Once all of your APs are in place, you (or your IT staff) need some way to manage them effectively. If you have a small coverage area and just a handful of APs, managing each access point individually is easy and cost-effective. For deployments that cover multiple floors or whole buildings, a centralized management platform such as a Wireless LAN controller is the way to go.
Wireless LAN controllers are appliances (sometimes built into firewalls or other security devices) that allow you to configure and manage an entire wireless network from a single Web-based user interface. Their job is to push out a common configuration to each AP, thereby eliminating the need to set up each one manually. Some controllers can also automatically change Wi-Fi channels to avoid radio congestion. The primary benefits of using a wireless LAN controller are quick deployment and automatic optimization, without requiring network staff to monitor APs constantly. And when you have dozens or even hundreds of APs to keep track of, you need all the automation you can get.
Another management feature to consider is an AP's ability to classify traffic based on VLAN (virtual LAN) or QoS (quality of service) tagging. Not all APs have these features, which is another reason to stay away from non-business-grade access points. IT can apply a VLAN tag to a specific group of users and segregate the wireless traffic for that group, providing better control over which resources they can access and which are off-limits. For example, VLANs can force all Wi-Fi traffic out to the Internet only or to the corporate Web portal, preventing it from accessing internal file servers. Similarly, a QoS tag can ensure that business-critical traffic such as voice over IP gets the bandwidth it needs, while noncritical traffic such as Internet radio doesn't hog the bandwidth. This approach lets admins classify wireless traffic at the access point, so that they can apply bandwidth management at the source. Managing VLAN assignments and QoS tagging from a wireless LAN controller makes overall administration easier and helps eliminate human error during configuration.
In any wireless network, should be paramount. Permitting unsecured APs on the enterprise can allow casual users access inside the network. Even for controlled guest access, such as a walled garden, it's still a good idea to require all users to secure their connections by using a passphrase at the encryption level, or at least a username and password at the Web portal. Access points support various encryption algorithms, including WEP, WPA, and WPA2-Enterprise. All are better than no encryption. But unless you have a specific reason for using it, avoid WEP, which is relatively easy to break and is no longer viewed as a secure encryption method.