Virtual private network (VPN) software may seem synonymous with enterprise mobility, but how mobile can users really be if their sessions drop as soon as they wander out of range of a wireless access point (AP)? Connectivity knows no such bounds in Avondale, Ariz., a city that has enabled public safety and well water workers to roam between Wi-Fi and cellular networks using a mobile VPN client for constant and transparent wide area...
network (WAN) access.
Although the networking team for Avondale, a western suburb of Phoenix, had installed wireless APs near various traffic signals and well sites for its most mobile users, coverage was sorely lacking in more rural parts of the city, according to Kevin Hinderleider, Avondale's IT director.
"They'd be out in the field with a local username and password … [which was] all fine and good up until the point when they'd drop their signal. If they drop their signal, they drop their VPN and drop their application," Hinderleider said. "We needed to have a reliable connection. It couldn't drop, and it had to be fast."
For the city's casual users, losing a VPN session and logging back in is a minor inconvenience, he said. But police officers calling up records while racing to a crime scene or paramedics rushing patients to the hospital can't do their jobs hanging around hotspots. For Avondale's highly mobile users, a mobile VPN client can save lives, Hinderleider said.
"[Our first responders] are flying at 60 miles per hour from one site to another, and they've got to have the connectivity," he said.
Mobile VPN client: 'It's always on and it always works'
Before moving to a mobile VPN client, Avondale's networking team supplied its 500 users with Cisco Systems' VPN Client to use on their Panasonic Toughbooks and Dell laptops, Hinderleider said. For most, it worked fine. But for the city's 200 highly mobile police, fire and well workers, it became a constant headache for users and support staff.
Mobility was meant to help city employees be more efficient, he said. A well worker can download pump specs on his own, as opposed to tying up a colleague at headquarters to explain it over the phone.
They could be in the city of Avondale or Mesa or Tempe or Scottsdale connecting to Wi-Fi … and boom! They're back on our network, they're back on our policies, and it just works.
Kevin Hinderleider IT DirectorCity of Avondale, Ariz.
But the previous solution was counterproductive, he said. In addition to dropping sessions and applications, mobile users complained about the difficulty of fumbling with login settings while in transit.
The new solution not only needed to be reliable, but it was important to find something invisible to the user that could launch and relaunch itself in the background, Hinderleider said.
"We couldn't have those individuals out in the field making tons of phone calls to us at the help desk," he said. "Help desk in turn would have to diagnose it, and it just turns into a mess, and we'd no longer have a cost saving [that comes with improved efficiency]."
After determining which wireless operator had the best coverage in the city -- Verizon Wireless -- the networking pros tapped NetMotion Wireless for its mobile VPN client, Mobility XE, which ensures constant connectivity by automatically connecting to Verizon's 3G network if Wi-Fi isn't available.
"They could be in the city of Avondale or Mesa or Tempe or Scottsdale connecting to Wi-Fi … and boom! They're back on our network, they're back on our policies, and it just works," Hinderleider said.
Although Verizon's 3G network offers wider coverage than the city's wireless WAN, Hinderleider said the mobile VPN client is set to default to Wi-Fi when possible because it offers a faster connection -- 11 to 40 Mbps vs. Verizon's 1 to 1.5 Mbps.
If users roam out of range of the city's Wi-Fi network and cellular coverage, the mobile VPN client will keep the application frozen in time instead of dropping it completely, he said. The program will alert users that the connection was lost but will automatically re-establish it once they roam back into a coverage area.
Without any intervention or obvious change in performance, a well worker can start calling up information about the water pumps via the wireless AP at City Hall and continue downloading material en route to the well site as the mobile VPN client rolls the session over to Verizon's 3G network, Hinderleider said.
"They're not thinking about turning it on or about how it's going to connect," he said. "It's always on and it always works."
'Always-on' mobile VPN client enhances security even for the stationary
Although retraining the networking team to support the mobile VPN client has presented some problems as the city's IT department migrates from Windows XP to Windows 7, few technical glitches have emerged since the city deployed the Mobility XE server in its data center last year, Hinderleider said.
Once the dust settles, all of Avondale's users will eventually migrate from Cisco to the NetMotion mobile VPN client, he said. Even if stationary users don't need constant connectivity, the "always-on" model will ensure that they are continually going through the city's Internet filter and network policies.
"When they do take [the laptops] home, we don't know what they're doing or where they are," Hinderleider said. But while workers are on the mobile VPN clients, "they have to follow our policies; they can't get away, and they can't get around [WAN security]."
Let us know what you think about the story; email: Jessica Scarpati, News Writer
Dig deeper on VPN setup and configuration