Wireless Takes American Campuses by Storm
By Greg Slabodkin
US colleges and universities across the country are embracing wireless networking technology with a zeal that is nothing short of phenomenal. The driving force behind wireless connectivity on campus is that it offers myriad benefits for both students and faculty, including greater access and mobility as well as increased collaboration.
According to the 2006 Campus Computing Survey, wireless networks now reach fully half of college classrooms, compared to just over two-fifths in 2005, and a third in 2004. In addition, more than two-thirds of campuses participating in the annual survey have a strategic plan for deploying wireless as of fall 2006, up from 64 percent in 2005, and more than 53 percent in 2004. Results from the 2006 survey reveal that three-fifths of colleges and universities increased their campus IT budgets for wireless for the current academic year.
Rising campus investment in wireless networks is a result of a number of factors, including: reduced costs and increased performance of wireless technology; a shift in student reliance on laptop computers as opposed to desktop PCs; and the growing appeal and benefits of wireless connectivity for students and faculty alike. The explosion of wireless networks on campus mirrors the explosive growth of wireless over the past few years in corporate America and in the consumer marketplace.
"Households that have high-speed Internet access also typically have wireless networks," says Kenneth C. Green, founding director of The Campus Computing Project. "It should be no surprise that students and faculty come to campus expecting their college or university to provide the same wireless connectivity that they experience in their homes."
Getting Unplugged at Emory
Emory University in Atlanta is among a growing number of US college campuses that are leveraging best-of-breed wireless networking technologies to better serve the demanding needs of students and faculty. Emory epitomizes the migration of US higher education institutions to wireless networks.
Rich Mendola, CIO and vice president for Information Technology at Emory, has championed the rapid expansion of the university's WiFi network, dubbed EmoryUnplugged. According to Mendola, the campus's WiFi growth had to take place rapidly: "It was clear that this generation of students sees wireless as a necessity, rather than a luxury, and [prior to the rollout of the wireless network,] we had clearly missed the mark in meeting their expectations."
That's why in the spring of 2005, the IT organization at Emory kicked into high gear efforts to create EmoryUnplugged—a managed, encrypted, authenticated and secure wireless service for the university. The initial rollout called for wireless in the law and public health schools, as well as Emory College. Phase two of the deployment took place in the fall, with a massive rollout to the university's 55 resident halls, theme resident houses, fraternity houses, dormitories, and apartments—ranging from edifices as small as a three-bedroom house to those as large as an 18-story apartment building. By January 2006, just four months after the rollouts to those types of buildings began, all 55 buildings were complete.
The impact on campus life at Emory was almost immediate, with a remarkable surge in the uptake of wireless use at the university. Simultaneous connections during peak time have more than doubled from 800 in May 2006 to 1,830 as of October, mostly due to student demand.
The university has since replaced the legacy APs in the main library, student center, and other key areas, such as health sciences. The law school is the university's predominant user of wireless as it has a large online research component, and it is estimated that 97 percent of Emory law students now have laptops. Due to the demand for wireless, the university now stipulates that any new or remodeled building space must have that capability.
"It was really eye-opening to see the impact of the wireless network; I didn't expect this truly massive demand for wireless from the students," says Stan Brooks, RF engineer, Network Communications Group at Emory. "Nowadays, wireless is not an optional extra—students demand and expect it. If you're not offering wireless, you'll fall behind, as students don't want to be tethered [to desktops]."
Brooks has overseen Emory's wireless transformation with the completion of the first phase of its Aruba Networks wireless LAN (WLAN) rollout, with 1,370 Access Points (APs) and 20 mobility controllers deployed across the university's buildings, residential houses, and hospitals. By the end of 2006, Emory plans to implement Voice over WLAN (VoWLAN) in several areas of the network. When the deployment is complete, the Aruba network will provide wireless access to 11,300 students and 2,500 faculty members across the university, including the graduate school of arts and sciences; professional schools of medicine, theology, law, nursing, and public health; and Oxford College.
Prior to selecting Aruba, Emory relied on a legacy environment of 100 "fat" APs, which its IT staff found difficult to manage effectively. Emory officials began looking for a centralized WLAN system that provided better management. The university now boasts 1,370 Aruba AP-60 and AP-61 access points, distributed across two separate networks: 890 for academic use, and 480 APs throughout four hospitals. Ideal for dense AP deployments, the Aruba AP-60 and AP-61 access points are dual-function, single-radio 802.11a or b/g access points designed for use only with Aruba mobility controllers. Each AP provides dedicated or shared air monitoring, giving administrators a full view of and control over the 2.4 and 5 GHz RF spectrums, and eliminating the need for a discrete network of RF sensors.
In the previous AP environment, Emory had five engineers manually configuring APs for deployment. With the Aruba solution, the university is able to centrally manage and monitor all of these APs from the same console, using the same tools. Only one part-time technician is now needed to configure all of the Aruba APs. Management of the wireless is also much easier with just two staff members designing, deploying, and managing the entire WLAN.
"Now, when adding a new service set identifier ( SSID) for the university, it's automatically propagated across all 890 APs. Unless you've done this using the old model, you don't realize how much easier this is!" says Brooks. "I don't think there's any way we could have grown to the size of the network we have now—in terms of scaling the legacy APs—without the kind of functionality, support, and architecture that the Aruba solution provides."
"Another major advantage of the Aruba solution is the advanced mobile networking features such as VLAN pooling," continues Brooks. "During arrival weekend this fall, student demand for wireless was unprecedented; the number of wireless users more than doubled compared to last semester. With VLAN pooling, it was trivial to add additional VLANs and IP subnets to address the increase in wireless users. We were able to accommodate the increased load easily and without any disruption to the underlying IP network. We could not have done this with any other solution on the market today."
Securing the Wireless Network
The Aruba solution allows Emory to assign roles and privileges based on user level, and it also boosts security by scanning clients when they attempt to access the network. Before allowing access to a student or other authorized user, the Aruba solution scans for an active antivirus and personal firewall, as well as the presence of Spybot and the latest Microsoft Service Pack, and d'es not allow a connection unless these conditions are satisfied.
Currently, there are three options for accessing EmoryUnplugged: WPA (which provides encrypted and authenticated access to the network from multiple locations across campus); VPN (which is scheduled to be phased out by the end of December 2006); and Guest Access (provided for official guests who have not been granted a Network ID and password for access to Emory accounts). Emory is currently in the process of changing from VPN to WPA authentication. In fact, the university is now one of the few that uses WPA for authentication on an enterprise-wide basis.
VPN is used by some Emory faculty, staff, or students who have wireless cards in their laptops--equipment that is too old to take advantage of the newer WPA protocol. While VPN is a stable protocol, it d'es require the re-authentication of each wireless session and is less convenient for Emory faculty, staff, or students who are able to use the WPA protocol. By early 2007, Emory's wireless network access will be entirely authenticated through WPA.
As part of it security initiative, the university has deployed 11 Aruba 6000 Mobility Controllers throughout the academic network, and uses nine of these as local controllers. One controller is designated as a backup, with an additional two redundant masters. Emory has not had a single failure on any controllers. Aruba Networks' Mobility Controller system is the only mobile security system with an integrated ICSA-certified stateful firewall, and hardware-based encryption. Thanks to the Aruba Mobility Controllers, administrators at Emory are freed from the costly and time-consuming process of managing individual APs. And as security standards change and new mobile services emerge, they are easily implemented at the controller and propagated throughout the enterprise.
As is the case with other universities, Emory must secure its networks against potential internal and external hacking threats. Aruba Networks provides robust wireless intrusion protection and detection capabilities to avoid hackers, rogue APs, and other active and passive attacks. Emory now has visibility into APs that are located on a remote campus 40 miles away, what's more, without out sending a technician, the university network can perform remote packet capture for troubleshooting and can utilize location tracking capabilities mapped to floor plans to physically locate infected users and assist in remediation.