Part 2.docx.docx - Sites at Penn State

advertisement

Millbrook Commons Community Net:

Technical Design

IST 220 Section 003

Professor Brice Toth

Team Numeral X

December 12, 2014

1

Table of Contents

III. Executive Summary ………………………………………….…………………………. Page 3

IV. Review of Recent Trends in 65+ Age Demographic ……………………… Page 4

V. PAN/LAN/MAN Architecture Design Plan

5a LAN ……………………………………………………………………........……. Page 6

5b PAN …….……………………………………………………………….…....….. Page 10

5c MAN ………………………………………………………………………………… Page 14

VI. Network Access and Security …………………………………………………….. Page 18

VII. Additional Network Diagrams …………………………………………………... Page 21

VIII. List of References …………………………………………………………………….. Page 25

2

III. Executive Summary

Numeral X addresses the Millbrook Commons Community Net Project with a concept based on current networking trends and future proofing. Being able to address all aspects of networking from the ground up, Numeral X provides a wired and wireless solution with redundancy, scalability, and ultimately usability. From Metropolitan Area Networks (MANs) to personal health monitoring devices, Numeral X created solutions that highlight the importance of keeping a connection live while helping a resident live a more fulfilling life through the use of technology.

The first area we discuss is the recent trends in the MCCN Project target population: the

65+ demographic. Because the demographic population size is projected to double in 2050, providing adequate living and health services becomes even more important than in previous generations (West et al., 2014). In addition, healthcare challenges are emphasized because of the growth in both the demographic population and population longevity.

Secondly, to support our target population and their needs, Numeral X relies on technology to do most of the “heavy lifting.” The implementation of a partial mesh network, to allow for redundancy and near-lossless connectivity, utilizes a MAN and W/LAN (Wireless/Local

Area Network) to blanket the entire campus in network access and coverage with technology such as LTE cellular data connectivity. In addition, PANs (Personal Area Networks) will be utilized to help monitor resident health remotely. Based on a fiber backbone and scalable networking equipment, MCCN will be a technologically advanced (and scalable) facility that is able to help residents of all abilities.

Finally, Numeral X addresses securing the network from intrusion by meeting and exceeding HIPAA regulations. The driving force behind healthcare technology is the EMR/EHR

(Electronic Medical or Health Record). In order to provide the best level of care to our target population, we will need to keep the data that flows into an EMR/EHR as secure as possible.

Through the use of data encryption and user authentication security measures like smart cards,

MCCN will make priorities of securing resident health information and preventing intrusion.

As many communities prepare to support the 65+ population, MCCN takes a leap ahead.

From the use of advanced networking services like LTE to remotely monitored patient health devices like heart rate monitors, the MCCN Project will have the necessary services to address current healthcare technology concerns and any future concerns. As the demographic information already shows, MCCN’s target population is only going to grow. In order to prepare for current and future trends, look to Numeral X’s framework for success now and into the years to come.

3

IV. Review of Recent Trends in 65+ Age Demographic

The United States considers those age 65 and older to be “senior citizens.” West, Cole,

Goodkind, and He provide a thorough analysis of this population in their 2014 report, 65+ in the

United States: 2010. The 2010 census counted over 40 million seniors, representing 13 percent of the population. In the upper age categories, women outnumber men. This means more women are widowed and likely to live alone. In regards to race, 84.8% of the older population identified as “White alone” in 2010. However, the diversity of this age group will continue to increase. Similarly, while 14.2% currently speak a language other than English at home, the percentage is larger for the younger population, pointing towards future trends for the elderly.

Older Americans are remaining in the workforce longer, reversing the early-retirement trends of a few decades ago. Those with higher education tend to continue working longer. In 2010,

77.1% of older women and 78.9% of older men had completed at least 4 years of high school;

16.8% of older women and 27.4% of older men had completed 4 or more years of college. This gender gap was likely the result of factors such as the GI Bill and women marrying young, but it is closing. In fact, by looking at the education of the current younger population, it is predicted that by 2040 the percentages of college-educated men and women will be the same, around

29%. Many health challenges accompany growing old, including medical problems such as heart disease and cancer, cognitive impairment such as dementia and Alzheimer's, and sensory impairment such as hearing and vision loss. According to the 2010 American Community

Survey, 38.6% of seniors had at least one disability, the most common ones being related to mobility (West et al., 2014).

It is projected that the population of seniors will “more than double from 40.3 million in

2010 to 83.7 million in 2050” (West et al., 2014, p. 5). In the immediate future, this growth will be caused by the aging of the Baby Boomer generation. Specifically, the Baby Boomer generation includes those born during the 18-year span between 1946 and 1964 (Congressional

Budget Office, 2013). Census data tells us that just under 77 million people were born during that period, at a rate of about 24 per 1000 American citizens. Since the first boomers entered the workforce, they began to form the backbone of the American economy, especially in the manufacturing industries during the middle and later parts of the century (Zinn, 2005). They contributed massively to government programs like Social Security, creating a surplus in the fund that guaranteed its stability through the retirement of older generations of Americans

(Hall, 2011). In 2011, the first Baby Boomers, that is, those born in 1946, reached the traditional retirement age of 65 years old. By the year 2031, the last of the Boomers will reach retirement age. At that time, for the first time in living memory, a full quarter of the United States’ population will be of retirement age (Sightings, 2014). For the sake of comparison, only 13% of the population was of retirement age in 2012, and only 9.8% in 1970.

Geographically speaking, as of the 2010 census, the Boomers are spread all over the country, with larger percentages of Boomers inhabiting the northeastern and western regions of the country. High densities of older Americans can also be found in the Carolinas and some coastal counties in Florida, but the mid- and south-western regions of the United States are more commonly home to younger citizens. Though Pennsylvania is home to a large percentage of Boomers, the lone exception is Centre County, which boasts an extremely youthful average

4

age of 28.7 years old (Governing.com Staff, 2014). While this is to be expected in an area dominated by such a large university, the county still contains more than 17,000 members of the Baby Boomer generation. As these citizens exit the workforce and enter into this new phase of their lives, other Americans must be cognizant of the implications, both to prepare ourselves for a changing society and to ensure that the Baby Boomer generation is properly cared for in retirement.

Many seniors are embracing technology to simplify their lives. One study found that the percentage of individuals in the 65-74 age range with home Internet access has almost doubled since 2005 (Thomas, 2014). Another study found that the 55-64 age group is now twice as likely to bank and pay bills online as it was in 2005 (O’Conner, 2014). According to the Pew Research

Center, about 77% of Americans age 65 or older have cell phones (Smith, 2014). One of the largest indicators of whether a senior is inclined toward technology is financial well-being.

Wealthier seniors are more likely to engage with technology and the Internet. In fact, seniors with an annual income of at least $75,000 are 57% more likely to have Internet access at home than those earning less than $30,000 (Smith, 2014). Younger generations may see Internet access as a necessary expense, while seniors are more inclined to deem it a luxury. Indeed, studies show that Internet usage among seniors’ drops off significantly after the age of 75, a fact which can very possibly be linked to dwindling savings.

There are many technologies that can help seniors, both improving their quality of life and providing better health care. Some example of these are social programs, safety equipment, exercise equipment, health tracking software, home assistance devices, and medical devices such are hearing aids. Seniors are one of the fastest-growing groups of Internet users, and this group will continue to grow as today’s technology consumers’ age. Seniors may choose to keep in touch with family and friends through social media and communication applications such as Facebook and Skype. Digital exercise equipment helps seniors stay active with less chance of injury. Health tracking software keeps track of medical history, medications, and current health data. This information can be easily shared with doctors and family. For seniors with cognitive impairment and memory loss, devices such as GPS tracking systems can be used to monitor the individual's location, and apps are helpful in reminding seniors of tasks or important information. Developers are also creating apps specifically for at-risk individuals such as seniors for getting help in emergency situations; the “Panic Button” and “Are you OK?” apps are just two examples (Thomas, 2014). Traditional medical devices such as hearing aids and pacemakers are improved with the latest technologies; for example, oxygen machines and vitals-monitoring devices can digitally send real-time information to medical staff.

The elderly population in the United States will continue to grow, especially as the Baby

Boomer generation ages. As healthcare increases life expectancy, this demographic faces an increase in age-related disabilities and health problems. Our society faces the challenge of how best to support the senior population as they age out of the workforce. Fortunately, many technologies can be harnessed to help seniors and those who care for them, and Millbrook

Commons is equipped to utilize these technologies.

5

V. PAN / LAN / MAN Architecture Design Plan

5a - LAN / WLAN

The LAN design for the MCCN will use a partial mesh topology to connect each building.

This provides decent connection redundancy, and if needed could be updated to full mesh topology, which would provide even greater connection redundancy. Each building is connected using single mode fiber optic cable.

Partial Mesh Connections Overview

Single mode fiber optic cable is used for 1 gigabit (1000BASE) or 10 gigabit (10GBASE) connections, and it has the potential to be use for higher standards. Fiber optic cable is also immune to the noise and static that can affect copper cables, which makes fiber cable the better choice. Each building will be equipped with a Cisco ASR 901 10G router which can handle the high 10 gigabit speeds and can later be upgraded if needed.

Inside the building, we will be using Cat 7 cable, which supports 10 gigabit speeds at

6

lengths of 100m or less, and is backwards compatible with Cat 5e and 6. Cat 7 cable is a Class F cable, which has stricter standards than the older Class E cable (such as Cat 5e and 6), is rated for transmission frequencies of up to 600 MHz, and has better shielding to help protect against crosstalk and static. Cat 7 cable will be used to connect the routers to switches and also to connect network devices such as computers, printers, and fax machines to the switches in each building.

Example Office/Lab Design

As shown in the diagram, each office or lab will be connected to a switch, which is connected to the main router of that building. All cabling will be done using Cat 7 to ensure the highest bandwidth possible with the ability to be backwards compatible with older NICs that may not support 10 gigabit speeds. Each lab or office will be connected to a Cisco Nexus 7000

Enhanced F2-Series switch that will be located in the wiring closet of that floor/building.

Each building will also be configured for wireless LAN so residents, employees, and guest will have access to high speed Internet. Main buildings will have a CISCO AIR-CT5508-250-K9

5508 Wireless Controller that can support up to 250 Access Points; this will provide maximum coverage for the whole campus. Smaller buildings and large buildings that need additional access points will use a Cisco Aironet 3702p Controller-based wireless access point, which allows for speed up to 1.3 Gbps and supports the newer IEEE 802.11ac and older versions IEEE

7

802.11a/b/g/n. A repeater can be added if signal loss occurs.

Example Wireless Design

There are multiple 802.11 protocols, the newest being 802.11n and 802.11ac; both of them support older models. 802.11ac supports speeds up to 1.3 Gbps and supports wireless a/b/g/n. Because of its relatively new design and higher frequency band (5 Ghz band with 80-

160 Mhz channels), it is less likely to have static interference. A disadvantage of 802.11ac is that it is relatively new and costly; they are developing a new type that will run at higher speeds. 802.11n is more common and is a cheaper alternative; it supports speeds up to 600

Mbps and operates at either 2.4 Ghz or 5 Ghz frequency bands. A disadvantage of 802.11n is that it is more common and even using different channels is more susceptible to static and noise.

The recommended equipment for wireless LAN:

● Wireless Router - Cisco Air-CT5508-250-K9 5508 Wireless Control o Provides high gigabit speeds

8

o Supports multiple standards to provide support for multiple models

● Access Point - Cisco Aironet 3702p Controller-based - Wireless Access Point o Provides high speeds up to 1.3 Gbps o Supports multiple standards and ranges o Can be used as a repeater to boost signal

● Network Adapter - Asus PCE-AC68 Network Adapter - PCI Express o Provides high speeds up to 1.3 Gbps o Supports multiple standards and ranges

Recommended equipment for use in residences would be Telikin Elite II. It is designed specifically for the elderly and features a large-print keyboard as well as a large screen that is designed to be brighter than normal monitors. The Telikin Elite II is an all-in-one design which comes installed with common apps and programs. It also has text-to-speech capabilities to help users that have vision impairment.

9

Recommended Office/Lab equipment:

● Computer - Asus BM1AE-I7477S008B Desktop PC o Comes with Intel i7 processor 3.1Ghz

o 4Gb DDR3 ram o 1 Tb hard drive o Pre-installed with either windows 7 or 8 64bit professional OS o LAN speed 10/10/1000 Mbps with the ability to be upgraded

One of the most common and widely used network management software protocols is

Simple Network Management Protocol, "SNMP." SNMP helps manage or monitor groups of devices on the network from one of more administrative computers. It allows administrators to monitor the network from one node on network or multiple nodes, which can improve the administrators’ ability to detect any intrusions or errors.

The recommended network management program that works with SNMP is

OpManager. OpManager allows for network mapping using Cisco Discovery Protocol. This

10

manager also provides network traffic analysis, monitoring class-based quality of service, and

WAN and VoIP performance monitoring. It also comes with network management software to help the administrator monitor all network devices. OpManager also monitors Syslog and

SNMP TRAP in case a fault is detected or if a Cisco device is broken into. This allows the network administrator to monitor all active devices on the network and troubleshoot them as the need arises.

One of the best security system providers is ADT. ADT's business solutions come with intrusion detection, video surveillance, access control, fire monitoring, and business automation. Business automation allows an administrator to control lights, temperature, and alarms remotely. Intrusion detection uses motion detection devices, intrusion alarms and sensors, and perimeter sensors. Video surveillance will allow security to watch over the campus in real-time. Access control allows the management of entry into specific areas and will also keep a log of who has entered the area; this is also useful for separating the offices from the residential areas. ADT also comes with fire monitoring services which will alert the appropriate emergency response at the first signs of smoke or fire. ADT is a well-known company and they provide a variety of packages to suit customers’ needs.

5b - PAN

In decades past, the Personal Area Network (PAN) was a concept only found in science fiction books and films. From Star Trek’s tri-corder to Minority Report’s helmet-mounted heads up displays, the integration of technology onto the wearer’s body to collect, record, and disseminate data was merely a thought in the futuristic mind. Creating a close-to-the-body wireless network was thought to be extremely difficult to manage, as the hardware to make these PAN’s possible were unwieldy for everyday use. However, with recent advancements in miniaturization and the proliferation of “wearables,” the possibility of creating and using a PAN for medical purposes is not only feasible, but should be integrated into common medical practice. Collecting relevant patient data through the use of connected devices in a PAN is as simple as using a smartphone.

The purpose of a medical PAN is to collect, record, and transmit patient data. This information is stored in the patient’s EMR/EHR (Electronic Medical/Health Record) and is accessible by the care management team. As simple as the concept may seem, the real dilemma has always been, “How?” Previously, PAN technology was not as useable as it currently is. As Jovanov, Raskovic, Price, Chapman, and Moore (2001) state, “[Current] system organization is unsuitable for longer and continuous monitoring, particularly during the normal activity. For instance, monitoring of athletes and computer assisted rehabilitation commonly involve unwieldy wires to arms and legs that restrain normal activity” (p. 1). Without the ability to move freely, a patient could refuse the use of the devices, which would defeat the wired

PAN’s intended purpose. Thus, the creation of a wireless PAN was necessary. Jovanov et al.

(2001) continue, “Micro Electro Mechanical Systems (MEMS) made possible the development of networks of intelligent wireless sensors … through the increase of processing power, miniaturization, wireless communication, and decreased power consumption” (p. 1). These

MEMS include the monitoring device, the data storage, and wireless connectivity.

As mentioned in the introduction to this section, the hardware to implement a PAN for

11

medical purposes is as simple as using a smartphone. Current smartphone technology allows for connections to both secured WiFi signals and Bluetooth PAN connections simultaneously.

With very little modification, the ability to connect to ZigBee connections could be added to the hardware sets. The full complement of monitoring devices and PAN connectivity could be as simple as putting on a shirt. Hexoskin is a wearable technology company that produces a shirt in which embedded monitoring devices are able to monitor the physical activity, respiration, and heart rate of the wearer and communicate that data via Bluetooth (Hexoskin, 2014). In a different approach, Design World envisions the implementation of PANs with devices that utilize nodes and/or connected, surgically implanted artificial devices (see Figure 1). The picture depicts how a patient would wear connected wireless nodes that transmit to a “Body

Area Aggregator,” which in turn connects to the wireless networks. As denoted, the ability to monitor a patient’s vital signs and other important information (such as the inertia monitor for if a patient falls) will aid in properly providing patient care.

In addition, the ability to place these monitoring devices is bound only to what information needs to be collected. Just as some people wear sports armbands during workouts to keep cellphone access close, a patient is able to wear a blood pressure cuff, heart rate monitor (even embedded into a Hexoskin shirt), and other devices on their bodies as needed.

Figure 1 (designworldonline.com)

12

As technological ability begins to meet the medical community needs, the importance of data collection and transmission increases. The PAN can implement Bluetooth LE (Low Energy,

802.15.1), ZigBee (802.15.4), and standard WiFi (802.11XX) and/or mobile network (3G, 4G/LTE) for wireless connectivity, but it requires a central device, the Aggregator. The Aggregator device in the PAN securely connects all monitoring devices to the external network. Again, the simplest solution is to modify an existing smartphone to accept ZigBee communications and we have a complete Aggregator which can collect, record, and transmit in a self-contained device.

The smartphone is a completely mobile device with a rechargeable battery, WiFi, Bluetooth LE, and mobile network connectivity for when a WiFi signal is not available.

In a real world example, the monitored patient could be wearing a Bluetooth LE

Hexoskin shirt that monitors blood pressure, heart rate, and respiration, while also wearing a

ZigBee inertia belt. The Aggregator will collect, record, and transmit to a WiFi access point found in the residence or facility. If the patient falls, the inertia belt will notice the change in velocity of the patient and send a 802.15.4 message to the Aggregator, which in turn could send a message to the monitoring facility or first responder. Similarly, the Bluetooth LE devices in the Hexoskin (or other Bluetooth connected device) could alert the monitoring facility/first responder to any serious changes in a patient’s status. Since all of the information is being recorded and sent to a data collection repository (in healthcare, this could be the EMR/EHR), patient care is more accurate and ultimately more meaningful in terms of providing the best form of medical remediation.

The final areas of concern in a PAN used in healthcare would be connection security and productivity (from Aggregator to the data collection repository) and redundancy. Security and productivity (on back-end hardware/software) is an area in which a PAN does not have control, but does have influence. In a wireless network, the signal from an Access Point (AP) provides the connectivity from Aggregator to back-end hardware and software. Since the standard

802.11XX protocol is easily accessible, the WiFi signal must be properly secured with the

Aggregator’s connectivity to the data collection repository utilizing encryption, data recovery strategies (like offsite backups) implemented to prevent loss of data and device settings, and back-end hardware/software conforming to regulatory standards. Current practice is to encrypt the connection, the device, and limit all access to patient data to an as needed basis.

A more difficult task to address is redundancy for the Aggregator to data collection repository. Creating redundancy is a problem when trying to simplify the device requirements in a medical PAN. Yu (2009) writes that these devices must be scalable and address redundancy because these “medical signals are often life-critical, posing strict requirements in terms of accuracy, reliability and latency” (p. 4). Without some form of redundancy in place to address a system/signal failure, a patient’s health could be in danger. Thankfully, the nature of the secure

PAN and centralized Aggregator allows for addressing redundancy quickly and efficiently. For example, the Aggregator is constantly receiving, recording, and sending patient health data to the data repository. In the event a WiFi signal fails, the cellular capability of the device kicks in and begins sending the health data over the 3G/4G/LTE data connection to the MAN

(Metropolitan Area Network), which is already in place to address data connectivity for the facility. The Aggregator is still able to send data to the repository and ultimately keep the patient safe.

The other redundancy problem comes from the Aggregator itself. If an Aggregator

13

becomes faulty, the healthcare facility is able to swap the faulty Aggregator for a working one – almost seamlessly. This is done by simply downloading any leftover data to the new

Aggregator, pulling the system data from the repository (which already backs up any patient and system data), and making sure the Aggregator is properly configured for the patient’s device complement and needs. Yu (2009) focuses on scalability as being the primary issue in healthcare PAN systems, but in a model where the Aggregator is the only device with scalability concerns, the hardware investment and requirements become less important compared to the data collection network itself.

Currently, the only network equipment needed to operate a functioning PAN-to-WLAN connection is the standard 802.11XX-type set. Since the Aggregator incorporates secure WiFi,

Bluetooth LE, and ZigBee, the equipment needed to collect the patient data and transmit it to the data repository would be standard networking equipment. Cisco is the most known brand, but devices that are able to encrypt and transmit in high speed can easily be substituted into the same environment with equal effect. Again, the point of emphasis in the Aggregator to

EMR/EHR connection is encryption.

While advances have helped to grow the medical device market, consumer market based devices are an easy way to incorporate PAN data collection in healthcare. The current wireless technology is able to transmit data from connected devices (whether it is WiFi,

Bluetooth LE, or ZigBee) in a secure manner and incorporate it into a patient’s EMR/EHR. The data allows the medical community the ability to address a patient’s healthcare concerns in a meaningful way. However, security and scalability are concerns that any healthcare organization must address. Luckily, current mobile devices not only address these concerns, they are scalable to address future concerns as well.

5c - MAN

During the end of the last decade, major mobile carriers began rolling out options for a new and improved mobile network. This network would be able to handle data transmission that its 3G predecessor could not; the only question was that of implementation. A major forerunner manifested as WiMAX (Worldwide Interoperability for Microwave Access), a metropolitan-sized area network design made of up the 802.16 IEEE family of standards. Major telecommunications companies examined the technology, and Sprint was the first to make a major investment (Stoffels, 2012). Before other companies could get involved, however, LTE appeared and took over. The reasons for LTE’s dominance are many and varying, and we will examine them in the following section. The clear advantages of the LTE technology contributed to our decision to use it to facilitate the metropolitan area connection instead of the 802.16

IEEE standard, WiMAX.

A key consideration when comparing networking standards is the uplink/downlink speeds of the networks as well as their range. These factors go hand in hand; the speed of the network is contingent on, among other things, the distance that the data has to travel. The

WiMAX standard operates in a few spectrums, including 2.3GHz, 2.5GHz, and 3.5GHz (Stoffels,

2012). This gives WiMAX a short range, but the users within that range are much less likely to experience an outage or connection issues. On the other hand, LTE operates on the 700MHz band, which gives it a huge advantage in terms of range. Though WiMAX boasts ranges of up to

30 miles, but standard obstructions dramatically reduce that number, potentially knocking it

14

down to 6 miles (Gompa, 2013). On the other hand, LTE’s lower frequency allows for minimization of obstructions, giving it a range of 18 miles with good performance.

When considering speed, there are more factors than just the bandwidth, however. LTE uses different radio links for downlink and uplink. For downlink, LTE uses OFDMA (Orthogonal frequency division multiple access), which requires the use of MIMO (Multiple In, Multiple Out)

(Gompa, 2013). This technology allows for a dramatic decrease in latency and increases total throughput. On the uplink side, LTE uses DFTS-OFDMA (Discrete Fourier transform spread orthogonal frequency division multiple access), another MIMO technology. The separation of these transmissions optimizes the network and reduces power consumption the devices.

WiMAX lacks this level of complexity.

Another downside to the WiMAX standard is potential interference with Wifi (802.11a).

These two standards share a radio spectrum using unlicensed bands. The resulting interference can significantly impact the quality of service for any systems that are operating within that specific band (Bchini & Quabiba, 2012). Before the implementation of the 802.16 standard,

802.11 had no such competitor for band resources, but heavy-handed implementation of the

802.16 standard would make both connections unreliable and unsuitable for a network connection that requires minimal latency, data loss, or other problems.

One of the most significant arguments for the implementation of LTE instead of WiMAX is in the name: LTE stands for “Long Term Evolution.” This name suggests investment in the technology, and AT&T, Verizon, and other major carriers have significantly demonstrated their support (Harris, 2011). The result is an increasingly reliable and high-speed network. Together with its various network optimization features, LTE boasts downstream speeds of more than

300Mbps and upstream speeds of 80Mbps (Chandler, 2012). These figures far outstrip the

70Mbps estimated by WiMAX providers, and due to the high frequencies on which service is provided, the signal strength drops off significantly, down to 10Mbps at a range of only 6 miles.

These numbers cannot sustain traffic required for our facility, and even if LTE did not provide sufficient figures to accommodate us, which we believe it does, the industry is strongly invested in the continued improvement and optimization of LTE performance, making this a safe and sure investment.

Cell sites provide the center of the metropolitan area network. Carriers customarily share these locations, so it is not uncommon to see hardware for Sprint service at an AT&T location. The inside of the network cabinets feature racking with a switch and base stations for the carriers who provide service at each individual location. These base stations are the brains of the cabinet; they process all the data, and they can be specially configured to handle LTE data, CDMA connections, or any other required service (Anthony, 2013). In fact, these stations are so crucial for the overall quality of the service provided by the carriers that the manufacturers will custom-build them for the particular area in which they will be providing services. Base stations will also be configured with firmware that is planned between the manufacturer and the carrier in order to give the carrier familiar access to that station and its capabilities.

Some manufacturers also create software to facilitate changing technologies and connections. Samsung’s Smart Base Stations actually contains options to change the technology provided by the location (between LTE, CDMA, GSM) and the frequencies on which those technologies are offered (Anthony, 2013). Instead of having to fight with hardware to change

15

these options, all the work can be done in a control panel that is referred to as a “Softwaredefined radio” or SDR in this example. This dramatically decreases the complexity of maintenance, upgrades, or other types of changes to the location, or to a large number of locations in a specific area or via a specific carrier.

For transmitting the signal, these cell sites use antennas attached to the sides of the buildings where the network cabinets are located. Each of these antennas is pointing in opposite directions, and each one covers a 120 degree arc (Anthony, 2013). With 3 antennas, this allows for a full 360 degree transmission of the network signal without any overlap. Each antenna is supported by amplifiers, which amplify the signal being transmitted by the antenna before it is sent out. There are six total amplifiers; one for each of the three antennas at the cell site. Given the power required to keep this technology going however, administrators had to plan for excessive heat generation, which could damage the hardware at the location and possible stop transmission of the signal altogether. To combat this problem, each amplifier is contained by a heatsink.

Interestingly, being extremely close to the cell site is not actually not where a person will receive the best signal strength. According to a team of ExtremeTech reporters who visited one of these cell sites, being right near the amplifiers did not give a strong signal (Anthony,

2013). Such close proximity to such a high powered transmitter combined with the amplifiers within a user’s own device could possibly have an oversaturation effect or even clash with one of the other nearby transmitters pointing in another direction. Being as close as possible to the cell site is hardly an important goal for a facility receiving this signal. Between the potential for the signal to be a little bit overwhelming in such close proximity and the advanced LTE technology giving a reliable signal within several miles of the cell site, structuring a network cell site to be right on top of a service area unnecessary and possibly even counterproductive.

One of the features that makes LTE such an attractive technology is the multiple in multiple out technology. As previously mentioned, this optimizes network performance, increases connection stability, decreases latency, and increases total throughput (Gompa,

2013). While this feature makes a strong case for the implementation of LTE technology everywhere, it does have its drawbacks. Because incoming and outgoing connections are separate in an LTE transmission, there need to be two antennas for each receiver; one for receiving incoming transmissions, and one for transmitting out. While this alone as the potential to drive up costs and complicate the LTE connection, there is another drawback. If the antennas are too close together, they can create a lot of noise for each other, which will dramatically impact the quality of the LTE signal (Anthony, 2013). In devices like cell phones, especially the smaller ones, this is a huge problem, and the entire structure of the phone has to be planned around attempts to minimize the interference between these competing signals.

Fortunately, advances in this technology are leading to resolutions to this problem.

Certainly, it is possible to just place antennas farther apart in order to minimize the problem, but that solution carries with it the appearance of guessing; at what point is the signal far enough away? It is difficult to tell without repeated trial and error. A preferred resolution to this problem would be an improvement to the antenna technology itself. Galtronics, a company that specializes in the design of antenna technology, has released a “30/30 Narrow Beam High

Grain LTE MIMO” Antenna (Ramot, 2009). This antenna is able to better separate the in and out signals to minimize the aforementioned network noise, and it does it specifically in situations

16

where high data capacity is needed. Additionally, according to the manufacturer website, the antenna is able to cover “all bands, keeping a low VSWR, high gain, and maintaining a stable

30/30 beamwidth across the complete frequency range.” This small, flat device is able to support massive transfer rates while also combating winds up to 150mph, minimizing other environmental factors that could damage or significantly impact signal strength if other devices were used.

The decision to establish the metropolitan area network via LTE was not a difficult one; as the 802.16 standard is slowly phased out for the newer, faster, more reliable LTE technology, we see investments being made that seek to take it even further. For example, manufacturers of base stations like Samsung are now actively designing those stations to be optimized for LTE transmission, and companies like Galtronics are churning out devices that resolve issues that still linger with technologies like MIMO that are coupled with LTE access. This alone is a strong indication of the dedication the industry has to making LTE the lasting standard. Though its early adoption was met with some pushback due to it being a packet-switched network only, innovations in the form of Voice-Over-LTE have stepped in to help it fill the gaps where it would have failed compared to a circuit switched model. Given these improvements along with the flexibility of LTE to adapt to other changes and be enhanced by them, it makes sense to use LTE to facilitate the metropolitan area connection for our facility.

MAN Network Topology

17

18

VI. Network Access and Security

HIPAA Compliance

The medical center on the MCC campus will be making extensive use of the network to collect, store, and transmit personal health data about the residents. Because of this, it is considered a "covered entity" under the Health Insurance Portability and Accountability Act of

1996 (HIPAA) and must follow the standards for privacy and security for that data. HIPAA is comprised of a Privacy Rule and a Security Rule. The HIPAA Privacy Rule refers to individually identifiable health information that exists in electronic form "electronic protected health information," or e-PHI. According to the U.S. Department of Health & Human Services, the

HIPAA Security Rule includes the following requirements:

1. Ensure the confidentiality, integrity, and availability of all e-PHI they create, receive, maintain or transmit;

2. Identify and protect against reasonably anticipated threats to the security or integrity of the information;

3. Protect against reasonably anticipated, impermissible uses or disclosures; and

4. Ensure compliance by their workforce. (HHS, n.d.)

Defining important terms from the Security Rule:

● Confidentiality: e-PHI is only available and disclosed to authorized persons

● Integrity: e-PHI is only altered and destroyed in authorized ways

● Availability: authorized persons are able to access and use the e-PHI on demand

The Security Rule calls for covered entities to conduct risk analysis and implement security measures to protect e-PHI (HHS, n.d.). A security official will be responsible for overseeing the security of the network. This professional must be well-versed in the specifics of

HIPAA and the ever-changing threats to network security. Access to e-PHI must not only be controlled, but audited (HHS, n.d.). Network management software will help the security official review access and detect breaches. Physical access must also be carefully controlled, as will be discussed in the following pages. We will also discuss the importance of training staff and residents to comply with HIPAA.

Paper documents containing PHI and other sensitive information must be properly stored or destroyed; shredders should be made available to residents at reception areas, as well as used by the clinic. Like its physical counterpart, e-PHI must be disposed of properly

(HHS, 2009). This can include overwriting the media, purging the data with a magnetic field, or destroying the media. Hardware that stored e-PHI can be disposed of or reused after the sensitive information is thoroughly removed in this manner (HHS, 2009).

Following the HIPAA requirements will not only protect MCC from fines and lawsuits, but will ensure the quality and security of the network for non-health-related uses. Residents will be assured that their personal digital photographs, communication, and financial information are secure within the network. The system is designed so that data is reliably accessible, meaning residents will not have to worry about network-related outages to their

19

Internet access.

Users

One of the greatest security risks to any network is the users themselves. Because of this, both staff and residents should have regular opportunities to receive trainings on topics such as network security, privacy in the digital age, HIPAA, and preventing identity theft. These topics should be addressed semi-annually in the staff's mandatory trainings, and strict policies will be in place to report and respond to any violations. An easy-to-understand usage policy should be carefully explained to residents, which they must sign to have access to the community network resources. Many scams take advantage of the elderly’s unfamiliarity with technology, such as email “phishing” scams or pop-up windows claiming to be virus-scanning software (National Council on Aging, n.d.). Real virus protection software subscriptions will be provided to residents and installed on company-owned devices to reduce the vulnerability of both individual devices and the network.

Access

The campus security will protect not only the residents but physical access to their data.

Window and door sensors and video cameras will guard against intrusion. Video cameras will be situated inside the buildings, at entryways, and in the lampposts that line the streets and walkways. Access to data-containing devices must also be carefully controlled. For example, computers containing e-PHI in the medical clinic should not be accessible to patients and visitors. Similarly, all media such as flash drives or CDs that contain e-PHI must be secured. All devices, such as computers in examination rooms, must be password protected when left unattended.

Authentication

A variety of solutions for security and authentication were considered, ranging from traditional key locks to biometrics such as fingerprint scanners. Managing this number of physical keys presents challenges, both in regulating who has which keys and the expense of replacing locks when a key is lost or stolen. While biometrics are an attractive technology, they present a particular security risk - if a key or ID card is stolen, it can be replaced; if biometric data is hacked, an individual’s fingerprint cannot be replaced. A middle-ground technology presents the best of both worlds: the smart card with an embedded circuit chip. If a smart card is lost or stolen, it can be easily deactivated and replaced, and the lock can be remotely reconfigured instead of reinstalled. Smart cards will serve multiple purposes for staff and residents of Millbrook Commons. The printed card will feature a photograph, name, and any other information desired by the administration, such as an ID number. The embedded chip will allow the holder access to specific doors and network resources, providing authentication.

There are other possible uses, such as data storage and loading with money; the convenience must be weighed against security concerns. For example, medical information could be stored on the card and read by emergency personnel with the appropriate devices (Smart Card

Alliance, 2014). The Smart Card Alliance also states that smart cards can be used to facilitate compliance with HIPAA. In addition to the smart cards, staff and residents will all be assigned

20

an individual username and password to access the network resources. The authentication server will verify the users’ credentials.

Protection from outside attack

Connecting a network to the global Internet opens the door for a plethora of attacks.

Malware such as viruses and worms can collect confidential information, delete files, and compromise the performance of a device. Denial-of-service attacks limit or prevent the use of resources such as networks and servers. Transmitted data can be “overheard” by receivers known as packet sniffers. Attackers can use IP spoofing to conceal their identities to obtain sensitive data. Fortunately, there are ways to combat these attacks.

Firewalls will be maintained to control the flow of data to and from the external Internet to the internal network. The gateway router will be responsible for packet filtering where the network meets the external Internet. Intrusion detection systems will be installed to provide deep packet analysis to help identify attacks. Frequently-updated anti-virus software will identify and remove known malware threats. A second, more strict firewall will protect the medical clinic. This firewall can be configured to allow access to a limited number of resources; this will not only reduce security threats but also reduce employee time-theft.

The network design also includes a “demilitarized zone” for the web server and DNS server. It features a high-end firewall, spam filtering, and anti-malware functionality, as well as

VPN services for remote access. Physicians could use this VPN service to securely complete electronic medical charts from home.

Finally, a separate visitors’ network will make it easier to prevent unauthorized access to sensitive information. Visitors may obtain a temporary password (changed weekly) from a receptionist to log on to this isolated WiFi network. Access points will be placed in commonlyvisited areas.

Encryption of data

Modern encryption is a key component of data security and privacy. The main security concerns include confidentiality, sender and receiver authentication, and message integrity.

Kurose & Ross (2013) describe a variety of techniques and features have been created to address these concerns.

Public key encryption provides a way to send encrypted data without first securely exchanging a secret key. Cryptographic hash functions are used to verify that messages were not altered in transit. Message authentication codes and digital signatures help verify the sender's identity. All websites that will send or receive confidential data – whether maintained by or visited by Millbrook Commons and the clinic – should use the Secure Sockets

Layer protocol to enhance the security of TCP. When PHI is to be transmitted to and from the medical center or residences to an external location (such as a hospital or doctor’s office), a virtual private network should be used. The virtual private network provides an extra layer of encryption to data that is transmitted via the public Internet, which is less secure than

Millbrook Commons's internal network. The campus’s WiFi networks will use WPA2 wireless encryption due to its encryption strength and potential for easy-to-remember passwords.

The security measures designed for the Millbrook Commons network will not only meet

21

government regulations but enhance the experience of residents and employees. A side benefit of stronger network security is less downtime and frustration for residents, since attacks can not only access sensitive data but can damage network performance or temporarily disable it.

This secure, stable network will provide the foundation for a wide range of technological resources that will benefit of all who live and work here.

VII. Network Diagrams

Resident PC Diagram

22

PAN Diagram

23

802.11 LAN Coverage Area

24

LTE MAN Coverage Area

25

VIII. List of References

ADT (2014). Medium Business.

adt.com. Retrieved December 5, 2014, from

26

http://www.adt.com/business/medium-security

Anthony, S. (2013, June 12). A Rare Look Inside an LTE Cell Site, Operated by Spring in San

Francisco. Retrieved December 1, 2014, from http://www.extremetech.com/extreme/

158342-a-rare-look-inside-an-lte-cell-site-operated-by-sprint-in-san-francisco

Asus (2014). PCE-AC68. asus.com. Retrieved December 5, 2014, from http://www.asus.com/us/Networking/PCEAC68/

Bchini, T. & Ouabiba, M. (2012). Interaction and Interconnection Between 802.16e & 802.11s,

Advanced Transmission Techniques in WiMAX, Dr. Roberto Hincapie (Ed.), ISBN: 978-

953-307-965-3, InTech, Available from: http://www.intechopen.com/books/advancedtransmission-techniques-in-wimax/interactionand-interconnection-between-802-16e-

802-11s

Cablinginstall.com Staff (2002, April 1). Multimode or singlemode-which one is the best for

10-Gigabit Ethernet? cablinginstall.com. Retrieved November 30, 2014, from http://www.cablinginstall.com/articles/print/volume-10/issue-/contents/standards

/multimode-or-single-mode-which-one-is-the-best- for-10-gigabit-ethernet.html

Chandler, N. (2012, March 13). How 4G Works. Retrieved December 1, 2014, from http://electronics.howstuffworks.com/4g.htm

Cisco.com (2014). Products and Services.

cisco.com. Retrieved December 5, 2014, from http://www.cisco.com/c/en/us/products/index.html

Cisco.com Staff (2010). Simple Network Management Protocol.

cisco.com. Retrieved December

5, 2014, from http://www.cisco.com/c/en/us/td/docs/routers/access/3200/ software/wireless/3200WirelessConfigGuide/SNMP.html

Congressional Budget Office. (2003). Baby Boomers' Retirement Prospects: An Overview.

Congress of the United States . Retrieved October 23, 2014, from http://www.cbo.gov/sites/default/files/11-26-babyboomers.pdf

Design World Staff. (2011, August 18). "Sensors Advance Medical and Healthcare Applications."

Design World . Retrieved December 7, 2014, from http://www.designworldonline.com/ sensors-advance-medical-and-healthcare-applications/#_

Gompa, N. (2013, February 26). What is LTE? Retrieved December 2, 2014, from http://www.extremetech.com/mobile/110711-what-is-lte

Governing.com Staff. (2014, June 1). Baby Boomers Population Map. Retrieved October 23,

2014, from http://www.governing.com/gov-data/baby-boomers-county-populationmap.html

27

Hall, M. (2011, January 28). Flash! Social Security's Not Doomed. Retrieved October 23, 2014, from http://www.aflcio.org/Blog/Economy/Flash!-Social-Security-s-Not-Doomed

Harris, M. (2011). 700 MHz Spectrum Boosts Mobile Coverage. Retrieved December 2, 2014, from http://www.unisonsite.com/pdf/resource-center/700 MHZ Unison-whitepaper-

6A.pdf

Hexoskin. (2014). "Hexoskin for Research." Retrieved December 7, 2014, from http://www.hexoskin.com

Jovanov, E., Raskovic, D., Price, J., Chapman, J. & Moore, A. (2001) "Patient monitoring using personal area networks of wireless intelligent sensors." www.googlecode.com

.

Retrieved December 7, 2014 from: http://dizertatieserbanflorin.googlecode.com/svn/trunk/ Documentatie/rmbs01_wireless.pdf

Kurose, J. F., & Ross, K. W. (2013). Computer Networking: A Top-Down Approach (6th ed.) .

New York, NY: Pearson.

ManageEngine (2014). OpManager.

manageengine.com. Retrieved December 5, 2014, from http://www.manageengine.com/network-monitoring/cisco-monitoring.html

Multicominc.com Staff (2014). Single Mode vs. Multi-Mode Fiber Optic Cable . multicominc.com.

Retrieved November 30, 2014, from http://www.multicominc.com/training/ technicalresources/single-mode-vs-multi-mode-fiber-optic-cable/

National Council on Aging. (n.d.). Top 10 Scams Targeting Seniors. Retrieved November 16,

2014, from http://www.ncoa.org/enhance-economic-security/economic-security-

Initiative/savvy-saving-seniors/top-10-scams-targeting.html

Newegg.com (2014). ASUS BM1AE-I7477S008B Desktop PC Intel Core i7 4770S (3.10GHz) 4GB

DDR3 1TB HDD Windows 7 Pro 64 bit / Windows 8 Pro 64 Bit . newegg.com. Retrieved

December 5, 2014, from http://www.newegg.com/Product/Product.aspx?Item=N82E16883220379

O'Conner, F. (2014, May 8). Baby Boomers Embrace Technology as much as Younger Users.

Retrieved October 20, 2014, from http://www.pcworld.com/article/2153080/baby- boomers-embrace-technology-as-much-as-younger-users.html

Ramot, L. (2009, June 9). Galtronics’ New 30/30⁰ Narrow Beam High Gain LTE MIMO Stadium

Antenna Allows High Sectorization for Venues with High Data Capacity. Retrieved

December 2, 2014, from http://www.galtronics.com/galtronics-new-3030⁰-narrow- beam-high-gain-lte-mimo-stadium-antenna/

28

Sightings, T. (2014, July 22). 12 Baby Boomer Retirement Trends - US News. Retrieved October

22, 2014, from http://money.usnews.com/money/blogs/on-retirement/2014/07/

22/12-baby-boomer-retirement-trends

Simpleicon.com Staff (2014). Wifi Symbol 2. simpleicon.com. Retrieved December 10, 2014, from http://simpleicon.com/wifi-symbol-2.html

Smart Card Alliance. (2014). Smart Cards in Healthcare FAQ Series – Smart Cards and the

Healthcare Ecosystem. Retrieved December 6, 2014 from http://www.smartcardalliance.org/publications-smart-card-technology-in-healthcareseries-smart-cards-and-the-healthcare-ecosystem-faq/

Smith, A. (2014, April 3). Older Adults and Technology Use. Retrieved October 20, 2014, from http://www.pewinternet.org/2014/04/03/older-adults-and-technology-use/

Stoffels, B. (2012, June 2). LTE. Retrieved December 2, 2014, from http://www.ospmag.com/issue/article/lte

Telikin (2014). Telikin elite II.

telikin.com. Retrieved December 5, 2014, from http://www.telikin.com/telikin_elite_2

Thomas, D. (2014, October 20). The Silver Economy: Tech Sector Taps Surge of Connected

Boomers. Retrieved October 23, 2014, from http://www.ft.com/intl/cms/s/2/a376c950-

26c4-11e4-8df5-00144feabdc0.html#axzz3GpfRxzei

U.S. Department of Health & Human Services (HHS). (2009, February 18). What do the HIPAA

Privacy and Security Rules require of covered entities when they dispose of protected health information?

Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/faq/safeguards/575.html

U.S. Department of Health & Human Services (HHS). (n.d.). Summary of the HIPAA Security Rule.

Retrieved from http://www.hhs.gov/ocr/privacy/hipaa/understanding/srsummary.html

West, L.A., Cole, S., Goodkind, D., & He, W. (2014, June). 65+ in the United States: 2010. U.S.

Census Bureau, P23-212. Washington, DC: U.S. Government Printing Office. Retrieved from http://www.census.gov/content/dam/Census/library/publications/2014/ demo/p23-212.pdf

Wikipedia.org Staff (2014). IEEE 802.11. en.wikipedia.org. Retrieved November 30, 2014, from http://en.wikipedia.org/wiki/IEEE_802.11

Yu, B. (2009). "Wireless Body Area Networks for Healthcare: A Feasibility Study." IEEE.org

.

University of Florida. Retrieved December 7, 2014, from http://www.ieee.org/documents/Yu_Final_Published_Paper_March2009.pdf

29

Zinn, H. (2005). A People's History of the United States . New York: Harper Perennial Modern

Classics.

30

Download