What CIOs Need to Know About Adding Orion Wireless to Network Capabilities – Rahi
IT Infrastructure

What CIOs Need to Know About Adding Orion Wireless to Network Capabilities

By Shreyans Desai

October 28, 2021 - 4 min

Rahi_Blog_3_900x420

Your email and LinkedIn are flooded with messages from sales reps wanting to pitch new products. The last several events you attended included speakers sharing why IT leaders need to adopt new technology. Managers from other business units are looking to incorporate new capabilities that require either technology procurement, IT network configurations, policy changes, or all of the above.

As an IT leader, you’re thinking beyond what is new, cool, or innovative. You’re thinking about what actually supports the business, promotes security, can be executed within current or accessible resources, among many other factors. Not to say the other business managers don’t care about these things. They just don’t have the IT knowledge and experience that you do to know what these changes really involve.

The previous article in this series, “What Is Orion Wireless and Is It Right for My Business,” addressed if adding Orion wireless to network capabilities makes sense from a business perspective. For example, Orion makes it possible for your company to monetize its guest Wi-Fi.

This article is to help you understand more of what adding Orion wireless to network capabilities entails from a technical perspective.

The First Technical Question to Ask About Orion

As an IT leader, part of your responsibility is making sure your infrastructure and resources can physically support Orion. You also need to consider if the overall investment for setup and ongoing maintenance is worth the possible return you can receive by providing guest Wi-Fi that can be monetized.

Orion works with most commercial and enterprise Wi-Fi networks, such as those from Cisco, CommScope (Ruckus), Meraki, Juniper Networks driven by Mist AI, Fortinet, Aruba, Extreme Networks (Aerohive), and MikroTik.

The primary difference in how simple and worthwhile Orion is to set up and manage depends on what type of controller your WiFi manufacturer provides. That’s why we’re diving into the details in this article.

Does your controller support RadSec?

Check to see if your controller natively supports SECURE radius or RadSec protocol. This is because Orion WiFi uses RadSec to ensure end-to-end traffic encryption.

If the controller doesn’t support RadSec, there will be some level of effort and a potentially higher level of cost to deploy and manage Orion successfully. We’ll get to the reasons shortly.

If your controller does support RadSec, your IT team will have a simpler experience because setting up Orion, managing upgrades, patching security vulnerabilities, and applying best practices are applied automatically.

The Difference in Adding Orion Capabilities

Here’s more context on what it entails to add Orion to your Wi-Fi network.

To make this example simple, we will use Pat’s experience of setting up Orion through a controller that does and does not support RadSec.

Controller That Does Not Support RadSec

Pat is assigned to configure Orion. First, Pat needs to enable RadSec to send RADIUS authentication requests towards Orion’s WiFi authentication endpoint using Transport Layer Security (TLS). For Wireless LAN Controllers (WLC) that support RadSec natively, this should be as simple as enabling a feature.

But Pat’s WLC doesn’t support RadSec. This means Pat needs to set up a proxy infrastructure in a public or private cloud environment (i.e., AWS, GCP, etc.). Authentication requests sent to a traditional RADIUS server are not encrypted. Therefore, to transmit it outside of the company’s trusted network, Pat needs to create secure VPN tunnels. The setup doesn’t end there. Pat also needs to ensure that the computers that are running in the cloud environment have high availability. This adds up the operational cost of the network.

To visualize the end-to-end authentication flow, imagine the authentication traffic tunneled from the company network to a cloud-based proxy before being relayed to the Orion endpoint over RadSec.

As you can see, to get Orion working, Pat doesn’t just have a set of access points, controllers, and infrastructure on premise to manage. He must also set up cloud resources or additional local resources and securely communicate all this data over a private pipeline. This means more management tools, logs, and activity need to be managed.

Pat calls to tell you that intermediary infrastructure needs to be put in place just to be able to support the Orion solution. It’s making things more convoluted and a lot more challenging to set up.

A solution to circumvent these additional requirements would be deploying a platform like Juniper Networks’ Mist that supports RadSec natively.

As the IT leader, you need to consider several factors

●  Does anyone on IT staff have the additional time with their current responsibilities to effectively manage this capability?

●  Do they understand how to configure this in the cloud?

●  Who’s going to keep it up and operational at any given point in time?

●  What’s the cost of implementing this capability? Is it above and beyond what we [the business] may be getting for the value of enabling that service to customers?

●  Is enabling Orion really worth it?

Controller That Does Support RadSec

With a controller that natively supports RadSec communication, like the Juniper Mist cloud-based controller, we don’t have to worry about the multiple steps and cloud resources to set up and manage Orion.

Pat logs into Juniper Mist portal and enables the capability to open a RadSec communication with the Orion endpoint. He sets up the client and server certificates and adds them into the Mist management portal. It takes about five minutes.

That’s it. The setup is complete.

As you can see, a controller that supports RadSec greatly simplifies the set-up experience and gets IT staff out of the business of managing and operationalizing. Now IT staff can focus on serving a better WiFi experience to customers in an easy-to-use mechanism that doesn’t require all of the convoluted back-and-forth to support it.

Juniper invested in both innovating quickly in partnership with Orion and making sure that the experience is operationally simplistic. In fact, Juniper Mist is the early mover and leader in providing native RadSec for Orion.

Juniper Mist helps any user managing an Orion environment get set up and operational as quickly as possible. This isn’t only because of the native RadSec built into the controller. Other capabilities such as artificial intelligence (AI) also help drive a seamless network operations experience. These are huge benefits, especially when finding IT resources who understand how to reconfigure these networks is challenging. It’s more valuable to lean into a platform that offers simplicity from a configuration and operational perspective than to hire staff with this level of expertise and experience. In fact, it’s one reason so many companies choose Rahi.

Next Steps

It greatly helps to have Juniper Mist or at least a controller with native RadSec. Regardless of what type of controller you have, Rahi will help make Orion work with your WiFi manufacturer. Rahi has a proven track record of deploying Orion across enterprise campuses, malls, airports, and other venues. Just complete the “Contact Us” form and ask our team when someone reaches out to you.

This article is the third in our Orion Wireless series. Join the discussion on our LinkedIn.

Here are links to the first two articles in case you missed them:

●  How to Simplify and Monetize Guest Wi-Fi Access

●  What Is Orion Wireless and Is It Right for My Business?

Coming up next in this series is:

●  How to Test Orion Wireless and Get Flexible IT Procurement Options

Can’t wait to learn more about Orion? Sign up to request the Juniper Mist Orion Wireless test kit so you can see it in action.

 

Authors

  • Shreyans is a Solutions Engineering Manager at Rahi and he leads the Networking team. His experience includes enterprise, data center and service provider routing, switching and security solutions across multiple vendors, as well as cloud computing solutions such as Amazon Web Services and OpenStack. He has a Master of Science in Electrical Engineering degree from San Jose State University. In his free time, he takes pictures of landscapes around the Bay Area.

  • Prathamesh Rahate is a Network Engineer at Rahi. Since joining in 2019 he has been involved with delivering Professional Service projects. Starting his career as a Network Support (NOC) Engineer working on network environments like Data Centre, Campus Network & Office Networks, he has now transitioned into a Solutions Engineering role. He is part of the Pre-Sales Engineering team at Rahi. Prathamesh holds a Master’s degree from the San Jose State University majoring in Computer Networks. An avid sports fan, he enjoys Cricket, Soccer and Basketball.

, Solutions Engineering Manager

IT Infrastructure
Feb 01,2022
MDR, EDR, and XDR: What’s the Difference?

Endpoint: the Start point of the Attacks Endpoints have become the focal point of many cyberattacks. Hackers are...

IT Infrastructure
Dec 28,2021
The Role of Penetration Testing in Developing a Sound Security Stratergy

Why is Penetration Testing Important? In IDG’s 2021 Security Priorities study, 90 percent of security leaders said...

IT Infrastructure
Oct 28,2021
​​How to Simplify and Monetize Guest Wi-Fi Access

Guest Wi-Fi has been a pain point for years. Layered security requirements, access permissions, disclaimers, and other...

IT Infrastructure
Oct 28,2021
What is Orion Wireless and is it Right for My Business?

Many generations and updates to Wi-Fi technology have entered the market, but there’s none like Orion...

IT Infrastructure
Oct 28,2021
How to Test Orion Wireless and Get Flexible IT Procurement Options

You read articles, look at industry reviews, attend webinars and speak with different manufacturers. You think you...

IT Infrastructure
Jul 27,2021
How LoRaWAN Enables Efficient, Long-Range IIoT Connectivity

We talk a lot about the number of smartphones, tablets and other mobile devices accessing Wi-Fi networks. But that is...

Get in touch with our experts for a free 30-minute strategy
consultation

Let our experts design, develop, deploy and manage your requirements while you focus on what's important for your business

Book a Consultation
error: Content is protected !!