Secure Wireless Backhaul
The Wireless Networking Landscape
A department in the Canadian Federal Government had a security requirement for a large amount of data to be networked as part of a new surveillance and monitoring system. Engineers working on the project were tasked with finding a solution that was cost effective, provided adequate throughput, and met the strict security requirements of the federal government. This paper tells the story of how the right combination of experience and equipment led to the successful deployment of several wireless backhaul links in a city environment.
The Canadian Government is a large and experienced purchaser. In 2004 they issued more than 42,000 contract documents worth a total of $16.8 billion. Of that budget, over $500 million was devoted to IT services such as; messaging services handling some two million messages per month, mobile and fixed satellite services to 30 departments across Canada, and telecommunications network services to virtually all departments and agencies in the government. The Canadian government lists security and privacy as key priorities in all of their IT services.
A large amount of data for a security system covering multiple branch locations needed to be linked to a central command centre. The high-bandwidth data consisted of the following applications:
Live feed from high-resolution video cameras
Pan, Zoom, Tilt control for video cameras
Motion Sensor reporting
Smoke Detector and Fire Protection System feedback
The primary requirement for this project was a solution that had the required security to handle a large amount of sensitive data. In addition to the security requirement, the solution needed to guarantee the required real-time throughput for all applications, during all environmental conditions - even a Canadian Winter. The engineering team working on this project had to find a solution that was:
Along with the installed network, the customer requested a detailed system performance report clearly demonstrating that the system capacity was met.
Easy to Install
The team working on this project first compared the cost of leasing a line from a telecom carrier with the cost of purchasing wireless backhaul equipment. Examining the primary requirement - security- the wireless solution presented many advantages over a leased line. By purchasing a wireless system, the government would have complete control over the network and would be able to achieve 100% isolation from; other government departments, public carriers, the Internet, and even their own internal network. Although wireless backhaul systems operate on the unlicensed spectrum, proprietary transport protocols make the unwanted interception of data almost impossible. For increased security the data can be further encrypted using AES or other encryption methods. Taking cost into consideration the team determined that a leased line would cost approximately twice as much per month as the entire wireless system would cost to purchase. Purchasing the equipment would be a one time expenditure and would give the user complete end-to-end control of their network. Since broadband wireless equipment operates in the unlicensed radio spectrum, no registration is required to operate, and radio deployment can be completed in hours. Comparing the wired vs. wireless options, it was easy for the team to see that the best solution, taking into account; total cost, ease of installation and security, would be a wireless backhaul system operating in the unlicensed band.
EION Wireless was selected as the equipment provider for the backhaul requirement of the surveillance and monitoring network in cooperation with partner, FirstComm Wireless. EION Wireless is a global provider of broadband wireless equipment and has a strong reputation for supplying rugged wireless solutions. EION has a deep knowledge of wireless networks and possesses the technical competency required by the government to provide and qualify the network. The network would need to backhaul data from three branch sites to one central command centre located in the downtown core. Detailed site surveying confirmed that it would be impossible to transmit data directly point-to-point to each branch site, since high-rise office buildings in the downtown core were blocking the line of sight. A plan was developed placing the radio links avoiding this area. This plan, shown in Figure 1, routes the data from sites 1 and 2 through site 3. Two products from the EION Rugged Wireless Communications
Solution were selected to accomplish the communications tasks; two pairs of EION Ranger 5110 for the lower bandwidth links and two pairs of EION Ranger 5050 for the high capacity links. The EION Ranger 5110 is a complete and robust wireless 5.8 GHz Pointto- Point system that provides a transparent Layer-2 bridge to link two points. Each unit consists of a high-gain antenna and radio integrated into a rugged outdoor enclosure delivering 23 dBm of power to the antenna. Because the radio is located next to the antenna, extending the Ethernet cable does not affect the operating range - simplifying deployment options. EION’s Ranger 5050 Wireless Bridge is capable of delivering up to 28 Mbps of throughput with a range of up to 15 km. This range can be further extended by the use of external antennas. Multiple security mechanisms built in to the unit protect enterprise privacy. The Ranger 5050 incorporates hardware and software features that reduce labour costs associated with initial deployment and post-sales maintenance. Temperatures in the installed region can regularly fall below -30° C in the winter, making a robust solution very important in this project. The Ranger 5050 and Ranger 5110 are both engineered for rugged and reliable outdoor operation.
Prior to installation EION performed extensive testing in order to be confident that the customer would be presented with a complete working solution that satisfied all the requirements of the project. The results of these tests have been published in a separate EION report titled ‘Performance Study: Ranger Wireless Bridges.’ Before delivery, all equipment was pre-configured in EION labs to allow for straightforward installation on-site by FirstComm Wireless.
FirstComm Wireless prepared the sites with pole mounts for the radios using different configurations, including non-penetrating roof mounts depending on the building requirements. Special permission had to be obtained by the installation team to access the roof of each building. This approval process ended up being the most time consuming portion of the installation and the limiting factor in the installation timeline.Once the sites had been prepared, it took approximately two hours to install each Ranger unit, fine-tune the frequency, channels and antenna alignment for optimum operating efficiency. During the installation the Ranger 5050 links encountered some initial interference due to existing 5.8 GHz equipment operating in the area. This issue was easily resolved by configuring the Ranger 5050 links to transmit at a frequency not occupied by the interference.
In qualifying the network for the customer, EION exceeded the specifications, delivering 24 Mbps TCP/IP throughput for each Ranger 5050 link and 13 Mbps TCP/IP throughput for each Ranger 5110 link.
EION equipment was able to fully satisfy the security, bandwidth and reliability requirements of this project; with the flexibility for future expansion of the network. The Canadian Government was provided with a secure, rugged wireless network that is fully operational in all environmental conditions. EION provided the professional services required to prepare a detailed performance report that confirmed all of the project requirements were met. The expertise that EION brought to the project meant that the right equipment was selected and pre-configured for straightforward on-site deployment.
Ranger 5050 and Ranger 5110 met the needs of the project
System is fully scalable for future growth
EION Professional Services provided key information and support
FirstComm & EION partnership resulted in customer satisfaction