RE: EXTERNAL: [WIRELESS-LAN] Guest WLAN capabilities/policies

2017-01-05 Thread Thomas Carter 
All of a-e would be classified as a "guest"; essentially anyone but 
faculty/staff/students. It is much more locked down for traffic (basically web 
traffic only) and is bandwidth limited (per device, and as a whole).  It also 
can only connect to the Internet with no connection to the internal network. We 
also have a similar time limit (1 day) for most guests. The exception is long 
term guests (professor visiting for a week, week long summer basketball camp, 
etc); these get special extended time guest accounts specific to the situation 
and only good for the duration of the visit.

For faculty/staff/students, I see very little reason why they would want to use 
the guest network instead of the standard on campus network.
Thomas Carter
Network & Operations Manager / IT
Austin College
900 North Grand Avenue
Sherman, TX 75090
Phone: 903-813-2564
www.austincollege.edu
[http://www.austincollege.edu/images/AusColl_Logo_Email.gif]

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Eriks Rugelis
Sent: Thursday, January 5, 2017 7:51 AM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: EXTERNAL: [WIRELESS-LAN] Guest WLAN capabilities/policies

Happy New Year to all!

York University needs to create a guest WLAN service suitable for use by:
 a) individuals enrolled in on-campus 1-day to 5-day professional development 
courses but they bring their own locked-down corporate laptops for which the 
end-user has no administrative rights (making it difficult for them to 
configure their 802.1x supplicant)
 b) VIP guests (potential donors to the University) visiting the campus for the 
day
 c) suppliers visiting for the day to make presentations or to provide support 
for products and services used by the University
 d) prospective students (and parents) visiting the campus for the day
 e) guests of on-campus conferences (using residences and meeting spaces rented 
by our hotel operation)

We intend to have the guest user self-register for time-limit (12 hours at a 
stretch) access via email address or mobile phone number (which may be reached 
via SMS.)

We have an existing temporary/sponsored account mechanism which is suitable for 
use by individuals who require 'full WLAN service' and whose arrival is 
pre-arranged.   However, this does not support self-registration and is 
perceived by our clientele as too cumbersome for use by this group of users.

We have eduroam deployed but most of the users in the target market do not have 
high-education userids elsewhere and thus are not able to leverage that service.

Our corporate IT policies are such that we prefer to have all users with a 
long-term relationship to the University (enrolled students, faculty, staff, 
researchers) use our standard 802.1x authenticated service which is tied to our 
corporate ID management systems.   This permits us to link any abuse or data 
breach back to a particular individual and apply one of a number of standard 
response procedures to mitigate the malware found in the client device or the 
in head of the end-user as appropriate.

How does your institution define guest WLAN service vs. corporate WLAN services?
How does your institution encourage use of the corporate WLAN service vs. Guest 
WLAN service by those individuals who are known to corporate ID management?
How do the capabilities of your Guest WLAN service differ from those of the 
corporate WLAN service?   (e.g. throughput limits? restricted TCP/UDP ports? 
application restrictions? other?)

Thanks in advance for any and all input.

Eriks

"In God we trust; all others must bring data." - attributed to W. Edwards Deming
---
Eriks Rugelis | Manager, Network Development | University Information Technology
010 Steacie Science and Engineering Library | York University | 4700 Keele St. 
, Toronto ON Canada M3J 1P3
T: +1.416.736.5756 | F: +1.416.736.5830 | er...@yorku.ca 
| www.yorku.ca

York UIT will NEVER send unsolicited requests for passwords or other personal 
information via email. Messages requesting such information are fraudulent and 
should be deleted. ** Participation and 
subscription information for this EDUCAUSE Constituent Group discussion list 
can be found at http://www.educause.edu/discuss.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Guest WLAN capabilities/policies

2017-01-05 Thread Eriks Rugelis 
Happy New Year to all!

York University needs to create a guest WLAN service suitable for use by:
 a) individuals enrolled in on-campus 1-day to 5-day professional 
development courses but they bring their own locked-down corporate laptops 
for which the end-user has no administrative rights (making it difficult 
for them to configure their 802.1x supplicant)
 b) VIP guests (potential donors to the University) visiting the campus 
for the day
 c) suppliers visiting for the day to make presentations or to provide 
support for products and services used by the University
 d) prospective students (and parents) visiting the campus for the day
 e) guests of on-campus conferences (using residences and meeting spaces 
rented by our hotel operation)

We intend to have the guest user self-register for time-limit (12 hours at 
a stretch) access via email address or mobile phone number (which may be 
reached via SMS.)

We have an existing temporary/sponsored account mechanism which is 
suitable for use by individuals who require 'full WLAN service' and whose 
arrival is pre-arranged.   However, this does not support 
self-registration and is perceived by our clientele as too cumbersome for 
use by this group of users.

We have eduroam deployed but most of the users in the target market do not 
have high-education userids elsewhere and thus are not able to leverage 
that service.

Our corporate IT policies are such that we prefer to have all users with a 
long-term relationship to the University (enrolled students, faculty, 
staff, researchers) use our standard 802.1x authenticated service which is 
tied to our corporate ID management systems.   This permits us to link any 
abuse or data breach back to a particular individual and apply one of a 
number of standard response procedures to mitigate the malware found in 
the client device or the in head of the end-user as appropriate.

How does your institution define guest WLAN service vs. corporate WLAN 
services?
How does your institution encourage use of the corporate WLAN service vs. 
Guest WLAN service by those individuals who are known to corporate ID 
management?
How do the capabilities of your Guest WLAN service differ from those of 
the corporate WLAN service?   (e.g. throughput limits? restricted TCP/UDP 
ports? application restrictions? other?)

Thanks in advance for any and all input.

Eriks

"In God we trust; all others must bring data." - attributed to W. Edwards 
Deming
---
Eriks Rugelis | Manager, Network Development | University Information 
Technology 
010 Steacie Science and Engineering Library | York University | 4700 Keele 
St. , Toronto ON Canada M3J 1P3
T: +1.416.736.5756 | F: +1.416.736.5830 | er...@yorku.ca | www.yorku.ca 

York UIT will NEVER send unsolicited requests for passwords or other 
personal information via email. Messages requesting such information are 
fraudulent and should be deleted.

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.