Big Wi-Fi network in Australia uses open-source

Computerworld Australia - SYDNEY -- If securely deploying 10,000 wireless access points across 1,700 locations in five months to create what may be one of the largest enterprise Wi-Fi network sounds like a challenge, Victoria's Department of Education (DET) in Australia took it all in stride.

With 540,000 students, 42,000 teachers, more than 200,000 computers, and 40,000 notebooks spread across the 1,700 sites, the department last year allocated $4.8 million to implement a wireless network aimed at easing connectivity, but at first its technology options were limited.

During a presentation at this year's wireless summit in Sydney yesterday, the department's head of ICT security, Loris Meadows, spoke of how the Wireless Networks in Schools (WINS) project required a custom proxy and security services appliance dubbed "EduPass" to be engineered due to the WAN's complexity.

"At the heart of the systems is EduPass. We had an aging fleet of proxy servers and needed to roll out 1,700 of them, so we saw a good opportunity to add proxy to radius," Meadows said. "We looked at best-of-breed open-source solutions like Smoothwall, Freeradius and Openssl; we have our own kernel based on Red Hat Linux and did a lot of development."

After a tender process, Cisco Systems Inc. was chosen as the access point vendor in a deal that nearly fell through, Meadows said, because the "networking giant" was reluctant to accept the DET's advice and changes.

"We had a real battle and eventually got Cisco to change its default factory settings," Meadows said. "The access points shipped from the factory with 802.1x authentication and 1,024-bit encryption, and it cannot be set back to default."

Meadows said there was a significant level of "lengthy discussions" with Cisco to get it to disable the reset button, which was a requirement to avoid the settings being undone by 350 school technicians.

"This was a world first to get Cisco to change IOS [and] the deal would have been almost off if they hadn't," she said.

DET also delivered another lesson during the development of EduPass when the vendor proffered its own management appliance to do the job.

"Cisco was going to be the central management box, but it couldn't do NAT traversal and we NAT up to six times, so the device could not cope," Meadows said. "It was two hours programming on our part" against $22,400 worth of appliances from the vendor.

With the EduPass design and development done, the 1,700 Linux and AMD-based "black boxes" are now running in the Victoria school sytem. Meadows said the project may be one of the largest unified enterprise wireless networks in the world.