Mobility Network

Definitions

Traditional network: individual wall jacks configured to a specific network (regardless of what device is plugged into it)

Mobility network: allows the wall jack to be dynamically configured depending on the device that's connected to it. Mobility networking allows you to keep your individual network access as you move around campus while ensuring other users won't gain your network access if they plug into the same jack you had previously used. The software that implements mobility networking is called ClearPass, and you might hear us using both terms (mobility and clearpass network) indistinctly and interchangeably. The term mobility network is used to refer to the new standard that will be implemented gradually all around campus and replaces Harvard's traditional network.

Implementation Schedule

While the plan for mobility networking is to eventually be deployed everywhere at the University level, the rollout will not happen until network hardware changes can be implemented. New buildings will have mobility networking from the beginning. SEAS buildings will be transitioned to mobility networking in late spring 2020 (decisions are on hold because of COVID-19 planning and schedule changes).

Cruft, Pierce, Maxwell Dworkin, ESL, McKay

Traditional Network

The way most networks run in buildings is by setting the configuration of the switches statically (managed by HUIT). The network configuration that your computer/device will receive when connecting to the jack in the wall is determined by the configuration of the port in the switch at the other end of the wall (as long as you are registered).

If a group has their own lab network and they were to move out from that space, they would need the network team to configure the new location with their network and to deprovision the configuration at the old location.

Mobility Network

The new network paradigm works in a dynamic way; the system of record is going to be the same that you've been using on your wireless devices for the last years which brings uniformity:  https://getonline.harvard.edu

This dynamic system (ClearPass) holds the information that relates a device with a role, which in turn has a network association. When one self-registers a device in the tool, the default generic Harvard role is assigned. That role maps to a default network that behaves like the wireless one where there is unrestricted access to the internet but no access to and from other networks.

If a device needs to be placed in a specific network, the specific role (that maps to a network and its related access controls) needs to be applied to the device. That action can be performed by IT without the intervention of the network team.

How it works

The new system is dynamic and it works according to several steps:

1. A computer connects to a jack in a building with mobility enabled
2. When the switch detects the new computer or device, it sends a request to the ClearPass system
3. The ClearPass database has the list of devices and roles are they assigned to. As soon as it receives the MAC address for the device, it returns the name of the role that the device is registered to.
4. The switch has the list that connects the roles with networks. As soon as the switch receives the name, it changes the jack configuration to the right network.
   1. If the device was not registered, ClearPass will place it in a general restricted role which will allow the computer to self-register and nothing else.

This process takes seconds and allows a computer to move around SEAS buildings while remaining on the designated network*

Buildings and Types of Networks

Mobility networking can only work in buildings with the right network hardware. Unfortunately, buildings we share with other schools have not yet been updated.

Buildings with mobility enabled: (mobility rollout on hold due to stay-at-home advisory, planned for late-spring 2020)

• ESL
• MD
• Pierce
• Cruft
• Gordon Mckay
• 114 Western Ave (Allston)
• SEC (Allston)

Buildings with traditional networking:

• 60 Oxford Street
• NorthWest Labs
• Lise

Types of Mobility

There are two types of mobility networks:

Building mobility

This is the type that is more similar, in terms of implementation, performance and characteristics, to the traditional network. It still allows for dynamic port configuration, but the networks are only available in a single building (or two within the same network region). The geographical restriction allows for better network performance which is required for some high traffic applications like in-class video capture or research data.

Campus mobility

A campus mobility network allows for a network to be anywhere on the different Harvard campuses (as long as those buildings are mobility-enabled). For that to happen there is a performance hit as traffic is tunneled upstream (to date it is unclear how much that performance hit is; it's definitely not recommended for networks with remote storage needs).

With a campus mobility setting, a lab network can expand the wire and the wireless realm, which might be convenient for those working with wireless devices. The restriction is that the network can only run on Harvard Secure (not Harvard University which is not secure).

FAQ

1. This change DOES NOT affect server networks that exists exclusively on the server room
2. What if I move across buildings?
   
   1. From a mobility-enabled building to another mobility-enabled building
      
      1. Let SEAS Field Support know if you have specific network requirements. For performance reasons, not all networks are available in all buildings, and if you have a static IP, that may need to be changed.
   2. From a mobility-enabled building to a building with traditional networking
      

      1. Let SEAS Field Support know if you have specific network requirements. They will let you know if it is possible to keep your previous network or if you will need to be put on a new one.

   3. From a building with traditional to a mobility-enabled building

      1. Let SEAS Field Support know if you have specific network requirements. They will let you know if it is possible to keep your previous network, or if you will need to be put on a new one.

   4. From traditional to traditional
      1. Please provide Field Support the jack you are moving from and to, and whether you have specific networking needs.
3. What about Allston?
   1. Allston is already setup for full mobility networking.
   2. The networks in Allston are different from those in Cambridge.
   3. We've designed the networks so that the move doesn't impact you. The transition to mobility happens first in Cambridge so that Allston is not a concern during the move.
   4. I'm a research group with my own network:  If your lab has a network, please work with SEAS Computing to coordinate the move of that network to your new location in Allston (or within Cambridge).
      
      1. Depending on your needs, it might be possible to make your lab network available on both sides of the river (campus mobility). Our objective is to make this change as transparent as possible for you.

Troubleshooting

If you experience issues and aren't getting connectivity out of a wall jack, please follow these steps:

1. Are there LEDs on your network interface (within your device) that are lit up? 
   1. If there aren't: It could be that the jack is not enabled. That requires for the network team to physically activate that wall jack or for you to find another one.
   2. If there are: your device may not be registered. In most cases, opening a browser should automatically redirect you to https://getonline.harvard.edu. If it doesn't, manually type in the address and follow the instructions like you've done with your wireless devices.
2. Are you daisy-chained to a phone?
   
   1. In order to get the right network or if your role has been changed, make sure you disconnect the phone from the jack on the wall AND then disconnect the computer from the phone.
3. As mentioned before, not all networks exist on all buildings. If you have moved, you might need to contact us to make changes to your configuration.

If you have a fixed IP and you are not getting it:

• If you moved, it could be that your network is not in that location
• If you have the IP hard-coded to your computer, please remove that configuration and let us know of your need for a fixed IP. Hard coding IPs makes the network unstable and makes our work to track potential issues much harder.