https://urgentcomm.com/wp-content/themes/ucm_child/assets/images/logo/footer-new-logo.png
  • Home
  • News
  • Multimedia
    • Back
    • Multimedia
    • Video
    • Podcasts
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2022 Winter Showcase
    • IWCE 2023 Pre-event Guide
  • Commentary
    • Back
    • Commentary
    • Urgent Matters
    • View From The Top
    • All Things IWCE
    • Legal Matters
  • Resources
    • Back
    • Resources
    • Webinars
    • White Papers
    • Reprints & Reuse
  • IWCE
    • Back
    • IWCE
    • Conference
    • Special Events
    • Exhibitor Listings
    • Premier Partners
    • Floor Plan
    • Exhibiting Information
    • Register for IWCE
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Terms of Service
    • Privacy Statement
    • Cookie Policy
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • Mission Critical Technologies
    • TU-Auto
  • In the field
    • Back
    • In the field
    • Broadband Push-to-X
    • Internet of Things
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Call Center/Command
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Network Tech
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Operations
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Regulations
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • Organizations
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
Urgent Communications
  • NEWSLETTER
  • Home
  • News
  • Multimedia
    • Back
    • Video
    • Podcasts
    • Omdia Crit Comms Circle Podcast
    • Galleries
    • IWCE’s Video Showcase
    • IWCE 2023 Pre-event Guide
    • IWCE 2022 Winter Showcase
  • Commentary
    • Back
    • All Things IWCE
    • Urgent Matters
    • View From The Top
    • Legal Matters
  • Resources
    • Back
    • Webinars
    • White Papers
    • Reprints & Reuse
    • UC eZines
    • Sponsored content
  • IWCE
    • Back
    • Conference
    • Why Attend
    • Exhibitor Listing
    • Floor Plan
    • Exhibiting Information
    • Join the Event Mailing List
  • About Us
    • Back
    • About Us
    • Contact Us
    • Advertise
    • Cookie Policy
    • Terms of Service
    • Privacy Statement
  • Related Sites
    • Back
    • American City & County
    • IWCE
    • Light Reading
    • IOT World Today
    • TU-Auto
  • newsletter
  • In the field
    • Back
    • Internet of Things
    • Broadband Push-to-X
    • Project 25
    • Public-Safety Broadband/FirstNet
    • Virtual/Augmented Reality
    • Land Mobile Radio
    • Long Term Evolution (LTE)
    • Applications
    • Drones/Robots
    • IoT/Smart X
    • Software
    • Subscriber Devices
    • Video
  • Call Center/Command
    • Back
    • Artificial Intelligence
    • NG911
    • Alerting Systems
    • Analytics
    • Dispatch/Call-taking
    • Incident Command/Situational Awareness
    • Tracking, Monitoring & Control
  • Network Tech
    • Back
    • Cybersecurity
    • Interoperability
    • LMR 100
    • LMR 200
    • Backhaul
    • Deployables
    • Power
    • Tower & Site
    • Wireless Networks
    • Coverage/Interference
    • Security
    • System Design
    • System Installation
    • System Operation
    • Test & Measurement
  • Operations
    • Back
    • Critical Infrastructure
    • Enterprise
    • Federal Government/Military
    • Public Safety
    • State & Local Government
    • Training
  • Regulations
    • Back
    • Narrowbanding
    • T-Band
    • Rebanding
    • TV White Spaces
    • None
    • Funding
    • Policy
    • Regional Coordination
    • Standards
  • Organizations
    • Back
    • AASHTO
    • APCO
    • DHS
    • DMR Association
    • ETA
    • EWA
    • FCC
    • IWCE
    • NASEMSO
    • NATE
    • NXDN Forum
    • NENA
    • NIST/PSCR
    • NPSTC
    • NTIA/FirstNet
    • P25 TIG
    • TETRA + CCA
    • UTC
acc.com

Wireless Networks


Turn ’em loose

Turn ’em loose

Today's Wi-Fi makes it easier and safer to deploy federal teleworkers.
  • Written by Urgent Communications Administrator
  • 1st March 2010

It used to be easy to plan and deploy networks for remote users. In the 1990s, network architects built branch office networks largely based on a simple design, using Ethernet local area networks (LANs) for desktop computer connectivity and wide area network (WAN) routers connected to T-line circuits leading to the headquarters’ data centers. At the time, branch-office applications were not terribly complex — mostly file and print services, corporate e-mail, and a few client and server applications. And while almost everyone had a desktop computer back then, very few people worked from home and enterprise remote access was rare and of limited use.

Over the last 20 years, a significant number of organizational and technology initiatives were spawned — some designed to streamline productivity and others to reduce capital or operational costs — that caused a huge number of changes to mission and application requirements for networks, and drove new branch-office and remote-access requirements. These initiatives were seen across both general and government enterprises, and varied from the rapid adoption of “anywhere” computing (which includes the rise in telecommuting) to the need for mission-critical application access from anywhere. Couple this with the dramatic increase in contract employees who need secure access (typically remotely) and the plethora of end-user devices used today, and you get a networked application environment that is extremely complicated.

When trying to address the above changes and needs, most organizations experience significant challenges, as the majority of available solutions only address one part of the problem and don’t provide support for a superset of the requirements. For example, desktop virtualization systems are excellent in their ability to support employees and contractors simultaneously, but they don’t provide significant support for voice/video communications. Similarly, VPN client/server systems provide excellent support for all applications, but they are challenging to install and maintain remotely, especially on non-government-owned devices.

Which leads to this question among CIOs: Given all of these changes and new requirements, can government agencies provide employees and non-employees policy-compliant and secure remote communications access to all applications, no matter where they are located, while using a simplistic architecture to ensure supportability and cost containment?

The answer is yes, and the key is Wi-Fi.

Today’s Wi-Fi networks create a highly robust, secure and standardized model for remote-user access, regardless of where an end user may be connecting. Wi-Fi solutions now exist that meet and exceed government security standards. Some of the key advances and features that now make Wi-Fi a viable and optimal option for government agencies, especially when considering telecommuting options, include:

Standard security models. Implementation of enterprise-class Wi-Fi (interchangeably called 802.11i or WPA2) requires client-device and/or user authentication via standard protocols to an authorization system — such as Microsoft Active Directory, lightweight directory access protocol (LDAP) or basic RADIUS server — prior to attachment to the wireless LAN. Basic user authentication can be extended further by providing advanced user authorization using the same infrastructure — not only governing whether the user is allowed to attach to the network, but further controlling the applications and systems with which the user is allowed to communicate.

Enterprise-class 802.11i also requires cryptology during user authentication and user-data traffic flow, ensuring traffic is protected from eavesdropping. In addition, many operating systems, handheld devices and WLAN infrastructure products that feature Wi-Fi support have been through the rigorous Federal Information Processing Standards (FIPS) 140-2 testing process to ensure the cryptology is government-grade.

One key, but subtle fact about these standards-based security mechanisms is that enterprise Wi-Fi requires them to be implemented, where other standard client-connectivity methods (Ethernet, for example) do not. Since Ethernet connectivity generally assumes the same device (and therefore user) is attached to the same port at all times, additional client software (such as VPN clients) must be provided as an overlay user-authentication and access-control mechanism — adding to cost and complexity. In short, everything is included in the enterprise Wi-Fi specification to ensure secure, high-performance connectivity for government users. Moreover, Wi-Fi can provide support for any computing environment, including remote access, all while keeping equipment and installation costs to a minimum.

Easily and rapidly deployable. Wi-Fi is now a standard interface on most commonly used devices found in a mobile-user environment, including laptops, specialized handheld devices, smartphones and printers. The operating systems that support these Wi-Fi interfaces have 802.11i-compliant client drivers with common configuration methods and a common feature set. Configuring 802.11i-compliant devices for network and user access is very similar, regardless of device type, making initial configuration and ongoing troubleshooting easy. Equally important, augmentation via additional software isn’t necessary; all the required security and network-connectivity mechanisms are provided by standard operating system clients.

Wherever you are. Networking products that feature WLAN access points are available that have been purpose-built for branch office environments, the telecommuter’s home office and even mobile environments, allowing the logical and secure extension of the government agency network to these locations across any IP backbone. With the advancement of metro-Ethernet IP services, broadband Internet access technologies and 3G/4G cellular services, the branch or home office literally can be installed in minutes and can exist anywhere. And as mentioned above, many products have been validated by the appropriate government agencies to ensure their security posture meets standards.

Make every application available. Many remote access methods rely on firewall pinholes that allow a few specific applications to be accessed remotely, which is limiting factor and actually increases management complexity. Using Wi-Fi infrastructure as the standard for remote client connectivity allows the extension of the entire logical network to the end-user. The client device simply sees an L2 virtual local area network (VLAN) and L3 IP network extended to them that follows them wherever they go, without any reconfigurations necessary on the client or network. Data center security infrastructure can be used to enforce fine-grained security policies, which allows all applications to be exposed, simplifying infrastructure deployments at the remote sites while still enforcing appropriate access security policies. Instead of using Outlook Web Access when at home and Outlook in the office — while also using a VPN client for data center server access — different policies for network access can be enforced by a common infrastructure. Users can enjoy a consistent experience, no matter where they need access.

Multiple vendors now provide Wi-Fi-enabled solutions that are specifically designed to support the needs of the remote branch office, the SOHO teleworker and the traveling remote worker, all while enabling easier remote IT support. Here’s how it works:

The branch office. In this example, a government agency needs to provide access to all of its information systems and networks (let’s dub this “AgencyNet”) to numerous remote branch offices of 50 or more users each. Some users are employees who require full access to agency information systems, while others are contractors on specific projects with only limited access. To meet these requirements, several government-owned access points (APs) are deployed in each remote branch office to provide high-performance WLAN access, and are connected via Ethernet to the appropriate WAN network connection of choice for the given office. All other security and server systems are located in the data center, where they are shared among all sites and users. During the Wi-Fi device and user authentication process, the user is identified and managed properly by the security infrastructure in the data center. Users who do not have valid credentials cannot access any branch office or data center network. Once connected, employees and contractors will have role-based access to all authorized systems.

The telecommuter or small- or home-office (SOHO) end user. Employees who work in one of the branch offices also may need telecommuting access to AgencyNet in their home offices. In this example, the government agency can provide the employees with an agency-owned access point that the employees connect to their home broadband Internet router. AgencyNet goes live in their home office and the employees activate their laptops and smartphones, authenticating to the network. Similarly, the employees now have access to all applications and communications systems without using an alternative method of applications access or software.

The benefits of supporting a remote work force by building a remote-access architecture based on Wi-Fi standard technologies are numerous:

Reduce the cost of supporting the end-user client systems. Wi-Fi client systems are ubiquitous — all have similar configuration processes and characteristics regardless of device type. Also, they don’t require ancillary client software to provide a secure, FIPS 140-2 policy-compliant connection to data-center applications. All of these factors go directly towards reducing the cost of operating the remote network through standardization and simplification.

Reduce the cost of data center infrastructure. Similarly, by basing your remote access architecture on Wi-Fi technologies, it is possible to build a simpler remote access network in the data center that eliminates the need for VPN concentrators, SSL-VPN servers, security proxy servers and complex firewall configurations. Through this elimination comes simplicity, and further reductions in the cost of ownership.

Make the network more flexible and more secure at the same time. Unlike other remote access solutions, Wi-Fi-oriented solutions can make every application and communications system available using role-based access control — all that is required is an access point configured to securely attach to the government agency network. And government-grade Wi-Fi solutions are built with security in mind, not as an add-on component, and are tested to ensure stringent policy compliance.

Today’s network requirements are incredibly complex. Users in government organizations, like commercial organization employees, require access to all of their applications through multiple devices in any environment, whether at home, at the office or in a temporary location.

Network administrators must address these needs in a manner that is secure, flexible and does not add to the plethora of existing connectivity mechanisms. Wi-Fi networks can simply and easily meet the needs of users, administrators and regulatory bodies in a secure and cost effective manner. Most importantly, Wi-Fi provides users what they need ? a consistent connectivity experience regardless of location — and the agency what it requires — security, flexibility and control over network access.

Maybe the problem isn’t so complicated after all.

  • Read the “Anywhere computing” sidebar to learn how advances in technology have extended the workday and the workplace in commercial and government organizations.

David Logan is vice president-strategy for Aruba Networks Government Solutions.

Related Stories

  • Enterprise VoIP 911 could lead to broader location solutions
  • IP: infinite possibilities

Anywhere computing

Advances in technology have extended the workday and the workplace in commercial and government organizations, while telecommuting has reduced the amount of required shared space and increased employee flexibility. Many business-continuity plans now require employees to be redeployed and productive within a single business day and a medium-sized branch office to be operational within days of notice. Real estate optimization initiatives have reduced office lease periods, thereby increasing the rate of branch redeployments. Due to an organization’s mission or because of the situation, branch work environments may now actually be mobile. These requirements and trends dictate that users will need access to computing systems from anywhere and secure connectivity must be provided to the entire user population independent of location.

Supporting all applications: Government agencies have evolved their information systems to streamline operations, resulting in an increasing number of mission-critical applications and communications systems. When coupled with work-anywhere initiatives, agencies no longer can rely on firewall pinhole techniques to expose a few applications to a remote access community; instead, all applications and voice and/or video communications systems must be available to all users, independent of location.

Network access for non-employees: Contractors frequently are used by government agencies to augment their permanent staff, and many agency missions have evolved to require interagency collaboration. Both of these scenarios mandate providing information systems access to non-employees on a temporary basis. This makes it necessary to support both employee users and non-employee users and provide role-based access to infrastructure and information systems.

Any-device computing: The number and type of end-user computing devices now employed by the user community have increased dramatically. Each has a different purpose and form factor, and may or may not be open in terms of device or software manageability. Because of the previously mentioned organizational changes, these devices may or may not be government-owned. Policies that prevent usage on the government network have limited enforceability and in the future, all will require secure, policy compliant connectivity to the government agency network.

Simple architecture: In response to many of the above changes, IT organizations used point product solutions to extend specific applications outside the government agency walls. This resulted in anywhere from five to 10 different ways to connect remotely. To control cost and complexity, a new secure connectivity model using a single uniform architecture must be employed, simplifying the hardware and software infrastructure for IT in order to support and ensure a consistent end-user experience.

Tags: Local Area Call Center/Command Wireless Networks

Most Recent


  • AT&T claims LTE coverage edge, FirstNet build more than 99% done
    AT&T claims a 250,000-square-mile coverage advantage and that the planned five-year deployment of the FirstNet public-safety broadband network operating on the 700 MHz Band 14 spectrum licensed to the FirstNet Authority is more than 99% complete as a contractual deadline approaches this week. AT&T—the contractor responsible for building and maintaining the FirstNet public-safety broadband system—made […]
  • Verizon
    Verizon Frontline supports U.S. Forest Service efforts against wildfires
    Verizon Frontline increased its support of entities responding to wildland fires during 2022, particularly the U.S. Forest Service (USFS), which accounted for more than half of this activity by the carrier’s Crisis Response Team, according to the carrier. Cory Davis, Verizon’s assistant vice president for public safety, said that Verizon Frontline provided communications support to […]
  • Autonomous-vehicle consequences could include more traffic
    Most discussions about driverless, autonomous cars, have led to claims that they will help reduce congestion. Not so, says the RAC Foundation. It cites a UK government report which believes the opposite is true. Claiming that driverless cars could increase congestion by 85% by 2060. Presently, it’s thought that drivers lose more than 80 hours […]
  • Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest
    Researchers from France-based pen-testing firm Synacktiv demonstrated two separate exploits against the Tesla Model 3 this week at the Pwn2Own hacking contest in Vancouver. The attacks gave them deep access into subsystems controlling the vehicle’s safety and other components. One of the exploits involved executing what is known as a time-of-check-to-time-of-use (TOCTTOU) attack on Tesla’s Gateway energy […]

Leave a comment Cancel reply

To leave a comment login with your Urgent Comms account:

Log in with your Urgent Comms account

Or alternatively provide your name, email address below:

Your email address will not be published. Required fields are marked *

Related Content

  • The battle over connected cars drags on
  • UK officials revamp ESN plans again, target Airwave-to-LTE transition for end of 2026
  • PSCR: Dereck Orr highlights features of June 21-24 virtual event
  • FirstNet buildout on pace for March 2023 completion, AT&T official says

Commentary


Updated: How ‘sidelink’ peer-to-peer communications can enhance public-safety operations

  • 1
27th February 2023

NG911 needed to secure our communities and nation

24th February 2023

How 5G is making cities safer, smarter, and more efficient

26th January 2023
view all

Events


UC Ezines


IWCE 2019 Wrap Up

13th May 2019
view all

Twitter


UrgentComm

AT&T claims LTE coverage edge, FirstNet build more than 99% done dlvr.it/SlXZfr

27th March 2023
UrgentComm

Verizon Frontline supports U.S. Forest Service efforts against wildfires dlvr.it/SlX1g3

27th March 2023
UrgentComm

Autonomous-vehicle consequences could include more traffic dlvr.it/SlWr67

27th March 2023
UrgentComm

Tesla Model 3 hacked in less than 2 minutes at Pwn2Own contest dlvr.it/SlVJg9

26th March 2023
UrgentComm

SES: JP Hemingway on satellites’ role in the digital divide, D2D and disasters dlvr.it/SlTL4h

25th March 2023
UrgentComm

House members introduce $15 billion NG911 funding bill dlvr.it/SlS0Lr

25th March 2023
UrgentComm

ADRF: Sun Kim discusses company’s new hybrid in-building wireless solution dlvr.it/SlRtSQ

25th March 2023
UrgentComm

U.S. cell towers and small cells: By the numbers dlvr.it/SlRn6N

25th March 2023

Newsletter

Sign up for UrgentComm’s newsletters to receive regular news and information updates about Communications and Technology.

Expert Commentary

Learn from experts about the latest technology in automation, machine-learning, big data and cybersecurity.

Business Media

Find the latest videos and media from the market leaders.

Media Kit and Advertising

Want to reach our digital and print audiences? Learn more here.

DISCOVER MORE FROM INFORMA TECH

  • American City & County
  • IWCE
  • Light Reading
  • IOT World Today
  • Mission Critical Technologies
  • TU-Auto

WORKING WITH US

  • About Us
  • Contact Us
  • Events
  • Careers

FOLLOW Urgent Comms ON SOCIAL

  • Privacy
  • CCPA: “Do Not Sell My Data”
  • Cookie Policy
  • Terms
Copyright © 2023 Informa PLC. Informa PLC is registered in England and Wales with company number 8860726 whose registered and Head office is 5 Howick Place, London, SW1P 1WG.