As a network administrator for the City of Tallahassee (Fla.), Terry Baker wasn't going to deploy a wireless network at City Hall without complete confidence in the security of each application and record.

“I originally banned wireless systems attached to our networks,” says Baker, the technology infrastructure division administrator for the city, describing the network situation before a recent wireless roll-out. “If we were going to do a wireless system, we wanted to do it within our complete enterprise environment.”

The impetus behind a coherent, system-wide approach is common among many organizations, but Baker's situation was complicated because he is responsible for both general city government IT and law enforcement IT — each with their own requirements.

“We terminate a Virtual Private Network (VPN) in the law enforcement building because that's what the FBI requires,” Baker says.

It's not as though computer users weren't pushing for wireless access in Tallahassee. “City employees would go to conventions that offered wireless access, and they came back wanting us to do it,” Baker says. With project funding finally available (always a consideration in government installations), Tallahassee's IT division began putting together a pilot infrastructure for wireless network access.

The first and most significant issue in Baker's mind was wireless security — how to make sure that only authorized users could gain access to the city's network, applications and information. The city's IT staff experimented with a number of different security options to explore possibilities for security.

“We did tests with no encryption, full encryption, all sorts of authentication, we really ran the gamut,” Baker says. “Our wireless access point didn't have any authentication, so there were questions about the servers, and whether they should be on the protected or unprotected side of the network.”

In addition to the difficulties of user authentication and data encryption, the Tallahassee team had to deploy a firewall to enforce user access policies. Baker says the complication introduced by the different components of the security system made design and management of a truly secure system difficult, and lowered the team's confidence in the ultimate security and workability of the solution.

Baker deployed a wireless security system from Bluesocket. “It has its own DHCP server, its own VPN, a dedicated relay to the RADIUS server, and domain authentication,” Baker says. “Now, users are authenticated on this wireless gateway and the other authentication servers, and it also acts like a firewall in enforcing policies and restricting users to those services for which they've been authorized.”

One of the capabilities most often wished-for by potential wireless networking users is the ability to roam between offices or buildings while logged into their e-mail, calendar/scheduler or other applications. Most wireless systems are capable of allowing users to roam between access points, as long as the access points are part of the same subnet of the network. In the past, roaming between access points on different subnets or department floors (say, between the subnet for Law Enforcement and that for the Public Works Department) was beyond the capabilities of most wireless systems. Baker says that wireless gateway appliances allow single-login, secure roaming between any number of subnets.

“Secure wireless gateways allow for persistent connections,” Baker says. “You can set a time limit within which the system will go out and check with the client to make sure it's still there and authenticated.”

Baker says that the growing success of the wireless network is leading to the development of expanded wireless access beyond the city offices. “We have a beta system called the Digital Canopy out there on the street,” Baker says. “It's for people who are in coffee shops and restaurants. We're looking at it for our inspectors and permit people, to allow them to log-in and conduct their work while they're out of the office and are on site, on the streets of Tallahassee.”

In a geographically remote location like Tallahassee, where 3G service from major wireless providers is likely to be many months or years away, the 802.11b network provided by the city government is allowing city employees to take their wireless applications to the citizens and improve their work efficiency and effectiveness.