back to article Universities teach us a thing or two about BYOD

Our Regcast of 13 June, BYOD Beyond the Noise, focused on the infrastructure you build to accommodate the consumerisation of IT. Trevor Kelly and Andy Cooper, our studio guests from HP, pointed out that universities are one group of institutions that know how to do BYOD (bring your own device) well. In the past 10 years …

COMMENTS

This topic is closed for new posts.
  1. EddieD

    Swings and roundabouts...

    Having the backend of the Metropolitan Area Networks and JANET means that we are spared a lot of the network hassles most folk see. It means we have a surfeit of IPv4 addresses (two B class blocks iirc), so even fewer hassles.

    OTOH, the students who BTOD then demand I install all the software they would be using on their devices, and refuse to accept that it's not legal.

    They then decide that I'm repsonsible for fixing things when they torrent a dodgy copy of Photoshop and get hit by the Zero Access toolkit or other malware....

    ...which they then pass on to each other and every one else by sharing thumbdrives, and I then have 20 machines to disinfect.

    all of which means I have more work to do than if they used our devices.

    On the other hand, the alternative is working somewhere else and actually having to work...

    1. Miek
      Linux

      Re: Swings and roundabouts...

      "...which they then pass on to each other and every one else by sharing thumbdrives, and I then have 20 machines to disinfect." EddieD, we made it a policy to only actually put effort into fixing machine's where the user has taken reasonable precautions to protect their devices. In the case of Windows, if they haven't updated their AV (or if they haven't installed any) we pack them off to a Computer Shop to have it fixed at their expense. The Students were basically abusing us and we put a stop to it. We no longer see knackered laptops that students drop in at the end of term expecting a full re-install, backup and a one day turn around with absolutely no thank you at all. We have also forced all Academics, Graduates and Undergraduates through Eduroam so they are no risk to our mission critical infrastructure and they enjoy the benefit of single sign on internet connectivity worldwide.

      Edit: Great article btw

      1. EddieD

        Re: Swings and roundabouts...

        That's my policy too*, but when a grade 9+ academic insists it is my problem, I don't have a right of refusal. Nor do I when the same academics ask as a favour that I look after their RA/Supervisee/Blue eyed boy.

        *Actually my policy is to blink, say "you've messed up your machine and it's /my/ problem? How does that work?" I then offer to fix the machine - I wipe it and apply a standard image. I'm not expecting promotion

        1. DavCrav

          Re: Swings and roundabouts...

          "That's my policy too*, but when a grade 9+ academic insists it is my problem, I don't have a right of refusal."

          Damn. I'm only a grade 8. Does that mean I get told to feck off?

        2. Miek
          Linux

          Re: Swings and roundabouts...

          Yeah, we get the demanding types too, we just increase the lead time of the problem to be fixed based on the degree of an asshole that the person is, we also reduce the amount of fixing that "we are able to achieve". Further more, we can also point at support documents provided on-line that they can go away and follow, after all Academics should be able to follow simple instructions (with pictures), surely?

        3. Miek
          Linux

          Re: Swings and roundabouts...

          "I wipe it and apply a standard image. I'm not expecting promotion" -- Ah the infamous 'PC World' approach, a nice touch.

    2. keithpeter Silver badge
      Childcatcher

      Re: Swings and roundabouts...

      "On the other hand, the alternative is working somewhere else and actually having to work..."

      How about RDP session to University provided desktop?

      Appropriate policies (the one I use in a Further Education College allows drag and drop of text between device OS and the session window, but no direct file exchange)?

      All they would need on their own device is an RDP client. Only your properly licenced software can be used in the session, and their course work related data stays on your servers. The latter works well for our students some of whom might lose their head if it wasn't securely attached to body.

      I remember accessing such a desktop at Sheffield Uni years ago (Citrix, modems).

      PS: Note to editor/article author: Universities are usually referred to as higher education in UK.

      1. RoboJ1M
        Linux

        Re: Swings and roundabouts...

        Cost perhaps?

        Each RDP session requires a CAL on your windows server.

        Last time I looked there were no open source RDP servers or Citrix servers.

        Also last time I was at uni and everybody I know who works in educational IT departments use Linux based servers.

        VNC perhaps? It's pretty awful though, even on a LAN.

        1. keithpeter Silver badge
          Linux

          Re: Swings and roundabouts...

          "Each RDP session requires a CAL on your windows server."

          I suspect we are getting it cheap as part of education deal &c. Certainly pushed heavily to students and staff as preferred remote access method, and the only way you get to use your own device on College network.

        2. Vince

          Re: Swings and roundabouts...

          Yeah a few pence per CAL.

          A few quid per processor

          It's next to sod all for educational types.

        3. Pookietoo
          Linux

          Re: no open source RDP servers

          xrdp has been around for a while, looks like it might be quite usable now.

        4. cbf123

          vnc not that bad

          I regularly VNC in to machines 3000km away. There's some lag, but it's acceptable (and *way* better than poorly-written native X applications).

        5. h3

          Re: Swings and roundabouts...

          The proper X11rdp server works quite well now - clipboard sharing works - fast as a normal rdp session (Not the one that just uses Xvnc that is easy to package). It is a bit annoying to build but it works quite well. (If my job required it then I think I could get something up and running quite reasonably it was much easier before it started using Xorg with autotools. imake is easier to deal with for something like this).

        6. Anonymous Coward
          Anonymous Coward

          Re: Swings and roundabouts...

          I was quite impressed with SPICE last time I tried it. I had a KVM virtual machine running on my desktop with ADSL at home (guest was Windows XP Pro), accessing it via a 3G link and VPN, it felt like the VM was local.

          I had clipboard sharing, sound, the works.

        7. Tom 13

          Re: Cost perhaps?

          Can only speak to the US, but over here schools including universities and 501(c)3s get MS software at what is essentially cost plus what a grocer would regard as a normal markup instead of the typical IP monopoly rate businesses are charged. I imagine it would be similar elsewhere.

  2. Anonymous Coward
    Anonymous Coward

    Good article. Would be interested to see an article or articles about multi device (e.g droid, ios,osx etc) integration into AD or $managment system, using something like centrify or similar.

  3. Anonymous Coward
    Anonymous Coward

    and there end'th the lesson on why most business IT departments HATE BYOD and why we don't do it!

  4. ukaudiophile
    Mushroom

    Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students who take out massive loans and cost me, the tax payer, the better part of £100K for their higher education each, who take out loans which are only paid back once they earn over a certain amount of money.

    This mob then expect me to pay to maintain their broken IT crap, whinge incessantly when they can't stream the latest episode of Big Brother, and who have no real SLA demands other than cheap access to beer at the student union bar, yet this is still meant to be some example to business IT?

    Add to this the fact that they're poncing around studying media studies or humanities, which no employer in the known world who has to actually make money is interested in, they spend 3 years passing around viruses (both computer and STD's), then leave to go work part time for a minimum wage in a supermarket, or if the likely grade is really bad, the girls get themselves pregnant and live off the state for the next 16 years.

    Somehow, I really don't see the commercially relevant example here!

    1. Brenda McViking
      Trollface

      Poor you

      Students have never paid more for the higher education than they do now. The tax payer is steadily reducing the available subsidies to higher education, and has been for decades.

      Student with a broken laptop? good like trying to get it repaired without shelling out for it yourself. That's the beauty of BYOD - the device is the users problem. Bandwidth? Yeah, the university pays for it through a combination of corporate R&D money and student fees, and the taxpayer benefits from the enormous pipes that university institutions have laid between them (and a few taxpayer subsidies implied - good use of money IMHO).

      I wouldn't pass too much blame onto the media studies students either - they pay 9 grand same as I would if I was studying engineering. My labs and full week of lectures cost considerably more than their space in the library and their 5 hours contact time a week. I think if you look at the books, they're paying the subsidies to train engineers and doctors - you know, these people that you and society has come to take for granted.

      The commercially relevant example is that BYOD is done, and done well at universities. Yeah, sysadmins have a hell of a lot more work making their systems hardened and solving new IT problems that BYOD introduces- that's why they are paid to do what they do. For the time being, executives in industry listen to their scare stories of viruses and pen drives being open gateways to the pirates in the East who will steal all IP they can get their hands on (i'm not arguing that these are false threats), but the world is changing, and corporations will have to start tackling this problem head on.

      I never said it was going to be easy - but times are changing. I've often heard that brand new graduates are often the cause of the most major security breaches at corporations. When that is happening, it's time to up your game. Restrictions that work with your current employees do NOT work with my generation, we've had years in school to learn how to circumvent filters to do what we want, and to use our IT for our purposes efficiently. IT security is generally not something we take seriously, but that is your problem to solve.

      And seriously, when corporate suppliers websites don't support IE6 anymore, don't you think that archaic IT is holding you back? I've got adobe acrobat reader 4 installed here, it can't open half the pdfs I throw at it. It's getting to the point where I can either obey IT policy or I can do my job, but not both. Tell me again how BYOD isn't relevant in the corporate future? It'll be keeping job security for reg readers at an all time high for the next decade if you ask me...

      1. ukaudiophile
        Flame

        Re: Poor you

        "Students have never paid more for the higher education than they do now. The tax payer is steadily reducing the available subsidies to higher education, and has been for decades."

        So essentially students have been freeloading off the tax payer for years and now you're upset because you're asked to take resposibility for what you cost the country (which is made up of tax payers who fund it's continued operation). The tax payer subsidy does not need reducing, it needs removing completely, and students should take responsibility for their education, like companies and individuals have to in the private sector.

        "Bandwidth? Yeah, the university pays for it through a combination of corporate R&D money and student fees, and the taxpayer benefits from the enormous pipes that university institutions have laid between them (and a few taxpayer subsidies implied - good use of money IMHO)."

        No, we don't benefit, the pipes are part of JANET (again paid for by the tax payer), if you want a truly good use of tax payer subsidies, try superfast broadband for 100% of the UK, in case you've not noticed the roll out is being slowed down to consumers by the massive investment required by the private sector. I don't see the benefit to me from the high bandwidth JANET network.

        "I wouldn't pass too much blame onto the media studies students either - they pay 9 grand same as I would if I was studying engineering. My labs and full week of lectures cost considerably more than their space in the library and their 5 hours contact time a week. I think if you look at the books, they're paying the subsidies to train engineers and doctors - you know, these people that you and society has come to take for granted."

        Yes, and exactly what does a media studies graduate do for a living, I can't think of a valid use for one of them, and if they can't be found ause for, the loan doesn't get paid back and that costs the country. As far as taking engineers and doctors for granted..you're joking, I pay via tax and NI for the doctors in this country, and I work with 30+ engineers at one of the sites I look after and have respect for their field and their education, they actually do produce something valid - a profit for the company employing them!

        "For the time being, executives in industry listen to their scare stories of viruses and pen drives being open gateways to the pirates in the East who will steal all IP they can get their hands on (i'm not arguing that these are false threats), but the world is changing, and corporations will have to start tackling this problem head on."

        These are not scare stories as anone with 20+ years experience in running and securing systems will tell you. the recent PRISM scandal should tell you all you need to know, and if you don't see the relevance, then it proves you've never had to be accountable for IP and data protection in the real World.

        " I've often heard that brand new graduates are often the cause of the most major security breaches at corporations. When that is happening, it's time to up your game."

        Wrong, it's time for you to grow up and learn to follow corporate IT policy, you're paid to do a job according to company rules, learn how to do it or there is a P45 in your near future.

        "Restrictions that work with your current employees do NOT work with my generation, we've had years in school to learn how to circumvent filters to do what we want, and to use our IT for our purposes efficiently. IT security is generally not something we take seriously, but that is your problem to solve"

        No, you follow the restriction or you don't have a job, employees do not dictate policy, you learn to work within it or you're shown the door. If you don't like it, a job on the checkout a Morrisons beckons.

        "It's getting to the point where I can either obey IT policy or I can do my job, but not both"

        When you actually have had a few real jobs with resposibility, and you have experience, come back and start talking with some facts under your belt. I have 25 years under my belt and given the attitude of people like you, many more to come!

    2. DavCrav

      "Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students who take out massive loans and cost me, the tax payer, the better part of £100K for their higher education each, who take out loans which are only paid back once they earn over a certain amount of money.

      This mob then expect me to pay to maintain their broken IT crap, whinge incessantly when they can't stream the latest episode of Big Brother, and who have no real SLA demands other than cheap access to beer at the student union bar, yet this is still meant to be some example to business IT?"

      By the sound of it you work in a university, so aren't you not in fact a taxpayer after all, but just one of the people scrounging off the state, albeit doing work for it, like students (sometimes) are?

      (I personally don't think that, but if you start throwing around "bloody students costing the tax payer a fortune" and then your job is paid for by the tax payer, and wouldn't exist without said students, well...)

      (Apologies if you don't work in a university. But if you don't, you are wrong to write misleading things. Ha, I win either way!)

      1. ukaudiophile

        "(Apologies if you don't work in a university. But if you don't, you are wrong to write misleading things. Ha, I win either way!)"

        I don't work in a university, never have, never will! As for writing misleading things, another writer here commented on the expectations of students to fix their broken IT by the University IT dept. As for the cost to the tax payer, who do you think ultimately pays for all this? It comes from corporation tax and tax paid by people working in this country. Both entities are tax payers. All I ask is this, does my tax deliver acceptable ROI to me? I don't see what the money spent on Universities does for me, or for the companies which I work for. Given the higher education budget for the Uk, the return seems poor. BYOD seems an extravagance we cannot afford, students should be todl what to buy and what is supported, it's up to them to supply compliant equipment which are to IT policy of the Universities, this would be more efficient and economical. I really don't see the problem other than a bunch of spoilt students wanting to do what they want at my expense.

        1. Phil W

          It's quite amusing and also annoying to see people ranting about how much of their tax money goes to paying for UK Universities an their IT provision without the slightest clue as to what the actual answer is.

          Since the advent of the student paid tuition fees going to £6-9k a year, the larger proportion of most Universities funds these days do not come from tax payers via government funds, but directly from students via their tuition and accommodation fees*, not to mention the fact that most Universities operate other commercial elements such as professional qualification training, business incubation centers and the leasing of space to private conferences.

          Overseas students also provide a good income to Universities, whose attendance is entirely funded by themselves or overseas organisations.

          @DavCrav I'm rather puzzled by your statement "By the sound of it you work in a university, so aren't you not in fact a taxpayer after all, but just one of the people scrounging off the state".

          As an employ at a Higher Education institution I pay taxes and national insurance just like anyone in the private sector, at the same rates as everyone else.

          In what way does my sector of employment make me "not in fact a taxpayer after all"?

          *Admittedly this is usually fund the students acquire through the goverment owned Student Loans Company.

    3. Miek
      Linux

      "Basically this article explains where my tax money is going, into providing high bandwidth torrent access for a bunch of students" -- We block all Bittorrent connections.

  5. Anonymous Coward
    Devil

    Security deserves more attention.

    I know I'm cynical here, but the last thing you want as an administrator in an "educational facility" such as a school or Uni is students who bring their own stuff to connect to your own network.

    Because although the theory behind it all sounds very nice and fluffy, the dirty truth of the matter is that no other semi-commercial network environment will suffer from more direct and internal attacks than a school network. This isn't bad mouthing the students, and I'm also not exaggerating; it's merely a given. Anyone who has worked in this field for a while knows this.

    So I think the article goes over the enrolment process a little bit too easy. Commonly speaking you don't want to give students direct access to the main school network, enrolment or not.

    Note that I'm not claiming that providing easier Internet access or a "student network" which allows students to, well, use their own stuff is a bad idea. However; in these scenario's you're talking about sections which have been carefully locked down in order to clearly sever any ties between these "outer networks" and the schools own network facility.

    But most certainly not an environment where a teacher puts some presentation in his own home or working directory to be used in a class room and right after storing it can be accessed by the rest of the school.

    1. DavCrav

      Re: Security deserves more attention.

      "Because although the theory behind it all sounds very nice and fluffy, the dirty truth of the matter is that no other semi-commercial network environment will suffer from more direct and internal attacks than a school network. This isn't bad mouthing the students, and I'm also not exaggerating; it's merely a given. Anyone who has worked in this field for a while knows this."

      Never mind this. Think of the staff. Without BYOD, universities wouldn't work. Full stop. There's not a single academic I know who works a standard 9-5, and if they did, the system would collapse, because it's predicated on about 20+ hours of unpaid overtime being standard for university lecturers. Without BYOD, home access, etc., lecturers wouldn't be able to put in the overtime necessary to make the system work.

      1. Phil W

        Re: Security deserves more attention.

        "Without BYOD, home access, etc., lecturers wouldn't be able to put in the overtime necessary to make the system work."

        Not sure about that. In most UK Universities the academic staff get any devices they need for their work provided to them, so BYOD isn't necessary.

        Remote access isn't strictly necessary either, but I admit it does make working a lot easier.

        1. Intractable Potsherd

          Re: Security deserves more attention. @Phil W

          "In most UK Universities the academic staff get any devices they need for their work provided to them, so BYOD isn't necessary."

          I don't know where you get this idea from. Of the many jobs I've had in universities (lecturing and research), only one supplied me with a laptop for the work (which I was more than happy to use, even though it was a bottom-of-the-range Toshiba laptop). All the rest required (and still require) my own IT provision.

          I'm intrigued what those who advocate a supplied-IT approach in universities would like to see? The only other option is to supply thousands of staff and students every year with standard equipment, creating a huge inventory and attendant stock-taking and replacement cycles. Alternatively, are you advocating that all students/staff must only use local desktops, (which shows you don't have a grasp on how learning works these days - distance-learning is a fact, guys and gals)? My current university is some 400 miles from where I live, and I need to be able to work when I'm not actually at my (non-existent) desk. So, seriously - what is your answer?

          1. ukaudiophile

            Re: Security deserves more attention. @Phil W

            Intractable Potsherd:

            You hit the nail right on the head, distance learning is a fact, it works, it's results are as good as any fixed university, and it's cost effective, so why are we paying for all of these university buildings and students accommodation when they could stay at home studying, have lectures delivered via webcasts and if they need to speak to the actual lecturer, they can speak via video conference applications like Skype. You could house the actual teaching staff in an anonymous office building on an estate and get rid of many of those costly university buildings and extra staff to run them. Big savings all round! Now the only university facilities you need are for those with highly specialised equipment in the fields of research (and even then much of that could probably be virtualised) whilst the purely academic courses such as maths don't really need any specialised equipment, so need no space on a university campus.

            Meanwhile we could remove the high costs of the intangible courses (such as your humanities, arts and others which have no tangible return or use) and just have those vanity courses taught on line in an efficient manner, the reduction in building and staffing would make the whole cost of the vanity courses affordable to those who were interested and remove another burden from the tax payer.

            1. Intractable Potsherd

              Re: Security deserves more attention. @ukaudiophile

              I didn't downvote you, but you are are half-right, and half-wrong. Distance learning works for *some* people. Having the option is important.

              I can never agree with you that "humanities, arts and others ... have no tangible return or use). Learning is valuable in and of itself. You seem to be one of those that think history (for example) is a pointless subject, whereas, say, engineering isn't. I'd say that you let your prejudice get in the way of clear thinking. That doesn't mean to say that I think the current policy of channelling thousands of people into university courses is necessarily good, but I think that people should have access to education (broadly defined) throughout their lives.

              However, remember that universities do not only teach - there is a vast amount of research going on, and so premises must be available.

  6. Matthew 3

    Eduroam is an amazing achievement and it's nice to see it getting some well-deserved kudos.

    1. Michael H.F. Wilkinson Silver badge
      Thumb Up

      Eduroam is very nice indeed. It is very handy for me to have internet access in the universities I visit.

    2. A Non e-mouse Silver badge
      Thumb Up

      Eduroam is marvellous. It's got so big that Universities that don't have it are considered pariahs. Turn up, open laptop, start working. Wonderful.

    3. Anonymous Coward
      Anonymous Coward

      Eduroam is great: I just wish it was easier to configure on Windows. Fortunately, you don't have to do it often !

      1. ukgnome

        Eduroam is easy to set up on windows as most universities use a simple executable that does the whole set up and join to network for you.

  7. Michael H.F. Wilkinson Silver badge
    Mushroom

    Alternatively

    People bring their own devices because those provided are not up to scratch.

  8. John H Woods Silver badge

    Does this really count as BYOD?

    To me, BYOD implied a requirement to run a Standard Operating Environment. If you are 'just' allowing network access and possibly web-based applications, surely it's only half the problem?

    My company, I think, would expect its employees to have an SOE with Lotus Notes, Microsoft Office, our selection of anti-malware tools, particular VPN clients and so on - including a few options based on role (e.g. Visio). Furthermore, there would be full disk encryption, in the expectation that documents and other assests you create for the company have to stay in corporate controlled storage. Getting that working on a bunch of different devices that the staff might choose is a completely different kettle of fish to just giving them network access and the URLs for a few server-side apps.

    1. Peter Gathercole Silver badge

      Re: Does this really count as BYOD? @John H

      If you look at large corporate BYOD programs, one of the conditions is often that you surrender a lot of control of your own device. This normally means purchasing hardware from a list, installing company supplied tools like VPN, encryption and AV, and also surrender some control (have additional administrator accounts created). Certainly challenges the idea of it being your device.

      What most Universities do is to have an open(ish) student network (or, in fact, many of them, often firewalled from each other and the main University campus network), together with a portal or gateway on each that allows them restricted access to the central file servers and other facilities of the core University networks. In addition, there is firewalled access to the Internet.

      I don't see why that model cannot be used by business. It keeps your core network safe, while providing much of the access that is required by the user.

      My kids were always told that it was their responsibility to make sure that their systems were adequately secured, and the only assistance given by the collage was to perform standalone virus scans. If the system failed the scan, they were offered one of the free AV packages, and told to either install and run it, or get someone to do it for them. Their machines/accounts were blacklisted until it had been proved to be virus free.

  9. ukgnome

    BYOD at university does have it's own issues. I should know as I worked for a Uni and it used to drive me a little bit mad. I had to be able to configure anything and everything. The only positive that came out of it was I had exposure to every kind of device that you can think of, from spoofing pages so that you can join your Kindle to the network to more mobiles than you can think of. The only issues we every had was cloned \ fake macbooks from China, as well as a couple of hacked imported phones. I did become somewhat adept at virus and malware removal as students will click and link, as well as the staffers. The one thing that I will say is that the network bods and the server chaps totally earn their cash, because the sheer amount of spam / malware / virus / etc is huge, and the systems never did get compromised.

  10. syk0

    Security???

    How is the security on this type of network? Is every device required to install specific software before being allowed to connect? How are malware loaded devices contained? How are private data protected? If you rely only on the client device to provide protection then you're only as strong as your weakest link ... Or am I missing something? Students share credentials ( have them stolen ) and universities are some of the greatest environments for testing out social engineering experiments. It would be great to see how they provide all of this protection!?

    1. Peter Gathercole Silver badge

      Re: Security???

      You're missing the fact that these are not single networks, but networks of networks, with fenced links between them, and at arms length from the core University networks. The only really complex part is the distributed user authentication that allows access to the core systems.

      It really is a case of divide and conquer.

      1. Glen Turner 666

        Re: Security???

        "the University core networks" -- no. The learning and research facilities are the core network. It's the administration networks which are non-core. That's the essential mindset difference between university and business computing.

        The same is true of applications. You break some Oracle thingie used by administtration, that's bad news. You break e-mail across the university, you're fired.

        At universities BYOD is simply fact. It's not a "strategy" open to debate. Even non-IT staff will have a laptop, a tablet and a phone and will expect equivalent access to resources from all of them. The university may or may not own all of those devices. Students definately don't want the uni to provide their IT -- although if the uni can arrange a hefty discount on a MacBook Air they'd be grateful.

        The idea that you can limit access to administrative systems to a subset of platforms isn't a goer either. Just the other day I checked a student's recorded test mark from my phone (connected via Eduroam), whilst the student and I were discussing their progress. Business would call this "responsive customer service" and the more you tighten down the access to the admin systems the less responsive the staff can be.

  11. A Non e-mouse Silver badge

    I moved from the private sector to working in education. The change was one heck of a shock. In the private sector we had complete device lock down, massive firewalls, and the ability to get people fired for not following the BOFH IT rules.

    In education, you have the complete opposite. No device lockdown. Any device (Windows, Mac, Linux, iOS, Android, Palm, *BSD, etc.) There were few firewalls (my desktop machine has a public IP address !) And no control over the users - "Academic freedom" (well, except Students ;-) )

    At first you think this is just plain crazy and it can't work. But you soon "get it" and it all works quite well. Yes, it does take a little bit more work to make sure your systems are secure and usable across all platforms, but once you've done it once or twice, you get the hang of it.

    It is a very different mindset, and I can see why corporate IT chiefs are against it all. But you have to keep on asking the question: Is IT here to serve the users, or the users to serve IT ?

    1. Anonymous Coward
      Anonymous Coward

      "There were few firewalls (my desktop machine has a public IP address !)"

      huh? just because you have a public IP address it doesn't usually equate to not having a firewall. I dont know of any UK universities that dont have a firewall....most of them are just a lot more 'permissive' than the typical corporate lockdown (academic freedom et al!) - don't confuse a NAT'd network with security - the world will also learn THAT lesson when they (like the higher educational establishments who have been using IPv6 for the past decade) start using IPv6 more generally.

      1. A Non e-mouse Silver badge

        just because you have a public IP address it doesn't usually equate to not having a firewall. I dont know of any UK universities that dont have a firewall

        We start coming into semantics here. (I'm not criticising - just clarifying) Some people think a firewall is something like a deep packet inspection device (think Checkpoint, maybe Cisco ASA) For others, a simple TCP/UDP packet filter is a firewall.

        At my place, the "firewall" is a small access list that blocks just a few ports (e.g. 23, 143, etc). Other than those few blocked ports, I can run pretty much anything on my machine. (and frequently do !)

  12. Anonymous Coward
    Anonymous Coward

    Why is BYOD scary?

    Seriously, I don't really get the big deal.

    Providing sufficient network infrastructure is relatively simple- chuck a few wifi base stations about over campus with fibre or CAT6 connections between them.

    But your services- whether they're file sharing, printing, media streaming, whatever- all these should be secured serverside anyway.

    Access to it should be controlled as though one was connecting from the Internet, treating every single connection as suspect until you have verification that it is not. Unfiltered internet available to anyone who connects, wired or wireless (for clients), with a VPN link required to actually access the actual network assets. This also gives you a worldwide campus.

    But this should ALREADY be how it is. Far too often have I visited a Client's offices and connected to their WLAN- only to find that I can now see just about everything! At a previous employer the way they hid their most precious IP was to have everyone work from different drive letter assignments. Seriously, their security was hoping you didn't type //[secret-server]/[secret folder] into the Address bar. In a multibillion-dollar company.

    Even if they have secured their wireless, many a company will have a wired LAN that is again absolutely wide open.

    So from what I can see, BYOD is ONLY an issue for half-arsed IT types or those who are Manager-ed into half-arsedness. And, with BYOD whispered in the right ears in the right way, that manager can be worked around- be honest, it's something everyone would like.

    1. Anonymous Coward
      Anonymous Coward

      Re: Why is BYOD scary?

      "Manager-ed into half-arsedness"

      Priceless.

    2. Anonymous Coward
      Anonymous Coward

      Re: Why is BYOD scary?

      "...chuck a few wifi base stations about over campus with fibre or CAT6 connections between them."

      oh really? you are aware that most of the larger UK Universities have AP counts in the low thousands (yes, thousands) - all needing to be driven by gigabit switching and resilient backhaul links across the campus/buildings (and streets in cities).

      but the rest is correct. yes, the user is known...they've authenticated to the wireless using 802.1X (and not just WEP/PSK or using captive portal) - but so what? what state is the machine in. if you have posture checking/NAC then you given them more access. students on a student network segment/VLAN(s), staff on another.... visitors using eduroam go on a totally different network that yes, does have internet access with firewalling but is off the main campus network so all users go through same external access policies if they want to talk to any local servers/networks. I think a lot of corporate networks are very dumb and flat and maybe the view of a real network isnt seen in many places.

  13. Pascal Monett Silver badge

    Interesting article

    The University environment is indeed taxing, and its IT is fascinating, although most of what transits on a University network hardly counts as "work".

    So, could we have an example like this about a bank ?

    No ?

    Thought so.

    1. Anonymous Coward
      Anonymous Coward

      Re: Interesting article

      " although most of what transits on a University network hardly counts as "work"." - yep. and thats one of the challenges to be dealt with. ensuring that people have the right access (or right level of access) to services whilst also keeping those services and their soft underbelly protected from other systems.

  14. Kevin Maciunas

    This stuff isn't as simple as people think - scale gets you

    "Providing sufficient network infrastructure is relatively simple- chuck a few wifi base stations about over campus with fibre or CAT6 connections between them."

    Not quite that easy, actually... Our IT people discovered the joys of thinking that way! When you have lecture theatres that accomodate 200-300 people, each with at least one wifi device (mobile phone + laptop/iPad/whatever) and someone does an in-lecture quiz - the instantaneous load on the wifi infrastructure tends to kill it. You have the entire class attempting to do "something" quite literally at the same time. Just getting enough basestations in there to hang onto 300+ simultaneous associations is hard enough...

    The systems engineering exercise is actually quite interesting.

    Likewise the Eduroam network. I'm fully authenticated on the network at the institution I'm visiting. That is a whole lot different from a VPN tunnel. When I'm off this campus and I decide to print a document - I really *do* want to print on the printer in the office I'm in, rather than the one in *my* office! That kind of thing. Of course, in the non-academic world there isn't a need for (or possibility of) ad-hoc open access to things when visiting other sites not owned by your company - so the solution is probably only applicable in the Edu/Science sector - but it is a very effective and useful thing.

  15. Anonymous Coward
    Anonymous Coward

    I think the BYOD piece is inevitable in any place, however it all depends on the application.. for example if someone asked me to design a BYOD network at our place (lets face it, BYOD is going to be isolated to some degree - somehow, so lets call it a 'seperate network')

    Delivering Internet access and streaming media wouldnt concern me 'too' much.. PVLANS, Access Lists whatever, but stop devices talking to each other.. (ie multiplayer games knowing our lot!), and then allow access to said gateway or proxy server(s)..

    The issues in our organisation would be then compliance.. do we have a regulatory or other compliance reason to log and authenticate users so we know who browsed what? - Thats not the warm fluffy BYOD network that the managers want.. (and in reality they only want it because they are the only ones that can get the company to buy) and then realise that they cant plug them in..

    As for retaining our PCI compliance but people still want to BYOD.. erm.. NO! I couldnt give a flying fck about the end user experience... Someone summed it up perfectly before, users bring their own device because the provided ones arent fit for purpose!

    BYOD has a place in every business, just not every area within the business - It can be made to work but may not be as easy as the management want it to be.. Time will tell!

  16. Robert E A Harvey
    Headmaster

    Eduroam, and similar

    I have always been impressed by the quality of Eduroam, and in an earlier life Janet, and all the other academic networks: look at the volumes of data that astronomers share, with apparent ease.

    I suspect that the reason is management. The institutions are clearly in the hands of the academics, and the IT people are clearly expected to provide a working system.

    Compare that to the commercial world, for example $MEGACORP type working, where IT has been outsourced to the likes of ATOS, and they have no understanding of who is the tail and who is the dog. Getting anything fixed or done is all but impossible.

    Now look at government: government computing fails because the people who think they are in charge have not the faintest idea of what they want to do, and even less of how it may be done, so the people selling them systems can get away with murder.

    Congratulations to the academic world for running things properly, I say!

    1. Matthew 3

      Re: Eduroam, and similar

      "I suspect that the reason is management. The institutions are clearly in the hands of the academics, and the IT people are clearly expected to provide a working system"

      You're right that it's down to how it's managed but it's primarily because most academics respect the skills and experience of their IT staff just as we're expected to respect their knowledge in their field.

      Out in the corporate world IT is seen only as a cost that reduces profit margins, rather than a crucial part of the infrastructure.

      1. Intractable Potsherd

        Re: Eduroam, and similar @Matthew 3

        "... most academics respect the skills and experience of their IT staff ..."

        Well, true in many cases. Personally, the IT folk are high on my list of people (departmental and central) to make acquaintance with within the first week in a new place - partly because I enjoy the company of techies, but because I want to show my respect for them by talking to them before I have anything to ask of them. The same isn't the same of all my academic colleagues, some of whom still regard IT as an unnecessary evil ...

      2. Glen Turner 666

        Re: Eduroam, and similar

        I'd also add that universities differ from business because: (1) Unis are in IT for the long haul. They're not put off by a half-decade-long project with international agreements and interoperability like Eduroam. (2) Academics are used to listening and criticising proposals. So you get a good hearing, and then you get a bucket-load of encouraging criticism. Part of the reason for the quality of uni networks is the free review from people who's consulting rates are thousands per day. (3) Business simply doesn't operate at the same scale nor require the same availability. I've had business employing a few 10,000s people tell me they run a "big" network, whereas 10,000 users would be a quiet day for a uni network.

  17. Anonymous Coward
    Anonymous Coward

    Great ideas...poor implementation

    There is an FE new build project which saw massive amounts of networked "new" technology brought in, along with a slew of staff and student BYOD.

    The resulting swirling vortex of entropy, left them with next to no fixed and wired PCs and a ever diminishing pile of notebook computers which couldn't connect to the WiFi thanks to bandwidth and a very full 2.4GHz spectrum.

    Add to that to the shoddy sub netting and VLAN setup and any numpty that manages to get on the wifi and fire up wireshark will be greeted with the broadcast messages from the building management , fire, CCTV, CISCO VOIP and lift management system...not to mention the default passwords

This topic is closed for new posts.