EnGenius has plenty of ambition for EnGenius Cloud; they want it to be the best choice for medium/small enterprise organisations, Managed Service Providers (MSPs) and System Integrators (SIs). They plan to achieve this by offering a network environment from the cloud that can provide everything a modern organisation demands.
We got our hands on some test kit and decided to put EnGenius Cloud through its paces to see if their ambition is misplaced…
Products featured
For the purposes of this review, we used:
ECW230S ECW230S is a Wi-Fi 6 (802.11ax) 4×4 Cloud Managed Indoor Access Point engineered with Wireless Intrusion Prevention System (WIPS) radio and Zero DFS radio detection interfaces for listening spectrum and channel utilization by the WIPS radio and detect DFS signal via Zero DFS radio.
| |
ECW336 ECW336 is a Wi-Fi 6E (802.11ax) 4×4 Cloud Managed Indoor Access Point. The increased spectrum bandwidth delivered empowers the newest generation of Wi-Fi 6E devices to achieve faster speeds, lower latency and higher capacity.
| |
ECS1528FP The ECS1528P Cloud Managed 240W 24-Port PoE Switch features simplified network configuration, monitoring, and management options along with an easy-to-use Web interface. Power compatible PoE devices such as IP cameras, VoIP phones, and Access points.
|
The ECW336 has a 5 GbE connection, whilst the ECW230S has a 2.5 GbE connection. However, the ECS1528FP switch does not go beyond 1 GbE on the copper network ports, except for the 10 Gb SFP+ ports. If you want a switch that supports multi-gigabit, then you should consider models that start with ECS2 or ECS5. For example, ECS2528FP is the 2.5 GbE variant of the ECS1528FP which has eight of the twenty-four copper ports as 2.5GbE.
On a slightly more personal note we found the ECW230S and ECW336 to be very sleek and ascetically pleasing. This may seem unimportant, but when these devices are mounted it’s good to know that they have a low profile and look good. One point to note is that the mounting kit provided can only be used on T-rails but EnGenius have said they are going to develop a new mounting kit, which offers more options. There are also two wall mounting points on the access points themselves.
The simplicity of the cloud
One of the things we like best about the EnGenius Cloud platform is that onboarding (and potentially offboarding) products is extremely easy. Because everything runs in the cloud, you can preconfigure everything. Not only things like SSIDs, but also VPN tunnels and switch-specific settings can be configured and entered even before the devices are connected and booted. This is especially ideal for MSPs and SIs. Once the products connect to the Internet and then to the EnGenius Cloud, they then get all the configuration and settings. The network is then fully operational and ready to use.
The onboarding process can be simply done by scanning the devices QR code found on the product using the Android or iOS app. “Cloud To Go” from EnGenius then the app will ask you if you want to add the product to an (existing) network. If you select this option, you do not need to do anything else. The AP or switch will also be updated to the latest firmware during the onboarding process. Alternatively, you can also add devices manually by entering their serial numbers into the web console.
EnGenius is confident of its cloud capabilities and is eager to demonstrate them through a live demo.
Many features as standard
Whilst most Access Point vendors charge a mandatory subscription fee for their cloud management platform or offer a licence free option that isn’t suitable for most customers, meaning that they are more or less forced to buy a license upgrade. EnGenius has taken a significantly different approach as it provides many features as free in their Basic Plan. EnGenius do also offer a Pro licence too which has some advanced features, and increased capacities. Customers wanting to use Pro may do for a year without additional cost by using the complementary Pro license that is included with every device before making a decision on which licence they need for year 2 onwards.
The web interface
Now it’s time to take a little closer look at the environment itself. We are going to be using the web interface as this is what most people are going to use, but the application used to onboard the devices can also be used as it is fully functional.
The first thing you notice when you access the cloud portal with an EnGenius account is that the home page (dashboard) is very neat with good use of eye-catching colours to make things clear. The “spider web” image in the upper left shows the overall status of the network enabling at a glance, for you to see if there are problems with your network and what they are. On the top right of the page you can see the different types of equipment and their status and the number of connected clients. Further down on the page there is an overview of the wireless throughput, as well as seeing the which access points have the highest load, the most bandwidth using clients and which SSIDs are using the most bandwidth. At the bottom, you can see which applications are driving the traffic and the operating systems involved. If this screenshot had been taken in a commercial environment, the high positioning of DisneyPlus would undoubtedly have raised a few eyebrows!
Numerous configuration options
On the left of the screen is a menu bar with four icons. These are “Management,” “Configuration,”Analyze “,” and “EnSky.” The latter is not important here, as it is a link to the on-premise EnSky controller for other EnGenius product lines. The Analyze page is where the logs are found and the page is self-explanatory.
‘Configure’ is especially important when initially setting up the network and configuring it. Of course, you can return to this page later for further configuration if required, for example if you want to perform an important firmware update and you don’t want to wait for the predetermined update schedule. In addition to the configuration options for the three types of equipment (AP, switch, gateway), you can access some more general settings. For example you can set VLANs, create an ACL and make some general settings.
For APs, switches, and gateways, the configuration options are excellent. For access points, the extensive options available for captive portals particularly stand out. There are many authentication options, and the splash page that can be created has a real built-in WYSIWYG editor as well as advanced direct HTML access if wanted. So good customisation is possible. It also has a preview function for laptops, as well as for tablets and smartphones. Also, if you want some of the encryption methods allow you to easily share Wi-Fi access and required configuration for clients by printing a QR code, for clients to scan. For switches, the ability to enable a Voice VLAN stands out in particular. When this is enabled it adds the ability for voice devices to be automatically assigned to a specific VLAN based on either MAC address or by advertising the Voice VLAN by LLDP in addition to assigning the VLAN the switch can also mark the traffic with a QoS priority. By default, most of the well-known voice vendor’s MAC address are already present, but you can add your own.
Managing everything perfectly
The configuration screens are obviously important, but they are not all that exciting. When you go to the “Management” tab, things get really fun. This is where the added value of the cloud kicks in. If you press the diagnostics button in the access point or switch overview (we don’t have a gateway), a full-screen carousel appears with all sorts of information being made available as well as allowing for diagnostic actions. Here you can see the real-time load of the access point, run traceroute, speed tests, and see the ping response times of various standard services. If you do the same for switches, you can also see the load and test the cables. There are additional Pro functions also available for both types of equipment, which we will return to later.
In addition to many details about the equipment, the topology of the network can be displayed graphically in this tab. Here you can see exactly how the various components are connected. In our case it’s not particularly interesting since we have only a very small network. In more complex environments however it is very useful to have it. You can also show on a map where the devices are located and upload a map of the room where the products are being used. All of this is fairly standard for modern network management environments. If you have a Pro license (see below for more information), you can also see connected third-party hardware.
At the bottom of this tab you can access an overview of connected clients. Here you can see all the information that might be useful in case of problems with clients. Think about the access point they are connected to, but also the SNR and RSSI, to determine the quality of the connection. It is convenient that here you always get a so-called friendly name for a client. This is sometimes not easy to bring home. This is the task of the manufacturer of such a device. But fortunately EnGenius has not chosen to give only the MAC address as a name. Of course, it is possible to change the hard-to-interpret friendly names once you know which device it is.
One of the features of the ECW230S is also highlighted on this page. Specifically, this model includes a BLE module which makes it possible to scan for other nearby Bluetooth devices. This is very interesting from a security point of view. Whilst no actions can be taken against the detected devices because there is no actual (Bluetooth) connection to these devices, it is possible to see the MAC address and, if available, the manufacturer of the devices.
Pro configuration features
The Basic Plan offered by default by EnGenius Cloud contains the required features for many uses and organizations. These organizations do not need to upgrade to a Pro license. However, there are several interesting Pro functions in EnGenius Cloud. We would like to briefly highlight one of them here. Let’s start with the Pro functions that have to do with equipment configuration. The first Pro feature we highlight is the ability to create templates for network switches. Whenever you add a new switch, it adopts the exact configuration of that template. This includes items such as VLANs, but also link aggregation and port-specific settings.
For SSIDs there are a number of Pro features available, these are clearly indicated as below
Looking at access point configuration, SmartCast is a feature that can be particularly useful in hospitality environments. It allows visitors to cast to televisions in rooms through the network, without being visible to others. Anyone with a Chromecast will recognize it: if someone in the network is casting, you receive a notification on all Android phones in the network.
Two other configuration features for access points that may be useful in specific cases are WPA2-MyPSK and the ability to set up EoGRE tunnels. WPA2-MyPSK is an authentication method that associates each device with its own VLAN as well as allowing an individual pre-share key to be used per user or client device, this improves the security of the network. With an Ethernet-over-Generic-Routing-Encapsulating (EoGRE) tunnel, a Layer 2 tunnel is set up between different sites, that is, across gateways. This created a bridge between two separate L2 domains, making the networks transparent to each other. In other words, devices in both networks can “see” each other.
Positive features for management
The above examples are interesting in themselves, but the Pro features that really show the muscles of EnGenius Cloud are found in the “Management” tab. If you go to the client overview and select a client, you can see exactly how that client moves through the network. Of course, this Timeline feature is only useful with devices such as smartphones and laptops. You get a timestamp to the second of when the device connected to the access point. Exposure analysis is also interesting as it allows you to see what other devices on the network the client has been exposed to. In other words, what other clients can “see” the client.
Turning to the diagnostic tool for access points mentioned earlier, the ECW230S once again displays a powerful function. In particular, this access point allows for a complete analysis of the frequency spectrum. You can see exactly where the interference is, and on which channel the signal is best. You also get a list of clients connected to each access point.
The client list is also available as a Pro function for switches. However, it is also possible to perform packet capture for each port on the switch. The switch, or rather EnGenius Cloud, produces a PCAP file in which all traffic is recorded for, by default 60 seconds, but you can set the capture time to between 10 and 3600 seconds. Additionally you can set all kinds of filters for excluding or including specific traffic in advance, so if you know approximately what you are looking for you can omit a lot of noise from the capture. You get the capture as a download, which you can open with a third-party tool such as Wireshark. You can then analyse the data and determine in detail any problems, and then fix them.
Keep in mind however that if you want to capture packets over a long period of time you will need to filter. The memory of a switch is limited, so if you want to be able to create large packet capture files, you can opt for port mirroring to a computer connected locally which has a large hard disk or SSD drive instead.
EnGenius Cloud API
A final Pro feature we would like to highlight is the EnGenius Cloud API. This is a feature that transcends the network. This allows MSPs to connect back-office systems to customer environments by the utilisation of the REST API. This allows changes to be made from the back-office system (an ERP, for example) to the EnGenius Cloud environments of customers. For example, if an order is created in the ERP system to ship an access point to a customer, this system can then immediately sends this information to the EnGenius Cloud. The serial number of the new access point is then immediately added to the organisation and the network. If this is done for a new customer, the new organisation and network are also immediately created at this point. The customer only has to physically mount and plug the access point in. This can also works in reverse. If a device is returned, an organisation cancels a subscription or a device has to be replaced, a change in the ERP system ensures that it is also immediately visible in the customer’s organisation.
Another usage scenario of the EnGenius Cloud API concerns the service department. When an employee in this department asks a customer for the customer number (or another way to identify the customer), he immediately sees what equipment the customer has. In addition, the employee immediately sees if any products are offline and which customers are active. This should ensure a quick resolution of common problems. Of course, it is always possible to investigate problems with the more comprehensive diagnostic and troubleshooting tools of the EnGenius Cloud. This will then be done by second-line support.
Conclusion: EnGenius Cloud offers ease of use and a rich feature set
EnGenius Cloud is a very powerful cloud platform for network management, and the standard features are sufficient for most customer requirements, so it’s not essential to upgrade to the Pro license. An exception here is if you are choosing a security AP, as the Pro features are where the added value of these models lies.
In the future the Pro offering will be expanded (not at the expense of the functions currently included as standard) to increase the value of upgrading. For example, with the addition of BLE and scanning radios, it is possible to start thinking about crowd control applications.
If you are an MSP, SI or a medium/small business looking for a wireless network with cloud management you should consider EnGenius. If you compare the EnGenius hardware and management features to that of other vendors it performs very well, and it is a more cost-effective solution to boot.