Case Study: Co-Working

christin-hume-309877-unsplash.jpg

Requirements:

  • High availability, with redundancy
  • Multiple groups with differing quality of service
  • Ability to collect data about user patterns
  • Easily on-board new users or guests onto network
  • Prevent guests from interfering with customers' traffic

Solution:

  • High availability techniques such as WAN load balancing, link-aggregation at distribution layer, active-passive first-hop, overlapping wireless coverage areas
  • VLAN tagging to segregate different classes of data, including management, customers, and guests
  • Application layer visibility, with traffic shaping per application, per SSID, and per user
  • Traffic prioritisation for latency-sensitive traffic such as VoIP calls
  • Unique login credentials for wireless users to prevent password sharing
  • Guests can create accounts which are throttled down to prevent bandwidth starvation
  • Triangulation and RSSI values provide information on user movement and hot-spot areas throughout the day
 

For over two years, Megatron Technology has been working with several co-working spaces to engineer a network catered to the emerging trend of communal working.

While most co-working spaces choose to build networks like a traditional office network, they actually had a very different set of requirements. For example, unlike traditional offices, users sitting side-by-side may not know each other, and would prefer if their computers were not discovereable by other users on the network.

In addition, users in a co-working space have a higher expectation of the network, and generally expect a higher up-time and quality of service than home or traditional office networks. In theory, creating multiple networks with different passwords, each having its own set of policies and rules, would solve this problem. However, in reality, passwords are handed out freely to guests and visitors, rendering the segregation useless in most cases. This also places a load on admin staff, having to hand out passwords to guests and new users when required. 
 
Troubleshooting also becomes an issue, especially when there isn't a dedicated IT staff on site. Unlike a traditional office network, users expect connectivity issues to be fixed quickly, without having to wait several hours for a vendor to be activated. With the trend of hot-desking, it also becomes difficult to predict which areas in the space would have a higher user density than others, which would affect the wireless signal strength.


Megatron Technology has developed a solution which addresses all these solutions, and has run its proof-of-concept on multiple co-working spaces to great success. 

First, Megatron Technology tackles the basics: Dual WAN links with weight-based load balancing, wireless access points with overlapping coverage areas, and link aggregation between distribution layer devices. Wireless access points should automatically scan for "crowded" channels and hop onto channels with less interference.

Megatron Technology then implemented VLAN tagging and trunking, and segregated user types into different VLANs—typically managament users, customers, and guests.

The next step is to apply different policies to each group of users, both in terms of security and quality of service. For example, guests can be limited to 5 Mbps per user and a cumulative total of 50 Mbps for all guests. Voice and Video applications are given priority over other network types, and bandwidth consuming applications such as torrents are classified with a lower priority, and are usually rate-limited to a low speed per user. For example, using BitTorrent is prohibited on the guest network, is limited to 2 Mbps per user on the tenant network, and is not restricted on the management.

Bandwidth optimization begins with bandwidth utilization visibility

Bandwidth optimization begins with bandwidth utilization visibility

In terms of security, traffic from each VLAN are not routed inter-vlan, and even users within each VLAN should have no access to other users in the same VLAN, except when specified. Shared resources such as printers and copiers are placed in a separate subnet, and all users are given access to this subnet.

Instead of having a WPA key which would be passed to each user, users are able to associate to the wireless network to create their own accounts with which to surf the internet. Verification emails are then sent to these users to ensure that legitimate email addresses are used. Once verified, they are allowed to surf the internet. This is a process which requires no human interfacing, and the space is now able to collect email addresses of guests and tenants. Having unique accounts instead of a shared WPA key also meant that customers would not share privileged access with their guests, and each user is accountable for internet usage.

Lastly, Megatron Technology utilises triangulation and RSSI values to create heat maps of users, and when overlayed onto physical blueprints, allowed the co-working spaces to track user movement and hot-spot areas throughout the day. In addition to this, the wireless network is able to track user behavior such as visit frequency and visit duration, which provides valuable information about how users use the space.

Example of location analytics capability

Example of location analytics capability

Example of heat map

Example of heat map