Wireless is one of those strange technologies that always seemed like a good idea but I’ve never been sure of an application at my work, news organisation ITN which wouldn’t just have been putting it in for the sake of doing it.
The core applications we run are not best suited to wireless as we need guaranteed delivery of video and audio streams to our desktops. The bandwidth limitations and shared access would not allow us to cope with peak loads. This, coupled with the general nervousness about security, has meant that I kept an eye on what was happening in the wireless arena without any real plans to implement.
The trigger to revisit this came when I signed off yet another purchase order for replacement PCMIA network cards used for the presenter laptops on one of our studio sets. These cards and the associated cables were being repeatedly broken by people treading on or straining cables. This looked like an application where wireless would make sense but it wasn’t quite that straightforward a decision to take.
Interference with other wireless
We use "talkback" systems to enable the production teams to communicate with people on the studio floor, and these run at frequencies near to the 2.4GHz spectrum space used 802.11b/g. We had to run tests to ensure the wireless network wouldn’t interfere with studio talkback or any other broadcast system. These went well so we were in a position to proceed. Our plan was to install a wireless network and bring it in through our firewall using VPN to ensure the system was secure.
At about the time when I thinking of getting the wireless project underway, I saw the Trapeze Mobility Exchange reviewed here) at the Networks show in Birmingham and was immediately impressed. It appeared to offer a central management solution for multiple wireless access points with built-in authentication, security and VLAN features. Although it was a new product on the market, my confidence in it was boosted when I learned that our main network equipment supplier and maintainer, Telindus, had decided to bring it into their portfolio. Having worked closely with them over the past 6 years, I respect their technical judgement and once we had talked it through in some detail I decided to go with the Trapeze offering.
A wireless switch
The key to the Trapeze solution is the Mobility Exchange, or MX20, which I would describe as an intelligent switch with built in PoE and some clever application specific functionality. The MX20 carries the configuration for all of the wireless access points connected to it as well as the security and VLAN settings. It has command line and http interfaces for direct management or can be controlled from a Trapeze management tool called Ringmaster.
There are a variety of access points available with different radio configurations allowing you to run multiple wireless standards on the same access point or have a totally resilient access point with multiple uplinks from separate MX20’s driving separate radios.
Ringmaster makes configuring quite complex setups very easy and offers a function that can import AutoCAD drawings of your office layout and use them to form a model that can predict radio coverage. This would be very useful if trying to cover a large area with many users in it as the model takes into account the different radio channel and transmitter power settings that can be defined for each access point.
Our application is much simpler so we have played with this functionality but not used it to predict coverage in our studios. The large amounts of metal clutter in the form of cameras, lights and set structure would have made for a very complex model so we relied on common sense and testing to place our access points
Authentication and security
Once the radio parameters of the MX20 are set up, you need to define a user access policy which will determine how the users interact with the network. The mobility exchange offers a range of internal and external authentication options and it is possible to mix them based on rules defined in the configuration.
We have chosen to use an existing RADIUS server which can pass on requests to our windows domain controllers giving us another level of control and logging. The client computers make their authentication requests using the MS-CHAP variant of Protected Extensible Authentication Protocol (PEAP). If the user is defined in the RADIUS database and has supplied valid Active Directory credentials the RADIUS server grants access to the network and defines the VLAN for the user.
The VLAN setup we are operating is fairly simple with just 3 being bought into separate ports on the MX20 but this will grow as we start to migrate off our existing ATM network to Ethernet later this year. We will then be in a position to provide an 802.1q tagged feed into the MX20 allowing us to grant access to any of our VLANs. This is an important feature for us as we use VLANs to control the UDP broadcast traffic that carries updates from our range of Newsroom computer systems.
The Trapeze solution has some other nice features including the ability to run scheduled or on-demand RF sweeps. These can be used to detect other radio networks or workstations that might interfere with your own. You can also search for connected users and unauthorised connection attempts.
The only real problem we had to solve was for an access point that needed to be located over 100m away from the MX20. Once a port is defined as having an access point attached PoE is enabled which meant we had to be careful when connecting a UTP to Fibre converter. The opposite applied at the other end where we had to source a suitable PoE injector as the access points can only be powered down the line.
The project has gone very smoothly to date and we are currently planning to make greater use in our studios with a tablet PC and wireless laptops being used as part of the new look to ITV news programmes.