Overcoming Wireless LAN Management Challenges
In 1999, the University of Wyoming rolled out an 802.11-based wireless local
area network (WLAN) and has a leading research university with more than 12,000
students and 10,000 faculty and staff. University of Wyoming planned to cover
its entire 785-acre campus with a WLAN, requiring about 200 Cisco access points
(APs). However, after installing 54 APs, expansion plans were temporarily put
on hold. It had become evident that University of Wyoming required a greater
degree of control, stability and efficiency in managing its WLAN before it could
continue its large-scale deployment.
University of Wyoming needed a system to provide authentication, authorization,
dynamic bandwidth management for users, applications to ensure optimal quality
of service (QoS) at each access point, and out-of-the-box integration for a
variety of AAA/directory systems, granular monitoring, and reporting of all
WLAN activity. After conducting on-site evaluations of various systems in a
lab environment, University of Wyoming implemented Central Site Director, a
WLAN management, control, and integration platform from Roving Planet (www.rovingplanet.com).
Tracking WLAN Usage
Prior to implementing Central Site Director, University of Wyoming struggled
with a lack of visibility and reporting. The university could tell whether an
access point was up or down and what the aggregate throughput was but couldn’t
tell who the users were, how much bandwidth they were consuming, how long they
were connected to a given AP, or what applications were being accessed. In addition,
they could not track authentication failures, sense AP migration or tell which
users were engaged in abusive usage, such as Peer-to-Peer file sharing. Finally,
they lacked visibility into all of the AP configuration parameters.
University of Wyoming network administrators now utilize Central Site Director
to easily track WLAN activity across its entire campus. Detailed, real-time
reports communicate who is accessing the network, when, from where, and how
long the applications were being used and the amount of bandwidth being consumed.
In addition, University of Wyoming expects the dynamic policy management to
become increasingly useful as wireless network utilization increases. For example,
University of Wyoming can apply dynamic policy management to address requests
from certain instructors to restrict Internet access or access to specific applications
during their classes.
Implementing Secure Authentication
With its initial WLAN installation, University of Wyoming had relied on Mac
filters for authentication and encouraged students to use Cisco client cards
because Cisco LEAP provides a secure authentication and encryption mechanism.
However, this meant that students could lend their cards to other non-authorized
users, and the Mac-based authentication left the wireless network vulnerable
to Mac spoofing. In addition, until recently, any wireless user had been able
get to every application available over the WLAN, which frustrated University
of Wyoming’s application administrators. They wanted to specify which
servers, ports, and applications could be accessed depending upon the user.
Using their standard user IDs and passwords, students could authenticate into
the wireless network—leveraging the existing system. They needed safeguards
to protect applications, such as student information systems and lab applications.
Central Site Director provided an out-of-the box integration with University
of Wyoming’s Active Directory system, enabling University of Wyoming to
authenticate users via user IDs and passwords rather than via Mac addresses.
Network administrators can now monitor and protect applications, such as student
information systems and lab applications, by specifying which servers, ports,
and applications can be accessed depending on the user.
Moreover, WLAN access for visitors and guests, which formerly required the
manual entry of a Mac address for each guest user, has been vastly simplified
via a default public user group. The University of Wyoming administrators can
define this in terms of what applications and network resources will be available
to such users.
Fast, Simple Installation
The Roving Planet system comprises an engine and agents, which are accessed
and managed via a Web browser interface. The engine maintains all network information
and policies, resides out of the data path, and communicates with the agents
to deploy policies and manage wireless network activity. The agents are networked
in the data path and function as an OSI Layer 2 bridge/pass-through to enforce
access and bandwidth controls at each AP. XML gateways and the ongoing development
of additional APIs facilitate simplified integration with existing systems and
enterprise applications.
The Layer 2 architecture made Central Site Director extremely simple to implement
and required very little configuration overhead. University of Wyoming was able
to install Central Site Director, get it fully operational in about five hours
and begin trouble-shooting network issues via its real-time monitoring and reporting
capabilities immediately.
The University of Wyoming is ready for the expected increase in wireless network
traffic as broadband access becomes a common feature on many mobile computing
devices and incoming freshmen come to expect WLAN access throughout the campus.