MCN - Sites at Penn State
advertisement
Karafinski & Matuskiewicz 1 Millbrook Community Design the Seven Million Dollar Question IST220 Instructor: Eric Lu Authors: Jason Matuskiewicz and ADAM KARAFINSKI Date of Submission April 23, 2013 Karafinski & Matuskiewicz 2 I. II. III. IV. V. Cover Page Table of Contents Executive Summary A Review of Recent Trends in 65+ Age Demographic a. Definition of probable categories b. Definition of probable cost PAN/ LAN/ MAN Architecture Design Plan a. PAN i. General technology overview 1. Bluetooth 2. Zigbee 3. Bluetooth vs Zigbee 4. Zigbee network design protocol ii. Zigbee network protocol 1. Application topology 2. Needs fulfilled by the Millbrook PAN design a. PAN (as an energy provider) b. PAN (as an energy consultant) c. PAN (as an energy monitor) d. PAN (energy components) 3. Home authentication a. PAN (description) b. PAN (components) 4. Security function a. PAN (security) b. PAN (components) 5. Health and safety a. PAN (description) b. PAN (components) b. LAN i. Purpose of Millbrook LAN 1. Primary LAN design criteria a. Security b. Safety and health c. Energy 2. Secondary LAN design criteria ii. LAN components and devices 1. Access points 2. Access point layout 3. LAN backhaul iii. System cost 1. LAN cost summary 2. PAN cost summary c. MAN i. WiMAX explained ii. Advantages and disadvantages 1 2 3 4 7 7 13 20 Karafinski & Matuskiewicz 3 iii. Deployment plan iv. 802.16 and 802.11 interaction v. WiMAX base station vi. WiMAX antenna vii. Capacity requirements viii. Management software VI. Network Access and Security a. General Security b. Encryption c. HIPAA controls VII. Network Diagrams a. Original Millbrook layout i. Living space dimension 1. Cottage 2. Condo 3. Apartment ii. Zigbee PAN pricing and layout 1. Cottage pricing and layout 2. Condo pricing and layout a. North condo b. East condo c. South condo 3. Apartment pricing and layout a. Apartment 1 b. Apartment 2 c. Apartment 3 i. Outer units ii. Inner units d. Apartment 4 i. Outer units ii. Inner units iii. Zigbee LAN pricing and layout 1. Cottage pricing and layout 2. Condo pricing and layout a. North condo b. East condo c. Sout condo 3. Apartment pricing and layout a. Apartments 1 - 4 4. Cottage WiFi tower sites 5. Cottage 5GHz backhaul layout 6. WiFi security cottage layout 7. Cottage frequency mesh overlap 8. Condo frequency schedule 9. LAN condo/ apartment fiber backhaul VIII. References 24 28 45 Karafinski & Matuskiewicz 4 II. Executive Summary The Millbrook Community is a planned development catering to the needs of retirees and assisted-living patients seeking a technology-centered living environment to improve their quality of life. Advancements in healthcare-related IT are at the forefront of the modernization of patient care, and assisted living developments such as Millbrook are beneficiaries of that trend. This proposal outlines a technical implementation plan that addresses the personal technology needs of Millbrook residents, and provides for a robust network that fulfills several functions. Residents and visitors at Millbrook will benefit from a state-of-the-art WiMAX wireless network that will provide incredibly fast Internet access of up to 70MB to the entire community, and allow them the freedom to move about the campus while staying connected. Additionally, residents may enjoy their powerful WiFi connection in all of the buildings. Internally, employees at the MCCN facilities will enjoy the use of a robust local area network for daily computing operations. The wired network will support gigabit Ethernet to all devices, and will use fiber interconnections between core switches and buildings to reduce electromagnetic interference and ensure the most reliable data transfers from all perimeter points of the campus. An 802.11 wireless extension to the LAN will allow employees to have free roaming ability, and will serve as a collection point for wireless security and activity monitoring data sent from resident facilities. Sensors will be widely deployed throughout the campus to support a host of "smart" applications. Personal area networks, based on Bluetooth and ZigBee as a communication platform, will connect monitoring devices within residences that collect data on a number of activities. Irregular activities by residents can be detected and automatically notify support staff to check whether assistance is needed. Personal health statistics can be gathered and send to the medical clinic for review, or to alert physicians to an emergency. An onsite medical clinic will provide convenient care services for residents, ranging from preventive health care to treatment of illnesses. Support for telemedicine applications is included in the design of the LAN that will be used by administrative and clinical employees. Physicians at the clinic will have external connectivity to view radiological images and reports, pathology reports, and other types of electronic patient information. Electronic information stored at the clinic will also be available to external clinical parties over secured and encrypted VPN Connections, to allow two-way exchanges of care data. Karafinski & Matuskiewicz 5 IV. A Review of Recent Trends in 65+ Age Demographic The major trend in respect to the 65+ age demographic today is the impact of the baby boomer generation. The “Baby Boomer” generation is classified as a person born after WW2 between the years 1946 and 1964. By the sheer force of its numbers, the boomers are a demographic bulge that remodeled society as it passed through it The “Baby Boomer” generation is now entering the retirement age. The following was taken from an article in “Baby Boomers Today” that characterizes the scope and potential impact that the Baby Boomers” will have on retirement. “Retirement began (age 65) for the first crop of our generation in 2011 and literally 10,000 will turn 65 every day for 19 years to come. With the cost of health care rising and people living longer, there are many questions about health and all aspects of our economy.” Source: http://babyboomerstoday.com/ Source: http://www.myhealthwire.com/news/mind-body/200 Because of this fact, it is essential to define courses of action that meets the needs of this generation during the 20 year period. The first step in that process is to define these needs. Waiting and reacting to these needs is not an option. For the purpose of this presentation, four categories have been defined. These categories will be used to define the future needs of this generation entering retirement and based purposed solutions. 1. Definition of probable categories 1. Independent Living with centralized services -People without any medical conditions that need a downsized way of living to increase the quality of life. Karafinski & Matuskiewicz 6 2. Independent Living with specialized disability services -People that have a disability that need specialized services tailored to their specific needs 3. Assisted Living with on-site medical services -People that require scheduled medical care but are able to live for the most part without intensive intervention. 4. Long-term Living with intensive medical services -People who have constant medical needs and need assistance for daily living 2. Definition of probable cost One of the most important factors in any solution is “Cost”. Cost can both enable and disable a proposed solution. The “Baby Boomers Retiring” impact on society can be summed it simple terms “Massive”. These costs will significantly impact Social Security, Medicate, Medicare, Health Insurance and many other costs. The following excerpt was taken from an article in “Health Times” titled “Health Spending Projections Through 2017: The BabyBoom Generation Is Coming To Medicare” This article just touches on the dollar amounts evolved. “The outlook for national health spending calls for continued steady growth. Spending growth is projected to be 6.7 percent in 2007, similar to its rate in 2006. Average annual growth over the projection period is expected to be 6.7 percent. Slower growth in private spending toward the end of the period is expected to be offset by stronger growth in public spending. The health share of gross domestic product (GDP) is expected to increase to 16.3 percent in 2007 and then rise throughout the projection period, reaching 19.5 percent of GDP by 2017.” Many society costs are large. It is important to scale the cost of the specific issue to the GDP. This way one can see just how large the issue really is. The graph below was taken from the same “Health Time” article. The graph does just that. The graph estimates 3 areas from 2005 – 2017. NHE (National Health Expenditures) growth is the solid line which seems to trend flat throughout this period. GDP (Growth Domestic Product) growth is the dashed line that shows a large drop 2007 and trends slightly downward thereafter. NHE share of GDP is shown in the annual bar graphs and shows 16% of GDP in 2007 with a peak of about 20% expected in 2017. Although this graph does not detail the cost associated with “Baby Boomer Retirement “costs, it can be extrapolated from the graph that because the large populace of the “Baby Boomer Generation” is retiring the “Percentage of GDP” is increasing even though both NHE and GDP growth is remaining relatively flat. Karafinski & Matuskiewicz 7 V. PAN / LAN / MAN Architecture Design Plan 1. PAN (Personal Area Network) Design One of the most important aspects of this design is the PAN Design. The Personal Area Network Design has the potential to set this retirement community apart from other retirement communities. The objective of this design is to deliver superior value to the end-user. Enabling the end-user to live with an enhanced “quality of life” does this. This “quality of life” aspect can be used as a competitive advantage by Millbrook’s marketing department and could set Millbrook apart from other retirement communities in the marketplace. The team has designed a PAN that meets the Millbrook’s minimum requirements but allows easy integration for additional expandability. The team has extensively researched the demographic needs and has incorporated these needs into the base package. In addition, the team has designed capacities so that Millbrook can adapt to future requirements. The expandability has another benefit. This is to fulfill third party requests. Although Millbrook’s minimum requirements did not outline third party request, the design can be easily modified to support these requests. The team has outlined third party requests coming from entities such as Medicate, Medicare, or Family requests. A. General technology overview PAN (Personal Area Network) At the root of any design is the foundation. The foundation for this specific network is the choice of the technology chosen. Our team has extensively researched the current “PAN network technologies” available and weeded through the pluses and minuses of each to maximize value to this design. During PAN research, two technologies had the capabilities to provide Millbrook’s requirements. The names of the technologies are Bluetooth and ZigBEE. Below is a condensed summary of the strengths and weaknesses of each technology. In addition, there is an explanation which of the technologies was chosen. 1) Bluetooth Technology Source: http://en.wikipedia.org/wiki/Bluetooth Bluetooth technology was developed to replace wired systems using IEEE wireless standard 802.15.1 using the 2.4 GHz bandwidth. Currently, IEEE no longer maintains this standard. However, the OEM (Original Equipment Manufacturer) SIG maintains standards and qualifications for equipment manufactures of Bluetooth devices. Bluetooth is a widely used and accepted technology in today’s marketplace. Examples of Bluetooth enabled devices include Cell Phones, PDAs, Laptop and more. Below are three charts that provide the specifications for Bluetooth Protocol. Effective distance chart Source: http://en.wikipedia.org/wiki/Bluetooth Data rate chart Karafinski & Matuskiewicz 8 Source: http://en.wikipedia.org/wiki/Bluetooth Protocol stack chart Source: http://en.wikipedia.org/wiki/Bluetooth 2) Zigbee Protocol Zigbee technology was developed for ultra-low power devices with a high level of communication protocol. Another aspect of design was to decentralize network by using mesh technologies. “Designed into Zigbee” is the ability to transfer data from one device thorough another device and out to a centrally located node. Thus, this design enables the network to pass information over distances that would normally require many switches and repeater in other network topologies. Zigbee uses a simplified design to lower the cost of device development and thus the end-user cost. Zigbee uses IEEE 802.14.4 standard and operates in the 2.4 GHz bandwidth similar to Bluetooth. Zigbee standard has placed special emphasis on low power consumption. Effective distance specifications 10 to 100 m depending on environmental conditions and antenna used Data rate specifications 20,40,250 Kbits/s Protocol stack chart Karafinski & Matuskiewicz 9 http://www.specifications.nl/zigbee/zigbee_UK.php 2) Bluetooth vs. Zigbee technology choice Zigbee Technology was chosen for the Millbrook PAN application. There were a couple of reasons for this. First, low device power consumption is a Zigbee design goal. The Millbrook application will require hundreds of devices to be successful. Each device requires a battery. Every other technology requires frequent battery changes because of the nature of the technology. Depending on the Zigbee device, battery changes can be years away. This will lessen the potential nightmare of maintaining many devices in the system. Although the data rate is slower than other technologies, Zigbee data rate is more than sufficient when using the technology for automation needs. In the Millbrook application, automation is the primary design criteria. Lastly, Zigbee technology has the benefit of eliminating the infrastructure such as central switching, routers, and repeaters to carry data to a centralized collection point Below is a chart that compares Zigbee, Bluetooth, and other technologies. http://www.ijetae.com/files/Volume2Issue4/IJETAE_0412_18.pdf B Zigbee network design protocol Karafinski & Matuskiewicz 10 1) Application Topology http://www.zigbee.org/Standards/Downloads.aspx Zigbee uses a mesh-based topology. As previous stated, this allows the network to communicate without the use of central points similar star topology. The way that Zigbee accomplishes this is the standards used for the devices. There are three basic Zigbee device type. Below lists a description of each: The network coordinator maintains overall network knowledge. It's the most sophisticated of the three types and requires the most memory and computing power. The full function device (FFD) or router supports all 802.15.4 functions and features specified by the standard. It can function as a network coordinator. Additional memory and computing power make it ideal for network router functions or it could be used in network-edge devices (where the network touches the real world). The reduced function device (RFD) or end device carries limited (as specified by the standard) functionality to lower cost and complexity. It's generally found in network-edge devices. By enabling the coordinator and (FFD) to pass network information from other devices to other nodes in the network, the need for central switching points have been eliminated. 2) Needs fulfilled by the Millbrook PAN design The PAN has been designed to support the needs of two groups in the Millbrook plan. Millbrook residents that are classified as “independent living residents” and residents that are classified as “residents with disabilities”. The Design supports these two resident groups by using technology to make it easier to live for the residents with little or no need for other outside intervention. The Technology is focused in the flowing areas: a. Energy Management function (energy data collection and cost reduction) b. Home Automation function (non-conventional control of home appliances) c. Security function (centralized intruder alert) d. Health Functions function (centralized emergency alert and cyber-health ) A) ENERGY MANAGEMENT FUNCTION i. Millbrook PAN (as an energy provider) -Energy costs are dramatically increasing. One way to lessen the cost to the resident is to pass on wholesale prices. The local utility will set-up one meter for the entire Millbrook Community. Millbrook would then pay one electric and water bill on behalf of its residents to the local utility. Millbrook would negotiate a reduced price because the utility would no longer need to manage the billing function for tens or hundreds of consumers. Then Millbrook would be able to produce a utility bill for each of its residents is to use the devices such as water and electric meters that the Personal Area Network will offer. In addition, software will be installed at a central monitoring point so that monthly usage can be calculated and billed efficiently to the resident. ii. Millbrook PAN (as an energy consultant) -Each resident would meet with a Millbrook energy consultant after a period of time. The consultant would review the resident’s energy usage with the resident and provide ways to reduce the cost. Depending on the resident’s preferences, the Millbrook energy consultant Karafinski & Matuskiewicz 11 will develop a personalized energy plan for the resident. This plan will be transformed into a program that can be programmed into the resident’s PAN. One way that the “usage reduction” would be accomplished by the program reducing the heating/cooling set-point based on the time of day. Another way to reduce energy cost would be by reducing energy cost on current market price. The utility would provide current market energy cost to the system. If the current market was high then the system would reduce energy consumption such as heating/cooling temperature set-point. The resident can monitor or over-ride the energy management plan by use of the PAN’s touch enabled GUI, iii. Millbrook PAN (as an energy monitoring ) -Another benefit of energy monitoring using a PAN is the safety aspect. The Millbrook energy consultant will program the resident’s PAN with a program that will sense an emergency usage of resources such as water, or electric. Example1: If a bathroom occupancy sensor does not sense someone in the bathroom for a period. The PAN would automatically shut off the tub water and send an alarm to the local GUI. After another time period, the PAN would send an alarm to the central monitoring system for analysis and response. Example2: If the PAN senses the stove on for a long period of time without an occupancy sensor being tripped, the PAN would shut-off the device and sound a local GUI alarm. After a period of time, a local alarm would sound and response taken. iv. Millbrook PAN (energy components) -The PAN will use the following components to form the PAN energy management function: Energy Management Brand Description ELSTER Electric Meter REX2 meter ELSTER V200 digital water meter hcl Aegis, a multi-platform home automation gateway Smart-Grid Appliances LG Refrigerator (R-T769MBESX) LG Washing Machine (F4754NCBZ) LG Heat pump (CHBW142A2) LG Air-conditioner (NRD-N327CS) UN32EH5300 32" LED HDTV 1080p 60Hz Smart TV Samsung WiFi built-in B) HOME AUTOMATION FUNCTION i. Millbrook PAN (home automation description) -Residents in the Millbrook age demographic may have many challenges as a result of the age group. Many will have reduced physical functions that will make daily living more challenging than younger generations. Actions like “standing up and leaning to shut the shades” may be a very difficult task depending on the resident’s current physical abilities. The ability of developing a PAN that automates these functions is not only a “nice to have” Karafinski & Matuskiewicz 12 but may make the difference between “living independently” or entering an expensive “dependent care facility”. The Millbrook Pan design has a base-design that automates the most basic functions for the residents. 1. Bathroom lights and exhaust fan ON upon entry 2. Shades up or down based on resident profile 3. Full network control of the HVAC systems 4. Full network control of large home appliance such as the refrigerator 5. Full network control of resident target control options. ii. Millbrook PAN (energy components) Home Automation cisco Cisco 7921G Wireless IP Phone TELKONET EcoGuad Duplex Outlet TELKONET EcoSwitch single-gang light switch CENTRALITE Centralite's HA Dimmer TELKONET EcoView occupancy detection sensor LEGRAND Shutter Switch for Rolling Shutter Box C) SECURITY FUNCTION i. Millbrook PAN (Security description) -The PAN design has a combination of door contacts, panic buttons, and motion detectors that produce both a local alarm and central alarm. The local alarm can be silent or audible depending on the user’s profile and Millbrook policies. The central alarm will be collected at a central point using software. From this point, the alarm could be handled by Millbrook’s security, a thirdparty security company, or directly submitted to local authorities. ii. Millbrook PAN (Security components) Health and Safety Kwiset Kwikset SmartCode Deadbolt TELKONET EcoContact Door contact TELKONET EcoConnect ZigBee Net coordinator Owl Wireless Monitor D) HEALTH and SAFETY FUNCTION ii. Millbrook PAN (health and safety description) -The health and safety function has two aspects to the design. First, components have been added to the system that gives the ability to sense that a resident is in a Health Emergency either passively or manually. Many of the devices used in other applications can be used to sense that a person is in need. EXAMPLE ONE: If the motion sensor detects a person entered the bathroom the system can interpret that bathroom is occupied. At this point the system can be programmed to start a timer. If motion is not detected in either the Bathroom or the Living Room then an local audible alarm on the resident’s GUI can be triggered. If the resident does not respond to the alert then a Karafinski & Matuskiewicz 13 message can be send to the central collection point to alarm that a person may be in a medical emergency and requires help. EXAMPLE TWO: A remote control sized push button device will given to each resident. On this device will be a Blue Push Button. The color would signify a “Medical Emergency”. The Resident can carry the device anywhere within their residence. If the resident has a major medical condition they can push this button and summonsed help. EXAMPLE THREE: If the resident requires medication on a scheduled basis, an automatic pill dispenser would be installed. Either a Millbrook employee or family member can load the pill dispenser based on the Doctor’s requirements. The dispenser would then open and sound an audible tone to alert the resident that it is time to take the prescription. EXAMPLE FOUR: Although medical monitoring in this design is mostly covered on the LAN area, there is no limitation of bringing Medical Monitoring devices into the home and using these devices to Secondly, other devices will be installed to sense fire and other conditions health threatening conditions. Devices as smoke, CO2, and heat detectors will be installed along with pre-programmed software that alerts a central point. ii. Millbrook PAN (Health and Safety components) Health and Safety Kwiset Kwikset SmartCode Deadbolt TELKONET EcoContact Door contact TELKONET EcoConnect ZigBee Net coordinator Owl Wireless Monitor 2. LAN (Local Area Network) Design A. Purpose of the Millbrook LAN The primary purpose is to provide devices and software to support security, safety/health and energy services. 1) Primary LAN design criteria A) Security The design has multiple WiFi camera to record the residents entry ways. In the cottages application each front door has a Wifi camera. In the apartment/condo examples the camera are placed on the building perimeter and a point on each floor. Video from each camera comes back to a centrally located point were the video is recorded and display to Millbrook community security. This way the resident’s security is enhanced by have 24/7 security monitoring. The LAN is designed to take the video a distributed back to the residents upon request. Upon request the resident can use their WiFi enabled TV to get the access to the security video outside their living space. Karafinski & Matuskiewicz 14 In addition, a gateway that links the resident’s PAN to the WiFi LAN provides a way to alert Millbrook security that an Intruder or Fire threat is present. The following two diagrams show an example in a Cottage and Apartment WiFi layout. B) Safety and health The Millbrook design is intended to provide an enhanced Health/Safety capability to residents by linking each resident PAN back to a centrally located point. The residents Pan will be programmed to send an alarm if the resident pushes a hand-held button which signals a health emergency. The PAN has been configured to provide passive detection for Health/Safety emergencies such as sensing a fall in the Bathroom Area. C) Energy The PAN has been designed to provide both devices and software that will enhance the resident’s energy costs. As stated, Millbrook will become an energy distributor to residents so that wholesale prices can be passed on. The only way to efficiently manage this role is to use AMR (Automatic Meter Reading) capability of this design. The resident’s energy meters are located on the PAN. A WiFi gateway will provide a path so that the meter readings can be transmitted from the PAN through the LAN to a central point. From this point, software will record and store this information and the bill will be produced automatically. With the PAN/LAN gateway installed resident’s can take advantage of SMART grid technology. Smart Grid technology allows the energy provider and consumer to enter into an agreement. The energy provider receives a benefit by limiting the resident’s energy consumption during period were energy capacity is reaching the maximum point. The energy provider can Karafinski & Matuskiewicz 15 increase it’s profit margin by reduced capital costs in new energy generation plants. The energy provider reduces the chance of a electric “Blackout” during peaks of energy consumption, by shutting off pre-determined appliances. This reduces energy consumption and avoids the Blackout. The resident receives a reduced rate when entering into this agreement. 2) Secondary LAN design criteria The secondary purpose is to provide devices and software to supply mobile Internet access to the residents. Most Millbrook’s residents will be on a reduced or fixed income. By utilizing the Millbrook WiFi LAN to provide Internet access to the residents, the resident’s cost of living is reduces. B. LAN Components and Devices 1) Access Points The Millbrook design uses two wireless access point devices to provide access to the LAN. Cottage access is provided by pole-mounted Cisco Aironet 1552E Dual radio access point. WiFi to the cottages is transmitted in 2.4 GHz frequency out to the resident’s devices. Cisco uses the 802.11 g wireless protocol to connect to devices at a rate 54 Mbps. AES security is utilized by Cisco to provide wire-less security. Wireless LAN Wifi access is provided to residents that live in the Condo and apartment settings by using Linksys EA6500 SMART WiFi Wireless Router acting as an access point. Linksys uses the 802.11 n/g wireless protocol and utilizes security features such as FAT, NTFS, and HFS+. 2) Access Point Layout Karafinski & Matuskiewicz 16 The number and location of each wireless access point has been carefully determined to provide sufficient capacity and reliability. In the Cottage example, the Wireless Access Point is centrally located in the center of the cell providing LAN access to about 10 units. Each Wifi AP coverage area will be carefully controlled to cover one cell and enter a portion of each adjacent cell. By doing so, all wireless devices have the ability to gain access to the LAN in a MESH topology. The MESH topology provides a higher degree of reliability and performance than a single-cell TOPOLOGY. Each device can link to the LAN in one of two ways. There is a potential interference issue using the MESH topology. This design handles this issue in one of two ways. All Cisco Aironet 1552E Dual radio access points operate at 2.4 Ghz. However within the 2.4 GHZ spectrum there are 16 channels. The Cottage design will manually assign channels so that overlapping MESH APs will not interfere with the other. Another way that to handle the interference issue is to use Cisco’s Prime Infrastructure Control Software to manage interference and reliability issues. All APs link back to a central point. Each AP receives series of commands. On command is what frequency to broadcast at. Cisco designed the software to detect and resolve these types of issues. In the Condo/Apartment applications, channels will be manually configured to allow an overlap coverage scheme with low interference issues. In this example, structural concerns were posed by building construction. Condos and Apartments were constructed with a Steel Frame and Concrete/ Rebar floors. This construction technique resulted in lower building costs but Karafinski & Matuskiewicz 17 posed special wireless network concerns. Based on our testing Wifi could not penetrate between floors. In addition, there was limited penetration into each of the rooms on the same floor. With this data, the Wireless Access limits the number of units to about 3 units per AP. At this ratio, wireless signals could penetrate into multi-units thus reducing the total cost to these areas. Depending on the number of units per floor, two or three APs were sited for each floor providing over-lapping MESH topology. 3) LAN Backhaul Once wireless the APs were decided, the design used two distinct approaches to backhaul Network Edge APs to the LAN. In the cottage example, Wireless to Wireless backhaul will be utilized. Two Cisco Aironet 1552E APs will be linked to provide a path to the wired portion of the LAN. This was chosen because the construction and safety costs to rip up the surrounding area exceeded the cost of the Wireless to Wireless backhaul. The APs closest to the resident’s PAN will be acting like as an AP. Another APs sited on top of the Main Office building would be linked to this Field APs acting as a Wireless to Ethernet Bridge. The Cisco Aironet APs operate within two frequencies. The AP portion is 2.4 Ghz. The backhaul portion operates at the 5 GHz frequency. This dual-band capability enables the AP both to send and receive data from and to the LAN. From this Bridge a fiber connection will be provided to connect to the wired portion of the LAN. Cisco provided a diagram how to set-up the AP/Bridge relationship. Karafinski & Matuskiewicz 18 In the Condo/Apartment application, each of the Wireless APs are connected to multiple switches by using CAT 6 cabling. At least 2 switches are located in the lower level of the building. Each of the switches have at least on APs located on each floor. This was chosen intentionally. If there is a issue with one switch conductivity loss is expected to one area of each floor. If the MESH approach does supply sufficient conductivity then a temporary bridge can be installed. This bridge can use the secondary Switch/AP route that is provided on each floor. This can provide full or at least limited service easily. Again, each Condo/Apartment has at least two aggregated switches located on the lower floor. The purpose of the aggregated switches is bridge Cat6 cabling and Optic Cabling to the LAN. Each of these switches has it’s own Fiber Optic cable connection to the Main Office Building. The Fiber Optic cabling will enter each building and follow Millbrook property perimeter until the cabling enters a centrally located point in the Main Office Building. Main Office Building Karafinski & Matuskiewicz 19 All field APs land in some way to the Main Office Building. This was the centrally point chosen to centrally mange the system. All Fiber connections terminate at the main switch. The switch is a Cisco ASR 1002 Aggregation Service Router. From this router other network components are interfaced to the “Field”. Cisco’s CAPWAP Controller handles all data coming from the “Wireless to Wireless” bridge. The system servers like DNS, E-mail, Voip, and other link and provide services to handle the data. Software services like AMR (Automatic Meter reading), Security Management Software, and other reside on these severs. From this Central router a Firewall to outside access will be provided to interface with the outside world. Segregated in the same location with be Service Provider equipment. Telephone, Cable, and other interfaces will connect to the LAN through the Firewall at this location. C. SYSTEM COST One of the most important factors to consider is cost. Extensive research has been completed to provide a detailed cost estimate with the flexibility to adopt all or portions of this proposal. The total system cost is $6,704,134.00 or $16351.00 per unit. This provides the devices and services previously outline for 410 units and general data usage for the Main Office Building. This cost is broken down into the following areas: LAN COST $224,527.01 PAN COST $6,479,607.60 To further understand the cost by use the both the LAN and PAN have been broken into areas. 1) LAN COST Summary $224,527.01 Cottage AP Cottage Backhaul LAN COST per unit $187,232.98 $37,294.03 $547.63 2) PAN COST Summary $6,479,607.60 Energy Management Smart-Grid Appliances $1,025,000.00 $3,575,610.00 Karafinski & Matuskiewicz 20 Home Automation $1,427,688.60 Home security and fire $451,309.00 PAN COST per unit $15,803.92 3. MAN (Metropolitan Area Network) Design The MCN (Millbrook Community Network) use a small-scale version of a MAN (Metropolitan Area Network) to service its campus, such as apartments, cottages, public areas, and other facilities. A wireless WiMAX technology will be provided for all residents and visitors to the community granting internet access. A mesh topology will be used to ensure that the entirety of MC is adequately covered. Approximately 500,000 square feet will be required to be covered in order to ensure a strong connection is available anywhere in the community. The required boundaries will be bounded by East Marylyn Avenue to the north, University Drive to the East & South, and Doris Avenue to the West. Residents and visitors to the community will want the freedom to roam around, and expect service within that area; therefore, a fixed broadband wireless solution is appropriate. 1. WiMAX Explained WiMAX (Worldwide Interoperability for Microwave Access), formally known as 802.16, is a standard for broadband wireless infrastructures created by the IEEE (Institute of Electrical and Electronic Engineers). Specifically, it is an IP based, high speed wireless networking technology used for large scale geographic coverage areas where cable or DSL cannot service. The current amended standard, 802.16j-2009, simply an improved update to the original; providing better performance compared to IEEE 802.11 WLAN (Wireless Karafinski & Matuskiewicz 21 Local Area Network) Wi-Fi (Wireless Fidelity) network coverage and QoS (Quality of Service) of cellular networks. WiMAX is a wireless digital communication system, transmission using this technology do not require line of sight between transmitters, and is designed to provide multipoint coverage over a large area. High data rates are possible because signals are transmitted using OFDM (orthogonal frequency-division multiplexing), which is effective in countering the negative effects of multipath in microwave transmissions. As a result, WiMAX can provide a solid infrastructure for delivering video, voice, and data content in a bundled wireless solution. Additionally, amended WiMAX 802.16j-2009 supports the implementations of Fixed WiMAX from 802.16-2004, which is intended for wireless MAN. Fixed-WiMAX has a signal radius of approximately 30 miles from the base station. Also, 802.16j-2009 supports the MIMO (Multiple-Input and MultipleOutput) antenna support which benefits coverage, from the 802.16e-2005. 2. Advantages & Disadvantages There are several reasons why 802.16j-2009 is a great option for blanketing the Millbrook Community with wireless coverage. There is greater support for QoS managements in 802.16, which will help ensure consistent performance across the community for each type of application, and a newer applications and services use the WiMAX service in the future, rules can be established to set proprieties on inbound/outbound traffic. Another key benefit is that the MAC layer of the WiMAX uses a different algorithm than WiFi for establishing user session. Instead of all users competing for resources at random at a connected access point, WiMAX allocates each user a slot on the access point that remains committed to that user. WiMAX cells also have a greater reach than comparable WiFi standards, and the shared data rate of up to 70mbps will be more than adequate to support the needs of this population. As growth occurs and there is more user demand on the network, the mesh topology can easily be expanded by adding additional antennas. WiMAX is not a perfect technology by any means. It is still subject to potential security threats. Data must be encrypted to protect against packet sniffers who would intercept transmissions containing potentially sensitive data. This installation will utilize AES encryption for connections between user equipment and base station transmitters. Rogue baser stations could also introduce a threat, where residents would unknowingly connect to an unauthorized transmitter that can then intercept traffic. The use of a CiscoSecure AAA DIAMETER server in this deployment will require residents to login before connecting, which should help mitigate against the use of unknown networks. MAN WiMAX technology is in between LAN and WAN. A single MAN can serve hundreds of subscribers with a broadband speed and is much faster and easier to deploy. For example, a fiber optic WAN connection enables access speeds of almost 1000mbps but its cost is more than what it gives you. Some other things it offers are: centralized management of data, connection of many LAN’s, increases efficiency of handling data, and saves attachment costs of WAN. However, it does come with some disadvantages, such as; poor weather conditions could interrupt signal, interference may occur with other wireless infrastructures, WiMAX is extremely power consuming and requires constant, significant electrical support. Furthermore, initial installation, equipment, and operational costs. 3. Deployment Plan Karafinski & Matuskiewicz 22 Products supporting 802.16j-2009 will meet the needs of this community because maximum support for mobility and roaming is not needed, and there is ample bandwidth available under this standard to service a community of this size. A the heart of this WiMAX deployment will be two antenna towers, located on the roof of the main building housing administrative offices, which will coalesce traffic into interface gear. The HiperMAX-micro antenna is well suited for this configuration, as it is fully capable of operating as an outdoor product, with protection against natural elements. Each antenna will connect back to a HiperMAX base station via fiber optic connections running at 3.1gbps. The fiber optic cable runs are fragile and easily susceptible to damage, and should be well protected by conduit. The HiperMAC base station supports MIMO antenna use, Fixed WiMAX, Mobile WiMAX, as well Qos features defined in 802.16e-2005. (Cost Analysis for WiMAX) At the resident (customer) premises, Airspan ProST-WiFi-2 units will be installed atop each resident building, and will work in tandem with other antennas to from a mesh network. This will provide maximum redundancy should any one device fail. Each ProST unit is built for outdoor installations, and will work in tandem with a SDA (Subscriber Data Adapter) that will be installed indoors in each residence. The SDA WiFi device used indoors will allow up to four computers to be connected via Ethernet ports, and will even allow residents the option of using their own private WiFi network for a variety of uses such as networking personal entertainment devices. Alternatively, residents can use WiMAX USB for easy pluggable access to the WiMAX network without the use of an indoor base unit. The benefit of using the ProST-WiFi-2 antenna system is that it has integrated support for 802.11b/g, which can be beneficial to campus visitors who may not have a WiMAX interface on their laptop, or who may simply want to use the WiFi capabilities of a smartphone. Karafinski & Matuskiewicz 23 (Cost Analysis for WiMAX) For management of the Airspan system, Millbrook’s network support staff will use Netspan, which is a software management suite that allows the network operations center to centrally control all deployed devices. It monitors the system for any failures and provides detailed statistics and logging capabilities to support in-depth analysis of WiMAX performance. 4. 802.16 and 802.11 Interaction Both WiFi and WiMAX services will be available at locations on the campus, and some spots will have overlapping coverage. These will predominately be in the main administrative buildings and medical clinic offices, where the internal LAN has wireless capability, but is also near the WiMAX tower deployments. The 802.11 wireless LAN will not be configured to broadcast its SSID, so as to not advertise to unauthorized users who might want to connect. Visitors and residents will only see the publicly available WiMAX network from their PCs and laptops. Some users visiting campus may not have the capability to connect using 802.16j2009 on their existing laptops, and they will have the option of using the integrated WiFi support on all Airspan ProST-WiFi base transmitter. With this option, users can connect to the mesh WiMAX network using 802.11g, which supports a data rate of up to 54mbps. 5. WiMAX Base Station WiMAX base station including indoor WiMAX equipment’s and a WiMAX tower are the key features of a WiMAX deployment. Airspan Mobile HiperWiMAX base station was developed for high-deployment situation such as MCN. The HiperMax base station will be deployed on a roof of a residential building, in the middle of the community area, thereby, signal radius from base station, and IEEE 802.16j-2009 networking stands 3 – 10 miles for a mobile WiMAX stations. The HiperMAX base station will also support the following: option of indoor and outdoor configuration; fully redundant architecture; multi-frequency platform supporting from 700MHz to 4.9GHz; advanced antenna option such as MIMO up to 5bps/Hz; QoS features defined in the IEEE std.802.16j-2009. 6. WiMAX Antenna Karafinski & Matuskiewicz 24 The HiperMAX supports 2x2 MIMO Matrix A & B or 4x2 MIMO Matrix A & B. The MIMO Antennas will be deployed to the roofs of the residential buildings. MIMO antenna that connected to indoor units via wire makes the signal stronger. Another benefit of MIMO antenna for the community visitors who might not have HiperMAX network support on their PCs is; MIMO has integrated support for WiFi. Thereby, the visitors can easily access to the internet by using their smart phones. 7. Capacity Requirements The MC campus will support approximately 300 single-family residences in apartments and cottages, and approximately 175 residents in a managed care setting. There are expected to be at least 25 or more visitors at any given time that will utilize wireless access services. Even though a mesh topology wireless network is easily scalable, it is not expected that capacity weill be greatly expanded. The community development is bounded by existing property. WiMAX 802.16j-2009 will provide Millbrook network users with up to a 70mbps data transfer rate, which will accommodate many of today’s bandwidth intensive applications such as streaming video and file sharing. 8. Management Software A centralized O & M (Operations & Management) system, “Netspan” will be installed for the comprehensive network management of MCN. Netspan will provide configuration, fault, performance and security management. The system runs on a PC platform using SQL database for the history of the network. B. Network Access and Security 1. General Security It is challenging to maintain privacy in systems that inherently need to connect with personal devices and information. It is, therefore, an organization’s prime focus to provide a strong security infrastructure when dealing with private data. The first order in an organization’s security topology is user identification, as this is what yields accountability. At the Millbrooks community, we will employ authentication based on user-knowledge (e.g. username, password, PIN), user access tokens (e.g. magnetic cards, RFID bracelets, FOBs. In a traditional PKI configuration, the authenticating entity is assigned a public-key certificate which binds this user’s local identifier with a seemingly random number called the user’s public key; this public-key certificate and an up-to-date proof of its validity is needed both to encrypt data for the corresponding user and to verify signatures associated with this user. The wired LAN network for both the administrative staff and the medical network will be separate, and isolated, from residential users and visitors. Access to these networks will be restricted to authorized personnel only. This will be accomplished with the use of user login using strong secure passwords. Passwords will be required to be changed every other month. Access will be set at levels appropriate for each user role/ job responsibilities. We will use an AAA (authentication, authorization, & accounting) server to specifically handle the security and authentication of all users. This server will utilize DIAMETER protocols with the 802.1x port security standard. Karafinski & Matuskiewicz 25 (Firewall) There are potential security threats coming from multiple directions. We will need to provide security form internal and external attacks and intrusions. There are also threats of viruses, spyware, and multiple types of malware, along with an IPS (intrusion prevention system. IPS will detect and block known malicious network traffic and anomalous traffic patterns. Endpoint security systems will be used as well. These check the remote devices for viruses and support content filtering. They will also check to make sure that the software on each client is in compliance with the software versions and standards used on the Millbrook network. The firewalls will support VPN (virtual private network) technology. VPN technology uses encryption to protect data while in transit over the wired or wireless networks. Firewalls will be deployed at the perimeter of the Millbrook network, where the network meets the Internet. We will also incorporate firewalls internally, in key locations where there may be potential for internal threats. This will ensure, for example, that users at the nursing stations can’t access the human resources department or accounting department’s sensitive information. Unauthorized access to the medical network will be strictly prohibited. Additionally, firewalls will be used at the edges of the WAN networks. By placing firewalls at these key junctions, it will allow us to comply with current HIPAA rules for patient confidentiality. There will be wireless capabilities within the medical network. This network must be protected from unauthorized access whether it is intentional or accidental. Due to the complexity, geographic coverage and diversity of the user’s, we will deploy a wireless strategy based on Cisco’s® Unified Wireless Network technology. This architecture will enable fast responses with immediate results, and provide anywhere, anytime network connections. It has a built-in Intrusion Prevention System (IPS), which includes rogue device detection. It includes support for Network Admission Control (NAC), and the Cisco Self-Defending Network. Its unified wired and wireless client device admission control limits damage from emerging security threats such as viruses, worms, and spyware. This type of architecture will enable us to keep the WLAN network secure. It simplifies the operation and management by providing a centralized management console to manage each and every wireless access point. It supports WiFi business applications and active RFID (radio frequency identification) devices, which are used in mobile healthcare devices and video surveillance devices. It will also provide voice services and secure guest access. Additionally, it supports a wide range of devices from various suppliers, making these devices interoperable with the WLAN infrastructure. We will also utilize Cisco’s® Secure Services Client. This is software that will enable us to deploy a single authentication framework on multiple device types to access both the wired and wireless networks. The software allows easy management of the user identities, device identities, and the network access protocols implemented for secure access. The residential network will have an open wireless access component, allowing visitors to utilize the wireless network services. This network will be strictly prohibited from access to the medical or administrative networks. This type of anonymous access can Karafinski & Matuskiewicz 26 present a couple problems. Cisco offers solutions for guest access. It will allow us to keep the network secure while still providing guests wireless access, to the Internet only, using the Millbrook WiMAX network. User access can be provisioned, and Millbrook's network support analysts will have the ability to monitor guest use of the network. We will not use a VLAN (virtual local area network) for guest wireless access. This may not be the most secure method of providing wireless access. We will use the Cisco Unified Wireless Network to create a Layer 2 tunnel. This will direct all guest traffic to a controller that will be dedicated strictly to guest services. Guests' browsers will be redirected to a captive portal page, which will require a username and password, or require guests to consent to terms and conditions before allowing them to continue. This makes management of the guest access much easier. Encryption Needs In a typical day at the campus medical center, there would be many steps between patient arrival and the submission of a report to any applicable entities (e.g. nearby hospital systems). Each step would involve its own encryption, and with multiple steps involved, all using the same network backbone, bottlenecks might develop and subsequently reduce throughput. This puts into focus the need for identification of possible bottlenecks across the system. Steps that might involve the call to an external database, for example, might be areas that would need special consideration in order to prevent network chokepoints. Concurrency would need to be an active component in the design of the Millbrooks Community Net, as this would enable pipelining of resources. The Fiber Optic backbone of the network would more than adequately serve the immediate bandwidth needs of the community, but it would certainly not be adequate bandwidth alone that would suffice in projected scenarios five, ten, or fifteen years from now. (Guryanak, Frank) Encryption processes will be used to protect all electronic data in the medical network, computer lab and administrative network. Encryption will allow us to securely transmit potentially sensitive information electronically, virtually rendering the information worthless unless you possess the decryption key. Encryption techniques will be coupled with the use of digital signatures. This will help to verify the authenticity and integrity of the data being sent. We will use a symmetric encryption algorithm called AES (advanced encryption standard). The AES algorithm is capable of using three different levels of keys. You can choose 128 bit, 192 bit, and 256 bits to encrypt/decrypt data, in blocks of 128 bits. When transmitting patient personal or medical information we would suggest using either AES-192 bit or AES-256 bit Karafinski & Matuskiewicz 27 encryption. This is the same encryption algorithms used by our government for Top Secret transmissions. HIPAA Controls The Health Insurance Portability and Accountability Act (HIPAA) of 1996 was created to for two main purposes. First, it is to implement security safeguards, to protect sensitive electronic health care information. Second, it is to protect individual’s personal health information, at the same time allowing access and use of that information by health care professionals. The Security Rule is of most importance for the security of the Wired, and Wireless networks being installed for the Millbrook Community. The Security Standards Final Rule was made effective in April 2003. It deals explicitly with EPHI (electronic protected health information). Following are Standards that Team 5 will address through network devices and security measures. Standard §164.312(a)(1), Access Controls Requires access controls to be implemented for electronic systems that house and maintain patient data in electronic form. You must protect against unauthorized access to protected patients medical data. Equipment containing patient health information must be controlled and monitored. Only authorized individuals should have access to hardware and software. Workstations must be placed out of the direct view of the public. Requirements for this Standard are: Each user must have a unique “name and/or number” for tracking and verifying identity and during an emergency there must be a procedure to get the protected electronic health information. Standard §164.312(b): Audit Controls For systems that either contain or use EPHI (electronic protected health information), mechanisms that record and examine activity must be implemented. This can be accomplished with hardware, software, and/or procedural mechanisms. Standard §164.312(c)(1): Integrity Electronic protected health information must be protected from improper alteration or destruction. Policies and procedures must be implemented to assure this. Standard §164.312(d): Person or Entity Authentication There must be procedures implemented that enable you to verify that a “person or entity” requesting access to EPHI is who they claim to be. Standard §164.312(e)(1): Transmission Security Technical security measures must be in place to make sure that EPHI that is transmitted over an “electronic communications network” is protected from unauthorized access. Karafinski & Matuskiewicz 28 VI. Network Diagrams 1. Original Millbrook Layout 1. PAN A. Living Space Dimensions 1) Cottage 2) Condo Karafinski & Matuskiewicz 29 3) Apartment PAN 2) Condo B. Zigbee Pricing and Layout 1) Cottage pricing and layout pricing and layout A) North Condo PAN prices Karafinski & Matuskiewicz 30 B) East Condo PAN prices C) South Condo PAN prices Karafinski & Matuskiewicz 31 C) Apartment 3 i. Apartment 3 outer units PAN prices ii. Apartment 3 inner units PAN prices Karafinski & Matuskiewicz 32 D) Apartment 4 i. Apartment 4outer units PAN prices Karafinski & Matuskiewicz 33 ii. Apartment 4 inner units PAN prices Karafinski & Matuskiewicz 34 C. . Zigbee LAN Pricing and Layout 1) Cottage pricing and layout LAN prices Karafinski & Matuskiewicz 35 2) Condo pricing and layout A) North Condo LAN prices B) East Condo LAN prices C) South Condo LAN prices Karafinski & Matuskiewicz 36 3) Apartment pricing and layout A) Apartment 1 LAN prices B) Apartment 2 LAN prices Karafinski & Matuskiewicz 37 C) Apartment 3 LAN prices Karafinski & Matuskiewicz 38 C) Apartment 4 LAN prices 4) Cottage WiFi tower sites Karafinski & Matuskiewicz 39 5) Cottage 5 GHz Backhaul layout Karafinski & Matuskiewicz 40 6) WIFI security Cottage Layout Karafinski & Matuskiewicz 41 7) Cottage Frequency Mesh OverLap Karafinski & Matuskiewicz 42 8) Condo Frequency Schedule Karafinski & Matuskiewicz 43 9) LAN Condo/Apartment Fiber Backhaul Karafinski & Matuskiewicz 44 Karafinski & Matuskiewicz 45 VII. List of References “What is WiMAX Technology?” Free WiMAX Info. 2012. Web. 4 April 2013. ‘HiperMAX.” Airspan. 2011. Web. 6 April 2013. “Netspan.” Airspan. 2011. Web. 6 April 2013. “ProST-WiFi.” Airspan. 2011. Web. 9 April 2013. “Cost Analysis for WiMAX.” ICT Regulation Toolkit. 25 October 2012. Web. 4 April 2013. “CiscoWorks.” Cisco. 11 September 2009. Web. 10 April 2013. “HIPAA.” HHS. United States Department of Health & Human Services. 2013. Web. 13 April 2013. “IEEE.” IEEE.Org. 2013. Web. 8 April 2013. “WiMAX.” Wikipedia. Wikimedia Foundation Inc. 1 April 2013. Web. 1 April 2013. “IEEE.” Wikipedia. Wikimedia Foundation Inc. 3 April 2013. Web. 3 April 2013. “HIPAA.” Wikipedia. Wikimedia Foundation Inc. 11 April 2013. Web. 2013. “Encryption Software.” Advances Encryption Package. Version 5.75. 10 April 2013. Web. 14 April 2013. Gurkaynak, Frank. “Cryptographic Accelerators.” GALS System Design. Version 3.77. 20 December 2006. Web. 14 April 2013. “Firewall.” Wikipedia. Wikimedia Foundation Inc. 8 April 2013. Web. 8 April 2013. Karafinski & Matuskiewicz 46 The following information was uploaded and read from Linksys and Cisco’s website The following information was uploaded and read from the Zigbee Alliance website
