Thus far, Pittsburgh International is the only major airport to offer free wireless Internet access across its terminals. Pittsburgh travelers who have Wi-Fi can surf the Web and access their corporate VPNs from any food court--and soon, from their seats at the gate--without having to hunt for a network jack.
The new 802.11b WLAN service promises to draw more passengers to the airport. Large companies, such as Bayer and Heinz, are already routing employees through Pittsburgh International as a result of the wireless offering.
But it was a business slowdown, not a technology demand, that first got the WLAN effort off the ground. Since the 9/11 terrorist attacks, Pittsburgh International has been hit hard by changes in airline travel. First, security precautions forced the airport to restrict access to the Airmall, its 100,000-square-foot shopping mall, to ticketed passengers only. Then, the airport's main tenant, US Airways, scratched 100 daily flights in a cost-cutting move. Suddenly, airport management was in dire need of new ways to attract passengers and flights.
Pittsburgh International chose free wireless, in the hope of bringing in more connecting travelers, says Tony Gialloreto, IT manager at the Allegheny Airport Authority, which runs the Pittsburgh air facility (see "The Hard Sell," page 81). Other airports were offering wireless Internet access, but most of them used a third-party service provider and charged 24-hour fees of $11 or more. Pittsburgh International took a different route, providing access through its own Enterasys Networks RoamAbout R2 network.
A traveler with an 802.11b card just powers up his or her laptop, which then goes to a default setting that picks up the wireless signal. "Once users are connected, they go to their browser," Gialloreto says. So far, he adds, the airport gets 8 Mbps to 10 Mbps out of the 11-Mbps wireless pipe, and the WLAN traffic of 1,200 to 1,800 users per month doesn't impair quality of service.
A Secure Policy
With the wireless access service in place, the airport is turning its focus to internal WLAN apps. By next year, wireless PDAs will replace the walkie-talkies that firefighters and other emergency-response workers use in the airfield. The wireless LAN will let the workers file reports from the airfield or emergency site instead of from offices equipped with wired laptops and PCs, Gialloreto says.
Pittsburgh International is also running a wireless pilot with the Department of Homeland Security's Transportation Security Administration. Although security concerns prevent Gialloreto from speaking in detail about the pilot, he admits the WLAN could come in handy for security screening, especially if the TSA grants the airport's recent request to let unticketed passengers back into the gate areas and the Airmall.
The new internal wireless apps will require one feature the free wireless access service doesn't: authentication. Travelers are limited to Internet access via DHCP, HTTP or HTTP-S protocols. An airport firefighter, however, will be able to enter a user name and password to gain wireless access to the airport's backbone LAN, which will authenticate the user's credentials and privileges through data stored on an Active Directory server. TSA employees will also authenticate to the WLAN, but likely with specific group and individual privileges.
It's all about policy. Like any conventional enterprise, Pittsburgh International uses its existing LAN infrastructure as well as security tools to dole out user privileges--Wi-Fi users can't go anywhere but the Internet, and internal users will be allowed access only to specific internal applications from the WLAN. The airport runs Enterasys' NetSight Atlas Policy Manager tool, which sets these user privileges.
Gialloreto and his team manage the airport's WLAN from a central site. With NetSight Atlas, they can write policies--such as a directive to block a particular port when a new virus hits--that are sent to the switches automatically.
Enterasys, meanwhile, is building back-end reporting tools for Pittsburgh International that will let the airport pinpoint by IP address anyone who tries to "ping" its LAN or break a policy on the WLAN.
Powering Up
Gialloreto and his tiny team of technicians tested and installed the WLAN themselves last fall. A third-party wireless service would have cost the airport $100,000; the internal WLAN cost less than $23,000. About half of the 60 planned R2 access points are already installed on the 11-Mbps WLAN, and the rest should be in by summer.
Gialloreto's biggest initial worry was getting power inside the ceiling of the airport complex, which wasn't accessible in areas with concrete or drop ceilings. So the airport used the Enterasys access points' 5-volt power-over-Ethernet feature and centralized the power for the APs in a wiring closet.
"It's nice to have the power accessible in the wiring closet rather than having to take a ladder up to the ceiling to figure out a problem," Gialloreto says.
When Gialloreto and his team began testing the WLAN, they found that some RoamAbout 2 antennas were blasting the wireless signal way too strongly and widely. "We didn't want to broadcast it to the tenant stores--we just wanted a signal in the food courts," he says. So the airport stripped the antennas from the offending boxes.
In the future, Pittsburgh International will likely add next-generation WLAN technologies such as 802.11a (54 Mbps, 5 GHz) and 802.11g (54 Mbps, 2.4 GHz).
"One of the nice features about this access point," Gialloreto says, "is that whenever we decide to go to 802.11a, 802.11g or 802.1x security, we don't have to purchase a new box."