1 / 33

The challenge and solution for BYOD

The challenge and solution for BYOD. Bruce Lurie, Territory Sales Manager. The Direction of Education. WI-FI NETWORK ACCESS IS CHANGING…. Users want to connect more than just PC’s Both Institution and Personally Owned Devices. Mission Critical. Diversity of Devices. WLAN for Casual Use.

zulema
Download Presentation

The challenge and solution for BYOD

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. The challenge and solution for BYOD Bruce Lurie, Territory Sales Manager

  2. The Direction of Education

  3. WI-FI NETWORK ACCESSIS CHANGING… • Users want to connect more than just PC’s • Both Institution and Personally Owned Devices Mission Critical Diversity of Devices WLAN for Casual Use Diversity of Users • Collaboration requires access for • Employees • Guests • Students • Consultants

  4. …AND WITH ITBRINGS NEW IT CHALLENGES • How Do You Provision Secure Network Access For Bring Your Own Device (BYOD) • Under IT policies/control • Efficient / Cost-effective • Reduce reliance on IT • How Do You Provision Secure Network Access For New Types of User • Efficiently - requiring no IT interaction • Flexibly – Get users on the network quickly • Traceable – Be able to fully audit network use

  5. INTRODUCING IDENTITY MANAGER – SOLVING THE KEY PROBLEMS • Guest Management • Delivers secure, scalable wireless network access for guests, employees and their mobile devices. • Less reliance on IT while enforcing the policies set forth by IT • Smart Connect • Solves the greatest to barrier to secure connectivity adoption • Provision client devices for secure 802.1x based on pre-determined IT policy • Guest Management + Smart Connect • Addresses BYOD (Bring Your Own Device) for IT

  6. GUEST MANAGEMENT

  7. THE GUEST NETWORK – ENTERPRISE & PUBLIC HOTSPOTS • Enable improved productivity from suppliers and contractors • Strengthen collaboration between faculty and students • Becoming critical in education conferences • Presents a professional image to visitors and customers A Guest Network is used to provide network access for external users

  8. THE CHALLENGES OF DEPLOYING A GUEST NETWORK • How do you: • Easily create user accounts? • Provide the details to your guests? • Give different levels of access? • Audit and Record everything that happens? • Meet your security requirements?

  9. INTRODUCING GUEST MANAGEMENT WITH IDENTITY MANAGER

  10. PROVISIONING • Who should create user accounts? • Receptionist/Lobby Ambassador • IT Security • Managers • Help Desk • Anyone • Identity Manager lets you choosebased upon your security policy • Allowing anyoneto create accounts provides increased usage and will be just as secure • Reduced Cost • Full Audit Trail • Speed of access • Ease of use

  11. PROVISIONING USING THESPONSOR PORTAL • Policy Based Sponsor Portal for internal users • Full Web or Smartphone Sponsor Interface available • Authenticate with corporate credentials • Local Database • Active Directory • LDAP • RADIUS • Kerberos • Client Certificates

  12. CREATING GUEST ACCOUNTS 1. Enter user details 2. Specify the account length 3. Add user

  13. NOTIFYING GUESTS Send account information via print-out, email, or SMS text message

  14. CUSTOMIZABLE GUEST PORTALS Login Credit Card Welcome to ourguest hotspot! Fully customize this page and add the components you want! Guest Self Registration Password Change

  15. POLICY BASED GUEST PORTALS • Dynamically generate guest portal based upon your policy using: • Location IP Address Cookies HTTP HeaderLanguage Time of Day Web Browser GET Parameter • Device OS Mobile Device POST Parameter

  16. MANAGEMENT AND REPORTING Visibility and Management of Guest Users Sponsor Information Guest Information Account Management

  17. GUEST ACTIVITY REPORTING Internet Username: guestname IP Address: 192.168.1.1 Login Time: 11:30 Logout Time: 12:15 11:37 192.168.1.1 accessed http://www.google.com 11:38 192.168.1.1 usedthe bittorrent protocol 12:09 192.168.1.1 connected to vpn.mycompany.com Consolidated Audit Report of Guest Activity

  18. COMPLETE AUDIT OF GUEST ACTIVITY • When they logged in • Where they logged in • The guests address • What they did • What was allowed • What was disallowed

  19. MANAGEMENT REPORTS Full customized management reporting of the guest network

  20. SMART CONNECT

  21. THE CHALLENGES OF CONSUMERIZATION • Setup Connectivity without assistance? • Self Service Provisioning • Remove IT overhead • Quick easy access made secure • Differentiate between corporate and personal devices? • Grant different levels of network access • Enforce policies (password set, device locked etc)

  22. TRADITIONAL UNENCRYPTEDGUEST NETWORKS • Traditionally Guest Networks are built with • web authentication • no encryption • Lack of encryption means once you connect everyonecan see your traffic • In addition Web Authentication is easy, but not seamless • You need to open a web browser and enter a username/password • On the other hand 802.1x happens automatically in the background Unencrypted Internet Access Point Web Authentication Wireless Controller

  23. 802.1X IS THE ANSWER, BUT… 802.1x (WPA/WPA2) is hard to configure on clients 4. Trust the server certificate (lets hope its installed already) 2. Select your protocol 1. Connect to a network 5. Choose how you send your username 3. Select the EAP type

  24. AUTOMATED CLIENT CONFIGURATION WITH SMARTCONNECT Access Point Encrypted 1. Authenticate using web authentication 2. Download an applet to configure 802.1x 3. Automatically connect with 802.1x Identity Manager automates the configuration through a downloadable agent from the guest portal Supported Today: More to Come… Windows iPad/iPhone Apple Mac Android

  25. WALKTHROUGHSTEP 1 – INITIAL CONNECTION Identity Manager AccessPoint Wireless Controller User connects to “provisioning” or “guest” SSID Opens their web browser and gets redirected to the Identity Manager by the captive portal on the Wireless controller. The Identity Manager works out that an iPad (or any device) has connected and displays a web portal designed for that device.

  26. WALKTHOUGHSTEP 2 - PROVISIONING User enters AD authentication Identity Manager verifies it on corporate AD Identity Manager delivers an iPad Profile User accepts and install it User reconnects to the network using enterprise settings

  27. WALKTHROUGHSTEP 3 – CONNECT SECURELY • Now the device connects automatically at every access • Communication secured by WPA Enterprise 802.1x • Authentication against Identity Manager or Enterprise RADIUS Identity Manager RADIUS 802.1x AccessPoint Wireless Controller

  28. POLICY CONTROL Now you have devices connected you can apply policy to them • Where can they do? • Full Role Based Access Control • Per User Firewall rules, VLAN assignments etc • Policies by user or device • Different for corporate device vs personal device • When and Where • Where can they access from • Time of Day Restrictions

  29. TYPICAL DEPLOYMENT Internet Meru Controller wireless or wired Username: guestname IP Address: 192.168.1.1 Login Time: 11:30 Logout Time: 12:15 Out of Band Meru Identity Manager

  30. DEPLOYMENT OPTIONS

  31. LICENSING OVERVIEW • Identity Manager • Customer purchased hardware (SA200/2000) or VMware base SKU • License-able Features added to theIdentity Manager platform to turn onfeatures on a concurrent user basis • Guest Management • Licensed by concurrent guest users at any one time • Smart Connect • Licensed by active users who have been setup by Smart Connect

  32. NEW MAJOR FEATURES • Smart Connect for MAC OSX • Full downloadable application supports 10.5, 10.6, 10.7 • Smart Connect for Ubuntu Linux • Supports 11.04 and later • Smart Connect for Kindle Fire • Supports Amazon Fire for 802.1X configuration • Advanced Authorization Policy • Wizard based setup • Allows complex rules to be built (such as is user an employee and the device corporate owned)

  33. Thank you

More Related