| You can use LRP or any commercial
DSL/cable router for deployment of
high-end Internet-enabled hotel rooms to attract corporate guests, to
gain a strategic, competitive advantage over your competitors
non-wired rooms. Your "router" must be a type that allows multiple
Microsoft VPN
pass-through, thus your corporate guests can simultaneously
connect to the same corporate Microsoft PPTP VPN
server (as in
the case of a corporate meeting where many people from the same company
are staying in the same hotel trying to access their Exchange server in the
early morning or late evening),
or simultaneously connect to
different PPTP VPN servers
(as in
the case of a conference meeting where people from different companies
stay in the same hotel). It is amazingly sad to find so many hotels and
public access kiosks that accidentally blocks
Microsoft PPTP VPN by using an older type of "router", some hotel router only allow one
person to connect
to corporate VPN but no more than one guest at the same time,
and
some public kiosks even
block TCP port 443 traffic (TCP port 433 is used for https,
thus
stopping users from using secure webmail access and Microsoft Outlook web
access! ). Consumer grade products such as D-Link DI-604 and Cisco/Linksys
WRT54G are OK for this application (for small hotels).
You don't need to add a billing system for Internet use
(like
those used by large chains)
because for
a modest cost of $40/month (ADSL or cable-modem), you elevate your
hotel to the level of "free high
speed
Internet access".
Billing
system adds large capital costs
and adds recurring maintenance costs. The fact that you can attract one extra
corporate guest per
month because you have "high speed
Internet Access"
will easily pay for the cost of the ADSL line or cable modem line. Your
reservation staff and web site and advertising brochures should clearly mention "Free high
speed Internet Access included". "High speed Internet Access" is a
necessity for business and corporate travelers. There is a low cost in-room retro-fit wiring
solution:
use existing phone lines and add Passive Splitters from QLink
Communications Inc. (College Station, Texas). Their etherSPLIT
™
allow you to add Ethernet signals on existing telephone wiring
infrastructure. In order to do that, your existing phone lines from
your "telephone room" to the guest room should have a pair of unused
wire and less than 300 ft away, most telephone systems in small hotels
will meet that criteria. There is another way to send Internet traffic to rooms with existing cable TV wiring. The company who makes these boxes is called Corinex and these boxes can use either cable TV coax wiring or use the power line as transmission lines to carry Ethernet traffic to the rooms. Here is a photo of a Corinex cable TV to Ethernet converter in a hotel. If retro-fit wiring cost is too high for all guest rooms to have Ethernet connections, install a simple D-link or Linksys router box in the lobby or lounge with a low-cost Linksys WRT54G and some "category-5" cables. Corporate guests have basically 3 choices: no access
(i.e.,
your competitors), free access (i.e., you), or expensive access using
the large chains
thinking (i.e., that in
order to provide Internet access, the establishment must spend several
hundred thousand dollars). Well, I almost forgot about the 4th choice,
the dreaded "data port" (i.e., using a dial-up modem). "Free high speed
Internet Access" is a market positioning strategy, the only
downside is that barrier-to-entry is low, your competitors may found
and read this article, got the idea, make a trip to the local computer
store and install a similar system in a matter of hours ! The use of wireless Wireless 802.11 (aka WiFi) devices
is extremely
popular
these days. By adding an WiFi Access Point to the existing network,
you
can make
your hotel lobby "fully loaded" with wired access and
wireless access. Most hotels are doing that today. The following diagram shows how to add wireless Internet
to
the hotel's lobby for $60.
or use this scheme if you are starting a new
installation to
provide wireless access:
There are some technical issues which you should be aware of, these issues are common to all NAT-based firewalls of sharing Internet connection. (1a) Your corporate guests with laptops should ask their IT department to enable the laptop to use DHCP before traveling. This is the exact settings as "factory shipped". As IT departments mature, this will become the standard setup for traveling employees. (1b) Some special security (VPN) software installed on corporate laptops may prevent them from being used outside of their office, in that case, there is no cure. (1c) Some non-Microsoft VPN software may be installed on their laptops that is not compatible with NAT firewall traversal (pass-thru), in that case, there is no cure. (1d)
As the IT departments mature, these non-firewall friendly security software
will die and be replaced by SSL-based VPN (called SSL VPN) who can traverse
firewalls very well. (1e) If the laptops have software firewall installed, they should be set to allow DHCP to work so that the laptop can acquire an IP address from the DHCP server on the LRP. Once again, as the world matures, this may become less of a problem. (2) If these novice road warriors use Outlook Express as their email without doing a VPN, they probably cannot send e-mails (but they can still receive) because their ISP or corporate SMTP server will block mail relays from your IP address. In that case, you have to help them change their Outlook Express to use an "Outgoing SMTP" server that is friendly to your IP address. Typically this is your ISP's SMTP server. Sometimes your ISPs act unreasonable and they limit the number of emails you and your guests can send each day, you may consider adding an in-house SMTP server. All Linux boxes can be used as a SMTP server. Recently, major hotels have routers that divert all SMTP traffic to their ISP's friendly email outbound server (geeks call them SMTP server). The only catch is that these servers do not generally like username and password, they prefer the simple SMTP port 25, plain text SMTP protocol. In other words, they don't accept TLS on port 25, they don't like username/password (geeks call authentication) settings on the email client. |
Following table shows various conditions where mobile clients can send e-mail:
| E-mail client software on Laptops: | Special effort needed | Who does the sending |
Outlook Express, Mozilla
Thunderbird  |
A VPN-connection or a SSH tunnel to their corporate network. | Their corporate SMTP server. |
| Outlook Express, Mozilla
Thunderbird |
none. | Modern hotels route TCP port 25 traffic to a friendly ISP's SMTP server. |
Outlook with mail profile set to "Exchange Server", many
large corporate users are in this mode |
may need to establish VPN to corporate first. | Guest's corporate Exchange server. |
| Outlook Express, Mozilla
Thunderbird |
An authenticating SMTP server. | An authenticating SMTP server that accepts your username & password. |
| Seasoned road warriors | none. | yahoo or Gmail |
| Outlook Express, Eudora,
Mozilla Thunderbird and Outlook with transport set to "Internet Mail" |
change the "outgoing SMTP" to a friendly SMTP server. | A local SMTP server in your hotel or your friendly ISP's SMTP server. |
© 2000-2006
Nicholas Fong 
Burnaby, B.C.
Canada 
Last revised: July 29, 2006
Click here to return to the main LRP page
There are
security implications in deploying 802.11
networks.
