BACKGROUND IMAGE: iSTOCK/GETTY IMAGES
LAS VEGAS -- When someone uses the phrase bring your own device, a few scenarios typically come to mind: people in suits loading up presentations on personal iPads; social media gurus tending to corporate Twitter accounts on their own smartphones.
The challenges of designing a wireless network to support such standard uses of a bring your own device (BYOD) initiative are equally familiar at this point, with issues like network security and capacity planning among the more commonly cited.
But for Julian Koh, manager of network transport at Northwestern University in Evanston, Ill., engineering a wireless network that enables a very different and much more open interpretation of BYOD is an ongoing effort. His goal is to find creative ways to be more accommodating to users than a typical enterprise could, while also supporting far more complex use cases.
For example, two journalism professors at Northwestern use Google Glass devices to teach a massive online open course on Google. Then there are the physics researchers trying to detect a subatomic particle from the Big Bang with equipment that cannot tolerate even the slightest radio frequency (RF) interference. Or there are the medical researchers who use mannequins filled with dozens of finely tuned wireless sensors to simulate diagnosing and treating trauma patients.
Meanwhile, Koh must maintain a wireless network that can also support the thousands of students who live on campus and expect the Wi-Fi in their dormitories to support an ever-expanding collection of wireless gaming systems, entertainment devices, printers and other consumer devices -- in addition to the latest and greatest smartphones and tablets.
"We don't want to be in the role of saying, 'You can't do your research because we have to run our wireless network,'" Koh said, talking about the university's BYOD network strategy during a session at Interop 2014 in Las Vegas. "We've tried to be as accommodating as possible but at the same time setting reasonable limits."
Unusual use cases require creative engineering
Preventing chaos on a network with 17,500 unique devices connecting to 3,600 wireless access points (APs) at any given time has its challenges. For Koh, the biggest one is the performance issues from devices that create their own wireless networks and cause RF interference problems.
While there are students who flout the university's IT policy and set up rogue APs, he noted that the effects of problem devices are often unintentional. Google's Chromecast -- a dongle that plugs into high-definition TVs and uses Wi-Fi to stream Internet content -- is popular with students but causes interference problems because users rarely change the default settings, which are configured to create a standalone wireless network in the 2.4 Ghz band. But even with network monitoring tools, tracking down devices like these is near impossible in in a semi-urban environment, Koh said.
More on WLAN strategies for BYOD
WLAN troubleshooting strategies for BYOD
Why integrated tools for BYOD?
UPenn tackles WLAN access for BYOD access
BYOD networking offers no single solution
"The number of rogues that those tools can pick up for me – I've got thousands, if not 10,000 rogue devices that my system picks up," he said. "It's just not feasible for us to go and track down every single one. A lot of times I wait for a user to complain and say, 'The wireless network is not behaving well in my location,' and we go and perform a site survey in that area."
Solving such performance problems usually just requires educating users, but more specialized cases need some creative, one-off networking. In the case of the medical researchers simulating life-saving techniques on sensor-filled mannequins, the sensors wirelessly communicated data to a controller using the 5 Ghz band. But when a recent expansion of Northwestern's wireless network arrived at their lab, Koh soon discovered that the 802.11n APs he had just deployed were contending with the sensors for wireless spectrum -- causing the sensors to generate corrupted data and experience slower performance.
Koh first tried to get the sensors to connect to the wireless LAN, but the sensors couldn't tolerate the latency between the lab -- located at Northwestern's medical campus in Chicago -- and the WLAN controller at the university's main campus several miles away. He ultimately had to turn off the 5 Ghz radios in his APs.
"You don't get the benefits of 5 Ghz … but most users don't even notice," he said. "Most of them just care about having basic connectivity."
Different approaches to WLAN security
And as with any BYOD initiative, network security is also a concern for Koh. But without control over most of the wireless devices on campus, Koh had to develop an approach to network security that protected the infrastructure while still allowing users to perform most functions.
All devices must support 802.1x authentication and an intrusion prevention system, as well as a filtering engine. These provide some level of protection, but users who go out to the Internet don't pass through a heavy-duty firewall to get there.
"For most of our users, we pretty much treat them from an applications and security point of view as coming from the Internet," Koh said. "Most of our aggressive firewalling and strong protective measures are as close as possible to the applications and infrastructure, as opposed to moving it out to the edge of the network."
Jim Richards, manager of servers and networks at CRISTA Ministries, a Seattle-based group of Christian ministries, said his organization is interested in adopting a BYOD approach. He left the Interop session intrigued by Koh's approach to security, but wasn't sure if it would meet their security and performance needs.
"That idea of bringing the walls in is certainly appealing, but making that happen might be difficult for us," Richards said. "We're used to providing a certain user experience on the LAN, but once you leave [it], the experience degrades."
During his talk, Koh acknowledged that Northwestern's approach won't suit everyone.
"There's always an ongoing conversation that we have between convenience [versus] security and management. We've slanted to the side of being open and being as accommodating as possible for our wide, diverse set of users," he said. "In a very structured corporate environment, traditionally that's been skewed the other way, where you're dealing with very rigidly controlled devices, applications and use cases."