Open System Consultants (OSC) has recently completed a major project for Monash University in Australia to redesign the university network access control system. Monash has eight campuses including one in Malaysia and one in South Africa, and a centre in Prato, Italy. An energetic and dynamic university, Monash is committed to quality education and research and in 2009 had over 56,500 enrolled students and 7,200 staff.
The Radiator RADIUS server from OSC is the central component of the University’s system which controls access to the wireless network on Monash’s Australian campuses. The system is also used to control external remote VPN access, guest access for visiting Eduroam users and contractors, and user credential verification for internet access as part of the 802.1x wireless authentication and via a web portal on the wired network.
The Monash campus networks comprise some 1100 wireless access points and 45,000 ethernet wired ports. The Radiator system must be capable of sustaining peak RADIUS request rates of 6000 per minute during the morning rush as students and staff arrive at the beginning of each day. User credentials are stored in both SUN ONE Directory Server and Microsoft Active Directory, and an SQL database is used to store RADIUS accounting records and to maintain a list of current active network sessions.
There are two hardware Cisco load balancers distributing the RADIUS requests across four Radiator hosts, each running multiple instances of Radiator. Each Radiator host has a “front end” instance and multiple duplicated “back end” instances to provide controlled parallel processing of the AD and LDAP lookups. Eduroam RADIUS requests are proxied to the Australian Eduroam servers. The Radiator hosts are dual CPU VMware virtual machines running Redhat Enterprise Linux.
Open System Consultants successfully redesigned the Monash network authentication service within the 10 day contract period. The new service can now handle the morning point authentication loads, is capable of being easily scaled in the future through the increase of servers to the farm and additional EAP types are now supported.
This new Radiator RADIUS implementation will allow Monash to support a greater number of PDA’s, smart phones and presents an opportunity to begin the migration of their wired network to 802.1x network authentication. Myles Fenton, Project Manager, Network Infrastructure Services, Monash University, Australia