Document Information:

Similar documents
TECHNICAL SPECIFICATION WIDE AREA MOBILE DATA (WAMD)

AN APPLICATION OF ENTERPRISE WLAN SYSTEM FOR A UNIVERSITY CAMPUS

ARUBA MULTIZONE DATA SHEET

Simple, full featured and budgetary deployment of single AP or distributed APs Hot-Spot for small scale projects.

Version 1.0 July LHR Airports Limited see photolibrary.heathrow.com. Managed LAN. Technical specification

WAP9112/9114 Quick Start Guide

RUCKUS CLOUD WI-FI Cloud Managed Wi-Fi

Copyright 2011 Nomadix, Inc. All Rights Reserved Agoura Road Suite 102 Agoura Hills CA USA White Paper

The Neutron Series Distributed Network Management Solution

Delivering the Wireless Software-Defined Branch

extreme Power AC1200 Dual Band +17dBi +Heater Outdoor Access Point (800mW)

A connected workforce is a more productive workforce

A42 Enterprise WiFi that just works.

IW-100GX-N. CenOS 5.0 Software Core. extreme Power 11n 2.4GHz 1x1 In Wall PoE Access Point (800mW)

A Series Enterprise WiFi that just works.

Nuclias by D-Link is a complete cloud-managed networking solution for small to medium-sized organisations with one or more sites.

LCOS 8.82 RC1 Feature Notes.

Creating Wireless Networks

Unleashed & Cloud Wi-Fi Updates

23 Must-Have WiFi Features

How to social login with Aruba controller. Bo Nielsen, CCIE #53075 (Sec) December 2016, V1.00

CLEARPASS GUEST. A ClearPass Policy Manager Application DATA SHEET KEY FEATURES THE CLEARPASS ADVANTAGES

QuickSpecs. Aruba ClearPass Guest Software. Overview. Aruba ClearPass Guest Software A ClearPass Policy Manager Application.

Aruba Central. Tech Webinar, October 6 th Christian Dupont, Britto Jagadesh & Barath Srinivasan

A Series Enterprise WiFi that just works.

Basic Wireless Settings on the CVR100W VPN Router

The Aruba S3500 Mobility Access Switch

Simplifying the Branch Network

The UCOPIA express solution

A62 Access Point. Enterprise Wi-Fi that just works. Netsurion makes Wi-Fi smarter and simpler. Diverse solutions

helloheathrow The newsletter for Commercial Telecom customers

TECHNICAL NOTE MSM & CLEARPASS HOW TO CONFIGURE HPE MSM CONTROLLERS WITH ARUBA CLEARPASS VERSION 3, JUNE 2016

Exam HP2-Z32 Implementing HP MSM Wireless Networks Version: 7.1 [ Total Questions: 115 ]

OM Series Wireless networking simplified

BYOD: BRING YOUR OWN DEVICE.

Grandstream Networks, Inc.

AXILSPOT 2x2 MIMO Dual-Radio ac Indoor or Access ces ASC120. Uncompromising performance for high density wireless deployments.

Wireless LAN Solutions

SUB-TITLE WLAN Management-as-a-Service

MOBILITY ACCESS. SITA/iPass WiFi. By: Viraj Suralia 03 Feb 2017

HiveManager Local Cloud

Case Study Captive Portal with QR Code authenticator assisted

Junivo WiFi360 Integration with Aruba Networks WiFi Infrastructure. Feb, 2017 Junivo

Release Notes for Avaya WLAN 9100 AOS-Lite Operating System WAP9112 Release WAP9114 Release 8.1.0

MSP Solutions Guide. Version 1.0

CUSTOMER PORTAL. Creating Venues & Groups

Aerohive Private PSK. solution brief

Comprehensive Networking Buyer s Guide

A62 Access Point. Netsurion makes Wi-Fi smarter and simpler. Diverse solutions. Enterprise Wi-Fi that just works. Hospitality

AC1200 Dual Band Wireless Controller Kit TEW-821DAP2KAC (v1.0r)

1. Wi-Fi in a School Environment

cnpilot Enterprise AP Release Notes

This solution is fully reproducible and has been deployed in live environments.

ARUBA INSTANT Combining enterprise-class Wi-Fi with unmatched affordability and configuration simplicity

Your wireless network

Wireless access for Oxford University Staff on Oxfordshire NHS sites

Securing BYOD with Cisco TrustSec Security Group Firewalling

Ruckus ZoneDirector 1106 WLAN Controller (up to 6 ZoneFlex Access Points)

Application Example (Standalone EAP)

Information Technology Policy Board Members. SUBJECT: Update to County WAN/LAN Wireless Standards

Aruba Instant. Validated Reference Design. Chapter 2 Branch Connectivity. Version Roopesh Pavithran Andrew Tanguay

Business Class Wi-Fi Solution

UCOPIA EXPRESS SOLUTION

UCOPIA EXPRESS SOLUTION

Configuring Hybrid REAP

Cloudpath and Aruba Instant Integration

Ruckus ZoneDirector 3450 WLAN Controller (up to 500 ZoneFlex Access Points)

Quick Start Guide for Standalone EAP

Cisco WAP351 Wireless-N Dual Radio Access Point with 5-Port Switch

Integrating Wireless into Campus Networks

WHG711 V3.20. Secure WLAN Controller

Quick Install & Troubleshooting Guide. WAP223NC Cloud Managed Wireless N Access Point

Welcome. Equipment Set Up Guide

D-Link Central WiFiManager Configuration Guide

OWL630 OUTDOOR ACCESS POINT

Cisco WAP371 Wireless-AC/N Dual Radio Access Point with Single Point Setup

Expected Outcomes Able to design the network security for the entire network Able to develop and suggest the security plan and policy

The network requirements can vary based on the number of simultaneous users the system will need to support. The most basic requirements are:

Security & Management for your wireless LANs. Bluesocket Wireless Gateways

ScreenBeam Wireless display over LAN

Cisco Aironet 350 (DS) AP IOS Software

Policing The Borderless Network: Integrating Web Security

Mobility First How Tomorrow Moves for Education

Grandstream Networks, Inc. GWN76xx Wi-Fi Access Points Master/Slave Architecture Guide

New Windows build with WLAN access

CEEVA-Mesh MR Series

Fieldbus Foundation India Marketing Committee. Fieldbus Foundation End Users Council Conference Wireless LANs in Industrial Environments

Passive Infrastructure Technical Specification. Version 1 / March 14

GFence Integration. with Aruba ALE Configuration guide

Presents...NOC-as-a-Service

Secure Mobility Challenges. Fat APs, Decentralized Risk. Physical Access. Business Requirements

Aruba ACMP. Aruba Certified Mobility Professional

BW1330. High Performance Hotspot Access Point

Bring Your Own Design: Implementing BYOD Without Going Broke or Crazy. Jeanette Lee Sr. Technical Marketing Engineer Ruckus Wireless

MR Cloud Managed Wireless Access Points

NexGen Solutions Education Guide

GWN7600 Firmware Release Note IMPORTANT UPGRADING NOTE

Ubiquiti UniFi AC Dual-Radio Access Point with 1300Mbps / 600ft range / 24V Passive PoE

Voice over WLAN Introduction

Integrating Meraki Networks with

Transcription:

Document Information: Document Title: WiFi On The Move (OTM) Tech Spec Document Version Date: 17/07/2017 Prepared By: Joe Nicastro Preparation Date: 02/06/2017 Document Version No: V 1.1

Content Document Information:... 1 1 Introduction... 3 2 Solution Overview... 3 2.1 Capabilities... 3 2.2 Coverage... 4 2.3 Landing Page... 4 3 Solution Options... 4 3.1 Internet Access... 5 3.2 Corporate Access... 6 3.3 Wi-Fi Landing Page... 7 4 Service Overview... 8 4.1 Service Request... 8 4.2 SLA... 9 5 Why Us... 9

1 Introduction There are over 76,000 staff that work directly at Heathrow Airport. Together they look after 75 million passengers a day across 1227 Hectares. Yet most staff who require access business applications to perform their work are confined to workstations and physical locations. With Commercial Telecoms Wi-Fi OTM, your staff can spend more time in front of passengers, work at the point of service and outside the boundary of a retail shop. It gives you a simpler way to build a foundation supporting enterprise-wide policies, strong security and enhanced user experience. For companies looking to introduce Machine to Machine (M2M) communications or Internet of Things (IoT) to support enhanced automation and self-service, Wi-Fi OTM will enable these new capabilities across the Heathrow estate. Wi-Fi Landing Page is an optional service that compliments Wi-Fi OTM. It allows you to take ownership of your Wi-Fi landing page to display customised messages to your target user groups. Your users can identify your network and are prevented from accidently logging into spoof networks. 2 Solution Overview Wi-Fi OTM / Landing Page is a policy and guest management platform, a component of the Heathrow WLAN infrastructure that lets you create and enforce policies that will extend across to devices and applications on your corporate network. It compliments the existing private SSID service available in Tenants demised areas. The service uses the Aruba ClearPass technology, for authenticating IT-provisioned and personal/guest mobile devices to securely connect to any network 2.1 Capabilities Wi-Fi OTM service allows device-based network access control for staff, guests, passenger and contractors across any wired, wireless and VPN infrastructure. You can have granular control over your network to provide access based on the device type, location, time of day, user role or a mixture of these. Secure and manage all your devices Ideal for handling large-scale mobile device deployments, WiFi OTM & LP lets IT securely connect devices to an Internet or Corporate network allowing connectivity to your devices whenever, or wherever you are. Auto sign-on and you re good to go Instead of a single sign-on, which requires everyone to login manually when they associate with the Wi-Fi network, WiFi OTM remembers your network login and automatically authenticates users to their mobile apps so they can get started quicker. Secure wireless network access for guests and their mobile devices Self-service guest access that s tailored to your organization s needs. mplest, most customizable visitor management system for wireless and wired.

2.2 Coverage Wouldn t it be nice if your Wi-Fi could work like cellular roaming, if users could just power up their device, and get online anywhere across the Heathrow estate? Our service makes this possible; users can also connect in problematic areas such as Head of Stands, and Check-In, where current SSID restrictions do not allow multiple airlines to connect to their service, and improve roaming capabilities across the airport without the need of deploying multiple SSIDs. 2.3 Landing Page Landing Page offers Airport Tenants the ability to have specific web pages hosted by Heathrow on your behalf to support a range of use cases for your Heathrow provisioned WLAN services, from Captive Portal to Guest sign on and presentation of Terms and Conditions to your Guest users. 3 Solution Options WiFi OTM is available as two options. 1. Internet Access 2. Corporate access Service Element Internet Access Corporate Access Authentication Automatic Reassociation Wireless Bandwidth per device MAC address Yes, within Terminal 5Mbs user name password (802.1x) Yes, within Terminal/apron 5Mbs Wireless Band A/G/N/AC A/G/N/AC Wireless Channel SSID Coverage All (outside limited to 3 on5gig) _Heathrow Wi-Fi, CT_Roaming Everywhere above SSID exists All (outside limited to 3 on5gig) "CT_Roaming" As Requested Service Straight to internet Customers VPN Backhaul lines Generic HAL BB 100Mb Customers BB (BT or HAL) Splash page None Available option

3.1 Internet Access This option provides for devices to connect to any Heathrow public Access Point and connect to the Internet automatically using a preprovisioned profile based on device MAC address. There is no need for a detailed network design to be done. Devices that that you would like to provide access to will be added to the ClearPass appliances via a formalised request process and tested thereafter. Example use case: - Engineering teams requiring internet access to support their Airport wide work An airport flow and logistics systems company operating bag drop facilities at Heathrow Airport, referred to as Auto Bag Drop (ABD), now have facilities allowing passengers to check-in baggage themselves by scanning their boarding pass and placing their luggage on the unit s conveyor belt, where a check of the bag size and weight is carried out. A requirement for internet access for handheld devices for staff was a perfect opportunity for a solution like WiFi OTM to establish connectivity for the customer. The service allowed them to have a wireless internet only service providing up to 20Mbps per user. This was achieved by applying a MAC authentication check to the existing Heathrow public Wi-Fi SSID in the following manner: MAC addresses of the devices were supplied to Commercial telecoms MAC addresses are added to a whitelist hosted on the HAL ClearPass servers User connects to the specific Heathrow Wi-Fi SSID The WLAN controller forwards the device MAC address to ClearPass ClearPass checks the whitelist and if the device matches it will be redirected onto a separate VLAN which will direct user traffic out to the internet via the HAL broadband circuits. If the device is not in the whitelist it is directed onto the existing WLAN VLAN(s) as normal Design topology Aruba Controller Clearpass Server LHR6198wana-d1 Gi8/0/33 Gi9/0/33 T5 Access Layer VLAN 799 or 801 to controller WANAGG Distribution Switch CORE Distribution Switch VLAN 969 LHR5836wana-d2 Gi8/0/33 Gi9/0/33 LHRBB VLAN 911,916-919,933,955,2045,2048,2049,2145, 2148, 809,818,859,869, 2022,2025,2044, 2046,2047,2146 Arqiva Routers Internet _Heathrow Wi-Fi SSID Public area AP s TERM Distribution Switch Internet Fibre - Trunk link UTP BAA/Customer responsibility demarcation

3.2 Corporate Access This option provides for devices to connect back to your Corporate Network at Heathrow, and will require you to have a Managed VPN/VLAN from Commercial Telecoms to in place. A detailed network design is required, which will take into account your specific security and access requirements. Example use case: - Airport staff that have handheld scanners that need connectivity back to corporate application Airline staff became the first customers of a new common SSID service CT_Roaming for their handheld devices in Terminal 2 which are logically placed onto an existing Broadband VLAN that is used for the Airline staff and lounges. Wireless access will be via existing access points installed in T2A and T2B which will have the CT_Roaming SSID deployed. The wireless controller will place the airline handheld device(s) into the right role once the enforcement service is sent from ClearPass policy manager based on certain matching attributes. Use of a username and password configured on the ClearPass policy manager as part of the enforcement attribute and network access control. Staff will now connect to the new common SSID called CT_Roaming which most if not all new wireless customers have to connect to. Segregation from other custom users of CT_Roaming will be achieved by each customer having dedicated Vlan (LAN/WLAN) and ClearPass unique username and password per customer.

3.3 Wi-Fi Landing Page With WiFi Landing Page we give you the opportunity of giving your Wireless service a professional, secure front door to your customers. A Captive Portal (Splash page) will allow customers to have internet access at designated areas such as lounges and retail units with a fully branded landing page. A suite of customizable options is available for businesses at Heathrow for; Hosted landing pages for your Heathrow wireless solution Personalisation of standard pages or your own HTML to identify your business and your Wi-Fi network Ability to present terms of use and fair use policies Capture user information for marketing purposes (in compliance with legal and data protection act) Optional bespoke HTML/CSS development for your pages There are certain constraints to the service which are outlined below, but our dedicated team will be able to define exactly what is required and concur with you the most feasible solution: Wi-Fi landing page is an optional service that complements Heathrow s Wireless LAN and broadband solutions ze limitations for pages apply Comes with unbranded HTML pages with light customisation. Full customisation available on request Ts & Cs, vouchers etc. presented at the time of access Session restrictions apply 3 as default Supported scripting none allowed on server side MAC caching for 24 hours No bandwidth limitations

A simple topology diagram of the WiFi Landing Page solution is shown below: Aruba Wireless LAN Controller Radius Traffic (MAC Caching) Management WANAGG Distribution Switch Data CORE Distribution Switch Customer BB Router Guest Portal Access ClearPass Access Switch TERM Distribution Switch Internet Aruba AP Guest SSID Guest Device 4 Service Overview The ClearPass infrastructure is managed and supported by an on-site 24/7 network team, and securely housed within 2 Data Centres and on the Heathrow side of the network will connect to the WANNAG infrastructure. This allows the connectivity to the external sources and the Wireless Controller for WLAN service. All end user devices can connect to the same SSID and segregated into separate VLANs based on role. The client traffic is tunnelled to the wireless controller. Each authenticated device has a separate encrypted connection to the controller. 4.1 Service Request Any requests for the WiFi OTM solution must go through the Commercial Telecoms route, and customers may contact the following in order for their requests to be processed: Email: - heathrow@sita.aero Phone: - 0208 745 6565 Address: - Meridian First Floor South Compass Centre Nelson Road Hounslow TW6 2GW

Once we have received the approval to commence our specialised solutions team will be ascertain your requirements and refine them to your needs in a specific design allocated to your request. General information from the customer is obtained such as: Brief description of requirement Areas / Location Number of users Any existing network configuration details, ie VPN / Broadband / VLAN 4.2 SLA Wi-Fi OTM Down for all Targets Down for some Down for one Response 30 mins 2 hours 2 hours Remote fix 2 hours 2 hours 4 hours Replacement 4 hours 4 hours 4 hours 5 Why Us Applications can stay connected always mple flexible data plans with a minimum commitment of only 6 months Add and remove devices easily 24X7X365 on site airport based support Integrate into you Heathrow based VPN Ability to provide custom splash pages at additional cost

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback