When there is limited visibility in your WiFi environment, umbrella cross-domain monitoring is a must!
It is not unusual for organizations to decide to go with a multi-vendor setup to provide public WiFi Internet access to its internal and external users and customers. In such cases, a typical environment might consist of the following elements:
- Cisco Meraki performing WiFi management functions;
- Cisco WiFi Access Points (APs);
- Switches, routers, and other networking equipment that provide connectivity;
- HPE’s Aruba ClearPass performing policy management functions.
This landscape has the potential to provide great service and excellent user experience. Meraki’s role is to manage APs and provide one or more SSIDs. ClearPass takes care of access credentials and implements different policies to manage end-user activity on the WiFi network. Network infrastructure maintains connectivity among all the systems, as well as access to the Internet.
However, the operation of this system comes with hidden costs when something goes wrong: IT and network engineers’ high-stress levels and dissatisfied WiFi users. Engineers must provide reliable system operations, react fast to any problem that may arise, and fix it promptly, ideally even before users become aware of the problem in the WiFi network. In order to do their job right, there must be a way to gain end-to-end visibility over the whole system by combining alarms and performance data from all the components of the WiFi environment.
Management functions that come with the platforms are not enough …
Only limited visibility is available within the Meraki system and WiFi APs. Meraki is aware of Cisco switches used to connect the APs, but only at the level of CDP (Cisco Discovery Protocol). Meraki is only aware of the port on the switch to which the corresponding AP is connected. But what about the rest of the network and how to locate connectivity issues without knowing the complete network topology?
Connectivity is only the first half of successful access to the Internet for any end user. ClearPass must grant rights and exchange tokens with the end-user application to grant Internet access. When users complain, there might be a problem in the network performance, Meraki controlled APs or ClearPass itself. How can one know?
To have the whole system under control, engineers must be able to combine all available performance data and correlate it in order to know the actual status of the network and pinpoint the problem. The only possible way to achieve this is by implementing unified management with an umbrella system such as UMBOSS.
UMBOSS integrates with Meraki, ClearPass, and the network to provide a unified view over the whole setup
UMBOSS integrates with Cisco Meraki, but at the same time collects inventory, fault, and performance data from the rest of the network. It consolidates data to provide a unified view over WiFi and the underlying transport network. Next, it integrates with ClearPass to collect information about connection attempts, number of requests, number of successful sessions, etc.
Here’s how end-to-end connectivity is monitored: the UMBOSS Automatic Discovery and Reconciliation Management (ADM) module obtains topology information from Meraki as well as the rest of the network infrastructure. Meraki provides CDP-based topology while L2 topology of the rest of the network is discovered by UMBOSS ADM by combining CDP, LLDP, and other protocols supported by different vendors of networking equipment present in the network. These topologies are overlapped in order to provide a unified topology view within the UMBOSS Network Device Management (NDM) module.
Schematic topology view in the UMBOSS Portal
When all devices have been discovered and reconciled in UMBOSS NDM, then one is assured that all network elements are being monitored.
UMBOSS collects all event and performance data from Meraki-controlled APs, the rest of the network, and consolidates it all to provide a unified view over all alarms and all performance metrics. Network engineers can now easily analyze any connectivity issue and understand the nature of the problem. The problem is promptly localized by means of alarm enrichment. Network performance issues can be tracked and resolved fast, even before users become aware of them.
Now collected ClearPass data kicks in. With all connectivity and session performance data in one place, it’s easy to:
- create meaningful operational reports
- calculate KPIs across the whole network
- create dashboards that provide a high-level view of the network
For instance, one can easily compare the number of sessions on WiFi with registered sessions on ClearPass to learn the level of discrepancy that may indicate a global problem with access to the service. Or one can compare the number of unsuccessful connection attempts with performance data in the network to learn if the poor performance of the network affects the number of users. There are many more examples . . .
Benefits for busy engineers