In its simplest incarnation, client onboarding is an automated methodology that configures client devices for use on a specific wireless network. Rather than ask the human beings that use those devices to fumble their way through several steps to get their device settings right for use on a business-grade WLAN, onboarding does it for them. More sophisticated onboarding systems might go further than basic wireless profile setup; they might also do things like checking that Windows’ integrated firewall is enabled and that profiles for other non-secure wireless networks are removed.
Out in the wireless industry, the BYOD trend is touted as a relatively new phenomena, and onboarding has come to be seen as a must-have for customers and a must-provide for most major WLAN vendors. But those of us who support technology in the higher-ed space (and arguably to a lesser degree the K-12 tech folks) have been dealing with a client device base that is largely BYOD for years. We know that security and ease of use are often at odds, and that getting multiple operating systems to play on a secure WLAN can be a pain that throbs worse as operating systems get patched, drivers become dated and network technology refreshes. There are countless home-grown ways to tackle the issue, but modern onboarding solutions are way better.
[ When is email the wrong channel? Read University E-Mail Security Practices Criticized. ]
I have had the opportunity to see or try native onboarding solutions from WLAN vendors Aerohive, AirTight, Aruba, Meru and Motorola. Each is basically the same functional animal (there are only so many ways to configure client devices), with additional strengths and weaknesses to consider. In my own very large Cisco wireless deployment, we use a third-party onboarding solution called XpressConnect, from Cloudpath. This is a market that is growing, but most native onboarding solutions work only with the vendors' own WLAN environments.
The payoff in investing in an onboarding system is measured in time and support costs. For devices that you don't already tightly manage, every onboarded device has a known starting configuration and has usually been transferred to where your policies want it to go on the network as part of the onboarding process. When users muck up their own settings, the onboarding mechanism becomes a self-help tool for getting devices reconfigured. Because the tool is developed and supported professionally, it is (hopefully) kept up to snuff in the face of device OS updates. I can vouch that for me, XpressConnect has saved thousands of support hours for hundreds of thousands of student, faculty, and staff client devices through the last several years.
The mechanics of any onboarding system are similar. Through an administrative dashboard, you configure the settings that are appropriate for your environment. Exact settings will vary depending on the onboarding solution in use, but I can share a bit about XpressConnect and the various knobs I turn for my own onboarding service. These include setting 802.1x EAP (authentication protocol) types, authentication servers, SSIDs to be used, custom graphical elements, security settings to touch and a lot more. You can force a redirect to kick in at the end of the authentication process, for example to take newly configured users to an informational Web page. You can also have custom settings for different Windows and Mac OS flavors, different iOS and Android versions, and even limited support of Linux. It's powerful and fairly intuitive.
If you find yourself shopping, many onboarding services also have hooks into wireless guest portals, reporting on device types and counts in service, and other WLAN-related features you might need, so define your requirements well. As wireless hardware fast reaches the point where it's largely commoditized, services like onboarding really become a differentiator -- especially where IT talent and budgets are thin.