Wireless distribution behind Church Managed Firewall

Discussions about Internet service providers (ISPs), the Meetinghouse Firewall, wired and wireless networking, usage, management, and support of Meetinghouse Internet
User avatar
Mikerowaved
Community Moderators
Posts: 4402
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#61

Post by Mikerowaved »

pmblood wrote:Meetinghouse Internet Access has just been authorized for our stake and we may provide wireless access for some of the computers on the network behind the firewall. When we call the GSD to activate the Firewall, do we need to request “LDS access profile” that is mentioned in some of the forums.
Greetings Mike, and welcome to the forum.

If I understand your question, a clip from THIS webpage gives the following information...

Security and Filtering

The Church-managed firewall device is required for all broadband Internet connections in Church facilities. This device provides security and filtering. However, these protections alone do not completely eliminate the risks associated with the Internet. Stake presidents can choose between the following two filtering options:

  • LDS Restricted Access—Allows access only to Church-sponsored Web sites (for example, www.lds.org, www.mormon.org) and Web-mail sites.
  • LDS Extended Access—Blocks known inappropriate material (for example, pornography, weapons information, hate sites, and other known offensive content) but could be more susceptible to misuse.

Since the plan is to eventually have a broadband connection to each building in our Stake, each one will have its own Cisco firewall box allowing the Stake President to choose one of the above options for each location.

Mike G.

EDIT: Looks like you beat me to the punch, Alan. lol
So we can better help you, please edit your Profile to include your general location.
dafferngg-p40
New Member
Posts: 1
Joined: Wed Apr 16, 2008 8:20 pm

#62

Post by dafferngg-p40 »

pmblood wrote:Meetinghouse Internet Access has just been authorized for our stake and we may provide wireless access for some of the computers on the network behind the firewall. When we call the GSD to activate the Firewall, do we need to request “LDS access profile” that is mentioned in some of the forums.

There are instructions with your Cisco ASA router which will walk you through the setup, including instructions on calling the GSD. You should order a ASA router for each building that will be connecting to the internet. The LDS ACCESS SSID profile is for the AP in the CCN configured meetinghouse. Meetinghouses that have internet with a Family History Center, FM Office, Family Services or Seminary or any other Church offices are generally CCN configured meetinghouses.

By the way, the second level GSD desk referred to in other posts is call OTSS.

Hope this helps
Gary
terrellthomas
New Member
Posts: 19
Joined: Fri May 09, 2008 7:54 am

Power Line Ethernet

#63

Post by terrellthomas »

I believe you should also consider Power Line Ethernet. It requires one power line ethernet adepter for each computer and one for the router. The one from the router will support up to 8 PCs. I found this solution to work really good in 2 of 4 buildings. Every outlet in these 2 building became ethernet ready.
In future they will be easy to support. I had one of the buildings up on existing ccn router in less than 45 minutes. This included two clerks offices. :)
jdlessley
Community Moderators
Posts: 8721
Joined: Mon Mar 17, 2008 12:30 am
Location: USA, TX

#64

Post by jdlessley »

terrellthomas wrote:I believe you should also consider Power Line Ethernet. It requires one power line ethernet adepter for each computer and one for the router. The one from the router will support up to 8 PCs. I found this solution to work really good in 2 of 4 buildings. Every outlet in these 2 building became ethernet ready.
In future they will be easy to support. I had one of the buildings up on existing ccn router in less than 45 minutes. This included two clerks offices. :)
Make sure you check how your power in the building is set up. If your building has been modified to add electrical circuits it is possible that additional breaker boxes have been added to accommodate the additional load. If this is the case then Power Line Ethernet will not work when the location of the router is on one circuit (breaker box) and the computer is on another circuit.

We ran into this problem because our building had been modified or expanded three times. We therefore had three separate circuits in the building.
User avatar
Mikerowaved
Community Moderators
Posts: 4402
Joined: Sun Dec 23, 2007 12:56 am
Location: Layton, UT

#65

Post by Mikerowaved »

My STS asked me a few weeks ago about the possibility of using AC wiring for LAN and this was my reply...

There have been proprietary AC wired LAN devices for many years, but the industry got together and came up with "HomePlug". Homeplug certified devices are supposed to be compatible with each other. The technology pretty much matured like this...

2001 - HomePlug 1.0 - 14 Mbit/s theoretical max
2002 - HomePlug Turbo - 85 Mbit/s theoretical max
2005 - HomePlug AV - 189 Mbit/s theoretical max (Not compatible with prior versions)

Although when it works, it's reported to work quite well, I've found there are still a few problems with this technology:

1. The current IEEE P1901 standard for HomePlug AV allows for two incompatible modulation schemes. Their thought was to "let the market decide" which of the two would develop into the "real" standard. Since we would most likely buy products from the same company, this would probably not be an issue. This is just an example of how this technology is still maturing. Here's a blog from just last week on the topic...

http://www.edn.com/blog/630000263/post/220026822.html

2. Most small buildings like ours in the US have a split-phase AC supply and as far as I know, this technology is good only on ONE phase at a time. So if you're trying to bridge between two or more points, they would all have to be wired on the same AC phase. (This can be tested before hand.)

3. The technology uses the 1.7-30MHz spectrum and could possibly cause interference with nearby ham operators trying to receive weak signals in the same spectrum. Since amateur radio is a licensed service and HomePlug devices are under FCC "Part 15" unlicensed guidelines, the amateur stations would take priority in any complaint filed to the FCC to have the interfering signal shut off. (This is a VERY far stretch, but is still within the realm of possibilities.)

4. Like wireless technology, the actual throughput depends on a lot of factors and will definitely be less than the theoretical max. Sometimes significantly so and you wont really know until it's installed and tried.

5. The cost-per-adapter is currently in the $75-$100 range.

I would consider this, ONLY if all other choices (wired Ethernet, 802.11n wireless, etc.) failed to work in that situation.
So we can better help you, please edit your Profile to include your general location.
russellhltn
Community Administrator
Posts: 31326
Joined: Sat Jan 20, 2007 2:53 pm
Location: U.S.

#66

Post by russellhltn »

Mikerowaved wrote:2. Most small buildings like ours in the US have a split-phase AC supply and as far as I know, this technology is good only on ONE phase at a time. So if you're trying to bridge between two or more points, they would all have to be wired on the same AC phase. (This can be tested before hand.)
Most commercial buildings, including churches, are wired with 3-phase power. Same issue applies. The signal has a problem getting from one phase to another.

3. The technology uses the 1.7-30MHz spectrum and could possibly cause interference with nearby ham operators trying to receive weak signals in the same spectrum. Since amateur radio is a licensed service and HomePlug devices are under FCC "Part 15" unlicensed guidelines, the amateur stations would take priority in any complaint filed to the FCC to have the interfering signal shut off. (This is a VERY far stretch, but is still within the realm of possibilities.)


A much more likely scenario is that the ham signal will jam the home plug device. Worse, the problem will only happen when the ham transmits. So everything may be fine until some contest weekend and suddenly it won't work. (Murphy's law says it will happen at the worst time.)
eyoungberg-p40
New Member
Posts: 31
Joined: Thu Jan 31, 2008 3:45 pm

#67

Post by eyoungberg-p40 »

rsamis wrote:We have three FHCs in our stake buildings that all include wireless access that was installed by a contractor hired by the FM Group.

Could you share the solution provided by the contractor, and your building type/layout? Also, how well does the wireless system work?

Thanks!
jsfriedman
New Member
Posts: 20
Joined: Thu Jan 03, 2008 4:51 pm
Location: Seal Beach, California, USA

#68

Post by jsfriedman »

rmarchant wrote:This is a great discussion. The notice from the Presiding Bishopric dated 11 Feb 2008 provides authorization for stake and ward computers to connect to existing Church Communication Network (CCN) networks. The responsibility for connecting to the existing network is left to the Stake and Stake Technology Specialist (STS), with clearance from the Facility Manager. Wireless distribution to clerk offices is an option.

There are a few possible scenarios:

(1) You want to connect clerk computers to an existing CCN wireless network (access points already installed)
  • Contact the Global Services Desk (GSD) and request that the "LDS Access" wireless configuration be added to the existing CCN wireless network.
  • GSD will update the existing CCN access points with a new SSID with WPA pre-shared key security.
  • The STS can connect clerk computers to the new SSID.
(2) There is an existing CCN internet connection but no existing wireless network.
  • The Stake can purchase off the shelf wireless equipment and install after approval from the FM Manager.
  • The policy requires that industry standard wireless security (WPA pre-shared key) be used to secure the wireless network.
I have been "fighting" for months with my local facilities group to try to get an outlet installed so I can install a WAP in our Stake Center cultural hall and in the back hallway. We already have Internet and wireless in our FHC and Stake Clerk's office. First they did not like the location of the outlet because it would be external. Then they refused saying Internet was not approved in meetinghouses outside the FHC - after which I sent them the 2/28 policy letter. Now since they learned it was for a WAP- they say wireless Internet has not been approved. A policy letter that specifically mentions that "wireless" Internet is also approved might help me get through this quagmire.
User avatar
mkmurray
Senior Member
Posts: 3233
Joined: Tue Jan 23, 2007 9:56 pm
Location: Utah
Contact:

#69

Post by mkmurray »

jsfriedman wrote:A policy letter that specifically mentions that "wireless" Internet is also approved might help me get through this quagmire.
Perhaps the August letter talks about wireless and it's place in the program. The August letter was the official roll-out to all units within the U.S. and Canada. I have never seen the letter myself though.
User avatar
aebrown
Community Administrator
Posts: 15127
Joined: Tue Nov 27, 2007 8:48 pm
Location: Sandy, Utah

#70

Post by aebrown »

mkmurray wrote:Perhaps the August letter talks about wireless and it's place in the program. The August letter was the official roll-out to all units within the U.S. and Canada. I have never seen the letter myself though.

No, the August letter was almost exactly like the previous letters. It says nothing about wireless. But anyone can see .pdf]the August letter at clerk.lds.org under Letters and Policies.
Post Reply

Return to “Meetinghouse Internet”