University takes to the air.
The university originally planned to install network-connectivity jacks in the walls, so that students could plug in their laptops while in public areas. Students, however, did not want to wait in line for computer jacks, and they were not wild about always being tied to a wall. So, McGill opted for a wireless LAN (WLAN) solution from Colubris Networks for the campus-wide implementation.
Gary Bernstein, director of network and communication services at McGill, cites the strong security foundation of the Colubris WLAN as an important consideration in the decision. The solution, he notes, integrates multiple layers of security-*such as firewalls, virtual private network (VPN)-based encryption and user authentication-into the company's access controllers.
While the open-environment nature of a university campus provides a dynamic learning experience, the presence of thousands of individuals also poses network security issues. McGill wanted to ensure that anyone who logged on to the university's wireless network was a student, administrator or faculty member.
The solution consists of several CN3500 access controllers and nearly 200 CN30O wireless LAN bridges, which provide extended reach and capability to access the CN3500s. When McGill users initiate access to the wireless network, they must first authenticate their identity against McGill's existing RADIUS server, and then create a VPN tunnel to launch the session.
Colubris designed a method for users to both download and configure the McGill VPN client, which essentially self-installs and requires virtually no previous expertise in configuring VPN dialers. This relieves the load on McGill's customer-service department. The VPN tunnels ensure the integrity of the transmissions, allow the adversity to know who is connected to the network at any given time and give it the ability to terminate rogue connections. "This is the only way to correctly build secure wireless LANs7 says Bernstein.
During the pilot phase of the project, McGill installed wireless networks in the school's libraries, in the administration buildings and in classrooms. The installation worked well in the first two locations, with the senior administrators adopting wireless access at among the highest rates in the university. In the classroom, however, Bernstein found that the wireless network was not a perfect fit.
"It's tough when you have a lecture room filled with a hundred students and they're all logging on to the campus' wireless network." says Bernstein. "The technology performance and capacity availability worked exceptionally well, but the classrooms were filled with computer 'beeps' because students were logging on, checking their e-mail, doing instant messaging. Right now, we're exploring different avenues to introduce wireless in the classroom in a more optimal, controlled fashion."
That more optimal fashion may include giving only professors access to the wireless network while in class. Because of the network's user-authentication technology, McGill can create a segmented "premium service" access point, meaning that a professor's login information would work in the classroom, but a student's would not. This would allow professors to integrate technology into the classroom.
The Colubris approach allows McGill to segment policy by location through access point location-awareness, via the individuals credentials in the RADIUS database and other means, to ensure maximum policy-enforcement flexibility.
Eventually, Bernstein expects that the system will scale to approximately 1.000 access points.
For more information from Colubris Networks: www.rsleads.com/404cn-250
|Printer friendly Cite/link Email Feedback|
|Title Annotation:||Wireless; McGill University|
|Date:||Apr 1, 2004|
|Previous Article:||Strategies for deploying Wi-Fi: standards offer various options suitable for a variety of customer implementations.|
|Next Article:||Management software eases WLAN access: new tool aids the rapid growth of wireless computing at Maryland university.|