Education IT Pros Petition Apple To “Fix” Bonjour

By

IT Pros like the idea of Bonjour, AirPlay, and AirPrint, but feel they don't fit will on college campuses.
IT Pros like the idea of Bonjour, AirPlay, and AirPrint, but feel they don't fit will on college campuses.

An online petition has been created to try to convince Apple to make changes to its Bonjour network discovery service and related technologies including AirPlay and AirPrint. The petition is asking Apple to redesign Bonjour and other services to deliver a better fit with education and enterprise networks. It was started by Lee Badman, wireless network architect for Syracuse University, on behalf of the Higher Ed Wireless Networking Admin Group at Educause, a non-profit resource organization for IT staff working in higher education.

The petition will run on Change.org through this Friday (August 10) in hopes of securing at least 1,000 signatures (it is just over the halfway mark as of this writing).

The petition notes that as Apple’s iOS devices including the Apple TV have become common on campuses around the world and identifies a handful of problems when it comes to using the devices on a campus wireless network. The changes that the group is seeking to have addressed center around the following issues.

  • Bonjour and related services don’t function across multiple network segments or subnets, which are common in school and corporate networks.
  • Bonjour device and service discovery adds a significant load onto wireless networks.
  • The Apple TV doesn’t support WPA2-Enterprise authentication.
  • The Apple TV doesn’t offer strong enough security when it comes to its connection with iTunes libraries and other devices.

It’s worth noting that Apple did develop a feature called Wide Area Bonjour that it launched with Leopard Server that is designed to use dynamic DNS updates to build an organization-wide list of Bonjour devices and services. The petition states that both Apple’s Wide Area Bonjour feature and dynamic DNS updates aren’t an effective solution.

For wired devices, Bonjour poses fewer issues as it is possible to configure virtual LAN segments (VLANs) such that specific network ports on various switches or routers are placed on the same virtual network segment as specific Mac, PCs, printers, and other devices. This approach can also support the Apple TV via its built-in Ethernet port.

A number of companies are now building enterprise wireless networking devices that can manage Bonjour traffic and/or offer a Bonjour gateway that can route discover and traffic across network segments. Products from Aerohive (PDF link), Aruba, and Cisco are coming to market that address some, if not all, of the issues identified in the petition.

The entire text of the petition is quoted below. You can visit Change.org to sign or review the range of comments made by IT professionals that have signed it.

Greetings,

I just signed the following petition addressed to: Apple Inc..

—————-

We the undersigned academic and research institutions request that Apple provide improved support for Airplay and Bonjour technologies in our academic environments.

Our institutions are seeing an Apple client device penetration of around 50% on our campuses. This amounts to thousands of Apple client devices whose owners desire to use their Apple TV and other Bonjour enabled devices in a variety of scenarios:

– Based on Apple’s own advertising, our faculty, staff, and students are requesting that we provide Apple TVs in our conference rooms, laboratories, and auditoriums so that they may use Airplay technology for presentations and demonstrations.

– Our faculty, staff, and students are requesting the ability to utilize Airprint to print from their Apple devices on our enterprise networks.

– Our students want to operate Apple TVs in their dormitory rooms which often utilize our institutions’ enterprise wireless and wired networks.

Unfortunately, the following limitations of Apple’s Apple TV, Airplay, and Bonjour technologies make it very difficult to support these scenarios on our standards’ based enterprise networks:

– Airplay does not work when Apple TV’s and Apple client devices are on different IP subnets. It is common for the enterprise wireless and wired networks in our institutions to utilize different IP subnets.

– Bonjour technologies also do not work in a scalable, sustainable fashion between different IP subnets. Work arounds such as Wide-Area Bonjour (DNS-SD) and Dynamic DNS updates have major scalability and security issues in enterprise networks.

– For performance and security reasons, many of our institutions do not enable IP multicast on their enterprise wireless networks. This limits the usefulness of current Bonjour technologies.

– The majority of our institutions’ enterprise wireless networks utilize WPA2-Enterprise authentication and encryption. Current Apple TV’s cannot connect to these networks even though the majority of Apple’s other devices can.

– The security method used to connect Apple devices to Apple TVs (a single password per Apple TV) opens the devices to “hijacking” by unauthorized users.

Specifically, we request the following:

– That Apple establish a way for Apple TV’s be accessible from Apple’s client devices across multiple IPv4 and IPv6 sub-nets.

– That Apple improve Bonjour technology so that it will work in scalable and supportable fashion in large enterprise wireless and wired networks.

– That the Apple TV support enterprise wireless encryption and authentication (WPA2-Enterprise).

– That authentication between Apple devices and the Apple TV be able to utilize enterprise Authentication, Authorization, and Accounting (AAA) services.

Any enterprise Airplay/ Bonjour solution needs to meet the following criteria:

– It must scale to a range of hundreds to thousands of Airplay and Bonjour enabled devices in a given environment.

– It must work with wired and wireless networks from different vendors.

– It must not significantly negatively impact network traffic (wired and wireless).

– It must be easily manageable at an enterprise scale.

– If it requires a separate hardware solution, that the solution must be enterprise grade (rack mountable, dual power supplies, etc.)

– It must be provided at a reasonable cost.
Providing support for Bonjour and Airplay Technologies on enterprise networks would benefit both our institutions and Apple by allowing Apple device owners the ability to use their devices as teaching and research aids, increasing the utility of and desirability of those devices.

We would be happy to collaborate with Apple in improving the support for these devices in our environments.

—————-

Sincerely,

[Your name]

Source: Change.org

Via: Network World

 

Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.