[Micronet] Proposed Abatement of AirBears Wifi Network

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

[Micronet] Proposed Abatement of AirBears Wifi Network

Isaac Orr
Hi folks,

When we deployed AirBears2 many people asked what our plans were for
the future of the AirBears wifi service.  Both of these networks
actually share a lot of common infrastructure, particularly access
points.  There are a few major differences between the AirBears and
AirBears2 services both in terms of infrastructure and behavior
though.  Before I explain what we are proposing, here's a brief
summary of the differences:


AirBears:
* All data is sent at the wireless layer unencrypted, in the clear.
If you are using HTTPS or other secured protocols obviously that data
is encrypted at that level, but the basic operation of the wireless
network itself does not provide any data privacy.

* Uses a web based authentication system requiring entry of your
CalNet passphrase.

* Authentication is short-lived and must be manually repeated often.

* Uses BSD based servers and custom developed software to provide
network address translation and the web based authentication mentioned
above.

* Provides users with a dedicated public IPv4 address and dedicated
public IPv6 address.


AirBears2/eduroam:

* Encrypts all data at the wireless layer.  Even if you are not using
secured protocols within applications, all data over the air has some
privacy.

* Uses standards based (802.11i) authentication, with a generated key
that is different from your CalNet Passphrase.

* Authentication is automated and devices can store credentials indefinitely.

* Uses carrier grade network address translation equipment with
superior performance and throughput compared with the AirBears captive
portals.

* Provides users with dedicated IPv6 addresses but shares IPv4 Public
addresses for all off-campus connectivity.

Because AirBears does not provide good data privacy, the ITLG feels
that it would be a good idea to abate this older network.  In
addition, the captive portal infrastructure that provides NAT and
authentication for AirBears is aging, and we no longer support the
software which it uses.  If AirBears remains, we would need to spend
some amount of time replacing this infrastructure in the near future.
We don't believe that there are good justifications for doing this
work.

We are considering abating the AirBears network as of the end of the
Spring Semester (i.e. by the end of May 2015).  AirBears2, eduroam and
CalVisitor will remain in service in their current forms.

We would like to solicit feedback from the campus IT community
regarding this course of action.  In particular, we would like to know
of any cases where AirBears is being used because AirBears2 does not
work. While its unlikely we will retain AirBears, we would like to
work with anyone who may have problems to resolve those in some way
before we abate the service.

iso


--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Proposed Abatement of AirBears Wifi Network

Baril
Hi all,

Sorry for the late response. My only talking point here involves
Airbears2. I have no problem doing away with Airbears, but I think that
the instructions for setting up Airbears2 need to be revisited.
Connecting to Airbears only requires your calnet id. But, the
instructions (and web page) for setting up Airbears2 is a bit wordy,
long in the tooth, too much information and somewhat complicated for
neophytes. I would like to see the instructions simplified (a simple
step 1, step 2, step 3, etc.). If someone needs more info, then a link
to this info can be included on the setup page. In other words, keep it
simple and it will work for everyone, every time.

Thanks,

Roy

On 1/16/2015 2:04 PM, Isaac Orr wrote:

> Hi folks,
>
> When we deployed AirBears2 many people asked what our plans were for
> the future of the AirBears wifi service.  Both of these networks
> actually share a lot of common infrastructure, particularly access
> points.  There are a few major differences between the AirBears and
> AirBears2 services both in terms of infrastructure and behavior
> though.  Before I explain what we are proposing, here's a brief
> summary of the differences:
>
>
> AirBears:
> * All data is sent at the wireless layer unencrypted, in the clear.
> If you are using HTTPS or other secured protocols obviously that data
> is encrypted at that level, but the basic operation of the wireless
> network itself does not provide any data privacy.
>
> * Uses a web based authentication system requiring entry of your
> CalNet passphrase.
>
> * Authentication is short-lived and must be manually repeated often.
>
> * Uses BSD based servers and custom developed software to provide
> network address translation and the web based authentication mentioned
> above.
>
> * Provides users with a dedicated public IPv4 address and dedicated
> public IPv6 address.
>
>
> AirBears2/eduroam:
>
> * Encrypts all data at the wireless layer.  Even if you are not using
> secured protocols within applications, all data over the air has some
> privacy.
>
> * Uses standards based (802.11i) authentication, with a generated key
> that is different from your CalNet Passphrase.
>
> * Authentication is automated and devices can store credentials indefinitely.
>
> * Uses carrier grade network address translation equipment with
> superior performance and throughput compared with the AirBears captive
> portals.
>
> * Provides users with dedicated IPv6 addresses but shares IPv4 Public
> addresses for all off-campus connectivity.
>
> Because AirBears does not provide good data privacy, the ITLG feels
> that it would be a good idea to abate this older network.  In
> addition, the captive portal infrastructure that provides NAT and
> authentication for AirBears is aging, and we no longer support the
> software which it uses.  If AirBears remains, we would need to spend
> some amount of time replacing this infrastructure in the near future.
> We don't believe that there are good justifications for doing this
> work.
>
> We are considering abating the AirBears network as of the end of the
> Spring Semester (i.e. by the end of May 2015).  AirBears2, eduroam and
> CalVisitor will remain in service in their current forms.
>
> We would like to solicit feedback from the campus IT community
> regarding this course of action.  In particular, we would like to know
> of any cases where AirBears is being used because AirBears2 does not
> work. While its unlikely we will retain AirBears, we would like to
> work with anyone who may have problems to resolve those in some way
> before we abate the service.
>
> iso
>
>

--
Roy A. Baril
Director of Technology
Graduate School of Journalism
University of California
121 North Gate Hall
Berkeley, CA 94720
510-643-9215 -- Work
510-643-9136 -- Fax
925-352-9543 -- Cell


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Proposed Abatement of AirBears Wifi Network

Isaac Orr
Hi Roy,

Thanks for the feedback.  CSS-IT maintains and updates most of the
how-to's on configuring AirBears2 for various device types.
Unfortunately the instructions vary across platforms and vendors, so
there is a few different articles that exist due to that.  The KB
allows for comments, and we'd be happy to accept improved instructions
as well.

>From glancing through the articles that we have, it looks like
complexity of the instructions is related to the vendor/OS more than
anything.  Some of them are pretty simple to connect to an enterprise
wireless network.  Others require more detailed configuration.
Windows 8.1 seems to be a straight 9 step process, if you count
directions like "Click OK" as a step, for example.


iso


On Wed, Jan 28, 2015 at 10:38 AM, Baril <[hidden email]> wrote:

> Hi all,
>
> Sorry for the late response. My only talking point here involves Airbears2.
> I have no problem doing away with Airbears, but I think that the
> instructions for setting up Airbears2 need to be revisited. Connecting to
> Airbears only requires your calnet id. But, the instructions (and web page)
> for setting up Airbears2 is a bit wordy, long in the tooth, too much
> information and somewhat complicated for neophytes. I would like to see the
> instructions simplified (a simple step 1, step 2, step 3, etc.). If someone
> needs more info, then a link to this info can be included on the setup page.
> In other words, keep it simple and it will work for everyone, every time.
>
> Thanks,
>
> Roy
>
>
> On 1/16/2015 2:04 PM, Isaac Orr wrote:
>>
>> Hi folks,
>>
>> When we deployed AirBears2 many people asked what our plans were for
>> the future of the AirBears wifi service.  Both of these networks
>> actually share a lot of common infrastructure, particularly access
>> points.  There are a few major differences between the AirBears and
>> AirBears2 services both in terms of infrastructure and behavior
>> though.  Before I explain what we are proposing, here's a brief
>> summary of the differences:
>>
>>
>> AirBears:
>> * All data is sent at the wireless layer unencrypted, in the clear.
>> If you are using HTTPS or other secured protocols obviously that data
>> is encrypted at that level, but the basic operation of the wireless
>> network itself does not provide any data privacy.
>>
>> * Uses a web based authentication system requiring entry of your
>> CalNet passphrase.
>>
>> * Authentication is short-lived and must be manually repeated often.
>>
>> * Uses BSD based servers and custom developed software to provide
>> network address translation and the web based authentication mentioned
>> above.
>>
>> * Provides users with a dedicated public IPv4 address and dedicated
>> public IPv6 address.
>>
>>
>> AirBears2/eduroam:
>>
>> * Encrypts all data at the wireless layer.  Even if you are not using
>> secured protocols within applications, all data over the air has some
>> privacy.
>>
>> * Uses standards based (802.11i) authentication, with a generated key
>> that is different from your CalNet Passphrase.
>>
>> * Authentication is automated and devices can store credentials
>> indefinitely.
>>
>> * Uses carrier grade network address translation equipment with
>> superior performance and throughput compared with the AirBears captive
>> portals.
>>
>> * Provides users with dedicated IPv6 addresses but shares IPv4 Public
>> addresses for all off-campus connectivity.
>>
>> Because AirBears does not provide good data privacy, the ITLG feels
>> that it would be a good idea to abate this older network.  In
>> addition, the captive portal infrastructure that provides NAT and
>> authentication for AirBears is aging, and we no longer support the
>> software which it uses.  If AirBears remains, we would need to spend
>> some amount of time replacing this infrastructure in the near future.
>> We don't believe that there are good justifications for doing this
>> work.
>>
>> We are considering abating the AirBears network as of the end of the
>> Spring Semester (i.e. by the end of May 2015).  AirBears2, eduroam and
>> CalVisitor will remain in service in their current forms.
>>
>> We would like to solicit feedback from the campus IT community
>> regarding this course of action.  In particular, we would like to know
>> of any cases where AirBears is being used because AirBears2 does not
>> work. While its unlikely we will retain AirBears, we would like to
>> work with anyone who may have problems to resolve those in some way
>> before we abate the service.
>>
>> iso
>>
>>
>
> --
> Roy A. Baril
> Director of Technology
> Graduate School of Journalism
> University of California
> 121 North Gate Hall
> Berkeley, CA 94720
> 510-643-9215 -- Work
> 510-643-9136 -- Fax
> 925-352-9543 -- Cell
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Proposed Abatement of AirBears Wifi Network

Graham Patterson
In reply to this post by Baril

We find that plain AirBears is more visible and less prone to
disconnection than AirBears2. It seems to be mac users with the
problems, but then we have far more Mac laptops in service than Windows
ones.

We are not sure that CalVisitor will be sufficient for some of our
rentals because of the traffic limitations. It works fine for routine
visitors and the public.

This went back to Issac in considerable detail.

Graham

On 1/28/15 10:38 AM, Baril wrote:

> Hi all,
>
> Sorry for the late response. My only talking point here involves
> Airbears2. I have no problem doing away with Airbears, but I think that
> the instructions for setting up Airbears2 need to be revisited.
> Connecting to Airbears only requires your calnet id. But, the
> instructions (and web page) for setting up Airbears2 is a bit wordy,
> long in the tooth, too much information and somewhat complicated for
> neophytes. I would like to see the instructions simplified (a simple
> step 1, step 2, step 3, etc.). If someone needs more info, then a link
> to this info can be included on the setup page. In other words, keep it
> simple and it will work for everyone, every time.
>
> Thanks,
>
> Roy
>
> On 1/16/2015 2:04 PM, Isaac Orr wrote:
>> Hi folks,
>>
>> When we deployed AirBears2 many people asked what our plans were for
>> the future of the AirBears wifi service.  Both of these networks
>> actually share a lot of common infrastructure, particularly access
>> points.  There are a few major differences between the AirBears and
>> AirBears2 services both in terms of infrastructure and behavior
>> though.  Before I explain what we are proposing, here's a brief
>> summary of the differences:
>>
>>
>> AirBears:
>> * All data is sent at the wireless layer unencrypted, in the clear.
>> If you are using HTTPS or other secured protocols obviously that data
>> is encrypted at that level, but the basic operation of the wireless
>> network itself does not provide any data privacy.
>>
>> * Uses a web based authentication system requiring entry of your
>> CalNet passphrase.
>>
>> * Authentication is short-lived and must be manually repeated often.
>>
>> * Uses BSD based servers and custom developed software to provide
>> network address translation and the web based authentication mentioned
>> above.
>>
>> * Provides users with a dedicated public IPv4 address and dedicated
>> public IPv6 address.
>>
>>
>> AirBears2/eduroam:
>>
>> * Encrypts all data at the wireless layer.  Even if you are not using
>> secured protocols within applications, all data over the air has some
>> privacy.
>>
>> * Uses standards based (802.11i) authentication, with a generated key
>> that is different from your CalNet Passphrase.
>>
>> * Authentication is automated and devices can store credentials indefinitely.
>>
>> * Uses carrier grade network address translation equipment with
>> superior performance and throughput compared with the AirBears captive
>> portals.
>>
>> * Provides users with dedicated IPv6 addresses but shares IPv4 Public
>> addresses for all off-campus connectivity.
>>
>> Because AirBears does not provide good data privacy, the ITLG feels
>> that it would be a good idea to abate this older network.  In
>> addition, the captive portal infrastructure that provides NAT and
>> authentication for AirBears is aging, and we no longer support the
>> software which it uses.  If AirBears remains, we would need to spend
>> some amount of time replacing this infrastructure in the near future.
>> We don't believe that there are good justifications for doing this
>> work.
>>
>> We are considering abating the AirBears network as of the end of the
>> Spring Semester (i.e. by the end of May 2015).  AirBears2, eduroam and
>> CalVisitor will remain in service in their current forms.
>>
>> We would like to solicit feedback from the campus IT community
>> regarding this course of action.  In particular, we would like to know
>> of any cases where AirBears is being used because AirBears2 does not
>> work. While its unlikely we will retain AirBears, we would like to
>> work with anyone who may have problems to resolve those in some way
>> before we abate the service.
>>
>> iso
>>
>>
>


--
Graham Patterson, Systems Administrator
Lawrence Hall of Science, UC Berkeley   510-643-1984
"...past the iguana, the tyrannosaurus, the mastodon, the mathematical
puzzles, and the meteorite..." - used to be the directions to my office.

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Proposed Abatement of AirBears Wifi Network

Ian Crew

On Jan 28, 2015, at 10:55 AM, Graham Patterson <[hidden email]> wrote:

We find that plain AirBears is more visible and less prone to
disconnection than AirBears2. It seems to be mac users with the
problems,

If those users are on Mac OS X 10.10 (Yosemite), the 10.10.2 update that was released yesterday supposedly fixes a bunch of WiFi issues.  See http://support.apple.com/kb/DL1786 for details.

Ian

___
Ian Crew

IST-Architecture, Platforms and Integration (API)
Earl Warren Hall, Second Floor
University of California, Berkeley


 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.
Reply | Threaded
Open this post in threaded view
|

Re: [Micronet] Proposed Abatement of AirBears Wifi Network

Isaac Orr
Thanks Ian,

I'd mentioned to Graham off list that we know Apple is working on some
known WiFi issues.  We'd be interested in hearing from people as to
whether they think 10.10.2 has improved those problems, if they are
having them.

iso


On Wed, Jan 28, 2015 at 11:04 AM, Ian Crew <[hidden email]> wrote:

>
> On Jan 28, 2015, at 10:55 AM, Graham Patterson <[hidden email]> wrote:
>
> We find that plain AirBears is more visible and less prone to
> disconnection than AirBears2. It seems to be mac users with the
> problems,
>
>
> If those users are on Mac OS X 10.10 (Yosemite), the 10.10.2 update that was
> released yesterday supposedly fixes a bunch of WiFi issues.  See
> http://support.apple.com/kb/DL1786 for details.
>
> Ian
>
> ___
> Ian Crew
>
> IST-Architecture, Platforms and Integration (API)
> Earl Warren Hall, Second Floor
> University of California, Berkeley
>
>
>
> -------------------------------------------------------------------------
> The following was automatically added to this message by the list server:
>
> To learn more about Micronet, including how to subscribe to or unsubscribe
> from its mailing list and how to find out about upcoming meetings, please
> visit the Micronet Web site:
>
> http://micronet.berkeley.edu
>
> Messages you send to this mailing list are public and world-viewable, and
> the list's archives can be browsed and searched on the Internet.  This means
> these messages can be viewed by (among others) your bosses, prospective
> employers, and people who have known you in the past.
>



--
Isaac Simon Orr
Manager, Network Operations and Services
IST Telecommunications, UC Berkeley
P: +1 510 643 9837 C: +1 510 517 9408 E: [hidden email]

 
-------------------------------------------------------------------------
The following was automatically added to this message by the list server:

To learn more about Micronet, including how to subscribe to or unsubscribe from its mailing list and how to find out about upcoming meetings, please visit the Micronet Web site:

http://micronet.berkeley.edu

Messages you send to this mailing list are public and world-viewable, and the list's archives can be browsed and searched on the Internet.  This means these messages can be viewed by (among others) your bosses, prospective employers, and people who have known you in the past.