It’s a tale as old as time.
At my school, we have been struggling with WiFi stability since we started our BYOD program. It is certainly something a lot of other schools can relate to. We’ve been able to trace our problem down to three separate issues. Two of them were configuration issues that were done improperly from the start but the third is an Aruba server that handles our access to our network. This is the point of our discussion.
Our school uses Aruba to handle security to the network. The server we use is faulty – plain and simple. We have bypassed it so Aruba engineers can work on it and not cause any disruptions. When we implemented the bypass our WiFi network became quite reliable. Not perfect but usable and you can count on it in most cases now. We do have security on our network but it’s not the most robust.
With Aruba we get a few perks – check out the list below.
– Reports for IT
– The ability to shut down a user completely (except their smartphone with a data plan of course)
– The ability to view and track users throughout the network
– Limiting the number of devices a user can use
Now, it’s not all sunshine and unicorns with Aruba either.
– Lengthy time to get all users on our network (it usually takes about 2 weeks). Without Aruba it can be as little as 3 days
– Can’t just turn it off if there are problems
– Reliant on outside engineers to service it. The bypass we created was done primarily in house and we can work on it if needed
– Daily IT helps people get connected with new devices (removing older devices and helping to on board the new device)
Eventually our Aruba will be sorted out and ready to be switched on. In theory it will be seamless, but the question is – do we switch it on? Do we trade ease of access for a little more security? Do we trade the ability to troubleshoot or issues in house for a more powerful service that requires outside configuration and support?
What do you think?
1 thought on “Security vs. Stability”
A tale as old as time? You nailed it. In ITIL lingo, you are talking about stability vs responsiveness. (link here: http://abhinavpmp.com/2014/03/25/itil-stability-vs-responsiveness/) This is one of the three great tensions in IT.
To answer your specific question, though, I vote turn it on. Not just for security (that’s important) but for logging and forensic use. I think an important question is “do your core customers (students, teachers) have the level of service they need?” If Arruba helps you with this, then do it.
We do not have segmented wireless network, but one of our summer projects is to: segment our wireless network and implement a radius-like server in our infrastructure. We are pretty aggressive about our packet shaping and filtering, though, so bandwidth utilization is controlled – but it’s not as tight as I like.