Friction Free Wireless Network Best Practices for Cloud First

Recently, we published some tips for a strong Cloud First network in your office. In that post, I discussed the importance of not forgetting that with a modern, cloud first organization comes the necessity for a solid gateway that can handle the capacity, and good range and coverage of Wi-Fi in all the nooks and crannies of your office.

Expanding on that post, in this article I will talk about our approach at Regroove to ensure our offices have ‘friction-free’ wireless that supports our team and our guests while maintaining a solid network security.

Setting up Your Cloud First Network

To get started, you’ll want to set up three wireless networks at your office. Why three?

  1. A wireless network for staff
  2. A wireless network for guests with a captive portal
  3. A hidden perimeter network for security devices and peripherals

Staff Network

For staff, you want a cloud first network that is easy to join devices to, but with a robust password. When staff leave the company, you simply update the password and communicate it to your team.

Even better, you can actually authenticate the staff member using LDAP, RADIUS, or other methods. In other words, staff type in their email address and company password to join. When staff leave the company, you simply disable their user account and they will no longer be able to access your Wi-Fi.

In our office, we named our staff Wi-Fi network ‘Regroove Staff’.

Guest Network

If you plan on providing a Wi-Fi network for guests, be sure to be a good cloud first host by providing a reliable and simple to join network. At our office, we ensure our guest network includes:

  • An easy to find network name. This ensures guests know exactly which network to join.
  • A captive portal. This means providing a web page that appears as soon as the guest joins, where you can include company branding, a friendly welcome message, and the terms of your wireless network.
  • A limited timeframe before requesting the guest rejoin. We set our timeframe to 4 hours so that we can comfortable provide a simple to remember password that guests can quickly enter and rejoin. By having a 4 hour window, we prevent others from using our network permanently.

In our office, we named our Guest Wi-Fi network ‘Regroove Guests’.

Hidden Perimeter Network

Finally, this last one is a cloud first pro tip! We always create a third, hidden network for devices that are going to stick around for the long term. Why?

If all devices (staff included) end up joining the main network, even your peripherals (printers, scanners, wireless access points), iOT devices (smart plugs, lighting systems) and security devices (cameras, door locks, sensors) would all have to be frequently updated and changed for security reasons (such as when a staff member departs).

As such, our perimeter network is:

  • A hidden, wireless network for security devices, network equipment, peripherals, and internet-of-things devices.
  • Enforced with a very strong password and with limited knowledge of that password.
  • Rarely changed (it is a big job to change; upwards of 40 devices).

These devices are ideally ‘set and forget’, including printers, security cameras, smart plugs, our Google Home, etc. For this network, we recommend not even broadcasting that it exists. It’s for internal eyes only and joining it should be a managed and governed process.

In our office, we named out perimeter Wi-Fi network ‘Regroove Perimeter’.


While ensuring that a strong network for your staff is the first priority of any cloud first office, there are many other network considerations to be taken into account. When setting up your network access, we recommend a staff, guest, and perimeter network to ensure your staff and guests have access to fast and secure Wi-Fi, while your security and other permanent devices exist out of the public eye.

Questions? Get in touch!