Baylor University
Secure Network™ Improves Network Security and Management on Campus

Learn More

Want to learn more about Enterasys solutions for the enterprise? Contact Enterasys

Chartered in 1845 by the Republic of Texas and affiliated with the Baptist General Convention of Texas, Baylor is the oldest institution of higher learning in the state.

While remaining true to its heritage, Baylor has grown to more than 14,000 students, and its nationally recognized academic divisions provide 158 baccalaureate degree programs at the undergraduate level. The University also offers 23 master’s degrees with 65 programs of study, one educational specialist and 15 doctoral degree programs through the Graduate School, plus the juris doctor through the Law School, and the master of divinity, master of divinity/master of music, and doctor of ministry through George W. Truett Theological Seminary.

The 432-acre campus is located on the banks of the Brazos River in Waco, Texas, a metropolitan area of 200,000 people.

The Challenge:
Ensuring high-bandwidth performance and security of IT resources in a campus network
Baylor University is recognized as a truly “wired” campus. Thanks to its commitment to innovation, the University deploys leadingedge technologies to provide students, faculty and staff with the resources they expect from a 21st Century institution. According to Baylor CIO Reagan Ramsower, Baylor recently adopted Vision 2012, a 10-year initiative that asserts the University’s intention to enter the top tier of American universities while reaffirming its distinctive Christian mission. Technology plays a key role. “Our mission is to connect people with knowledge, information and the technology to support the teaching, learning, scholarship and decision making that will make Vision 2012 a reality,” Ramsower stated.

Baylor University’s residence hall network, ResNet, provides high-speed network access to 3,200 students in 11 residence halls acrosscampus. Each residence hall room has a dedicated Fast Ethernet connection, and students use this network connection to access the Internet and campus resources, including e-mail, on-line electronic library resources, automated student services, and Baylor’s Blackboard course management system.

The size and scope of ResNet created a number of challenges for the University. Baylor students connecting to the ResNet infrastructure needed to access University and public IT resources without exhausting available network bandwidth. At the same time, ensuring network security was essential.

To help meet these challenges, Baylor implemented a University computing policy of acceptable use for resident students that limited network usage to certain protocols and applications. Unfortunately, administering the policy was difficult, and enforcement could only be achieved manually.

“We had moved from eight T1 lines to a DS3, yet within one month the 45 Mbps pipe was swamped,” explained Bob Hartland, director of IT servers and networking systems at Baylor. “It was clear that even if we added all the network bandwidth we could afford, we wouldn’t solve the problem. What we really needed was a solution that could help us identify and deal with network traffic, ensure reliability and eliminate bandwidth abuse.”

“At the same time, we needed to improve security by authenticating users to be sure they are eligible to use our network’s services,” added Scott Day, Baylor’s manager of network services. “In addition, we wanted to eliminate unsupported protocols, block known hack techniques, and enforce our network acceptable usage policy. And, we wanted to do it without a lot of human intervention.”

The Solution:
An Enterasys policy-based Secure Network solution
Today, Baylor’s IT infrastructure is built on an Enterasys Secure Network. A routed Ethernet environment with Gigabit Ethernet connectivity to most buildings. Wiring closets in residence halls and other buildings across campus house Matrix E1 switches, which provide switched access to the desktop. From the closets, Fast Ethernet over fiber connects to Matrix E7 aggregation switches, which in turn connect via a single uplink to an X-Pedition ER16 for core routing functionality. In addition, RoamAbout brings wireless network connectivity to the campus.

Finally, NetSight Element Manager and Policy Manager manage the entire infrastructure.

“At Baylor, we take a different approach t o IT than that of many other institutions,” Hartland said. “Rather than putting the majority of our funding into the network core, we focus on ensuring that our edge equipment is intelligent. This may be a little more expensive, but it gives us a great deal more flexibility in how we deal with network traffic. We can approach the network from a more granular perspective, concentrating on a single office or user instead of an entire building or closet.”

This philosophy was especially important when Baylor deployed Enterasys Secure Networks policy-based system to allows the network to allocate resources based on specific users and their roles. Together, Enterasys Matrix E1 switches and NetSight Atlas Policy Manager 1.4 make up the solution and give Baylor’s ResNet accessibility, bandwidth control, and security, as well as other policy characteristics. “Secure Networks literally enables us to push security, authentication and traffic management to the edge of the network,” Hartland commented.

With the Matrix E1 and NetSight Atlas Policy Manager in place, the University eliminated unsupported protocols from ResNet. “Rogue DHCP servers caused real issues for us,” explained Hartland. “Often times the problem was caused by an innocent mistake on the part of a novice user, yet the results were very problematic. The very first policy we implemented eliminated rogue DHCP servers from our network.” Other undesirable protocols such as user-sourced routing protocols and administrative protocols are now also filtered at network access points. Since University IT staff is aware of several TCP and UDP traffic ranges that can be used for attacks on network resources, these traffic patterns are also filtered at the access switches.

“With Enterasys support, the deployment went without a hitch,” commented Day. “NetSight Policy Manager’s functionality played a critical role. The thought of policy management can be intimidating: making a connection to each switch, disconnecting and reconnecting to accommodate any policy change. But in NetSight Policy Manger we have a tool that lets us define a policy once and push it out to multiple devices. This was important during installation, but should be even more critical further down the road as we look to expand services.”

The Penalty Box
In addition to its standard policy for resident students, the University created a policy role called “Penalty Box.” If students abuse the network, their network connections can be placed into a “Penalty Box” configuration, which allows only highly restricted access to Baylor network resources and the Internet. Internet access is also rate limited so only a certain amount of bandwidth can be used. Moving a student to the “Penalty Box” is a simple “point-and-click” task on the centralized Policy Manager application and can be controlled from IT operations or the security desk. “Baylor provides a very open environment for students’ use of technology,” Hartland said. “Yet we need a tool to enforce the University’s user policy, while preserving a student’s access to critical educational resources. The result is the Penalty Box.”

By deploying Enterasys Secure Networks solution in the ResNet environment, Baylor University minimized the bandwidth consumption on the infrastructure, secured the network from misuse, and implemented a management framework that allows for policy changes to be deployed quickly and easily from a centralized configuration point.

The Future:
Even greater security, reliability and control
In the short term, Baylor is looking to expand policy-based networking throughout the campus, moving from static to dynamic policy implementation. “At the same time,” Day added, “we’d like to implement policy-based networking for our RoamAbout network to boost security on the wireless side.”

Hartland and Day would also like to move to high-speed 802.11a for their wireless implementation. “The need for mobility in an educational environment is critical,” Hartland explained. “The experience in a residence hall room should be no different than the experience under a tree in a quad. We are committed to that end result.”

In the long term, the team at Baylor seeks to build more redundancy into their network and improve the network’s authentication mechanisms, bandwidth control and security, while staying abreast of emerging technology trends. As always, the ultimate goals is to improve the educational experience.

“We will continue to enhance the experience of our students by working with a partner like Enterasys who understands our goals and works with us to achieve them,” Hartland concluded. “In our network environment, we have an end-to-end Enterasys infrastructure that came to be because the company listened to our concerns and proposed a solution that met our needs.”