BYOD - Ruckus way. Right way.
Upcoming SlideShare
Loading in...5
×
 

BYOD - Ruckus way. Right way.

on

  • 2,118 views

How to enable BYOD in your Wi-Fi network the right way.

How to enable BYOD in your Wi-Fi network the right way.

Statistics

Views

Total Views
2,118
Views on SlideShare
2,112
Embed Views
6

Actions

Likes
1
Downloads
77
Comments
0

2 Embeds 6

http://www.linkedin.com 4
http://www.slashdocs.com 2

Accessibility

Categories

Upload Details

Uploaded via as Microsoft PowerPoint

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment
  • School SSID – easy – the school owns all devices – 100% control – only those devices have access to the resources, anti-virus control, device imaging control, etc., behind the firewallGuest SSID – Also easy – guests have access to only the internet – BYOD SSID – This is where it gets interesting…because you have teachers and students bringing in their own devices – Teachers needing access to specific resources, students needing access to specific resources.
  • Web
  • Web

BYOD - Ruckus way. Right way. BYOD - Ruckus way. Right way. Presentation Transcript

  • Bring Your Own DesignSIMPLIFYING BYOD WITH RUCKUS RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
  • The Realities of BYOD2 | Meeting Name
  • What Enterprises REALLY Want 1 Simple onboarding 2 Automated enforcement of user policies 3 Visibility of who and what is on the WLAN 4 Extension of wired security to WLAN 5 More capacity to deal with flood of devices 6 Leverage existing infrastructure3 | Meeting Name
  • Don’t Reinvent the Wheel FIREWALLS CONTENT AAA ACLs / VLANS FILTERS SERVERS4 | Meeting Name
  • Now What?SIMPLIFYING BYOD WITH RUCKUS RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
  • Defining the SSID Structure ▪ DOMAIN SSID ▪ School owned / managed devices with access to all resources: printers, applications, files shares ▪ Guest Visitor SSID ▪ Users who are not in the OUI with access only to the internet ▪ Staff and Student BYOD SSID ▪ Non-school owned / managed devices needing Internet access and specified school resources, VLAN and content filtering applied ▪ Provisioning SSID ▪ Hotspot with a walled garden attribute, redirecting all users to an activation page6 | Meeting Name
  • Automating Role-Based Access DOMAIN Administrator automatically placed on VLAN W, no rate limits GUEST Allowed on via a Guest Pass, accepting terms and conditions automatically placed on VLAN Z, rate limited at 1 Mbps STAFF Staff automatically placed on VLAN X, rate limited at 5 Mbps STUDENT Student automatically placed on VLAN Y, rate limited at 1 Mbps STRANGER User does NOT have account and is denied7 | Meeting Name
  • How to BYOD with Ruckus 1 Unknown device associates with provisioning SSID 2 User challenged to authenticate 3 ZD queries LDAP (AAA domain) 4 User placed into requisite role based on security group membership, VLAN dynamically assigned 5 Unique dynamic PSK automatically generated, bound with device and pushed to client 6 Policies applied per role and VLAN membership8 | Meeting Name
  • What it Looks Like WHAT HAPPENS WHEN? User Student Staff Guest Database Resources Resources Resources 1. Users connect to a provisioning SSID and are re-directed to an Internet onboarding portal. 2. Users enter domain credentials which are verified against a user database. 3. The user’s role assignment and permissions are automatically determined based on authentcaion. 4. Using Zero-IT, the device is Guest SSID auto-provisioned with a Onboarding SSID Student SSID Staff SSID (hotspot) dynamic pre-shared key and dynamically assigned to the requisite WLAN. 5. Devices re-connect on a secure WLAN, receiving network permissions Student Staff Guest according to their role. New BYOD Devices Provisioned BYOD Guest9 | Meeting Name
  • Key TechnologiesSIMPLIFYING BYOD WITH RUCKUS RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL
  • Zero IT Automates Onboarding ▪ Requirement: automatic, secure authentication and roaming ▪ Enabled by SSID and authorization protocol configuration ▪ Easy-to-use Ruckus Invitation Branded „One-Click‟ approach to push Landing Configuration configuration Page ▪ Uses mobile OS auto- Automatic detect and -authenticate Authentication Enabled features, not a separate connection manager app11 | Meeting Name
  • D-PSK Automates Security/Config ZD applies role, LDAP sends generates D-PSK user security pushes dissolvable group information PROV file to device to ZD WLAN profile configured device, and on the WLAN based on allowed by role.12 | Meeting Name
  • Client Fingerprinting Hostname: dstiff‟s iPhone MAC: 50:ea:d6:7c:30:e4 Device-Specific Policy Enforcement ▪ Visibility “Who‟s device is this?” ▪ Self-registration ▪ Automatically registers and maintains client info on WLAN and Wired interfaces ▪ Operating System ▪ Operating System Hostname ▪ Control by device type ▪ Permit/allow ▪ Assign to VLAN ▪ Rate limit (Down/Up) ▪ Management ▪ WLAN controller or standalone ▪ WLAN dashboard ▪ Client monitor ▪ Client details13 | Meeting Name