South Korean University Deploys A10 Appliances To Simplify Identity Management
- By Dian Schaffhauser
Kyungpook National University in Daegu, South Korea will be running A10 Networks' ID Series network identity management appliance for wireless network access. The appliance will allow the university to integrate identity tracking, remote authentication dial-in user service (RADIUS), and authenticated dynamic host configuration protocol (DHCP) in a single platform for its wireless infrastructure.
The 20,000-student university experiences a large amount of wireless traffic, with 20 percent to 30 percent of its students using the wireless network each day. To streamline and upgrade its existing infrastructure, Kyungpook sought a method that would work with its existing wired equivalent privacy (WEP) wireless access points (APs) and new 802.1x wireless APs.
Administrators found tracking who was on the network difficult, since they often had to start user resolution with only a media access control (MAC) address, which assured the machine, but not necessarily the user on the machine. Also, providing access for users was a time-consuming, manual process.
The authentication solution needed to address three areas:
- A RADIUS server offering 802.1x or user ID-based security to ensure individual ID vs. MAC authentication;
- A way to reduce the manual process required to register a user via a MAC address to the current RADIUS server, ideally leveraging the back-end user database; and
- The ability to see which user is using which IP address at any given time, vs. an assumption of the user simply by a manual MAC association.
"We needed specific features to update our wireless infrastructure and were pleased to find the unique feature mix in a simple to deploy and cost effective solution with A10's ID Series," said Dong-Ji Bang, team manager of the information foundation team. "ID Series has improved the service we offer students as well as significantly decreasing the amount of administrative work required on an on-going basis."
Additional modules for the appliance, which the university may implement in the future, include:
- A guest Web portal for guest user password management;
- An enterprise RADIUS authentication server, which allows for authentication to multiple backend data stores for authentication consolidation; and
- Identity tracking with IP-to-ID to resolve IP or MAC addresses to user identity, aiding resolution of network and security issues.
Dian Schaffhauser is a senior contributing editor for 1105 Media's education publications THE Journal and Campus Technology. She can be reached at firstname.lastname@example.org or on Twitter @schaffhauser.