Moving Harvard Wireless forward

June 15, 2018

Harvard Wireless has been available to the Harvard community for over a decade. In recent years, as wireless has been more integral to our daily lives and expectations have risen accordingly, users have voiced concerns around the coverage, capacity, and availability the Harvard Wireless service managed by HUIT. In response to these long-standing concerns, HUIT senior leadership designated the implementation of a comprehensive wireless improvement strategy as an FY18 Top 5 goal. This decision brought the attention, energy, and organization necessary to move Harvard Wireless forward.

In the months leading up to FY18, HUIT ITS (Infrastructure Technology Service) completed a vendor selection process that resulted in a displacement of the incumbent network access vendor, the provider of network switches and wireless access points, in favor of HPe/Aruba. This change, the first time the vendor relationship had been re-evaluated in over 20 years, resulted in immediate benefits to HUIT and the Harvard Community. The first was a sizable reduction in the hardware and software licensing costs associated with the purchase of every network access device. The Harvard network is large – with nearly 7000 wireless access points and 1500 network switches – so this savings adds up quickly!  Secondly, and separate from the financial considerations, is the HUIT ITS vision of using user identity, role, and group affiliations rather than IP addresses to define network access policies. This is a vision that HPe/Aruba shares as part of its “Mobile First Architecture” and includes ClearPass, a platform for authenticating users and authorizing against role-based access controls.

HUIT ITS implemented ClearPass across Harvard Wireless in June 2018, the first of many improvements to follow over the coming year. ClearPass replaced two redundant, home-grown network authentication tools (Autoreg and registration.noc) for the majority of areas served by Harvard Wireless. The new system, branded GetOnline, provided a much improved on-boarding experience to users and a significantly reduced maintenance burden for HUIT ITS.

To most effectively address coverage issues, the team prioritized areas of campus susceptible to poor wireless service - particularly some of the aging student housing - securing immediate funding to triage the locations most affected and developed a long-term remediation plan ready for implementation.    

Assorted technical changes to the infrastructure that provides wireless services have been made over the last year.  These changes have brought Harvard Wireless configurations in-line with vendor best practice, reduced complexity, and increased supportability. Systemic issues with the “Harvard Secure” wireless network, which have long impacted the user experience and adoption of secure wireless, have been solved.

While there is still much more to be done, the work of the past year has yielded promising results. The last six months have seen no major incident declarations, a sustained drop in incidents reported via ServiceNow, and anecdotal reports of improvement from service desks around campus. Over the past year, usage of secure wireless has doubled - from ~30% of total usage to ~60%. To put this accomplishment into perspective, it took 12 years to reach 30% adoption and only 12 months to double that!  

Moving forward several areas of improvement are being targeted as part of the comprehensive strategy developed in FY18. These include a focus on using data to drive decisions around prioritization and coverage improvements. These data will be sourced from wireless devices through a “wireless reporter” mobile app now in development and from better use of the data already provided by wireless management tools already in use by ITS.   

Outdoor wireless coverage, currently only available in Harvard Yard, will expand to include other areas of campus where community members travel or congregate. These locations will be prioritized based on community input and through the data-driven processes described above.

Finally, the remaining user experience issues with secure wireless will be addressed through a move to a more secure and user-friendly secure wireless protocol. This protocol, known as EAP-TLS, utilizes digital certificates (similar to those used to authenticate SSL-protected websites) instead of HarvardKey username and password to authenticate users. This allows for a single certificate to be installed once for the lifetime of a device and eliminates the need for a user to re-enter their password after resetting a HarvardKey, all without impacting existing Harvard Wireless users.

The road ahead for Harvard Wireless is one of continuous improvement, with an end goal of a more robust and available service that is more responsive to community feedback.  We welcome you to reach out to us at netmanager@harvard.edu!