Oct 31 2006

Campus Network

Colleges and universities from coast to coast are adding wireless access in common areas where students and faculty congregate.

At Temple University, almost every classroom, lab, library and dormitory room has a wired Internet connection of at least 100 megabits per second (Mbps)–and has had it for years. Now the 34,000-student university, which has 24,000 students at its main campus in North Philadelphia, is moving toward a parallel capability of near-ubiquitous wireless coverage on campus, while balancing the competing needs of security, ease of access and cost containment.

It's a scene repeated across the country. Colleges and universities, which have been on the forefront of the wired Internet revolution since the mid-1990s, are adding wireless access in common areas where students and faculty congregate, and weighing the costs and benefits of the seamlessly wireless campus versus selective hot spots. Sometimes, rapid adoption of wireless follows. Other times, the ubiquity of wired access means the university moves more deliberately, starting with common areas where there's no wired access.

“Wireless is in our future,” says Tim O'Rourke, Temple's vice president of computer and information services. “We have 450 access points across campus. You can walk from one end of campus to the other without losing connectivity.”

This situation is very different at the University of Arizona (UA) in Tucson, which has 35,000 students. “Wireless is very minor on this campus,” says Ken Boynton, network systems analyst, senior. “We have a very well-wired campus with gigabit connections.” He adds that there is increasing demand for wireless–mainly from students.

Wireless access points are installed at UA as departments request them. The university is seeking a request for information, leading up to a request for proposal, for Wi-Fi and will follow with an RFI for wireless broadband. That could include 802.16 (WiMAX) wireless, but UA won't invest in equipment until standards are ratified and new lines of products are available from leading suppliers.

Well-Saturated Coverage

Reed College, with 1,340 students in Portland, Ore., has wireless coverage for 90 to 95 percent of its 100-acre campus, primarily using Cisco 1231g access points, says Martin Ringle, chief technology officer and director of computing and information services. There is 802.11b and g coverage, but no 802.11a. Ringle notes one of the drawbacks of b/g wireless: When 11Mbps 802.11b users and 54Mbps 802.11g users congregate, the shared connection tends to degrade toward the slower speed. Reed uses a simple but in-person guest sign-up.

“Generally, saturation is good, but you could walk along and hit a cold spot where the signal is weak or nonexistent,” Ringle says. When a wired connection is available, he notes, “you plug it in and it works–end of story.”

Cornell University in Ithaca, N. Y., took a different approach to the wireless issue. Its Red Rover service (Cornell's nickname is Big Red) provides casual guest access to anyone on campus, but it's limited to Internet access for browsing, Web-based e-mail and virtual private network (VPN) services, says Steve Schuster, director of IT security. Cornell runs multiple wireless configurations on the same Chantry routers with 802.11a, b and g coverage.

Faculty and students can get fuller access, including Cornell data services and network printers, through Media Access Control (MAC) registration or 802.1X. Soon, the access points will implement the 802.11i security standard that goes beyond Wi-Fi Protected Access (WPA). Cornell credits a metered-use network access service with helping to reduce outside attacks.

Improving Network Security

College IT staff and directors are searching for ways to improve security, particularly through 802.11i. In some cases, they are shifting away from current Wi-Fi (802.11a/b/g) to wider-area networking such as 802.16 (WiMAX).

The University of Arizona routes wireless traffic off the campus before it comes back inside. Faculty and staff who want wireless access to official college data stores must use VPNs.

Cornell's network policy dates to the mid-1990s, and IT management believes it has been broad enough to anticipate wireless notebooks and personal digital assistants. Even so, a new policy that touches on mobile defenses is in the works. Rather than a campuswide firewall, Cornell's IT department “helps [Cornell] units make local decisions,” Schuster says. “We also strongly support the need and strategy of a defense-in-depth model of security.”

Temple has an Alteon switched firewall running Check Point around the perimeter and puts a Sygate network-access control agent and Symantec antivirus software on every residence hall and faculty/staff computer. The university will extend these safeguards to wireless notebook PCs. Access to Temple data is via VPN for on-campus wireless devices and every off-campus device.

WiMAX draws a lot of interest, but has not yet received unabashed approval. Reed's Ringle thinks the wide coverage of 802.16 may be more appropriate for larger college campuses. Arizona's Boynton notes that the UA campus is split by busy streets, so wider coverage would not be advantageous unless it were strongly secured.

R. David Vernon, director of network and communication services at Cornell, says the university provides limited off-campus networking, such as to fraternities and sororities, via fiber-optic ties. WiMAX, he says, “may change how Cornell thinks about [providing] access to its members even when they are off campus proper.”

At Temple, where just 4,500 students live on campus, wireless networking for off-campus students may come with Philadelphia's new contract with EarthLink, which will provide a low-cost wireless mesh network across the city. “I hope they do it,” O'Rourke says.

Controlling Bandwidth Demands

Faced with skyrocketing network traffic that was straining its network infrastructure, Cornell University hit on a simple and elegant solution: Charge students, faculty and staff for access to the campus network and ramp up the charges for users who can't curb their enthusiasm.

The monthly fee–about $9 for dormitory port, Internet Protocol and infrastructure fees–is a drop in the bucket at this Ivy League institution, where tuition, room and board add up to $41,700 a year. For the monthly fee, faculty, staff and students get 2 gigabytes of bandwidth per month to and from the Internet; unlimited bandwidth inside Cornell's network; access to a Napster music server inside the Cornell network, which is funded by student fees; and simple tools to see how many bytes a person has used. If an individual exceeds that generous amount, a surcharge kicks in: 0.15 cents (15/100 of a penny) per megabyte.

Since the fee structure was implemented in July 2003, total bandwidth consumption has fallen by two-thirds among students and has held flat among faculty and staff. In April 2003, students consumed more than 60 terabytes; a year later, it was below 20TB. Though the bandwidth cap applies to wired use, it may be applied to wireless use as that becomes a bigger part of the Cornell infrastructure.


• Communicate your network and wireless network policies to your campus constituencies. A carefully written general policy will be able to accommodate new wireless devices that arrive on campus–even a Wi-Fi-connected game console/browser.

• Install firewalls, which can work well at the institutional, departmental and individual user level, and protect your network from intruders.

• While everyone loves the concept of students and professors being connected everywhere on campus, the current generation of 802.11a/b/g wireless focuses on providing access (other than in densely populated urban campuses) in dormitory common areas, dining halls, some libraries and popular outdoor areas.

• Start making plans for wide-area networking, such as 802.16, which covers the campus with fewer access points and also covers nearby off-campus areas where some students, staff and faculty live.

• Look to routers and access points that can handle multiple performance and security protocols so you don't have to add new hardware to upgrade the system.

Bill Howard is a freelance technology writer based in New York.