Using the RT-AC66U in an enterprise environment?

[cdysthe]

Hi,

I am working for a start-up which will end up with around 15 employees by the end of the year. Internet use will be heavy at all times so we need hardware that works. All employees connect using WI-fi and all we need in addition to that is to connect a network printer and some storage. We have tested several smaller enterprise routers, but when I brought my RT-AC66U for a spin at the office it outperformed all we had previously tested. It was especially WI-fi performance that was phenomenal. The ASUS reached areas with a stable signal that none of the other three expensive routers were able to cover, and up and download speeds were better in general. We do not have a system admin yet and none of us are networks specialists, so I thought I should ask here: What would be the main arguments against using a RT-AC66U in such and environment? My colleagues worry since it's very cheap compared to the alternatives we have tested, and someone asked if the built in VPN was good enough for use in our environment. And then there's of course the firewall aspect. None of us know enough to determine if we need more than what the ASUS offers.

 

[clintb]

It's just a straight up SPI firewall, nothing more. It is not a UTM appliance, which means no deep packet inspection, no gateway AV, no filtering of botnets, nothing. It's good enough for the normal home user, and possibly the business that does not handle sensitive data. For anything else, I would not put my name on the installation.

I guess it really comes down to this: how sensitive is the data you/your co workers handling?

Which enterprise routers have you tested?

BTW, I own the AC66 for home use. At work, I'm in Sonicwall firewalls a fair amount of the time and a few Checkpoint 600 series.

 

[dweiss]

Your answer depends on several issues.

As already discussed, the firewall within a router such as the RT-AC66U is rather limited. However, there is no rule that routers and firewalls have to be in the same box. I do not know if the other routers you are evaluating have built in firewalls, but using a separate firewall, whether with the AC or the other devices is certainly an option.

In any professional environment reliability should be a significant concern. How much down time can you afford? How can you best deal with a failure when it happens? Do you want to rely on service contracts, phone support, etc? One advantage of the RT-AC66U may well be the simple choice of buying more than one of them and keeping a backup unit per-configured and in the box ready to be swapped in if anything goes wrong with the primary unit. That may not be a realistic option with more expensive units and could ultimately give you less downtime than otherwise. Even the best service contracts do not solve the problem of what to do while you are waiting for the service rep to show up! Duplicate equipment can fix that problem.

What sort of resources do you want to devote to managing your network? Particularly if you do not wish to employ a full time network staff, the use of simple equipment like the ASUS may be to your advantage. I once had to deploy a network with a core of several Cisco 7000 routers in a fail-over configuration and about 60 of Cisco's 3600 routers, back when those types of machines were about the best you could get. Our network infrastructure was mission critical in a way that few are, so we needed the hardware, along with the 24/7 support personnel to keep it running. Needless to say, the cost of the equipment and the staff to keep it all going was rather high. The fact that you can even consider the ASUS suggests that your needs are much lower and that you can afford something less than 99 percent uptime. There is a lot of money to be saved within the margin of "good enough" to "near zero downtime."

From what you have said so far, none of us can do much more than speculate on many of the key issues. With that in mind, I might wonder if you even need the wireless capability for most of your personnel. In most office environments, wired networks still provide a level of performance and security that few wireless configurations can approach. A well designed hard-wired network with a wireless router for a few users that cannot be reached by the wire for whatever reason might also be a useful compromise to consider.

There is more to consider, but it will still come back to the issue of what type of enterprise you are supporting, what your most critical IT needs are, what level of performance and reliability do you really need, and what levels of the same can you really afford?

Good luck,

-Danny.

 

[cdysthe]

Thank you guys for advice. I am currently in the air so I can't list the routers we tried. Two of them were router and firewall in one and one was a Cisco combo with separate firewall. But none of them offered wi-fi coverage like the Asus. Maybe we should look into a separate firewall in front of the Asus? We could also keep an extra Asus on hand in case it burns out.

We are a software company so a lot if the data is sensitive. The firewall must work well. None of our developers are very good with networking so we have to make decisions based on outside advice.

Sent from my Moto X using Tapatalk 2.

 

[RMerlin]

I would look at having a separate firewall. Sonicwall or Netscreen for example. Then, use an Asus router as an access point.

Not sure how your performance will be with so many clients however, you might need to look at higher-end products intended for business use. Are you really sure you want your whole LAN over wifi?

 

[cdysthe]

Everyone seems to want to run around with a laptop or tablet and not have to plug into a LAN, so I am pretty sure they all will want to be on a wireless connection except for two desktop machines that will be wired to the LAN. I also worry a bit about having 10-12 people on there at all times. Maybe I can find a enterprise class product with the same wi-fi performance as the Asus? I do not really know where to look though.

 

[RMerlin]

Everyone seems to want to run around with a laptop or tablet and not have to plug into a LAN, so I am pretty sure they all will want to be on a wireless connection except for two desktop machines that will be wired to the LAN. I also worry a bit about having 10-12 people on there at all times. Maybe I can find a enterprise class product with the same wi-fi performance as the Asus? I do not really know where to look though.

The main issue about wireless and multiple clients is that bandwidth is shared. If the users often need to transfer large files over the wireless network, it will quickly become a bottleneck.

Wifi is great for light traffic such as web browsing, or having one single client doing heavy transfers. For an actual corporate LAN where you might need to transfer a lot of files - not so much. Not to mention having to actually support this wide range of devices, some of which might not really like connecting with your router.

 

[PrivateJoker]

The main issue about wireless and multiple clients is that bandwidth is shared. If the users often need to transfer large files over the wireless network, it will quickly become a bottleneck.

Wifi is great for light traffic such as web browsing, or having one single client doing heavy transfers. For an actual corporate LAN where you might need to transfer a lot of files - not so much. Not to mention having to actually support this wide range of devices, some of which might not really like connecting with your router.

Not to mention doing backups of the machines to a central server/NAS/SAN would be brutally annoying over wifi.

And also now that many portable devices will download several hundred MB and up sized OS updates when they are pushed out over wifi, I've heard of that bringing down small office networks when multiple people's iOS device all started downloading an iOS update in the background on their own, more or less simultaneously. So much syncing defaults to automaticly on now.

In an enterprise situation it can be super annoying when one person's phone starts to automatically sync up to an iOS shared photo stream and is now downloading a GB of photos, because they are being pushed to it, at the expense of everyone else's bandwidth. Or two iPads automatically update the new 1.2GB version of Infinity Blade in the background, etc.

 

[Nerre]

For such an environment I would not rely on one single device to take care of both routing and WiFi.

I would set up one wired router/firewall, one separate NAS/Printer server and separate (preferrably centrally managed) wired access points.

If one access point goes down you can still connect to other ones, and bandwith available for each client will be higher than if they all connect to the same access point.

If the router goes down you will still be able to access the storage media and the printer. If the NAS goes down you will still be able to access the internet. (Ok, if the machine running the DHCP server goes down you will get some problems, but it will be easy to hook up a spare router to get that part fixed.)


I think you could get three Netgear WNR3500L for the same price as a RT-AC66U.