Wireless Guest User Pattern

The logical design pattern for wireless guest user shows how a wireless guest user can access the Internet or NIH resources through the wireless gateway. Because guest users will not have access to the VPN software, they will use a Secure Sockets Layer (SSL) encrypted session to be tunneled directly through to the wireless gateway. This gateway will require the same login that is available from the Internet in order to access any internal NIH resources. In this way, the external users can connect to the Internet and can use their extranet login to connect to any NIH resources which would otherwise be accessible from the Internet.

• Supports multiple vendor client cards and access points
• The WLAN solution is scalable, can be centrally managed, meets security requirements, and adheres to NIH wireless policy
• Users must load and initiate VPN client software in order to establish connectivity securely
• As shown in the logical design patterns, this approach addresses different classes of users

• Requires using a proprietary VPN to address security
• Addresses WiFi access through NIC cards; does not address integrated wireless devices such as Blackberries or RFID readers
• Rapidly evolving technology and standards will require NIH to revisit and update this pattern frequently so that NIH can obtain the newest security, capacity and functionality capabilities