Connect Banner
current issue
Wireless Computing

Roaming into the Future

The Ever-Evolving NYURoam Wireless Network

By Carlo Cernivani

When NYU's Information Technology Services (ITS) embarked on a new generation of data networking by launching the first version of the NYURoam wireless network in 2003, we were confident that wireless networking would be embraced by the NYU community. We predicted that it would evolve from a merely "interesting" way to access NYU-NET resources and the Internet into a service that functioned as an integral part of day-to-day work and studies here at the University.

As anticipated, demand for the NYURoam service has increased steadily since the service's inception. Keeping pace with the demand, ITS has enabled wireless access at an ever-increasing number of locations around the Washington Square campus, and at quite a few off-campus locations, including at the NYU College of Dentistry facilities and the NYU campus in Florence, Italy (and soon at NYU's facilities in London). Several buildings at the Square are now at least 90% enabled with NYURoam coverage, including the Kimmel Center, Bobst Library, Warren Weaver Hall, 19 University Place, 194 Mercer Street, and Furman Hall. We conservatively estimate that NYURoam now provides over 2,000,000 square feet of wireless network coverage. (A complete list of NYURoam's coverage areas is available at www.nyu.edu/its/wireless/locations/.)

We can quantify the remarkable growth of NYURoam in a variety of ways. Whereas, in its early years, the amount of traffic on the network used to measure on the order of a few hundred gigabytes each month, we recently exceeded eight terabytes (8.5 TB in March 2007, to be exact). The installation of additional wireless access points (APs) to augment our coverage also continues at a steady pace. ITS currently manages more than 900 APs, and we anticipate reaching the 1,000 AP mark in fall 2007. In the fall semester of 2004, just over 6,000 individuals signed onto NYURoam; by the fall semester of 2005, that figure had risen to just over 10,000, and by fall 2006 the number of sign-ons had grown to over 16,000.

By virtually every measure, the service has grown in both scope and use, including the number of wireless users, the service's coverage area, data throughput, and bandwidth utilization. Even with this evidence of the NYURoam service's success, however, there is always room for further improvement and expansion. Until recently, the NYURoam network had three known shortcomings:

1. Guest Access

Many visitors to the University show up with a WiFi-enabled device and the desire or need to gain access to the Internet on campus. Until recently, ITS was forced to manually set up "guest networks" in specific locations on a per-event or per-visit basis. Clearly, this was not a scalable solution for a University as large as NYU, and a network as expansive as NYURoam.

2. PDA Access

PDAs and handheld devices have long been somewhat neglected in the wireless arena. Until recently, NYURoam's security-centric access methods limited the ability of many people with PDAs and handheld devices to use the service. Access to the network via PDA was not a fully ITS-supported service, and was only available to those whose PDAs had a LEAP (Lightweight Extensible Authentication Protocol) security client or commercial VPN (Virtual Private Network) software.

3. Access for IEEE 802.1x Authenticated Windows Computers

An authentication and encryption method based on the IEEE 802.1x security standard1 for Windows computers was initially unavailable to people using NYURoam, and was subsequently limited by the need to significantly update the NYURoam infrastructure. This forced people with non-Cisco Windows WiFi clients to use proprietary VPN software to both authenticate and secure their wireless connections. Although ITS made this VPN software available free of charge to the NYU community, it still presented a distribution challenge and some operational issues for these people.

To address the aforementioned shortcomings, ITS recently added the following networks to NYURoam.

nyuguest

The new "nyuguest" network provides campus-wide access at all NYURoam coverage locations for all visitors to the University. This scalable new service can handle individuals and group events, such as seminars, conferences, and vendor fairs. Unlike NYURoam's other wireless networks, which have a different security model in place, access to nyuguest is controlled by security gateway devices (Cisco Clean Access servers).

No special security software needs to be running on a visitor's computer to use nyuguest; all visitors need is an 802.11b or 802.11g WiFi-enabled computer or PDA, any web browser, and a temporary guest account to authenticate onto the service. Information on how to request a guest account and connect to nyuguest is available on the NYURoam website at www.nyu.edu/its/wireless/guest/.

nyupda

The new "nyupda" network provides access for all WiFi-enabled Windows CE and Palm OS handheld devices. Like nyuguest, this service utilizes the Cisco Clean Access servers, and the connection process is identical. A valid NYU NetID is required in order to authenticate onto the network (for this reason nyuguest accounts will not work on the nyupda network; guests should use the nyuguest network instead). See www.nyu.edu/its/wireless/pda/ for instructions on using nyupda.

nyu

The new "nyu" network is perhaps the most exciting of the recent NYURoam developments. It provides one convenient method of access to the NYURoam network for nearly all laptop computers (see the NYURoam website for details: www.nyu.edu/its/wireless/requirements/), and offers a variety of enhancements, described below.

Setting up your laptop to use the new nyu network is quick and easy, as described at www.nyu.edu/its/wireless/configure/. ITS encourages all community members with eligible computers to switch to the nyu network. Nonetheless, the NYU-ROAM1, NYU-ROAM2 & NYU-ROAM3 networks that the NYU community has been using in the past to connect to NYURoam will remain operational for the foreseeable future, easing this transition.

Following are some of the key enhancements offered by the nyu network:

  • Windows computer owners will no longer need to use a VPN client to authenticate and encrypt their wireless data.
  • The nyu network supports both the IEEE WPA and the IEEE WPA2 (802.11i) security standards. (Note that the WPA2 standard employs the Advanced Encryption Standard (AES), providing the most secure data encryption available. If your computer supports WPA2 you are encouraged to use the nyu network and leverage the strong security model it provides.)
  • Windows owners will enjoy the benefit of a "one-time sign-on." Once you've configured your laptop properly and signed onto the nyu network for the first time, you won't have to enter your NYU NetID and password again (until it's time to change the password you use with your NetID, when you'll be prompted to sign in with the new password). Whenever you are in range of the nyu network, your Windows computer will automatically sign you in, thus providing seamless, immediate NYURoam access.
  • Apple computer owners with AirPort Extreme wireless cards who make the switch to the nyu network will benefit from the enhanced security it offers.

As an additional improvement, ITS is currently in the latter stages of an effort to outfit all of the existing NYURoam wireless access points (APs) with IEEE 802.11a standard, 5 GHz radios. As of early April 2007, approximately 75% of our APs have been updated; in the near future, we'll have enabled these new radios throughout the entire NYURoam network. These updated APs are functionally identical to the existing 802.11b/g radios, supporting all of the same networks and access methodologies, but offer multiple technical benefits, including the possibility of better radio performance, since they use a less congested radio frequency than the more popular 802.11b/g technology. Please refer to the NYURoam website (www.nyu.edu/its/wireless/) for updates on the 802.11a service rollout.

The NYURoam wireless network has undergone a significant evolution over the past four years, but we here at ITS—and those in the networking industry in general—believe that we're still in the early days of wireless data networking and wireless services. This technology offers seemingly boundless possibilities, and ITS will continue to dedicate itself to bringing the improvements that emerge to the NYU community.

Footnotes

  1. For information about the IEEE security standards, see www.ieee802.org/11/ or http://en.wikipedia.org/wiki/IEEE_802.11.

Author Biographies

Carlo Cernivani is a Senior Project Manager at ITS Communications and Computing Services and manages the NYURoam wireless network.