Managing Student Devices on the School Wireless Network


Published on

From the NCAIS Innnovate 2011, Michael McNamee presents How to Manage Student Owned Devices on the School Wireless Network, without bogging down the IT departments time and resources. For more information, visit

Published in: Technology, Business
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Managing Student Devices on the School Wireless Network

  1. 1. BYOD – Bring Your Own Device How a Campus Nightmare Is Averted Presented by: Michael McNamee NCAIS Innovate 2011
  2. 2. Evolution of the Access Device <ul><li>Ethernet </li></ul><ul><li>No need for QoS </li></ul><ul><li>One per user </li></ul><ul><li>IT sanctioned </li></ul><ul><li>Security per port </li></ul><ul><li>Ethernet and Wi-Fi </li></ul><ul><li>Data QoS </li></ul><ul><li>One per user </li></ul><ul><li>IT sanctioned </li></ul><ul><li>Security per user </li></ul><ul><li>Wi-Fi only </li></ul><ul><li>Multimedia QoS </li></ul><ul><li>Many per user </li></ul><ul><li>Staff & Student owned </li></ul><ul><li>Security per context </li></ul>
  3. 3. Creates a New Network Imperative Fixed Network Investment Mobility Network Investment 2000 2005 2010 0 mobile device, 4 ports / user 1 mobile device, 2 ports / user 2-3 mobile devices, 1 port / user
  4. 4. Evolution of the Access Policies The Competition ROLE Based Access   CONTEXT Based Access ? SecureX in 2012 ?  Device ID VLAN Based Access  
  5. 5. Enterprise Mobility: A Perfect Storm (*) Source: Gartner 10x growth by 2013! Virtual Desktops <ul><li>Virtual Desktops :45M installations by 2013 </li></ul><ul><li>Citrix XenDesktop, VMware View </li></ul>Collaboration <ul><li>Social Business : Jive, Chatter, Yammer </li></ul><ul><li>Connections : Lync, Telepresence, Facetime </li></ul><ul><li>Custom educational multimedia apps </li></ul><ul><li>> 50% of staff adopting video </li></ul>Multimedia Mobile Devices Fortune 100 >80% deploying iPad & iPhone Smartphones 289M in 2010  1B in 2013* Tablets 54.8M in 2011  300M in 2013*
  6. 6. Exponential Pressure on IT Departments End Users IT Managers Can I work from home? No! Can I use my iPad? No! Can I video conference? No! Can I connect outdoors? No!
  7. 7. Trapped Budgets in Existing Networks Not Suited For Mobility “ Failure to put a comprehensive mobility strategy in place typically leads to higher cost, lower security, silo-ed solutions, and unnecessary duplication of services . ” — Gartner, July 2010 <ul><li>Disparate networks </li></ul><ul><li>Siloed services </li></ul><ul><li>Built for client-server </li></ul><ul><li>No single view of users or devices </li></ul><ul><li>No context awareness </li></ul>Manager 1 Manager 2 Manager 3 Manager 4 Manager 5 WIRELESS WIRED VPN REMOTE OFFICE OUTDOOR VLAN 100 VLAN 200 VLAN 300 VLAN 400 VLAN 500
  8. 8. Introducing Aruba MOVE™: Access Network Architecture for Mobility Thin Access On-Ramps Integrated Mobility Services DATACENTER WIRELESS WIRED VPN REMOTE OFFICE OUTDOOR <ul><li>Centralized Control </li></ul><ul><li>Thin Access </li></ul><ul><li>Rapid Service Delivery </li></ul><ul><li>Zero touch deployments </li></ul><ul><li>for BYOD, Voice, Video </li></ul><ul><li>Context-based Policies </li></ul><ul><li>User, Device, Location and Application Aware </li></ul>
  9. 9. New Mobility Services Highest Security Device fingerprinting IPv6 certified firewall Suite B encryption RF Optimizations Apple Facetime QoS Spectrum Enhancements Multicast Enhancements Network Management Wireless & Wired Device Visibility Context Aware Access Management Industry ’ s only self-registration portal for smartphones and tablets Authorization Security RF Management
  10. 10. New Access On-Ramps Aruba S3500 Series Industry ’ s only mobility access switch, truly unifying wireless and wired Aruba AP-134/135 Industry ’ s only Gigabit AP with firewall and spectrum analysis Aruba Instant Industry ’ s first enterprise-grade Wi-Fi that can be setup in under 3 minutes Aruba AP-175 Series Aruba ’ s industry-leading 802.11n technology – now available outdoors Aruba VIA on Mobility Controllers Now available for MAC OS X
  11. 11. Bring Your Device to Campus with SecurEdge Mobile Device Access Control Solution End User Requirements IT Requirements <ul><li>Easy to Connect </li></ul><ul><li>Device Self Registration </li></ul><ul><li>High Performance </li></ul><ul><li>QoS for each app </li></ul><ul><li>Quick to Troubleshoot </li></ul><ul><li>Monitor and locate each device </li></ul><ul><li>Zero Touch </li></ul><ul><li>Auto install Certificate </li></ul><ul><li>Ready for High Density </li></ul><ul><li>Fair bandwidth to all devices </li></ul><ul><li>Always Secure </li></ul><ul><li>Protect each device user </li></ul>
  12. 12. Bring Your Device to Campus 802.11n AP Mobility Controller Registration Server <ul><li>Zero IT touch, context aware access </li></ul>LAN & WLAN Management <ul><li>Auto-identification of user, device, application </li></ul><ul><li>Monitoring, reporting per user and per device </li></ul>Device Self Registration Device Visibility Device Fingerprinting
  13. 13. The SecurEdge Campus Only Context Aware Access Network Indoor and Outdoor APs Mobility Access Switches Mobility Services in Enterprise Cloud <ul><li>Integrated Network Services </li></ul><ul><li>Highest Density Wireless LANs </li></ul><ul><li>Unified Wireless, Wired Access </li></ul>
  14. 14. Mobility Enables Network Rightsizing ~70% Reduction in Access Network TCO VPN Thin On-Ramps Common Policy Single Interface
  15. 15. Rightsizing Example: 2000 Employee Organization $950 $1,211 Capex Opex Other Solutions SecurEdge Solution 70% Lower 3-Year Access Network TCO Per User <ul><li>2,000 Students </li></ul><ul><li>300 Staff </li></ul><ul><li>75% use laptops </li></ul><ul><li>25% use desktops </li></ul><ul><li>80% use smartphones </li></ul><ul><li>30% use tablets </li></ul><ul><li>100% need VPN </li></ul><ul><li>30% have off campus needs </li></ul><ul><li>Guest Access </li></ul><ul><li>Phase out desk phones </li></ul>$209 $491
  16. 16. Mobility Services <ul><li>Network Operations </li></ul><ul><li>Device & User Authorization </li></ul><ul><li>RF Visibility & Management </li></ul><ul><li>Network, User & Data Security Policies </li></ul>Authorization Security RF Management
  17. 17. Mobility Services Only Unified Mobility Services in Enterprise Cloud <ul><li>Device & User Authorization </li></ul><ul><li>RF Visibility & Management </li></ul><ul><li>Network, User, Data Security </li></ul><ul><li>Network Operations </li></ul>Management Device & Guest Registration Mobility Controller
  18. 18. <ul><li>Support for Mobile Devices </li></ul><ul><li>Device Fingerprinting </li></ul><ul><li>Stateful QoS for Apple Facetime </li></ul><ul><li>IPv6 interfaces and routing </li></ul><ul><li>Industry ’ s Best Security </li></ul><ul><li>Suite B encryption for Wi-Fi and VPN </li></ul><ul><li>USGv6, ICSA IPv6 certified firewall </li></ul>
  19. 19. Network(s) Management <ul><li>Device Visibility </li></ul><ul><li>Search, monitor, report, troubleshoot based on device type </li></ul><ul><li>Context Aware </li></ul><ul><li>User, device, location, time visibility across the entire access network </li></ul>
  20. 20. Network Access Management <ul><li>Self Registration </li></ul><ul><li>Guest account delivery with SMS </li></ul><ul><li>Certificate installation on Apple iPads, iPhones, and iPod Touches </li></ul><ul><li>Easily Customize Branding </li></ul><ul><li>Optimized view for mobile devices </li></ul><ul><li>Multimedia and ad content </li></ul><ul><li>Vendor, Technology Agnostic </li></ul><ul><li>Supports all major vendors </li></ul><ul><li>Wireless/Wired; Indoor/Outdoor </li></ul><ul><li>Installation Options </li></ul><ul><li>virtual appliance </li></ul><ul><li>hardware appliance </li></ul><ul><li>10K concurrent user sessions </li></ul>
  21. 21. Thin Access On-Ramps Performance Scale CAMPUS SMALL OFFICE HOME OFFICE & ROAD SMALL OFFICE CAMPUS S3500 S3500 ArubaStack 600 AP-130 Series OUTDOOR Wi-Fi Wired AP-175 RAP NEW! NEW! NEW! NEW! AP-92/93 AP-105 AP-120 Series AP-68
  22. 22. Network Edge Solutions LAN Core Tunnel from wireless AP Tunnel from wired port * Roadmap <ul><li>Wired Access Point </li></ul><ul><li>Tunnel traffic to controller </li></ul><ul><li>Policy enforcement at controller </li></ul><ul><li>Integrated Controller* </li></ul><ul><li>Wired AP for 8 APs </li></ul><ul><li>Terminate tunnels from Wireless APs </li></ul><ul><li>Ethernet Switch </li></ul><ul><li>Layer 2 forwarding </li></ul><ul><li>Rule-based policy enforcement </li></ul>S3500 Mobility Controller AirWave Policy Enforcement Policy Enforcement
  23. 23. VPN for Mac OS X <ul><li>Zero Touch </li></ul><ul><li>Downloaded and installed by the user </li></ul><ul><li>Automatic connections when remote </li></ul><ul><li>Seamless Mobility </li></ul><ul><li>Firewall policies tied to user role </li></ul><ul><li>Same policy as in campus, branch </li></ul><ul><li>Best in Class Security </li></ul><ul><li>Suite B encryption for 802.11i, VPN </li></ul><ul><li>IPSec VPN with SSL fallback </li></ul><ul><li>Integrates with Aruba Content Security Service </li></ul>VIA is also available for Win7 32- & 64-bit
  24. 24. Mobility Controllers 620 650/651 3000 Series 6000 Series CAMPUS SMALL OFFICE BRANCH OFFICE S3500 Instant NEW! NEW! Performance Scale
  25. 25. Instant™ Access Points <ul><li>Virtual Controller Technology </li></ul><ul><li>Adaptive Radio Management </li></ul><ul><li>Stateful firewall & rogue AP protection </li></ul><ul><li>Stateful QoS for voice & video </li></ul><ul><li>Instant WLAN Install </li></ul><ul><li>Over the air provisioning </li></ul><ul><li>Single screen user interface </li></ul><ul><li>Cloud-based Management </li></ul><ul><li>Network operations by AirWave </li></ul><ul><li>Software Upgradable to Join Controller-based WLAN </li></ul><ul><li>IAP-105: Dual radio, integrated antennas </li></ul><ul><li>IAP-92/93: Single radio external/integrated antennas </li></ul><ul><li>16 IAPs per group </li></ul>
  26. 26. SecurEdge Customers CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved
  27. 27. ATB Financial Insert Logo Insert Pic <ul><li>>50% reduction in switch acquisition, deployment and cabling costs </li></ul><ul><li>Unified security policies for staff, contractor and guest access </li></ul><ul><li>Integrate wireless and wired network access management and increase mobility for users </li></ul><ul><li>WLAN at 50 branches, S3500 in evaluation </li></ul><ul><li>Aruba AirWave for centralized management </li></ul>Challenge Result Solution Unified Access Network
  28. 28. Boston Medical Center Insert Logo Insert Pic <ul><li>Critical EMR, CPOE, ED and OR application delivery over Wi-Fi </li></ul><ul><li>Single policy infrastructure for wireless and wired guest access, regulatory compliance </li></ul><ul><li>Increase visibility, control and performance for the, primarily wireless, access network </li></ul><ul><li>600+ Aruba 802.11n APs for high performance WLAN for mobile device </li></ul><ul><li>Aruba S3500 in evaluation </li></ul>Challenge Result Solution Unified Access Network
  29. 29. University of Tennessee Insert Logo Insert Pic <ul><li>Reduced costs for deployment and maintenance of the access network </li></ul><ul><li>Easy of troubleshooting and planning with integrated management </li></ul><ul><li>Wireless only access at residence halls, with application performance similar to wired </li></ul><ul><li>2000+ 802.11n AP Aruba WLAN with Aruba S3500 in evaluation </li></ul><ul><li>Aruba AirWave for integrated management </li></ul>Challenge Result Solution Unified Access Network
  30. 30. University of California, Santa Barbara <ul><li>Integrated security policies across wireless and wired access </li></ul><ul><li>Eliminate wired port VLAN requests </li></ul><ul><li>A single policy and point of management for wired and wireless networks </li></ul><ul><li>Aruba 802.11n APs and S3500s </li></ul><ul><li>Aruba AirWave for integrated management </li></ul>Challenge Result Solution Unified Access Network
  31. 31. SAP <ul><li>Large scale test environment for SAP iOS app for SAP customers </li></ul><ul><li>Easy roll-out of new services and custom applications within SAP </li></ul><ul><li>Access to business apps, documentation and customer information on the go </li></ul><ul><li>Aruba global wireless LAN solution being designed to support more than 15,000 iPads </li></ul>Challenge Result Solution Insert Pic Paperless Office
  32. 32. Ottawa Hospital <ul><li>Application quality assurance for custom Ottawa hospital iOS apps </li></ul><ul><li>Cost savings in patient care with paperless service model </li></ul><ul><li>Instant delivery of life and mission critical applications to staff, nurses and doctors </li></ul><ul><li>Aruba application aware network ensuring QoS for >10,000 iPad, iPod Touch and iPhone devices by 2013 </li></ul>Challenge Result Solution Insert Pic Mission Critical Mobile Apps
  33. 33. Australian Open <ul><li>High performance indoor and outdoor Wi-Fi access for staff, audience, press </li></ul><ul><li>1.6 million impressions, 4,624 users registered, 31,595 sessions </li></ul><ul><li>Extend WLAN coverage to support mobile devices used by the audience </li></ul><ul><li>Aruba Amigopod enabling secure guest access authentication with intelligent ad content during authentication </li></ul>Challenge Result Solution Insert Logo Insert Pic High Density Guest Access
  34. 34. Liberty University <ul><li>Multimedia-Grade Wi-Fi: Optimized multicast, application aware QoS and RF management </li></ul><ul><li>Video Case Study: </li></ul><ul><li>Reduce the cost of delivering TV service to the dorms with IPTV over Wi-Fi </li></ul><ul><li>Broadcast television available over 802.11n. Available across the entire 5,000 acre, 123 building Liberty campus </li></ul><ul><li>Common wireless network for data, broadcast video and voice. </li></ul><ul><li>Saved over $1M by using Wi-Fi for IPTV </li></ul>Challenge Why SecurEdge Solution We run 16 channels of standard and high definition IP Television across the entire Liberty University campus over Wi-Fi ” - Jimmy Graham Liberty University Video over 802.11n Wi-Fi
  35. 35. University of San Diego <ul><li>Seamless integration with campus Wi-Fi </li></ul><ul><li>Scalable for large outdoor deployment </li></ul><ul><li>Application optimization to support a mix of apps </li></ul><ul><li>Connect iPads, smartphones outdoors </li></ul><ul><li>Efficient landscape irrigation </li></ul><ul><li>Public safety incident reports </li></ul><ul><li>Parking citations </li></ul><ul><li>Event ticketing and concessions </li></ul><ul><li>~75 Outdoor APs (mix of 80, 85 & 175) </li></ul><ul><li>Wi-Fi integration with Rainbird irrigation system </li></ul>Challenge Solution Why SecurEdge Pervasive Outdoor Wi-Fi
  36. 36. Follow us! @SecurEdgeNet For more updates on wireless design, deployment and security, follow us on twitter or read our blog at