March 2004 — Applications

Print this article

Click here to receive your FREE subscription to T.H.E. Journal

University of Florida Rolls Out Wireless Gateways for Secure Network Access, Control

How can network administrators provide secure wireless access to a vast user population scattered over a large area while keeping costs and complexity in check? This is a problem many university administrators and technology coordinators face, including those at the University of Florida, which has wireless networking deployment headaches that most enterprise network administrators will never have to face - starting with its size.

The University of Florida's main campus in Gainesville houses about 900 buildings spread across more than 2,000 acres. Last fall, there were more than 48,000 students supported by nearly 12,000 faculty and staff. And according to Matt Grover, the university's senior network engineer, the University of Florida had more than 20,000 distinct wireless devices. The administration's main problems centered on authenticating network users without causing excessive delays or significant additional network traffic. However, they knew that their solution would need to be easily deployed, reliable and affordable.

Homegrown Solution

The first solution the university applied was homegrown - an extension of the system that network managers created to authenticate users on the wired network. According to Grover, the university had a gateway based on a Linux router that was authenticated via the campus ID; the topology was VLAN (virtual LAN) aggregation behind core POPs. While the solution served the purpose of authentication, there were growing problems. "The hardware on the existing solution was aging, there were support issues, and the person who wrote the system had left the university," says Grover. "There were also slaving issues that made it decentralized, and the security group didn't have control over every piece of the infrastructure." With growing concerns about finding the necessary replacement parts and the ability to patch the software as required, network administrators at the University of Florida decided to begin the process of looking for a replacement.

The process of looking at possible replacements for the homegrown system began with the basics of authentication and security, but stretched to include a critical local issue: the ability for an authorized user to proxy a guest user into the system. This additional capability is unusual but necessary in an academic environment - where components from embedded controllers to game consoles might have a legitimate need to access the network but no way to pass through the normal authentication process. With the criteria in place, the review process began and quickly encompassed systems from a variety of vendors. According to Grover, it was Bluesocket's early response to the authentication proxy issue that set them apart from the competition.

"The one feature that was absolutely crucial was the proxy capability," says Grover. "Users needed it for conference phones, TiVo-like systems, PlayStations and other nontraditional UI (user interface) devices. Bluesocket wrote the feature into a unit the way we wanted before we ever bought the first box. That demonstrated a level of support and commitment that we were absolutely looking for."

Other vendors were unable to meet this requirement with the speed shown by Bluesocket. Also, the Bluesocket devices could be deployed as a drop-in replacement for the existing solution, so the University of Florida decided to move its wireless authentication to a Bluesocket platform in October.