At the University of San Diego (USD), while students and faculty look forward to summertime, the USD Wireless Team is working without any real breaks. The USD Wireless Team knows that summer brings more than 12,000 visitors on campus for events, sports camps, and conferences. Each year the Team is faced with a number of challenges in supporting these visitors, including providing secure wireless internet access across a campus that spans 180 acres.
The University offers a wireless network for approximately 18,000 registered users with USD credentials, which also allows them access to the internet and various resources such as internet and VPN access on the campus network. There was also a guest network that anyone could access by entering an e-mail address with minimal security.
The USD Wireless Team began searching for a solution that would allow
users to easily create temporary login accounts for its guest network.
With this in mind, the USD Wireless Team began searching for a solution that would allow users to easily create temporary log-in accounts for its guest network. The bigger goal was to protect the guest network from anyone connecting anonymously, where there was no way to confirm their identity. They discovered that half of the users on the guest wireless network were actually students who should have been using the separate student network. The USD Wireless Team realized it needed an authentication solution that captured log-in data to track attributes such as a user’s role and connection information.
Evaluating Requirements
Leading up to the summer of 2009, the USD Wireless Team had evaluated a number of different products to address these issues. The crucial aspect of this project initially was to identify the requirements for the University’s secure wireless access system, and none of the products evaluated met the majority of their requirements.
Besides visitor bulk account and self-registration options, these requirements also included:
• Compatibility with the University’s current Aruba wireless network
• Out-of-band management
• Credit card and promotional code network usage options
• Integration with its CASHNet credit card payment system
• Full redundancy/failover
• Ability to host its guest captive portal
• Built-in RADIUS
• Reporting for each user.
Since the USD Wireless Team is a three-person IT team, a solution that was easy to use and required low maintenance was also a key factor in its search.
In late April 2009, the group still faced this challenge, and its goal was to have an operational system deployed by June 1. At the end of April, the Team learned about the Avenda Systems eTIPS 5000 Series identity-aware policy platform, and quickly performed several tests.
The eTIPS solution consists of a hardened network appliance, a flexible policy platform, and a built-in guest access application. It centrally manages policies for multi-vendor equipment across all access methods and supports major operating systems, managed and unmanaged endpoints, and existing identity stores. After thorough testing, the USD Wireless Team concluded that eTIPS met more requirements than the other products. They worked very closely with Avenda to customize and build a self-registration tool that was web based for users to create their own accounts and pay for the access they needed.
With Avenda, they could offer self-provisioning so users could set up their own accounts without IT support. The accounts were available to use instantaneously with no lag time for IT to support. These accounts could be self-provisioned on a 24/7 basis. This feature removed the Team from the log-in creation and support issues for the more than 12,000 summer visitors attending camps and conferences.
Choice Results
The ability to quickly deploy and integrate the Avenda platform into its existing infrastructure, including Aruba’s wireless LAN and its CashNET campus credit card payment system, made choosing eTIPS easy. The USD Wireless Team also saw that eTIPS included features would let them expand their network access security plans across the entire campus. eTIPS was a good choice for USD because of its ease of use all around. Its intuitive web-based user interface with 3-Click help-desk navigation, policy reporting, and easy account controls made securing guest access a smooth operation for the IT Department. For users, the self-registration application meant they were able to access their guest access privileges quickly as their on-campus summer sessions began.
