190 likes | 211 Vues
This overview explores the goals, complications, and unique problems of implementing a general access wireless network for university campuses. It discusses the external and internal challenges, as well as the advantages and drawbacks of such a network. The article also provides recommendations and highlights the importance of listening to the needs and concerns of stakeholders and users.
E N D
A General Access Wireless Network for University Campuses Scott Sinclair Information Technology Services The University of Queensland scott@uq.edu.au
Overview • What we mean by ‘General Access’ • Goals • Complications • The Battlefield • Unique Problems • The University of Queensland Model • How do we do it? • Questions (and hopefully answers!)
‘General’ Access = Nirvana • The Goal is Network Access for the masses: • Anywhere • Anytime • Any user • Any client environment • Any service • With or without wires • Oh… And make sure it isn’t too expensive and make it vendor neutral
The External Battlefield • Typically education = classically problematic • Students, Staff and ‘External’ Users • All with their own unique qualities • Security, Scalability and Availability • Existing Policies, Legislation… e.g. Under 18 controls • Future Requirements • Ever increasing traffic volume • Local and remote resources – chaos • Well we’re standard, but… • VPNs, Specialised Requirements, Local rights…
The Internal Space • Senior Management Group • Software Infrastructure • Infrastructure Management • Data Networks • Remote Access • Client Services
The Scary Monsters • People who make decisions are finding out about this stuff • Conferences, Airports, Gloria Jeans • Or worse – they have HOME NETWORKS • Existing Wireless Networks already deployed – “Bunnings” installs • “It works.. so I guess it must be set up right” • Colossal security threat to the larger network • Try it for yourself – NetStumbler is free
‘General Access’ Wireless • Two Wireless Networks servicing very different requirements • One network for the masses • It’s a Jungle, no implied security… • Total traffic accounted across the link • Multiple networks for ‘private’ use • Departmental Wireless Networks • Secure access to local resources • All running on the same medium
Advantages • Central Account Management • Leveraging off existing systems • Central Spectrum Management • Fewer angry users - Better QoS • Reduce the cost of implementation • Central Incident Detection and Response
Drawbacks • Loss of ownership • You pay, we control • Can be overcome by consultation • Central Responsibility • Do it right, or you’ll be sorry • Need to be transparent • Need to listen to requirements and concerns
How can we do it… • Network Design • Overall planning of the 802.11 space • Setting up of a Wireless Networkers’ Group • Stakeholders and Users • Role based user access • Ways of differentiating users on the network • Traditional Username/Password? MAC based? • Central ‘Ownership’ of the entire space
This is how you sell it… • Central Account Management • Anyone can play – Web Browser Auth • Abstract the user from the back end • Plug in to bring on-line • Build One – Deploy Many • Deploying networks in nasty locations • Internet Kiosks • No need to herd cats
Equipment • Hardware • Bluesocket WG-2100E Authentication Gateways • Variety of Base Stations and Access Points – Vendor Neutral – but…. • Software • RADIUS is the core • Airmagnet Sniffing Software • Account Management
Features Used • Variety of Authentication Mechanisms • Backend Kerberos Username – 60,000+ • 802.11 Roaming • LDAP • Local Flat file (yoiks!) • Static IP Allocations • Realtime Role Management • Triggered by network events • Walk-Up ports • Why stop at Wireless? • Library, College, Wet labs, etc.
Modifications • Requested Seamless Real-Time Role changing • Quota Exhausted • Unauthorised Activity • External ISP Applications - ADSL • Static IP allocations for special users • Walk-Up ports • Library, College, Wet labs, etc.
Politics • University Administration as a whole • ITLO’s – UQ’s IT Departmental Contacts • Users – Who, When, What and Where
Recommendations • Think not now – 12 months to 2 years • Expect everything to change • Be ready for ‘gee that would be cool’ • Profit from others mistakes • Scary Monsters • Biggest Lesson – LISTEN • If you don’t Risk being your own worst enemy • Admin, Users, RF guys, outside input
Where are we? • Completed Proof of Concept Install • 4 week trial • Supplied from Microbits • Hardware Delivered • 2 Bluesocket WG-2100 Gateways • Base Stations installed • Plugging in existing wireless and wired networks