Case Study: University picks two different wireless LANs
Lots of issues to resolve when different technologies meet.
By John Cox, Network World | Network World US | Published: 01:15, 17 December 2007
Carnegie Mellon University has launched a massive upgrade of its campus-wide wireless LAN . . . and chosen two WLAN vendors to supply the 802.11n infrastructure for it.
The decision runs counter to almost every large-scale wireless deployment, where a company in effect standardises on one vendor. CMU IT staff are well aware that the choice of Aruba Networks for the academic buildings and common areas, and Xirrus for the outlying ring of dormitories, poses a unique set of challenges.
And they're confident they can handle them. Since 1994, CMU has had an extensive WLAN, called Wireless Andrew. Originally developed for wireless research purposes, it has greatly expanded over the campus and parts of downtown Pittsburgh. The last upgrade in the late 1990s adopted 802.11b equipment in the 2.4-GHz band from Lucent. It's this equipment that the new network, dubbed Wireless Andrew 2.0, will replace in 2008.
The university didn't set out with a dual-vendor solution in mind, says Dan McCarriar, assistant director of network services for CMU's computing services group. A request for proposals drew six submissions from 11 vendors. During the assessment process, CMU staff gradually realised that Aruba and Xirrus both offered specific features that could meet different requirements (read reviews of older Xirrus and Aruba kit). And it became gradually clearer that the 2.0 version of the network should adopt the high-throughput WLAN IEEE draft standard, 802.11n.
"This was definitely a unique decision for us, even having been in the wireless game for a long time," McCarriar says. "In the end, though, I believe we selected two technologies that best address the different usage patterns we see around campus." CMU staff were intrigued, he says, by the idea of using different products for different purposes.
CMU decided Aruba offered very strong security, in addition to its range of features, and Xirrus offered optimal capacity with its Wi-Fi arrays. "Traditionally, academic nets have been very open," McCarriar says. "But we've been tightening down on security." Aruba recently partnered with Bradford Systems to offer a network access control (NAC) policy manager.
Capacity was especially an issue in dormitory areas, and in some classroom spaces. "We know capacity issues well," McCarriar says. "Use patterns vary widely in offices, classrooms and dorms, some with high-capacity 'flashpoints' at different times of the day. Mix these patterns with emerging bandwidth hungry applications, and you have potential problems." Xirrus's high-capacity gear has been the foundation for networks such as the Interop show network.
Aruba and Xirrus have very different approaches. Aruba has a conventional controller-based architecture: thin access points that work with a separate WLAN switch (or "controller"), which handles authentication, security, administration and similar tasks. It scored high in Network World ClearChoice tests a year ago. Xirrus bundles the controller with four, eight or 16 access points, and a special sectored directional antenna, into a single package.
The 802.11n decision was influenced in part by the recent 802.11n product announcements by several WLAN vendors, including both Aruba and Xirrus (as well as Cisco, Meru Trapeze and Colubris), and partly by CMU's funding model, which basically offers big projects of this type a one-time investment. A final bill of materials for the new network hasn't been determined yet, but the estimated price tag for the entire project is $4 million to $5 million. Upgrading to 802.11a/b/g became problematic given the rapid appearance of 802.11n equipment, with its promise of five-fold performance and capacity improvements, and the unlikelihood of CMU funding two massive WLAN upgrades in a few years. "It would be irresponsible for us not to look at 11n, even though it's a draft standard," McCarriar says.
The final CMU network will deploy Aruba gear throughout the central campus area, covering core academic and administrative buildings. The Xirrus arrays will be used in two adjacent areas on the periphery, covering the majority of the residence halls. McCarriar estimates about 3,000 access points total, including about 230 Xirrus arrays.
CMU anticipates four major integration issues with its dual-WLAN approach.
Issue 1: integrating network architectures
The two suppliers have very different architectures, Aruba with its centralised approach, Xirrus with a more distributed model. "We'll need to come up with a reasonable compromise between the two models," McCarriar says. For now, CMU plans to monitor traffic patterns on the two networks, and see how the gradual growth of 802.11n clients impacts the different architectures.
Issue 2: integrating authentication models
Each vendor has its own "captive" Web portal to capture a wireless user logging on, and its own authentication methods, though both are based on the 802.1X standard, which CMU is adopting for Wireless Andrew 2.0. CMU has had its own authentication portal for years. How can these be rationalised into a consistent experience for users? The geographic separation of the networks will be an advantage, because it will minimise the chance of clients physically roaming from one WLAN to the other.
CMU is exploring two options. One is co-development work with Xirrus, creating code that would let users share authentication keys between the two networks. The second option exploits Aruba's push to apply the more granular and strong wireless security controls to wired clients. McCarriar thinks it might be possible to bring all clients through the Aruba portal, which would act in effect as a front-end to Xirrus' authentication.
Issue 3: roaming
But roaming itself will be an issue, as users moving from dorms to classrooms for example, McCarrier acknowledges. How will user information, including authentication, be shifted from Aruba to Xirrus and back again, without forcing a complete break and re-association and re-authentication? Right now, that's an unknown.
Issue 4: integrating management
As with authentication, CMU has its own home-grown network management and monitoring systems. And of course, so do the two WLAN vendors. "The big thing I'm worried about is aggregating statistics between the two platforms," McCarriar says. "That will mean some [code] development." The current idea will be to explore how to pull relevant monitoring and management data from the two brands of equipment into CMU's existing system.
Radio frequency site surveys will occupy the IT team and vendors until early 2008. Deployment is expected to start shortly after, as fast as both companies can deliver 802.11n products, and be completed by the end of 2008.