Why Teachers College blew up its wireless network

To help prepare Teachers College, Columbia University for the 21st century, the IT department decided the best way to fix its existing wireless network was to throw it out.

What would you do if you could blow up your school’s entire wireless network and start all over again? That’s exactly what Teachers College, Columbia University has done, as the storied institution seeks to position itself for the 21st century, complete with cutting-edge online instruction and highly automated classrooms.

“When I realized that the university was willing to rip everything out and start new, I knew we would be able to do some very innovative things,” said Amir Akbari, chief information security officer for Teachers College. “That’s really important. You need to be able to start from the beginning, and build up a brand-new beautiful foundation.”

For Naveed Husain, hired in 2014 as CIO to direct the college’s IT makeover, the decision to start from scratch wasn’t so much a choice as a necessity. “The college had deferred maintenance on infrastructure IT for several years,” he said. “More than three-quarters of our networking equipment was end-of-life.”

The problem had grown worse in recent years as students and faculty, who together comprise about 6,400 users, flooded the campus network with as many as three devices each. “If our faculty tried to download a movie on YouTube for a presentation, it would lag,” said Husain. “We had 10 gigabytes to the Internet through Columbia, so it wasn’t as if we didn’t have enough bandwidth. It was our network infrastructure that couldn’t tolerate it, and we didn’t have enough Wi-Fi access points.”

Faced with these problems, many universities would choose simply to upgrade their existing infrastructure, adding APs and optimizing performance. But the IT department had grown disenchanted with the level of performance and support from its existing wireless vendor. “We gave the company a significant amount of time to help us redesign the network,” explained Husain. “It’s generally easier to upgrade an existing product, simply because you have a talent set that already knows it.”

But the school’s willingness to head in a new direction was also a reflection of a new philosophy that Husain wants to instill in the IT shop. “We now approach the Teachers College IT department as a startup,” said Husain. “We want to be lean, low-cost, lightweight, and agile. When the president of the college starts using the word ‘agile’ and knows what it means from a tech perspective, you really need to up your game.”

(Next page: Choosing the best new wireless network strategy, services)

One option was a single-vendor solution that would offer scalability, compatibility, and broad service-level agreements, but Husain is wary of these soup-to-nuts solutions. “The old way of thinking was to buy one single proprietary solution, because [the systems] will all talk to each other,” said Husain. “But anybody who’s implemented PeopleSoft, Blackboard Transact, or anything knows that even single-vendor solutions don’t necessarily integrate well.”

Kicking Off the Wi-Fi Revolution

Instead, IT is pursuing a strategy of installing best-of-breed products to cover a host of service needs ranging from the firewall to Wi-Fi access points. “We’re looking for elegant integration and clean services,” said Husain. “Apple didn’t become Apple because it was clunky. The same concept applies here.”

For Teachers College, the Wi-Fi revolution kicked off in 2014 with an analysis performed by Gartner, an IT research and consulting firm. Once IT had a clear picture of the infrastructure challenges facing the school, it evaluated vendors that could meet those challenges. Ultimately, it selected Aruba, now a Hewlett Packard Enterprise company, to provide the core of its wireless solution. This included Aruba AP-225 802.11ac access points, installed throughout the college’s 12 buildings; 7200 Series Mobility Controllers; and AirWave network management to help monitor client behavior and troubleshoot problems with mobile and web apps.

“We’ve tripled the amount of Wi-Fi access points throughout the campus,” said Dan Aracena, director of infrastructure support services. “Not only has our footprint increased, but our bandwidth and our Wi-Fi technology have improved dramatically as well.” Since the school made the switch, according to Husain, wireless speeds have increased from 50 Mbps to 200 Mbps.

Loving the “Free Love Philosophy”

But Teachers College did want to keep one feature of its old wireless system in place: Columbia’s Free Love philosophy. At the heart of this concept is the belief that no one on campus should have to log in to the wireless network to access the Internet. “It’s an open, public Wi-Fi network,” said Husain. “But we needed to address some of the security risks with regards to digital-rights management, bot attacks, and so on, and make sure that we separated the applications network and the college’s key network services from the public Wi-Fi.”

To make this possible, Teachers College will employ Aruba’s ClearPass, a NAC policy manager that allows IT to set context-based security policies. “It’s not as simple as a firewall rule that says one user can do one specific thing,” said Akbari. “It’ll actually look at behavior and allow [certain actions], but if your behavior changes, the policy can change as well.”

Akbari believes ClearPass will help deter the man-in-the-middle attacks to which the school is currently susceptible. “With ClearPass, every system that’s running Wi-Fi that goes through 802.1x will have an encrypted connection, as opposed to the Wi-Fi at the local coffee shop, for instance, where anyone can see the data you’re sending,” he said. “This will be a major step up for students.”

ClearPass will also be integrated with Active Directory at the application level, although the school is implementing additional security measures, including multi-factor authentication, for its ERP systems.

(Next page: A new breed of wireless network firewall)

New Breed of Firewall

Rounding out the suite of security and performance improvements is a cutting-edge firewall from Palo Alto Networks. “It’s going to give us tremendous visibility not only to the information that’s coming through the network bubble, but also the application,” said Akbari. “We can do some very specific filtering around the application, if we choose. For instance, we could say, ‘We’ll allow Facebook in general, but we won’t allow posting to Facebook.’ We can put some very fine-print controls to improve our access.”

In keeping with Husain’s vision for a clean, elegant solution, the firewall integrates seamlessly with ClearPass. “ClearPass can actually inform the firewall of the user for specific traffic, which adds even more intelligence,” explained Akbari. “Both of these products also integrate with our login software, which collectively makes them a much more powerful technology platform.”

Supporting the New Digital Landscape of Education

The installation of a cutting-edge wireless infrastructure represents a critical first step in supporting the school’s push into what it describes as “the new digital landscape of education that has emerged in the 21st century.” To that end, in 2014 the college hired a vice provost of digital learning to lead its online offerings and is currently prototyping a new generation of high-tech wireless classrooms.

“We want the classrooms to have presence awareness,” said Husain, who envisages the automation of everything from scheduling and lighting to projection needs—even the ability to take attendance by scanning student’s devices. “When a faculty member walks into the classroom, it should reset according to that faculty member’s expectations. The room should know who is using the room, who its occupants are, and set the mood accordingly.”

While many of these plans are still on the drawing board, one thing is clear: None of it is possible without a reliable wireless solution. “Everything we’re rolling out now will give us the ability to do advanced things down the road,” said Akbari. “As we better understand the requirements of our students and of the college, it will give us a lot of flexibility in the future.”