By Andrew Froehlich
Building owners and operators seeking to deploy wireless IoT devices and sensors throughout their properties will want to pay careful attention to their needs from the perspectives of WiFi connectivity, performance, and security. As the number of wireless devices, types and use-cases continues to rise, it exposes weaknesses in existing WiFi deployment architectures. Let’s look at four ways modern smart building WiFi deployments can be bolstered to better support the growing wireless needs of today’s smart buildings.
1. True wall-to-wall coverage
Early generation in-building WiFi deployments focused on areas where occupants tended to congregate. Common locations included lobbies, conference rooms and other shared spaces. In many instances, entire sections of a building may have been excluded from wireless coverage as the likelihood of someone requiring network connectivity in these spots was low at the time.
However, thanks to the proliferation of wireless IoT sensors and expanded use of mobile-device-equipped facilities, physical security and other building-management teams now demand complete wall-to-wall coverage that also extends to outdoor areas. This includes previously excluded locations such as elevator shafts, maintenance rooms, rooftops, and parking garages.
2. Cabling, PoE and multi-gig switching
From a physical layer perspective, twisted pair cabling upgrades may be required to achieve the most out of modern WiFi 6 and 6E technologies. Category 5e cabling is still commonly found in buildings that are 10+ years old. When connecting WiFi 6 and 6E access points (APs) to a switch using Cat 5e cabling, transmit and receive speeds over the wiring can achieve a maximum of 1 Gbit/sec. However, the latest generation of wireless APs have a bandwidth capacity that can exceed 1 Gbit/sec. To squeeze the most performance out of a new WiFi deployment, cabling should be upgraded to Category 6A or higher rated cabling. This allows for switches to be upgraded to ones that use multi-gigabit Ethernet technologies that transports data from the AP to the wired LAN at either 2.5 or 5 Gbits/sec. This eliminates a potential network bandwidth bottleneck that can negatively impact overall network performance.
Additionally, as Power over Ethernet (PoE) devices become more sophisticated, they often require more power to operate. Older twisted-pair cabling was not designed to deliver power over a maximum of 30 Watts at a 100-meter distance. However, many of the latest WiFi APs, ultra-HD (UHD) surveillance cameras and certain IoT sensors require PoE delivery as high as 90 Watts. Thus, be certain that your existing cabling is evaluated to be sure that it can support the PoE needs of each connected device. If it cannot, new cables will have to be pulled that will ensure the safe delivery of power at higher wattages.
3. Antenna selection
Depending on the interior or exterior environment of a building or campus, such as standard office spaces, atriums, maintenance/engineering floors, parking garages or outdoor common areas, choosing the right WiFi antenna is an important consideration. Most enterprise-grade APs can be purchased with either built-in internal antennas or with BNC connectors to connect an antenna of your choosing. WiFi access points with built-in antennas were designed for typical office space deployments that include physical obstructions such as drywall, cubicle barriers, office-grade doors and glass. For areas that contain concrete or plaster walls, large metal machines, or where WiFi signal must be propagated in a specific direction, antenna styles such as yagi, panel and parabolic may be a better option for coverage and performance.
4. Secure micro-segmentation
Strict WiFi access controls must be put in place to dictate what devices on the wireless network can talk to others. Low-cost wireless IoT devices and sensors are notorious for shipping with outdated and insecure firmware. Micro-segmentation that’s found in many wireless LAN architectures works to counter this risk by identifying specific devices/sensors and dynamically applying security access policy to those devices. If a malware outbreak were to occur, the infected devices in this segment would be isolated to a small portion of the overall network, limiting the ability for the malware to spread.