The WiFi Emporium Blog

Currently I have a WiFi Hotspot system setup at the Brevard County Library System in Brevard County, Florida.  The system has been in operation and allows patrons and guests of the library access to library resources and the Internet  (as of the time of this writing) for about 11-1/2 months or since Feb. 15, 2005.  Here is a posting I had placed on the www.publicip.net Success Story Forums (which is no longer has an active forum):

Picture this:

You have 17 library locations scattered across a county in Florida (Brevard) that is 78 miles long and about 23 miles wide at it’s widest point. Every location has public access computers that allow access to the internet but there are limitations such as not instant messaging, no client email capabilities and you can only use a workstation for ½ hour or 1 hour depending on the demand. Your boss comes to you , knowing you can get most anything accomplished and tells you the director of the library system has been tasked to provide wireless internet capabilities for patrons of the libraries AND guests of the libraries – and it has to be SIMPLE for the patrons and guests to use!

The requirements I had to work with were:

• Simplicity of configuration and use by patrons and guests
• Protection for the internal library wired network
• Ability to block patrons and guests from accessing internal wired network with exception to a couple of servers.
• The training department personnel did not have to do anything to allow use
• Computer support personnel needed unbridled access of the wired network for internal use.
• Hands-free stand-alone operation so library staff are not required to be computer geeks
• Ability to modify configurations easily (centralized control and configuration)
• Flexibility to be able to add features easily
• Hack proof (Ability to recover from a hack attack easily without losing integrity)
• Ability to control amount of time a patron or guest could spend on the system per day
• Aggregation of time used across the whole library enterprise (stops library hopping to gain more access time)
• Ability to control when access is allowed (open and closed time control)
• Ability to control bandwidth used by patrons or guests
• Ability to control total upload/download used by patrons or guests
• Ability to block users who abuse the system
• Ability to “brand” each location to customize the look for each library
• Reports generation to allow tracking of use by patrons and guests for total usage counts per day

(NOTE: I am sure I have forgotten some of the requirements but have met all that were given to me!)  This spurred a search for such a system!

After looking at different vendor offerings it became apparent the costs were just too high to implement such a system at each location (about $2500 – $4000 per site at the time I went looking back in July of 2004) and I had a “budget” of about $700 per location which was for both hardware and software!!!

Well – maybe there is something out in the public domain that I can modify to perform what the Library System Director wants….Performing a Google search turned up only two possible candidates!

Chillispot, which is a captive portal system but requires a gateway server for itself and both a Secure web server AND a Radius server to handle the authentication.

OR

The PublicIP system which requires only a Gateway Server.

I downloaded the PublicIP system to check it out….

There was just one word to describe the system when I fired it up on a spare computer:

WOW ! (note: this was back in the PublicIP version 0.41 !).

This looked like a very good “fit” to the requirements I had to work with. The price was right and I did not have to buy a bunch of proprietary hardware (at outlandish prices) to implement the system!

We needed a way to differentiate the wireless access capabilities for guests, patrons, our training department and our computer tech support personnel. The PublicIP system had 4 levels of differentiation (called Classes). This was a perfect fit!

The main item missing was bandwidth limiting control. I figured I would contact the programmer to see if that was something in the works. Now, having been involved with computer systems since the mid-70s (telling my age here!), I figured it would be a week or so before I heard anything back – imagine my surprise when I got a response back in less than an hour! Scott (wi-phi) Tully, the master-mind behind the PublicIP system, informed me the bandwidth limiting was coming out very soon so I decided to do some more testing of the system.

Enter August – 2004… Needless to say – living in Brevard County, Florida, I was just a “little” busy between the later part of August and most of September with some “minor” storms in the area (Hurricanes, Charlie, Francis and Jean). Those were fun!!! (NOT!!!)….

Once we had gotten past the wrath of mother nature I was able to continue testing the PublicIP system (and upgrading the ZoneCD CD just as fast as Scott came out with newer versions)…

Occasionally I would run across something I did not understand and send a message to Scott on the forum and he would respond with either an answer or a software patch that took care of the concern or problem very very quickly! Did I tell you Scott was very fast in responses to problems??? He was (and is)!!!

I figured Scott has the forums sending messages to a pager he has duct-taped to his head so he knows when something has been entered!!! That is the only method I can think of where he would know about questions to answer them as quickly as he does!There was one remaining “issue” I needed to resolve before I could push forward with the project (actually two but that is another story itself).  Since we are a public library system covering a whole county we have a “few” patrons with library cards! The current count is over 279,000 library cards that are active and valid. This produced a “small” dilemma – how to authenticate the patron while keeping the authentication process simple for the patron and not having to maintain two large patron database systems – one for the library and one for the wireless access system!

We hit upon the idea of using our RPA server (Remote Patron Access server) that is used to allow library patrons accessing our library services from the internet the ability to access our databases as well. Basically we make a “request” to the RPA server using a web request for access using the patron’s bar code number from their library card and their last name as a password and then if the information returned by the RPA server is valid or not (the RPA server responds back with a different webpage depending upon login success or failure). We had a method to use the partrons library card as a means to authenticate them into the Wireless system for access. The alternative would have been to create a dump file of all the patrons in our system and send the information across to Scott’s Zone Control server for authentication!!! That would have been a nightmare!!! I setup a method to validate a patron through the RPA server using PHP and sent the information to Scott. Scott converted the PHP version into JAVA and incorporated it into the authentication method used on the Zone Control server to allow authentication without having to load all the patron’s into the Zone Control server’s database! A Very Big Deal Indeed!

Having gotten past all the major hurtles I ordered the hardware to be installed at all 17 library locations. I used the Shuttle XPC model SS-56G version 2 as the basis for the ZoneCD server with a Celeron 2.26 GHz Prescott processor (overkill big time but the boss said at $76 for the processor I had better!), 256-megs of RAM, a 48X CD-Rom player and a floppy drive. I had to install a second PCI nic card to have two nic interfaces in the machine. I also ordered 36 each Linksys WRT54G Version 2.0  wireless routers and installed the Sveasoft firmware in the routers to allow output power control and MAC access control for WDS operation. The above hardware ran about $550 for each library loation in the quantities I ordered using one of the hardware vendors in the local area (yes – not a bad deal indeed). I used the ZoneCD version 0.5-3 image ISO for the CD-Rom images.

It took about two weeks to perform the installations at all the library locations. I could do about two installs a day given the distances I needed to cover, the installation and placement of the wireless routers in the libraries and any additional CAT-5 wiring needed. This also included the time to perform testing and any tweaks needed at each location for additional laptops the staff had. Other than about 500-miles of distance covered performing the installations everything went very smoothly!

All in all we are very happy with the PublicIP system! In it’s present configuration we are able to perform the following:

• Control total bandwidth used by the wireless system at each location – this keeps the patrons and guests from using all available bandwidth to the remote library locations so the library applications used by the staff function properly!

• Control the total amount of time patrons and guests can stay on the wireless system – keeps people from camping out at the library all day long – not that we mind but there is more to life than JUST the library and we did not want to become someone’s idea of an ISP!

• Block access to people abusing the system – this is something we have not had to do yet but I suspect it will happen and it is nice to know the pieces are in place to perform this task easily!

• Control services the Guest Class (protected class) can access – allowed me to “tune” the system to match the capabilities of our public access computers.

• Control the uplink and downlink speeds for the patrons and guests – we set the guest class to ISDN speeds with 200-megs of total download possible (which is about 6 hours & is the total time a guest has per day ) and the patron class to DSL-Lite speeds. The total bandwidth allowed is set to 1-mbit and this still allows 500kb speed for internal library applications – more than enough!

• Brand each library location on the login page.

• Supply our own terms of use policy to match the public access computer’s terms of use for the library plus the additional use policies governing the use of the wireless sytem. This document has been reviewed and approved by the County Attorney.

• Easy configuration for patrons and guests to access the wireless system. I have setup web pages for the guest and patron to use that has instructions on how to configure their wireless device to access our system. We are running the wireless side totally open mode (no encryption or MAC address filtering to the wireless routers) and there are numerous warnings to the guests and patrons as to the implications of such a system.

• Provide access to the wireless system in just about any location within the libraries – the use of the Sveasoft firmware allowed me the ability to adjust the power output of the Linksys routers to cover the areas needed! The use of WDS has the added benefit of allowing a patron or guest to move about anywhere within the range of the wireless routers and NOT lose their connection to the system (do not have to login each time they move into a different router’s area within the WDS system).

• Allows the training department to move about freely within the libraries so they can adjust the place they need to use for different sized classes. They can use any of the Meeting rooms or Conference rooms within the libraries for the classes. The system is configured to allow the training department laptops to connect to the system using the unauthenticated access method described in the Tips and Tweaks section on the PublicIP website (on this site as well)!

• Allow the computer support personnel to access our internal online help desk and inventory tracking systems so they can make changes to the information from any library and any location within said library using either a wireless PDA ro laptop (of which they have access to both).

• All libraries are setup as ‘shared’ zones so we can generate reports on individual library use by patrons and guests. This is useful information in determining if people are finding out about the wireless network at the respective library locations and also indicates how many “extra” public access computers we would have had to install to meet the same usage!

We are very pleased with the outcome of this project. It has been a great experience for the computer support staff and myself! My boss is very happy as is the Libraries Director (important to job longevity! ). Brevard County, Florida is home of the Space Shuttle launch site and has now moved a little more into the 21st Century!

We have not advertised (yet) the fact the libraries have public wireless access capabilities but at every location I have installed the system I have seen some activity! To date I have seen up to 18 user’s of the system – most are staying connected for 2 or more hours. I have talked to a couple of individuals using the system to find out how hard it was for them to connect. I was told it was not a problem at all! One user was using an iMac G4 laptop and did not have any problems with the connection! Another couple was using the connection to check on local sights (we are just 8 miles inland from Cocoa Beach, Florida) and attractions and more importantly places to eat.

The system is based on the PublicIP Hotspot control system, a freely available hotspot control software package that is based on a LiveCD implementation of the Debian Linux operating system.  The actual implementation is called Morphix, which is based on an implementation called Knoppix and all the software “lives” on a Compact Disk.  There is no software to “install” on a hard-drive since it lives on the CD so even a hard drive is not required in the hotspot controller!

For even less rotating machinery you can also obtain the latest version of the PublicIP system on a solid-state drive!  The solid-state drive connects directly to the motherboard IDE connector and has it’s own power connection – it appears to the computer as an IDE drive and the system works very well indeed – even faster than the CD-Rom version since the solid-state drive has not rotating storage and is random access capable.

I hope you found this article to be useful.