Re: [WIRELESS-LAN] Apple Petition

[Hanset, Philippe C]

Neil et al.,

About the petition, I would like to provide two comments:
(sorry for the delay, I was enjoying a few days off in NYC... man what a city!)

1) l would propose not  to ask to support  in "enterprise networks" but in 
"Academic Environments".
    Though many of our networks are run like enterprise networks, we are unique 
in three ways for this petition:
   - We have one of the largest Apple Devices penetration one can imagine (as 
you mention already in the petition)
  - The vast majority of the devices on our networks do not belong to the 
enterprise but to users (we were doing BYOD
     before Wi-Fi existed)
   -Our users want to use every cool gadget that Apple can think of, the day of 
the release.

Apple persists in saying that they do not support "enterprise" deployments, but 
they do emphasize "education".
So, let's use the lingo to convince them to help us.

2) To introduce our demands, why not list our use cases first (I'll start by 
listing the two use cases that we have encountered so far, more can be listed)

e.g.:

Use case #1
-Our faculty insists on bringing AppleTV in conference rooms, but we run 
WPA2-enterprise and cannot support large Multicast domains
 This brings two problems:
 -The Apple TV cannot join our existing networks without using ugly network 
"detours" (we can temporally support a few exceptions but noting campus wide)
-Those Apple TVs cannot be controlled by i-devices, only the infrared remote 
control (and the password can be seen being typed by all members of the 
audience)

Use case #2
-Students want to operate Apple TVs in dormitories. Unlike private houses, our 
dormitories are run as large networks.
 As in use case #1 this generates 2 problems: join the network and control the 
device using "Bonjour".

This will make the petition a little longer, but can make the reader understand 
our challenges a little better.

Philippe

Philippe Hanset
University of Tennessee, Knoxville
www.eduroamus.org<http://www.eduroamus.org>



the current text of the petition :
We the undersigned academic and research institutions request that Apple 
provide support for Bonjour/Airplay technology in enterprise networks.



With an Apple client device penetration of 50% or more on the typical campus, 
this amounts to thousands of Apple client devices whose owners desire to use 
their Apple TV and other Bonjour/Airplay based devices in classrooms, 
conference rooms, and in other locations on standards-based, enterprise-secure 
networks.



Specifically, we request the following (in order of priority):



  *   That Apple establish a way for  Apple TV's (and other Bonjour/Airplay 
enabled devices) be accessible across multiple IPv4 and IPv6 sub-nets.
  *   That the Apple TV support Enterprise Wireless Encryption and 
Authentication (WPA2-Enterprise).
  *   That authentication to the Apple TV be able to utilize enterprise 
Authentication, Authorization, and Accounting (AAA) services.



Any enterprise Bonjour/Airplay solution needs to meet the following criteria:



  *   It must scale to 100's-1000's of Bonjour/Airplay enabled devices.
  *   It must work with wired and wireless networks from different vendors.
  *   It must not significantly negatively impact network traffic (wired and 
wireless).
  *   It must be easily manageable at scale.
  *   If it requires a separate hardware solution, that the solution must be 
enterprise grade (rack mountable, dual power supplies, etc.)
  *   It must be provided at a reasonable cost



Providing support for Boujour and Airplay Technologies on enterprise networks 
would benefit both our institutions and Apple by allowing Apple device owners 
the ability to use their devices as teaching and research aids, increasing the 
utility of and desirability of those devices.



We would be happy to collaborate with Apple in the development of enterprise 
support for these devices.



Thank you.

On Jul 10, 2012, at 8:17 PM, Johnson, Neil M wrote:

This is where I have been keeping the latest draft.

https://www.facebook.com/groups/enterpriseairplay/files/

-Neil

--
Neil Johnson
Network Engineer
The University of Iowa
Phone: 319 384-0938
Fax: 319 335-2951
Mobile: 319 540-2081
E-Mail: neil-john...@uiowa.edu<mailto:neil-john...@uiowa.edu>


From: Jesse Rink <jesse-r...@wi.rr.com<mailto:jesse-r...@wi.rr.com>>
Reply-To: The EDUCAUSE Wireless Issues Constituent Group Listserv 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Date: Tuesday, July 10, 2012 5:53 PM
To: 
"WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>" 
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>>
Subject: Re: [WIRELESS-LAN] Apple Petition

All this chat about the Apple Petition yet I don’t seem to find a link for it 
anywhere?  Did I miss this in past messages?  Can’t seem to locate anything..

Thanks
J


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Garry Peirce
Sent: Tuesday, July 10, 2012 10:16 AM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Apple Petition

I’m in support of the collective request to help enable further operational 
flexibility, although also not sure Apple will feel enough pressure to assist.

To the first item:  ‘That Apple establish a way for  Apple TV's (and other 
Bonjour/Airplay enabled devices) be accessible across multiple IPv4 and IPv6 
sub-nets.”
Isn’t this item solved to a degree by wide area DNS-SD?
If not, I assume this is left open to solve by either making it use a routable 
mcast addr or by creating some non-standard solution.

Controls will be needed to make sense of all the advertised services and 
possibly for security/privacy reasons.
I would think navigating a large Bonjour enabled subnet for a production 
service must be an ugly exercise - nevermind if enabled to pass L2 boundaries.
Who remembers those IPX service filtering ACLs?  Request #2 might soon follow 
to network vendors to be able to support Bonjour service filtering.

For production services, wide area DNS-SD seems a better tool to me, as opposed 
to using the wild west of zeroconf end device advertisements or some special 
hardware solution.  We’ve trialed it (static entries) for printing and it seems 
to work well.
This leverages our existing DNS infrastructure, allows for control of the 
advertised entries, and a uniform naming convention making it easier to 
identify the service.
One could also opt to block 224.0.0.251 altogether, if there is concern about 
unnecessary device traffic.

So in tandem to supporting this request, I’d also be interested in anyone’s 
recap of their wide area DNS-SD (WAB) environment, the services being 
advertised , how it is scaling, and any major stumbling blocks.


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Lee H Badman
Sent: Monday, July 09, 2012 4:00 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Apple Petition

Please consider this- as we get to the point where we have an agreed on 
document, say by this Friday, and we find an online petition site to use where 
individuals can "sign" on in whatever form that takes before we close the 
signing window and present it to Apple- are each one of us able to do so on 
behalf of our institutions or organizations? If you need to seek permission, 
now is the time. If a CIO or Director is the only one allowed to make such 
public-facing declarations on behalf of your school/or org, it would be good to 
start working the notion. Ideally, no one would overstep their position by 
jumping on this worthy endeavor.

Lee H. Badman
Wireless Architect/Network Engineer
Information Technology and Services
Adjunct Instructor, iSchool
Syracuse University
315 443-3003


From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]<mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]>On
 Behalf Of Andy Voelker
Sent: Monday, July 09, 2012 12:44 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Apple Petition

That confuses me as well.  It is obviously built in to many other iOS devices 
(iPod Touch, iPad) and has been for some time.  Why the change?  I suspect it 
just due to the GUI difference.  If so, that’s easily fixable.

-- Andy Voelker
Manager of Student Computing in the Technology Commons
WCU Staff Senator
Western Carolina University
Check the status of your IT requests at any time at http://help.wcu.edu/ !

From: The EDUCAUSE Wireless Issues Constituent Group Listserv 
[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]<mailto:[mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU]>On
 Behalf Of Voll, Toivo
Sent: Friday, July 06, 2012 1:28 PM
To: 
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU<mailto:WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU>
Subject: Re: [WIRELESS-LAN] Apple Petition

Also, for me, the lack of support for WPA2-Enterprise is a head-scratcher. If 
they go through the trouble of supporting the rest of the encryption schemes, 
and obviously support it on a bunch of their other products, why randomly leave 
it out of some products? I’d prioritize that a bit more, personally.

--
Toivo Voll
Network Engineer
Information Technology Communications
University of South Florida


********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.
********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.

********** Participation and subscription information for this EDUCAUSE 
Constituent Group discussion list can be found at 
http://www.educause.edu/groups/.



**********
Participation and subscription information for this EDUCAUSE Constituent Group 
discussion list can be found at http://www.educause.edu/groups/.