Commercial Alcohols Calls on Aruba for Voice over Wireless

As Canada’s largest manufacturer and supplier of industrial fuel and beverage grade alcohol, Commercial Alcohols, Inc. (CAI), wanted to implement a wireless infrastructure that would be easy to operate, secure and give plant operators and staff faster access to information across sprawling production plants throughout North America. So they went to Aruba.

Headquartered in Brampton, Ontario, Commercial Alcohols has a small IT staff to support operations in eight cities across North America. Due to the nature of the business, CAI staff is highly mobile throughout the plants and requires technology that enables secure connectivity at any instant. CAI’s requirements focused on providing voice over wireless for plant operators, seamless mobile connectivity for other staff accessing various data center applications, and securely extending, but centrally managing, Wi-Fi to remote operations.

CAI’s first step was deploying Aruba wireless LAN switches and single radio 802.11a/b/g APs around its Brampton campus. IT staff equipped plant operators with Nortel 2211 (Spectralink) VoIP phones that connect over the 802.11b/g spectrum to Nortel’s Business Communications Manager (BCM) VoIP system. A discrete, hidden SSID was created just for VoIP traffic. To secure voice traffic, Aruba’s system was configured to only allow voice traffic to traverse the SSID. All other traffic trying to access the voice SSID causes a client to be automatically blacklisted and an alarm sent to the administrator.

Additionally, CAI is using MAC address filtering to allow only authorized phones on the network. Each phone is only allowed access to the Spectralink SVP server and uses a 128-bit implementation of the wired equivalent privacy (WEP) protocol for data encryption to keep voice conversations private. If plant process problems occur, an alarm can be automatically generated and sent to the phone as a text message. Each VoIP phone also supports touchto- talk technology so operators can be immediately located in the event of an emergency.

“Wireless has become an essential part of our business operations now,” said Chris Thomas, IT Director at Commercial Alcohols. “We had a variety of requirements from voice to remote wireless access to two-factor authentication. Aruba was the only system we found that could easily meet all our requirements and then some.”

CAI leverages Aruba’s integrated VPN features and user policy technology as well as two-factor authentication to completely secure wireless users. Employees access the network through VPN connections terminated on the Aruba system. Aruba’s built in VPN dialer simplifies configuration and connectivity through an easy-to-use interface that is pre-configured to connect to the Aruba WLAN switch. Employees are also equipped with RSA tokens. Once connected, users enter a six-digit pin number that changes every minute and is synchronized with an RSA/ACE server connected to the Aruba WLAN system.

To extend wireless to remote offices, CAI has installed Aruba 60 and Aruba 70 APs that communicate directly to the Aruba WLAN switch over a VPN connection. Aruba’s remote AP technology uniquely allows IT staff to preprogram Aruba APs to connect over any IP network using the IPSEC protocol. Administrators simply pre-configure Aruba APs and send them to staff in remote offices.

Remote office staff require no technical expertise and only need to plug in the AP to a power source and an Internet connection. The AP is automatically programmed to build an IPSEC tunnel to the Aruba WLAN switch. Upon authentication, the AP’s configuration, power levels and channel assignments are controlled at headquarters. Users have access to the corporate network as if they were local and don’t require VPN client software on their laptops.

“With Aruba’s remote APs solution, I have total control, a better user experience, simpler implementation and lower costs,” said Thomas. “I don’t need a small WLAN switch at every remote site to serve 20 users and can offer the same secure Wi-Fi service anywhere, quickly and easily, just as I offer it throughout my enterprise.”

CAI is adding location-specific SSIDs for contractors and trusted users. These SSIDs are locked down using Aruba’s Web-based “captive portal” authentication for guests and a WPA pre-shared key for staff.

“Because there are so many things I’m able to do with Aruba’s system, it lets me creatively solve problems or find new ways to improve operations that I didn’t think I could ever do,” concluded Thomas.