RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Yep, very true. DNS and IP are open, unless someone is using a VPN. In some cases I believe Windows file sharing is also unencrypted which can certainly help make the case for encrypting the admins side in some cases. In addition, none of this encryption applies to internal wired networks, (except for those doing wired 1x) or once the data traverses across the Internet. While it is definitely worthwhile using 1x to provide authentication and encryption, I think it helps to put into perspective the amount of value it may or may not be providing. Pete Morrissey -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller Sent: Friday, January 23, 2015 5:15 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention On Fri, Jan 23, 2015 at 1:42 PM, Peter P Morrissey ppmor...@syr.edu wrote: We get authentication and thus historical retribution from 802.1x by default, which is also considered NAC by some definitions. This is handy. We also get encryption, although I’m with you on questioning that as well. Nowadays, it is hard to come up with an application that needs to be secured that doesn’t already add its own encryption. So why do we need encryption at layer 2? I seriously could be missing something on this, and would welcome further input. And if you really want to go wild here, do we even need it for the admin side? Just asking. Don’t judge me. J Two examples I can think of are DNS and general IP traffic. Without encryption, those are visible over the air. So anyone can sniff our students' traffic and see what sites they are visiting and what hosts they talk to. (They won't be able to read the actual data, but the metadata exists.) You can tell if each user uses Skype, Tor, whatever. People use encryption at home for these reasons, also, even if it's just PSK. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
The vendors absolutely need to differentiate their products with “value-add.” The issue in my mind is how they differentiate. I would rather they differentiate on features that really are a value-add rather than simply proprietary lock-in that provides little to no value except for the fact that all the vendors’ products are compatible with each other. I would argue that standards provide consumers leverage by giving us the ability to switch vendors more easily. This compels the vendors to be even more innovative and more price competitive to retain customers than if they are relying upon high switching costs. And while I agree that standards often involve frustrating political posturing by vendors, and often take too long, many useful standards have evolved out of this process that have served us quite well. I’m sure we could all name a couple of dozen pretty easily. The more consumers demand standards, make noise, delay purchases or switch vendors until there is true compatibility, the more likely it is that vendors will respond and provide more than simply lip service and political posturing. Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Mark Duling Sent: Friday, January 23, 2015 11:49 AM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention My thoughts too. I'm not sure how much we an complain about vendors seeking ways to differentiate their products with a unique value-add. Because a vendor's value-add is nothing other than their reason for being. If there is nothing they bring to the table that everyone else doesn't, then they should find something else to do. I think it was Donald Knuth that once said the great thing about standards is there are so many to choose from. Expecting vendor interoperability beyond a certain basic level seems to me to be a form of idealism. Not actually desirable in the real world as we know it, and only so in our minds. We wouldn't like it even if we got it. Isn't there an old joke about looking for a woman with intelligence, beauty, and money? On Thu, Jan 22, 2015 at 1:53 PM, Bruce Boardman board...@syr.edumailto:board...@syr.edu wrote: This is no different from any interoperable standard (SNMP is 20 years old and still doesn't manage much). It's always the lowest common denominator, leaving the vendors 'value-add' out. When an advanced feature gets added, it's advanced only in age. Vendors participation in standards bodies is for the marketing check box, not Kumbaya and World Peace. But don’t fret, that sort of SOP is job security man! Bruce Boardman Networking Syracuse University 315 412-4156tel:315%20412-4156 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh Sent: Thursday, January 22, 2015 4:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention On Thu Jan 22 2015 13:47:18 CST, Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? I think you’ve earned the right for a little self-promotion, Lee. :) Although you also deserve a bit of mocking for the use of “Class C subnet.” :):):) -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780tel:847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I would rather they differentiate on features that really are a value-add rather than simply proprietary lock-in that provides little to no value except for the fact that all the vendors’ products are compatible with each other. That's a given, but I actually think much of the time now when attempts at vendor lock-in are claimed it were actually honest attempts to add value that didn't work out. Adding value depends on certain projections and assumptions, some of which will turn out to have been accurate ones and others not. Assuming that knowing how that is going to turn out in advance is rarely as easy as the more cynical would have it. Not that anyone here is of course, but just generalizing. On Tue, Jan 27, 2015 at 4:09 AM, Peter P Morrissey ppmor...@syr.edu wrote: The vendors absolutely need to differentiate their products with “value-add.” The issue in my mind is how they differentiate. I would rather they differentiate on features that really are a value-add rather than simply proprietary lock-in that provides little to no value except for the fact that all the vendors’ products are compatible with each other. I would argue that standards provide consumers leverage by giving us the ability to switch vendors more easily. This compels the vendors to be even more innovative and more price competitive to retain customers than if they are relying upon high switching costs. And while I agree that standards often involve frustrating political posturing by vendors, and often take too long, many useful standards have evolved out of this process that have served us quite well. I’m sure we could all name a couple of dozen pretty easily. The more consumers demand standards, make noise, delay purchases or switch vendors until there is true compatibility, the more likely it is that vendors will respond and provide more than simply lip service and political posturing. Pete Morrissey *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Mark Duling *Sent:* Friday, January 23, 2015 11:49 AM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention My thoughts too. I'm not sure how much we an complain about vendors seeking ways to differentiate their products with a unique value-add. Because a vendor's value-add is nothing other than their reason for being. If there is nothing they bring to the table that everyone else doesn't, then they should find something else to do. I think it was Donald Knuth that once said the great thing about standards is there are so many to choose from. Expecting vendor interoperability beyond a certain basic level seems to me to be a form of idealism. Not actually desirable in the real world as we know it, and only so in our minds. We wouldn't like it even if we got it. Isn't there an old joke about looking for a woman with intelligence, beauty, and money? On Thu, Jan 22, 2015 at 1:53 PM, Bruce Boardman board...@syr.edu wrote: This is no different from any interoperable standard (SNMP is 20 years old and still doesn't manage much). It's always the lowest common denominator, leaving the vendors 'value-add' out. When an advanced feature gets added, it's advanced only in age. Vendors participation in standards bodies is for the marketing check box, not Kumbaya and World Peace. But don’t fret, that sort of SOP is job security man! Bruce Boardman Networking Syracuse University 315 412-4156 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh Sent: Thursday, January 22, 2015 4:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention On Thu Jan 22 2015 13:47:18 CST, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? I think you’ve earned the right for a little self-promotion, Lee. :) Although you also deserve a bit of mocking for the use of “Class C subnet.” :):):) -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users. No enrollment, no pre-shared key, nothing. All of the other authorization/authentication things that I want to do (or not do, depending on things like subnet, MAC/ACL list, etc) can be handled after the wifi link terminates at the controller or AP. This is where the WiFi Alliance has the potential to help things. They can push for inclusion of this ability in the 802.11 standard, and they can push device makers to have better support for it. They're pull may be reduced or wifi's early years, but it's not gone yet. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu jcoeho...@york.edu* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu wrote: I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee *Lee H. Badman* Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless configurations. As far as the onboarding headaches, I’m still surprised at how difficult this is. The closest I’ve seen to a good process is from a (very expensive) cloud *cough* provider. But is that expense warranted? Or better asked, WHY do we STILL NEED that expense when we’re now 4-5 generations (depending on how you count 11n) into mainstream wireless? My fear is that we are going to start seeing proprietary ‘standards’ for on-boarding similar to how Ethernet drivers worked 20 years ago or NAC-type interfaces built in to some supplicant-like application that each wifi vendor packages with their equipment (ie an enterprise version of WPS). -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 1:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I think you could accomplish the same consumer friendly setup in classrooms, labs, etc. and still provide meet your goals including regulatory compliance. I see this sort of hybrid approach today in hospital settings, so I'm not sure why it can't be accomplished in EDU. The new Kaiser hospital in my area has free WiFi everywhere, secure wifi for all their mobile computer stations (one per room), EKGs, pumps, etc. mesh-based location solution with tags on everything, and cellular distribution. I would also question setting highest performance as a goal. What you want is a solution that provides the user what they need at the moment they need it. I didn't deploy 802.11n or 802.11ac so that I could win unrealistic max performance claims. I deployed those technologies to support more efficient access to a finite amount of spectrum. And if performance is a goal, it's going to be more difficult to attain if the access to the service is complex enough to make the typical user reach for their MiFi device. Jeff On Friday, January 23, 2015 at 9:44 AM, in message 7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edumailto:7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu wrote: No easy answer. The dorms could be set up “consumer style” with a different operational profile, SSID, etc and don’t HAVE to be run like the rest of campus. But in classrooms, labs and meeting rooms there is now way to deliver highest performance, regulatory compliance, and accommodation of crap devices all at the same time without hyper complexity, and then at the physics level you still have problems. Even if every issue can’t be fixed in one fell swoop, there are a number of easy tweaks that device makers could provide if they pulled their heads out of 2004. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 12:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDUmailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edumailto
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
No easy answer. The dorms could be set up “consumer style” with a different operational profile, SSID, etc and don’t HAVE to be run like the rest of campus. But in classrooms, labs and meeting rooms there is now way to deliver highest performance, regulatory compliance, and accommodation of crap devices all at the same time without hyper complexity, and then at the physics level you still have problems. Even if every issue can’t be fixed in one fell swoop, there are a number of easy tweaks that device makers could provide if they pulled their heads out of 2004. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 12:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edumailto:432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edumailto:lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I think you could accomplish the same consumer friendly setup in classrooms, labs, etc. and still provide meet your goals including regulatory compliance. I see this sort of hybrid approach today in hospital settings, so I'm not sure why it can't be accomplished in EDU. The new Kaiser hospital in my area has free WiFi everywhere, secure wifi for all their mobile computer stations (one per room), EKGs, pumps, etc. mesh-based location solution with tags on everything, and cellular distribution. I would also question setting highest performance as a goal. What you want is a solution that provides the user what they need at the moment they need it. I didn't deploy 802.11n or 802.11ac so that I could win unrealistic max performance claims. I deployed those technologies to support more efficient access to a finite amount of spectrum. And if performance is a goal, it's going to be more difficult to attain if the access to the service is complex enough to make the typical user reach for their MiFi device. Jeff On Friday, January 23, 2015 at 9:44 AM, in message 7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: No easy answer. The dorms could be set up “consumer style” with a different operational profile, SSID, etc and don’t HAVE to be run like the rest of campus. But in classrooms, labs and meeting rooms there is now way to deliver highest performance, regulatory compliance, and accommodation of crap devices all at the same time without hyper complexity, and then at the physics level you still have problems. Even if every issue can’t be fixed in one fell swoop, there are a number of easy tweaks that device makers could provide if they pulled their heads out of 2004. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 12:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
My thoughts too. I'm not sure how much we an complain about vendors seeking ways to differentiate their products with a unique value-add. Because a vendor's value-add is nothing other than their reason for being. If there is nothing they bring to the table that everyone else doesn't, then they should find something else to do. I think it was Donald Knuth that once said the great thing about standards is there are so many to choose from. Expecting vendor interoperability beyond a certain basic level seems to me to be a form of idealism. Not actually desirable in the real world as we know it, and only so in our minds. We wouldn't like it even if we got it. Isn't there an old joke about looking for a woman with intelligence, beauty, and money? On Thu, Jan 22, 2015 at 1:53 PM, Bruce Boardman board...@syr.edu wrote: This is no different from any interoperable standard (SNMP is 20 years old and still doesn't manage much). It's always the lowest common denominator, leaving the vendors 'value-add' out. When an advanced feature gets added, it's advanced only in age. Vendors participation in standards bodies is for the marketing check box, not Kumbaya and World Peace. But don’t fret, that sort of SOP is job security man! Bruce Boardman Networking Syracuse University 315 412-4156 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh Sent: Thursday, January 22, 2015 4:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention On Thu Jan 22 2015 13:47:18 CST, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? I think you’ve earned the right for a little self-promotion, Lee. :) Although you also deserve a bit of mocking for the use of “Class C subnet.” :):):) -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I especially agree about the onboarding issue. While it's great that the market for onboarding tools is growing (we currently have three systems capable on wireless onboarding, only one of which was bought for that purpose!) they all feel like ridiculously expensive rolls of duct tape necessary only because every OS reinvents the wheel with wildly varying shapes. It's ridiculous to me that in this day and age there's no cross vendor standard for a wireless device to request a set of network credentials after authenticating with user credentials. Instead we have DNS/HTTP intercept, captive portal detection, and vendors whose primary value-add is that they track all of the os version specific quirks and bugs (call function X to add a cert to the store, unless it's android = 4.0 on a Samsung...). We should be able to have a simple authenticated service that feeds the equivalent of an apple mobileconfig containing a full set of wireless settings and credentials (like a per-user certificate) that can be read by any client device, and *just work*. Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken On 01/23/2015 01:36 PM, Brian Helman wrote: But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless configurations. As far as the onboarding headaches, I’m still surprised at how difficult this is. The closest I’ve seen to a good process is from a (very expensive) cloud **cough** provider. But is that expense warranted? Or better asked, WHY do we STILL NEED that expense when we’re now 4-5 generations (depending on how you count 11n) into mainstream wireless? My fear is that we are going to start seeing proprietary ‘standards’ for on-boarding similar to how Ethernet drivers worked 20 years ago or NAC-type interfaces built in to some supplicant-like application that each wifi vendor packages with their equipment (ie an enterprise version of WPS). -Brian *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey Sessler *Sent:* Friday, January 23, 2015 1:20 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I think you could accomplish the same consumer friendly setup in classrooms, labs, etc. and still provide meet your goals including regulatory compliance. I see this sort of hybrid approach today in hospital settings, so I'm not sure why it can't be accomplished in EDU. The new Kaiser hospital in my area has free WiFi everywhere, secure wifi for all their mobile computer stations (one per room), EKGs, pumps, etc. mesh-based location solution with tags on everything, and cellular distribution. I would also question setting highest performance as a goal. What you want is a solution that provides the user what they need at the moment they need it. I didn't deploy 802.11n or 802.11ac so that I could win unrealistic max performance claims. I deployed those technologies to support more efficient access to a finite amount of spectrum. And if performance is a goal, it's going to be more difficult to attain if the access to the service is complex enough to make the typical user reach for their MiFi device. Jeff On Friday, January 23, 2015 at 9:44 AM, in message 7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edu mailto:7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu wrote: No easy answer. The dorms could be set up “consumer style” with a different operational profile, SSID, etc and don’t HAVE to be run like the rest of campus. But in classrooms, labs and meeting rooms there is now way to deliver highest performance, regulatory compliance, and accommodation of crap devices all at the same time without hyper complexity, and then at the physics level you still have problems. Even if every issue can’t be fixed in one fell swoop, there are a number of easy tweaks that device makers could provide if they pulled their heads out of 2004. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) *From:*The EDUCAUSE Wireless Issues
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
“Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness.” I think that is a very healthy approach. We shouldn’t do things just because we’ve always done them a certain way or because we have some vague sense that we have to because it is somehow more secure. We stopped doing NAC a few years ago for this reason. The vendor we were using caused way to many issues for our students, extra expenses and labor us supporting them. Given that OS’s tend to have auto updates and firewalls turned on by default now, the gain we got from enforcing it for those who did not was not measurable. Not to mention we are essentially an ISP for the students. Do ISP’s ever require this? Our students don’t know what it is like to not have a computer and they seemed to survive just fine before they got here, so do we need to enforce behaviors that weren’t enforced at home? So far no one has been able to demonstrate any measurable advantage to do the posture checking component of NAC. I have a much longer, involved justification on that that I will spare you reading right now. We get authentication and thus historical retribution from 802.1x by default, which is also considered NAC by some definitions. This is handy. We also get encryption, although I’m with you on questioning that as well. Nowadays, it is hard to come up with an application that needs to be secured that doesn’t already add its own encryption. So why do we need encryption at layer 2? I seriously could be missing something on this, and would welcome further input. And if you really want to go wild here, do we even need it for the admin side? Just asking. Don’t judge me. ☺ Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 2:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Our environments have _some_ data security concerns like a hospital, but when you really drill down and look at what those are, they are more exception then rule. In cases were we need to provide a greater level of security, we typically have full control (and ownership) of the device. Show me in HIPPA where it's a requirement that a student be provided an encrypted WiFi connection to their own device when accessing the medical records your campus holds? There isn't such a requirement, and they could access them from starbucks' open wifi if they wished. As for on-boarding these internet of things devices, I always ask the same question... why? What are we gaining by the on-board process? Are our wlans so poorly designed that an unpatched system with no anti-virus poses a greater threat then if it was reaching services from outside our network? Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness. Jeff On Friday, January 23, 2015 at 10:36 AM, in message 70a4ca525a32ff42bbb8d79eec55b3bb41e19...@wmxd04p.sscad.salemstate.edumailto:70a4ca525a32ff42bbb8d79eec55b3bb41e19...@wmxd04p.sscad.salemstate.edu, Brian Helman bhel...@salemstate.edumailto:bhel...@salemstate.edu wrote: But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless configurations. As far as the onboarding headaches, I’m still surprised at how difficult this is. The closest I’ve seen to a good process is from a (very expensive) cloud *cough* provider. But is that expense warranted? Or better asked, WHY do we STILL NEED that expense when we’re now 4-5 generations (depending on how you count 11n) into mainstream wireless? My fear is that we are going to start seeing proprietary ‘standards’ for on-boarding similar to how Ethernet drivers worked 20 years ago or NAC-type interfaces built in to some supplicant-like application that each wifi vendor packages with their equipment (ie an enterprise version of WPS). -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 1:20 PM To: WIRELESS-LAN
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
On 01/23/2015 01:45 PM, Jeffrey Sessler wrote: I'll toss this out - who made us responsible for the protection of consumer data passing over our wireless networks? Why do we care? We get stuck with it when a professor who can bypass central purchasing picks up a New! Shiny! that: - only supports PSK - does not support being exposed to the internet (ie, developers assume you'll be behind both NAT and firewall) - has no alternative vendor - comes with directions to contact your local network administrator to make it secure - will be worked on by collaborates from across the street, across the company, and China As a good example, we had some professors purchase a pair of robots that were $250k a piece, had an IP stack as robust as a house of toilet paper cards in a windstorm, and used a Belkin USB wifi adapter. Oh, and they had research money contingent on purchasing those specific units from that specific vendor. The problem is that SOHO Class doesn't mean will stay out of Enterprise networks, it just means it's marketed directly at less knowledgeable users rather than IT professionals and central purchasing. (Semi-related side note: Moxa makes wireless bridges with a halfway decent dot1x capable wireless stack that bridge to a wired port, giving you at least one true enterprise-class way to add wireless to a device via wired ethernet: http://www.moxa.com/product/Industrial_Wireless_LAN.htm ) For devices the college owns, we have the capability today to secure them if necessary for compliance or other business requirements. For the rest of the BYOD crowd, is it a requirement? If 20 million people a week visit a starbucks and use their open wifi, why are we in EDU trying to be different? Do we feel an obligation to parent our wireless users? Hell yes we're obligated! Many of us have decided very intentionally not to host a community hotspot, and strongly resent users who effectively ask us to instantiate one so they can use their latest device they bought without asking us first. Things like captive portal plus MAC registration grease the wheels a bit, but still represent more gears in the rube goldberg contraption. It's also not just a question of managing individual wireless users. Wireless is a shared medium with shared fate, so lowering the bar for any one class of users will inevitably raise the risk level for the air space as a whole. Whether or not the increase in risk is worth it is a question that every organization must answer for itself, but you can't ignore the question. Instead of chasing an impossibility, why not concentrate on what our enterprise wlan vendors can do to get the majority of our users closer to the consumer experience? If I have 1000 1x enterprise users and 1000 PSK users, I need two networks. If I have 1000 1x enterprise users and 1 PSK user I can't kick off, I still need two networks. The presence of a class of user creates the obligation which in turn requires a certain level of work independent of the size of that class. -- Frank Sweetser fs at wpi.edu| For every problem, there is a solution that Manager of Network Operations | is simple, elegant, and wrong. Worcester Polytechnic Institute | - HL Mencken Jeff On Friday, January 23, 2015 at 10:10 AM, in message d4cc2ac64db345c2a5d6f18368d0d...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: Excellent thoughts, Joel. As I mentioned- the new certifications notion was AN idea, not the solution to a hyper-complex problem. But your suggestion is really interesting and sounds reasonable and powerful. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) *From:*The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Coehoorn, Joel *Sent:* Friday, January 23, 2015 12:55 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
On Fri Jan 23 2015 14:25:29 CST, Hinson, Matthew P matthew.hin...@vikings.berry.edu wrote: Cleared the chain of nested replies insert obligatory tilting at windmills snarky remark about top posting :):) -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I'll toss this out - who made us responsible for the protection of consumer data passing over our wireless networks? Why do we care? For devices the college owns, we have the capability today to secure them if necessary for compliance or other business requirements. For the rest of the BYOD crowd, is it a requirement? If 20 million people a week visit a starbucks and use their open wifi, why are we in EDU trying to be different? Do we feel an obligation to parent our wireless users? Instead of chasing an impossibility, why not concentrate on what our enterprise wlan vendors can do to get the majority of our users closer to the consumer experience? Jeff On Friday, January 23, 2015 at 10:10 AM, in message d4cc2ac64db345c2a5d6f18368d0d...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: Excellent thoughts, Joel. As I mentioned- the new certifications notion was AN idea, not the solution to a hyper-complex problem. But your suggestion is really interesting and sounds reasonable and powerful. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Friday, January 23, 2015 12:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users. No enrollment, no pre-shared key, nothing. All of the other authorization/authentication things that I want to do (or not do, depending on things like subnet, MAC/ACL list, etc) can be handled after the wifi link terminates at the controller or AP. This is where the WiFi Alliance has the potential to help things. They can push for inclusion of this ability in the 802.11 standard, and they can push device makers to have better support for it. They're pull may be reduced or wifi's early years, but it's not gone yet. Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu wrote: I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I've lost track of part of this discussion. Can someone roughly state what is being called onboarding in this thread? On Fri, Jan 23, 2015 at 11:42 AM, Peter P Morrissey ppmor...@syr.edu wrote: “Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness.” I think that is a very healthy approach. We shouldn’t do things just because we’ve always done them a certain way or because we have some vague sense that we have to because it is somehow more secure. We stopped doing NAC a few years ago for this reason. The vendor we were using caused way to many issues for our students, extra expenses and labor us supporting them. Given that OS’s tend to have auto updates and firewalls turned on by default now, the gain we got from enforcing it for those who did not was not measurable. Not to mention we are essentially an ISP for the students. Do ISP’s ever require this? Our students don’t know what it is like to not have a computer and they seemed to survive just fine before they got here, so do we need to enforce behaviors that weren’t enforced at home? So far no one has been able to demonstrate any measurable advantage to do the posture checking component of NAC. I have a much longer, involved justification on that that I will spare you reading right now. We get authentication and thus historical retribution from 802.1x by default, which is also considered NAC by some definitions. This is handy. We also get encryption, although I’m with you on questioning that as well. Nowadays, it is hard to come up with an application that needs to be secured that doesn’t already add its own encryption. So why do we need encryption at layer 2? I seriously could be missing something on this, and would welcome further input. And if you really want to go wild here, do we even need it for the admin side? Just asking. Don’t judge me. J Pete Morrissey *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Jeffrey Sessler *Sent:* Friday, January 23, 2015 2:07 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Our environments have _some_ data security concerns like a hospital, but when you really drill down and look at what those are, they are more exception then rule. In cases were we need to provide a greater level of security, we typically have full control (and ownership) of the device. Show me in HIPPA where it's a requirement that a student be provided an encrypted WiFi connection to their own device when accessing the medical records your campus holds? There isn't such a requirement, and they could access them from starbucks' open wifi if they wished. As for on-boarding these internet of things devices, I always ask the same question... why? What are we gaining by the on-board process? Are our wlans so poorly designed that an unpatched system with no anti-virus poses a greater threat then if it was reaching services from outside our network? Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness. Jeff On Friday, January 23, 2015 at 10:36 AM, in message 70a4ca525a32ff42bbb8d79eec55b3bb41e19...@wmxd04p.sscad.salemstate.edu, Brian Helman bhel...@salemstate.edu wrote: But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless configurations. As far as the onboarding headaches, I’m still surprised at how difficult this is. The closest I’ve seen to a good process is from a (very expensive) cloud **cough** provider. But is that expense warranted? Or better asked, WHY do we STILL NEED that expense when we’re now 4-5 generations (depending on how you count 11n) into mainstream wireless? My fear is that we are going to start seeing proprietary ‘standards’ for on-boarding similar to how Ethernet drivers worked 20 years ago or NAC-type interfaces built in to some supplicant-like application that each wifi vendor packages with their equipment (ie an enterprise version of WPS). -Brian *From:* The EDUCAUSE Wireless Issues Constituent
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Our environments have _some_ data security concerns like a hospital, but when you really drill down and look at what those are, they are more exception then rule. In cases were we need to provide a greater level of security, we typically have full control (and ownership) of the device. Show me in HIPPA where it's a requirement that a student be provided an encrypted WiFi connection to their own device when accessing the medical records your campus holds? There isn't such a requirement, and they could access them from starbucks' open wifi if they wished. As for on-boarding these internet of things devices, I always ask the same question... why? What are we gaining by the on-board process? Are our wlans so poorly designed that an unpatched system with no anti-virus poses a greater threat then if it was reaching services from outside our network? Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness. Jeff On Friday, January 23, 2015 at 10:36 AM, in message 70a4ca525a32ff42bbb8d79eec55b3bb41e19...@wmxd04p.sscad.salemstate.edu, Brian Helman bhel...@salemstate.edu wrote: But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless configurations. As far as the onboarding headaches, I’m still surprised at how difficult this is. The closest I’ve seen to a good process is from a (very expensive) cloud *cough* provider. But is that expense warranted? Or better asked, WHY do we STILL NEED that expense when we’re now 4-5 generations (depending on how you count 11n) into mainstream wireless? My fear is that we are going to start seeing proprietary ‘standards’ for on-boarding similar to how Ethernet drivers worked 20 years ago or NAC-type interfaces built in to some supplicant-like application that each wifi vendor packages with their equipment (ie an enterprise version of WPS). -Brian From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 1:20 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I think you could accomplish the same consumer friendly setup in classrooms, labs, etc. and still provide meet your goals including regulatory compliance. I see this sort of hybrid approach today in hospital settings, so I'm not sure why it can't be accomplished in EDU. The new Kaiser hospital in my area has free WiFi everywhere, secure wifi for all their mobile computer stations (one per room), EKGs, pumps, etc. mesh-based location solution with tags on everything, and cellular distribution. I would also question setting highest performance as a goal. What you want is a solution that provides the user what they need at the moment they need it. I didn't deploy 802.11n or 802.11ac so that I could win unrealistic max performance claims. I deployed those technologies to support more efficient access to a finite amount of spectrum. And if performance is a goal, it's going to be more difficult to attain if the access to the service is complex enough to make the typical user reach for their MiFi device. Jeff On Friday, January 23, 2015 at 9:44 AM, in message 7c623f076ece4354b6039ec505e9c...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu wrote: No easy answer. The dorms could be set up “consumer style” with a different operational profile, SSID, etc and don’t HAVE to be run like the rest of campus. But in classrooms, labs and meeting rooms there is now way to deliver highest performance, regulatory compliance, and accommodation of crap devices all at the same time without hyper complexity, and then at the physics level you still have problems. Even if every issue can’t be fixed in one fell swoop, there are a number of easy tweaks that device makers could provide if they pulled their heads out of 2004. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 12:39 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Well stated Peter. Could you imagine the outrage if ISP's started requiring their residential customers to on-board their systems? If you couldn't pass a bit of traffic without registering first, applying patches, etc. What if starbucks or others did the same? It's what we are effectively doing in EDU, and I struggle to find data saying it's effective. Same goes for those still trying to manage/shape/block file sharing protocols, but that's a different story. I question the need for admin encryption as well, but when you own the devices, it's less work to support it. I think you could extend that thought to what our environments may look like in another 5-10 years. With the push toward cloud-based services, and those services using encrypted transports by default, will we eventually come back full circle to open wifi? Jeff On Friday, January 23, 2015 at 11:42 AM, in message be09b41edf9c42df8404a864d90e0...@ex13-mbx-12.ad.syr.edu, Peter P Morrissey ppmor...@syr.edu wrote: “Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness.” I think that is a very healthy approach. We shouldn’t do things just because we’ve always done them a certain way or because we have some vague sense that we have to because it is somehow more secure. We stopped doing NAC a few years ago for this reason. The vendor we were using caused way to many issues for our students, extra expenses and labor us supporting them. Given that OS’s tend to have auto updates and firewalls turned on by default now, the gain we got from enforcing it for those who did not was not measurable. Not to mention we are essentially an ISP for the students. Do ISP’s ever require this? Our students don’t know what it is like to not have a computer and they seemed to survive just fine before they got here, so do we need to enforce behaviors that weren’t enforced at home? So far no one has been able to demonstrate any measurable advantage to do the posture checking component of NAC. I have a much longer, involved justification on that that I will spare you reading right now. We get authentication and thus historical retribution from 802.1x by default, which is also considered NAC by some definitions. This is handy. We also get encryption, although I’m with you on questioning that as well. Nowadays, it is hard to come up with an application that needs to be secured that doesn’t already add its own encryption. So why do we need encryption at layer 2? I seriously could be missing something on this, and would welcome further input. And if you really want to go wild here, do we even need it for the admin side? Just asking. Don’t judge me. J Pete Morrissey From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Jeffrey Sessler Sent: Friday, January 23, 2015 2:07 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Our environments have _some_ data security concerns like a hospital, but when you really drill down and look at what those are, they are more exception then rule. In cases were we need to provide a greater level of security, we typically have full control (and ownership) of the device. Show me in HIPPA where it's a requirement that a student be provided an encrypted WiFi connection to their own device when accessing the medical records your campus holds? There isn't such a requirement, and they could access them from starbucks' open wifi if they wished. As for on-boarding these internet of things devices, I always ask the same question... why? What are we gaining by the on-board process? Are our wlans so poorly designed that an unpatched system with no anti-virus poses a greater threat then if it was reaching services from outside our network? Don't assume I'm counter to what we've traditionally been doing in EDU, but I'm constantly reevaluating if some of these best practices have outlived their usefulness. Jeff On Friday, January 23, 2015 at 10:36 AM, in message 70a4ca525a32ff42bbb8d79eec55b3bb41e19...@wmxd04p.sscad.salemstate.edu, Brian Helman bhel...@salemstate.edu wrote: But our environments are unique in the sense that we have many of the same data security concerns that a hospital has, but unlike their tenants, ours are 1) largely irresponsible children, 2) using systems we have to maintain (I’ve never seen a hospital help a patient fix a laptop) and 3) live on site for long periods of time. Your points regarding media/game systems are well taken and appreciated by everyone on here who has resident students though. I say this over and over .. it’s really not the “rule” that is the problem, it’s the exceptions. And those “Internet of things” devices (far beyond “BYOD”) are becoming more and more prevalent everywhere on campus… and very few of them support “enterprise” wireless
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Isn’t the certificates thing being described something like EAP-TLS? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, January 23, 2015 12:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Excellent thoughts, Joel. As I mentioned- the new certifications notion was AN idea, not the solution to a hyper-complex problem. But your suggestion is really interesting and sounds reasonable and powerful. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com http://wirednot.wordpress.com) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Friday, January 23, 2015 12:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users. No enrollment, no pre-shared key, nothing. All of the other authorization/authentication things that I want to do (or not do, depending on things like subnet, MAC/ACL list, etc) can be handled after the wifi link terminates at the controller or AP. This is where the WiFi Alliance has the potential to help things. They can push for inclusion of this ability in the 802.11 standard, and they can push device makers to have better support for it. They're pull may be reduced or wifi's early years, but it's not gone yet. http://www.york.edu/Portals/0/Images/Logo/YorkCollegeLogoSmall.jpg Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edu mailto:jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu mailto:j...@scrippscollege.edu wrote: I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu mailto:432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu , Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 tel:315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
In theory, yes. In practice, good luck finding it implemented that way in a product we can actually deploy, or supported in a product in use by our constituents. On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk frnk...@iname.com wrote: Isn’t the certificates thing being described something like EAP-TLS? Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol http://en.wikipedia.org/wiki/Extensible_Authentication_Protocol read about UNAUTH-TLS … Philippe Hanset www.anyroam.net On Jan 23, 2015, at 3:30 PM, Frank Bulk frnk...@iname.com wrote: Isn’t the certificates thing being described something like EAP-TLS? Frank From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman Sent: Friday, January 23, 2015 12:10 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Excellent thoughts, Joel. As I mentioned- the new certifications notion was AN idea, not the solution to a hyper-complex problem. But your suggestion is really interesting and sounds reasonable and powerful. Lee Badman Wireless/Network Architect ITS, Syracuse University 315.443.3003 (Blog: http://wirednot.wordpress.com http://wirednot.wordpress.com/) From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Coehoorn, Joel Sent: Friday, January 23, 2015 12:55 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? THIS. For a few years now I've been wishing for an encrypted wifi offering that works much more like SSL does on the web. Divorce the encryption features currently .1x from the authentication/authorization parts. Let me by a certificate from someone like VeriSign or Digicert that everybody already trusts, deploy it to may APs or controller, and if you trust them, you can get an encrypted connection without needing to do anything different than if you were using a public hotspot. It needs to be just that easy for end users. No enrollment, no pre-shared key, nothing. All of the other authorization/authentication things that I want to do (or not do, depending on things like subnet, MAC/ACL list, etc) can be handled after the wifi link terminates at the controller or AP. This is where the WiFi Alliance has the potential to help things. They can push for inclusion of this ability in the 802.11 standard, and they can push device makers to have better support for it. They're pull may be reduced or wifi's early years, but it's not gone yet. Joel Coehoorn Director of Information Technology 402.363.5603 jcoeho...@york.edu mailto:jcoeho...@york.edu The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Fri, Jan 23, 2015 at 11:39 AM, Jeffrey Sessler j...@scrippscollege.edu mailto:j...@scrippscollege.edu wrote: I don't know Lee, in my mind is it the device maker's requirements to work in both consumer and enterprise environment, or does the enterprise wlan market need to figure out how to look more like a consumer wlan? Is this a problem EDU's have created because of some desire to provide a service that's more complex or invasive to use then it has to be? Is there really a need to on-board devices and have them associate using WPA2 Ent, or could we support the bulk of our users (especially students) using something more consumer friendly? Take residential (dorm) wifi as an example. If you had a model with an open or PSK-emulated wireless network coupled with location-based service filtering, the user gets on with every device out there, and they can see their chromecast, appletv, etc. and any others on that AP or 1 adjacent. Pretty much gives you the consumer feel. Jeff On Thursday, January 22, 2015 at 11:47 AM, in message 432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu mailto:432756068f5346b59e108b825efca...@ex13-mbx-10.ad.syr.edu, Lee H Badman lhbad...@syr.edu mailto:lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee Lee H. Badman
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
On Fri, Jan 23, 2015 at 1:42 PM, Peter P Morrissey ppmor...@syr.edu wrote: We get authentication and thus historical retribution from 802.1x by default, which is also considered NAC by some definitions. This is handy. We also get encryption, although I’m with you on questioning that as well. Nowadays, it is hard to come up with an application that needs to be secured that doesn’t already add its own encryption. So why do we need encryption at layer 2? I seriously could be missing something on this, and would welcome further input. And if you really want to go wild here, do we even need it for the admin side? Just asking. Don’t judge me. J Two examples I can think of are DNS and general IP traffic. Without encryption, those are visible over the air. So anyone can sniff our students' traffic and see what sites they are visiting and what hosts they talk to. (They won't be able to read the actual data, but the metadata exists.) You can tell if each user uses Skype, Tor, whatever. People use encryption at home for these reasons, also, even if it's just PSK. -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Last I checked it worked in everything but Windows. Eh no one uses that, right? :D -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Fri, Jan 23, 2015 at 4:18 PM, Coehoorn, Joel jcoeho...@york.edu wrote: In theory, yes. In practice, good luck finding it implemented that way in a product we can actually deploy, or supported in a product in use by our constituents. On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk frnk...@iname.com wrote: Isn’t the certificates thing being described something like EAP-TLS? Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
I didn't say that it was perfect, just that something along those lines has already been invented. =) Frank -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Hunter Fuller Sent: Friday, January 23, 2015 4:22 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Last I checked it worked in everything but Windows. Eh no one uses that, right? :D -- Hunter Fuller Network Engineer VBRH M-9B +1 256 824 5331 Office of Information Technology The University of Alabama in Huntsville Systems and Infrastructure I am part of the UAH Safe Zone LGBTQIA support network: http://www.uah.edu/student-affairs/safe-zone On Fri, Jan 23, 2015 at 4:18 PM, Coehoorn, Joel jcoeho...@york.edu wrote: In theory, yes. In practice, good luck finding it implemented that way in a product we can actually deploy, or supported in a product in use by our constituents. On Fri, Jan 23, 2015 at 2:30 PM, Frank Bulk frnk...@iname.com wrote: Isn’t the certificates thing being described something like EAP-TLS? Frank ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
RE: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
This is no different from any interoperable standard (SNMP is 20 years old and still doesn't manage much). It's always the lowest common denominator, leaving the vendors 'value-add' out. When an advanced feature gets added, it's advanced only in age. Vendors participation in standards bodies is for the marketing check box, not Kumbaya and World Peace. But don’t fret, that sort of SOP is job security man! Bruce Boardman Networking Syracuse University 315 412-4156 -Original Message- From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Julian Y Koh Sent: Thursday, January 22, 2015 4:45 PM To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention On Thu Jan 22 2015 13:47:18 CST, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? I think you’ve earned the right for a little self-promotion, Lee. :) Although you also deserve a bit of mocking for the use of “Class C subnet.” :):):) -- Julian Y. Koh Acting Associate Director, Telecommunications and Network Services Northwestern University Information Technology (NUIT) 2001 Sheridan Road #G-166 Evanston, IL 60208 847-467-5780 NUIT Web Site: http://www.it.northwestern.edu/ PGP Public Key:http://bt.ittns.northwestern.edu/julian/pgppubkey.html
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Hi Lee, The WiFi Alliance has never, ever, really cared about end user input from Enterprises. Years ago, when I was leading a very large WLAN deployment, I was able to attend as many IEEE sessions as I wanted. I attended mostly to see what was coming (to plan accordingly) and to provide enterprise feedback. Quite the humbling experience to sit in a ballroom full of the brightness engineering minds in networking. But I only ever managed to attend a WiFi Alliance conference once and that was because I was invited to speak as a keynote speaker discussing our large deployment (which was leading edge at the time). I then used the opportunity to sit in (quietly) in the various sessions to see what how the Alliance did its work. I was very interesting and showed me that the IEEE conference were really engineering-based while the WiFi Alliance discussions were much more market driven (ie, they are vendors, they want to sell stuff and not get returns). The root problem with the WiFi Alliance is that it's only made up of manufacturers who have to pony up a large sum of money to be part of the Alliance. So they don't hear from enterprise users directly - they only hear it second hand from the vendor's marketing teams representing enterprise customers. And as we know, some vendors don't care much about enterprises so enterprises are left without a voice in these areas. I think the WiFi Alliance will continue to get it wrong because they lack the right level of enterprise scale input. So the challenges of integrating these consumer based products into the enterprise will continue to be a challenge. What the Alliance needs is an enterprise certification and input from that market segment and EDUs should be represented. We are not. Having said that, I like the article and I hope it's a step in the right direction! ... Jonn Martell On Thu, Jan 22, 2015 at 11:47 AM, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee *Lee H. Badman* Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. -- -- ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Lee, Here's a bit of the opposition. Search for products with Glass in the name: https://www.wi-fi.org/product-finder-results?sort_by=defaultsort_order=desckeywords=glass Zero hits Search for products with Google in the name: https://www.wi-fi.org/product-finder-results?sort_by=defaultsort_order=desckeywords=google 3 hits, all sony TV's using android Iphone 6: https://www.wi-fi.org/product-finder-results?sort_by=defaultsort_order=desccategories=4keywords=iphone%206companies=5 Nada Chromecast https://www.wi-fi.org/product-finder-results?sort_by=defaultsort_order=desckeywords=chromecast ZIP The point I'm making, the WiFi alliance provides a certification. No manufacturer is required to seek it. In fact, when was the last time you looked for the logo on the box when you bought a laptop/router/phone/etc? In the early days, as you alluded to, not having that certification on the box was a death knell to sales, because people had just recently lived thru the nightmare of incompatible equipment (HomeRF anyone?), understood the importance, and enforced it with their wallet.. Now a days, people just expect it to work. So they don't even look. Mike On Thu, Jan 22, 2015 at 2:47 PM, Lee H Badman lhbad...@syr.edu wrote: I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee *Lee H. Badman* Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.
Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention
Not sure I agree with the separate certification idea. Too many of students will still expect their residences to work with just living room specification. To many of our faculty expect their classrooms to work that way. Joel Coehoorn Director of Information Technology 402.363.5603 *jcoeho...@york.edu jcoeho...@york.edu* The mission of York College is to transform lives through Christ-centered education and to equip students for lifelong service to God, family, and society On Thu, Jan 22, 2015 at 2:41 PM, Thomas Carter tcar...@austincollege.edu wrote: Well written and definitely on point. Our users think wireless should “just work”. Roaming, Dot 1X, etc is a foreign language to them. It works at home with their Linksys, why can’t it work here? They think (and sometimes say) “the problem must be your wireless network and not my wireless device.” Thomas Carter Network and Operations Manager Austin College 903-813-2564 [image: AusColl_Logo_Email] *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Hinson, Matthew P *Sent:* Thursday, January 22, 2015 2:27 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* Re: [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention Lee, Good write-up. I found myself nodding in agreement frequently as I read along. The biggest problem I see in the trenches of WLAN administration is a lack of knowledge about the Alliance at all. Their marketing has been so successful that “Wi-Fi” has become synonymous with 802.11 wireless networking. I cannot tell you the number of times a user brings a particular device on our network that can’t do .1X or some other critical standard. 10/10 times, you can check the Alliance’s database and find out that it isn’t certified. Of course, when you explain to them that their device isn’t working, they immediately default to “Well I’ve never even *heard* of that Wi-Fi Alliance thing.” TL;DR: I see the biggest problem as people not caring whether the device is certified or not, to say nothing of the quality of said certification. -Matt Matthew Hinson CWAP *From:* The EDUCAUSE Wireless Issues Constituent Group Listserv [ mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] *On Behalf Of *Lee H Badman *Sent:* Thursday, January 22, 2015 2:47 PM *To:* WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU *Subject:* [WIRELESS-LAN] Trying to get the Wi-Fi Alliance's Attention I know self-promotion is in poor taste, but wanted to share this http://www.networkcomputing.com/wireless-infrastructure/the-case-for-wlan-interoperability/a/d-id/1318718? and encourage anyone of like (or opposing) mind to add comments. I'm told that the Alliance is at least reading along, FWIW. -Lee *Lee H. Badman* Network Architect/Wireless TME ITS, Syracuse University 315.443.3003 ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/. ** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.