Your email and LinkedIn are flooded with messages from sales reps wanting to pitch new products. The last several events you attended included speakers sharing why IT leaders need to adopt new technology. Managers from other business units are looking to incorporate new capabilities that require either technology procurement, IT network configurations, policy changes, or all of the above.
As an IT leader, you’re thinking beyond what is new, cool, or innovative. You’re thinking about what actually supports the business, promotes security, can be executed within current or accessible resources, among many other factors. Not to say the other business managers don’t care about these things. They just don’t have the IT knowledge and experience that you do to know what these changes really involve.
The previous article in this series, “What Is Orion Wireless and Is It Right for My Business,” addressed if adding Orion wireless to network capabilities makes sense from a business perspective. For example, Orion makes it possible for your company to monetize its guest Wi-Fi.
This article is to help you understand more of what adding Orion wireless to network capabilities entails from a technical perspective.
The First Technical Question to Ask About Orion
As an IT leader, part of your responsibility is making sure your infrastructure and resources can physically support Orion. You also need to consider if the overall investment for setup and ongoing maintenance is worth the possible return you can receive by providing guest Wi-Fi that can be monetized.
Orion works with most commercial and enterprise Wi-Fi networks, such as those from Cisco, CommScope (Ruckus), Meraki, Juniper Networks driven by Mist AI, Fortinet, Aruba, Extreme Networks (Aerohive), and MikroTik.
The primary difference in how simple and worthwhile Orion is to set up and manage depends on what type of controller your WiFi manufacturer provides. That’s why we’re diving into the details in this article.
Does your controller support RadSec?
Check to see if your controller natively supports SECURE radius or RadSec protocol. This is because Orion WiFi uses RadSec to ensure end-to-end traffic encryption.
If the controller doesn’t support RadSec, there will be some level of effort and a potentially higher level of cost to deploy and manage Orion successfully. We’ll get to the reasons shortly.
If your controller does support RadSec, your IT team will have a simpler experience because setting up Orion, managing upgrades, patching security vulnerabilities, and applying best practices are applied automatically.
The Difference in Adding Orion Capabilities
Here’s more context on what it entails to add Orion to your Wi-Fi network.
To make this example simple, we will use Pat’s experience of setting up Orion through a controller that does and does not support RadSec.
Controller That Does Not Support RadSec
Pat is assigned to configure Orion. First, Pat needs to enable RadSec to send RADIUS authentication requests towards Orion’s WiFi authentication endpoint using Transport Layer Security (TLS). For Wireless LAN Controllers (WLC) that support RadSec natively, this should be as simple as enabling a feature.
But Pat’s WLC doesn’t support RadSec. This means Pat needs to set up a proxy infrastructure in a public or private cloud environment (i.e., AWS, GCP, etc.). Authentication requests sent to a traditional RADIUS server are not encrypted. Therefore, to transmit it outside of the company’s trusted network, Pat needs to create secure VPN tunnels. The setup doesn’t end there. Pat also needs to ensure that the computers that are running in the cloud environment have high availability. This adds up the operational cost of the network.
To visualize the end-to-end authentication flow, imagine the authentication traffic tunneled from the company network to a cloud-based proxy before being relayed to the Orion endpoint over RadSec.
As you can see, to get Orion working, Pat doesn’t just have a set of access points, controllers, and infrastructure on premise to manage. He must also set up cloud resources or additional local resources and securely communicate all this data over a private pipeline. This means more management tools, logs, and activity need to be managed.
Pat calls to tell you that intermediary infrastructure needs to be put in place just to be able to support the Orion solution. It’s making things more convoluted and a lot more challenging to set up.
A solution to circumvent these additional requirements would be deploying a platform like Juniper Networks’ Mist that supports RadSec natively.
As the IT leader, you need to consider several factors
● Does anyone on IT staff have the additional time with their current responsibilities to effectively manage this capability?
● Do they understand how to configure this in the cloud?
● Who’s going to keep it up and operational at any given point in time?
● What’s the cost of implementing this capability? Is it above and beyond what we [the business] may be getting for the value of enabling that service to customers?
● Is enabling Orion really worth it?
Controller That Does Support RadSec
With a controller that natively supports RadSec communication, like the Juniper Mist cloud-based controller, we don’t have to worry about the multiple steps and cloud resources to set up and manage Orion.
Pat logs into Juniper Mist portal and enables the capability to open a RadSec communication with the Orion endpoint. He sets up the client and server certificates and adds them into the Mist management portal. It takes about five minutes.
That’s it. The setup is complete.
As you can see, a controller that supports RadSec greatly simplifies the set-up experience and gets IT staff out of the business of managing and operationalizing. Now IT staff can focus on serving a better WiFi experience to customers in an easy-to-use mechanism that doesn’t require all of the convoluted back-and-forth to support it.
Juniper invested in both innovating quickly in partnership with Orion and making sure that the experience is operationally simplistic. In fact, Juniper Mist is the early mover and leader in providing native RadSec for Orion.
Juniper Mist helps any user managing an Orion environment get set up and operational as quickly as possible. This isn’t only because of the native RadSec built into the controller. Other capabilities such as artificial intelligence (AI) also help drive a seamless network operations experience. These are huge benefits, especially when finding IT resources who understand how to reconfigure these networks is challenging. It’s more valuable to lean into a platform that offers simplicity from a configuration and operational perspective than to hire staff with this level of expertise and experience. In fact, it’s one reason so many companies choose Rahi.
Next Steps
It greatly helps to have Juniper Mist or at least a controller with native RadSec. Regardless of what type of controller you have, Rahi will help make Orion work with your WiFi manufacturer. Rahi has a proven track record of deploying Orion across enterprise campuses, malls, airports, and other venues. Just complete the “Contact Us” form and ask our team when someone reaches out to you.
This article is the third in our Orion Wireless series. Join the discussion on our LinkedIn.
Here are links to the first two articles in case you missed them:
● How to Simplify and Monetize Guest Wi-Fi Access
● What Is Orion Wireless and Is It Right for My Business?
Coming up next in this series is:
● How to Test Orion Wireless and Get Flexible IT Procurement Options
Can’t wait to learn more about Orion? Sign up to request the Juniper Mist Orion Wireless test kit so you can see it in action.
Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business