Duke Heaton, Network Engineer, UVU September 25, 2013

Duke Heaton, Network Engineer, UVU

September 25, 2013

Introduction

• From Moccasin, Arizona• My history with this school

started before it was UVU– School: Utah Tech (1980)

Welding Engineer, UVCC (1991) Electronics and Computer Technology

– Work: UVSC (1994) Electronic Maintenance Specialist , UVU (2011) Network Engineer

Utah Valley University: Home of the Wolverines

• 2nd largest institution of higher learning in Utah

• Nearly 33,000 students and 5,000 faculty members

• Explosive growth over last decade (number of students doubled in five years)

UVU Networking/Wireless (“Wolverine-WiFi”)

From BYOD to BYOE:• Replaced wireless with Cisco in 2009

– Designed for most coverage with least # of access points

• NAC system outdated– Slow, intrusive, semi manual login process for

smartphones and tablets– 50% of Helpdesk calls were related to wireless

network access

NAC: What We Wanted

• Reduce load on help desk• Quick, easy, secure automated access using any

device • Self remediation for non-compliant devices• Flexible NAC policies• Help us comply with the regulations

The Selection Process

• Approached wireless vendors first• Switched gears to look at wireless/network

independent NAC solutions– Bradford Networks’ Network Sentry jumped to the

top

Why we Selected Bradford Networks

• Quick, automated onboarding for tens of 1000s of devices • 100% visibility across the networks• Enables flexible access policies for each group type (students,

faculty, contractors, guests, conference attendees) based on user role, device status, location, and time

• Intuitive and fast: click or unclick checkboxes to create policies• Automatically checks and confirms that devices are compliant

before they gain access to the network, and enables self remediation

• Supports content filtering for high-school students to comply with CIPA

• Price

And …

Significantly cuts IT overhead and calls to helpdesk!

Implementation Process

• Installed Network Sentry servers• 3 day on-site tech support to get initial configuration

working• Tested on IT department• Enlisted help to start advertising • Rolled out live over Thanksgiving weekend• Shut down old system over Christmas break• Everyone forced over to new system January 1st• First semester help desk numbers as expected

End-Users Experience: Simple , Fast On-boarding

• First-time users enter their credentials to download the agent

• The agent links the device with the user and checks for up-to-date OS and AV software If up to date, user gets network access according to access

policy permissions

If out of date, user clicks a link to launch the update. Once compliant, they get immediate network access.

The next time they log in, network connection is automatic

• Simple, automated internet access for transient guests (conference attendees, visitors, contractors)

One Year Later

• Help desk calls reduced by half• More than 31,000 users and 33,000 unique

devices safely registered on the network • UVU has a network experience worthy of a major

university

What’s Next?

• Access point in every class room• New Student Life and classroom buildings will be

built for BYOD, and new opportunities to improve the classroom experience

• Extend NAC to wired networks and support 1000s of IP infrastructure devices ( security cameras, printers, scanners etc.)

Tips and Advice

• Allow plenty of time to test the policies you plan to enforce

• Advertise, get the word out early and in as many ways as you can

• Use phased-in approach if possible (not everyone at once)

• Hold a Wireless Open House at the beginning of each semester for new students

• Demand will grow — provide a wireless infrastructure able to keep up

Questions?

• Copy of this presentation or to contact me: duke.heaton@uvu.edu

• Hear me at Educause, Wednesday, October 16 @ 3:40 pm

• Meet me at Bradford Networks’ booth during the show (1518)