Technology Strategy

From OpenCommons
Jump to navigation Jump to search


Wireless
Wireless
Sectors Wireless
Contact David Witkowski
Topics
Authors

David Witkowski.jpegTony-batalla.jpgEssam El-BeikOC.jpgBennyLee.jpgBillPugh.jpgSteve Wimsatt.jpeg

A variety of technology decisions need to be made to effectively deliver good Public-Wi-Fi service, while supporting the current and future applications that cities and towns are seeking to deliver.

While Wi-Fi itself is well understood and widely deployed, modern Public Wi-Fi deployments, which are often outdoor and in locations where there are no pre-existing networks, can be more complicated than traditional in-building networks. As a result, cities planning Public Wi-Fi deployment will likely need to support a growing range of new applications and face many technological decisions in the process.

It must be stressed that cities should develop an overall strategy to guide their Public Wi-Fi deployments. The objectives of any city or municipal Public Wi-Fi network are to improve the quality of life by increasing or expanding public services, improving city operational efficiencies and sustaining the long-term growth and development of the city. However, to do this effectively, cities need to have a clear idea of what their own goals are and what they are trying to achieve. In addition to driving the initial design and technical decisions, it can serve as a driver to align stakeholders across the city, build support for the plan, and provide a baseline to measure whether the Public Wi-Fi effort is successful. An effective strategic plan and policy development process should include the following stakeholders:

  • Citizens, whose needs must be fully understood and who will need to utilize the Public Wi-Fi network in order for it to be successful
  • Representatives of multiple city departments including planning, IT, security, public safety, transportation, recreational services, water and waste management, public works and others. Any of these groups may have unique ideas or requirements that can increase the value and utilization of the network. If a city has a security/cyber security team or expert, they should also be included.
  • Businesses and the local entrepreneurial community, who can be sources of funding and new technology as well as potential sources of specific expertise
  • Colleges and universities who may have (or can provide) research and expertise on smart city applications and emerging technologies. In many cases, local colleges, as well as K-12, may have significant interests in supporting Public Wi-Fi networks jointly with local municipalities.
  • Partner organizations such as downtown districts, Business Improvement Districts, Chambers of Commerce, etc. who have a vested interest in public attractions and economic development strategies that involve Wi-Fi as an amenity.

Cities and their stakeholders need to agree on what they really want to achieve to drive the planning and design process. Key elements to consider include:

  • Target performance for Public Wi-Fi. Public Wi-Fi needs to meet or exceed minimum user expectations, or there is a risk that they will not use the network. Each city should determine what this minimum requirement is, and also, how it might change over the life of the network. Reported minimum performance targets vary greatly from as low as 500 kbps to as high as 25 Mbps or more. The right answer will be a function of end user expectations, city budgets, expected use cases, and anticipated concurrent user levels. Some cities aim to deliver relatively higher performance to encourage more end users and city departments to leverage the network.
  • Bandwidth shaping or rate limits. One way to manage costs and help ensure a consistent end user experience is to implement rate limiting to limit maximum speeds and prevent a handful of users from using excessive amounts of your network capacity. This can be a strict rate limit or could be implemented by not allowing certain applications, especially video streaming, over the network. Bandwidth shaping is another technique that allows some flexibility by allowing surges of throughput to help, say download large files while preventing sustained high utilization. Suffice it to say that there are tradeoffs when limiting usage, such as risking user dissatisfaction. Agencies must decide for themselves what appropriate bandwidth limits are. (For the purposes of this blueprint, the discussion of “rate limiting” applies solely in a situation when used by a public agency that is deploying a free, Public Wi-Fi network under their control. When used by internet service providers (ISPs), bandwidth shaping and other throttling techniques can be construed under the terms of what’s called “Net Neutrality.” The authors of this paper are in no way making a commentary on this topic although, in general, we support the vision of a free and open internet.)
  • Service tiers vs. the same standards for all users. Most cities prefer offering the same service to all Public Wi-Fi users, not offering any premium service levels. This avoids any complaints about how tax dollars are being spent and is the simplest model to implement. Cities should be aware that many private/for-profit Wi-Fi service providers offer multiple tiers to generate income from the network, which could be an option if a city or town needed help funding the service. Also, note that cities may implement separate WLANs over the same Wi-Fi infrastructure to provide different service levels to city staff and departments. These private WLANs may each have their own target service levels.
  • Time of day usage. With most Wi-Fi solutions, it is possible to set ‘time of day’ policies which may, for instance, turn the Wi-Fi on or off at certain hours. This can potentially be a useful mechanism to avoid attracting people to, say, a park during hours when it is closed, or to prevent loitering in particular areas late at night. However, it is up to each city or town to determine whether and how to implement such capabilities. Questions such as ‘is it fair to cut off Wi-Fi if people are depending on it?’ and the need to have communications in place in the event of an emergency should be discussed prior to implementing any time of use restrictions.
  • Customer support. Once a city invests in Public Wi-Fi, it is important to ensure there is adequate support so that people are able to connect and use the network. Cities provide varying levels of support, from simply providing it “As-Is” to offering a 1-800 customer support hotline to hosting Wi-Fi training sessions in community centers and libraries. Some cities believe that enough people know how to use Wi-Fi that no additional support is needed, especially if it is offered as a free service. In any case, we’ve found that, over time, actual support requirements appear to be relatively low, with bursts of support needed when something goes wrong. Thus, cities may want to consider offering and promoting some basic level of end user support and training as an additional public benefit and way to promote the system. As an additional step, smaller cities could team with each other or with a provider to share the costs of a single customer support facility.
  • Organizational involvement. Public Wi-Fi requires both an upfront investment and ongoing network management and access services. Cities should define the roles/participation of key departments including who owns and operates the network as well as who service level agreements (SLAs) for internal and external usage. Ideally cities should have strong, top level support to ensure all stakeholders are aware of and benefit from the Public Wi-Fi investment. Cities should also acknowledge up front that the costs and benefits of the Wi-Fi network may not align within traditional organizational structures, i.e. one department may fund the network while other departments may gain significant benefits. There is no one solution to manage this, but cities should be aware of the issue upfront and determine how they will resolve any disputes.
  • Privacy / Security. Cities should consider what steps, if any, they wish to take to address both privacy and security. Generally, cities avoid collecting or retaining any personally identifiable information, but it may be useful to spell out exactly what information they may collect and for what use cases. Similarly, Wi-Fi networks can be wide open or tightly secured, all depending on how a city wants to manage it. In many cases cities leave their networks open and leave it to the end-users to implement their own security via a VPN or similar technology. Newer deployments typically try to offer some level of encryption as Wi-Fi becomes more widely used.
  • Own & Operate, or Managed Service? Public Wi-Fi is a well understood technology/application, and is not especially complicated or labor intensive to manage. However, municipal IT staffs are often fully loaded on existing projects and may or may not have the required wireless and RF skills needed to design, deploy and operate outdoor Wi-Fi. Thus, cities should consider their core competencies and whether they want to manage the network internally or hire an outside resource. They can hire systems integrators (SI) or managed service providers (MSP) for any or all of the major activities related to Public Wi-Fi, including planning and design, deployment, and ongoing network operations. Many SIs and MSPs will work with and train city staffers as needed to utilize them for things like onsite deployment and maintenance when that can lower cost and leverage an existing city work force.
  • City-provided Wi-Fi vs a 3 rd party network. Many cities allow 3rd party network operators, including traditional service providers as well as focused Wireless ISPs to deploy and operate a Public Wi-Fi network in the city. These networks may be paid for via premium service fees and advertising, or may be offered as a brand-building opportunity to attract and retain customers. This can be an attractive option from a funding perspective as there is no upfront cost to the city. However, there are tradeoffs, such as: the city may not have access to the network for additional use cases (e.g., a secure network for public safety); the network may only be deployed in parts of town that are attractive from a commercial perspective (i.e., some residents may be left out); and cities will likely not have any control over the branding and marketing of the network – it will be associated with a for-profit provider. Cities should certainly be aware of these 3 rd party options and consider them, but in the process they should understand the cities own needs and be aware of how, or if, a 3 rd party network is consistent with meeting those needs. In some cases, cities will want to maintain some level of control, or specify some level of city access to the network.
  • General infrastructure policies. As Public Wi-Fi and other Smart City applications become more widespread and expected capabilities, cities should also consider longer term policies that will streamline and enhance their ability to roll out and expand these services. Policies such as Dig Once, where the city deploys fiber and or conduit whenever they dig up a street can position the city to move much more quickly when they want to add services. These discussions will need to part of a city’s overall planning process for fiber optics and other utilities.

Authentication, Security and User Experience

While today’s Wi-Fi user experience is familiar to millions of end-users worldwide, it requires end-users to select an SSID and typically go through a captive portal experience before getting connected. This extra step can potentially reduce Wi-Fi usage, and consequently the value of the Wi-Fi network.

Understanding the tradeoffs between different authentication options can help cities to determine the appropriate services for their town.

Helpful Key for Understanding Authentication Types
Authentication-> Can Be:
Technical method to access a network/system. Open (i.e., no login required) Closed (i.e., requires some form of login)
Pros Cons
Open Can be perceived as easier to log in, thus increase usage . Makes it easier to hack (i.e., for someone to spoof the network); less ability to tailor service levels .
Closed City knows who is on network, can assign different policies based on role/device. Can could deter some users and raise privacy concerns.

As there are several different authentication options available in modern Wi-Fi systems, selecting which is appropriate can be a daunting task. This section will go into these different methods and the tradeoffs with each in much more detail.

Open Network: In an open network, the Wi-Fi is configured with one or more open, unsecured SSIDs. Any end user can simply connect to that SSID and have full network access. This is a low cost, easy to deploy solution that some believe can increase network usage by removing any obstacles to getting online. However, it has a number of drawbacks. Most importantly, there is no way of knowing who is on the network (which is, in fact, illegal in some countries, although not in the United States). Open networks do not encrypt end-user traffic so they are more vulnerable to snooping (Snooping is the act of using software to capture traffic (i.e., packets) to inspect for sensitive information, such as usernames and passwords.) . It’s much easier for someone to see what unencrypted web pages are being visited, what someone is typing into unencrypted web forms, and even see which encrypted websites someone is connected to. For example, someone can see if you’re connected to your bank’s website (although if the site is encrypted they may not know exactly what you are doing; but just knowing is concerning for many people).

This was illustrated most sensationally with Firesheep, an easy-to-use tool that allows people sitting in coffee shops or on other open Wi-Fi networks to snoop on other people’s browsing sessions and hijack them. More advanced tools like Wireshark can also be used to capture and analyze traffic.

Networks that re-direct end-users to a captive portal and ask them to accept an End User License Agreement (EULA) or Terms of Use do not solve this challenge. In fact, they are still open, unencrypted networks.

Captive Portal Authentication: This is another form of open network except that the city or network operator has some form of end-user authentication. This could simply be a social network identification (Facebook is the most popular authenticator, and is used as much as 85% of the time), or could be a credit card or other form of payment. Simply adding an authenticator does not provide encryption, so the end-user still needs to use caution, and ideally a VPN, when connecting. However, authenticating, especially against a source such as Facebook, can be very useful to the operator in that it allows them to build up a list of network users for future marketing or outreach campaigns. Cities and their residents tend to be sensitive about end user privacy, so clear policies will be needed, but this can be valuable data to a municipal economic development agency.

802.1x: This is a strong form of security that typically has rigorous end-user identification and also encrypts all subsequent traffic. 802.1x is extremely secure, and does not allow any network access until after the end user is authenticated and a tunnel is established from the end user to the access point, protecting the wireless portion of the connection. From the AP, traffic from each end user can be directed to specific VLANs based on their user-or group-specific policies. For instance, a resident or visitor might be placed in a specific VLAN which only allows them to access the internet. A city employee may go to a different private VLAN, which gives them access to the city’s internal network. (A “VLAN” is a virtual local area network and is used in network design and engineering to distinct network segments.)

802.1x is a proven and widely available solution. However, it requires additional IT infrastructure including a RADIUS server that is linked to the back-end authentication server, typically Active Directory. This is a much more complex network setup and, for these reasons, is more expensive to design and maintain. Thus, 802.1x is more commonly on corporate networks than municipal networks.

PKI Certificates: PKI (Public Key Infrastructure) certificates are the gold standard for network security and provide a fully automated and secure connection. Industry standard x.509 PKI certificates uniquely identify an end-user and device, and manage their access to the network and network-attached resources. After a user authenticates their device for the first time, it will then automatically connect to participating networks with a secure, fully encrypted connection, without requiring the user to re-enter their credentials or remember their username/ password.

Not only does this provide a superior user experience, but it provides the network operator with full visibility and control of network users. Depending on what device is connecting, and what initial credentials are delivered, the network can assign that user/device to the appropriate network resources. For instance, a visitor may be allowed access and placed in the general Public Wi-Fi WLAN. If a city employee connects with the same simple login, the network may assign them to a private network with additional privileges. Public safety and other first responders could be identified and given the highest priority network usage. Cities or network operators can even push PKI certificates to ‘headless’ devices such as IP video security cameras and limit their access to sending video to the relevant video management system(s).

PKI implementations, like 802.1x, are require expertise in IT security. As a result, they are far more expensive than other authentication types and are not typically found in municipal government networks.

Hotspot 2.0: HS2.0 is another industry-standard approach that promises to make Wi-Fi roaming as seamless as cell phone roaming. Just as your cell phone automatically finds a roaming partner and securely connects to a network no matter where you travel, Hotspot 2.0 delivers seamless, secure Wi-Fi roaming. It uses PKI certificates to ensure the highest level of security, but Hotspot 2.0 focuses on enabling back-end roaming relationships so that a known end-user can connect automatically, and with approved terms of service, on entirely new networks.

For instance, if the cities of Boston and Cambridge established a Hotspot 2.0 roaming relationship, then their respective users would automatically and securely connect to either of their otherwise entirely separate networks. Hotspot 2.0 literally extends seamless network access across a much larger footprint than any one operator can deliver, and delivers more end-users to each participating network operator.

Hotspot 2.0 ensures more users get connected more easily and with greater security. However, Hotspot 2.0 requires support from both the infrastructure and the end-user clients. While most Wi-Fi infrastructure is HS2.0 capable, only newer, high end devices support HS2.0 . So while cities can plan for HS2.0, they may need additional or alternative solutions in the near term. At the time of writing, there are few if any widespread examples of municipalities deploying Hotspot 2.0 solutions.

Performing a Network Assessment

Before any network planning or design begins, cities should answer key questions related to network scope, size and fit with available network assets. Perhaps the most important question is where to deploy the network?

Here are some important considerations:

  • Focus on dense, high traffic areas, or places where people spend a lot of time
  • Consider business / political perspectives, such where can Public Wi-Fi do the most good? Clearly, there will be a lot of end users in the central business district and major shopping areas, but can it be equally or more important to provide coverage in low income areas where residents may not have any other form of broadband access? Cities can generally identify which areas are or are not served by commercial services.
  • Identify topography and terrain challenges. Consider the environment as it can greatly impact the cost to deploy and cover a given area. Existing terrain maps, GIS and LIDAR 3D mapping services should help cities have a very good understanding of the relative deployment challenges/costs in different areas. At higher frequencies building height and materials affect coverage, but there are software analysis packages with building databases that can help predict problem areas.
  • Develop and utilize a telecom asset inventory showing fiber routes, existing fiber connections, city buildings and any other asset, including streetlights and traffic lights, which could help deploy an outdoor public network. Cities that don’t already have a telecom asset inventory should develop one prior to finalizing designs or plans.
  • Implement a “Dig Once” policy. Digging up a street to lay conduit is expensive. If the street is already opened up for another reason, laying conduit is relatively inexpensive. Dig Once policies add opportunities for future fiber expansion at a fraction of the cost.

Once cities have considered the items above, they can begin to scope out their network and do initial planning and design work. Ultimately, they should conduct a thorough site survey to know how many APs they will need where to deliver target levels of coverage and performance.

In general, our work for this blueprint has found that cities that focus on targeted areas with small- scale deployments are typically more successful. Unfortunately, citywide approaches are extremely costly, mainly because of construction requirements. For this reason, there are not many examples of successful citywide Public Wi-Fi deployments.

A small, initial buildout can be expanded over time as more support and funding becomes available. This

Wireless Technologies

Wi-Fi is one of many wireless technologies that will be deployed in cities and towns to support new and evolving services. No one solution can meet all needs, and as both the wireless protocols and solutions/applications advance, the right mix will continue to adapt and expand. The key differentiators across different wireless technologies are bandwidth, range, cost and power consumption.

Overall Landscape

Helpful Key for Understanding Wireless Protocols
Protocol/Technology Bandwidth Range Cost Low Device Power Consumption
Wi-Fi High 50-100 meters Low High
3G, 4G LTE High 2-3 km High Medium
5G, Millimeter wave Very High 300-400 meters TBD TBD for access devices
Z-Wave, Bluetooth, ZigBee and other 802.15.4 variants Very Low 50 meters Cost Very Low Very Low
LTE-M, LoRa, SigFox Very Low 3-5 km Low Low Very

As you can see, Wi-Fi and LTE are both well suited for general broadband access, and the difference is that LTE is generally deployed via macro-cells with a much larger coverage radius, and it costs more, as each end user needs to subscribe to a plan from service providers who own the licensed spectrum.

The other technologies, which are becoming more common with internet of Things (IoT) deployments (and this is only a sample) serve very different use cases. Millimeter wave is essentially an alternative to fiber. It can deliver multiple gigabits-per-second (Gbps means “gigabits-per-second” and is a benchmark for high bandwidth systems) of throughput but only for a short range and only between two millimeter wave radios. It offers a way to deploy fiber-like network speeds without the cost or complexity of deploying new fiber, which can require digging up streets and sidewalks. Fiber is almost always the ideal solution from a performance perspective as it is a physical layer that can be upgraded to deliver more bandwidth as needed by adding new electronics on either end, but sometimes it simply isn’t feasible from either a budgetary or city planning perspective to deploy fiber. In these cases, millimeter wave can be an ideal alternative.

Bluetooth, ZigBee, Z-Wave and other 802.15.4 technologies are all short range, low power wireless protocols. These are widely deployed in indoor setting and increasingly being used outdoors as well. The use case is to connect sensors and other IoT devices that need to be deployed in large numbers, very little bandwidth and are battery powered. In this case, low cost and low power consumption is critical.

Similarly, LTE-M, LoRa and SigFox are examples of long range, low power networks. LTE-M is a narrowband offering that can be delivered over existing, nearly ubiquitous LTE networks, so offers very good coverage area. SigFox is a network operator that pre-deploys its radio technology in a city or region and then sells connectivity for a wide range of applications and devices. Each of these models requires some sort of fee-based subscription. LoRa is a similar technology that may be deployed by either a city itself or by a private operator.

5G will be another option, and is in trials now. However, the final 5G specifications from 3GPP, the relevant standards body, won’t be complete until 2020. When it is ready, 5G will offer very high bandwidth but with relatively small coverage areas per radio, so operators will need to deploy many locations and incur associated site, backhaul and maintenance costs. It’s too soon to know when and where large scale 5G will be rolled out, but some experts feel that it will initially be focused on larger cities where density issues and ‘urban canyon’ effects currently impact service levels for large numbers of customers.

Within this overall landscape, Wi-Fi appears to be an attractive network access solution that also has plenty of capacity to support additional applications including IP Video backhaul. Current 802.11ac Wave 2 Wi-Fi solutions offer more than 1 Gbps of throughput and can be meshed wirelessly to deliver broad coverage areas. Future Wi-Fi solutions, including the upcoming 802.11af and 802.11ax standards, will continue to deliver significantly more bandwidth as well as increased range. Current Wi-Fi deployments are typically planned with a 3-5-year replacement cycle driven primarily by new, high bandwidth use cases such as IP video, augmented reality (AR), and virtual reality (VR).

Wi-Fi Architecture

There are only three main items in the Wi-Fi architecture:

  1. Access Points (APs);
  2. Network and AP Management
  3. Backhaul

Access points

Access points (aka “APs”) deliver the wireless access network to which end-users and devices connect. They are based on IEEE 802.11 standard protocols which are updated every few years to deliver better performance, new features and stronger connectivity. For Public Wi-Fi networks, the key considerations are:

  • Use the most current Wi-Fi standards. To provide the best network performance and highest level of future-proofing, deploy the most current standard of access point.
  • Wi-Fi coverage area. Most APs will offer a fairly similar coverage radius, but since outdoor Wi-Fi often requires costly backhaul and/or site permits, any advantage from stronger RF can lead to significant cost and performance advantages.
  • Ease of mounting. Most cities and towns are proud of their streetscapes and do not want to have a bunch of visible electronics change the look of the town. Smaller physical sizes and especially internal antennas can reduce the visibility of Wi-Fi APs and allow them to be mounted on a wider range of street-level assets.
  • Power over Ethernet. Most enterprise class APs support PoE power, which can be very helpful be eliminating the need to connect to electricity near the AP, or can provide a universal plug in via the RJ45 data port.
  • IP67 outdoor rating. IP67 ratings are based on the IEC standard for “Ingress Protection” and show that a device has been tested to withstand a wide range of physical intrusion and humidity conditions.

Wi-Fi Management

Wi-Fi Management allows an operator to monitor the network, report on performance, update software and update specific parameters on a per-AP or group of AP basis. Most large Wi-Fi networks are managed by a Wi-Fi controller which can be deployed either in a city or operator data center or in the Cloud. The key requirements for cities are to have clear reporting on network usage and performance, and to have easy access to this information via a web-based interface. This can be delivered by a controller operated by the city, or via a controller operated by an SI or MSP.

Backhaul

Wi-Fi performance is ultimately only as good as the backhaul network. In your home for instance, if you’ve purchased a new AP within the last year or two, the wireless performance of over 1 Gbps is likely at least 10-20 times faster than the backhaul connection you have to the network, which in the U.S. is typically less than 50 Mbps. For cities, the preferred and primary backhaul mechanism is fiber. Fiber is essentially future proof and offers excellent performance, but unless it is already in place near any locations where you want to mount an access point, it can be extremely expensive.

One option to help manage backhaul costs is to wirelessly “mesh” your Wi-Fi access points. Meshing is simply connecting the APs wirelessly so that 2 or more APs can share a single backhaul connection. While meshing can work effectively over as many as 3-4 hops, most Public Wi-Fi deployments should limit meshing to one or at most 2 hops to ensure a consistent, high quality network connection. By meshing 4-5 APs back to a single AP that is connected to fiber, the cost of deploying and connecting those APs can be reduced by 60-70%.

Another option that is becoming increasingly attractive is to use millimeter wave radios to deploy a point to point or point to multipoint backhaul network. Millimeter wave radios can deliver throughput of several gigabits per second over 300-400 meters at a very cost-effective price.

Key Takeaways

  • Cities should engage multiple stakeholders, including businesses, residents, universities, and civic groups to develop a strategy to guide their Wi-Fi design and deployment.
  • Cities should consider HS2.0 or PKI certificate-based security to deliver the best end-user experience with the highest level of end-to-end security.
  • Most cities have significant telecom and related assets which should be considered while planning and designing their Wi-Fi network.
  • No one wireless solution can meet all of a city’s needs; they will generally need several wireless networks.
  • Mesh has become an integral part of Public Wi-Fi designs; particularly for outdoor and exterior coverage
  • Wi-Fi is the most ubiquitous and lowest cost access solution for IP networking, and it continues to be enhanced to deliver higher and higher performance. Cities should leverage this as a core infrastructure for public access, bridging the digital divide, and to support other new city services.