Re: UT Austin Biennial Network Report

2017-10-03 Thread Green, William C 
 see on page 7 the Average Building Network Grade metric.  How is this grade 
determined?


It is a weighted average based on port density (not letting poor conditions in 
a few small buildings skew scores for the average user).

The individual building grades are generated by locally developed software, 
which surveys many factors (e.g., community arrived at standards, vendor 
support, code version, age, etc).  The following box link shows the grading 
criteria if anyone is interested (page 4).
  https://utexas.box.com/s/d9h94mexabeyr83oy4s4jn9eks9r4ezs

While we are proud of the tool and the transparency it creates, the tool is 
difficult and costly to maintain.  Just another cost of our federated 
environment.


--
William C. Green  e-mail:  
gr...@austin.utexas.edu
Director, Networking and Telecommunications   phone:   +1 512-475-9295
ITS (Information Technology Services) fax: +1 512-471-2449
University of Texas
1 University Station Stop C3800
Austin, TX  78712

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: UT Austin Biennial Network Report

2017-09-28 Thread Green, William C 

Can you provide any additional information as to why the use of eduroam is 
prohibited?
Regarding local campus use, it was an opinion by university legal counsel— I 
have nothing more add.  (and this is not a listserv for legal experts)

I can comment on security for UT Austin’s use of eduroam elsewhere, and that 
would be an appropriate conversation for this list.  It is related to how our 
university has implemented credentials and wireless authentication that may not 
apply at many other institutions.

1)  Wireless at UT Austin may only be accessed via 802.1x at present, and the 
only EAP method supported is PEAPv0/EAP-MSCHAPv2.  MSCHAPv2 has 
vulnerabilities.  As long as the RADIUS infrastructure is operated securely by 
the university, we do not believe this is much of an exposure.  eduroam, 
however, is a confederation of thousands of RADIUS servers, none of which are 
operated by the university.  We think some of those could be compromised, 
providing access to exploit MSCHAPv2 weaknesses.

2)  The credential is same one used for “consistent sign-on” for almost all 
university services.  Additional factors are being added to a number of 
services, but compromise of the single credential would still be very bad.

3)  We know about alternative EAP methods, such as certificates.  It is a tool 
we would like for other use cases and benefits.  But that has not be 
prioritized for resources to date (please insert long-tail time and money here).

4)  It has been our experience that PEAPv0/EAP-MSCHAPv2 is the path of least 
resistance on the most popular platforms.  A different credential or 
alternative EAP methods for regular campus use would create too much friction 
when connecting (your campus may be different).  Yes, we are aware of current 
on-boarding products — and we use some of them.  At some point the security 
environment may change (it usually does) tipping in favor of other methods.  
Along the way native OS support may improve for other methods obviating need 
for an on-boarding step by our community (wouldn’t that be swell), or 
on-boarding tools may become better and less cumbersome.



-William

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

Re: UT Austin Biennial Network Report

2017-09-25 Thread Richard Nedwich 
Hi William,

This report is insanely great!  Is this a private URL, or would you allow us to 
share?

Best,
Rich

**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/discuss.

RE: UT Austin Biennial Network Report

2015-09-18 Thread trent . hurt 
Thanks for the awesome insight into your network.  I have a question about this 
statement...

“The 5GHz spectrum has experienced problems.  In fall of 2014, ITS had to 
reduce the number of channels utilized due to FCC-mandated radar avoidance 
mechanisms in our vendor’s equipment.  This halved the available channels, and 
required us to reduce channel bandwidth for 802.11n/ac from 40MHz to 20MHz 
(reducing both capacity and speed).  End users noticed and commented on the 
speed reduction (which had not been anticipated).  New software this fall may 
allow ITS to re-enable 40MHz channels."


Is this related to all the various dfs bugs in the cisco wifi code?  I have 
heard and read about others fighting false dfs events and I'm seeing dfs issues 
as well with various code versions.

-Original Message-
From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Green, William C
Sent: Thursday, September 17, 2015 7:30 PM
To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU
Subject: [WIRELESS-LAN] FYI: UT Austin Biennial Network Report

Below is UT Austin's biennial network report.  I encourage others to provide 
their operational reports for everyone’s benefit.




https://urldefense.proofpoint.com/v2/url?u=https-3A__utexas.box.com_s_hh3lplbqoca66th2v820ougkmkexmx5v=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=XLigqItalEUeEaGAicCEZFLcdLkY0hmPRc_Jvv9TIoE=a0AAHc8bvr95wgORH5TSZVsu9KDCjLaTXi8XwQKB6Kg=
 







--

William C. Green  e-mail:  gr...@austin.utexas.edu

Director, Networking and Telecommunications   phone:   +1 512-475-9295

ITS (Information Technology Services) fax: +1 512-471-2449

University of Texas

1 University Station Stop C3800

Austin, TX  78712













**

Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at 
https://urldefense.proofpoint.com/v2/url?u=http-3A__www.educause.edu_groups_=AwIGaQ=SgMrq23dbjbGX6e0ZsSHgEZX6A4IAf1SO3AJ2bNrHlk=rtlMYUF4nwLIYnoG0qXTf9aFc5RLK7DMyf8lTMu__vs=XLigqItalEUeEaGAicCEZFLcdLkY0hmPRc_Jvv9TIoE=V6VK1iHLZAhZEM-G57kmDU-10DpEjm5r4R7-8qRytRc=
 .




**
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.