ICC Home  /  Members  /  Meetings  /  Peer Support  /  Documentation  /  Projects

Minutes of April 9th, 2009 ITAC-NI Meeting:

back to ITAC-NI minutes index

    Link to ACTION ITEMS from meeting


    1. Approve prior minutes
    2. DHNet SLO update
    3. Voice over WiFi, and high density WiFi locations
    4. IFAS WAN SLO update


    This meeting was scheduled in CSE E507 at 1:00 pm on Thursday, April 9th and was made available via videoconference with live-streaming and recording for future playback. Prior announcement via the Net-Managers-L list was overlooked this month. The meeting was called to order by ITAC-NI chairman, Dan Miller, Network Coordinator of CNS Network Services.

    ATTENDEES: Seven people attended this meeting locally. There was one attendee via Polycom videoconference and there are no records of how many may have listened into the stream via a web browser using the web interface.

    Six members were present: Charles Benjamin, Dan Cromer, Shawn Lander, Steve Lasley, Tom Livoti, and Dan Miller.

    Eight members were absent: Clint Collins, Erik Deumens, Tim Fitzpatrick, Craig Gorme, Stephen Kostewicz, Chris Leopold, Bernard Mair, and Handsford (Ty) Tyler.

    Two visitors participated as well: Dennis Brown (via Polycom), and John Madey.

    Viewing the recording

    You may view the recording via the web at Currently, you will need to click on the "Top-level folder" link, then the "watch" link next to the "ITAC-NI Meeting_09Apr09_12.15" item. This will likely be moved into the ITAC-NI folder shortly. Cross-platform access may not be available; on the Windows platform you will have to install the Codian codec.

    Audio archive

    An archive of audio from the meeting is available: part one and part two (interrupted briefly for recorder battery change).

    1) Approve prior minutes

    No corrections or additions were offered and the minutes were approved without further comment.

    2) DHNet SLO update

    Charles Benjamin had been asked to give a presentation on the Department of Housing and Residence Education network, DHNet. Charles provided a PowerPoint slide set to accompany his talk.


    2-1) Housing Residence Education Network and Services

    Charles Benjamin is the Senior Network Administrator for Housing.

    2-2) Traffic of several categories runs over DHNet

    Charles explained that traffic over the housing network falls into a number of general categories as shown on the above slide. The key card lock system was first installed in 1992. "Employee Services" include such things as SharePoint, E-mail, etc.

    2-3) HRE belongs to and supports Student Affairs

    Housing is a part of Student Affairs and supports other departments within Student Affairs to varying degrees. How housing supports these group varies, but typically it is to the desktop.

    2-4) DHNet covers a wide area on campus

    In the past, Charles had worked at NERDC for twenty years. He then went away for a number of years to pursue a job opportunity which provided him both financial reward and the opportunity to teach. When he returned to UF in 2006 the first thing that struck him about the housing network was its size. Their network as diagrammed above is bordered by University Avenue, Archer Road, SW 34th Street and Highway 441.

    2-5) Cabling plants can be challenging

    The second thing that surprised Charles about the housing network was how well the cabling plant was run. In his experience, wiring is like your checkbook: if you don't stay on top of it, things can really get out of hand; as demonstrated in this slide above (not at UF).

    2-6) But DHNet has an in-house cabling shop

    Housing is fortunate in having its own cabling shop that does a marvelous job.

    2-7) Their switches support high-end features

    The slide above provides an idea of the various types of switches which DHNet utilizes. Every port is 10/100/1000 capable, but all are configured for 10/100 as per best practices at the access level. Each port is also capable of Cisco pre-standard POE. As they are upgrading their access points, they are moving to 802.3af. When asked by John Madey why they have POE on every port, Charles responded that the decision predated his arrival there.

    DHNet provides one port per student; Charles likes to refer to this as an Ethernet connection per "pillow". When Dan Cromer asked if students were allowed to expand their available ports via small switches, Charles responded that this was not permitted.

    All of Housing's switches are on SMARTnet plus they keep a store of spare blades and chassis on-hand to swap out while a component is sent for repair via SMARTnet.

    2-8) 802.1x even on wired connections

    For authentication they wanted something which was standards based and which encrypted credentials. They decided to go with 802.1x. They also have DHCP Snooping enabled.

    They want to upgrade their Catalyst switches from Cat OS to IOS. Charles commented that this is an interesting process and Dan Miller added that it involves a major change to the configuration file. Charles stated that once the Catalysts are upgraded they want to add QoS

    2-9) The DHNet backbone

    One of the first things that Charles saw when he arrived in 2006 was that the network was designed as a flat network, which means there was very little routing going on except for the router that connects to the backbone.

    One of his first configuration changes was to enable their connection to the UF backbone to be an OSPF ASBR. That removed all the routes from the UF backbone and the rest of campus from their routing tables, making things more efficient.

    A second connection to the UF backbone is being planned, along with upgrading the bandwidth to 10 gig.

    2-10) Wireless deployments

    In the residence halls they have approximately 200 access points; that project is in phase one of a three-year/three-phase plan. They support 37 WAPs at the Maguire Apartments. Charles noted that at most other places 802.1x is being used on wireless and not on wired; DHNet, however, is using it in both cases.

    They utilize an SSID of "dhw". Their access points are configured as light-weight and therefore connecting to their wireless controller. They have two 4402s and two WiSMs in redundant mode. The 4402s are used at Maguire and the WiSMs are part of the residence hall expansion.

    2-11) Disaster recovery

    A bit before Charles joined Housing their entire network administration group left. Consequently, the network administration team which Charles has now has only been in place for two and one-half years. Charles believes them to be the "finest crew in the fleet". They are a fantastic group of folks and have accomplished a lot of work in the last few years. They have focused, particularly in this last year, primarily on redundancy and security.

    Physical redundancy

    When Charles joined Housing they did not have a second location for redundancy. Now, their Business Resumption Plan (BRP) Facility is another location in Hume Hall where all their services are duplicated. Should the Housing Office fall into a sinkhole, they will still be up and running. Both facilities have a UPS and a power generator.

    Redundant SAN with off-site tape backup

    About a year ago they installed their SANs network; they decided to go with LeftHand which were recently purchased by HP. They chose to go with LeftHand because they are so configurable as far as adding additional space and modules. Currently their SAN consists of six modules; three are at main housing and the other three are in the BRP facility. All the data is duplicated in both locations. In addition to that type of redundancy they use the Tivoli system at CNS.

    E-mail archiving

    For e-mail archival they use a product called MailMeter. Charles likes this product very much because it is allows for rapid searches. Charles uses e-mail to organize and track much of what he does and MailMeter allows him to find that information easily.

    End-user file recovery

    They also implement Shadow Copy which retains file changes for a two-week period so that individuals can retrieve prior copies themselves.

    2-12) Redundant server rooms backed by power generators

    Above is the BRP Facility at Hume where a room is dedicated for this task. The picture at the upper-right shows the transfer switch. Commercial power enters there and they have another connection running outside to the generator shown at lower-right above. The generator is 35 kVA and is dedicated to the BRP Facility room itself. There is another generator for Hume, for emergency power, but that is totally separate.

    The power coming into the 20 kVA APC UPS system is 3-phase and everything is on contract. You can see the batteries in the rack within the picture on-left above. The three SAN modules may be seen at the bottom of the rack as well; each module is 3.6 TB.

    2-13) As many services as possible are redundant

    All of the above listed core network services are now redundant both functionally and physically.

    2-14) Network security applications

    Housing has made great progress with its security. Housing services about 500 employees and 8500 students with a yearly turnover of around 3500; in doing that, they supply roughly 10,000 Ethernet ports. On employee workstations they run McAfee VirusScan and AntiSpyware.

    Housing is the right size to get things done

    One of the nice things about Housing is that it is not so big that it is difficult to effect change and it is not so small that you don't have resources. They wanted to encrypt laptops, which can be a real issue for places as big as the Health Sciences Center, for example. In their case, they had only about 50 of those and because of the small numbers involved they were able to go ahead and readily implement McAfee Endpoint Encryption (formerly SafeBoot) across all those.

    They have a firewall, but they cater to student residence clientele

    Housing utilizes a Firewall Services Module on their Catalyst 6513 that connects to the UF backbone which was added over the last two years. Dan Miller asked how tightly they run their firewall and Charles responded that they run it as tightly as possible. Charles pointed out that Housing clientele have somewhat different needs than do employees on the rest of campus. These people are living there and may be expected to use the network for certain activities (e.g., watching TV over the internet at night) perhaps differently than what one would expect of an employee work 8 AM to 5 PM.

    To handle SPAM they employ redundant Barracuda appliances.

    2-15) 802.1x authentication employed

    There are three components of 802.1x which are listed above. Items 2 and 3 are fairly easy. The authentication server is RADIUS server and they have expertise in that. There is not that much configuration on the Cisco switches. Cisco gives you "nerd knobs" which you may use to tweak things, but the basic configuration for the authenticator is straight-forward.

    The supplicant is the main challenge

    It is the supplicant component which has been a real challenge; that is the software which goes on the client computer. This is a standard, right? So one would think that the supplicants would be fairly standard, but that is not what they discovered.

    2-16) XpressConnect as the supplicant solution

    The solution for Housing turned out to be a program which is now called XpressConnect. This software originally came from idEngines which has gone out of business, but fortunately Cloudpath now sells this direct.

    Software wizard replaces a cumbersome manual

    Charles terms this software an 802.1x "Wizard" because what it does is help an individual configure their supplicant. They literally had a 25 page manual for students to go through to configure their supplicant, and that just didn't go over very well. This program is very nice. It can be run from a web page or it can be run from a CD. Whenever a student checks in (the next big check-in is Summer B) they get this CD along with their room key. On the jacket of the CD are simple step-by-step instructions to run it. They put in the CD, connect to the network, and the wizard walks them through configuration. It also looks for active P2P applications and warns them saying you can't go any further until you remove this P2P application.

    Custom solutions are even possible

    As per Dan Cromer's previous question they don't allow hubs. So, what if a student wants to use their Xbox on the network? What they have been doing in the past is explaining in their manual how to do port sharing where you have two Ethernet connections on a Windows machine and connect one to the network and the other to the Xbox. In talking with the company, who are very good to work with, they have managed to get that feature added. The next release of the supplicant software will include that configuration so it will help the students with doing that as well.

    The difference this software has made is like night and day. They have people coming in for conferences over the summertime. This last summer they gave them the CD and it was a breeze.

    2-17) The authentication schematic (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-18) How the authentication piece works

    The system utilizes Gatorlink credentials for the User Name and Password. The Domain name can be either "GLOBAL", "GUEST", or "CONFERENCE". If the domain is "GLOBAL", the credentials are sent to UFAD for authentication. If the domain is "GUEST" or "CONFERENCE" then it will be sent to MySQL where they have some guest accounts defined.

    At this point, Charles skipped to slide 26 to discuss the various security applications they run.

    2-19) VLAN usage

    Housing has configured a number of VLANs on their switches. VLAN 30X must be configured to do 802.1x, but configuring the VLAN 40X (in red) is optional. They also added two additional VLANs as listed. If a user is found to have a violation, they are restricted by being put in VLAN 321. If they fail authentication they will be placed in VLAN 40X. The instruction VLAN for wireless is VLAN 502.

    Charles then skipped to slide 23.

    2-20) Switch configuration (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-21) Switch configuration (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-22) Switch configuration (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-23) The Student VLAN

    The various VLANs listed in slide 19 are configured throughout their network. When a student uses the XpressConnect and are authenticated, they theny have a complete connection both on-campus and out to the Internet.

    2-24) The Fail VLAN

    If the student goes through the connection process and cannot get authenticated properly for some reason, they go into VLAN 40X and are directed to the above web page. That page provides five different scenarios as to why they may not have been authenticated. That could happen for such things as a password not getting synchronized or the clock on their computer being set incorrectly and therefore the certificate isn't matching up.

    2-25) The Instructions VLAN

    The first time a student is using wireless, if they use the "dhwInstructions" SSID, it will take them to the XpressConnect and help them configure for the 802.1x--but via the web rather than via the CD.

    At this point, Charles jumped on to slide 27 to detail how the VLAN assignments are done.

    2-26) Network security tools

    Web filtering

    One form of security is web filtering, for which Housing uses WebFilter by WebSense. Charles granted that this can become a philosophical discussion, but he believes it lines up with security. With the internet, bad guys from around the world are knocking on our doors. Web filtering can minimize users going to places they shouldn't go and downloading things which they shouldn't--accidentally or otherwise.

    Not all P2P is blocked, rather they go after copyright violations

    Dan Miller had asked earlier about Red Lambda. The issue with that product is it blocks all P2P. Charles was concerned with blocking only illegal activity and wanted to allow legitimate activity, which may include some P2P usage. Housing has people living with them and they want to makes their lives acceptable and enjoyable.

    Consequently, the component Housing employs is the CopySense appliance by Audible Magic. This appliance sits on a span port on their connection out to the backbone (see slide 27). It examines all the traffic looking for copyrighted material. The appliance maintains over six million entries in its database of copyrighted material. If it discovers a violation it sends that to a program which was written in-house.

    They also scan for restricted data which may be exposed

    Another security application they utilize is ID Finder. It examines the files on web sites, file servers and workstations, looking for SSNs, driver's license numbers, credit card numbers and the like. This is another example of Housing being the right size. The last time Charles spoke with Kathy Bergsma they were still trying to find funding to buy ID Finder; because Housing is smaller, they were able to afford that.

    Vulnerability scanning

    They also run Nessus whose front-end is called Nessquik. This tool makes sure you have the right updates.

    Intrusion protection

    SourceFire IPS is utilized for intrusion detection and prevention.

    Road map

    Down-the-road they are looking at OSSEC, an Open Source Host-based Intrusion Detection System as well as Cisco NAC.

    How does XpressConnect work with P2P?

    Dan Miller asked how XpressConnect worked in relation to legitimate P2P applications. This led Charles to jump back to slide 19 for an explanation.

    2-27) VLAN assignment

    As stated earlier, the CopySense appliance is on a span port off the switch connecting DHNet to the UF backbone. All the traffic coming in and going out is being examined. Every five minutes, the program they wrote in-house pings the appliance and if there is a violation that information is sent over to their program. Specifically, they are looking for file sharing (also called seeding) of copyrighted material going out. They are also looking for encrypted P2P because that is a common method used in an attempt to obscure inappropriate sharing.

    The following "hidden" slides go into great detail as to what happens. Basically the userID gets placed into another group, they send out a command to the switch to bump that port into a different VLAN, and then the user is restricted.

    (Jump to slide 32)

    2-28) The DHNet VLAN control program (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-29) Polling and query details (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-30) Adding the user to a restricted group (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-31) Bouncing the port to a different VLAN (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-32) Restricted access

    After a user has had his port placed into the Restricted VLAN, when they use a web browser they are redirected to the above page. They also get an e-mail asking them to go to that page and sign-on with their Gatorlink credentials.

    2-33) Remediation

    Once the student logs on they are presented with a page showing them their case number, name, and the violation of protocol. This page not only provides information about the actual P2P violation, but it also displays Housing's AUP policy.

    Three levels of warnings

    Housing uses a three-level system of warning. The first violation incurs a 30 minute restriction whose time starts when they hit the "I will comply" button. Once that timer expires, their user ID is placed in another group, they bump the interface, and then the user has full access again. As long as they are restricted, they have access only to UF campus; they can't get out to the Internet but they should still be able to do their work.

    The second violation level lasts 5 days. If they are persistent even after clicking "I will comply", they will be in a UF campus-only access mode for 5 days.

    After a third violation they go to Judicial. They meet with something in that office, have a discussion, and a decision is made as far as what to do next.

    Hands-on support is also provided for remediation assistance

    In addition to this web page, they have what they call a DHNet@Home Help Desk located at certain areas. They encourage students to take their computers there for assistance in removal of the P2P software. Limewire is the big one and sometimes they just don't realize they have it installed. In some cases of a second violation where they thought they had removed it they will bump their level back down; they try to show some grace there.

    Charles next jumped to slide 35 to discuss their card lock system.

    2-34) Remediation (slide not in talk)

    [Above slide was "hidden" and not presented to ITAC-NI]

    2-35) Card lock system

    The initial installation of this system was in 1992. They have 128 Access Control Units around the residence halls and 408 readers. The software they are running is called Diamond II.

    2-36) Employee VoIP phone system

    When Charles first got here Housing had a single Publisher. He installed a Subscriber in the cluster for redundancy. The Publisher is in the main Housing Office and the Subscriber is over in Hume. The system is configured for load sharing where the call processing for half the phones is done by the Publisher and the other half is done by the Subscriber. If either one fails the other takes over 100%. Thus it is not only load sharing, but also redundant.

    The protocol being used between the CallManager and the phones is SCCP (Skinny). They also support IP Communicator, which is a product which goes on your laptop and allows for VoIP calling via a headset. Dan Miller asked if a VPN was required to use IP Communicator and Charles replied that it was.

    The Attendant Console allows users to access a directory of individuals and phone numbers.

    The gateway to off-net phones is a T1 blade using MGCP.

    2-37) Employee VoIP phone system

    They are using Unity for voicemail and that system is again redundant. Two systems are in place and if one fails, the other takes over. Charles does not care for the fact that Unity utilizes hot spare and does not support load sharing. Again one system is in the main Housing Office and the other is in Hume.

    Housing has an Auto Attendant. When someone gets a voicemail their Message Waiting Indicator (MWI) will come on the phone, but you also get the message where you may listen to it in Outlook. Charles has found the Outlook feature to be very useful.

    2-38) Employee services

    Charles finds their use of virtualization to be very exciting. They have a VMware cluster of four servers with two at Main Housing and two at Hume. That cluster supports about 21 services currently. In addition to the cost and energy savings this provides, Charles finds the ability to automatically move services from a failed server to another via VMotion extremely valuable.

    Exchange is supported on redundant server frontends. They have redundant file and print servers. They also run SharePoint, FlashPageFlip and Blackberry servers. Judicial Affairs Management System (JAMS) is used throughout Student Affairs for judicial issues.

    The VM cluster not only provides redundancy but also give them the capacity to support other departments within Student Affairs. For example, if they want to run a web site, it runs in Housing's cluster.

    2-39) Employee services

    Other employee services which they support include collaborative applications such as Mobile Active Sync and OpenFire with Spark. PHPLive is used to provide helpdesk support via live chat. They also utilize Microsoft Configuration Manager, and McAfee ePO to help manage their systems. Their ticket system is based on Maintenance Management.

    2-40) Employee services web hosting

    They host a number of web sites for themselves and throughout Student Affairs, including: DHNet, RecSports, Mayor's Council, and Dean of Students Office. They support both Apache and IIS.

    2-41) DHNet home page

    Above is a view of the DHNet home page. Charles included this as an example of the on-line chat capability. If a student has a problem they can get help via this site.

    2-42) RecSports home page

    The RecSports site depicted above is an example of a site they host but did not develop themselves.

    2-43) Monitoring and control systems

    Like much everything else, their monitoring and control systems are redundant.

    2-44) CiscoWorks

    Charles implemented Ciscoworks soon after he began working at Housing. It has a lot of capabilities and they like it very much.

    2-45) Cacti

    Cacti is Open Source software used to graph their monitoring data. Again, it is configured in a redundant fashion. By bringing their cursor over any of the links on the above chart, they can display the bandwidth graph of the various locations over the last 24 hours.

    2-46) VMware Infrastructure

    VMware Infrastructure of course has its own monitor tools which they use to keep track of the various services it supports.

    2-47) APC InfraStruXure Manager

    APC InfraStruXure Manager supports automatic e-mail should temperatures rise too high. They can also login and monitor various events.

    2-48) Trouble tickets

    The screenshot above shows the new front-end to their trouble ticket system. They are beta-testing this currently in the Broward area.

    2-49) Trouble tickets

    The table above presents data on their recent trouble ticket traffic. Note that the average time to close a case was about half a day in Jan-Feb and was down to an hour and 39 minutes in March. Housing has a wonderful support staff. These incidents are IT-related, mostly desktop and phone issues. It does not cover the maintenance side of things.

    2-50) Report tracking

    Utilizing the CopySense appliance they can create some nice reports. The above chart shows the first 24 hours of traffic for last Fall term. Note the very low P2P usage levels.

    2-51) Report tracking

    Here is the graph from the second week of classes.

    2-52) Report tracking

    The above chart depicts the second week's total traffic another way, showing that the great majority of P2P traffic was incoming.

    2-53) Report tracking

    By the 8th week all P2P usage was incoming. Stopping the uploads was the real goal because that is where you can really get hit for DMCA violations. As can be seen, that has been very successful.

    2-54) Report tracking

    Recall that they instituted a three-level system for violations. Within the first week there were 224 violations total, with Limewire representing the majority of those. The first week they had 132 level 1, 17 level 2 and 2 level 3 violations.

    2-55) Report tracking

    By the 4th week, they had a total of 188 level 1, 35 level 2 and 6 level 3. This demonstrates that the students are learning that they cannot download copyright material. Note that CopySense allows them to monitor P2P usage by application. Charles has been extremely pleased with this appliance and how it has worked for them.

    2-56) Thank you

    The above picture was taken from atop Beaty Towers.

    After finishing his presentation Charles addressed questions from the committee:

    Do you offer general VPN service to staff and students? (Dan Miller)

    Charles responded that they offer VPN for staff but not students. The latter is a big issue for them because students could bypass their P2P safeguards if they were to use a VPN. However, a student will approach them from time-to-time and say that they are working on a particular project which requires VPN access; it can and has been allowed on a case-by-case basis as needed. They have about 4-5 of those special cases currently. They are doing a balancing act because they really want to provide the best service to their students while protecting them at the same time.

    Does the budget come from an additional technology fee? (Dan Cromer)

    Dan Cromer was envious of the funding model at Housing as they apparently have a great deal of resources in order to support such levels of redundancy in their services. Charles indicated that their funding comes from the flat-fee that residents pay for their rooms. Charles made no secret of the fact that he has a "sweet" job and was blessed for landing it. Housing is not so large that things happen slowly, but is big enough to have the necessary revenue for actually implementing things. None of their funding comes from Tallahassee.

    Do you have flat funding for your network? (Dan Miller)

    Charles responded that their funding levels over the last few years have been essentially flat.

    At this point, Dan Miller segued into the next agenda topic, as he had some questions of Charles pertinent to that topic.

    3) Voice over WiFi, and high density WiFi locations

    Dan Miller provided some background on the topic. The Marston Science Library has a very high concentration of laptops users with just an average build-out not involving the latest model of APs. There are a couple of VoFI phone users there who are experiencing some problems and CNS is looking at policies, budgeting and standards as a means of addressing these issues. CNS is basically wondering what level of service should be provided. Then Dan asked if they

    3-1) How is wireless handled at Housing?

    Dan Miller asked Charles if he turns off the 1 and 2Mbps service and Charles indicated that he did. He asked if Charles still had 5.5Mbps enabled and, again, Charles indicated that he did. Then Dan asked if they build out for base-level coverage for 802.11b or 802.11a and how they space out their APs.

    Charles said that at Maguire they have installed both 802.11b and 802.11g and they just installed the antennas for 802.11a. They have a three-year plan to not only install new APs, but also to upgrade the switches and add WiSMs. They decided to only install the 2.4GHz radios within those, realizing that they could add the 5.8GHz radio later if they wanted. Charles believes the 1252s they will be deploying are very well engineered. They are sturdy. They are flexible insofar as you can pull out the blank plate and put in another 5.8GHz radio. The antennas look like little biscuits on the ceiling. It is just a very nice design.

    They decided that if they had both radios going they would have to upgrade the power supplies within their switches--an additional expense. Consequently, they are proceeding in a stepped fashion and going with the b and g radios initially. They will either upgrade a daughter card on the blade or put on a new blade later to support 802.3af PoE. Then, maybe in the future they will upgrade their APs to support 802.11a. They are kind-of watching that at this point.

    Dan Miller summarized what Charles had said by saying that they build-out then for basic "b" coverage. Charles responded in the affirmative but added that he wished they could just do away with "b". Tom agreed saying that "b" stands for "bad".

    3-2) How is wireless handled at HSC?

    Tom Livoti mentioned that using 1252s involves a "double whammy". You have to put the 6-E Supervisor in an E box and then you have to buy their enhanced power. Charles responded that installing a bunch of power injectors can get pretty ugly, although they are doing those in the laundry rooms.

    Dan Miller asked Tom whether they build out for "a" coverage everywhere at the Health Center. Tom responded that they do not have "a" turned on at all currently. The Cisco 1242s are fine as far as PoE, as are the Cisco 1130s. Their wireless design was done by a firm from Georgia and was based on "b" coverage. Basically, they set up an AP and monitored the signal while moving away. As soon as it goes off full-scale you mark that location for another AP. They followed that rule and every once in a while they re-evaluate things as far as density. They increase density as needed. For example, with the library they are getting ready to add about 50% more APs to handle the load.

    Anything beyond "best effort" requires a large commitment from management

    Tom said it is a huge commitment to build out wireless so that it is anything more than "best effort". To build out past that point is extremely expensive. In some areas in new buildings that are going in they plan to have wireless IV pumps. That will be only on "a", but must be built out very densely at great cost. They will likely have 1000-1500 APs when all is said and done. The design has not been done yet, however, because it has to wait until everything else is in place. All sorts of things affect wireless coverage and AP placement cannot be properly estimated prior.

    There has to be a commitment from management to push wireless beyond "best effort" and, except in these special instances, Tom is not going to do that. He does apologize profusely when there are problems and if they find dead areas they often go in and backfill with additional APs.

    Wireless technology is evolving

    Tom added that wireless technology is continually evolving. For all he knows, in a few years we may get away from the 802.11 standard totally and move to cellular. He just doesn't know.

    Dan Miller asked Tom if as of today he had any real plans for 802.11a and Tom said that he did not. Tom also confirmed that he has 1 and 2 Mbps turned off and 5.5Mbps turned on. Dan asked if the backfill Tom had mentioned comes out of their central funding. Tom replied that it did; he asks for about $16,000 a year which buys them roughly 30 APs. They are still looking into whether or not they might be able to bill for wireless. This has come up because they have found a number of folks who have put wireless NICs in their desktops as a way of getting around the port charges. If this turned out to be widespread, they may have a case for charging.

    Wireless phone usage

    John Madey asked Tom if they had many wireless phones and Tom responded that they have about 50, with the Orthopedic Institute being the biggest user. They have clinics out there and the Physical Therapists use them. They had tried an experiment with using cordless phones connected via ATA's but that failed miserably. Tom also recommended eliminating 7911 phones as well if you can.

    Dan Miller said that he hoped we could have a longer wireless discussion in the future because CNS is looking at these issues--primarily in relation to high density areas.

    4) IFAS WAN SLO update

    Time was short, but Dan Miller mentioned that CNS is meeting with the ICC tomorrow to discuss the proposed IFAS WAN SLO document. An opt-out clause has been added. We may have more to report on that at a future meeting as well.

    Action Items

    1. Subscribe Dan Miller, ITAC-NI chair, to all other ITAC committee lists for collaboration purposes (still pending from previous meeting).


    Next Meeting

    The next regular meeting is tentatively scheduled for Thursday, May 14th.

last edited 13 April 2009 by Steve Lasley