Following the announcement that International Islamic University Malaysia [IIUM] implemented mobile networking provider Aruba's ClearPass BYOD [bring your own device] solution, Computerworld Malaysia asked the university's project manager, wireless, Sayed Ahmad Fauzi, to talk through the challenges of providing always-on secure access to the Internet for more than 10,000 users spread across five campuses.
Albert Tay, ASEAN general manager of Aruba Networks, also provided some additional context to the project and to how other organisations could benefit from this case.
Photo - Sayed Ahmad Fauzi, IIUM Project Manager, Wireless.
Could you talk through the steps to choosing your solutions and also what benefits have so far been actualised?
We did a comparison of various solutions from three vendors, including HP and Cisco. We also studied the advantages that each of these products offer. Basically, IIUM wanted a total solution for its wireless system. Before we deployed the Aruba ClearPass solution, the most challenging issue was managing the access points. Without a centralised AP [access point] management, we had to spend a lot of time managing and troubleshooting problems that occur.
The Aruba ClearPass solution offered centralised management capabilities, which made it easier for us as the wireless administrator to provide better maintenance and IT support. The other important benefit is scalability. IIUM has five campuses spread out around the Malaysian capital - Gombak, Petaling Jaya, Duta, Damansara and Kuantan. As a university, the total number of students and staff members is expected to increase.
With the new rollout a small team of just 10 staff (tasked with managing more than 10,000 concurrent users) we are now able to provide productivity enhancing, secure and reliable wireless network access in a highly cost-effective manner to staff and students across the university. Aruba ClearPass avoids expensive rip-and-replace programmes and goes further than many Mobile Device Management (MDM) tools, which do not provide crucial provisioning and network access control capabilities. With the simpler authentication infrastructure, it enables students and staff to reliably connect to the Internet using multiple devices.
In addition, we cut costs by implementing Wi-Fi in our hostel facilities rather than having a wired Internet infrastructure, which would require greater investment in switches. With an upfront investment of about RM5 million (US$1.51 million), we upgraded the IIUM Wi-Fi coverage at 17 residential colleges, deployed the BYOD solution with the Aruba ClearPass Server and upgraded the IIUM Guest Wi-Fi management.
ClearPass supports iOS, Android, Mac OS X and Windows 7 devices while its underlying Aruba MOVE (Mobile Virtual Enterprise) architecture allows easy and flexible integration with networking infrastructure from third party vendors. This meant that Aruba was able to interoperate neatly with the Cisco wired switches and routers that we are using.
Currently, 24,000 registered users, including staff, use IIUM campus-wide Wi-Fi service on a 450MB leased line. We are expecting to upgrade to a 2GB line this September.
How long did it take for you to plan and roll out the project including post-implementation training and so on?
a) We actually started to implement on-campus Wi-Fi by stages five years ago. At the same time, the university also started to implement e-learning in phases, including hostels with high-speed Wi-Fi. This allowed students to be more productive as they can do their assignment and revisions anytime and anywhere in the campus, not just in places like the library, classes, labs or halls.
However, campus-wide Wi-Fi is not just about providing Internet access, it is about managing it and ensuring security.
Before we deployed the Aruba ClearPass solution, the most challenging issue was managing the access points. Before the AP management was centralised, we had to spend a lot of time managing and troubleshooting problems that occur.
Aruba understood that it is not realistic to rely on already-strapped IT helpdesks to manually provision network access settings, certificates, and enterprise apps on every mobile device. It is also not possible for an educational institution like us to address this problem by taking control over the entire device, as these are student-owned devices.
The Aruba ClearPass solution provides centralised management capabilities, which made it easier for us as the wireless administrator to resolve problems.
As a university, we have a lot of students who are eager to test their IT knowledge and skills. Some of them may not realise that they are compromising our system. In addition, not only can their devices be easily misplaced or stolen, these devices also have different security capabilities. Allowing access to corporate resources to these disparate users and devices opens up our network to security risks.
Aruba provides us with role- and device-based network access control for our various user profiles - staff, students and even guests - across our wired and wireless infrastructure. Best of all, everything is centrally-managed through an easy-to-use interface. This is especially important for a big campus like IIUM.
ClearPass Policy Manager also helps us quickly identify network issues as well as policy and security vulnerabilities so that we can take action on any irregularities.
b) It took us a year to research the types of solutions available and three months to implement the solution at IIUM.
c) We conduct continuous training and improvements to keep our staff updated.
Could you describe the workflow and culture before and after using the Aruba solution?
Besides the centralised management capabilities, which made it easier for us as the wireless administrator to resolve problems, we now have one integrated platform where we can manage network policies, onboard and manage devices, admit guest users, assess device health on any network without changing the current infrastructure. The BYOD solution provides us with a master controller which we use to enforce the same security settings on all the devices. This ensures that the access is secured and yet allows our students and staff to easily access any university website or system.
It has also become easier for users to on-board their own devices themselves instead of having to go through IT where we had to manually provision network access settings, certificates, and enterprise apps on every mobile device. When new students register at IIUM, they will automatically be given a username and password to access the campus Wi-Fi. By registering the device, we would be able to authenticate the user and know what device and OS they use for monitoring purposes.
Users also experience better Wi-Fi signal with the newly deployed Aruba APs.
With regards to culture and workflow, we keep our staff and student constantly updated through announcements via email, the student portal and Facebook ICT. So far, we have received very good responses from all the stakeholder groups after the deployment of Aruba's solutions. There is good long-term value for the university.
Sign up for CIO Asia eNewsletters.