Click here to receive your FREE subscription to Campus Technology
Features
Wireless Takes American Campuses by Storm
1/2/2007
"Now, when adding a new service set identifier ( SSID) for the university, it's automatically propagated across all 890 APs. Unless you've done this using the old model, you don't realize how much easier this is!" says Brooks. "I don't think there's any way we could have grown to the size of the network we have now—in terms of scaling the legacy APs—without the kind of functionality, support, and architecture that the Aruba solution provides."
"Another major advantage of the Aruba solution is the advanced mobile networking features such as VLAN pooling," continues Brooks. "During arrival weekend this fall, student demand for wireless was unprecedented; the number of wireless users more than doubled compared to last semester. With VLAN pooling, it was trivial to add additional VLANs and IP subnets to address the increase in wireless users. We were able to accommodate the increased load easily and without any disruption to the underlying IP network. We could not have done this with any other solution on the market today."
Securing the Wireless Network
The Aruba solution allows Emory to assign roles and privileges based on user level, and it also boosts security by scanning clients when they attempt to access the network. Before allowing access to a student or other authorized user, the Aruba solution scans for an active antivirus and personal firewall, as well as the presence of Spybot and the latest Microsoft Service Pack, and d'es not allow a connection unless these conditions are satisfied.
Currently, there are three options for accessing EmoryUnplugged: WPA (which provides encrypted and authenticated access to the network from multiple locations across campus); VPN (which is scheduled to be phased out by the end of December 2006); and Guest Access (provided for official guests who have not been granted a Network ID and password for access to Emory accounts). Emory is currently in the process of changing from VPN to WPA authentication. In fact, the university is now one of the few that uses WPA for authentication on an enterprise-wide basis.
VPN is used by some Emory faculty, staff, or students who have wireless cards in their laptops--equipment that is too old to take advantage of the newer WPA protocol. While VPN is a stable protocol, it d'es require the re-authentication of each wireless session and is less convenient for Emory faculty, staff, or students who are able to use the WPA protocol. By early 2007, Emory's wireless network access will be entirely authenticated through WPA.
As part of it security initiative, the university has deployed 11 Aruba 6000 Mobility Controllers throughout the academic network, and uses nine of these as local controllers. One controller is designated as a backup, with an additional two redundant masters. Emory has not had a single failure on any controllers. Aruba Networks' Mobility Controller system is the only mobile security system with an integrated ICSA-certified stateful firewall, and hardware-based encryption. Thanks to the Aruba Mobility Controllers, administrators at Emory are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise.
