Just a few years ago, when we installed our first Aruba network at Rio Rancho Public Schools, an appetite for funding wireless at the K-12 level was minimal.
However, we foresaw mobility demand rapidly overtaking this mindset, which led to deploying a controller-less WLAN based on Aruba’s Instant Access Points as a cost-effective method for bridging the gap. Not only did our IAP-based Wi-Fi serve us well, but also enabled us to begin making our dreams of 1:1 computing into a reality.
Embracing Wi-Fi sparks transition from IAPs to controllers
Now, we have support for providing all of our 18,000 students with Chromebooks, which we expect to accomplish this school year. Further, as New Mexico’s third-largest district, we’ve fully embraced BYOD, resulting in most of our students and staff bringing at least one personal device to school.
Such skyrocketing device densities, coupled with today’s fundamental reliance on mobility for curriculum delivery, required evolving our WLAN. Although we already relied on Aruba’s AirWave to optimize our network and ClearPass to secure both BYOD and district-issued devices, it made sense to increase our access point density to one per classroom using Aruba’s 802.11ac Wave 2 AP’s.
Multiplying our AP count, from about 400 to nearly 1,700, required centralizing and simplifying our wireless configurations. This made moving to a controller-managed WLAN, by adopting the Mobility Conductor controller along with the 7200-series controllers, a logical choice.
Our timing couldn’t have been better. We were also able to take advantage of ArubaOS 8, the backbone of Aruba’s Mobile First Architecture, which serves as the centralized network operating system that brings a broad range of capabilities and functionality.
Intuitive UI + Hierarchical Architecture = Easy Migration
As the district couldn’t dedicate resources to the transition full-time, we completed the deployment over a couple of months during the middle of the 2017-2018 school year. It began with designing and configuring our new WLAN to take advantage of ArubaOS 8’s controller clustering to implement two clusters of eight controllers that automate load balancing for hitless failover.
We also leveraged the intuitive UI and hierarchical configurations throughout the process. The UI provides exceptional granularity, including the effects of network changes we experimented with. It’s also proving helpful in production for testing the impacts of routine adjustments.
The hierarchical configurations made it incredibly easy to deploy our new WLAN, especially compared with managing a distributed IAP network. It also enabled on-the-fly production changes. Whether it’s an adjustment at a specific site, or across all sites, the hierarchy makes the processes straightforward and uncomplicated.
For the migration, we mimicked our IAP roles and firewall setup so they would continue to work with our existing ClearPass rules and policies, ensuring a smooth transition. Then we simply flipped sites from the old network onto the new, one at a time, starting with our district office as a beta site.
Game-changing benefits for Users and IT
Adopting an ArubaOS 8 WLAN has been a game changer. For starters, it’s reduced configuration effort for adding or adjusting VLANs because we no longer have to go out to configure each individual switch port – instead, we simply access the UI, make a few clicks and the VLAN is done.
In addition, the integration with ClearPass is tighter and more streamlined. It enables users to log on and seamlessly receive the proper credentials whether they’re a student, staff or a guest.
Also, we’ve performed multiple tests on both resiliency capabilities and the Live Upgrade feature with no service impact. In fact, Mobility Conductor’s automated load balancing, combined with Live Upgrades, enabled moving our controllers from our old 1GbE connection to 10GbE during a school day, without any downtime. This not only saved us from working after hours but reduced the migration duration by about half.
For management, the centralized licensing pool feature makes it simple to drop a license into Mobility Conductor, which then gets deployed automatically throughout the controllers.
We’re equally happy with having the same Zero-Touch Provisioning capability as we enjoyed with our previous IAP set up. We just plug in an AP, assign it to the appropriate group and we’re done.
Advances in AirGroup functionality are also a huge benefit. Although we have few district-issued IoT devices at this time, teachers and students are allowed to bring in Apple TVs, Chromecasts and more. Using AirGroup, we can quickly apply rules limiting users of each device to appropriate individuals.
As for AirMatch, it’s optimizing our RF without any intervention from us. In combination with the other Mobility Conductor innovations, AirMatch is critically important for automating network performance and stability. This, in turn, is critical to getting our educators comfortable with the transition to relying primarily on wireless.
Next up: Unifying wired and wireless, adding WPA3 & more
Moving forward, the ArubaOS 8 network operating system will be fundamental for achieving our strategy to become 90% wireless and 10% wired. Naturally, as our wired reliance dwindles, we’ll reduce our switch port needs. As our switching infrastructure is aging, we expect to see considerable savings when we begin our switch update.
During the switch update, we also plan to unify access policy management for our wired and wireless networks by tunneling both types of traffic through our controllers. This will deliver consistent experiences while significantly simplifying policy and rules enforcement.
What’s more, we’re very pleased with Aruba’s ongoing leadership in wireless standards, including being at the forefront of bringing WPA3 into the public domain. We’re excited about the forthcoming integration of this new Wi-Fi security standard into the Aruba product line.
At the K-12 level, kids will be kids, meaning we have 18,000 potential points of questionable activity on our network every day. Even when students don’t intend to cause problems, they can do so unsuspectingly. Like every district, security is a top priority for us and WPA3 will significantly enhance our efforts.
Overall, we’ve found Aruba’s controller-managed solution with ArubaOS 8 is everything we’d hoped for and more. It’s a remarkably intuitive and cohesive environment that enables us to continue providing users with exceptional experiences, regardless of the device they’re connecting with or the new curriculum innovations they want to try. And, with the many automation capabilities, we gain in IT, it permits us to focus on other critical projects.
The transition from IAPs to ArubaOS 8 has been a win for the IT team, the district, and our school community at large.
Scott Leppelman is the Senior Network Engineer at Rio Rancho Public Schools, in Rio Rancho New Mexico. Founded in 1994 as a direct result of residents’ insistence on excellence in education, Rio Rancho employs over 2,100 people to serve nearly 18,000 students from a total of 22 academic and administrative buildings. Leppelman has served in networking capacities at Rio Rancho for over a decade and holds certifications in numerous technologies, including as an Aruba Certified ClearPass Professional.
