University of Essex – Campus Wide Wi-Fi

Monday 7th July, 2014

With the use of Wi-Fi soaring, the University of Essex’s decision in 2006, to put in an enterprise-grade wireless network, in partnership with Khipu Networks, has proved to be a farsighted one. It has enabled the university to double its coverage, upgrade to new wireless standards, and increase system capacity ten-fold, all with little or no disruption to users.

“Seven years ago we were quite late in university terms putting in wireless, but not so many people were using it,” says Andrew Larkin, the university’s network manager. “Then three years ago we saw an explosion in the usage. We have a huge number of students with smartphones or tablets – it went from one wireless device between three or four people to three devices per person. Now everyone uses it – students, staff, visitors and so on – and they expect coverage in every corner.” However, while the number of connected devices has jumped ten-fold, “the bandwidth requirement hasn’t gone up so much because most people only use one device at a time,” he adds. In addition, where the original users would sit down, connect their laptops and work, the new ones are wandering around with their devices connected all the time. Along with the need to support more wireless access points (APs), that’s a significantly higher load on the wireless network and its controllers. So with the university’s two Aruba controllers and its 250 APs reaching end of life, it decided to replace the APs with newer AP105 and AP135 models, and to install six new 7000-series controllers.

“We are doubling the number of APs and phasing out the old 11bg-only ones. As well as that, we are putting in controller pairs on each of our three main campuses, both for better resilience and because the system is so much more heavily used now,” Larkin explains. Like many organizations, universities normally wait to carry out IT upgrades when most of their users are absent – typically during the summer vacation. But Larkin says this is not necessary, thanks to the high degree of compatibility across Aruba’s product range. “We can just transfer the old access points to the new controllers, then replace the access points building by building,” he says. “We also get the ability to move on to newer technologies in time, especially 802.11ac and 11ad. The new Aruba APs work in exactly the same way, so they can just drop in as replacements. And while we are not using Wi-Fi for teaching yet, it means we can put the infrastructure in place to support it when it happens.”

Another big help was Aruba’s strategy of working through experienced reseller partners – in the University of Essex’s case, this is Khipu Networks. Larkin says that while Khipu’s responsibility for the original wireless network in 2006 was just supply and configuration of the equipment, in the years since then he has seen the company grow in expertise and its product portfolio, to the extent that it is now his first port of call when his team have an issue or problem they can’t deal with. “Their technicians have the sort of expertise that is very important in wireless for getting people connected securely,” he says. “Often they will have seen the same problem elsewhere, so they already know the answer.” An experienced IT partner can also provide the subject matter experience – and therefore the negotiating weight – that in-house teams may lack, adds Khipu’s Matt Ashman, who has worked on the University of Essex project. He cites helping reach agreement with the university’s estate management team on locations for external APs and on the challenging task of covering the university’s flagship Ivor Crewe Lecture Hall. Fortunately, while the network needed considerable reinforcement to support the big increase in BYOD (bring your own device), where users expect to be able to connect their own laptops, tablets and smartphones to their organization’s wireless network, it has not brought as many challenges at the client end. “In some ways BYOD is easier now,” Larkin says.

“Seven years ago the devices weren’t mature, so we’d get a laptop in and we’d have to download drivers and so on to make it connect properly. “We don’t see that now. Authentication has matured too – most devices support 802.1X so there’s no need for captive portals. The biggest problem now is that Apple devices want to work in a single-AP home environment, and find roaming across lots of Aps in an enterprise environment a bit more of a challenge.” Monitoring and access control is even more important now, though, so the university has also invested in Aruba’s Airwave 700 monitoring software, and in its ClearPass Policy Manager and ClearPass Guest software for user management. Larkin says Airwave should give his team “more visibility of where the users are,” while ClearPass will help get visitors and guests connected – a vital task in today’s universities which expect to host conferences and other public events, as well as academic visitors. “We have two mechanisms for visitors, one is a login name and password from the Aruba ClearPass controller, but we can also generate our own Eduroam accounts that only work on this campus,” Larkin explains.

Eduroam is the world-wide, secure roaming service for the academic and research community. He adds: “Conference visitors have to be handled differently from academics, because we can’t allow members of the public to use our Janet [the UK’s research and education network] connection, so we drop them on a different VLAN connected to a separate Internet circuit. Fortunately Aruba had already thought of this kind of requirement – it’s part of the ethos of access control.” Larkin concludes that, as part of getting the right technology in place, it is vital to engage with the right suppliers – and if you don’t yet know what to look for, then ask your peers, because at least some of them will already have done it. “The key thing is to ask the right questions in the tender,” he says. “We did talk to other universities – they are usually willing to share their tender documents and so on. Then my advice is to go with a partner you trust, and if you’ve never worked with anyone in that area before, ask around.”