Accor D&T New East

Hotel Guest Internet

Infrastructure and Management

Author Denis Urenskiy

Date April, 11th , 2019
Version V1.3 EN

Accor New East Page 1 / 21

 Version History

Номер Дата Изменения Раздел Автор

ревизии
1 14/02/2017 Initial version DU
2 17/04/2018 MWV replaced to local intra-page 5 DU
Sources for Authorization page added app. 3
3 11/04/2019 Hotel bandwidth calculation rule changed 2.2 DU
Minimum bandwidth per client for each 5 DU
brand changed
Authorization page source added app.3 DU
Aruba equipment examples were added app.1 DU
Recommended WIFI suppliers added 1.1 DU

Page 2 / 21 Accor New East

Table of Contents
1 Introduction ........................................................................................................................... 3
1.1 Preface ................................................................................................................................ 3
1.2 PCI DSS .............................................................................................................................. 3
2 General principles for arrangement of network infrastructure .......................................... 4
2.1 General logic of network arrangement ................................................................................. 4
2.2 List of general requirements to Internet servise providers .................................................... 5
2.3 List of general requirements for physical layout of equipment.............................................. 6
2.3.1 Wireless network access equipment - Wi-Fi ....................................................................... 6
2.3.2 Wired network access equipment ....................................................................................... 6
3 Frequency planning and in-place signal measurements.................................................... 6
4 General requirements for the equipment to be installed .................................................... 8
4.1 Equipment for wireless data transmission............................................................................ 8
4.2 Wired data network equipment ............................................................................................ 9
5 General technical specification for wireless and wired network configuration .............. 10
6 Requirements for the system maintenance after commissioning ................................... 12
7 User authorization system.................................................................................................. 13
Annex 1. Examples of equipment selection .............................................................................. 14
Annex 2. Graphical chart of radio signal measurements ......................................................... 15
Annex 3. Graphical design of authorization page .................................................................... 19
Annex 4. Checklist for Project manager .................................................................................... 20

Accor New East Page 3 / 21

1 Introduction

1.1 Preface

Because of the introduction of a new LAN standard by the Accor Group in 2018, the document
briefly outlines the essence of the standard in terms of providing the Internet access service for hotel
guests and offers options for arrangement of this service.

Thе document does not replace the networking standard and structured cabling standard
(CSA). In case of discrepancies between the information presented in this document and the
requirements of the above standards, data from the standards should be used.

Prior to the introduction of the current networking standard, it was assumed that the
networking infrastructure of hotels has two network segments:

• Administrative segment - for the operation of systems related to PMS, the management
system for restaurants and bars, the accounting system and other supplemented services which
the guest directly does not interact with.

• Guest segment - to serve the needs of guests - Internet corner, WiFi, wired Internet in
rooms, TV broadcasting system, equipment in conference areas and so on.

These segments are physically separated into two unbundled networks.

The current networking standard does not imply the division of the Local Area Network (LAN)
into physical segments, but the division at the logical level must be performed, which allows using
the guest segment for the needs of the staff, subject to certain conditions.

WIFI as a service could be implemented by the following recommended providers: PWV,

Connectum, Beeline or Hoist for Russia, CIS, Ukraine and Georgia; Intertouch, GuestTek,
Swisscom, Hoist for Israel and Turkey.

1.2 PCI DSS

In the case of arranging in the hotel a service with network interaction between the guest
segment and the administrative segment such as "WiFi-Staff" service (see below), it is supposed
that in this case the entire Internet access infrastructure for guests (that is the whole "guest
segment") is subject to full compliance with the PCI DSS standard for administration and provision
of services. Other words WIFI provider must be PCI DSS compliant as a network services provider.

Page 4 / 21 Accor New East

2 General principles for arrangement of network
infrastructure

2.1 General logic of network arrangement

In the most general form, the logical

layout of network interaction regarding
the arrangement of the Internet access
service for guests (excluding other
services of the guest segment) is
presented in the figure on the right.

It is recommended that
connection of the hotel to the Internet
should use two Internet service providers
(ISP1 and ISP2) which can work both in
the "active-active" mode with load
balancing and in the "active-standby"
mode. The whole Internet traffic of the hotel passes through the cluster of ForcePoint firewalls. These
firewalls let the whole guest traffic pass through them using IDS / IPS system, and also provide
access for administration and monitoring of guest services, for example, the equipment for the guest
Internet.

Let's present the layout in more detail:

Each hotel floor has switching centers (FSCs - floor switching centres) with access-layer switches to
connect Wi-Fi access points, as well as Ethernet sockets of the rooms, if required by the brand
standard. Room services of the hotel can also be connected to these switches (for example, IP DECT
base stations, etc.). The switches may be integrated into one stack within the same switching center.

Accor New East Page 5 / 21

The access-layer switches are connected to the central switch of the guest segment, usually located
in the server room, via fiber-optic cable. There must be at least two optical links between the central
switch and each of the floor switches (for more details on the calculation of the communication link,
see the CSA standard).
Other devices such as Wireless LAN Controller (WLC), Authentication, Authorization and Accounting
(AAA) Server, needed for the service, connect to the central switch directly or through the server
aggregation switch. Guest segment router performs functions of DNS, DHCP servers for clients, as
well as NAT, and then allows Internet access through the cluster of ForcePoint devices. For more
information on the physical connectivity of network equipment (types, number and quality of
communication links), please, refer to the CSA standard.

Its accepted to forward guest network traffic directly using ISP equipment, however link between
authorization system and PMS must be done only using firewall’s routing.

2.2 List of general requirements to Internet service providers

AccorHotels strongly recommends to have two Internet service providers, however, the hotel
has the right to take the risk of using the services from a single provider.

List of general requirements to the Internet service provider:

 fiber-optic cable entry to the hotel building (to the central server room of the hotel);
 Gigabit converter to the twisted pair (the hotel receives the final service via twisted
pair);
 Subnetwork / 28 public IPv4 addresses (the hotel must have 14 IP addresses);
 Service Level Agreement (SLA) shall specify QoS of at least 99.85%.

The minimum speed of the Internet channel for guest rooms is calculated using the following formula:

 for ECO hotels: <# of rooms> * 0.6 Mbps

 for MID and LUX hotels: <# of rooms> * 0.9 Mbps

For example, for the IBIS hotel with 180 rooms, the minimum channel throughput for guest rooms is
108 Mbps.

If there are conference halls and banquet areas in the hotel, additional channel throughput of at least
4 Mbps per every 100 sq. meters of such area is required.

2.3 List of general requirements for physical layout of equipment

2.3.1 Wireless network access equipment - Wi-Fi

The number and location of access points should be chosen based on 100% coverage of the
hotel area (with the required signal level), including utility and office rooms, parking, etc.

Access points should be hidden in special niches (for example, behind the ceiling) with
unobstructed access to them, if necessary.

An access point location shall be equipped with Ethernet socket and connected to the socket
by a patch cord of the minimum length.

Access points must be securely fixed.

Page 6 / 21 Accor New East

 Access points located in the public access areas (for example, external access points) are
recommended to be additionally protected from theft.

For more information, see Wireless Network Design Requirements section (section 4 of this
Guide).

2.3.2 Wired network access equipment

The equipment of the central server room shall be located in the locked server rack separately
from the rest of the equipment. The equipment consists of at least a core switch, a router, and
wireless LAN controller(s) and AAA server, if needed.

In the floor switching rooms, equipment could be integrated in one rack.

3 Frequency planning and in-place signal

measurements

Development of a solution for wireless access to the network (Wi-Fi) shall be carried out in 2
steps.

At the first step, network coverage areas are modeled based on architectural drawings.
During the modeling, the following coverage requirements should be applied throughout the hotel
premises (including parking area):

Parameter Value Notes

Minimum Signal Strength at 2.4
-65.0 dBm
and 5 Ghz
Minimum Signal-to-Noise Ratio 15.0 dB
Minimum Data Rate 12 Mbps
Minimum Number of Access
2 Minimum -80 dBm
Points
Maximum Channel Overlap 3 Minimum -80 dBm
Maximum Round Trip Time (RTT) 200 ms
Maximum Packet Loss 5.0%

Each commercial offer should include an annex with a report on the Wi-Fi network coverage
modeling for 2.4 GHz and 5 GHz. The report should show the locations of access points and signal
coverage map (see Annex 2).

Project plan, which includes a complete list of equipment planned for use and network layout, is
subject to approval by the project manager.

When all the partitions and doors are installed, the project model should be reviewed according to
the results of selective in-place signal measurements.

Accor New East Page 7 / 21

After the Wi-Fi equipment is installed and pre-commissioned, the system integrator shall perform
analysis of in-place radio signal coverage and provide the project manager with a report on the
network's compliance with Accor requirements.

The following software tools are allowed for radio signal measurements:

 Fluke AirMagnet Survey Pro;

 Ekahau Site Survey with Planner;

The system integrator shall provide, if requested, the information on the software licenses. Use of
demonstration or illegal copies of the software is not allowed.

Regardless of the results of radio signal measurements, network planning should take into account
the following minimum number of access points per room, depending on the hotel category:

 for LUX hotels -1 access point per 2 rooms

 for MID-1 hotels, -1 access point per 3 rooms
 for ECO hotels - 1 access point per 4 rooms.

4 General requirements for the equipment to be

installed

4.1 Equipment for wireless data transmission

Recommended equipment vendors:

 Ruckus
 HPe Aruba
 Other vendors to be agreed by the project manager.

Regardless of the vendor selected, the wireless access point equipment shall:

 Support 802.11a, 802.11b, 802.11g, 802.11ac, 802.11n standards. In addition, the

access points should support simultaneous 2.4 and 5 GHz operation according to 802.11n
standard;
 Support WPA2Personal / Enterprise authentication with AES / CCMP encryption;
 Support hardware for adaptive transmit beamforming technology;
 Support adaptive sector-specific antennas for efficient operation in high-density
equipment environment, access points should support technologies for interference
mitigation under such conditions;
 Provide antenna gain of at least 4 dBi;
 Maintain power supply according to 802.11af PoE standard;
 Support the following wireless transmission technologies: Polarization Diversity with
Maximal Ratio Combining (PD-MRC), Maximum Likelihood Decoding (MLD), Low Density
Parity Check (LDPC), Space Time Block Coding (STBC), Packet Aggregation, Round Trip
Time ) & Delay of Arrival (T-DoA) Time-Client;
 Support Dynamic Frequency Selection (DFS) and comply with requirements of at
least EN301893v1.6.1;
 Support the technology of automatic selection of the transmit/receive channel, and
also suppress certain transmission channels manually;

Page 8 / 21 Accor New East

  Support the technology of automatic transfer to 5 GHz for clients, if possible (band
steering according to 802.11 a/n standard); in addition, access points shall support 802.11k
and 802.11r standards;
 Support client load balancing technologies for more uniform load of access points
while maintaining acceptable signal quality (RSSI Threshold);
 Support the ability to manage network clients over the IP and MAC address of the
device;
 Access points shall support a minimum of 500 simultaneous connections;
 access points shall support 16 Service Set Identifiers (SSIDs) per each radio
interface;
 Access points shall support technologies for environment spectrum occupation
analysis;
 Access points shall support DHCP options 43 and 82;
 Support the function to disable status LEDs;

Access points for outdoor use shall be compatible with IP67 standard and shall operate in the
temperature range from -45 to +65 C°.

The project should provide for the delivery of at least 5% access points as spare units.

4.2 Wired data network equipment

Recommended equipment vendors:

 HPe Aruba
 Cisco
 Other vendors to be agreed by the project manager.

Regardless of the vendor selected, the wired data network equipment shall meet the following
requirements:

 Maintain transmission rate of at least 1000 Mbps via all ports;

 Have a minimum of two SFP / SFP+ ports to connect optical trunks;
 Have the ability to integrate equipment to the stack;
 Support 802.11q standard and SSH protocol administration;

Access point switches shall support L2 layer of the OSI model.

Core switch shall support at least static L3.

The router shall have at least two GigabitEthernet ports, support basic routing protocols such
as RIP, STP, NAT, be able to act as DHCP and DNS servers; support switching networks with VLANs
and 802.11q standard, MAC address filtering, broadcast storm control; support of safety functions
such as system management using Secure Shell (SSH) protocol, port forwarding, Access Control
Llists (ACLs), DES / GOST hardware encryption; quality of service and traffic prioritization (QoS)
functions at least in the form of setting maximum Rx / Tx speed to the logical port. The router should
also be chosen based on its maximum channel throughput (see List of general requirements for
ISPs).

Data equipment shall be connected to the uninterruptible power supply (UPS).

In addition to the above requirements, wired data network equipment shall meet the
requirements of the CSA standard.

Accor New East Page 9 / 21

 Moreover, all equipment shall comply with local regulations for two broadcasting bands and
have necessary radio electronic certificates.

Page 10 / 21 Accor New East

5 General technical specification for wireless and
wired network configuration

When configuring wireless Internet access service, at least the following requirements should
be taken into account.
The speed of network access per device shall have the upper limit and be at least:

 for ECO hotels - 3 Mbps

 for MID hotels - 5 Mbps
 for LUX hotels - 7 Mbps.

In all hotel areas, a network with a SSID similar to the hotel brand name in the uppercase
(for example, IBIS, MERCURE, NOVOTEL) shall be broadcasted in both frequency bands openly.
For combo hotels, it is necessary to provide an appropriate number of SSIDs.
General VLAN configuration and IP addressing:

1) VLAN IDs 102 and 103, and 192.168.46.0/24 address should not be used, because they
are used only for WiFi-Staff service.

2) Router interface for the organization of the address translation service to the Internet shall
be configured as follows (there are configurations for three combo hotels):

 Hotel 1: VLAN 117; tagging; IP address 192.168.53.1; network mask / 24; gateway
192.168.53.254
 Hotel 2: VLAN 217; tagging; IP address 192.168.153.1; network mask / 24; gateway
192.168.153.254
 Hotel 3: VLAN 317; tagging; IP address 192.168.211.1; network mask / 24; gateway
192.168.211.254.

The router organizes NAT on the IP address assigned to it in the network and forwards it to
the 192.168.x.254 address assigned to the ForcePoint cluster.

3) Provide a dedicated VLAN (ID> 800, subnet mask / 24, any addressing in subnet
10.0.0.0/8) to control the equipment. The administrator interface shall be accessible only from this
VLAN. This VLAN shall be available through one of the ports of the guest segment root router (the
copper wire port with the last number is selected).

4) WiFi network with the hotel brand name shall have VLAN ID> 800, subnet mask / 22, any
addressing in the subnet 10.0.0.0/8, DHCP server in the guest segment router, the ISP's DNS
servers, Google public DNS and / or internal DNS server of the hotel. This VLAN shall have client
isolation function (a client will see only itself and a default gateway in the network). It is mandatory
to implement the seamless roaming functionality for clients without the need to reconnect to the
network manually or authorize.

5) For each conference hall, a WiFi network with a separate SSID, corresponding to the hotel
brand name and a hall name, shall be configured using English uppercase (for example,
PULLMAN_CAMELIA) with VLAN ID> 800, subnet mask / 22, any addressing in the subnet
10.0.0.0/8, dedicated external IP address, DHCP server in the guest segment router, ISP's DNS
servers, Google public DNS or the internal DNS server of the hotel.

6) The start page for any user (that is, the page that is opened by default in the browser, if
the hotel does not use authorization, or the page opened immediately after successful authorization,
should be webpage https://wifihotel.accorhotels.com/<RIDCode>/. The start page address is unique
for each hotel, where <RIDCode> is the unique code of the hotel. This code can be obtained from

Accor New East Page 11 / 21

the Accor project manager. For example Hotel IBIS Moscow Dynamo has RIDCode 6227, so the link
for the landing page will be like this: https://wifihotel.accorhotels.com/6227/
In the case of problems with the access to this page, it is possible to use the URL "accor.com"
as the start page.

AccorHotels does not allow blocking of any Internet services, unless it is expressly prohibited
by the laws of the host country. For example, it is not allowed to block services such as VPN,
streaming video, p2p networks.

Page 12 / 21 Accor New East

6 Requirements for the system maintenance after
commissioning

Service company should equip the infrastructure with a monitoring and control system.

The following software tools are recommended for use:

 Zabbix;
 Nagios.

Service company should ensure a 24/7 control for the operation of entire network equipment,
including at least the following load parameters: number of connected devices, number of sessions,
and Internet channel utilization. In case of changes in the standard operation mode of the equipment,
it should inform the IT service of the hotel and IT department of the managing company about
potential points of failure.

Service company shall have at least one standby unit available in-place for each type of the
floor equipment.

Service company shall have enough on-the-shelf equipment for the central segment and be
able to start its deployment as soon as possible in case of failure of the primary equipment.

Accor New East Page 13 / 21

7 User authorization system

Each hotel shall by itself and according to the applicable law decide whether the quest
authorization service is required. Should the service be decided to arrange, each hotel have to
implement this functionality according to the following mandatory requirements.

Minimum requirements:

 Unified graphic and text design of the authorization portal according to the current
brand standards with a possibility of its update, if required. Accor can provide all initial texts and
graphics through the project manager (see an example of the current graphical design in Annex
3.)
 Implementation of the authorization interface at least in two languages: English and
an official language of the host country. In case of several official languages, text options of the
authorization portal shall be provided in all official languages. It is advisable that automatic
language definition support be provided using the locale of the user device.
 Adequate support for the operation of mobile devices;
 Hotel guests shall enjoy an option for the authorization by entering their room number
and name as authorization data;
 All guests (including hotel visitors) shall enjoy an option to authorize via SMS or
voucher provided at the hotel reception desk;
 Device authorization shall be valid for at least 24 hours;
 One set of authorization data shall be able to authorize at least three devices;
 Support for interface tunneling and access encapsulation.

In any case authorization system must be aligned with local regulations of the country hotel’s
located.

For Russia, Ukraine, Georgia, CIS companies Connectum, Beeline, Hoist, PWV can provide
WIFI as a service. For Israel recommended suppliers are Hoist and Swisscom, for Turkey
Intertouch and GuestTek.

Paid internet access (i.e. premium package) could be provided only for Upscale segments,
for Midscale this should be approved by Operation Director, for Eco hotels this option should
unavailable.

Page 14 / 21 Accor New East

Annex 1. Examples of equipment selection

For ECO hotel with no more than 200 rooms, the following equipment is recommended:
1) Ruckus R310 or Aruba AP-303 access points for guest floors and all areas, excluding
conference halls and banquet rooms
2) Ruckus R510 or Aruba AP-345 access points for conference halls and banquet rooms
3) ZoneDirector 1250 / 3000 / SmartZone 100 or Aruba 7030 controller with mandatory vendor
support
4) HP 2530 access layer switches
5) HP 5406 core switch with two power supply units in the set
6) Cisco ISR 4331 router or similar with SmartNet support.

For MID and LUX hotels with no more than 200 rooms, the following equipment is
recommended:
1) Ruckus R510 or Aruba AP-305 access points for guest floors and all areas, excluding
conference halls and banquet rooms
2) Ruckus R710 or Aruba AP-345 access points for conference halls and banquet rooms
3) ZoneDirector 3000 / SmartZone 100 or Aruba 7030 controller with mandatory support
4) HP 2530 access layer switches
5) HP 5406 core switch with two power supply units in the set
6) Cisco 4351 router or similar with SmartNet support.

For hotels with more than 200 rooms, two controllers in a cluster are recommended as well
as two routers or SmartNet support with Next Business Day (NBD) service.

Accor New East Page 15 / 21

Annex 2. Graphical chart of radio signal measurments

The radio signal measuring report shall include at least the following:

1) Path for measurements at each typical floor:

2) Superimposed signal coverage for 2,4 and 5 GHz with signal strength indication:

Page 16 / 21 Accor New East

 3) Noise distribution:

Accor New East Page 17 / 21

 4) Signal-to-noise ratio distribution:

Page 18 / 21 Accor New East

Accor New East Page 19 / 21
Annex 3. Graphical design of authorization page

Example of authorization page design on a computer screen:

Example of authorization page design on a mobile device screen:

Online example could be found at https://accor.wifirst.net/. Sources (graphics, fonts, scripts, etc)
could be requested from IT coordinator (for existing hotels all sources availables on the internal FTP
server at ftp://s-eu-mow01nws02/Other/WIFI%20Auth%20Page/).

Page 20 / 21 Accor New East

Annex 4. Checklist for Project Manager

To make sure the network is designed according to the standards, at least the following should be
checked:
1) Recommended equipment vendor (HPe Aruba/Ruckus) is selected, the equipment meets the
standard (supports 802.11ac, operates in both frequency ranges)
2) Radio planning is performed based on the required signal strength (attenuation is not below
-65 dB at 5 Ghz)
3) Speed of the Internet channel provided by ISP(s) is sufficient and not below the
recommended one:

 For ECO hotels: <# of rooms> * 0.6 Mbps

 For MID and LUX hotels: <# of rooms> * 0.9 Mbps

4) After installation of the partitions and doors, the project of signal measurements is reviewed
5) WiFi equipment project includes necessary spare units (at least 5% of the total number of
WiFi access points), or a contract with a service company is already signed for a local stock
of spare units
6) Before the infrastructure is ready for commissioning, the following is required:
А) get a final project of radio signal measurements
B) verify correctness of WiFi network names (name of the brand in the uppercase)
C) verify correctness of design and operation of the authorization page (if available)
D) make sure that WIFIHotel portal, which is unique for each hotel, is a default page after
connection and authorization (if available, address https://wifihotel.accorhotels.com/);)
E) make sure that WiFi connection speed is not less than the brand-recommended (check
any 2 or 3 hotel points):

 3 Mbps for ECO hotels

 5 Mbps for MID hotels
 7 Mbps for LUX hotels.

This is mandatory for the new openings that WIFI will be supported, recommended suppliers
are Connectum, Beeline, Hoist, PWV, GuestTek, Intertouch, Swisscom.

Accor New East Page 21 / 21