North Dakota State University
North Dakota State University

A university rolled out a wireless network, but was hampered with a user-support problem...until a solution was found. Greg Masters reports.

Even Midwest campuses suffer growing pains. In the case of North Dakota State University (NDSU), the implementation of a wireless network proved beneficial in allowing students and staff to easily connect, but the increase in help-desk calls quickly grew burdensome.

NDSU has approximately 14,600 students, including undergraduate, professional and graduate students. There are more than 6,000 full-time and part-time employees at NDSU, which was founded as an agricultural college in 1890. 

Its main campus is located in Fargo, N.D., with extension services and research experiment stations located all across the state. NDSU's wireless network spans two campus locations: the main campus and three additional NDSU buildings located in Fargo's downtown area. In total, NDSU's wireless is available in 89 campus buildings and two outdoor locations.

The school's information technology division has 75 staff members. Additionally, the IT division has approximately 50 student staff members who are employed through a work-based learning program that provides opportunities for NDSU students to obtain jobs in the IT field. The majority of student staff members provide walk-up customer service at the IT help desk. But, the queries coming in were becoming too much to handle.

The situation began when NDSU transitioned to extensible authentication protocol-transport layer security (EAP-TLS), an authentication framework using a popular open standard for wireless, in the fall of 2009. This was done using a custom-engineered solution that provided sign certificates to individuals. Included in the solution were instructions on how to configure the various operating systems. 

“This solution has served NDSU well from a technological perspective, but presented problems from a support perspective,” says Richard Frovarp, senior software engineer at NDSU. Instructions needed to be maintained by hand, weren't frequently updated and required that the user could follow the steps, he explains. On some devices, the ability to see the instructions and act on them at the same time did not exist. 

“Support lines during the first few days of each academic semester were excessive, and the existing solution did not make it quick to go through the steps, even for those who knew what they were doing, such as help desk staff,” says Frovarp, who is a software engineer with system administration experience and a concentration on integration of software and systems. 

The problem he and his IT team were trying to solve was the user-support problem. The desire was to provide students and staff with an easy-to-use method to install the certificates. “This would reduce support times and hopefully provide a better experience,” he says.

A previous solution for onboarding people and devices to the campus wireless network was cumbersome and required a lot of work on behalf of faculty, staff and students, says Marc Wallman (left), interim vice president for information technology and CIO. “Lines at our help desk would become unacceptably long during the start of semesters when we had a lot of new students trying to get devices registered on our network.”

The challenge fell to Frovarp to find a solution. After Frovarp conducted initial research to establish a list of potential solutions, he gathered a team including department leadership, network engineers, IT security, help desk staff and communications staff to continue discussions to select the best tool for the campus community.

“The number of solutions that met our goals were extremely limited,” says Frovarp. “One solution was to externalize the operating system documentation, with the hope that it would be updated more frequently if it wasn't coded into the web application.”

The existing solution used Apple network profiles, which reduced the difficulty in managing OS-X and iOS, but still wasn't a perfect solution, he adds. For the Windows side, he reviewed SU1X from Swansea University and Gareth Ayres. This met the automation requirements for Windows, however, it didn't support EAP-TLS and would have required custom development to get to that step. “At that point, we'd have two custom solutions that would have to be maintained internally, at least in part,” says Frovarp.

His team also examined XpressConnect Wizard. It provided comprehensive installers and supported EAP-TLS. However, it would have required a custom back-end to serve up the certificates and do initial authentication, he says.

While inquiring about the XpressConnect Wizard, a representative from Cloudpath pointed out that its Enrollment System should meet all of the campus's needs. Juniper Networks has a product that looked similar to Cloudpath offerings, and, in fact, that Android client is provided by Cloudpath Networks.

The solution, Cloudpath Enrollment System, was chosen as it met more of the school's requirements than any other system, with what appeared to be a total lower cost. 

The reasons, Frovarp says, is it uses the XpressConnect Wizard, providing support for the major operating systems. With the perpetual license, NDSU could host the appliance in its own data center. It had all of the mechanisms built-in to handle EAP-TLS. Additionally, the campus could easily configure it to work with its network, it can authenticate against its Active Directories, it has built-in support for workflow and acceptable use policy (AUP) acknowledgement.

“For cost, all of the above being built-in means that no developer time is required to build those features and maintain them as we had seen with our previous solution, says Frovarp. “It also should reduce the support lines, allowing support personnel to help more people in the same amount of time.”