'World's largest' Wi-Fi network keeps Linux under wraps
If securely deploying 10,000 wireless access points across 1700 locations in five months to create what is said to be the world's largest enterprise Wi-Fi network sounds like a challenge, Victoria's Department of Education (DET) in Australia took it all in its stride - with the help of a little penguin.
With 540,000 students, 42,000 teachers, more than 200,000 computers, and 40,000 notebooks spread across the 1700 sites, the department last year allocated A$6.5 million (US$4.8 million) to implement a wireless network aimed at easing connectivity, but at first its technology options were limited.
During a presentation at this year's wireless summit in Sydney today, the department's head of ICT security, Loris Meadows spoke of how the Wireless Networks in Schools (WINS) project required a custom proxy and security services appliance dubbed "EduPass" to be engineered due to the WAN's complexity.
"At the heart of the systems is EduPass. We had an aging fleet of proxy servers and needed to roll out 1700 of them so we saw a good opportunity to add proxy to radius," Meadows said. "We looked at best of breed open source solutions like Smoothwall, Freeraduis, and Openssl; we have our own kernel based on Red Hat Linux and did a lot of development."
After a tender process, Cisco was chosen as the access point vendor in a deal that nearly fell through, Meadows said, because the "networking giant" was reluctant to accept the DET's advice and changes.
"We had a real battle and eventually got Cisco to change its default factory settings," Meadows said. "The access points shipped from the factory with 802.1x authentication and 1024-bit encryption, and it cannot be set back to default."
Meadows said there was a significant level of "lengthy discussions" with Cisco to get it to disable the reset button, which was a requirement to avoid the settings being undone by 350 school technicians.
"This was a world-first to get Cisco to change IOS [and] the deal would have been almost off if they hadn't," she said.
DET also delivered another lesson during the development of EduPass when the vender proffered its own management appliance to do the job.
"Cisco was going to be the central management box, but it couldn't do NAT traversal and we NAT up to six times, so the device could not cope," Meadows said. "It was two hours programming on our part" against A$30,000 worth of appliances from the vendor.
With the EduPass design and development done, 1700 Linux and AMD-based "black boxes" are now running in nearly every school in Victoria. Neither Microsoft nor Intel were impressed "but it happened", Meadows said, adding this is almost certainly the largest unified enterprise wireless network in the world.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
