Case Study: McGill University
Initially, Bernstein's plan was to provide 802.11b wireless access for communal areas in the 14 libraries dotted around the campus. However, since the first rollout of access points last February, the project has grown in size and scope.
Currently, around 40 of the 125 buildings on campus have some form of wireless Internet access. To provide this degree of coverage, Bernstein and his crew have so far installed 175 access points. The entire setup has cost around $400,000 Canadian (US$263,141) to install.
Bernstein has chosen to use access points from Colubris Networks Inc. for the rollout. He has also installed eight of the firm's CN3500 access controllers, which allow him to set access rights for students on the network and "ring-fence" certain private access points so that only users with the right password get to use them.
The access controller also allows Bernstein to monitor traffic on the network. "The maximum number of users on a public access point we'll support is about 40," he says. Once a hotspot starts to get overcrowded, Bernstein estimates it takes about 10 days to install a new one to boost coverage in that area. He runs Ethernet cabling to the hotspots and usually installs them overhead using a false ceiling.
However, Bernstein says that it was mainly Colubris's willingness to work with him to implement a tough security system on the network that initially impressed him and motivated him to chose the company over other vendors.
All of the university's access points have the standard Wired Equivalent Privacy (WEP) encryption algorithm turned off (see this paper for details on why you might not want to rely on WEP if you're at all concerned about wireless security). Instead the McGill system uses VPN tunneling to allow students to access their "stuff" on the Internet and intranet.
However, in order to use this secure access method, a VPN dialer has to be activated on the laptop. Bernstein says on his first visit to Colubris's head office in Quebec, a little over a year ago, together they worked up an application that automated this process.
The first time a user tries to access the McGill WLAN network, the access controller intercepts the communication and downloads the custom application onto a user's laptop. The student is then asked to type in a user name and password. If the login is successful, the application activates the VPN dialer and the user is allowed to access the rest of the network. The whole process takes around 20 seconds.
There aren't a huge amount of students using the new wireless facilities yet. "What we're seeing is probably about 100 simultaneous users on the network," Bernstein says. However, he expects this to change this year as students choose to buy laptops rather than desktop machines, and more of those laptops come with wireless LAN radios installed.
Now they'll never have to leave the pub, eh?
— Dan Jones, Senior Editor, Unstrung