Author Archives: Zachary Schuetz

Wireless Network Changes

Greetings!

Over the course of the next several weeks, we will be replacing the wireless networks at Middlebury.

What do I need to do?

Starting March 2nd, please connect to the new secure wireless network named MiddleburyCollege (like midd_secure but better). Middlebury Faculty, Staff and Students will login with your standard Middlebury username and password. Guests will need to create a Middlebury guest account and use it to connect to MiddleburyCollege. This is not a change for change’s sake – we are confident that the end result will be a wireless network that is more convenient and more secure for everyone.

Why are we doing this? What are we trying to achieve?

Some devices have trouble with the current configuration of midd_secure. Midd_secure was created many years ago and wireless standards have since evolved. Additionally, guests have traditionally connected to midd_unplugged, a non-secure network.

It is important that all wireless devices, including those of faculty, staff and students as well as guests, have a way to connect to our network securely, quickly, and easily. Also, as part of our improved security posture, and to comply with all regulations and generally accepted guidelines, devices on our network need to be identified and associated with an individual, for everyone’s benefit.

What will the new configuration look like?

  • Anyone with a Middlebury College username, including faculty, staff, students, etc., will connect to the new wireless network called MiddleburyCollege using their username and password. Guests will also connect to MiddleburyCollege with their guest account name and password, where they will have access to the Internet, but not our internal servers.
  • Guests from other institutions that are also part of the eduroam project will continue to connect to the eduroam network (for Internet access only).
  • Guests and others who do not have a username and password, either because they haven’t created an account or they have forgotten their password, will connect to a new open wireless network created for this purpose, called GuestAccountCreation. No password is required, but connections are limited to intervals of 15 minutes. When they connect, they will be offered links to create a new guest account, reset their guest password, or activate/reset their Middlebury account password.
  • Certain older or residential devices, for technical or procedural reasons, do not support standard security protocols (username and password), and require what’s called a “pre-shared key” instead (a shared password, like Midd-standard has now). For these devices, we are creating a limited-access pre-shared key network called MCPSK. This is only for devices that cannot use MiddleburyCollege. If you suspect this applies to you, please contact us (see “What if I have more questions?” below).

How will we get there? What is the transition schedule?

To reduce the impact of this change, we are planning on a phased implementation that gives people time to transition from one network to another. For performance and capacity reasons, we cannot have more than four different wireless networks at once, so we will introduce new networks on the following schedule:

Now to 3/2 3/2 to 3/09 3/09 to 3/16 3/16 forward
midd_unplugged (transition to midd_secure)
MiddleburyCollege MiddleburyCollege MiddleburyCollege
midd_secure midd_secure (transition to MiddleburyCollege)
MCPSK MCPSK
Midd-standard Midd-standard Midd-standard (transition to MCPSK)
GuestAccountCreation
eduroam eduroam eduroam eduroam (unchanged – for guest access from other institutions)
  1. Anyone currently connecting to midd_unplugged should take a moment now to transition to midd_secure. If you have trouble connecting to midd_secure, please contact the Helpdesk for the password to Midd-standard.
  2. On Monday, March 2nd, midd_unplugged will be removed and we will introduce the new MiddleburyCollege network. From then on, all faculty, staff, and students should connect to MiddleburyCollege, though midd_secure and Midd-standard will continue to work for enough time to allow a smooth transition. We will prepare offices that frequently bring guests to campus to help them get connected to Midd-standard if necessary during this transitional period. In short, midd-unplugged will cease operating on 03/02/2015 – use midd_secure before then, and MiddleburyCollege after.
  3. On Monday, March 9th, all College personnel should be connected to MiddleburyCollege, and we will remove midd_secure to allow for the introduction of the MCPSK network. Starting on this day, anyone who hasn’t been using midd_secure due to incompatibility should first see if they can connect to MiddleburyCollege. If your device doesn’t support it, please contact the Helpdesk so we can connect you to MCPSK. For most devices, switch to MiddleburyCollege before midd_secure goes away on 03/09/2015.
  4. By Monday, March 16th, all individuals who have been using Midd-standard should have moved to another network, so we can remove Midd-standard and add GuestAccountCreation. To recap, switch to either MiddleburyCollege or MCPSK before Midd-standard goes away on 03/16/2015.

Other Frequently Asked Questions:

Are you saying guests will connect to the MiddleburyCollege network? Isn’t that a little weird from a security perspective?

There’s some behind-the-scenes magic there – people with Middlebury Guest accounts will be isolated from the regular Middlebury network and be provided with Internet access only.

Why start by removing midd_unplugged instead of another network?

For starters, it’s slow and insecure, but a good chunk of people keep using it, unaware that that’s the primary reason for their bad experiences. As much as possible during this transition, we want to make life easier for the people who are currently depending on the faster secure networks. We did consider temporarily disabling eduroam instead, since not as many people use it, but it’s part of an agreement with other universities and we want to honor that.

If I’m bringing a guest to campus after March 2nd, how can I make their experience easier?

The best thing to do is direct them to Middguests so they can create an account before they get here. Then, once they arrive on campus, they can immediately connect to MiddleburyCollege with their guest username and password. If they’ve forgotten their account info, once the GuestAccountCreation network is in place, it’ll provide links to help them reset their password or create a new account.

What about College faculty, staff, or students who’ve forgotten their password or don’t have one yet?

The GuestAccountCreation welcome page will also have a link to the password activation/reset page, and the Helpdesk phone number should anyone get stuck.

What if I have more questions?

If you have a technical issue, now or at any time, or if you need access to the limited MCPSK network, please make a ticket or call us at 802.443.2200 so we can assist you. If you have general questions about the plan, please post them here so everyone can see the answers.

Peace and change,

~Zach Schuetz for the Helpdesk

Go/middfiles II: Electric Boogaloo

This post was made in the fall, but technical issues delayed the implementation. We’re now ready to move forward.

Recently, we at the Helpdesk have spoken with many individuals who were disappointed with the interface and performance of NetStorage, but were unaware of other, usually superior ways to access their files.

In an effort to improve awareness, and in consultation with Central Systems and Network Services, we will be changing the go/middfiles shortcut, currently pointed directly to Netstorage, to lead to our main documentation about Middfiles. Using this documentation, users should be able to quickly connect using faster, better methods and be on their way.

We realize that this will be a significant change for some in our community, but we anticipate that over time, this will help people distinguish between Middfiles, the server system, and Netstorage, a web application that permits limited access to that system and is not intended for daily use. Netstorage will still be accessible via go/netstorage for edge cases like mobile devices that cannot use WebDAV.

The plan is to make the switch within the next few weeks. (EDIT: The changes have been made.) This post (available at go/middfileschange) will be updated with any new information.

As always, we invite your feedback via comments. For specific questions or issues, please make a ticket.

New VPN Client: Junos Pulse

We in LIS have been testing a new method of connecting to College resources from off-campus, and we are excited to announce that it is ready for prime time. The Junos Pulse client is available for Windows, Mac, Android, and iOS devices. Next time you’re off-campus, try it yourself – the instructions are at http://go.middlebury.edu/vpn.

Computers with existing NetConnect or Cisco VPN setups will still be able to connect that way for the foreseeable future – just open the appropriate program and connect. However, the website at https://vpn.middlebury.edu will change – instead of the current page where you login and are prompted to download NetConnect, you’ll be redirected to the new instructions for Junos Pulse.

This new method should be easier to use as well as allowing connections on a broader range of devices. As usual, we welcome your general feedback in the comments; if you’re having a specific issue or question about using it, please make a ticket to ensure a timely response. Thanks!

Go/middfiles, AKA “What is Middfiles, anyway?”

Recently, we at the Helpdesk have spoken with many individuals who were disappointed with the interface and performance of NetStorage, but were unaware of other, usually superior ways to access their files.

In an effort to improve awareness, and in consultation with Central Systems and Network Services, we will be changing the go/middfiles shortcut, currently pointed directly to Netstorage, to lead to our main documentation about Middfiles. Using this documentation, users should be able to quickly connect using faster, better methods and be on their way.

We realize that this will be a significant change for some in our community, but we anticipate that over time, this will help people distinguish between Middfiles, the server system, and Netstorage, a web application that permits limited access to that system and is not intended for daily use. Netstorage will still be accessible via go/netstorage for edge cases like mobile devices that cannot use WebDAV.

As always, we invite your feedback via comments. The current plan is to make the switch early next week. [ETA: This has been postponed pending a server update that should improve performance, especially with OSX 10.9.] If you have questions or need help, please feel free to call, click, or visit us anytime.