Ok, I know I am probably leaving out some important details but this is the problem.

Where I work I am all over the building troubleshooting the building climate control system. Pretty elaborate system where we have negative room pressures, critical temps and minimum air changes in a room per hour.

When I am troubleshooting I often need to observe the acttions/reactions of inputs and outputs. Mostly mA and 0-10 vdc stuff.
To do this I have to call up to an office and see if someone is at a terminal. Then I have to tell them what device I want to check and how I need them to operate it. Communications is difficult as the radios/phones don't work to well in the environment.

We have proposed getting a laptop with wireless capability so that I can directly control the system while I am at the device.

The problem is IT claims that the laptop would be a security problem since I could access the intra net and internet from this PC.

The program that I monitor is on a dedicated server.

I would think there would be some way, perhaps using the MAC address to limit the access to only the server with the resident program.

Any suggestions? I need to be able to make this argument in a convincing manner.

While not an IT guru, I do know that some of our customers access us to thier BAS without allowing access to the main servers/intranet. Different setup? I do not know.

Yep, it's a BAS system. I think the IT folks just don't want to tackle it but the hassles of tying up two guys to troubleshoot a problem plus the chance of miscommunication during the process would make the effort worth it. Maybe we just ought to request an IT tech be made available whenever I need someone at the terminal.

Hmmmmmm....

I thought only government had these types of inefficiencies.

I agree that your IT department just doesn't want to mess with it.

PH - I'm not an IT expert, but I honestly believe that modern technology could easily solve your problem. I'd approach this from a business standpoint, by conducting a basic time/cost survey of your present method. Take these costs to your manager so that he has an opportunity to implement technology that will save the company money. This should be a management issue IMO, between your dept. head and the IT dept. head, not you and an IT guy who simply can't be bothered.

Its technically possible, since I assume you are behind a firewall. And as long as there are no hot-spots that you can connect to outside of the corporate network (like the coffee shop down the street), you'd be contained by whatever rules they have setup on their firewall.

But the other issue is that anyone else could potentially access the wireless port they provide for you. While you can restrict these ports, most IT departments would want to put it behind a dedicated DMZ on the corporate firewall.

And high performance corporate firewalls (Cisco ASA 5500 series for instance) are much more expensive to purchase and maintain than your run-of-the-mill $39.95 combo router/wireless/firewall you buy at your local Best Buy.


But I see it more of a problem of corporate politics than technical.

It sounds like your I/T department doesn’t have the infrastructure in place to handle this safely.
I carry a company laptop all the time. Yes, I can browse the open internet from any WIFI location, but I can also access my company’s applications from any WIFI location. However, to get to my company’s applications (via a Virtual Private Network… VPN), I have to use a passcard. This is a little card that constantly flashes a random 6 digit number that changes every minute that needs to be typed in when I access my company’s VPN. This keeps unwanted PC’s from accessing your company. It sounds like they don’t have the passcard infrastructure in place.

OR private companies are no more efficient than government!

Don't connect the laptop to the internet? Restrict the wireless router to solely access intranet. That way, when you're on the intranet network, you can't be bothered. There are multiple good solutions to secure the connection between the laptop and access point/ router.

We have vendors and sales folks come in all the time and jump onto our wireless (if we let them). They are not part of the "Domain", so they cannot access any resources other than the Internet - big deal.

If you are a contractor there, and you have a server that is on the network, then you have a legitimate reason to be on the network and the company (IT group included) has a legitimate reason to trust you. You should be able to access your server, but not any of the other company computing resources.

Climb on up the I.T. organization 'food chain' a little higher. Hopefully there will be intelligent life up there.

Your friendly I. T. Director,

tpenfield

Ditto on your IT group being either not willing, not knowledgeable, or not funded well enough--or a combination of these.

If WiFi can be used securely in health care (i.e. hospitals and clinics), it can be used in most other industries.

Yes, there are many precautions to consider with WiFi, but it is very doable... I don't know if you'd have to fight much with EMI/RFI in your environment, but it is something to consider.

from another friendly IT Director...

I'm not a contractor, I'm a technician employed by this company.
What makes it funny is our department has to do extensive documentation and photocopying. Yet we can't get a copier in our office. We have to walk over to another building and use one of the three in HR's office.

Sounds like the head of your dept. does not know/understand/or value the time of the people in his/her dept. Either that, or he/she is chickens**t to ask for money.

Walk to another building to make copies???? Yikes! You probably all share one dot matrix printer too.

If cell phones and radios won't work....do you think a wireless signal will?

Most industrial plants/factories communicate w/ industrial two way radio(2 or 4 watt). When they have to troubleshoot a transmitter on the other side of the paper mill....they do just what you describe. Only they are talking to the control room via the radio.

This one is rated for a 20 floor indoor range:

http://www.grainger.com/Grainger/items/1WC90

Remember you can place a wireless router on the permiter so if most of his work is on one end of the building, placing the router there and plugging it into the network infrastructure works well.

There are network access points all through the building where I could plug in the wireless device. I would not be more than 75 feet from it. The cell phones have to punch out through the walls to the nearest tower. Most of the time they can but when they can't it's at the worst times to loose comm.

My supervisor is pushing for the laptop, he is kind of a techy freak himself. He does not buy into IT concerns about "network security" issues.

We do have a printer, it is a 6 year old laser printer that just chugs along.