrooms. That was then, this is now. Hardwired cabling is still important, but today, a school without wireless (or WiFi) is seriously living in the dark ages. The rapid explosion of mobile internet devices has pushed wifi to center stage of the education conversation. Not having WiFi is like not having power, it’s a necessity not a luxury.

But wifi is more complicated than running cables to a spot on the wall. There are a billion (ok, maybe a few less) variables that come into play when trying to send high speed data over the air. The wifi in schools uses unlicensed radio waves (spectrum) to send data and that means there can be interference from all kinds of sources. Ever walked onto an elementary school campus and tried to connect to a wifi network? Chances are you’ll see a few dozen networks to choose from, most of which are coming from the houses surrounding the school. All those networks are in competition for the same limited radio space.

The walls in the buildings matter too. Depending on when a school was built, the walls could be cinder block, concrete or stick framed. Each presents potential signal loss for wifi. Wifi vendors will say their Access Points (APs) perform better than others when faced with these different materials, but if you plan for an AP per classroom, that doesn’t matter so much. Schools trying to cover multiple classrooms with a single AP may want to pay closer attention to those features.

Additionally, school network folks tend to over think wireless network security making connecting to the network a multi-step process with many points of failure. With the move to cloud based and hosted services, the vast majority of users on a school campus should only need Internet access. Most of the educational programs available today come as hosted services and any district that still hosts it’s own exchange server is just plain silly.

Wifi as easy as Starbucks.

People have crazy expectations when it comes to wifi. These expectations are built on their experience connecting to networks outside of school. Starbucks makes wifi access easy, but how? Well, Starbucks supports maybe three dozen people connected simultaneously per store at any given time. They have a confined space with known wireless properties. They have no network security because all they are doing is putting people directly onto the Internet. They have enough bandwidth for their users (and probably throttle to protect everyone’s experience). They let anyone who comes into their stores onto the network.

So what can schools learn from Starbucks?

  • Treat each classroom like a Starbucks store. Have one AP per classroom. At least.
  • Provide Internet Access to everyone.
  • Lose the complex logins and certificates. Authenticate users to your private network if you must, or better yet, make your private network unnecessary for instructional needs.
  • Set limits on bandwidth to protect everyone’s experience.

Wireless Vendors

Which one should I buy? This is a question I hear often. The answer for me comes down to three main criteria. First, the wifi system must be easy to manage. I put this first because wireless network demands continue to grow in schools. Most schools don’t have the luxury of employing dedicated wireless network engineering staff. If I can’t figure out how to add an SSID, set it as a guest network with splash screen authentication, set a bandwidth limit and push it out to a school campus in less than 10 minutes, the system is just too complicated.

Second, the system has to do what I need it to do. It just has to work. This may seem like a “no duh” statement, but I’ve been in situations where, for whatever reason, the wireless system just couldn’t meet the needs, at least not without complex configuration or added licenses and that’s a recipe for disaster. If the system requires constant tweaking or firmware updates to get things right, or it’s so complex and bogged down with features you’ll never use, then it’s a support time suck and it’s a problem. Wireless systems fall along a spectrum. Beware the overly complex wireless systems that require outside vendors to install, configure and make work day to day as well as the too simple, Small Business type solutions that can’t scale.

Finally, the system must be affordable. Affordability is important because chances are you’ll be replacing (or upgrading) your wireless system every three to five years. Crazy, I know but the technology changes fast, and keeping up with faster and denser device environments is a must. So affordable Access Points, licenses and preferably no on premise controllers to replace is critical to being able to keep up.

What Wireless Solution Should I Buy?

Let me answer that one with some lessons learned. When going 1:1 iPads at Le Grand Union High School District back in 2011, I knew Wifi was going to be important (right?). Having recently upgraded to a controller based, managed HP wifi solution from a stand alone Cisco solution (we had campus wide Wifi back in 2004!) I new I was not going to be able to do what we needed to do with our then two year old HP system. Luckily I visited a school that had Ruckus, was supporting 1:1 on a daily basis and was super happy with it. So, I ripped out our nearly new HP APs and controller and replaced them with Ruckus gear. Easy to manage, easy to setup isolated guest SSIDs, easy to configure APs and APs that rocked when it came to supporting high numbers of active clients. It was the best decision I ever made and the Ruckus APs served us well, despite the fact that we didn’t have enough of them.

Fast forward to my last district where I once again knew Wifi was going to be important and our controller based Cisco solution with 1 AP per 3-4 classrooms just wasn’t going to cut it, so I went looking for wireless. I wasn’t looking hard though, because I knew Ruckus would do what we needed and more. However, I heard rumblings of another solution, Meraki, which promised even easier to manage APs (how could that be?) and integrated Mobile Device Management (MDM). I resisted because I knew we’d only be able to get to an AP density of one AP for every 2-3 classrooms (it was a budget thing) and I was leery of AP performance with Meraki. Well, after seeing the Meraki UI, network visibility tools and integrated MDM, I really wanted to like it but I was still concerned about AP performance.  A fellow district did extensive head to head real world classroom testing and found in classroom performance between Meraki and Ruckus to be similar. So I jumped in with Meraki. The cloud based controller made it one of the easiest district wide deployments ever. The classroom testing results were replicated in daily use with excellent active client density support and ease of management. The one place Meraki fell down a bit was in their AP coverage. One AP per 2-3 classrooms was not enough.

Now I find myself in an Aerohive district. When I got here, the system didn’t work. We brought in Aerohive engineers to try and make it work. But still, it had problems. Ready to ditch it completely, I talked to a district that had it and was happy and had to scratch my head at that one. So I took a chance, upgraded several of our 3 year old APs to the current gen (same model in use at the other district) and most of our issues disappeared. Where Merkaki is on the borderline of being too simple and Ruckus, while simple to manage, still requires a controller, Aerohive is an interesting hybrid. Not bound by a controller but with more enterprise options than either Ruckus or Meraki, it’s almost too complicated. It requires admin classes to really manage well, which means it’s more like Cisco than I would like. But I’m told a GUI for dummies is coming (just what I need) and the new APs seem to be on par with my experience with Meraki. Prices will vary, but in my experience, Aerohive is more expensive than either Meraki or Ruckus making it not as affordable as I would like.

What Would I Buy Now?

The honest answer is, I don’t know. I don’t think it would be Aerohive. The complexity and cost don’t make it a great option for small school IT departments. I really miss the UI, ease of use, and visibility of Meraki, as well as the integrated (and free!) MDM features. But in limited AP deployments, I find myself wishing for Ruckus APs. And what I want most of all is tight integration with Google Apps accounts and seamless passthrough of user credentials to my Web Filter. Maintaining different SSIDs, subnets and VLANs is a pain. I’d rather just capture a user’s Google Apps login one time and be done with it.

If only Google would buy Aerohive or Ruckus and Securly and integrate them all into GAFE, I’d be a happy camper.

A note on cabling. At my last district, in order to double the number of APs per classroom without having the time or budget to pull new cable to every AP location, we opted to back pull existing classroom network drops. This proved to be fast, less expensive and ultimately a better use of existing classroom cable. For those schools that modernized and put 12 drops in each classroom, it might make sense. My current district modernized and put dual channel raceway in, but skimped on the number of drops per classroom (1 per faceplate, 1!) so back pulling is a bit more tricky, but still fast and easy.

How are you making wifi easy for your schools?