One option was a single-vendor solution that would offer scalability, compatibility, and broad service-level agreements, but Husain is wary of these soup-to-nuts solutions. “The old way of thinking was to buy one single proprietary solution, because [the systems] will all talk to each other,” said Husain. “But anybody who’s implemented PeopleSoft, Blackboard Transact, or anything knows that even single-vendor solutions don’t necessarily integrate well.”
Kicking Off the Wi-Fi Revolution
Instead, IT is pursuing a strategy of installing best-of-breed products to cover a host of service needs ranging from the firewall to Wi-Fi access points. “We’re looking for elegant integration and clean services,” said Husain. “Apple didn’t become Apple because it was clunky. The same concept applies here.”
For Teachers College, the Wi-Fi revolution kicked off in 2014 with an analysis performed by Gartner, an IT research and consulting firm. Once IT had a clear picture of the infrastructure challenges facing the school, it evaluated vendors that could meet those challenges. Ultimately, it selected Aruba, now a Hewlett Packard Enterprise company, to provide the core of its wireless solution. This included Aruba AP-225 802.11ac access points, installed throughout the college’s 12 buildings; 7200 Series Mobility Controllers; and AirWave network management to help monitor client behavior and troubleshoot problems with mobile and web apps.
“We’ve tripled the amount of Wi-Fi access points throughout the campus,” said Dan Aracena, director of infrastructure support services. “Not only has our footprint increased, but our bandwidth and our Wi-Fi technology have improved dramatically as well.” Since the school made the switch, according to Husain, wireless speeds have increased from 50 Mbps to 200 Mbps.
Loving the “Free Love Philosophy”
But Teachers College did want to keep one feature of its old wireless system in place: Columbia’s Free Love philosophy. At the heart of this concept is the belief that no one on campus should have to log in to the wireless network to access the Internet. “It’s an open, public Wi-Fi network,” said Husain. “But we needed to address some of the security risks with regards to digital-rights management, bot attacks, and so on, and make sure that we separated the applications network and the college’s key network services from the public Wi-Fi.”
To make this possible, Teachers College will employ Aruba’s ClearPass, a NAC policy manager that allows IT to set context-based security policies. “It’s not as simple as a firewall rule that says one user can do one specific thing,” said Akbari. “It’ll actually look at behavior and allow [certain actions], but if your behavior changes, the policy can change as well.”
Akbari believes ClearPass will help deter the man-in-the-middle attacks to which the school is currently susceptible. “With ClearPass, every system that’s running Wi-Fi that goes through 802.1x will have an encrypted connection, as opposed to the Wi-Fi at the local coffee shop, for instance, where anyone can see the data you’re sending,” he said. “This will be a major step up for students.”
ClearPass will also be integrated with Active Directory at the application level, although the school is implementing additional security measures, including multi-factor authentication, for its ERP systems.
(Next page: A new breed of wireless network firewall)