Network Access Simplification Program

This program will modernize the campus connection experience, providing a unified, secure, and accessible approach to wired and wireless networking for the entire UC Berkeley community. Launch: Aug. 2025 - Target End: Aug. 2027

Overview

For the campus community, obtaining network access is often a complex and confusing process. Difficulties related to manual configuration requirements and separate tools for wired and wireless access lead to frustration and increased support demands.

The Network Access Simplification (NAS) program addresses these issues by providing a single, accessible, easy-to-use tool for all campus network access setups. It enables passwordless network access, seamless device discovery, and secures wired access ports across all campus networks without requiring deep technical knowledge from departmental users.

Goals

  • Simplified Access - A single, accessible tool for all network setups. Eliminates manual configuration for Wi-Fi access.
  • Enhanced Security - Passwordless access via certificates on devices and EAP-TLS,  and secured wired network ports across campus.
  • Better Wi-Fi Quality - Optimizes radio channels to eliminate low-speed connections on Eduroam by abating 2.4GHz.
  • Modern Wired Service - A basic, secure wired network access service that doesn't require departmental IT intervention.

Projects

This program includes multiple projects that will begin in fall 2025 and are estimated to run through summer 2027.

  • Passwordless Wi-Fi Access - Deploy secure device onboarding and authentication for Wi-Fi devices using one-time CalNet authentication to install persistent certificates and EAP-TLS. This eliminates the need for users to generate service-specific keys or manually configure devices. Includes 2.4GHz abatement for cleaner wireless signals.
  • Connect Portal - Rebranding and improvement of the existing Wi-Fi Keys portal into a single "Network Access Management Portal.” Includes support for managing AirGroup devices and wired authentication.
  • AirGroups & Discovery - Enables device discovery and streaming (e.g., casting to a TV) for users on campus Wi-Fi. Designed to reduce the need for private residential Wi-Fi routers.
  • Campus Ethernet Service - Implements a basic wired service providing basic firewall and automatic DHCP without custom port configuration. 
  • Ethernet Port Authentication - Supports Information Security (ISIP) goals by ensuring all network devices are properly identified and meet endpoint security standards.

Program At-A-Glance

NAS Project Timeline

Project Charter

Executive Sponsor

Dave Browne, Executive Director of Campus IT Infrastructure, Berkeley IT

Steering Committee

  • Charron Andrus, Associate CISO, Berkeley IT, ISO
  • Dave Browne, Executive Director, Berkeley IT, CITI
  • Allison Henry, Chief Information Security Officer, Berkeley IT, ISO
  • Wes Johnson, Executive Director, Berkeley IT, CITE
  • Anthony D. Joseph, Professor at UC Berkeley
  • John Kubiatowicz, Professor at UC Berkeley and Computer Hardware Consultant
  • Ken Lutz, Chief Research Technology Officer, Research IT
  • Isaac Orr (ex officio), Senior Manager, Communications & Network, Berkeley IT, CITI
  • Anne Marie Richard, Chief Academic Technology Officer, RTL
  • Tracy Shinn, Associate Vice Chancellor & Chief Information Officer, Berkeley IT
  • Michelle White, Interim Director, SAIT

Project Team

  • Tim Behary - Service Offering Manager, Berkeley IT, Wired/Ethernet Network Services
  • Isaac Orr - Service Owner, Berkeley IT, Campus Data Network Services
  • David Rieger - Program Manager - Berkeley IT, TPG
  • Sean Schluntz - Service Offering Manager, Berkeley IT, Wi-Fi, Campus Firewall
  • Gary Thomas - Principal Wireless Network Engineer, Berkeley IT