Blackpool Council has executed a combined indoor and outdoor wireless LAN with hopes of regenerating and revitalizing the town by providing faster and smarter technology for public employees, students and visitors. Tony Doyle, head of ICT at Blackpool Council, explains to SearchNetworkingUK how his team implemented a network that at once offers highly secure wireless broadband access to the VPN for government agency employees, filtered content and access for students and teachers, as well as guest network access for tourists and other visitors. The trick to this combination is a wireless LAN security strategy with a Fortinet appliance that enables firewalling, visibility and policy enforcement among wireless network users on a mostly Cisco-based network. In this interview with SearchNetworkingUK, Doyle outlines the implementation of his combined indoor and outdoor wireless LAN and wireless security strategy.
SearchNetworkingUK: Can you describe the indoor and outdoor wireless network you use?
Tony Doyle: We deliver the wireless network in two different ways. If it’s outdoors, we use the Council’s street lighting infrastructure to hang wireless access points, provided from a company called Synetrix, who are also our partners for Fortinet. They supply the equipment for this outdoor wireless network. It goes from the street lighting column to Blackpool Tower, then beams to our data centre. It is at that point then that it peers to the FortiGate appliance. For the indoor wireless network, we use Cisco wireless APs. Our wireless solution within the Council itself is an open wireless network. So the service is basically all trumped up to the FortiGate firewall to secure it, but people can actually go into the VPN to then take them into the secure network. With this new technology, we’ve been able to consolidate email filtering, Internet filter, intrusion detection, etc.
I deliver onto 40 schools in Blackpool. The Council itself supports the ICT infrastructure for schools. Over the years, when we got a central filtering policy, we got a lot of complains that it was too strict or liberal, depending on the school. With the FortiGate technology, we’ve been able to allow the teachers to log in and override the filtering policy, giving them flexibility. However, we can offer the assurance that we are still monitoring where the teachers are going if there should there be any child protection type issues, etc. We have different filtering policies for different schools, as we have church schools, non-church schools, etc. and they all have different views of what they want blocked on the Internet.
SearchNetworkingUK: Why did you choose this type of technology and how has it affected the town?
Doyle: We are a population of about 150,000 on the Northwest Coast of England. Blackpool is famous for being UK’s number one tourist destination. If you go back to the Victorian times, Blackpool kind of grew up and prospered. Blackpool right now has kind of been in decline since the '70s when people in the UK began to travel to places like Spain. Blackpool still has a good visitor influx, but nothing like it had in its hay day. There are some real issues around poverty here. Blackpool also has been perceived as having a lack of modern facilities. The issue over the last decade has really been, how do we go about regenerating Blackpool?
Our aim with implementing a wireless network is to give visitors a good experience when they come here. We have a garden type area where anybody can hook up to our outdoor wireless network. We have a voucher-based system where people can go into a coffee shop and get a free [Internet] voucher when they get a cup of coffee. That’s aimed at the conference guests coming into town, so in between going to meetings, they can gain Internet access in different parts of the town. We’ve also used the wireless services to support a number of big events coming into Blackpool. Just over a year ago, we had the Royal Variety Performance in Blackpool at the Winter Gardens conference centre where the queen came and was televised by ITV. The BBC has the show “Strictly Come Dancing,” and the climax of that in the UK takes place in the Blackpool Tower Ballroom. When that performance is going on, there are people that want to do social networking, and it was important to the BBC production crew to have fast wireless Internet connection to support that. We learned that to host these successful events, fast Internet connection is really important to the production people and journalists.
Our network also connects to the government’s infrastructure, so I’ve got some really strong security and compliance requirements around how I deal with these services because we connect to some confidential databases hosted by central government. At the heart of all these different things is trying to deliver a fairly open network that supports visitors coming into the town, to the other extreme of having to provide fairly classified access to some of the services within the government agencies themselves.
SearchNetworkingUK: How many access points are implemented? How are these access points managed? Is there a centralized manager or is it distributed?
Doyle: We have about 50 outdoor access points and we’re covering mainly our urban city centre where it is tight and consolidated. There are lots of retail, individual shops, coffee and tea shops, etc. We’ve also put stuff near the train station and our main conferencing centre. We have a central administrated console and a wireless controller for the Cisco equipment. The authentication platform is provided by a German company called Travelping and we use that for the vouchers. It also facilitates the links to the other services we want to offer, such as the Council’s own corporate VPN service. We’ve also linked into the local primary care trust, which is our health services in Blackpool, as well as their VPN. So the idea is if we’ve got a health type worker who is out in the field, and they want to get access to some of their corporate data, they can link in through their VPN.
SearchNetworkingUK: How many people does the network serve in a given day?
Doyle: We’ve got about 5,000 employees that potentially would access the network within the Council itself. If we add in schools, we have a pupil population of about 20,000. The visitor population varies hugely depending on what kind of events are going on in the town. For example, we facilitated a big education IT conference in the Hilton hotel using the wireless Blackpool services and had 400 delegates in one conference room all at the same time, accessing the wireless service. In terms of concurrent access, that is pretty high demand. We use Cisco wireless access points to deliver that, but the heart of it all was the Fortinet firewall that was having to cope with that kind of demand. Through that, we can be pulling up to 200 mega data for our Internet services.
SearchNetworkingUK: What did it take to implement the technology? Were there were challenges/barriers to implementation?
Doyle: The difficulty with this technology is that the services that we run never stop, so we started off putting it into our school network. What we had to do was switch over, into what was a live environment, a new kit, and that in itself was a challenge. You can put something in a test environment and say “looks good,” but you never quite know until you put it out there whether it’s going to stand up and work. I carry some scars from times with technology when things didn’t go in smoothly. What I found with the Fortinet technology is that it does what it says and it delivers. In terms of integrating it into a live network, definitely some challenges, but it did the business for us.
SearchNetworkingUK: How will this technology evolve in coming years?
Doyle: People want to bring iPhones and iPads onto the corporate network, which I obviously can’t allow from a compliance point of view. But by facilitating the wireless Blackpool network with the network indoors, I am able to actually offer people a guest Wi-Fi service, where they can put in their own equipment onto the network. I haven’t yet delivered this, but it’s something we are looking at and potentially about to start to test and pilot. One of the big issues in the public sector right now in the UK, is that we have something called the “freedom of information” where someone can go into a local authority or any government agency and say, “OK, what are you spending your money on?” Clearly tax payers shouldn’t be paying for [employees having] consumer devices. But since people have these devices at home, and they think they can add some value to their work, I’m looking at how we can facilitate them [being on the] Blackpool network.
We are also looking at cloud-based technologies. Combine that with the concept of bringing your own equipment to work. Again, the Fortinet technology is sort of key to that. What we’re trying to do is offer rich, fast network services from multiple locations around the city, and I see a hybrid of us delivering some stuff in the cloud from the data centre and a really good firewall technology like what we’ve got with the Fortinet to help facilitate that.