Not so long ago wireless networks were advanced technology, a gimmick. It was deemed high tech to set up an access point for the sales guy, who had the only laptop in company. Today everyone has a laptop and people are expected to wander around the office and work here and there, but always with equal efficiency. Back then it was sufficient to access email and occasionally browse web pages. Today video conferencing and learning videos have bandwidth requirements in a completely different scale. Designing the wireless network has become important. Parts of the design process are the same as in wired networks, but the radio path does bring its own challenges.
Capacity planning is familiar from wired networks. How many users? What kind of applications? What kind of latencies can be tolerated? How much bandwidth? User mobility does bring some uncertainty to these calcaulations. One day they all sit with their laptops in the same room, where there is only a single access point – and no one is happy. Still, all the access points have to be connected to the network and these connections must provide enough bandwidth and preferably have redundant paths. In many offices a single hardware failure can stop all work.
The same security principles can be applied from wired to wireless networks. You can create a few wireless networks (different names a.k.a. SSIDs) and connect these to different VLANs on the wired side. This way you can separate sales, management and R&D to their own virtual networks. Technically slightly more challenging way is to use a single network, authenticate users and forward their data to the proper VLAN on a per user basis. WPA2 Enterprise provides for user based authentication and personalized settings using 802.1X.
The most difficult aspect of WiFi design is the radio path, because you can't see it. How many access points do we need and where? What kind on antennas? Do we have full coverage or are there holes? Is the capacity sufficient?
In the early days access points were expensive, so usually only one was bought and placed in the middle of the office. This worked fine when there were just a few users with no specific requirements for bandwidth or latencies. Today user count is not the right metric, because every user has multiple devices: a laptop, a smartphone and often a tablet. Smartphone battery capacity is very limited, so is their transmit power. You need to have an access point near every phone, so you need to have multiple access points. Multiple access points will interfere with each other unless you turn down their transmit power, typically on par with the lowest powered smartphone (10-15mW). Do not leave all access points on full power, which is usually the factory default.
Managing multiple access points becomes a burden. Consumer grade access points are managed individually, typically through a web interface. Keeping just five access points in synch regarding setting and updates is a chore. Look for some kind of centralized management solution when choosing access points. With a centralized controller you can update settings and apply updates to all access points with a single action.