The Loop developed a "Eduroam" type service where users could roam across the "Top of the South" with authentication being passed back to the school by the forerunner of Crystal. This service was shut down or rather 'depowered' with the advent of the N4L as it was too hard to manage without the layer 2 network used by the Loop.
Goal: To automatically provision the schools enterprise wireless system so that access is as seamless as possible with load overheads.
Assumption and Questions:
- This service will only be of direct interest to Crystal LDAP hosted
- Restricted to the "Top of the South" island at least until we have a stable more mature system.
- It is assumed that schools with their own network system will be also using that to mange their wireless systems.
- However schools with their own network operation system may replicate their user base to Crystal thus allowing the wireless option to work.
- Question: Could SSO work with this service?
- Mac authentication provably not secure enough for some environments so schools could choose and/or SSIDs
- Perhaps use Mac authentication for BYOD?
- Crystal AD.
- Each school would have two security group that would be managed through NetAdmin. One group for each SSID.
- Each school would have two SSID's ...
- Crystal open... and that and that would use Mac authentication
- Crystal secure ... that would verify against the Crystal AD
Crystal will provide a radius server that drives
off the Crystal AD LDAP that will effectively be single sign on for the schools wireless systems ...and be able to roam across Crystal LDAP hosted schools.
This would be Crystal 6 attracting the appropriate step wise cost.
only will support the following enterprise level wireless brands.
Crystal cannot write directly to the local ruckus database.
Management must be through one of two modes using the "Zero-IT" group of technologies.
- Ubiquiti ... authenticating against Crystal's radius server
- Developing support
but not yet operational