Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 | 3 | 4
68 posts

Master Geek
+1 received by user: 5

Subscriber

  Reply # 719421 19-Nov-2012 11:49 Send private message

blackjack17: The school I work at has finally got UFB and so now we are looking at putting wireless through the school so students can access internet through personal devices (tablets, smart phones and laptops).  We have four common areas plus an arts and dance area where we would want access to wifi (a total of 6 areas).

We don't need any security as we go through watchdog and we are far enough from any business/homes that they are unlikely to be able to connect (and even if they do the school is not concerned about bandwidth).

I have been told from the IT guy that New Era is quoting $3000 per access point.

My question is couldn't we just put a good quality wireless router in each area ($100-$200) each, it is unlikely that we would have more than 20 students access via an access point at any one time.  If this works we could start extending it into some of the classrooms and for the price of one access point from New Era we could have most of the school connected.

Thoughts?


$3000 is likely getting you extra distance, security, better management of multiple users on the one device and dont forget warranty then the $200 option

Maybe run a test with one of the $200 access points and see what problems, if any, crop up before rolling out to the whole school

My 2 cents



293 posts

Ultimate Geek
+1 received by user: 34


  Reply # 719426 19-Nov-2012 12:06 Send private message

Dav4122:
blackjack17: The school I work at has finally got UFB and so now we are looking at putting wireless through the school so students can access internet through personal devices (tablets, smart phones and laptops).  We have four common areas plus an arts and dance area where we would want access to wifi (a total of 6 areas).

We don't need any security as we go through watchdog and we are far enough from any business/homes that they are unlikely to be able to connect (and even if they do the school is not concerned about bandwidth).

I have been told from the IT guy that New Era is quoting $3000 per access point.

My question is couldn't we just put a good quality wireless router in each area ($100-$200) each, it is unlikely that we would have more than 20 students access via an access point at any one time.  If this works we could start extending it into some of the classrooms and for the price of one access point from New Era we could have most of the school connected.

Thoughts?


$3000 is likely getting you extra distance, security, better management of multiple users on the one device and dont forget warranty then the $200 option

Maybe run a test with one of the $200 access points and see what problems, if any, crop up before rolling out to the whole school

My 2 cents


This is what I was thinking, I just wanted to get the opinion of those more knowledge than I.  And I am glad i did.  I hadn't considered the interception aspect of security, only the unwanted users.

104 posts

Master Geek
+1 received by user: 14


  Reply # 719436 19-Nov-2012 12:24 Send private message

blackjack17: if we did encrypt it we would have to provide 800 students with the password, which would mean the password would stay within the school for about 2 minutes.


WPA2-Enterprise. Each user has their own password (do they have their own school email address now?)

It really sounds like both you AND the IT guy are in way over your heads. You need to do it right or it will be a disaster.

And +1 on the Unifi APs, I love them.

2030 posts

Uber Geek
+1 received by user: 333

Subscriber

  Reply # 719437 19-Nov-2012 12:25 Send private message

We recently just did a school with Unifi's and the results have been great. It was quite a simple set up for us as most of the security had been taken care of already. Also the school has been treated by the SNUP so had fully manageable Allied Telesis switches which are just awesome to work on.
The AP's broadcast two SSID's.
One SSID kept everyone on the school's domain meaning only devices on the domain can be used and had a basic WPA2 key and then domain authentication was required.
Second SSID was the 'BYOD' network just for teachers to use phones and the like. Basic WPA2 key but kept the devices off the school's domain in a separate VLAN. Absolutely no access from the BYOD network to the school's domain is allowed.

It was fairly small with around 15 access points but the other company who was quoting for it put in a price of something like $14k whereas we did it for under $5k with ease. I think some companies just see 'school' and whack 10k on the price thinking there is an endless pit of money to be spent.



293 posts

Ultimate Geek
+1 received by user: 34


  Reply # 719440 19-Nov-2012 12:31 Send private message

MattR:
blackjack17: if we did encrypt it we would have to provide 800 students with the password, which would mean the password would stay within the school for about 2 minutes.


WPA2-Enterprise. Each user has their own password (do they have their own school email address now?)

It really sounds like both you AND the IT guy are in way over your heads. You need to do it right or it will be a disaster.

And +1 on the Unifi APs, I love them.


I know I am in over my head but you have to start some where and drowning is a good motivator. 

Don't get me started with school email addresses

Hawkes Bay
8481 posts

Uber Geek
+1 received by user: 3

Mod Emeritus
Trusted
Subscriber

  Reply # 719441 19-Nov-2012 12:32 Send private message

Entirely possible to do what you want with consumer grade gear, for probably under $1500 for the whole school. However the management and reporting becomes a sad mixture of none-to-f-all, and one day the proverbial will make it's way to the nearest fan at substantial velocity, and the school will simply be unable to tell:

Who slurped 100GB in a day when the ISP calls to say they noticed unusual usage.
Why 100% of available bandwidth is constantly being use when you call to say the net won't work.
Who proxied into torrent/porn/pedo sites with an encrypted connection when the Feds come knocking.

Just three of many possible scenarios.

These things are not so bad to deal with in a home or small business scenario, but when trying to educate children, it just isn't good enough.

If similar shortcuts were proposed in my childs school any part of the curriculum, road safety, field trips, supervision on camps, network safety and infrastructure, building codes, handling of hazardous materials in science classes, sunhat policy, etc, I would be extremely unhappy.

P.S. Don't count on children to keep their passwords private either. All security policies should be designed around the fact that childrens passwords are basically unobscured cleartext... (I have IT-Managed a college fulltime, and I have children of my own too...).




Visit http://www.thecloud.net.nz for New Zealand based Hosted Exchange, Virtual Servers, Web Hosting, FTP Backup & more.
(1GB free FTP storage, or larger plans from $5.75)
 
 - Setup your own mailserver at home on Ubuntu Server - full step by step howto here.
 - Have you seen this: Nathan "KFC4LIFE" Dunn.


Hawkes Bay
8481 posts

Uber Geek
+1 received by user: 3

Mod Emeritus
Trusted
Subscriber

  Reply # 719445 19-Nov-2012 12:38 Send private message

By the way, although there looks like a bit of negativity in many of the replies here, rest assured you are being given quality advice by some very knowledgable people, and the fact that people are willing to share reasonably detailed opinions with you is a good thing.

If actual text seems terse, thats just a product of typed characters. Everyone here wants to see you with a successful solution.

:-)




Visit http://www.thecloud.net.nz for New Zealand based Hosted Exchange, Virtual Servers, Web Hosting, FTP Backup & more.
(1GB free FTP storage, or larger plans from $5.75)
 
 - Setup your own mailserver at home on Ubuntu Server - full step by step howto here.
 - Have you seen this: Nathan "KFC4LIFE" Dunn.


2216 posts

Uber Geek
+1 received by user: 223

Subscriber

  Reply # 719486 19-Nov-2012 13:26 Send private message

I have sent you a PM.

For the discussion:

The big issue with domestic APs is the number of connected clients at a time is limited (more than 16 and you will have issues).

Also, in a school, you will want seamless handovers between APs and some sort of redundancy. The unifies are a good product, but there are other out there also. You certainly don't need to be spending $3K per classroom for an AP, but I suspect that price does include a lot more than just the box.

1545 posts

Uber Geek
+1 received by user: 38

Trusted

  Reply # 719487 19-Nov-2012 13:30 Send private message

Does your school have a forefront box?

If this is the case you could use this for your authentication (AD Logins) and force the use of a proxy to connect to the internet?

You would of course still need a Separate VLAN to prevent accessing network drives / servers

BDFL
49938 posts

Uber Geek
+1 received by user: 4624

Administrator
Trusted
Geekzone
Subscriber

  Reply # 719495 19-Nov-2012 13:40 Send private message

tonyhughes: By the way, although there looks like a bit of negativity in many of the replies here, rest assured you are being given quality advice by some very knowledgable people, and the fact that people are willing to share reasonably detailed opinions with you is a good thing.

If actual text seems terse, thats just a product of typed characters. Everyone here wants to see you with a successful solution.

:-)


This. Please read all the replies are advice or wishes for you to do well.








293 posts

Ultimate Geek
+1 received by user: 34


  Reply # 719534 19-Nov-2012 14:52 Send private message

freitasm:
tonyhughes: By the way, although there looks like a bit of negativity in many of the replies here, rest assured you are being given quality advice by some very knowledgable people, and the fact that people are willing to share reasonably detailed opinions with you is a good thing.

If actual text seems terse, thats just a product of typed characters. Everyone here wants to see you with a successful solution.

:-)


This. Please read all the replies are advice or wishes for you to do well.




I am aware of this and thank you all.

There has been a lot of very useful information here and things I hadn't considered. 

I tend to have an
idea- implement the idea (at lowest cost possible) - and then try to fix/improve what went wrong
rather than
idea, develop idea, investigate idea troubleshoot idea and only then implement idea

851 posts

Ultimate Geek
+1 received by user: 305


  Reply # 719535 19-Nov-2012 14:53 Send private message

This is a common complaint - why do I have to pay for something that my home router does for nothing?

As has been stated already there is a massive gap between the cheap rubbish in your home dsl router and a commercial grade access point.

Things like throughput, manageability, support, warranties are all worlds apart. Number and type of radios vary greatly.

Schools will also tend to be client-dense. A classroom could conceivably have 30+ laptops in it. Any consumer AP will choke and die. No question.

You could even go with a wireless controller and dump APs - all centrally managed, interchangeable APs, automatic provisioning.

I have seen Unifi done really well in campus environments, but sales support is pretty average in NZ. How long does it take to get spares? 

If you are considering running an open, unencrypted wireless network at a school you are opening yourself up to a world of pain, especially if you considering offering internet access. Students are the most hostile and aggressive user group you will ever have to support and they will find ways to abuse anything you give them. That's why it is important to secure everything - not necessarily to stop it being used but to prove that you exercised due diligence and can possibly assist with an audit trail.

WPA-Enterprise using EAP-TLS and Client Certificates is easy to do with domain joined laptops (Staff). Students will normally have individual AD accounts - they can authenticate with that. Enterprise Grade APs will do client isolation, so that student A can't talk to student B. Why would you want that? Are you happy for students to be swapping porn/playing games?

Good on you for asking for advice, might I suggest you talk with the person quoting you the solution?



332 posts

Ultimate Geek
+1 received by user: 54


  Reply # 719536 19-Nov-2012 14:57 Send private message

tonyhughes: Entirely possible to do what you want with consumer grade gear, for probably under $1500 for the whole school. However the management and reporting becomes a sad mixture of none-to-f-all, and one day the proverbial will make it's way to the nearest fan at substantial velocity, and the school will simply be unable to tell:

Who slurped 100GB in a day when the ISP calls to say they noticed unusual usage.
Why 100% of available bandwidth is constantly being use when you call to say the net won't work.
Who proxied into torrent/porn/pedo sites with an encrypted connection when the Feds come knocking.

Just three of many possible scenarios.

These things are not so bad to deal with in a home or small business scenario, but when trying to educate children, it just isn't good enough.

If similar shortcuts were proposed in my childs school any part of the curriculum, road safety, field trips, supervision on camps, network safety and infrastructure, building codes, handling of hazardous materials in science classes, sunhat policy, etc, I would be extremely unhappy.

P.S. Don't count on children to keep their passwords private either. All security policies should be designed around the fact that childrens passwords are basically unobscured cleartext... (I have IT-Managed a college fulltime, and I have children of my own too...).


I'd call the "get a bunch of cheap routers, chuck openwrt on them, play some clever tricks with linux" solution a grad student solution, because it's what you'd get if you got a talented student with no money and a pile of gear.

It is possible to set something like this up, and have it do a good job with decent security and reporting.  However, it will be probably be quite difficult for anyone else to maintain unless it's extremely well documented -- and whoever else maintains it will need a similar skill level to the person who built it.  Such are the disadvantages of roll-your-own solutions.

Having said this I deployed a temporary network like this at a weekend event (400+ people) I was recently at, because I'd offered to help with IT and the local IT company that set something up did a fairly poor job.  It worked fine.  I'd do it again, if I was onsite the whole time and I was donating my time and my pile of old routers for the weekend.  But I wouldn't recommend it for a school.

I've heard good things about the Ubiquiti UniFi gear but I haven't used it myself.  They won't cost you much more than a pile of hacked routers, and they'll do as good a job.  And will be easier for the next person who comes along to fix.

Questions you should find out the answers to:
  • What sort of firewall/router does the school have for its internet connection at the moment?
  • What are its capabilities?
  • What's the school's existing cabling and network switch infrastructure like?
  • Are there ethernet ports everywhere you would want WiFi coverage?
  • Do they go all the way back to a central comms room?
  • What sort of network switches do you already have?
  • Are they managed or "dumb"?
  • Do they support VLANs and 802.1q tagging?

Hawkes Bay
8481 posts

Uber Geek
+1 received by user: 3

Mod Emeritus
Trusted
Subscriber

  Reply # 719537 19-Nov-2012 15:01 Send private message

Something that is often taken for granted is the concept of throughput (as per wasabi2k et al), a router listed as 100Mbps/Fast Ethernet, at the consumer grade is probably going to do a number of things for you, but to give you 100Mbps throughput is not one of them.

Anyone connected downstream of such a device is going to have a poor 100Mbps UFB experience, but that is probably not going to convince the controller of the budget to rip out something 'that works' to put better gear in, because 'we already have UFB, now we have WiFi, and you are STILL complaining about it going to slow'.

Then UFB/school/RSP/Chorus gets a bad rep amongst students, parents, other schools or businesses through anecdotal stories.




Visit http://www.thecloud.net.nz for New Zealand based Hosted Exchange, Virtual Servers, Web Hosting, FTP Backup & more.
(1GB free FTP storage, or larger plans from $5.75)
 
 - Setup your own mailserver at home on Ubuntu Server - full step by step howto here.
 - Have you seen this: Nathan "KFC4LIFE" Dunn.


104 posts

Master Geek
+1 received by user: 14


  Reply # 719544 19-Nov-2012 15:16 Send private message

wasabi2k: I have seen Unifi done really well in campus environments, but sales support is pretty average in NZ. How long does it take to get spares?


I get them next day from gowifi, but they're cheap enough to have some spares on-site.

1 | 2 | 3 | 4
View this topic in a long page with up to 500 replies per page Create new topic




Twitter »
Follow us to receive Twitter updates when new discussions are posted in our forums:



Follow us to receive Twitter updates when news items and blogs are posted in our frontpage:



Follow us to receive Twitter updates when tech item prices are listed in our price comparison site:





Trending now »

Hot discussions in our forums right now:

Speed limit when overtaking? Teach me please.
Created by nakedmolerat, last reply by Hobchild on 26-Oct-2014 00:11 (92 replies)
Pages... 5 6 7


House Auctions
Created by t0ny, last reply by Elpie on 26-Oct-2014 00:54 (45 replies)
Pages... 2 3


VDSL, which router/modem sub $200?
Created by TeaLeaf, last reply by NonprayingMantis on 25-Oct-2014 19:48 (28 replies)
Pages... 2


Neon - Sky's new streaming service
Created by JarrodM, last reply by JimmyH on 25-Oct-2014 17:37 (29 replies)
Pages... 2


iPad Air 2 and iPad Mini 3. Gonna get one?
Created by Dingbatt, last reply by tungsten on 25-Oct-2014 20:22 (115 replies)
Pages... 6 7 8


5Ghz AP recommendations?
Created by ubergeeknz, last reply by sbiddle on 24-Oct-2014 12:42 (12 replies)

Snap have failed our company!
Created by dafman, last reply by kornflake on 23-Oct-2014 17:41 (37 replies)
Pages... 2 3


Thief taunts 12 year old via stolen laptop
Created by macuser, last reply by charsleysa on 22-Oct-2014 23:49 (12 replies)


Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.

Alternatively, you can receive a daily email with Geekzone updates.