Features

Gone are the days of the metal clipboards attached to hospital beds. Today, doctors and nurses often use portable laptops and PDAs to obtain patient records and diagnostics, and hospitals are researching wireless network infrastructures that can support flexible voice and data applications. Willis-Knighton Health System, an expansive four-hospital system in northwest Louisiana, with nearly 5,000 employees, is one of those hospitals. Willis-Knighton is implementing a comprehensive campus-wide wireless solution. The initial use is for wireless phones but, in the future, the network will be utilized for electronic medical record access and patient diagnostics.

“Our goal is to incorporate our existing wired network with our wireless network to have the best of both worlds, with minimal initial investment and site disruption,” says Cody Adams, network coordinator for Willis-Knighton, whose main focus is network infrastructure, and wireless research and implementation throughout the campuses.

The four campuses that make up the Willis-Knighton network are located between seven to 13 miles apart. The North Hospital is made up of five multistory buildings, including the main network building, Steen Hall Eye Institute, which houses the data center and demarcation for all the hospitals. Willis-Knighton South Campus, the first of its satellite hospitals, houses multiple buildings and an off-site disaster recovery center. Willis-Knighton Bossier Health Center and Willis-Knighton Pierremont Health Center will be the last two to join the wireless network.

Currently, the hospitals, which service three states, are connected over asychronous transfer mode (ATM) with a synchronous optical network (SONET) backbone. There are four Gigabit Ethernet and two ATM core switches between the north and south campuses. The backbone will be switched over to IP over SONET in the near future to allow for multigigabit throughout the hospital network.

Adams selected a centralized wireless solution from Ortronics because it easily integrates into the existing Ortronics structured cabling system that connects the Willis-Knighton network. “Because the wireless network is connected through the cabled network, we can seamlessly incorporate the new technology without hindering anybody or any service during the transition,” he explains.

Cabling network in place
The network demarcation is the North Campus and everything collapses back to the fourth floor data center in Steen Hall. Fiber-optic cables are used as the backbone between the telecom closets on each floor of each building. The horizontal distribution from closets to workstations for both phone and data is over CAT 5e. “At the time we cabled our hospitals, the standards for CAT 6 were not ratified and CAT 6 was not certified to 100 feet, so we installed CAT 5e, as it meets our gigabit requirements,” explains A dams. All the cable is terminated to Ortronics Clarity CAT 5e patch panels.

Before installing a campus-wide wireless network, the hospital first tested a system that utilizes “fat” access points. This system proved to be time consuming, since each access point had to be individually set up and run on a separate physical infrastructure, making the control of security difficult.

“With this system, it took me an hour to get each access point programmed and then touch every computer to control the securities,” says Adams. “Not only was this time consuming, but the coordination of the installation and blending into our current network was not feasible, as we planned to expand our wireless system between the four hospitals.”

The Ortronics centralized wireless solution controls security, management and all wireless traffic from one location–in this case the North campus data center. The “thin” access points (APs) act more like a cell tower, or antenna, and all users are tunneled back to the controller.

Selecting the location of the main and local controllers was predetermined to follow the physical and logical layout of the cabled network. “It is almost as simple as installing a patch cord into a patch panel since the cabling is already in place through our existing network. The controller is then preprogrammed to provide a single point of administration,” comments Adams. “As a result, we do not have to touch our access points once they are installed, and can better control our policies relating to security, user roles and even for future software upgrades.”

The first phase, which is now completed, included the deployment of the main master wireless controller and two local controller units in the north main campus in Steen Hall, with thin APs, also known as Wi-Jacks, installed around the five-building campus. The next phase will include the installation of a backup master controller in the disaster recovery center in the South Shreveport Medical Plaza, as well as two or three local 16-port controllers. The Bossier campus will also have two or three local 16-port controllers, whereas Pierremont will have two local 48-port controllers. All will have multiple access points.

network intelligence
“Communication will be minimal between the properties, as the only time an access point needs to communicate with the local controller and verified back to the master controller is when booting up,” explains Adams, “The backup master controller set at the disaster recovery center will seamlessly kick in if any system goes down at another hospital.”

The wireless controller provides the intelligence to the wireless network. It configures the APs and handles the important issues of encryption, security, firewalls and management of the RF spectrum. The controller is administered using proprietary network software.

The Ortronics wireless network software is programmed through the controller to provide sophisticated monitoring and control of the wireless network. The controller supports virtual private networks (VPN), as well as automatically detecting and disabling rogue APs to thwart hackers and viruses, utilizing the onboard intrusion-detection system.

“In our network environment, we decided to locate our controllers in the main telecom closets, due to the demanding bandwidth requirements,” notes Adams. “This also provided physical security to keep this device in an area where IT has charge over it.”

As with any infrastructure upgrade, planning was critical, especially for the setup of the controllers and locations of access points near important user areas. Key considerations included: number of simultaneous users, building dimensions and layout, coverage requirements, data rates, future expansion expectations and the security standard selection for end-user devices.

Each network device has a MAC address, automatically assigned by the manufacturer. When booting up, the computer has to communicate via the wireless card (or NIC) to the local controller through the AP to gain access to the system.

“Because of the centralized control features with these thin access points, compared to the old fat access points, all securities and policies are assigned centrally and authorized from one main location,” states Adams. In addition, upgrading security for the infrastructure can be done seamlessly by changing these functions through the controllers.

establishing the access points
Ortronics’ technology for location of APs is based on grid points. The locations of the grid points are dependent on the concentration of users in a specific grid area, as well as the applications and bandwidth being used. Each controller supports up to 48 APs and hundreds of end-users.

For coverage, Willis-Knighton estimated approximately four to six users for each AP. As an AP becomes overloaded, the controller can prevent additional users from associating to the overloaded AP and instead allow them to associate to an underutilized neighboring AP. Currently, nurses are using the majority of APs for voice, but applications will be expanded to data for laptops and PDAs in the near future.

Willis-Knighton selected Wi-Jack/SA wireless wall outlets and installed them a foot below the ceiling level. The outlets are a standalone version allowing wireless connectivity for multiple simultaneous users. “Installing these APs high up seems to give us better coverage, due to the lack of obstructions, such as chairs or cabinets,” comments Adams.

The outlets are cabled back to the patch panels and then terminated into a power-over-Ethernet (PoE) injector or PoE switches. From there, the AP is connected into the existing network infrastructure and tunneled using virtual LANs until ultimately connected to the wireless controllers located in the main distribution frames.

IEEE 802.11 standardizes the Ethernet performance of wireless systems, which are available in three versions, each highlighting different spectrums and frequencies–a, b and g, and defined as follows: 802.11a, 54 Mbps in 5.8 GHz band; 802.11b, 11 Mbps in 2.4 GHz band; and 802.11g, 54 Mbps in 2.4 GHz band. The main differences are how each handles security, radio frequency management, performance and scalability. By entering different data rates and types of APs (802.11a or b/g), users can dynamically see expected coverage zones and determine how many APs are needed to meet capacity levels throughout a building.

“After we assessed and deployed our APs, we selected 802.11g as our frequency, as most computers are outfitted with a compatible wireless card, while selecting ‘b’ for the phone frequency,” states Adams. “This would normally be a concern with rogue users in a fat access point environment, but because all users need to be authorized by the controller, this was not a concern. The wireless controller automatically sees the mapping and detects the channels to use an AP without interfering with neighboring APs.”

In the future, he plans to switch to 802.11a, where more channels are available. Then, the APs will be able to communicate at a higher power using overlapping channels, thus getting better signal coverage.

policies and security
Policies are set up through the main master controller, which governs and verifies applications for each wireless user. Adams and the IT department are currently writing the policies to tighten the roles of each user. For example, doctors might be allowed extensive access to the internal patient database system and mail server, as well as prescription capabilities and pulling up bandwidth-intensive files such as x-rays and diagnostics. Nurses, on the other hand, might only need access to the intranet for mail and the patient database.

“Through the controller, I can modify and change the configurations to match our environment,” notes Adams. “We constantly test our security policies by using a laptop to try to sniff and sometimes hack into our own network. A major benefit with this type of wireless technology and topology is that you are not allowed to communicate from one wireless computer to the next without going through a central controller. Therefore, this entire setup is based on policies that we have programmed.”

The service set identifier (SSID) in the Ortronics wireless system acts as a network name to distinguish one WLAN from another. Multiple SSIDs can be installed within the organization, one for employee access and one for limited guest access to the Internet. The SSIDs and the associated security and RF-configurable parameters are also controlled from one location without having to make any changes to the APs.

“When all the policies are preconfigured in the future, doctors will be able to come on-line as a ‘guest’ and be redirected to a security site to obtain a certificate. This certificate would be approved by one of our data-processing centers,” Adams explains. “Once approved, they can connect their laptop using SSL (secure sockets layer), a protocol for transmitting private documents over the Internet. Using this SSL certificate, they will be allowed to connect to our network and to the secure services that they need.”

Willis-Knighton plans to continually expand its deployment and usage of the wireless system. “We would like to eventually implement wireless for all phone and data applications, but we need to make sure that there will be no bandwidth restrictions and also make sure our securities and policies are in tact,” notes Adams.

Carol Everett Oliver, principle of Everett Communications, is a freelance writer for the cabling industry. She can be reached at coliver@everettcom.com.