Aruba delivers secure, controlled connectivity throughout one of University of Cambridge's largest colleges
Founded in 1511, St John's College is one of the largest colleges at Cambridge University. It is home to more than 500 undergraduates and 300 postgraduates. Alumni include the winners of ten Nobel Prizes, seven prime ministers and twelve archbishops.
Cambridge University is based on a federated model, within which each College operates largely independently. The University offers several shared services, including some IT, but St John's determines its own policies.
"Like all Cambridge Colleges, St John's is a self-contained community in its own right, where people live as well as study," says Simon Mallows, Assistant Computer Systems Manager - Network Systems, St John's College, Cambridge. "We wanted to be the first college to provide a home network-type environment, where people could stream media, use their iPad or connect to a wireless printer."
Categorising different users
Aruba were the only people to offer the kind of control we needed. Plus, we were looking to replace our firewalls and we knew Aruba ClearPass Policy Manager worked really well with our choice of Palo Alto Networks. Simon Mallows, Assistant Computer Systems Manager - Network Systems, St John's College, Cambridge
At the heart of this connectivity is Eduroam, the global roaming service for users in research and higher education.
"Eduroam had to be the primary connection," says Mallows, "but we want to be able to put users into different categories – College students, Fellows and staff, other eduroam users, and guests."
Wireless connectivity is of growing importance both to current, and prospective members of the College, both for their work, and away from their studies and research. "We have had academics wanting to do presentations using Apple TV," Mallows says. "Students also want to work from their rooms, from a device of their choosing. We needed to deal with wireless properly. And it's better to try and control it than just let it run rampant."
Control where it's needed most
Mallows says Aruba was already in mind when the requirements were being drawn up. "Aruba were the only people to offer the kind of control we needed over MDNS traffic. Plus, we were looking to replace our firewalls and we know Aruba ClearPass Policy Manager works really well with our choice of Palo Alto Networks. And Aruba is the solution provider for the wider, University of Cambridge network, which allows us to retain overall compatibility."
Also in Aruba's favour was St John's 10-year relationship with KHIPU Networks, an Aruba platinum partner. KHIPU Networks is focused on the education sector, it is also a specialist in implementing Aruba ClearPass.
The Aruba solution comprises 200 Series access points, four Aruba 7210 controllers, Aruba AirWave Network Management, and Aruba ClearPass Policy Manager (including OnGuard licenses for 500 end points). The roll-out was phased, with half the access points and controllers, AirWave and ClearPass in place by the start of the 2016-17 academic year. The rest of the access points on the main site will be in place by the start of the 2017-18 academic year, with off-site properties owned by the College to follow as quickly as possible.
"We were able to lay the foundations for the eduroam part of the system pretty seamlessly in the spring, then tested and developed the solution during the Easter Term," says Mallows. "We then ran the guest part – which doesn't use eduroam – with guests using the College as a bed and breakfast over the summer. Meanwhile, we continued to tweak the eduroam aspects and Aruba AirGroup, and then brought the wired switches onto the system."
Flawless launch, with little fanfare
The service launched with little fanfare. "As we hadn't achieved complete coverage on the main site, we didn't want to promote it too heavily in the first year, just get it up and running," says Mallows. "It's been nice to say 'yes' when students ask if they can connect their device. We're now reaching the stage where we can be more proactive about letting students know this service exists."
Around 800-900 devices are connected to the network at any one time. "We expected a large number of personal devices, but if I've been surprised by anything it's the number of Amazon Echoes," says Mallows.
Students and Fellows collect all the details and instructions they need to connect upon arrival. They can connect their phones, tablets & computers to eduroam and they can connect devices that are not capable of 802.1x authentication to a wireless SSID 'St Johns WiFi' in the College. They then 'share' these devices with their eduroam identifier. Any devices on eduroam using this identifier can then 'see' the devices connected on St Johns Wifi, effectively creating their own 'bubble'. With the cooperation of the University this has the potential to be spread out wherever the University provides eduroam.
"We can put users on different subnets or roles and they can still connect to everything in their bubble," says Mallows. "We could have a dedicated MDNS/Bonjour subnet if we chose to. Students or Fellows have total control over what devices they register or remove, and what usernames they add to their personal bubble."
As a major conference venue and a place which during parts of the year runs bed and breakfast accommodation, the College also has numerous visitors who also need similar connectivity but are not eduroam users. Visitors can self-register for up to a week without any staff interaction – if they are staying longer, Mallows' team can either set them up with an account or modify their self-registration. B&B guests have their own dedicated SSID during B&B season – devices registered to the B&B system cannot connect to the St John's Visitors SSID (and vice-versa).
"And across all of this," says Mallows, "we have good troubleshooting tools through Aruba Clearpass Access Tracker, Insight and AirWave."
Encouraging greater use of the wireless network
Since launch, Mallows and his colleagues have demonstrated the service both to other colleges in Cambridge, and the University's administration.
"The next step," says Mallows, "is to get more devices and more applications into the teaching environment. For example, we can certainly help in retiring old AV equipment and getting smart devices onto the network."
Mallows says St John's now has a platform in place on which to build new services. "With Aruba, we have a system that allows access to public streaming devices with little interaction from members of staff. That may not seem desperately important right now, but it means that our system is already set up for future developments in which it will be much more significant."