When setting up a Wi-Fi infrastructure in a medical facility such as a hospital, it is important for IT managers to follow certain processes to ensure a reliable and secure wireless network. In our previous posts in the Setting Up Wi-Fi in a Medical Center series, we covered steps one and two of the process, Performing a Site Survey and Positioning APs. This week we are focusing on step three, Setting Up the Network.
Separation Using VLANs
A layer of separation for different traffic on multiple Virtual Local Area Networks (VLAN) can ensure that important communications are connected and go where they need to go quickly and securely. Access control must also be used to control who can access which VLAN. Separate VLANs should be set up for guests, staff personal devices, clinical devices, and medical devices. With this separation and adequate, per-VLAN access control, it is possible for IT managers to completely isolate these networks from each other, thus making any information transferred on the network that much more secure.
The most important separation to include, no matter what, is the separation of guests from any important devices or sensitive information. The IT manager must make sure that guests cannot have access to anything sensitive or life-critical. In order to be sure that guests cannot gain access to any other VLAN on the network, the encryption and credentials required to access each and every VLAN should be different.
An additional layer of separation between life-critical medical devices and all staff and guest devices is needed for assured data throughput on important traffic. All guest devices and any devices brought in by hospital staff should be connected to the 2.4 GHz spectrum. Since most consumer devices support 2.4 GHz, this won’t bar any guest or staff devices from the network.
When connecting life-critical devices to a wireless network, uninterrupted connection is of key importance. Since most consumer-grade Wi-Fi enabled devices, Bluetooth devices, phones, microwaves, and countless commonly used equipment operate within the 2.4 GHz spectrum, all life-critical hospital equipment should be on the less-congested 5 GHz spectrum. This less-congested spectrum allows the traffic from important medical devices to be more readily transferred with less latency due to throughput bottlenecks.
While 5 GHz ultimately allows for smoother data transfer, Dynamic Frequency Selection (DFS) should never be used in a hospital. It is unstable and can cause lapses in connection of up to two seconds every time it scans. Two seconds of network loss in a life-critical device can cause real-world damage.
Quality of Service
Quality of Service (QoS) allows IT managers to create a hierarchy of prioritization for transmissions. QoS systems are generally set up per VLAN, adding another separation of traffic to improve the flow throughout the system. There are typically four levels of QoS packet prioritization that can be applied to certain traffic. In descending order of significance, these are Voice, Video, Best Effort, and Background. Best Effort is the default QoS setting and Background is a maintenance priority; it is sent when nothing else requires the bandwidth.
Before a QoS system is implemented, the IT manager must decide which traffic on the VLAN is the most important (what must be sent at all costs) and designate that as a top priority. A similar process should be performed for the next most important level of traffic (designated as Video) and the rest of the traffic (designated as Best Effort).
For guest VLANs, QoS would not be used. All guest connections would be treated as equal and processed as first in, first out (FIFO).
Optimization for roaming is a huge portion of what goes into a site survey. A general suggestion is to optimize for 5 GHz roaming and then change the transmit power of the 2.4 GHz to lessen the cell size to match that of the 5 GHz interface. Another important consideration when choosing devices to use in a hospital is to choose those that allow for roaming customization. This ability to customize each device’s roam settings allows IT managers to better improve connectivity to the network.
The three important customizable settings when it comes to wireless roaming are as follows:
- The low signal strength threshold that triggers the device to start the roaming process
- The positive change in signal strength required before roaming to another AP can be completed
- The minimum period of time before a device can roam back to a previous AP
A general rule for individual device roaming is that, if the device is highly mobile, it should probably roam faster than more stationary devices. Of course, the site survey and the requirements of the individual device in the hospital dictate to which level each of the three listed settings should be set.
In addition, many APs come with what is called AP-assisted roaming. When dealing with the vast array of devices found in hospitals, there is no one-size-fits-all approach that works. That is why we suggest that AP-assisted roaming is turned off; this allows the client devices to make the roaming decisions.
For the full five step process, download our Setting Up Wi-Fi Infrastructure in a Medical Center white paper. More information on wireless networks and devices in hospitals is also available on Laird's Connected Hospital webpage.
Keep an eye out for the next post in this series which focuses on security, and don’t forget to subscribe to our weekly email!