UC Davis Information & Educational Technology

Centrally-managed Wireless Networking: Plans and Status

Quick Links

Quick Links

Background

In June 2006, the CCFIT Wireless Task Group recommended that the campus move toward increased and improved wireless services by centralizing the deployment and management of the wireless infrastructure. A centrally-managed solution would provide a number of benefits, including:

  • Standardized services
  • Seamless roaming
  • Secure access
  • Radio frequency (RF) management, and
  • Improved coverage.

Improved wireless services support the mission of the University by providing reliable anytime/anywhere services that enhance staff, student and faculty collaboration and productivity.

Improving Wireless Services: Recent Developments

The technological components required to support a next generation centrally-managed wireless solution are nearly in place. These components are either undergoing final integration testing or have been deployed on a small, proof-of-concept scale. A brief description and status update of each of those technological components are provided below.

Testing and development

In anticipation of the demand for improved wireless services, Communications Resources (CR), in conjunction with the IET Middleware group has engaged in several testing and development efforts. Goals:

  • Enhance the versatility and performance of the existing centrally-managed wireless infrastructure;
  • Facilitate the long-term expansion of wireless networking at UC Davis by upgrading the current wireless network to a next generation controller-based solution.

Once these development efforts are completed, all the principal technological components will be in place to support a major expansion of wireless services. Anticipated completion: March 2007.

Evaluation of Next Generation Wireless Systems
  • What we’ve done: Configured and tested next generation wireless networking systems from vendors such as Cisco, Foundry/Meru and Aruba.
  • Testing criteria: Performance, features, service enhancements, management capabilities, and ease of integration into the university network.
  • Timeframe: CR is completing the final testing and will produce a summary report with functional requirements and a recommended wireless solution.
Key functional requirements under test:
  • Radio Frequency (RF) Management – RF management features inherent within the access-points and the wireless management software provide the means to dynamically adjust channel and power settings on access-points, detect rogue transmitters, and mitigate interference sources.
  • High Density Wireless Support – Classroom spaces with a high concentration of end-users demand substantial throughput.  The centrally managed solution must support high-density configurations as well as “standard” density deployments.
  • Security Features – Encrypted wireless access will be deployed on wireless services, and enhancements to network admission such as the 802.1x protocol must be supported and manageable.
  • Management of Department Wireless LANs – The wireless architecture will provide the means for university departments to extend secure and authentication wireless connectivity into departmental Virtual LANs (VLANs).  The wireless solution must integrate with Radius and LDAP services to extend wireless services directly to campus department networks.
  • Managed Guest Access – The wireless solution must support the integration of restricted services for guests and visitors to the university.
Enhanced Authentication Services
Two key projects are underway:
  • Incorporating a 802.1x component to the existing MoobileNet wireless network
  • Developing processes and tools to enable department network administrators to populate the campus LDAP servers with lists of users authorized to access departmental VLANs via wireless connections (longer term). This will also be extended to the “wired” network
Wireless System Deployments
  • In partnership with the Veterinary School, CR has tested and deployed a controller-based wireless solution that scales to support incidental as well as intensive use.
Deployment Modeling Tools
  • CR has developed modeling tools that characterize costs associated with deploying a centrally-managed, controller-based solution. 
  • Can characterize the capital costs associated with wireless deployments by geographic area, by building, or by functional areas such as classrooms spaces, research spaces, administrative areas, etc. 
  • CR has acquired modeling tools that optimize the placement of wireless access-points within buildings to provide the most efficient coverage. 
  • Working on characterizing the operational and life cycle costs associated with centrally-managed wireless support.

Preparing for 802.1x Wireless

Once 802.1x services enter into production mode, new wireless services can be rolled out to campus customers who access the centrally-managed wireless system. The following wireless services are in testing and development:

Enhanced Security

The use of the 802.1x with Dynamic WEP session keys will provide encryption and security for the campus wireless network and its users.  Because 802.1x is a newer protocol, older and less popular operating systems do not always have built-in software clients.  To mitigate this issue, the new wireless solutions are being tested to ensure backward compatibility with current Web-based authentication systems in use on campus.

Department VLAN Support

With 802.1x and Radius services, department VLANs can be extended into the wireless network and access control can be delegated to department network administrators.

  • Controller-based solution incorporates department VLAN support as a standard service feature.
  • Existing MoobileNet can accommodate limited department VLAN support.
Network Admission Control (NAC) System

IET is examining ways of enforcing end-point (personal computer) security measures. Such measures might include requiring end-points to have up-to-date software patches, current anti-virus software, and an installed personal firewall before being allowed to connect to the campus network. During the 802.1x authentication process, NAC systems interrogate end-points to ensure that they meet minimum-security requirements before access is granted.  We are evaluating several NAC products.


Preparing for Broader Campus Deployment

The pace of wireless deployment in the short-term will depend upon demand from campus departments and the availability of core funds to support deployments across campus.  Several issues need to be addressed to prepare for any significant expansion/upgrade of centralized wireless infrastructure and to deliver enhanced wireless services on a larger scale. IET is working with a campus working group established by CCFIT to identify options and address these issues.

Funding

A next generation wireless solution will require a significant funding commitment by the campus. The cost to “paint” the campus will be on the order of $8 million.  However, the solutions being tested and developed can be built out and supported over a number of years.  Deployment can be as large or small as practical within the bounds of available funding.

Prioritization

Deploying a centrally-managed wireless solution over a number of years will require the campus to prioritize the buildings or functional spaces that will receive enhanced services first.  CR can cost any suggested prioritization list, and several examples and recommendations have been developed to this effect.  However, the final decision on priority should have widespread consensus on campus.

Rates and Cost Recovery

Currently, IET recovers one-time costs (consulting fee, equipment costs) from departments requesting wireless services. Replacement costs for equipment and funding for operations and maintenance is covered by core funds and from wired network fees. An additional revenue source will need to be identified to cover expenses are these costs grow in relation to the demand for centrally-managed wireless services.