sammythesm wrote:Are the concerns for having "too many users" on the network base on IP address pool limitations or for bandwidth usage limitations?
For the IP address concern, I'd recommend pushing for 881 upgrades. GSC can then add a whole additional class C subnet to the router, if necessary, to expand the address pool to over 300 IP addresses. As always noted, your mileage with your FM budget may vary, but get your StkPrez on board and you might get it quicker.
Good to know
sammythesm wrote:For the bandwidth concerns, I'd recommend taking a deep breath and letting the ecosystem figure it out. Most critical Clerk functions (MLS transfers, web browsing, email, etc) are very low-bandwidth use. So, the threat to clerk computers' exclusive use of the connection is low. Even if there is a lot of traffic from other users, those packets will surely slip through relatively easily, people will learn/be taught to be sensible and judicious in their usage, and to be a good neighbor to the wireless users around them.
The only time that I worry about bandwidth is when running a webcast. Otherwise, it is catch as can.
sammythesm wrote:To me, there is a valid security concern with having wireless devices on the same VLAN as clerk/administrative computers - not because of inherent Windows insecurity - but more because there are lots of folks who create insecurity in their Windows setup - sharing folders, enabling remote desktop, etc. Adding a layer of network isolation would add a bit more security (and might also have other side-benefits discussed elsewhere in this forum (disabling of wireless traffic during broadcasts, artificially throttling bandwidth available to the wifi, giving priority/QoS to the right traffic, etc)
The benefit I see to not splitting the network is that I can log on to the network and print to the networked printer in the Stake Clerks office. The downside is that anyone could do the same.
I really like the idea of a public open network and a private encrypted network. Kill 2 birds with one stone that way.
sammythesm wrote:That said, I'm really looking forward to the new authentication scheme. To address dfdavis' concerns: I've basically given up on being selective about Internet usage at church. Our stake took a 'limited' approach to the WiFi password for years, as we've had a building with WiFi for several years now. Over time, with the turnover in callings and the password never changing, pretty much everyone has access who wants it. And mostly for good reason - indexing activities, church callings, etc, have necessitated passing it around and letting the connection be used. I can see great utility in having broad, church-member (and non-members who are willing to create LDS Accounts) access. This new authentication scheme delivers that in a great user experience to the user (just associate to the network and authenticate using a known credential). It will also drive people to creating and remembering their LDS Account credentials, which can only be a good thing given all the other uses it has. I see only upside to this change.
We have had similar experiences. As of now, most every adult who wants to can get on. Most of the youth are still locked out though. Being able to go to any building (that has internet) and get online would be a big plus for me...
Aaron Z