Typically on the forefront of the technology evolution, universities operate some of the world's largest collections of computers and high-speed networks. Information technology is seen as an innovative tool to inspire students and faculty as they advance their knowledge through research, teaching and learning. As a result, universities often develop next-generation technologies and produce the world's future leaders and innovators. To protect its intellectual assets and its technology investments, measures must be taken to ensure that network security is maintained at the highest level possible.

Of particular concern is the ability to control authorized access to information. A network security breach by either an unauthorized user or an authorized user with specific access rights could cause serious issues, including the loss of intellectual property, a denial of service (DoS) attack, a decrease in public confidence or unapproved access to highly sensitive and confidential information critical to both students and teachers, such as academic performance records or detailed curriculum plans.

The University of Alberta, which places a strong emphasis on technology's role in teaching and learning, has emerged as one of Canada's largest research−intensive universities. Placing an equally strong emphasis on network security, the university's Faculty of Engineering recently set out to create the most secure network for their unique communication needs while providing personalized network services to users.

As noted, controlling access to valuable information was a key requirement for the University of Alberta. With industry standards like IEEE 802.1X port−based access control − established with ProCurve Networking leadership and implemented in the ProCurve Networking Adaptive EDGE Architecture™ solution − security begins when a user plugs in the network cable.

For the University of Alberta, the added value of the 802.1X protocol is the ability to authenticate through a remote authentication dial−in user service (RADIUS) server, enabling access to the appropriate virtual local area network (VLAN). The RADIUS server informs the switch to configure the client's port to be a member of a particular VLAN, thus restricting or confining the client's access within the internal network. For example, if a Department of Engineering student logs in and is authenticated, they can be 'moved' to a VLAN designed with services specific to that department. Additionally, anyone authenticated with a university account can be 'moved' to a VLAN that provides specific university-wide services.

"The 802.1X protocol is of keen interest to the university because it provides a mechanism for authenticating people against a secure database via the ports," said Kees denHartigh, the Electrical and Computer Engineering department's systems and network administrator analyst/supervisor and one of the Faculty of Engineering team members responsible for the network infrastructure design and implementation. "Anyone could go into our classrooms, plug in their PCs and access the entire network − we needed some method of authentication to assure that only verified university faculty, students and personnel could obtain network connectivity."

Because the 802.1X protocol is customizable, administrators have the ability to provide full access to the network, or limited access, depending on the user's authentication. In this way, guests to the university can, for example, access the Internet but cannot access secure areas of the network. In turn, students and teachers who are positively authenticated have optimal bandwidth, better functionality and additional security.

"HP's leadership on the 802.1X protocol put them far ahead of the competition," said denHartigh. "We worked with ProCurve Networking to implement a guest virtual local area network feature, which allows user access to certain systems and services based on their user profile. VLANs can be used to divide the enterprise LAN into multiple sub-networks that are isolated from each other. Users on one VLAN cannot access resources on other VLANs without authorization and appropriate control of the network itself. For example, a university conference attendee using a VLAN could receive Internet access or other conference-related services without having access to the entire network."

denHartigh undertook the search for the ultimate secure, scalable network − for the best value − by investigating all possible options.

"Although some of the competitor solutions were interesting, they offered features that we did not need and were not willing to finance," denHartigh said. "HP offered us customized, rich functionality at a very competitive price point."

An HP customer for the past 15+ years, denHartigh awarded the bid to the ProCurve Networking Business because its solutions provided the security features he demanded, robust functionality and flexibility at an affordable price. The HP ProCurve Switch 2524 was selected because of its high performance, security, easy management, low cost of ownership and advanced features. Between the department's two buildings, there are now more than 4,200 ports of HP ProCurve 2524 switches connected to the backbone of an HP ProCurve Routing Switch 9308m, including Gigabit uplinks to the core switch and the overall campus network. Not including offices and labs, the Faculty of Engineering's latest multimedia equipped classrooms boast more than 1,700 seats with individual network ports and power plugs.

"I like doing business with HP because they are a research and development company unlike most of the other vendors," said denHartigh. "And because they do most of their own R&D, they are very attentive to their customer's needs and make available the best people they have."

When you are ready to explore the benefits a ProCurve Networking solution can offer you, call HP at 1-800-975-7682.

To learn more about ProCurve Networking's Adaptive EDGE Architecture™ solutions, visit our home page.

Purchase: In the US, HP business solutions, products, and supplies can be purchased at your local HP partner, or bought directly from HP either online or by calling 800-613-2222.

Finance: HP finance plans provide all the benefits of new technology without the risk or cost of ownership. For details, call 888-999-4783.

Accessibility: HP is committed to providing products and services that are accessible to people with disabilities. For more information, please visit the HP Accessibility web site or call 888-259-5707.