Presentation is loading. Please wait.

Presentation is loading. Please wait.

Frédéric Hemmer CERN IT Department Head 7 May 2013

Published byEmory Short Modified over 6 years ago

Similar presentations

Presentation on theme: "Frédéric Hemmer CERN IT Department Head 7 May 2013"— Presentation transcript:

1 ACCU - 100th Meeting WiFi @ CERN
Frédéric Hemmer CERN IT Department Head 7 May 2013 ACCU - CERN - Frédéric Hemmer

2 Evolution of Wi-Fi@CERN
May 2009 Installed Base stations 796 Equipped Buildings 219 Investment 918 KCHF Simultaneous Users 1100 (2009) -> 4000 (2013) Connected devices 6000/day Traffic 1.5 Gbps (2011) -> 7 Gbps Micro-wave Telecom Engineer hired on (180 KCHF/year) WIND project with HP Networking (250 KCHF/year) Aims at monitoring, optimizing, and troubleshooting existing installations as well as providing feedback for Wi-Fi design to manufacturers ACCU - CERN - Frédéric Hemmer

3 Wireless is complex Potential Real problem sources:
- client related issues - infrastructure issues: deployment problems sources of interference - (high) density issues - expected QoS from the user’s point of view - a combination of all factors ACCU - CERN - Frédéric Hemmer Everything that can go wrong…will go wrong!

4 WIND Tools - Health of the network
Restaurant 1 Restaurant 2 Building 40 ACCU - CERN - Frédéric Hemmer

5 Condition of use of CERN networks
Compliance to the Operational Circular 5 “Use of CERN Computing Facilities” Mandatory Device Registration Agreed at the 61st ACCU Meeting To be able to track down the origin of perturbations of the network as well as inappropriate behaviour Almost impossible to do it automatically for wireless connected devices Incorrectly configured devices are more likely to occur with visitors ACCU - CERN - Frédéric Hemmer

6 Consequences of inappropriate behaviour
ACCU - CERN - Frédéric Hemmer

7 The “Free” Wi-Fi request
Free Wi-Fi is available But requires registration and authorisation by a “responsible” Takes < 5 minutes Registration is required for traceability reasons Verified access to CERN office network & computing resources Only contact for any kind of issues Follow-up improving individual security issues, protection of CERN reputation and legal issues Unauthenticated access implies unidentified individuals have direct access to the CERN office network and DAQ of “small” experiments and are at 1 hop of the control systems of LHC and LHC experiments Unacceptable risk wrt. CERN assets Deploying a parallel network or using an alternate supplier (e.g. Swisscom, SFR, etc…) would be expensive and degrade the existing signals Therefore deteriorate the Wi-Fi service for registered users Would require a parallel Wi-Fi infrastructure to be deployed A parallel network would be confusing for users ACCU - CERN - Frédéric Hemmer

8 ACCU - WiFi @ CERN - Frédéric Hemmer
What’s next: eduroam Pilot started Waiting for servers to be delivered Devices can authenticate using eduroam credentials Provided by participating institutes CERN uses personal certificate (user guide drafted) User Guide drafted Access possible to any eduroam access point Not necessarily at CERN Intention to make it available from all capable WiFi base stations i.e. the HP ones, not the old ones From onwards (personnel availability during LS1) Note: eduroam coverage at the GVA airport is not under CERN’s control Switzerland coverage responsibility is with Switch, the Swiss NREN ACCU - CERN - Frédéric Hemmer

9 ACCU - WiFi @ CERN - Frédéric Hemmer
Summary has significantly improved since 2009 Coverage/Usage eduroam should generally become available in 2013 Making it easier for unregistered users Large palette of Wi-Fi usage possible CERN Users: permanent Wi-Fi registration; eduroam access after certificate registration CERN Users: eduroam access in 57 countries eduroam Users not affiliated with CERN: 4 weeks Wi-Fi registration after eduroam authentication (using institute credentials) Other visitors: up to 4 weeks Wi-Fi registration upon vouching Unauthenticated Wi-Fi usage is not considered possible at this point in time Not only for security reasons Note: Wi-Fi coverage in the Saint-Genis foyer is not CERN responsibility CERN is not allowed to provided Wi-Fi outside its fenced area ACCU - CERN - Frédéric Hemmer

10

Download ppt "Frédéric Hemmer CERN IT Department Head 7 May 2013"

Similar presentations

Motorola Mobility Management Suite: RF Management

Motorola Mobility Management Suite: RF Management
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.

Wireless Security Ysabel Bravo Fall 2004 Montclair State University - NJ.
A Guide to major network components

A Guide to major network components
Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.

Network and Systems Security Security Awareness, Risk Management, Policies and Network Architecture.
C ONNECTING YOUR NETWORK National 4/5 Computing Science.

C ONNECTING YOUR NETWORK National 4/5 Computing Science.
Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.

Using RADIUS Within the Framework of the School Environment Ed Register Consultant April 6, 2011.
Mobility at CERN 29/10/2013 HEPiX Fall 20132 IT/Communication Systems HEPiX Fall 2013.

Mobility at CERN 29/10/2013 HEPiX Fall IT/Communication Systems HEPiX Fall 2013.
ANSALDO: BACKGROUND experience in dependable Signalling Automation Systems experience in dependable Management Automation Systems experience in installation,

ANSALDO: BACKGROUND experience in dependable Signalling Automation Systems experience in dependable Management Automation Systems experience in installation,
© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco PublicITE I Chapter 6 1 Wireless Router LAN Switching and Wireless – Chapter 7.
S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12, 2 0 1.

S T A N F O R D U N I V E R S I T Y I N F O R M A T I O N T E C H N O L O G Y S E R V I C E S C o m m u n i c a t i o n S e r v i c e s July 12,
Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.

Eduroam Louis Twomey HEAnet Library Services Day 20 th November 2014.
Education roaming Secure Wireless Service for Research and Education.

Education roaming Secure Wireless Service for Research and Education.
Portable Computer Registration Jean-Michel Jouanigot et al. Presentation to FOCUS on 2 October 2003.

Portable Computer Registration Jean-Michel Jouanigot et al. Presentation to FOCUS on 2 October 2003.
70-411: Administering Windows Server 2012

70-411: Administering Windows Server 2012
Implementing Network Access Protection

Implementing Network Access Protection
Michal Procházka, Jan Oppolzer CESNET.

Michal Procházka, Jan Oppolzer CESNET.
20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,

20411B 8: Installing, Configuring, and Troubleshooting the Network Policy Server Role Presentation: 60 minutes Lab: 60 minutes After completing this module,
SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.

SAM for Virtualizatio n Presenter Name. Virtualization: a key priority for business decision makers Technavio forecasts that the global virtualization.
ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

ISS SiteProtector and Internet Scanner LanAdmin Group Meeting 12/8/2005.

Similar presentations

Ads by Google