Hulu, VoIP, Hospitals & Ineffective Network Filtering

This past weekend it happens that I spent a day at Memorial Hermann Northwest Hospital. The why is a long story and not especially important for the moment. I was pleasantly surprised to find that the facility has an open guest Wifi network. That allowed me to do some work, blogging, etc while I was there.

A little later in the day we were moved to a room without a TV. Since we were going to be waiting a while I pulled out the Mini 2140 and logged into Hulu so that we could watch some TV. We watched last weeks episode of Terminator: The Sarah Conner Chronicles.

hp-mini-2140-plyaing-hulu-over-wifi1

Over the wifi Hulu didn’t play perfectly smoothly. In fact, I don’t really know if the issue was bandwidth or CPU/VGA power. On battery power the Hulu stream played only about 1 frame per second in full screen mode. On AC power, with all power conservation measures defeated, it improved to around 10 frames per second in full screen mode. Not perfect, but watchable. This was the first time that my wife truly understood the value in the little netbook, or at least having a second laptop.

About the only trouble was that the sound level possible from the built-in speakers was not adequate for anything but a very quiet room. We ended up sharing my Etymotic headset, one earbud each. It was cozy, but nice for us as a couple.

000103A little later in the day, once we had moved to a room with a traditional TV, I was going about some of my usual online activities. In specific, I tried to access my Facebook account. Much to my surprise I was met with a  notice  from the facilities Websense network traffic filtering software. Apparently the facility was trying to block access to social networks and streaming media services.

I thought that this was really strange given that we had already watched a complete episode of a TV program, and several movie trailers earlier in the day. Obviously I don’t have much experience with filtering network traffic. I would have expected that the facilities IT staff should be able to block Hulu streams. Or is Hulu leveraging some technology that’s not easily identified and filtered?

I also used Eyebeam to successfully make a couple of calls from the HP Mini 2140, through OnSIP. I didn’t need to do this since I had my cell phone in-hand and T-Mobile coverage was good in the building. I wanted to try it just in case my wife ended up staying overnight. I was leaving her with a soft phone and a little USB speakerphone so that we could chat all evening, even once I went home. Since my calls went through it appears that they were not filtering RTP/VoIP traffic.

I reached into my road warrior bag of tricks and and pulled out an approach to make a belligerent network bend to my will. I made a VPN connection to my home office and routed all my traffic through that tunnel. In just a few seconds I was staring at my Facebook page, Websense be damned.

I can only arrive at the opinion that their network filtering is not effective, or at least not addressing the concerns stated in the notice pages. It makes me wonder why they were deploying Websense in the first place? Was the failure to block my traffic the result of simple incompetence, or part of some carefully considered strategy.

I suspect what really happened is that I simply stumbled into yet another institutional IT embodiment of Sturgeon’s Law.

  • Scott

    Hi Michael:

    It’s interesting that Memorial Herman uses Websense on their *guest* network to police the content. Websense is not exactly cheap so my organization (also in healthcare) only uses Websense on the internal network. We filter the naughty bits out of the patient/guest network using OpenDNS.

    I can only guess at the Websense policy that covers the guest segment at M.H. but my gut says that Facebook is probably blocked on both the internal (production) network as well as the guest network. Why is Facebook blocked but not other sites like Hulu? Someone probably complained about the staff spending too much time on Facebook and the IT dept received the request to block. When the block for that URL was added, it was applied to both the internal and guest networks by mistake. I really hope that the internal network and the guest network at MH do not mix/mingle/touch so they are both affected by the same Websense policy.

    As far as blocking on the guest network, our patient/guest network is wide-open except for port 25. The only web content that is blocked by OpenDNS is “Adult”. You can access Facebook, Hulu, Youtube, etc. on the guest network.

    Regarding your poor network performance when connected to the MH guest network, try disabling any power save features on your wireless NIC. Sometimes it is called “Power Save Polling”. This “feature” causes a lot of issues. Disabing that feature will result in faster battery drain but you will have a more stable wireless connection. I believe that Power Save Polling is automatically disabled when the laptop is connected to its wall wart.

    It sounds like you found the guest network at MH to be very helpful during your stay. I know that our patients and their family really appreciate the guest network at our facilities. They can stay in touch with friend and relatives via email, surf the web to pass the time, use IM to chat or even use apps like Skype to make video calls to family members.