Open Secure Networking - The University of Nottingham Approach
October 2010 by Marc Jacob
Khipu Networks, one of the UK’s security-focused systems integrators, announce that The University of Nottingham, a leading Russell Group University, with campuses in the UK and Asia, has completed the roll out of its remote registration service for student, guest and conference users. This enables the student and guest population to access the University network instantly without compromising security, improving both the users experience and efficiency of IT support staff.
With over 8500 users automatically registered in less than one week (September 2010) and 20% pre-registering for the service prior to arriving, this has made it the most successful intake to date. Students were registered, scanned and accessing the network with very little or no intervention from IT support, significantly reducing their work load at a traditionally very busy period. The success has resulted in Khipu being awarded the contract to deploy the solution to their Ningbo Campus in China.
With the growth of the student halls of residence network and the increasing requirement for a secure and audited guest access service, the University reviewed a number of methods and solutions that would one, ensure different types of users and their devices, can connect to the wired or wireless network securely and easily, and two, do this in such a way that it will actually reduce the support usually needed by IT teams, especially during the start of term and Summer conferences.
After reviewing the available options to achieve this, the University engaged with Khipu Networks, who had implemented the Adaptive Network Security solution ‘Bradford Campus Manager’ onto its 9,000 student Halls of Residence (SNS) network.
“As we have been using the solution since 2005, we reviewed our requirements with Khipu and identified early on, that with its new licensing structure and latest feature set, it would meet our short and long term requirements for extending access to our campus network. Enabling our students to go through our process before they arrive at the University will significantly improve their experience when they arrive at the start of term and reduce even further our IT support overheads”. Chris Parry, Head of Systems and Security.
During spring 2010, Khipu worked with the University’s team and expanded the Adaptive Network Security offering. The University can now provide the following services to its students, staff and visitors.
Student Remote Registration – June 2010; Integrated with the University’s on-line registration system, this enables students to register and scan their devices during the vacation periods. If their device fails the ‘client-less’ posture check, a link is provided to download the appropriate software and get up to date with Anti-Virus / Anti-Spyware applications, OS updates etc. Once successfully passing the check, the Bradford system will automatically provide the users with network access when they arrive at the University. With around 20% (1500) of their student population ’pre-registering’ using this service, has made the enhancement a huge success.
“We are constantly reviewing ways enhancing security without affecting the users’ experience on our networks. The quicker our students can get on line, the quicker they can access resources and feel like they are using their home broadband service. The remote registration service will not only improve the overall experience for the students and our IT support team, it will also encourage our user base to keep their devices up to date with the appropriate security protection”. Darren Wheatcroft, Senior Systems Developer
Guest Access Service – June 2010; Implemented across the University’s wired and wireless network, this enables the University to provide a secure self “auto” provisioning guest access service, enabling guests to create their own username and passwords, and be scanned by the system capturing full details of their device for auditing purposes. By combining both wired and wireless, it allows conference delegates to roam between seminar halls and their accommodation, all controlled by a single system. As part of this project, a remote registration service has also been implemented to help manage large conferences during the summer vacation periods.
“Our aim is to extend network services across the entire campus, however in doing that, we must ensure that it is secure and auditable, easy to manage and is simple for users to connect their devices to the network. The new guest access service provides all of this and has enabled us to extend access to all sites across the University in a very short timescale”. Darren Wheatcroft, Senior Systems Developer
Student Network Services; Introduced back in November 2005 and continually developed and expanded to manage the University’s student halls of residence network. This ensures that all student network devices are registered, authenticated and scanned for compliance with minimal interaction from the University’s IT support helpdesk. The University is also now providing an optional service for students to download a software agent, that will provide pro-active posture checking without the affecting the students’ network experience. This has the additional benefit of instant communication with the students informing them of key events such as network downtime, emergencies and other useful information.
Campus Wide Visibility; With their systems implemented in ‘Visibility’ mode, the University can provide a full detailed inventory of every device connected on its network, providing a platform to expand security and network access.
Following the student return period in September, the University has future plans to extend the Khipu solution set to its large 15,000 port campus network to enable greater flexibility and security to its users and departments, integrating with its other security systems such as Network Behaviour Analysis (Lancope Stealthwatch) technology.
"The flexibility of our solution has enabled us to review many of the University’s short and long term requirements for network security. Our close working relationship with their teams has made the complete roll out of the solution a great success, giving us a model that can be replicated to many other Institutions”. Matt Ashman, Director, Khipu Networks.