In fact, the home of the Large Hadron Collider attracts upwards of 100,000 visitors per year: business guests, students and members of the general public interested in taking a guided tour of the campus or exploring at their own pace CERN’s two permanent exhibitions: Universe of Particles and Microcosm. There’s even a gift shop for the most ardent admirers of the laboratory’s work in particle physics, offering CERN-themed keyrings, umbrellas, T-shirts and mugs.
Providing wireless visitor access to the Internet is now a hospitality requirement, according to CERN network engineer Vincent Ducret. It also lays the foundation, he says, for delivering a huge range of new mobile services and information, such as site maps and rich media relating to the content of the permanent exhibitions:
Guest access is an expectation today and our visitors to CERN expect Internet connectivity just as they would at other places they visit. And for us, it’s a valuable visitor service, because we can use connectivity to provide them with a great deal of content that helps them understand and appreciate our work.
Part of a wider picture
That content is currently under development, he explains, running alongside the deployment of a huge, campus-wide WiFi network at CERN using technology from data networking specialist Aruba (part of Hewlett Packard Enterprise).
This network is scheduled for completion by the end of this year, Ducret explains, and guest access for visitors is just a small part of the picture, because it will also provide Internet connectivity to 13,000 CERN staff and visiting researchers, along with authorized access to the organization’s internal network.
Building that infrastructure is no mean feat, since the 500-acre CERN campus comprises 200 buildings covering 400,000 square metres of floor space. Plus, says Ducret, there’s huge and growing demand for WiFi as staff increasingly expect to roam around the campus carrying smartphones, tablets and laptops. They expect the same seamless mobile experience in every location, he points out, whether they’re working alone at their desk or alongside colleagues in a dedicated meeting room or a table in a campus restaurant:
In defining the design of the Wi-Fi network, we knew we wanted a single infrastructure but a way to partition visitors and employees from a logical point of view, so that visitors are kept away from the internal network. We also knew that delivering a truly mobile experience meant we needed to meet high standards for reliability and security but find a way to make management not too complicated.
This isn’t the first time CERN’s had Wi-Fi, of course, but the previous infrastructure was based on independent access points, so it didn’t offer roaming, nor could it support guest access for visitors.
When complete, the new network will be based on some 4,000 indoor and 100 outdoor Aruba Wave 2 access points (APs), brought together in a single view for management using Aruba Network Management. It will support around 20,000 concurrent connections.
Aruba’s operating system (AOS 8), meanwhile, has simplified the deployment to some extent, says Ducret, because it automates the roll-out of configurations to new APs as they come on board. That’s been extremely useful, he adds, given the scale of the challenge and the aggressive timeframe to which he and his team are working.
While the implementation is still underway, it is already having a big impact on ways of working at CERN, says Ducret:
We now have one big pool of IP addresses for all of CERN, rather than lots of little pools for each building. For example, when people are in our main restaurant for lunch, they’ll be able to get an IP address just as easily as if they were in their office.
And with full roaming and interrupted coverage, people will keep their IP addresses and uninterrupted connections as they travel from the main physics building or the CERN Control Centre, for example, to the restaurant.
Similarly, it’s good news for those 100,000 visitors per year. They are able to quickly establish a network connection and identify themselves by means of a code sent to their mobile phone without needing to wait for a representative of CERN to approve their request. They can access the Internet and public CERN resources, but are kept well away from CERN’s private internal network and the secrets it holds.