MD district addresses security, iPad-readiness

Challenge

Located in Cumberland, MD, Allegany County Public Schools was facing those growth pains that come for folks who embrace high-tech trends: It needed to accommodate an influx of Apple iPads, and other popular Wi-Fi-enabled mobile devices, on its wireless network.

“One of the big initiatives we are pushing is cutting edge: We are providing the ability for students and staff to bring in their own personal Wi-Fi devices - whether it’s a laptop, iPad or smartphone – into the classroom,” says Jeff Blank, Supervisor of Networking at Allegany County Public Schools. “The Superintendant wanted students to be using the same devices in learning as they do in everyday life, and he wanted that experience to be seamless. If they have iPads and smartphones at home, they should be able to bring those devices into school to use for learning.”

Allegany’s Wi-Fi-enabled mobile device initiative required an 802.11n upgrade from its existing 802.11a/b/g wireless LAN (WLAN) in order to accommodate the new bandwidth-hungry clients. The school system needed to allow for several devices connecting to their wireless network simultaneously, while still enabling each Wi-Fi client to experience a consistent application experience.

Additionally, Allegany had a critical need to increase its security in order to safely accommodate the new traffic on its wireless network.

Solution
Allegany County Schools turned to Aerohive for its 802.11n wireless network, which would provide ubiquitous Wi-Fi coverage across its entire school system. Allegany comprises 24 schools with 9,000 students and 700 staff.

In selecting Aerohive as its WLAN vendor, the school district made the decision to replace its existing controller-based 802.11a/b/g wireless network with Aerohive’s controller-less, 802.11n-compliant wireless platform - which saved the district money, compared to a Network Access Control (NAC) security solution.

“We immediately noticed the potential for significant cost savings,” says Blank. “If we went with a NAC, it would have cost us $200,000. But in going with Aerohive and its built in security, we saved all of those funds. We had to invest in the upgrade to 802.11n no matter what, so getting Aerohive’s security features as part of our WLAN deployment was just icing on the cake.”

With Aerohive, Blank explains, Allegany gets an integrated firewall and integrated captive portal. “Each AP can act as a firewall and that was very attractive because it lets us separate personal devices from school devices. That saved us quite a bit of money because NACs are very expensive. Having that functionality integrated into the AP amounted to a huge cost savings.”

Blank also likes how Aerohive’s controller-less architecture executes security in contrast to traditional, controller-based WLAN platforms. “Usually firewall and security take place at the controller. This means viruses traverse your network until they get to your controller,” he says. “In contrast, Aerohive’s security takes place at the edge, so it’s like having a traffic cop at every corner.”

As for accommodating the multitude of Wi-Fi-enabled mobile devices, authentication is based on Active Directory, which ties in nicely with student login, says Blank. The school has employed a three-tier security approach to allowing devices onto its wireless network:

Levels of Access

  1. School owned property i.e. teacher’s devices (least security).
  2. Student owned equipment (more security).
  3. Guest devices that come on the network (most security; Internet access only).

Another appealing quality about Aerohive, says Blank: It is easy to deploy. Allegany is using the HiveManager VMware virtual appliance which meant the entire deployment was executed using Aerohive’s cloud-based approach to deployment and management of wireless networks.

“Deploying our WLAN was absolutely painless, we did not have a single issue in the seven days it took to roll it out,” says Blank. Allegany initially did a demo of about 20 APs, which seamlessly evolved to become the district-wide production deployment.

The Aerohive demo also served to help Blank decide that Aerohive’s controller-less architecture was the best approach to Wi-Fi. “We ended up evaluating six different competitors before going with Aerohive, but the truth is we didn’t have to look at the demo long before deciding Aerohive was the solution to go with.”

Because Allegany already had a VMware server set up, “all we had to do was have a thumb drive sent to us, and then it was literally a drag and drop installation. Can you imagine installing a controller without a screwdriver? I don’t think so.”

Results

Allegany has 4,000 computers on its network as well as 2,000 laptops that roam among classrooms via rolling carts. The total number of iPads on the network is unknown, but Blank isn’t concerned about managing mystery traffic because Aerohive’s HiveManager NMS enables him to closely monitor Wi-Fi network activity and conditions.

“I don’t know how many iPads and other personal Wi-Fi devices are on the network, but I don’t have to worry about managing them because of the security measures we are able to take with Aerohive,” says Blank. “Right now we have plenty of capacity to support additional devices, and we have HiveManager to watch those devices. What this means is we can watch trends and predict the need for more capacity as that need arises.”

Blank says iPads are already proving to be an extremely valuable learning tool, especially because students are finding synergy between their in-school and out-of-school habits. Students and teachers are using iPads for everything from data collection to video.

“There are so many educational applications coming online through Apple University, an educational purpose has truly been created for the iPad,” says Blank. “At first I thought it was a nice toy when it came out, but I can now see that the content development is transforming iPads into a real learning tool.”

As far as application access, says Blank, the big picture is to enable synergy between school and home.

The first step is to be able to use devices at school. The next step is to be able to access school applications on personal devices. And the final step would be to access school applications from home.

“We want to eventually give them the same application support on their personal devices as they have on school devices,” says Blank. “When they graduate from high school, we want them to go on to college, and then into the workforce, prepared.”