Handling the many wireless devices that must access a campus WiFi network at once is a common challenge in higher education, where the increasing proliferation of wireless devices can raise capacity issues. A related problem is IP address exhaustion, brought on by the tendency of devices such as smart phones to tie up and then fail to relinquish available IP addresses. Many campus wireless networks also need to maintain complex tracking records on who is accessing the wireless network, for budgetary and funding reasons.
To address those issues, and to make network access both easier and more secure for users, the University of California, Berkeley's Electrical Engineering; Computer Science (EECS) department moved late last year to new security appliances from Avenda Systems that help differentiate user access and better manage IP addresses and security. The department is the largest on campus and includes more than 2,400 undergraduates, 400 graduate students, and more than 100 faculty members.
The complex wireless environment within the department supports a variety of connection methods, including an internal wireless network specifically for the department, several portals that require user authentication, and the campuswide wireless network. The networks, all of which are open to users and running the wireless standard 802.11n, which supports devices using the a, b, g and n wireless standards, did not offer any sort of encryption for security purposes.
Security was one of the main reasons for the change to 802.1x, an authentication standard that can be used in either wired or wireless networking. The 802.1x standard provides better security because it uses the stronger WPA2 (WiFi Protected Access) encryption standard rather than the older WPA. The WPA2 standard is part of the 802.11n standard, but must be properly configured on a network in order to work. And WPA2 must use 802.1x for authentication, leading to the move to 802.1x.
The EECS department decided to make the move to the new appliances in order to address some additional complex challenges in managing its wireless network, according to Computing Infrastructure expert Mr. Fred Archibald. In a setup that is not uncommon on college campuses, Archibald was using two directory management systems, LDAP and Active Directory, to manage user authentication and authorization on the wireless network.
The dual-directory design is intended to help with user tracking needs related to budgeting, but it introduced complexities because the wireless network system must support two types of directory management schemes. Under the department's funding model, different members of the department are granted different types of access, Archibald explained, so users need to be first authenticated against Active Directory, then authorized against LDAP. That required a product that could easily handle both types of directories--a capability that Avenda offered.
Adding to the complexity was an IP address exhaustion issue. With the previous authentication scheme on the department's 802.11 network, powered-up mobile devices within reach of the wireless network, even those that weren't in use, could claim and then retain an IP address, eventually leading to address exhaustion. Use of the 802.1x standard helps rectify the IP address exhaustion issue, since 802.1x does not assigned an IP address until both authentication and authorization take place. Thus, wireless devices that are within wireless network range, and able to achieve authentication but not authorization, do not tie up an IP address.
In addressing the wireless issues, Archibald specifically wanted a solution in appliance form, he said, to replace the current appliance, and in order to have a single vendor providing both hardware and software. "We have limited IT staff, and they all wear a lot of hats, so we wanted to get [a vendor] in place who was really good," Archibald said. In choosing appliances from Avenda, he said, he hoped to obtain a solution that could be dropped into place relatively quickly. And with limited IT staff, he specifically wanted a vendor that could be relied upon for support as needed, with responsiveness a key factor.
Testing the new system began 15 months ago, and the appliances went into production a year ago. The department supports about 150 access points--Berkeley overall has close to 10 times that number of APs--using two Avenda appliances in a high-availability configuration should one unit fail.
If there is a downside to the new network, Archibald said it has to do with increased support. "When it works, it generally works well and is more convenient for users," Archibald said. With 802.1x, users have to authenticate much less--credentials are usually cached after the first use and so authentication can occur transparently.
However, getting clients configured at the start of a school year results in more help desk calls initially, Archibald said. "The initial setup sometime can be a bit of a roadblock because of all the different clients," he said. "Once you get it to work, however, it works really well."
Showing posts with label Campus Wireless. Show all posts
Showing posts with label Campus Wireless. Show all posts
November 6, 2010
October 24, 2010
Purdue University Deploying 4G Network as Part of Wireless Rollout
Purdue University will be one of the early recipients of Verizon Wireless' rollout of a 4G network starting this year. This fourth generation data network, which is using Long-Term Evolution (LTE) technology, is expected to provide four to 10 times the transmission speeds currently available in 3G networks.
The institution was chosen to participate in the deployment based on its track record with using mobile technology to enhance learning, according to Lowell McAdam, president and chief operating officer of Verizon. Recent technologies developed at Purdue include Mixable, an academic integration with Facebook; a student discussion tool, HotSeat, which allows students to interact with classmates and faculty with Twitter and text messages; and eStadium, to deliver athletic game services to spectators.
The university also contracted with Verizon Business to implement a campuswide 802.11n wireless network, which will encompass 6,000 access points in 256 buildings. That project is expected to be completed in the 2010-2011 academic year.
Verizon said the broader rollout of 4G will include 38 metropolitan areas and 60 commercial airports, including Indianapolis International Airport, located within 90 minutes of the West Lafayette-based university. The company is currently installing LTE equipment at existing cell sites and switching centers around the United States.
According to Mr. McAdam, the partnership with Purdue will explore the next phase of how 4G technology can improve education across our nation. Verizon Wireless said it expects 4G LTE average data rates to be 5 Mbps to 12 Mbps on the downlink and 2 Mbps to 5 Mbps on the uplink in real-world, loaded network environments.
"At Purdue, the advancement of mobile technology is critically important--both to students and faculty. The addition of Verizon's 4G network will contribute in a noticeable way to their success," said Gerry McCartney, Purdue's CIO and vice president for IT.
The institution was chosen to participate in the deployment based on its track record with using mobile technology to enhance learning, according to Lowell McAdam, president and chief operating officer of Verizon. Recent technologies developed at Purdue include Mixable, an academic integration with Facebook; a student discussion tool, HotSeat, which allows students to interact with classmates and faculty with Twitter and text messages; and eStadium, to deliver athletic game services to spectators.
The university also contracted with Verizon Business to implement a campuswide 802.11n wireless network, which will encompass 6,000 access points in 256 buildings. That project is expected to be completed in the 2010-2011 academic year.
Verizon said the broader rollout of 4G will include 38 metropolitan areas and 60 commercial airports, including Indianapolis International Airport, located within 90 minutes of the West Lafayette-based university. The company is currently installing LTE equipment at existing cell sites and switching centers around the United States.
According to Mr. McAdam, the partnership with Purdue will explore the next phase of how 4G technology can improve education across our nation. Verizon Wireless said it expects 4G LTE average data rates to be 5 Mbps to 12 Mbps on the downlink and 2 Mbps to 5 Mbps on the uplink in real-world, loaded network environments.
"At Purdue, the advancement of mobile technology is critically important--both to students and faculty. The addition of Verizon's 4G network will contribute in a noticeable way to their success," said Gerry McCartney, Purdue's CIO and vice president for IT.
December 17, 2008
Aruba Networks and Force 10 Networks Offers Reliable Real Time High Speed WLAN for Campus
Seamless Converged Mobility Solution
Force10 Networks® and Aruba Networks® have partnered to deliver an interoperable solution for seamless converged mobility with unmatched security services by combining best-of-breed switching and routing with WLAN infrastructure.
The inherent reliability of the Force10 C300 resilient switch guarantees predictable and constant access for all users, wired and wireless. Aruba’s customer focused approach to secure mobility extends network connectivity and enterprise security anywhere as a user roams, allowing the largest networks to be centrally managed.
Together, this innovative solution allows customers to provide a high performance wireless and wired network in education, healthcare, finance and enterprises large and small. By building a unified network fabric that extends pervasive reliability, network control and scalability, enterprises are ensured a network that is a strategic asset.
Solution Key Features
- Non-blocking architecture supports up to 384 line-rate Gigabit Ethernet ports
- Embedded security features guarantee a secure connection
- Intelligent power management system prioritizes power to distributed access points
Suitable Campus Solution
- In-house Campus Broadcasting Services via wireless network
- In-house free IP-Telephony VoIP or VoWiFi for campus sommunity
Subscribe to:
Posts (Atom)