Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Very Challenging Network Conundrum....


  • Please log in to reply
16 replies to this topic

#1 granthworth

granthworth

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 18 February 2015 - 08:06 PM

Hello all,

 

We seriously need help. I think I have come to the right place.

 

I work as a project engineer for a medium sized logistics firm working inside two of our customer's facilities. The customer is a big player in a very competitive business segment and therefore has very strict restrictions on network usage inside their facility. Currently, we employ around 44 users on-site who require internet connectivity. Of these 44, the maximum number of simultaneous users in one location is 14. The customer forbids us to access their network connections, with no amount of negotiations changing that situation. 

 

So, for the past 10 months, we have survived off of two AT&T Unite Pro 4G hotspot devices. And it has been hell.

 

Each of these customer locations has approximately 1500 total employees on-site at any given time and these facilities are within a quarter mile of each other.

 

The first issue is simply with the number of our employees requiring access. Whatever the intended amount of simultaneous users these devices were designed for, I can assure you it is not 14.....

 

Also, imagine the speed of these devices during lunch and break periods when all 3,000+ employees are watching cat videos on Facebook or streaming the newest Kanye West "hit"....

 

Please help. What can we do differently?



BC AdBot (Login to Remove)

 


#2 softeyes

softeyes

  • Members
  • 1,506 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 18 February 2015 - 08:49 PM

LOL ~ the joy of the "network manager!"  Simply can drive a person nuts..right! At least that was my case while working at a school district!

 

Reads like you have made an attempt to sort your needs out with the "network king?"..which in some cases..this individual might be brilliant at their sole focus, yet not trained outside of that "box?" Avoid the (not the IT Director!) I'd get right to the network king.

 

Here's something that caught my eye (from :http://en.wikipedia.org/wiki/Virtual_private_network

 

 
VPNs in mobile environments

Mobile VPNs are used in a setting where an endpoint of the VPN is not fixed to a single IP address, but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points.[26] Mobile VPNs have been widely used in public safety, where they give law enforcement officers access to mission-critical applications, such as computer-assisted dispatch and criminal databases, while they travel between different subnets of a mobile network.[27] They are also used in field service management and by healthcare organizations,[28] among other industries.

Increasingly, mobile VPNs are being adopted by mobile professionals who need reliable connections.[28] They are used for roaming seamlessly across networks and in and out of wireless coverage areas without losing application sessions or dropping the secure VPN session. A conventional VPN cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out,[26] or fail, or even cause the computing device itself to crash.[28]

Instead of logically tying the endpoint of the network tunnel to the physical IP address, each tunnel is bound to a permanently associated IP address at the device. The mobile VPN software handles the necessary network authentication and maintains the network sessions in a manner transparent to the application and the user.[26] The Host Identity Protocol (HIP), under study by the Internet Engineering Task Force, is designed to support mobility of hosts by separating the role of IP addresses for host identification from their locator functionality in an IP network. With HIP a mobile host maintains its logical connections established via the host identity identifier while associating with different IP addresses when roaming between access networks.

 

 

 

It would be interesting to see if the corporate network king would work with you and this sort of configuration?

There are so many ways to configure a corporate network..It might be worth the money to purchase your own server and see if you could have "one" dedicated switch, your companies computers maped to your "own network" and the user access and permissions "globally" worked out  the network king? Interesting situation.  Can't wait to follow your thread and it's success!



#3 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 18 February 2015 - 11:59 PM

I just want to make sure I'm getting this right: You work for a company that is located inside another company and the bigger company will not let you use their network to get access to the internet? If that is what I am reading then why mention how many people they have or how many of their people need connection? Screw them.

 

You have 44 people that need connection to the internet and as of right now with the 2 hot spots you can only get 14? Which is WAY too many for a 4g connection, most have a limit of 5 and even that is pushing it lol. I assume you've tried to get your own broadband connection into your part of their facility? Is there a reason they haven't allowed this? Because to be honest with you, if the main company won't allow you access at all to their network nor allow you to bring your own broadband in, ummm that is baffling. I mean you could be a jerk and say the hot spots are for business only but man you'll have unhappy people...lol.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#4 granthworth

granthworth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 February 2015 - 08:28 AM

LOL ~ the joy of the "network manager!"  Simply can drive a person nuts..right! At least that was my case while working at a school district!

 

Reads like you have made an attempt to sort your needs out with the "network king?"..which in some cases..this individual might be brilliant at their sole focus, yet not trained outside of that "box?" Avoid the (not the IT Director!) I'd get right to the network king.

 

Here's something that caught my eye (from :http://en.wikipedia.org/wiki/Virtual_private_network

 

 
VPNs in mobile environments

Mobile VPNs are used in a setting where an endpoint of the VPN is not fixed to a single IP address, but instead roams across various networks such as data networks from cellular carriers or between multiple Wi-Fi access points.[26] Mobile VPNs have been widely used in public safety, where they give law enforcement officers access to mission-critical applications, such as computer-assisted dispatch and criminal databases, while they travel between different subnets of a mobile network.[27] They are also used in field service management and by healthcare organizations,[28] among other industries.

Increasingly, mobile VPNs are being adopted by mobile professionals who need reliable connections.[28] They are used for roaming seamlessly across networks and in and out of wireless coverage areas without losing application sessions or dropping the secure VPN session. A conventional VPN cannot survive such events because the network tunnel is disrupted, causing applications to disconnect, time out,[26] or fail, or even cause the computing device itself to crash.[28]

Instead of logically tying the endpoint of the network tunnel to the physical IP address, each tunnel is bound to a permanently associated IP address at the device. The mobile VPN software handles the necessary network authentication and maintains the network sessions in a manner transparent to the application and the user.[26] The Host Identity Protocol (HIP), under study by the Internet Engineering Task Force, is designed to support mobility of hosts by separating the role of IP addresses for host identification from their locator functionality in an IP network. With HIP a mobile host maintains its logical connections established via the host identity identifier while associating with different IP addresses when roaming between access networks.

 

 

 

It would be interesting to see if the corporate network king would work with you and this sort of configuration?

There are so many ways to configure a corporate network..It might be worth the money to purchase your own server and see if you could have "one" dedicated switch, your companies computers maped to your "own network" and the user access and permissions "globally" worked out  the network king? Interesting situation.  Can't wait to follow your thread and it's success!

 

Thank you for your input. I would be interested in hearing more information about the mobile VPN scenario you quoted. What companies would offer that type of service?

 

I just want to make sure I'm getting this right: You work for a company that is located inside another company and the bigger company will not let you use their network to get access to the internet? If that is what I am reading then why mention how many people they have or how many of their people need connection? Screw them.

 

You have 44 people that need connection to the internet and as of right now with the 2 hot spots you can only get 14? Which is WAY too many for a 4g connection, most have a limit of 5 and even that is pushing it lol. I assume you've tried to get your own broadband connection into your part of their facility? Is there a reason they haven't allowed this? Because to be honest with you, if the main company won't allow you access at all to their network nor allow you to bring your own broadband in, ummm that is baffling. I mean you could be a jerk and say the hot spots are for business only but man you'll have unhappy people...lol.

 

You are getting it right. They have a shop-wide wifi network that we are allowed to use. However, no VPN traffic is allowed on that network and I would say 60% of our connectivity requirements are VPN related.

 

We have 44 users requiring access across 3 shifts. A maximum simultaneous number is 14 but the typical usage is around 7-8. And these are users requiring access for business purposes only. Also, I will tell you that the company we work for is a major automotive manufacturer. There is absolutely 0 chance for us to use their network connections, as we have been told. Even if that wasn't the case, our VPN traffic would still not be allowed.....

 

 

Thanks for the suggestions so far guys! 



#5 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 19 February 2015 - 09:16 AM

OK now your needs are becoming a bit clearer. You didn't answer about trying to get your own broadband connection, separate from there's.  


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#6 granthworth

granthworth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 February 2015 - 09:33 AM

OK now your needs are becoming a bit clearer. You didn't answer about trying to get your own broadband connection, separate from there's.  

 

I don't have an answer to that but I will address it with our IT Manager. He does not have access to this facility which further compounds our issues..... I will speak with him this morning and ask this question. He has told me in the past that this was not possible but I will see if that situation has changed.

 

What hardware would need to be located on-site for that type of connection? I assume it would be a modem/router configuration connected to our own physical cable/DSL line, correct? I will find out if that is possible. My hopes are not high....

 

Thanks again for your help!



#7 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 19 February 2015 - 12:00 PM

It might be time to ask for a meeting with your IT guy, their IT manager, his boss, and yourself. That seems like something you could negotiate with the company. You have to have access and since they won't let you on their network you need your own. 

 

If they say no to all of that(which seems like a possibility), then you'll need at least 1 more hot spot to help with the work load. 

 

But to answer your question, yes whatever the ISP provides and more than likely your own router so you can set up what you need security wise. But the ISP will be able to help with making sure you get the type of connection you need.


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#8 granthworth

granthworth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 February 2015 - 12:39 PM

It might be time to ask for a meeting with your IT guy, their IT manager, his boss, and yourself. That seems like something you could negotiate with the company. You have to have access and since they won't let you on their network you need your own. 

 

If they say no to all of that(which seems like a possibility), then you'll need at least 1 more hot spot to help with the work load. 

 

But to answer your question, yes whatever the ISP provides and more than likely your own router so you can set up what you need security wise. But the ISP will be able to help with making sure you get the type of connection you need.

 

Yes, I have suggested that exact meeting as of this morning. I will report back with any more details. I have also reached out to our AT&T rep for any suggestions to increase reliability/speed on-site. Thank you for your help!



#9 granthworth

granthworth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 February 2015 - 01:00 PM

Well, we have received a resounding NO from the customer. No to accessing their network in any way, shape, or form, and no to installing our own.....



#10 CaveDweller2

CaveDweller2

  • Members
  • 2,629 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:05:20 AM

Posted 19 February 2015 - 01:29 PM

that's crappy and rather rude. But at least now you know. 

 

AT&T is going to know more than most people what they can and can't do with their own equipment. I am assuming you have a business account with them yes? Because then you don't get some yahoo, you'll deal with someone that knows WTH they're doing. Please keep us apprised as to what they can do for you. I'm interested. Good luck =)


Hope this helps thumbup.gif

Associate in Applied Science - Network Systems Management - Trident Technical College


#11 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 19 February 2015 - 04:05 PM

"No to accessing their network in any way, shape, or form, and no to installing our own....."

 

But you did when you put in your wifi access points.  I am not getting a clear picture here.  You say "The customer forbids us to access their network connections" but then you say "imagine the speed of these devices during lunch and break periods when all 3,000+ employees are watching cat videos"

 

Clearly these 3000 corp users are not accessing your Unite Pro 4G hotspots so why the comment about cat videos?

 

If you are allowed to bring up your own internet wifi access I would suggest you consider THREE mifi access points.  4-5 users per access point should work better than 7-8 per AP.  This does depend on how good your 4g reception is in the area.



#12 granthworth

granthworth
  • Topic Starter

  • Members
  • 6 posts
  • OFFLINE
  •  
  • Local time:03:20 AM

Posted 19 February 2015 - 04:22 PM

"No to accessing their network in any way, shape, or form, and no to installing our own....."

 

But you did when you put in your wifi access points.  I am not getting a clear picture here.  You say "The customer forbids us to access their network connections" but then you say "imagine the speed of these devices during lunch and break periods when all 3,000+ employees are watching cat videos"

 

Clearly these 3000 corp users are not accessing your Unite Pro 4G hotspots so why the comment about cat videos?

 

If you are allowed to bring up your own internet wifi access I would suggest you consider THREE mifi access points.  4-5 users per access point should work better than 7-8 per AP.  This does depend on how good your 4g reception is in the area.

 

 

You're right, 3,000 users do not use our hotspot. However, they do use 4G data on their smartphones which overwhelms the cell tower/s. During break and lunch periods, our hotspots simply do not work and data speed on your phone drops to miserable levels because of this.



#13 Wand3r3r

Wand3r3r

  • Members
  • 2,027 posts
  • OFFLINE
  •  
  • Local time:02:20 AM

Posted 19 February 2015 - 05:45 PM

Anybody other than AT&T and Verizon in your area?  Less popular like Sprint maybe a better choice for the service.  I am surprised though with that many hitting the towers that the provider hasn't updated them to handle more bandwidth. One of the usual recommendations at least concerning phones is to power cycle the phone so it can get to a different tower.  Might try that with one of these devices during a lunch hour to see if you can get attached to a better tower.



#14 softeyes

softeyes

  • Members
  • 1,506 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 19 February 2015 - 09:56 PM

The corporation you are working within as a sub-contractor has a "huge" ISP.  Within every building there are numerous switches, providing ports to each work station, where each computer is physically connected via an ethernet cable.  Those working on a wireless computer have been provided with the wireless network connection "code" or the wireless devices have been configured by IT.

 

Thus, my thought is actually kind of "simple" in the huge scale of this company.  When I say purchase your own server, it is indeed your own mini "network center" for your team to connect through.  All of your team members computers have their drive mapped to your sever.  The server has it's on OS..and it would need "one port" in this corporation's configuration for you to connect your server. Once your team's computers are mapped to your personal server, you would not be accessing on a computer-to-computer basis any "direct" network corporate connection.

 

In essence, my thought is that you would negotiate with the Director of IT and the Director of the Network team, access to this one port that your sever would connect to, gaining access to their "huge" ISP..The rules of permission as to how much of the ISP network you would ever be able to access would be set up in the network control center.  Next you would get your own router, connected to the server.  It could be a wireless router that only your team connects through.  Or, you configure your sever, connected to the one port, and have all team members report to that room where they are connected to a router switch via ethernet..you can use more than one switch on one router.

 

I'm sure that the corporation you are working with "worries" that if you connect any of your computers to their ISP network, you "might" gain access to accounts, hard drives and information that is propritory.

 

A server is not that expensive; you might be able to establish a "lease on the port" and agree to narrow permissions.  With that said, only the Internet and software that you install is accessed on your server by your team.  With the correct permissions set in place, you would not have any access at all to their corporate computer network.

 

Think about a huge library, which allows "anyone" to access their wireless network!  It's not a "trust the libray user" issue that allows this succes and access, it's a pure and simple network configuration that only allows an individual to access the "Internet" to get on line per precise software and permissions. There is no way in a library (for example) a user can gain access to any of the control panel, system, etc. and so forth.

 

To infinity this corporation will continue to say NO to you ever gaining access to their network.  Instead, offer out this alternative idea?

Just a thought?  There always wax to clear out of my ears if my approach needs to be blown!

 

Continued tenacity with this issue! :thumbup2:

 

 



#15 doctore

doctore

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:05:20 AM

Posted 20 February 2015 - 04:55 PM

I would recommend getting Sprint "NETGEAR Zing Mobile Hotspot" (AirCard 771S) - it supports up to 10 clients and I often get 15Mbps+ on their network (granted that's at my location), but most importantly - it supports VPN.

Sprint should be much less congested, regardless. Last time I checked, their data plans went as high as 120GB.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users