Your basic ITPro blog... What's going on at work, what I'm interested in.

Thursday, September 9, 2010

Network-In-A-Box Solution For Our New Campus

So, we are opening a third campus this week. Exciting! This new campus provided challenges for us that created great opportunities to grow and use new technology. We need to be able to provide Check-In services to our children’s ministries at this new location. So, we need to deploy check-in kiosks that communicate with our servers back on our Mesa campus. There are some key realities this launch presented that created the need for a unique (to us) solution.

  1. Church-In-A-Box: We will be renting a space for this campus, so our ‘church’ will need to be set up and torn down each week. We don’t have the ability to build in a permanent infrastructure like we have on our two current campuses. So, we need to have a solution that is flexible and mobile.
  2. Repeatable: As we look to the years ahead, expansion and additional campuses will more likely include rented space. This model will likely be more feasible than buying land and putting up buildings. So, we need a solution that is repeatable and portable.
  3. Ease Of Use: Our solution needs to be plug-and-play. We will be using servant ministers to set up and tear down each week. Now, I love servant ministers! They serve out of a wonderful heart for God and His mission! But, the reality is that gear just tends to get beat up, especially gear that needs to be moved around, packed and unpacked, etc. Also, servant ministers aren’t always the most technically-proficient people. So we need something that was going to be rugged and super-easy to set up and get working.
  4. Self-Contained: We also wanted a solution that would not rely on the any provided technical infrastructure. This would give us much more freedom as we looked for venues. We didn’t want to have to rely on a provided network or computing infrastructure. We needed a network-in-a-box. All we need from the facility is power.

pic002 We explored the option of WiFi or 3G and VPN clients on our kiosks with printers directly attached. After some testing, it turned out that printing would not be responsive enough in this configuration. Printer performance is MUCH better if they are networked, rather than attached to the kiosks. But, printers can’t run VPN clients. We experimented with multiple NICs in the computers and network connection sharing to the printers. This did not work as we thought it might.

So, we realized that the best solution will require a router that can establish a VPN tunnel and then provide network service to our kiosks and printers. We toyed with the idea of using a computer with multiple NICs for this, using the local network as our Internet connection, and other ideas. But, after discussing this among ourselves, and running the project with our integrator/consultant (Sentinel Technologies), we came up with a set of requirements that we felt were optimal.

We wanted an all-in-one unit that would:

  • Provide 3G access for Internet connectivity, allowing us to not rely on local networking infrastructure.
  • Have Ethernet ports on the ‘inside’ that we could connect our gear to.
  • Support VPN tunneling over the 3G network to provide secure communication back to the Mothership.
  • Allow for communication initiated from either side of the VPN tunnel (two-way tunneling). This proves to be interesting, given the fact that one side of the connection is not ‘fixed’. Using 3G, our IP address will change from use to use. So, configuring fixed VPN tunnels is not possible. (HINT: dynamic route injection FTW!)
  • Optionally, we would like to have VLAN support and WiFi support for wireless clients on-site.

Enter the Cisco 800 Series!

881G-lgDue to time constraints and shipping delays from Cisco, we ended up purchasing a used router, Model 881G. It has everything we need and want, except for the WiFi built-in. It supports 3G and has four Ethernet ports. We are using a card from Sprint for 3G access. If we need to expand services on the back-end, we can add a switch for additional Ethernet connections, and a WiFi router for wireless connectivity. But, this model should serve our needs for this current installation just fine.

Once the unit arrived, we worked with an engineer from Sentinel to get the unit up and running. By the end of the day, we had our gear ready for testing. After a few fits and starts to work out some bugs, we connected the printers and kiosks to the router and powered everything on. After a minute or so, the router had established Internet access through the Sprint 3G card, had created the VPN tunnel back to our Mesa campus, and our ASA5510 in Mesa had dynamically established the required routing rules for two-way communication back through the VPN tunnel.

Our kiosks brought up the check-in site and we ran some tests. The check-in app was responsive and printing was surprisingly quick. It was smiles all the way around!

So, our final installation will look something like this:


Simple, compact, repeatable, mobile, responsive. Everything we were looking for in a solution.

Of course, the REAL test will be this Sunday morning. Wish us luck!


ON A SIDE NOTE: I want to say a HUGE ‘Great job and Thank You’ to the other guys on our team! David did an awesome job getting the Sprint card activated on short notice and prepping the kiosks and printers. Nick and Jason, from my limited understanding, did some MAJOR work on the check-in system to support this unique configuration. These guys are amazing devs and a pleasure to work with. Phil did a great job running the project, working with our integrator and finding alternatives when our “Plan A’s” didn’t quite work out. For a while, we weren’t sure if we were going to get a router on site in time! Great job to all!

Additional Info

My photo
email: support (AT) mangrumtech (DOT) com
mobile: 480-270-4332