SECURE NAVAL WIFI-SOLUTION
Fortinet’s philosophy has been from the start in 2002 to design a wireless solution that is ready for an all-wireless environment.
This means a solution that provides high density access and perfectly supports voice and video application for these high number of users. In order to achieve this, they needed to get control of the network rather than having clients define the speed of the network, when to roam, where to roam, how to distribute themselves over the available resources and thus in essence, define how the user experiences the application.
Control the network
In order to get control over the network, Fortinet decided to build a unique solution capable of working not only in a MCA but also in SCA. SCA results in a virtualization of the network making all AP appear as one AP to the client taking away the responsibility of the client to decide when and where to roam. It thus offers actual seamless roaming without interruptions regardless of the chosen technology. This makes SCA the only architecture capable of supporting voice while also maintaining the highest standards in wireless security.
Moreover, the SC architecture brings a perfect load balancing in place as the network now can decide where to put the client based on the network topology map build by the controller. This defines the signal strength, load, noise etc. of every actual and possible connection between every client and every AP as well as in between AP. Based on this knowledge, the controller can put the client on the right AP, move the client to the most appropriate AP without the client noticing it and defining when which client or AP can actually talk optimizing the available bandwidth.
This also results in predictable access and predictable delays. The worst thing for voice communication is jitter, a variation in delay. By offering a consistent connection to the client, the client will perform a lot better.
Channel layering and capacity
Even though all AP form one virtual AP, the actual available throughput is the full throughput per AP thanks to the intelligent scheduling of the controller. Moreover, since we only need one channel to build a complete network, other available non-overlapping channels can be used to leverage the infrastructure to a higher level. This is called channel layering and actually multiplies the available bandwidth and total number of active users with the number of layers you have. While adding bandwidth it also acts as a layer of redundancy. When an AP dies, the client can either be handed off to a more far away AP on the same channel or it can choose to roam to an AP at a different channel but with the same high signal strength as it had on the previous AP.
Many different types of devices and applications are used on a Wi-Fi network and Fortinet can make sure they all work. If needed we can separate these devices, users or applications also per layer.
Due to the focus on applications like voice and video and on a high density of users, Fortinet also concluded that the way clients are serviced should change. Before Fortinet, everyone defined fairness in a network as being able to send an equal amount of data. This means that a client at 1Mbps actually got 10 times as much time as a client at 11Mbps because both need to send the same volume before the other client is allowed to send again data. The fast clients are thus continuously waiting for the slow clients which means that your entire network is as fast as the slowest client. In practice, this means that the fastest client actually comes in last.
Fortinet defined AirTime Fairness where they actually provide the same airtime for every client and during that same time slot, every client can perform at their highest rate which results in the fast client being done first rather than last. This has been copied by others over time but no one can achieve the uniqueness of Fortinet’s architecture providing this both in down- ánd upstream. Video and voice are small packets which is by default difficult for a network ánd they are both bidirectional. These are not websites you visit and where 90% of the traffic is download.
Flexibility and scalability
An extra advantage of single channel is that you don’t need to calibrate every AP’s channel and transmit power. This means that if there is the need to add an AP or change anything else, there is no need to recalibrate/rethink the entire network. No need for a new channel plan, for hours of time to have the automatic RF calibrate and decide after which you still have to manually verify if everything and correct any mistakes.
Ships and Wi-Fi
As an environment, a ship is probably the most difficult one to find. One is faced with a lot of challenges:
- lots of metal and thus reflections
- multipath fading in hallways
- Faraday cages when doors are closed
- lots of obstructions as in engine rooms
- white noise from those engines sometimes blocking a big part of the frequency band
- low ceilings and thus difficult propagation of the signal
Fortinet has proven to be the choice of Wi-Fi solution in this environment when it is mission-critical as it is for voice, alarming, video etc. Due to the nature of a ship, a lot of APs are visible to the client but can just as easily disappear the moment after. A controlled approach where the controller monitors the client assures a seamless roaming throughput the ship.
Due to the criticality of the solution, the excellent redundancy options of the system; both on the controller side as well as on the AP/channel layer side, assures the system will be always-on.
Consequently, Fortinet’s experience with Wi-Fi on ships is rapidly increasing, both in difficulty and scale:
- Royal Dutch Navy (4 patrol ships, 1 Joint Support Ship)
- 32+ large and very large (5000+ passengers and crew) cruise ships, varying from pervasive coverage to streaming video over WLAN for 4000+ passengers
- 20 on-sea installations
- 4 Super Yachts (+80 meter long)
- 5 Yachts (40 to 65 meter long)
Fortinet Networks has over 4 man years of experience with maritime refitting and installation work and continues to be the most sought after vendor for WLAN in challenging and mission critical environments.
Obviously, yachts and cruise ships are not war ships but they add even an extra layer of difficulty: all AP must be invisible to the public and even though the network is crucial to them, we can hardly ever use the ideal spot.
Fortinet is the only solution that has never had any issues supporting voice with 802.1x/802.11i/WPA2 Enterprise. Due to the SCA, there is absolutely no delay in roaming when using this high level of security.
Fortinet also offers a Wireless Intrusion Detection Solution (WIDS) offering the detection and prevention.
This is further strengthened with the Fortinet security offering. The Fortinet Client can be installed on the handheld/laptop (Windows, OS X, iOS, Android…) which can build a 256-bit FIPS 140-2 encrypted tunnel to the Fortinet appliance ensuring the highest level of data integrity and privacy. The Fortinet appliance is also a very powerful state full packet inspection firewall with application detection.
Secure Wi-Fi solutions
The Wireless Communication System is implemented with Wireless Access Points granting access to users the RADIUS protocol (remote user authentication and accounting). A separate virtual port is created for each device on the network.
From a system administrator perspective, the Fortinet Controller is configurable from a single point. Instead of configuring all devices all over the Ship, one configuration is created and all devices are attached to that configuration. The Fortinet Controller uses the data link Layer 2 to communicate with the devices. No IP addresses are used in this protocol and the Fortinet AP will sign up with every Fortinet Controller they find in the network. The Fortinet Controller will apply RADIUS based MAC filtering, whereby device MAC addresses are set up and managed by a remote RADIUS Server. When a new device attempts to join the network, the Fortinet Controller queries the RADIUS server with the MAC address to determine whether the client is permitted or not.