How we gained a future-ready network to continue helping students achieve career success.
GUEST COLUMN | by David Boos
Although the U.S. is rediscovering how combining an associate’s education with apprenticeships helps people ascend the income ladder, it’s something we’ve known all along at Mitchell Technical Institute. Nationally, we’re recognized for moving students into the top 20 percent of households as adults.
Unsurprisingly, a key component in our ongoing mission to advance tomorrow’s workforce is continuously modernizing our networking infrastructure. As we’re completing a wireless refresh to adopt a solution based on Wi-Fi 6 for its game-changing experience and security improvements, we wanted to share the steps we recommend for achieving success.
Step 1: Stay Close to Your Students – They’ll Show You the Way
We regularly visit classrooms and informally poll students by asking them for the one thing they’d change about computing at MTI. Prior to our refresh, the answer was always “getting onto the network” due to our agent-based network access control (NAC) solution. It not only required manually logging in devices daily, but the agent failed regularly, requiring a reboot. Suffice to say that coming into class right before a test and not being able to quickly connect to the wireless network was more than frustrating. Eliminating this barrier became one of our prime directives.
“…a key component in our ongoing mission to advance tomorrow’s workforce is continuously modernizing our networking infrastructure.”
Step 2: Zoom Out to Get a Bird’s Eye View – Including Your Place in the World
Like many peer institutions, MTI plays a broader role in our community. This includes welcoming external groups to leverage our facilities in numerous ways. As outside users typically request various types of technology support, it’s critical to equip our three-person IT team with solutions that automate and streamline network administration. For example, meeting an external event’s access requirements was neither fast nor easy with our legacy system’s management tools. As the quantity and complexity of such external requests grew, the associated increase in IT resources was more than we could sustainably dedicate.
Step 3: Honor Economic Cycles – Account for Good Times and Bad
Although cloud-based deployments frequently offer economic advantages, we determined that on-premise, controller-based Wi-Fi provided us with better long-term financial predictability. For the two cloud-managed options we evaluated, each required a subscription for the hardware to run. While cost-effective during the first five years of licensing, a challenged budget in year six could mean they would either cease operating or only do so based on the last known configuration.
Step 4: Ensure You’re Not Alone – Phone Some Friends
After thoroughly evaluating the options, we favored a holistic Wi-Fi, security and switching solution from Aruba, a Hewlett Packard Enterprise company. In addition to meeting our capabilities requirements, our decision was aided by consulting their other higher education customers, who spoke positively about deployments. This gave us confidence that we were joining a robust user community.
Step 5: Teach Yourself to Fish – It’s an Efficient, Effective Deployment Strategy
For the Wi-Fi, security and switching implementation, we pursued a learn-by-doing strategy. A local technology integrator came on site to teach us how to deploy from the ground up. They supplied us with demo units of all components, enabling us to gain skills and confidence in advance. As a result, our production roll-out was so non-disruptive that our Marketing Director commented she could see APs with a different logo on them on her ceiling, but she didn’t otherwise notice anything during the deployment.
Step 6: Unify Network Access Control – It’ll Help You Get to Zero-Trust
In addition to the Wi-Fi network itself, we deployed our partner’s vendor-agnostic policy-based NAC, ClearPass, to unify access control of our wired and wireless networks, and Microsoft Intune for mobile device management (MDM), to leverage our Microsoft-enabled application environment. By combining ClearPass with Intune, students can now register their devices before they come to campus for an instant connection when they arrive.
Further, in IT, ClearPass enables us to apply smart, granular access policies across our landscape. This is particularly important given our unique device environment, which supports the typical mixture of desktops, institution-issued devices and BYOD gear, as well as a variety of MTI-mandated devices for specific degree programs. Overall, unified access management contributes significantly to achieving our zero-trust goals. Zero-trust means nothing inside or outside an organization’s network is automatically trusted, requiring anything and everything that requests a connection to be verified before granting access.
Step 7: Dynamically Segment Your Port Traffic – You’ll be Glad You Did
Another security capability we appreciate is dynamically segmenting traffic for on-the-fly role assignment to the appropriate switching port. This frees us from pre-configuration chores while maximizing switching resources to keep user and device data separated and secure, regardless of the service or application.
Among other things, dynamic segmentation is helping secure HVAC system traffic that we’re moving to our network. Given the high-profile hacks originating in such systems reported by others, it’s critical for us to limit the network applications accessed by our HVAC solution no matter which port a contractor plugs into.
Step 8: Circle Back to Celebrate Success – It Boosts Everyone’s Confidence in Your Wi-Fi
When we visit classrooms today, no students complain about network access. This is a tremendous win because now we can move on to other initiatives, such as using Wi-Fi to support 4K streaming video signage and adding location-based services to improve campus navigation.
Academically, our instructors report a range of benefits. For instance, our drafting lab instructor previously spent up to two class periods at the beginning of every term ensuring all students properly downloaded AutoCAD. Now, it takes only 20 minutes.
Instructors also appreciate using Microsoft Teams for broadcasting their screens onto student laptops. This is prevalent in courses that teach the design, building and repair of the engineering automation controls known as Supervisory Control and Data Acquisition (SCADA), an industry segment that keeps the lights on, water flowing, environment controlled and security assured throughout the developed world.
Additionally, with MTI at the forefront of a nationwide transition to constructing modular residential, commercial and agricultural buildings, our new network supports students from multiple programs working in collaboration on rapidly designing and prototyping a structure they ultimately build.
From a community-facing perspective, we’re more assured we can say ‘yes’ to any request. For example, our help desk manager easily and securely met the complex access needs of a recent K-12 VEX Robotics Competition, which would have been impossible previously.
Regardless of what our future holds, we’re delighted we adopted the right technology for us. If you’re evaluating a similar transition, our advice is simple: Go for it.
 Fast Facts 2019, Mitchell Technical Institute.
 World’s Top 7 Smart Cities Of 2015 Are Not The Ones You’d Expect, Forbes, January 28, 2015
David Boos has served as the Director of Technology at South Dakota-based Mitchell Technical Institute since 2014. He has overseen a variety of modernization projects that have helped MTI become a top U.S. Community College and win recognition for significant contributions toward making Mitchell one of the world’s elite Smart Cities. Boos holds a Bachelor of Business Administration and Bachelor of Information Systems from Dakota State University, and is currently working on his MBA also through Dakota State University.