Wireless networking (meetinghouse)
|To Do: Translate this page into Russian|
802.11 wireless (Wi-Fi) may be set up in meetinghouses so that users can connect to the Internet without having to physically plug in to the network. Wireless is a convenient way for people to connect to a meetinghouse network and may be the only practical means of providing Internet access to certain parts of a building.
Use with new meetinghouse firewall
The new Cisco 881W meetinghouse firewall comes with integrated Wi-Fi which is automatically configured upon installation and activation of the firewall. If additional wireless coverage is required, the Cisco 1041 wireless access point should be used. These can be procured by the facilities management group via LDS eMarket.
Use with older meetinghouse firewalls
In buildings where older meetinghouse firewalls are in place (such as the Cisco ASA or PIX), locally purchased commodity Wi-Fi access points may continue to be used. When choosing a commodity wireless access point, look for one that supports 802.11n, which offers greater distance and better penetration of the wireless signal (the access point should also still be 802.11b and 802.11g compatible).
Who sets up a wireless meetinghouse network?
Installation is typically a coordinated effort between the facilities management group and the stake technology specialist. Especially when undertaking building modifications (for example, drilling holes through walls), the stake technology specialist should coordinate with the facility manager to ensure the modifications are appropriate. The stake technology specialist is responsible for ensuring the proper security and management of the wireless network in meetinghouses.
Positioning wireless access points
Before you can position the wireless access points strategically in your meetinghouse, you need to decide where you need wireless Internet access. If you only need wireless access in the clerk and bishop's offices, this poses significantly less work than providing Internet access throughout the entire meetinghouse.
To provide Internet access throughout your meetinghouse, you will may need multiple wireless access points. You will need to run network cables from the firewall to each of these wireless access points. Additionally, the wireless access points will need to be plugged into power outlets.
Примечание: Before you undertake major installation efforts (such as cutting holes in the ceiling or attaching conduits on walls), contact your facility manager to coordinate this effort.
Maximizing signal strength
In positioning the wireless access points, signal strength is a key consideration. The signal strength you obtain from each wireless access point determines the number of wireless access points you need. Greater signal strength means you'll need fewer access points, and poor signal strength means you'll need more access points.
Signal strength is affected by several factors: the strength of the wireless signal generated by the wireless access point, the type and placement of the antenna, the construction materials of your building, and any electrical interference that may be generated by microwave ovens, cordless (but not cellular) phones, electric wiring, other nearby wireless networks, and other interfering devices.
Wireless signals have a harder time traveling through cinderblock, cement, and metal (such as ductwork) than with drywall. For a modern meetinghouse with drywall construction, you'll typically need fewer wireless access points to cover the entire building. Older buildings with plaster walls and ceilings, on the other hand, may have poor wireless coverage because plaster is often installed over wire mesh, which can block signals. In that case, you'll need more wireless access points to cover the building. Additionally, if your meetinghouse is all brick, you may need more access points, better access points, or different antennas (or some combination of the three). If your meetinghouse is smaller than normal in size, you may need fewer access points. But if you have attached buildings that also require Internet access, you may need more. In short, the number of wireless access points you need depends on your building.
Finding the best places for each wireless access point is a matter of trial and error. Some locations will provide more signal strength than others. Experiment by placing the access points in different locations to see what works best for your meetinghouse. In general, if your building has an attic area, try to place your wireless access points there. If there is no attic, look for ledges on the ceiling. This allows the signals to more easily travel over walls and cover more area. You may also be able to "gain" signal strength by replacing the antennas that came with your access point or by buying or making antenna boosters.
While the signal strength indicator (usually in the form of 0-5 "bars") on your computer will give a general idea of signal strength at any given location there are some free tools available that will give you a much better idea of the wireless signal conditions at your specific idea. Metageek provides one such tool, inSSIDer which is freely distributed as an open source project. This tool (and others similar) provide not only a graphical representation of signal strength in real time (the indicators will fluctuate as you move about the area) but also clearly demonstrate which channels are currently in use by other wireless users in the area (nearby homes or businesses). If you are having poor network communications a tool such as this may indicate that several wireless networks are competing on the same channel which should prompt you to change to a new frequency (channel) to avoid interference. Similar applications are easily found with free-to-use licensing terms for mobile devices such as Android or iPhone units that may be more convenient to use to survey a building than a laptop.
Finding strategic locations
There are several strategic locations for wireless access points:
- Attic Areas
- Side foyers: Placing wireless access points in each side foyer is a good idea because the areas are open and have low impedence to the wireless signal. You can often place the wireless access points on ledges near recessed lighting. This positions the access point away from member visibility and possible harm, but getting power to these ledge places may be problematic. If you can access the foyers through an attic or crawl space, place the wireless access points there.
- Ends of the building. Look for a location to place the access points at the front and back of the meetinghouse. However, avoid placing the wireless access points at the edges of the building, because you'll end up sending signal strength into the parking lot rather than into other areas of the building. Keep the wireless access points about 20 to 30 feet from the back and front of the meetinghouse.
- Clerks offices. You can also place the wireless access point in a clerks office, since clerks may be heavy users of the Internet. Installing an access point near the clerks offices may be an easy win for getting wireless access to clerks, but the signal's reach may be disappointing.
Примечание: Although you can place wireless access points in clerk's offices, try to place them in a more secure, less-trafficked, locked area.
Connecting back to the firewall
You will need to run an Ethernet cable from the firewall to each wireless access point (rather than daisy-chaining cables from one access point to another, which reduces data throughput). Before you run cable behind walls or through difficult ceiling spaces, try placing the access points in the selected areas without hiding the cables, and see if the locations yield the signal strength you need.
After you finalize the locations, you can then go to the trouble of running the cable inconspicuously behind walls, through crawl spaces, in attics, and so on. See the section on Wired networking for information on running cables through your meetinghouse.
Примечание: Newer buildings may already have network cables in appropriate places.
Keep in mind that you always connect the wireless access points through the firewall. If you bypass the firewall, you're operating against the Church's Internet policy.
Adding more ports
The firewall only has a specific number of local area network (LAN) ports available. If you need more ports, you can add a switch to the firewall. A network switch is a device that provides more ports for you to connect network cables to. The switch sits between the wireless access points and the firewall. A 16 port unmanaged switch may be purchased by facilities management groups via LDS eMarket.
Setting up the wireless access points
If using one or more Cisco 1041 wireless access points, simply plug them into power and connect them back to the firewall through a network cable. The 1041 will automatically receive software updates and configuration. It may take up to two hours for this process to complete. The SSID will be LDSAccess. The passphrase may be obtained through the GSC to authorized individuals.
Commodity wireless access points
When setting up commodity wireless access points with older meetinghouse firewalls, follow the instructions that accompany the access point. Set up the access point to use WPA or preferably WPA2 with an SSID and pre-shared key of your choosing. Share this key with those who are authorized to have Internet access.
Wireless network security
Wireless networks pose more security vulnerabilities than wired networks. Since the Church can be a target of attack, make sure you take measures to secure your network.
When your Internet connection is installed, your ISP may provide you with a modem that includes Wi-Fi capability. This wireless access must be disabled since any wireless connection made directly to the modem would not be going through the firewall and therefore would be in violation of the church Internet connectivity policy.
Commodity wireless access points
If you're using locally purchased commodity wireless access points with the older meetinghouse firewalls, ensure that the encryption type on your access points is set to WPA or preferably, WPA2. Second, make sure the network is protected with a strong password. Passwords should be at least 8 characters long and include both numbers and letters. You can check the strength of your password at passwordmeter.com.
While security is important, don't create such as arduous password that no one can remember it. Also keep in mind that you should periodically change the password, such as every several months. A good reminder would be to change your password each time you submit your quarterly report.
In addition to a strong password, turn off the setting in your wireless access point that allows remote management of the device.
Meetinghouses with Family History Centers
In many buildings with Family History Centers, the Church has installed wireless networks that typically use Cisco Aironet 1200 Series wireless access points. The installation of these wireless networks was paid for by the Church and generally installed by a contractor hired through the local Facilities Management group. If your meetinghouse already has a Family History Center with a wireless network installed, as most do, you can connect to its network to access the Internet (see 11 Feb 2008 letter for a reference to the authorization). If you have an official Family History Center at your site, you do not currently have wireless set up, and would like to order the Church's wireless access point for your site, please contact the Global Service Center.
Network profiles in Family History Centers
To connect to a Family History Center network, you need to understand a bit about the profiles configured on the wireless access points. The Aironet wireless access points have three possible configuration profiles: moroni, inorom, and LDSAccess. The first two are older profiles that require you to use a Church-issued computer with the Odyssey Client to connect to the Internet. The moroni profile requires users authenticate with a password that the GSC generates for the specific building; the inorom profile allows users to authenticate with LDS Account (but again requires a Church-issued computer to connect).
Beginning in 2008, the GSC started providing an additional option for connecting to the wireless network: LDSAccess. Upon request, the GSC will download and configure the LDSAccess profile to the wireless access points in Family History Centers. The LDSAccess profile uses WPA security and a passphrase provided to the stake technology specialist. With LDSAccess, members can use their own laptops rather than relying on Church-issued computers or the Odyssey client. The stake technology specialist provides the password to any member who needs Internet access.
LDS Access is the recommended configuration for the Aironet access points because it allows for more flexible access among a wider range of users. This access may be particularly necessary when conducting training (such as with family history or employment training) that covers techniques about online searching or site navigation. To configure the Aironet wireless access points with the LDSAccess profile, contact the Global Service Center.
Примечание: Do not confuse LDSAccess with LDS Restricted Access or LDS Extended Access. LDSAccess is a wireless WPA security profile that can be configured on Cisco wireless access points by the GSC to provide wireless connectivity. LDS Restricted Access and LDS Extended Access are filtering profiles that the GSC configures on an ASA firewall to limit the websites users can visit.
Troubleshooting Family History Center networks
The Global Service Center will troubleshoot or resolve issues with the Aironet wireless devices or Odyssey Clients (which were installed by Facility Management). A variety of problems have been reported in connecting with the Odyssey Client:
- Not all wireless network adapters work. The Church has supplied Linksys WUSB54G USB network adapters, which generally seem to work.
- When both the moroni profile and LDSAccess profile coexist on the Cisco wireless access point, administrative desktop computers using LANDesk seem to have trouble connecting. To correct the problem, try removing both the moroni profile and the LDSAccess profile, and then add the LDSAccess profile back to the wireless access point.
Wireless networks in Type 3 locations
Type 3 locations refer to non-meetinghouse locations where Church employees work, such as Facility Management offices, Employment Centers, Distribution Centers, Desert Industries, LDS Family Services, Mission Offices, Institutes, Seminaries, Temple Patron housing, Welfare Service Centers, Visitors Centers, and Temple President Housing.
Almost without exception, wireless networks have already been set up in Type 3 locations through Facility Management. These wireless networks use the Cisco Aironet wireless access points (similar to the Family History Centers) and authenticate through the user's LDS Account credentials on the Mountain network. These networks are funded by local, area, or departmental budgets.
If a wireless access point in a Type 3 location fails, contact the Global Service Center. You may need to verify whether the failure stems with the wireless access point or the firewall. To determine the failure point, connect a laptop directly to the firewall. If the laptop has network access, the issue is with the wireless access point, not the firewall. You can also have the GSC troubleshoot the problem by requesting that they ping the firewall to determine its status.