An Automated Answer To WLAN Setup Headaches - InformationWeek
11:49 AM
Lee Badman
Lee Badman
Connect Directly
[Dark Reading Crash Course] Finding & Fixing Application Security Vulnerabilitie
Sep 14, 2017
Hear from a top applications security expert as he discusses key practices for scanning and securi ...Read More>>

An Automated Answer To WLAN Setup Headaches

At the beginning of every semester, university wireless networks face a massive BYOD challenge. Wireless network onboarding services ease the pain.

10 Tech Tools To Engage Students
10 Tech Tools To Engage Students
(click image for larger view)
Wireless networks can be very complicated. Technology is one thing, and the policy behind implementing your WLAN is completely another. There is a secret weapon to bringing order to your wireless client base -- and getting policy compliance as well -- in the form of onboarding.

In its simplest incarnation, client onboarding is an automated methodology that configures client devices for use on a specific wireless network. Rather than ask the human beings that use those devices to fumble their way through several steps to get their device settings right for use on a business-grade WLAN, onboarding does it for them. More sophisticated onboarding systems might go further than basic wireless profile setup; they might also do things like checking that Windows’ integrated firewall is enabled and that profiles for other non-secure wireless networks are removed.

Out in the wireless industry, the BYOD trend is touted as a relatively new phenomena, and onboarding has come to be seen as a must-have for customers and a must-provide for most major WLAN vendors. But those of us who support technology in the higher-ed space (and arguably to a lesser degree the K-12 tech folks) have been dealing with a client device base that is largely BYOD for years. We know that security and ease of use are often at odds, and that getting multiple operating systems to play on a secure WLAN can be a pain that throbs worse as operating systems get patched, drivers become dated and network technology refreshes. There are countless home-grown ways to tackle the issue, but modern onboarding solutions are way better.

[ When is email the wrong channel? Read University E-Mail Security Practices Criticized. ]

I have had the opportunity to see or try native onboarding solutions from WLAN vendors Aerohive, AirTight, Aruba, Meru and Motorola. Each is basically the same functional animal (there are only so many ways to configure client devices), with additional strengths and weaknesses to consider. In my own very large Cisco wireless deployment, we use a third-party onboarding solution called XpressConnect, from Cloudpath. This is a market that is growing, but most native onboarding solutions work only with the vendors' own WLAN environments.

The payoff in investing in an onboarding system is measured in time and support costs. For devices that you don't already tightly manage, every onboarded device has a known starting configuration and has usually been transferred to where your policies want it to go on the network as part of the onboarding process. When users muck up their own settings, the onboarding mechanism becomes a self-help tool for getting devices reconfigured. Because the tool is developed and supported professionally, it is (hopefully) kept up to snuff in the face of device OS updates. I can vouch that for me, XpressConnect has saved thousands of support hours for hundreds of thousands of student, faculty, and staff client devices through the last several years.

The mechanics of any onboarding system are similar. Through an administrative dashboard, you configure the settings that are appropriate for your environment. Exact settings will vary depending on the onboarding solution in use, but I can share a bit about XpressConnect and the various knobs I turn for my own onboarding service. These include setting 802.1x EAP (authentication protocol) types, authentication servers, SSIDs to be used, custom graphical elements, security settings to touch and a lot more. You can force a redirect to kick in at the end of the authentication process, for example to take newly configured users to an informational Web page. You can also have custom settings for different Windows and Mac OS flavors, different iOS and Android versions, and even limited support of Linux. It's powerful and fairly intuitive.

If you find yourself shopping, many onboarding services also have hooks into wireless guest portals, reporting on device types and counts in service, and other WLAN-related features you might need, so define your requirements well. As wireless hardware fast reaches the point where it's largely commoditized, services like onboarding really become a differentiator -- especially where IT talent and budgets are thin.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
8/16/2013 | 7:29:31 PM
re: An Automated Answer To WLAN Setup Headaches
"When users muck up their own settings, the onboarding mechanism becomes a self-help tool for getting devices reconfigured." That has to be music to the ears of your staff. Anyone want to share experiences with these services in an enterprise setting?
User Rank: Apprentice
8/15/2013 | 5:31:10 PM
re: An Automated Answer To WLAN Setup Headaches
Is a big question, and depends on individual school policies, and granularity with which different client demographics are handled. But, where corporate or educational, there are only so many ways to slice the cucumber.
David F. Carr
David F. Carr,
User Rank: Author
8/15/2013 | 1:41:18 PM
re: An Automated Answer To WLAN Setup Headaches
Are the wireless requirements for higher ed that much different than for any other enterprise these days?
How Enterprises Are Attacking the IT Security Enterprise
How Enterprises Are Attacking the IT Security Enterprise
To learn more about what organizations are doing to tackle attacks and threats we surveyed a group of 300 IT and infosec professionals to find out what their biggest IT security challenges are and what they're doing to defend against today's threats. Download the report to see what they're saying.
Register for InformationWeek Newsletters
White Papers
Current Issue
2017 State of IT Report
In today's technology-driven world, "innovation" has become a basic expectation. IT leaders are tasked with making technical magic, improving customer experience, and boosting the bottom line -- yet often without any increase to the IT budget. How are organizations striking the balance between new initiatives and cost control? Download our report to learn about the biggest challenges and how savvy IT executives are overcoming them.
Twitter Feed
Sponsored Live Streaming Video
Everything You've Been Told About Mobility Is Wrong
Attend this video symposium with Sean Wisdom, Global Director of Mobility Solutions, and learn about how you can harness powerful new products to mobilize your business potential.
Flash Poll