DRAFT
NORTHERN ARIZONA UNIVERSITY
COMPLETE WIRELESS NETWORK UPGRADE FOR THE FLAGSTAFF CAMPUS
10/15/2004
Introduction: Information Technology Services upon the request of President Haeger proposes a wireless network to enhance the technology infrastructure of the NAU campus. Wireless networking is becoming increasingly popular due to inexpensive networking equipment for home use, built in wireless capability in laptops, commercial hot spots in hotels, coffee shops, and other public areas. It is becoming common to have broad coverage in University campuses. NAU requires a modern wireless network and an underlying network infrastructure in order to meet student and faculty expectations, stay competitive, and encourage innovation.
The Request: Install a campus wide, ubiquitous, easy to use wireless network throughout the Flagstaff campus. The wireless network will be used by students, faculty, staff, guests and conferences. The network will be installed in three phases, in priority order, academic buildings including open areas, administrative buildings, and residence halls.
Why: Wireless networking is convenient and popular for the casual network user. A casual network user surfs the web, checks email, and uses a virtual private network (VPN) to securely access applications. Students, faculty and staff are increasingly more familiar and dependent upon wireless networking as they use it at home, traveling and on campus. Universities with wireless networks are finding new and innovative uses such as mobile labs, classroom activities, webcams and collaboration. The Flagstaff campus has many guest users including speakers, vendors, citizens, parents, and conference attendees. An easy to use wireless network will enhance the guest experience and is a criterion for the expansion of the wireless network.
What it is not: Wireless networking is not a replacement for the wired network and will not be so in the future. Wireless networking inherently has a much lower bandwidth capacity, supports fewer users, is less reliable and is less secure than the existing wired network. Higher bandwidth applications and specialized applications such as video conferencing, GIS, and large file transfers do not function well over a wireless network. The wireless network is dependent upon the wired network as the backbone between wireless access points. The implementation of a campus wireless network should be used as an overlay to enhance the existing wired network.
Current status of wireless network: ITS started installing wireless access points on our existing network in 2002. The initial pilot covered the University Union and duBois Conference Center. Additional buildings were added upon departmental requests and departmental funding. Additional information on the current wireless network is available at: http:\\www.nau.edu\wireless.
As of fall 2004, the following buildings have wireless access points installed:
University Union Building 30
Dubois Center Building 64
Learning Resources Center Building 61
Information Systems Building 54/54a
Eastburn Education Center Building 27
Engineering and Technology Building 69
Babbitt Administrative Center Building 51
Project Management Office Building 8
Physical Sciences Building 19
College of Business Building 70
Southwest Forest Science Complex Building 82
Wettaw Biology/Biochemistry Building 88
Problems with current wireless network:
Security: Security is a concern with every wireless network. In addition the need to accommodate any type of system with wireless capability with minimal support is very challenging. To accommodate both needs NAU like many Universities requires the use of a virtual private network (VPN) to encrypt all data transmitted on the network. NAU chose to use the Microsoft VPN server which is easy to connect to with many types of machines and is very easy to use with Microsoft PCs. This solution however does not work for visitors who do not have NAU IDs. The Access Points currently installed support older protocols 802.11b and do not have the full security feature set desired. All currently installed Access Points should be replaced with one consistent model.
Wired network infrastructure: The wired network is not capable of supporting wireless access points in all locations. Installing a wireless access point requires connecting it to a wired network port. A special feature called a virtual LAN (VLAN) is used to enforce the VPN requirements. Many of the Ethernet switches on campus do not have VLAN capability and are replaced as we upgrade a building to wireless access points. In addition the core routers used for all networks on campus do not have the capability to support enough VLANs for access points to be installed everywhere on campus. The core network infrastructure must be upgraded before a campus wide deployment of wireless access points can take place.
Staffing: ITS does not have adequate staffing to install and support a full campus deployment of wireless access points. Additional staff will be required to install and maintain over 600 access points and the network infrastructure. This includes the physical installation, monitoring and user support. As the wireless network becomes more popular and people become dependent upon it the reliability of the network is critical. There must be enough human resources to sustain the network once it is implemented. The good news is that ITS does have the necessary skills to engineer, install, operate and maintain the network in house, which significantly saves costs over outsourcing these functions.
Proposed Solution: The following solution addresses the problems previously outlined.
Security: The wireless network will be configured to only allow TCP/IP ports 80, 443 & VPN protocols, which means that NAU users and Guest users will be able to use the web http:\\www.xxx.xxx and secure web services https:\\www.xxx.xxx without using a VPN or logging on to the network with an ID. These services will be very easy to use…a wireless PC will just work. However, to run other applications such as Eudora, or to log onto the NAU domain, or share files, users will need to run VPN software. The majority of users will be able to use the network without needing support or the VPN software. A critical component in implementing this security structure is the use of a technology from Perfigo. ITS currently has deployed Perfigo security for the residence halls and has a site license for the software. This site license will be leveraged for the wireless network. Additional custom software will be written for logging and tracking users.
Wired network infrastructure: The first phase of implementation will be to expand and upgrade the wired network infrastructure. The benefits of this network upgrade will be to add the required features for the wireless network, increase the capacity from each building from 100 Mb to Gigabit speeds (10x increase), add needed security features in the core routers, increase redundancy and reliability, decrease planned network downtime, better support the ITV and video conferencing, and add ability to support future networked applications.
Staffing: Additional staffing required includes 1 outside plant technician, 1 Network Operations Specialist, and 1 Academic Computing Help Desk staff. Specialized training is needed for current Outside Plant staff and the Network Operations Center staff. Current ITS staff will also be utilized during the installation and for operating and maintaining the network. Additional staffing will decrease the amount of time required for installation.
Costs:
One time costs: $1,899,931
· $670,104 Core network & Security Upgrade
· $ 15,000 Staff Training
· $474,160 Academic Buildings
· $ 73,532 Outdoor Areas
· $285,237 Administrative Buildings
· $381,898 Residence Halls (excludes family housing)
Annual costs: $268,547
· $153,547 Hardware and Software maintenance
· $ 40,000 Outside Plant Technician
· $ 40,000 Network Operations Specialist
· $ 35,000 Academic Computing Help Desk staff.
Timeline:
· 24 weeks Core Network upgrade & training.
· 40 weeks Academic Buildings qty 40
· 20 weeks Outside areas qty 100 access points
· 32 weeks Administrative Buildings
· 40 weeks Residence Halls 25 Buildings (excludes family housing)
NAU Flagstaff Campus Wireless Costs11/10/2005
Year 1 / Year 2 / Year 3 / Year 4 / Year 5 / 5 Year costs
Core network & Security Upgrade / $670,104 / $ 48,452 / $ 48,452 / $ 48,452 / $ 48,452
Academic Buildings / $474,160 / $ 40,495 / $ 40,495 / $ 40,495 / $ 40,495
Outdoor Areas / $ 73,532 / $ 6,500 / $ 6,500 / $ 6,500 / $ 6,500
Administrative Buildings / $285,237 / $ 22,455 / $ 22,455 / $ 22,455
Residence Halls / $381,898 / $ 35,645 / $ 35,645
NOC FTE / $ 40,000 / $ 40,000 / $ 40,000 / $ 40,000 / $ 40,000
Outside Plant FTE / $ 40,000 / $ 40,000 / $ 40,000 / $ 40,000 / $ 40,000
ACAD Help Desk FTE / $ 35,000 / $ 35,000 / $ 35,000
Staff Training / $ 15,000
$1,312,796 / $460,684 / $614,800 / $268,547 / $268,547 / $2,925,374
1