K-12 School District Makes Big Move to Wireless, Giving Students, Faculty and IT Staff Hassle Free Connectivity

Spring Independent School District (Spring ISD), north of Houston, Texas, is known for its innovation in technology to enhance education. In fact, Spring ISD installed a two-way fiber optic ring by burying fiber and connecting each school with Gigabit Ethernet in 1999 and has deployed 2,300 IP phones along with a converged voice, video and data network for use of faculty, administrative staff and students. As a next step, the school board wanted to provide one-to-one, continuous computer and network access to every single one of the 27,000 students in the district.

The Spring ISD IT staff knew from experience that dropping 30 to 35 Ethernet lines to each classroom was not feasible or economical. At $200 per drop, the cost was prohibitive. But with wireless it was a different story. Because Wi-Fi is extremely flexible and cost-effective, the IT staff quickly realized that 802.11 technology was the obvious choice, if it could be made truly secure and manageable from a singe point. The IT staff believed wireless could have a profound impact on school operations and student productivity. They were right.

But before choosing the right wireless solution, Spring ISD had three key concerns. Pete Davis, assistant network engineer, led the IT team responsible for the wireless implementation. “First and foremost, we wanted a ’thin’ AP-based system which could be centrally controlled and scaled to support the district’s growth plans. The second priority was wireless security beyond merely link layer encryption. We required 802.11 a+b/g wireless access along with wireless intrusion detection and RF spectrum management across both the 2.4 and 5 Ghz bands from the same system. And third, whatever system we chose had to be extremely cost-effective. We had to find a way to operate within our existing allowable budget for now and the next few years.”

With this strict set of requirements, Davis and his team considered a number of suppliers, but ultimately turned to Aruba. Only Aruba gave Davis and his team at Spring ISD a scalable modular WLAN switching system that offered a seamless overlay to the existing IP network without any physical or logical changes, multiple layers of wireless security and simultaneous support for thousands of users on a single Wi-Fi switch.

Spring ISD is implementing the Aruba-based wireless network in phases. In the first phase, completed earlier this year, the district IT group deployed a single Aruba modular 5000 Wi-Fi switching system in its central office which included the full suite of Aruba security applications along with 75 dual-mode, dual-band Aruba 802.11a+b/g APs throughout the district for use in meeting and training areas for faculty. Additionally, Spring ISD chose one school, Bammel Middle School, for a full implementation including 28 APs controlled from the single 5000 system. The district plans to provide every teacher in the district with a laptop with an integrated 802.11a+b/g network interface card (NIC) by August 2004.

In the second phase, Spring ISD is issuing every high school student a laptop and provide handheld devices with integrated Wi-Fi to middle and elementary school students so they can safely access a variety of programs and online resources. Within five years, Spring ISD anticipates having nearly 30,000 wireless enabled devices, including those for students, faculty and administration.

For security of the network, Spring ISD is using strong data encryption with Wi-Fi Protected Access (WPA) technology coupled with user and device authentication and user-aware firewalling. Davis plans to ultimately migrate to 802.1X for simple, centralized configuration as new user devices come online. Users and user groups, once authenticated, only have access to specific network resources. Additionally, the district IT group dedicated a number of APs as RF monitors for remote troubleshooting and protecting against rogue devices as well as malicious users trying to gain illegal access to the network.

“With the Aruba system, I can now define and enforce security policies in conjunction with user authentication, so users don’t get access until I know who they are and specify what they can do on the network,” said Davis. “Aruba has the only system that allows us to put in place a variety of security layers that protect the data, the network and the users simultaneously. This was the single biggest issue inhibiting our deployment of Wi-Fi in the district.”

Spring ISD currently has three extended service set identifiers (ESSIDs): one is for basic Internet and is intended for visitors to the network and the remaining ESSIDs are defined for different user groups. “One important benefit of the Aruba solution is its ability to support up to eight SSIDs per AP and map multiple VLANs to a single SSID,” said Davis. “The strength of Aruba is the flexibility it gives us for security - now we can do nearly anything we want.”