CommScope RUCKUS Community Forums

I am well aware of the benefits of cloud based architecture and Cloud managed WiFi is fine, but not in an enterprise environment when your network is hosted by a 3rd party, I have one word... Security!

I can't see why you would be prepared to pass on you network certifcates/login credentials to a 3rd party to manage unless you want to use the Cloud as a proxy and still have your own server farm for auth (which kinda defeats the object, as if you already have a server farm then you might as well spin up a vSCG), but you're clearly not thinking that, as you want to tunnel all the traffic back to the Cloud to breakout.

Tunnelling traffic is fine for breakout, but you would need a local data plane in this solution as the hike in client traffic being tunneled would have an detrimental effect on the core network if it were cloud based and broken out at the Cloud core. This would obviously mean that the cost of the core network would escalate and be passed on to the end user.

You talked about controller upgrades - you would still be hit by outages when the 3rd Party decided to upgrade. Have you thought about being able to get multiple different companies to agree on outage times, I would imagine that would be a nightmare as you have no control (you would have to have a Cloud based core in every time region for this to be feasible).

What if you discovered a bug, how would you troubleshoot and how could you roll back if the firmware was having an effect on your network config?

The list goes on, but I would say there is a lot to think about when it comes to Cloud based enterprise WiFi when it comes to a 3rd party running it.

A few misconceptions, client traffic is not tunneled, only management traffic. Client traffic is sent straight to the internet just as it is in controller architecture. There is no outage during cloud based controller upgrades for 2 reasons : HA is handled in the cloud (redundancy in the cloud) and the APs can function normally if the controller is unreachable. The only time the controller should become unreachable would be during an Internet outage, in my invionment, Internet outages bring 100 percent of users to a halt because we are fully utilizing cloud based storage and applications. Having access to a wifi connection during an Internet outage is utterly useless to me. If I lose my Internet service, my clients lose all productivity, no matter where the controller is located. About your bug scenario, I understand your concern here. I guess we just have to believe our provider thoroughly tests all upgrades before deploying them. Authentication already takes place in the cloud for our users via Google apps credentials.

You can tunnel client data traffic to a controller so that its centrally broken out as opposed to local breakout at the AP, I just didn't read your post correctly or I wouldn't even have commented 🙂


You can also configure on current Ruckus roadmap to have the AP's stop broadcasting the SSID if it can't see the gateway i.e. router is down

Note: I have personally asked this value to be change to accomodate a configurable address, as the gateway can be up, but there is no internet, as the gateway in most conditions is this router.

If you think that vendors QA cover all funtionality then dont be thinking this at all as you will be opening yourself up for a fall!

If you are using Google login credentials using OAuth are you not concerned that these email accounts are hosted on a server you have no control over?

In regards to your comment:

There is no outage during cloud based controller upgrades for 2 reasons : HA is handled in the cloud (redundancy in the cloud) and the APs can function normally if the controller is unreachable.

This is not entirely true as MESH networks for example are affected and there are others impacts you would need to think about.