An Automated Answer To WLAN Setup Headaches

At the beginning of every semester, university wireless networks face a massive BYOD challenge. Wireless network onboarding services ease the pain.

Lee Badman, Contributor

August 14, 2013

4 Min Read
InformationWeek logo in a gray background | InformationWeek

10 Tech Tools To Engage Students

10 Tech Tools To Engage Students


10 Tech Tools To Engage Students (click image for larger view)

Wireless networks can be very complicated. Technology is one thing, and the policy behind implementing your WLAN is completely another. There is a secret weapon to bringing order to your wireless client base -- and getting policy compliance as well -- in the form of onboarding.

In its simplest incarnation, client onboarding is an automated methodology that configures client devices for use on a specific wireless network. Rather than ask the human beings that use those devices to fumble their way through several steps to get their device settings right for use on a business-grade WLAN, onboarding does it for them. More sophisticated onboarding systems might go further than basic wireless profile setup; they might also do things like checking that Windows’ integrated firewall is enabled and that profiles for other non-secure wireless networks are removed.

Out in the wireless industry, the BYOD trend is touted as a relatively new phenomena, and onboarding has come to be seen as a must-have for customers and a must-provide for most major WLAN vendors. But those of us who support technology in the higher-ed space (and arguably to a lesser degree the K-12 tech folks) have been dealing with a client device base that is largely BYOD for years. We know that security and ease of use are often at odds, and that getting multiple operating systems to play on a secure WLAN can be a pain that throbs worse as operating systems get patched, drivers become dated and network technology refreshes. There are countless home-grown ways to tackle the issue, but modern onboarding solutions are way better.

[ When is email the wrong channel? Read University E-Mail Security Practices Criticized. ]

I have had the opportunity to see or try native onboarding solutions from WLAN vendors Aerohive, AirTight, Aruba, Meru and Motorola. Each is basically the same functional animal (there are only so many ways to configure client devices), with additional strengths and weaknesses to consider. In my own very large Cisco wireless deployment, we use a third-party onboarding solution called XpressConnect, from Cloudpath. This is a market that is growing, but most native onboarding solutions work only with the vendors' own WLAN environments.

The payoff in investing in an onboarding system is measured in time and support costs. For devices that you don't already tightly manage, every onboarded device has a known starting configuration and has usually been transferred to where your policies want it to go on the network as part of the onboarding process. When users muck up their own settings, the onboarding mechanism becomes a self-help tool for getting devices reconfigured. Because the tool is developed and supported professionally, it is (hopefully) kept up to snuff in the face of device OS updates. I can vouch that for me, XpressConnect has saved thousands of support hours for hundreds of thousands of student, faculty, and staff client devices through the last several years.

The mechanics of any onboarding system are similar. Through an administrative dashboard, you configure the settings that are appropriate for your environment. Exact settings will vary depending on the onboarding solution in use, but I can share a bit about XpressConnect and the various knobs I turn for my own onboarding service. These include setting 802.1x EAP (authentication protocol) types, authentication servers, SSIDs to be used, custom graphical elements, security settings to touch and a lot more. You can force a redirect to kick in at the end of the authentication process, for example to take newly configured users to an informational Web page. You can also have custom settings for different Windows and Mac OS flavors, different iOS and Android versions, and even limited support of Linux. It's powerful and fairly intuitive.

If you find yourself shopping, many onboarding services also have hooks into wireless guest portals, reporting on device types and counts in service, and other WLAN-related features you might need, so define your requirements well. As wireless hardware fast reaches the point where it's largely commoditized, services like onboarding really become a differentiator -- especially where IT talent and budgets are thin.

About the Author

Lee Badman

Contributor

Lee is a Wireless Network Architect for a large private university. He has also tought classes on networking, wireless network administration, and wireless security. Lee's technical background includes 10 years in the US Air Force as an Electronic Warfare systems technician and Master Technical Training Instructor, and a stint in telecommunications in the private sector. Lee is an active Extra Class amateur radio operator (KI2K), and has a wide range of technical hobbies. He has helped organize and has presented at several higher education and industry conferences, and has done extensive freelance writing work for a number of IT, low voltage, and communications periodicals. Follow him on Twitter at @wirednot, and read his personal blog at wirednot.wordpress.com.

Never Miss a Beat: Get a snapshot of the issues affecting the IT industry straight to your inbox.

You May Also Like


More Insights