The IT University of Copenhagen has about two thousand users on their networks every day, and the need for reliable and robust Wi-Fi has never been greater. Thousands of users with multiple devices all expect smooth access to the network. Something that places very high demands on the security clearance of said users.
Written June 2018
Since the story was written Thomas Andersen has changed jobs. That, however, does not change the topicality of story or the IT University of Copenhagens approach.
At the same time, cyber-attacks are steadily becoming increasingly intelligent, better targeted, and more frequent. IT Executives around the world need to rely on products that are guaranteed to protect their organizations and are in accordance with strict guidelines and uniform standards for cybersecurity.
The IT University of Copenhagen is a busy workplace for staff and students. Every day, a few thousand users make their way through the iconic building, all needing effortless network access with both PC, smartphones, and tablets. Large amounts of data are up- and downloaded around the clock for communication, research and all the other fun we use the internet for. The question becomes, how do you ensure that the networks that everyone should have easy access to are simultaneously secured against virus attacks and hacking?
Thomas Andersen is a Network Architect at the IT University of Copenhagen. It is his responsibility to make sure that the network is both easy and safe to access. In order to achieve that, it is necessary to be able to identify who logs on to the networks. About a year ago, the university implemented a new network solution to create a secure networking platform at the university. Initially, he went for an open-source product, because it is cheaper. Unfortunately, it turned out that the only competent people to service the product were sitting in Canada and had to be flown to Denmark whenever their expertise was needed. The time difference made ordinary everyday communication difficult, and the situation posed significant implementation challenges.
Those experiences richer, the IT University of Copenhagen contacted Danoffice IT. The company is a premier specialist in relation to the market-leading HPE product portfolio and has broad experience and expertise when it comes to implementing the highly lauded Aruba product, ClearPass.
ClearPass is a so-called Network Access Control (NAC) product. Thomas was well acquainted with the solution, but initially decided against it. One reason was that he wanted an open-source product. Furthermore, the price was higher than the budget at could accommodate. However, that is not without reason, as highlighted by the independent advisor Gartner recently naming ClearPass as a market leader. Thanks to a new opportunity to buy through the Moderniseringsstyrelsen’s (The Danish Modernization Agency) agreement, the price was reduced significantly, making it possible to implement ClearPass, which, with five years on the market, is a much more mature product.
“ClearPass has been far easier to implement. Today, it is almost the exclusive solution for all user authentication. The implementation was considerably easier because the experts were closer at hand, and there is also much more information about the product,” Thomas explains. He feared that the product would be too rigid and difficult to modify because he often ends up having to adapt solutions to his IT environment. But it has become clear that ClearPass does not even need to be customized. It meets the needs of the university in its 'out of the box' state.
The conclusion is, not surprisingly, that although product and implementation investments were higher, the reliability payoff was greater and today ClearPass is used for the university’s entire wireless network. The implementation took approximately a week and has, among other benefits, led to the IT department saving time and lowering the risk of errors. “We are an organization where people move offices quite often. Previously, we had to move cables and constantly check and double-check that the users were properly connected and had the necessary access. It was all too easy for mistakes to occur and could, in the worst-case scenario, lead to an unauthorized user possibly gaining access to confidential data. With ClearPass, that risk is eliminated because it is all handled centrally, and we also save a lot of time that used to go towards networking and relocation,” Thomas explains. In other words, ClearPass is a necessary tool for security that lets the university ensure that every time someone logs on to the network, they are immediately identified and approved.
The IT University of Copenhagen is supported by the research network Eduroam, which all universities across the world are part of. Even before the students start at the IT University of Copenhagen, they are sent an email with a small file. The students download the file to their devices, and in the process are authorised by the Eduroam network, enabling quick online access anywhere in the world.
“If I enter another university anywhere, then Eduroam already knows me, and I am immediately secured access to the university's network and can easily get online and start working. We benefit from that authorization process here at the university as well,” Thomas explains.
The users at the IT University of Copenhagen do not notice any difference in the security clearance procedures after the implementation of ClearPass. The network runs smoothly, which always leads to happy and satisfied users. However, in terms of security, the NAC solution does wonders. “The NAC solution provides access to the network and can distribute information to other devices, such as a firewall. If a user was unfortunate enough to get a virus, the firewall will tell us who is logged in and who the user is, and we can take immediate action to minimize the damage,” Thomas says.
The solution also provides additional support to the university's help desk. If users have trouble getting online, support can determine the issue with the help of ClearPass.
The wireless networks of the future look different than the ones we use today. One of the main reasons is because the networks will be used for many more things than before. It's no longer just a channel for replying to emails and downloading files. Today, IP telephony, video surveillance, and scores of other things are connected to – and through – networks. Stable and secure internet access is essential for them to function.
With ClearPass, it is possible to assign specific devices to specific networks, thereby keeping devices that have nothing to do with each other, completely separate. For example, IP telephones can be connected to a network set up to handle IP telephony, while all other user traffic runs on another network. The same goes for surveillance cameras, alarm systems, etc.
The feature enables another convenient option. Instead of having to continually upgrade the network, ClearPass can limit the network speed and resources that specific applications such as YouTube, Facebook can access. Thereby, you can secure the necessary bandwidth for operating critical units and components of your IT infrastructure and not risk losing their capacity because someone is suing bandwidth to, for example, watch movies. The IT University has not had to rely on this feature just yet. Their IT infrastructure is, in fact, oversized in relation to the actual number of users, so there is no need to limit user behaviour.
Savvy readers will likely have considered that having multiple devices connected to the network increases the risk of viruses across the entire system. Furthermore, it is not yet possible to install antivirus software on all units, e.g. surveillance cameras and the like. ClearPass can detect if the behaviour of a specific device changes and will disconnect that device from the network to avoid attacks or inappropriate access.
The IT University (ITU) in Copenhagen, Denmark, was established in 1999 as the IT College. Today, ITU is one of the country’s most high-profile educational institutions offering bachelor's and master's degrees in many of the most popular IT disciplines.
The university is located in Ørestaden in an iconic white building with floating meeting rooms. In addition to the meeting rooms, the building is known for the "ITU Interactive Light Walls", which is a work of living light panels mounted on the walls. Initially, the text could be determined by the students. The panels are illuminated by LED’s with an expected lifetime of 100,000 operating hours.
Every year, ITU has more than 2,000 students and almost 800 employees all working in an international university environment, collaborating closely with businesses and universities around the world.
Please fill out this form and we will contact you!