SlideShare a Scribd company logo

Ruckus BYOD whitepaper

Michal Jarski
Michal Jarski

Ruckus provides a solution for BYOD implementations using Dynamic Pre-Shared Keys (DPSK) and Zero-IT Activation that simplifies setup while maintaining security. DPSK assigns unique credentials to each user/device instead of using a shared passphrase. Zero-IT Activation automates configuration of client devices upon first connection by generating and deploying DPSKs without IT intervention. A provisioning network can also be created to securely configure mobile devices on an open wireless network and then connect them to the corporate network.

Technology
1 of 11
Download to read offline
U S E R G U I D E T O si m plif y i n g BYOD with Ruckus Introduction What are the benefits? Like hot and cold, secure BYOD implementations and The traditional PSK model (WPA2-Personal) is great for ease of use have traditionally been mutually exclusive. home networks and small offices with only a few users. Some networking products are intuitive to IT admin- However, as organizations seek better security or differ- istrators, but they lack the necessary features to solve entiated network policies for each user type, the limi- problems or protect corporate users and data. Other tations of a shared PSK become evident pretty quickly. products have all the advanced security, filtering, and Perhaps the most troublesome problem is passphrase access control knobs a government agency could ask exposure, passphrase sharing, and change management for, but no one can figure out how to use them. policies. If an employee leaves the organization, the pass- phrase must be changed and all devices reconfigured. This application note describes the technology used and then outlines the steps for how to quickly and On the opposite side, WPA2-Enterprise is “recom- easily configure our ZoneFlex system with the right mended,” but IT administrators have varying comfort lev- blend of flexibility, security, and simplicity to support els with 802.1X and EAP. In turn, many businesses do not BYOD. Instead of adding complexity, we’ve created implement it. Most companies would like to use 802.1X, but smarter security and connectivity mechanisms that often avoid it because of: ease management and implementation burdens, par- ticularly for mobile devices. In this guide, we’ll outline • Lack of expertise how the following features help streamline a BYOD • Lack of time paradigm: • Lack of budget 1. ynamic Pre-Shared Key — Per-user credentials D • ack of backend systems (e.g. AAA server, user L with WPA2-Personal — the best of both worlds database, certificate management) 2. ero-IT Activation — Easy, secure onboarding Z • Failure to see technical advantages and auto-configuration of client devices Many organizations don’t realize that there is a good alternative to traditional PSKs and 802.1X. DPSK sits 3. ole-Based Access Control — Easy ways to man- R right in the happy middle with some of the best advan- age user connectivity and network authorization. tages of both WPA2-Personal and WPA2-Enterprise: Strong Security with Dynamic Pre-Shared Key • asy to use and administer. Users understand E passphrases, but they don’t understand 802.1X. What is DPSK? • PSKs are bound to a specific user/device. Even D In a traditional WPA2-Personal network, all users if PSKs are shared or exposed, they will not work on the WLAN share the same passphrase. Dynamic with other devices. PreShared Key (DPSK) is patented technology that • Compromised DPSKs do not jeopardize all users. enables unique PSK credentials for each user on the same network. DPSK was developed to provide secure • ingle DPSKs can be revoked without impact on S wireless access while eliminating the burdens of man- the rest of the network. ual device configuration and the security drawbacks of • PSKs prevent one valid user from decrypting D shared PSKs. traffic of other valid users.
How to BYOD with Ruckus Wireless Application Note • Provides per-user credentials and policies How does Zero IT Activation work? • Avoids common 802.1X hurdles: Zero-IT activation automates the DPSK generation and client device configuration steps. When a user con- — No dependency on RADIUS or backend user nects for the first time, the user enters his/her user- databases name/password and downloads a configuration file for — No certificates their machine. The user runs the configuration file and — o complex configuration N Zero-IT configures the client machine with a WLAN pro- file, including a unique How does Dynamic PSK work? PSK. Zero-IT prepares Dynamic PSK creates a unique 62-byte preshared key the machine to re-con- for each device. The PSK is used for network access as nected to the correct well as to create encryption keys, which are unique for network. each user. DPSKs can be created in bulk and manually distributed to users and devices, or the ZoneDirector What are the benefits? can auto-configure devices with a DPSK when they Zero-IT offers all of the connect to the network for the first time. security benefits of DPSK along with intuitive and flexible onboarding: • ero touch wireless configuration of laptops and smart Z mobile devices • upport for iPad/iPhone, Android, Mac OS X, S Windows XP, Vista, and 7, and Mobile/CE • One-time device configuration • Easy for IT staff to setup and maintain • nique 62-byte preshared keys generated and auto- U matically installed per device By offering different ways to implement the feature, • Easily deactivated by IT staff if user is no longer valid Ruckus provides the flexibility to bring DPSKs to net- • New keys can be generated on-demand works in a way that is secure, intuitive, and IT friendly. • Can integrate with existing user directories Since we’re focused on solving BYOD trouble spots, let’s look at using DPSK with a unique Ruckus feature called Zero-IT Activation. Configuring and Using Zero-IT Activation Configuring and using Zero-IT Activation is simple. Note: The batch DPSK tool is a manual way to create and manage DPSK credentials and users; if that adds 1. tart by creating a new WLAN for secure connectiv- S value for your unique BYOD situation, see Appendix ity. Navigate to the Configure tab in the ZoneDirector A for step-by-step instructions. UI and then select WLANs in the left pane. When the WLANs page is open, select Create New to make a Flexible Onboarding with Zero-IT Activation new WLAN. What is Zero-IT Activation? 2. Configure the WLAN as follows: Zero-IT Activation is a unique wireless onboarding Name/ESSID = DPSK-ZERO-IT feature that enables wireless users to securely access Description = Enter a useful description or leave blank the network without IT staff intervention. Zero-IT works Authentication Method = Open in concert with the DPSK solution, automatically creat- Encryption Method = WPA2 ing and deploying DPSKs to valid users when they con- Algorithm = AES nect for the first time. Password = nter a long, complex passphrase E (this will not be given to users) Zero-IT Activation = Enabled How to BYOD with Ruckus Wireless Page 2
How to BYOD with Ruckus Wireless Application Note Dynamic PSK = Enabled 1 2 In the Advanced Options, we can also specify VLAN settings for this WLAN. If we want to match this WLAN 5 6 to a specific VLAN, we can do so. Or, we can assign different users to different VLANs. This is useful if we have VLAN policies on the wired network and we want 9 10 to extend those policies to our wireless users. ACCESS VLAN = Enter VLAN ID (default = 1) Enable Dynamic VLAN = Enabled (check in box) 3. nly valid users can receive a DPSK with Zero-IT O Activation. To determine which users are valid, we need to decide what user database we’ll use for Zero-IT authentication. Scroll near the bottom of the WLANs page where you’ll find the Zero-IT authentication server settings and the Zero-IT URL (make a note of the URL). Select Local Database. (If integrating with an exist- 1 2 3 ing user database, this is where we would select our AD or LDAP database) 5 6 7 Click Apply (far right corner, not shown). Below the Zero-IT authentication server settings 9 10 is a configuration section for DPSK expiration. If desired, set a PSK lifetime after which the DPSK will expire. 4. ow create a user group that is permitted to access N this WLAN. Select Roles from the left-hand side. Create a new role. Name = ZERO-IT-role Description = nter a useful description or leave E blank Specify WLAN access = nable the DPSK- E ZERO-IT WLAN Click OK. 5. se the ZoneDirector’s local database and create U a new user for this role. Select Users from the left- hand side. Create a new user. Name = ZeroIT Full Name = First Last Password = password 1 2 3 4 Confirm Password = password 5 6 7 8 9 10 How to BYOD with Ruckus Wireless Page 3
How to BYOD with Ruckus Wireless Application Note Role = ZERO-IT-role 1 2 3 4 Click OK. So a role has now been created that maps to the 5 6 7 8 DPSK-ZERO-IT WLAN and then we’ve created a user that belongs to this role. When this user enters his/ her username/password, the ZoneDirector will assign 9 10 a unique DPSK with permission to access the DPSK- ZERO-IT network. 6. o connect a client device, plug in to an Ethernet T port with access to the ZoneDirector’s sub- net/VLAN and use a Web browser to open the “activate” URL. The URL will always be the ZoneDirector IP address followed by /activate (e.g. https://192.168.2.34/activate). Note that the URL is 1 2 TLS encrypted. 7. his Web page serves as the DPSK authentica- T 5 6 tion portal to ensure you are a valid user. When the username/password (ZeroIT / password) created in step 5 is entered, the ZoneDirector will determine 9 10 the proper role and provision the client accordingly. 8. uccessful authentication will launch a file down- S load called “prov.exe,” “prov.apk,” or “prov.mobile- config,” depending on the OS type. 11 22 33 44 55 66 77 88 9 9 10 10 9. pen the file and Zero-IT will auto-configure the O WLAN profile (may require administrator privileges). 1 2 3 4 5 6 7 8 9 10 10. The configuration script will also automatically connect the client to the network. Zero-IT simplifies network setup for new users, as you can see. Configuring ZoneDirector is straightforward for IT staff and the client experience is intuitive. BYOD-Provisioning Now it’s important to look at device onboarding How to BYOD with Ruckus Wireless Page 4
How to BYOD with Ruckus Wireless Application Note without Ethernet. Mobile phones and tablets are the 1 2 primary devices driving the BYOD trend, but they lack wired interfaces. So there needs to be a way to securely provision them with a clean, intuitive workflow. 5 6 How does BYOD Provisioning work? 9 10 By relying on the Zero-IT Activation feature, a “provi- sioning” network can be easily created to automati- cally redirect users to the Zone Director’s activate login 6b 6d screen. The open network is used only for device pro- visioning; after the ZoneDirector validates user creden- tials, mobile devices receive a configuration file that auto-configures the WLAN connection manager and re-connects them on the proper WLAN. Configuring and Using Zero-IT Activation for BYOD The BYOD setup for this is quite similar to the previ- ous wired Zero-IT setup. In fact, it relies on the DPSK- 1 2 3 ZERO-IT SSID already created for device connectiv- ity. Think of that WLAN as the corporate network. Now simply create a second WLAN that will serve as our 5 6 7 provisioning network. 9 10 6c To start, within the ZoneFlex system, define a new Hotspot Service to use for wireless provisioning. Hotspot Services are a way to control network access 1 2 6b 3 6d 4 6e on open networks. This helps ensure that the provision- ing network is used only for provisioning. 5 6 7 8 1. ind the Hotspot Services section on the left-hand F side and select it. In the main screen, create a new 9 10 6c Hotspot Service Name = BYOD-PROVISIONING 6b 6d 6e Login Page = ttps://xx.xx.xx.xx/activate, h where xx.xx.xx.xx is the IP address of the Zone Director (e.g. https://192.168.2.34/activate). This is the page to which ZoneDirector will redirect users for authentication. Create a New rule. Authentication Server = Local Database Enter the “activate” URL (https://192.168.2.34/acti- Wireless Client Isolation =Full vate) address here and click save. 2. t’s also important to configure a “walled garden,” I Click OK to save this Hotspot Service. which is a way to limit the network access on the 3. ow create a new WLAN to offer these Hotspot N Open network so it can only be used for provision- Services. Navigate back to the WLANs page and ing. To do so, expand the walled garden configura- create a new WLAN. tion section in our BYOD-PROVISIONING Hotspot Services profile. Name/ESSID = BYOD-PROVISIONING Description = Enter a useful description or leave blank Type = Hotspot Service (WISPr) How to BYOD with Ruckus Wireless Page 5
How to BYOD with Ruckus Wireless Application Note 1 2 Authentication Method = Open 1 2 3 4 5 6 Encryption Method = None Hotspot Services = elect BYOD-PROVISIONING S 5 6 7 18 2 9 3 10 from the list. 4. n the wired DPSK with Zero-IT demo, a Role titled I 9 10 1 6c 25 36 46d 6b 7 ZERO-IT-role was already created. This role has per- mission to access the DPSK-ZERO-IT SSID. Confirm that this role is still present. 1 26b 3 6d 5 6e 69 4 7 86c 10 5. Now create a new mobile user in the local database that will be a member of the Zero-IT role. 5 6 7 9 8 6b 6c 10 6d 6e User Name = Mob.User Full Name = Mobile User 9 10 6c 6b 6d 6e Password = password Confirm Password = password 1 6b 2 6d 3 1 6e 4 2 3 4 Role = ZERO-IT-role 5 6 7 5 8 6 7 8 6. ow everything is ready to onboard this user and N his/her devices. a. With a mobile device (iphone shown here), con- 9 10 6c 9 10 6c nect to the BYOD-PROVISIONING SSID. b. aunch the browser and the URL redirect will L 6b 6d 6e 6b 6d 6e occur, taking you to the connection activation page. c. ogin with the Mob.User user credentials created L in step 5. d. uccessful login will launch the auto-configuration S profile. Install the profile. e. Now connect to the corporate WLAN (i.e. DPSK-ZERO-IT) 7. sing the ZoneDirector’s Monitor tab, currently U active clients can be easily viewed to check on users. Here, the connected iPhone, the MAC address bind- wireless networks and get users connected. Now we’ll examine how to use Zero-IT with role-based access to grant network privileges and keep the network prop- erly segmented. ing, the user name of the connected user, and some device specific information are all visible. Even with Role-Based Access a long list of users, it is easy to find specific clients using the search field. In conjunction with Zero-IT Activation and DPSK, Ruckus provides a straightforward way to apply roles The Zero-IT tool creates a quick and easy way to deploy How to BYOD with Ruckus Wireless Page 6
How to BYOD with Ruckus Wireless Application Note to each user, granting access to WLAN policies and Now configure it in the ZoneDirector. VLANs according to the user type. By granting access based on user roles, IT staff can extend specific per- Implementing Role-Based Access missions to users based on wired network design and Start by creating the requisite WLANs. policy. 1. Navigate to the WLANs menu in the left pane and So far, we’ve focused on the internal database of the then create a new WLAN: ZoneDirector to create users, but in live networks, the ZoneDirector seamlessly integrates with an exist- Name/ESSID = Administration ing user database, such as Active Directory, Open Description = nter a useful description or leave E Directory, OpenLDAP, or eDirectory to determine a blank user’s role assignment. Authentication Method = Open The internal database of the ZoneDirector can be used Encryption Method = WPA2 for this feature which is shown in this demo. We’ll also Algorithm = AES discuss how you can use this feature with an external Password = nter a long, complex passphrase E database. (this will not be given to users) Zero-IT Activation = Enabled Planning Role-Based Access Dynamic PSK = Enabled By relying on the Zero-IT Activation feature, the “pro- In Advanced Options, visioning” network automatically redirects users to the Zone Director’s activate login screen. ACCESS VLAN = 0 1 Click OK. The first planning step to take is to decide what types of users will use the network, what roles to create for Now configure administrative users and roles so they those users, and what permissions should be assigned are mapped to this WLAN, receiving administrator priv- to these roles. ileges and policies. In this demo, we’ll create a mock education scenario Note: If we’re supporting multiple VLANs on each AP, using the following roles: we need to make sure our switch ports are configured to support those VLANs. • Administration • Staff 11 22 33 • Student We’ll create corresponding WLANs and then map the 55 66 77 users/roles to their proper WLAN. The last step is to evaluate the current wired network as 99 10 10 a baseline to decide to what VLAN user groups should be assigned. If an external user database that has VLAN attributes is being used, this process can be completely automated by enabling the Dynamic VLAN assignment feature. This adds additional flexibility, allowing the use of a sin- gle WLAN for different user types. As an example: • Administration – VLAN 10 • Staff – VLAN 50 • Student – VLAN 80 How to BYOD with Ruckus Wireless Page 7
How to BYOD with Ruckus Wireless Application Note 2. reate the Staff and Student WLANs with the C 1 2 3 4 same parameters, changing the VLAN ID accord- ingly (we’ll skip the details here). For the student WLAN (or others, such as guests), you may wish to 5 6 7 8 configure other advanced features: • lient Isolation (prevents valid users from commu- C 9 10 nicating directly with one another through the AP) — this is recommended for guest and some stu- dent networks • Rate limiting policies • MAC or IP ACLs to limit network destinations 3. Now let’s navigate to the Roles page and create our respective roles. Create New. Name = Administrators Description = Enter a useful description or leave blank WLAN Policies = Enable Administration WLAN As shown, this user authenticated successfully and was assigned to the Administrators role. Zero-IT would then Click OK. 1 2 3 4 The Group Attributes value for this role (shown above) can be set if integrating with an existing user database (e.g. AD, LDAP, etc.). When the ZoneDirector queries 5 6 7 8 the database for authentication, the user’s group attri- bute automatically maps the user to a ZoneDirector 9 10 provision this user’s DPSK for the proper WLAN and VLAN. 1 2 5 6 role. To test this feature, use the Test Authentication 9 10 Settings feature built into ZoneDirector (navigate to the AAA Servers menu). To show how it works in a live environment, we’ve setup an OpenLDAP user database with an administrative user. In the LDAP database, this user is mapped to an administrator group. In ZoneDirector, pick the data- base and enter the credentials. This will test that the database is properly configured and that the user is assigned to the correct role. How to BYOD with Ruckus Wireless Page 8
How to BYOD with Ruckus Wireless Application Note 4. Next, create the remaining roles. The role setup should be similar to previous setups. 5. the local database, we need to create our users In next. Enter the name, password, and then select the correct role. user can be added for each of the roles (admin, A 1 2 3 4 5 6 7 8 9 10 staff, student). The final user list will look similar to this. 6. Now its important to test the authentication set- tings for each user to ensure that users will be placed in the proper role and WLAN during authentication. That’s it —role-based access control with Zero-IT acti- vation. It’s easy for IT staff, easy for users, and provides flexibility with user policies and segmentation. Note: To explore this lab in greater detail, use a man- aged switch and a DHCP server. Create the VLANs on the switch and the DHCP scopes on the DHCP server for each VLAN. Connect a device to each WLAN (admin, staff, student) in turn. Observe the IP settings and VLAN access granted to each user type. Summary For organizations trying to solve BYOD challenges, it doesn’t have to be complex and cumbersome. With easy to implement features like Zero-IT configura- tion, Dynamic PSK, and simplified role-based access How to BYOD with Ruckus Wireless Page 9
How to BYOD with Ruckus Wireless Application Note control, enterprises can leverage their existing net- 1 2 work resources to extend policies to their wireless users. Ruckus makes it painless to get users connected and provisioned with the correct network permissions. 5 6 After that, we keep them happily connected with reli- able RF performance. 9 10 Appendix A Configuring and Using DPSK Batch Generation The DPSK batch generation tool is a way to manually control per-user PSKs. This method of implementing DPSKs creates a DPSK file with multiple PSKs that can be offered to users or pre-configured on their devices. The onboarding process is similar to traditional WPA2- Personal networks, but it provides the added flexibility and security of DPSK. 1. Start by creating a new DPSK WLAN. Navigate to the Configure tab in the ZoneDirector UI and then select WLANs in the left pane. When the WLANs page is open, select Create New to make a new 1 2 3 WLAN. 2. Configure the WLAN as follows: 5 6 7 Name/ESSID = DPSK-batch Description = nter a useful description or leave E 9 10 blank Authentication Method = Open Encryption Method = WPA2 Algorithm = AES Password = nter a long, complex passphrase E (this will not be given to users) Zero-IT Activation = Enabled Dynamic PSK = Enabled Click OK. I n the advanced options, VLAN settings for this WLAN can also be specified. To match this WLAN to a spe- cific VLAN or assign different users to different VLANs is simple. This is useful if we have authorization policies on the wired network and want to extend those poli- cies to wireless users. How to BYOD with Ruckus Wireless Page 10
How to BYOD with Ruckus Wireless Application Note ACCESS VLAN = Enter VLAN ID (default = 1) The default DPSK file has stock user names and empty Enable Dynamic VLAN = Enabled (check in box) MAC address bindings (we can customize these set- tings if we use the DPSK import tool). When a DPSK is used to connect to the network for the first time, the 3. While on the WLANs page, scroll to the Dynamic ZoneDirector will bind the device’s MAC address to the PSK Batch Generation section at the bottom. The DPSK batch tool is essentially an interface for cre- ating DPSKs. If we have a list of users (and their MAC address and assigned VLANs), we can import a comma separated value (.csv) file here. Otherwise, we can let the ZoneDirector create a file for us with default user- names and the default VLAN. This tool has flexible DPSK. 8. Test it and connect a client. Launch your wireless connection utility, scan for the DPSK-batch SSID and, using the first passphrase in the .csv file, con- nect to the WLAN as you would to a traditional PSK options, but let’s focus on a simple implementation for network. now. 9. Success! 4. Select the DPSK-batch WLAN from the drop-down list. This determines the SSID with which the gener- ated DPSKs will work. 5. Enter the number of unique DPSK users to create (e.g. 50) and a VLAN ID if you want this set of users to be auto-assigned to a specific VLAN when they connect. 6. lick Generate in the bottom right corner (not C shown in image above). You should see a message indicating success. 7. lick the link to download the generated DPSK C record, which will launch the .csv file download. Open the file. 10. n the ZoneDirector GUI (Monitor Currently I Active Clients), we will now see that BatchDPSK_ User_1 is an active client. And, we’ll see (Monitor Generated PSK/Certs) that the user’s DPSK has been mapped to the device’s MAC address. Ruckus Wireless, Inc. 880 West Maude Avenue, Suite 101, Sunnyvale, CA 94085 USA (650) 265-4200 Ph (408) 738-2065 Fx Copyright © 2012, Ruckus Wireless, Inc. All rights reserved. Ruckus Wireless and Ruckus Wireless design are registered in the U.S. Patent and Trademark Office. Ruckus Wireless, the Ruckus Wireless logo, BeamFlex, ZoneFlex, MediaFlex, FlexMaster, ZoneDirector, SpeedFlex, SmartCast, and Dynamic PSK are trademarks of Ruckus Wireless, Inc. in the United States and other countries. All other trademarks mentioned in this document or website are the w w w.r u c k u s w i re le s s .co m property of their respective owners. 805-71768-001 rev 01

Recommended

BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec ConundrumVirtualTal
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 
Wifi
WifiWifi
Wifinil65
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifypjpallen
 
Dataplex Event 251109
Dataplex Event 251109Dataplex Event 251109
Dataplex Event 251109dataplex systems limited
 

Recommended

BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.BYOD - Ruckus way. Right way.
BYOD - Ruckus way. Right way.Michal Jarski
 
The VDI InfoSec Conundrum
The VDI InfoSec ConundrumThe VDI InfoSec Conundrum
The VDI InfoSec ConundrumVirtualTal
 
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...
Novell SecureLogin Installation, Deployment, Lifecycle Management and Trouble...Novell
 
Wifi
WifiWifi
Wifinil65
 
Pawaa OCC Presentation
Pawaa OCC PresentationPawaa OCC Presentation
Pawaa OCC PresentationCloudComputing
 
Novell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell ZENworks Overview and Futures
Novell ZENworks Overview and FuturesNovell
 
Rsa Secur Id From Signify
Rsa Secur Id From SignifyRsa Secur Id From Signify
Rsa Secur Id From Signifypjpallen
 
Dataplex Event 251109
Dataplex Event 251109Dataplex Event 251109
Dataplex Event 251109dataplex systems limited
 
Windows7/8 Migration Strategies
Windows7/8 Migration StrategiesWindows7/8 Migration Strategies
Windows7/8 Migration StrategiesJoe Honan
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
Performance Vision - What's new in version 2.9
Performance Vision - What's new in version 2.9Performance Vision - What's new in version 2.9
Performance Vision - What's new in version 2.9PerformanceVision (previously SecurActive)
 
I GOvirtual En Brochure
I GOvirtual En BrochureI GOvirtual En Brochure
I GOvirtual En Brochureguybelliveau
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
B Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile ComputingB Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile ComputingB Labs
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesAbhinav Biswas
 
Identity management
Identity managementIdentity management
Identity managementkamalikamj
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wirelessvfmindia
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionGerardo Pardo-Castellote
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionAbhinav Biswas
 
Nuance
NuanceNuance
NuanceDroidcon Berlin
 
Life Size Virtual Link
Life Size Virtual LinkLife Size Virtual Link
Life Size Virtual LinkAnnie Lavoie
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration StrategyNovell
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
Mis Data Sheet 2010
Mis Data Sheet 2010Mis Data Sheet 2010
Mis Data Sheet 2010Vadimazz
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 
How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?Michal Jarski
 
Location - the new battlefield
Location - the new battlefieldLocation - the new battlefield
Location - the new battlefieldMichal Jarski
 

More Related Content

What's hot

Windows7/8 Migration Strategies
Windows7/8 Migration StrategiesWindows7/8 Migration Strategies
Windows7/8 Migration StrategiesJoe Honan
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Novell
 
I GOvirtual En Brochure
I GOvirtual En BrochureI GOvirtual En Brochure
I GOvirtual En Brochureguybelliveau
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest AccessAltaware, Inc.
 
B Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile ComputingB Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile ComputingB Labs
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesAbhinav Biswas
 
Identity management
Identity managementIdentity management
Identity managementkamalikamj
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsRamesh Nagappan
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wirelessvfmindia
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceNovell
 
Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionAbhinav Biswas
 
Life Size Virtual Link
Life Size Virtual LinkLife Size Virtual Link
Life Size Virtual LinkAnnie Lavoie
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration StrategyNovell
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Systems, Inc.
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSonionid12
 
Mis Data Sheet 2010
Mis Data Sheet 2010Mis Data Sheet 2010
Mis Data Sheet 2010Vadimazz
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security FosdemElena Reshetova
 

What's hot (20)

Windows7/8 Migration Strategies
Windows7/8 Migration StrategiesWindows7/8 Migration Strategies
Windows7/8 Migration Strategies
 
Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8Best Practices for Administering Novell GroupWise 8
Best Practices for Administering Novell GroupWise 8
 
Performance Vision - What's new in version 2.9
Performance Vision - What's new in version 2.9Performance Vision - What's new in version 2.9
Performance Vision - What's new in version 2.9
 
I GOvirtual En Brochure
I GOvirtual En BrochureI GOvirtual En Brochure
I GOvirtual En Brochure
 
Juniper Enterprise Guest Access
Juniper Enterprise Guest AccessJuniper Enterprise Guest Access
Juniper Enterprise Guest Access
 
B Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile ComputingB Labs Solution - Personal and Corporate Split Mobile Computing
B Labs Solution - Personal and Corporate Split Mobile Computing
 
Modern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for EnterprisesModern Cyber Threat Protection techniques for Enterprises
Modern Cyber Threat Protection techniques for Enterprises
 
Identity management
Identity managementIdentity management
Identity management
 
Stronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise ApplicationsStronger/Multi-factor Authentication for Enterprise Applications
Stronger/Multi-factor Authentication for Enterprise Applications
 
Vfm security with aruba wireless
Vfm security with aruba wirelessVfm security with aruba wireless
Vfm security with aruba wireless
 
OMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submissionOMG DDS Security, 3rd revised submission
OMG DDS Security, 3rd revised submission
 
Securing Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security ServiceSecuring Your Cloud Applications with Novell Cloud Security Service
Securing Your Cloud Applications with Novell Cloud Security Service
 
Insights Into Modern Day Threat Protection
Insights Into Modern Day Threat ProtectionInsights Into Modern Day Threat Protection
Insights Into Modern Day Threat Protection
 
Nuance
NuanceNuance
Nuance
 
Life Size Virtual Link
Life Size Virtual LinkLife Size Virtual Link
Life Size Virtual Link
 
The Novell Collaboration Strategy
The Novell Collaboration StrategyThe Novell Collaboration Strategy
The Novell Collaboration Strategy
 
Hitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX ComplianceHitachi ID Solutions Supporting SOX Compliance
Hitachi ID Solutions Supporting SOX Compliance
 
Webinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSSWebinar - Easy multi factor authentication strategies and PCI DSS
Webinar - Easy multi factor authentication strategies and PCI DSS
 
Mis Data Sheet 2010
Mis Data Sheet 2010Mis Data Sheet 2010
Mis Data Sheet 2010
 
Maemo Platform Security Fosdem
Maemo Platform Security FosdemMaemo Platform Security Fosdem
Maemo Platform Security Fosdem
 

Viewers also liked

How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?Michal Jarski
 
Location - the new battlefield
Location - the new battlefieldLocation - the new battlefield
Location - the new battlefieldMichal Jarski
 
Interworking Wi-Fi and mobile networks
Interworking Wi-Fi and mobile networksInterworking Wi-Fi and mobile networks
Interworking Wi-Fi and mobile networksMichal Jarski
 
WCCTV 2015 Presentation
WCCTV 2015 PresentationWCCTV 2015 Presentation
WCCTV 2015 PresentationPurdicom
 
carnet-wifi-test-results
carnet-wifi-test-resultscarnet-wifi-test-results
carnet-wifi-test-resultsMichal Jarski
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesCisco Canada
 
802.11ac WIFI Fundamentals
802.11ac WIFI Fundamentals802.11ac WIFI Fundamentals
802.11ac WIFI Fundamentalscriterion123
 

Viewers also liked (12)

How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?How do the 802.11u and HotSpot 2.0 work?
How do the 802.11u and HotSpot 2.0 work?
 
Location - the new battlefield
Location - the new battlefieldLocation - the new battlefield
Location - the new battlefield
 
Interworking Wi-Fi and mobile networks
Interworking Wi-Fi and mobile networksInterworking Wi-Fi and mobile networks
Interworking Wi-Fi and mobile networks
 
802.11ac whitepaper
802.11ac whitepaper802.11ac whitepaper
802.11ac whitepaper
 
Rate My Wi-Fi
Rate My Wi-FiRate My Wi-Fi
Rate My Wi-Fi
 
WCCTV 2015 Presentation
WCCTV 2015 PresentationWCCTV 2015 Presentation
WCCTV 2015 Presentation
 
Wi fi-stress-test
Wi fi-stress-testWi fi-stress-test
Wi fi-stress-test
 
carnet-wifi-test-results
carnet-wifi-test-resultscarnet-wifi-test-results
carnet-wifi-test-results
 
Mobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best PracticesMobile Devices & BYOD Security – Deployment & Best Practices
Mobile Devices & BYOD Security – Deployment & Best Practices
 
802.11ac Overview
802.11ac Overview802.11ac Overview
802.11ac Overview
 
802.11ac WIFI Fundamentals
802.11ac WIFI Fundamentals802.11ac WIFI Fundamentals
802.11ac WIFI Fundamentals
 
Wireless LAN & 802.11ac Wi-Fi Fundamentals
Wireless LAN & 802.11ac Wi-Fi FundamentalsWireless LAN & 802.11ac Wi-Fi Fundamentals
Wireless LAN & 802.11ac Wi-Fi Fundamentals
 

Similar to Ruckus BYOD whitepaper

Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise InsightsData Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise InsightsCourtland Smith
 
D610 Spec Sheet
D610 Spec SheetD610 Spec Sheet
D610 Spec Sheetxnk12x
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Novell
 
Cloud white paper v3.0
Cloud white paper v3.0Cloud white paper v3.0
Cloud white paper v3.0CK Toh
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedFuad Arshad
 
Suraj Kumar A.S._22.12.15
Suraj Kumar A.S._22.12.15 Suraj Kumar A.S._22.12.15
Suraj Kumar A.S._22.12.15 Suraj Kumar.A.S
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principlesardexateam
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentationguestf018d88
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...LeMeniz Infotech
 
SDN NFV NV OpenNetwork @ VMUG.IT 20150529
SDN NFV NV OpenNetwork @ VMUG.IT 20150529SDN NFV NV OpenNetwork @ VMUG.IT 20150529
SDN NFV NV OpenNetwork @ VMUG.IT 20150529VMUG IT
 
Desktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SISDesktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SISSATYAVEER PAL
 
Case study for it03 roshan
Case study for it03 roshanCase study for it03 roshan
Case study for it03 roshanrosu555
 
Network Equipment Testing White Paper
Network Equipment Testing White PaperNetwork Equipment Testing White Paper
Network Equipment Testing White PaperAtul Nene
 

Similar to Ruckus BYOD whitepaper (20)

Data Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise InsightsData Sheet: OpenDNS Enterprise Insights
Data Sheet: OpenDNS Enterprise Insights
 
D610 Spec Sheet
D610 Spec SheetD610 Spec Sheet
D610 Spec Sheet
 
W8 client management
W8 client managementW8 client management
W8 client management
 
Smart x
Smart xSmart x
Smart x
 
J2 Me
J2 MeJ2 Me
J2 Me
 
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
Mitigating Risk for the Mobile Worker: Novell ZENworks Endpoint Security Mana...
 
Cloud white paper v3.0
Cloud white paper v3.0Cloud white paper v3.0
Cloud white paper v3.0
 
Oracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings AttachedOracle Database Appliance RAC in a box Some Strings Attached
Oracle Database Appliance RAC in a box Some Strings Attached
 
Suraj Kumar A.S._22.12.15
Suraj Kumar A.S._22.12.15 Suraj Kumar A.S._22.12.15
Suraj Kumar A.S._22.12.15
 
Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise Managing Windows RT devices in the Enterprise
Managing Windows RT devices in the Enterprise
 
IoT Agent Design Principles
IoT Agent Design PrinciplesIoT Agent Design Principles
IoT Agent Design Principles
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
µ-Xen
µ-Xenµ-Xen
µ-Xen
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Data Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information PresentationData Securities Corporate Technology Information Presentation
Data Securities Corporate Technology Information Presentation
 
Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...Decentralized access control with anonymous authentication of data stored in ...
Decentralized access control with anonymous authentication of data stored in ...
 
SDN NFV NV OpenNetwork @ VMUG.IT 20150529
SDN NFV NV OpenNetwork @ VMUG.IT 20150529SDN NFV NV OpenNetwork @ VMUG.IT 20150529
SDN NFV NV OpenNetwork @ VMUG.IT 20150529
 
Desktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SISDesktop as a Service DaaS in India by BSNL SIS
Desktop as a Service DaaS in India by BSNL SIS
 
Case study for it03 roshan
Case study for it03 roshanCase study for it03 roshan
Case study for it03 roshan
 
Network Equipment Testing White Paper
Network Equipment Testing White PaperNetwork Equipment Testing White Paper
Network Equipment Testing White Paper
 

Recently uploaded

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Hyundai Motor Group
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhisoniya singh
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?XfilesPro
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 

Recently uploaded (20)

Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptxVulnerability_Management_GRC_by Sohang Sengupta.pptx
Vulnerability_Management_GRC_by Sohang Sengupta.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2Next-generation AAM aircraft unveiled by Supernal, S-A2
Next-generation AAM aircraft unveiled by Supernal, S-A2
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | DelhiFULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
FULL ENJOY 🔝 8264348440 🔝 Call Girls in Diplomatic Enclave | Delhi
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?How to Remove Document Management Hurdles with X-Docs?
How to Remove Document Management Hurdles with X-Docs?
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 

Ruckus BYOD whitepaper

  • 1. U S E R G U I D E T O si m plif y i n g BYOD with Ruckus Introduction What are the benefits? Like hot and cold, secure BYOD implementations and The traditional PSK model (WPA2-Personal) is great for ease of use have traditionally been mutually exclusive. home networks and small offices with only a few users. Some networking products are intuitive to IT admin- However, as organizations seek better security or differ- istrators, but they lack the necessary features to solve entiated network policies for each user type, the limi- problems or protect corporate users and data. Other tations of a shared PSK become evident pretty quickly. products have all the advanced security, filtering, and Perhaps the most troublesome problem is passphrase access control knobs a government agency could ask exposure, passphrase sharing, and change management for, but no one can figure out how to use them. policies. If an employee leaves the organization, the pass- phrase must be changed and all devices reconfigured. This application note describes the technology used and then outlines the steps for how to quickly and On the opposite side, WPA2-Enterprise is “recom- easily configure our ZoneFlex system with the right mended,” but IT administrators have varying comfort lev- blend of flexibility, security, and simplicity to support els with 802.1X and EAP. In turn, many businesses do not BYOD. Instead of adding complexity, we’ve created implement it. Most companies would like to use 802.1X, but smarter security and connectivity mechanisms that often avoid it because of: ease management and implementation burdens, par- ticularly for mobile devices. In this guide, we’ll outline • Lack of expertise how the following features help streamline a BYOD • Lack of time paradigm: • Lack of budget 1. ynamic Pre-Shared Key — Per-user credentials D • ack of backend systems (e.g. AAA server, user L with WPA2-Personal — the best of both worlds database, certificate management) 2. ero-IT Activation — Easy, secure onboarding Z • Failure to see technical advantages and auto-configuration of client devices Many organizations don’t realize that there is a good alternative to traditional PSKs and 802.1X. DPSK sits 3. ole-Based Access Control — Easy ways to man- R right in the happy middle with some of the best advan- age user connectivity and network authorization. tages of both WPA2-Personal and WPA2-Enterprise: Strong Security with Dynamic Pre-Shared Key • asy to use and administer. Users understand E passphrases, but they don’t understand 802.1X. What is DPSK? • PSKs are bound to a specific user/device. Even D In a traditional WPA2-Personal network, all users if PSKs are shared or exposed, they will not work on the WLAN share the same passphrase. Dynamic with other devices. PreShared Key (DPSK) is patented technology that • Compromised DPSKs do not jeopardize all users. enables unique PSK credentials for each user on the same network. DPSK was developed to provide secure • ingle DPSKs can be revoked without impact on S wireless access while eliminating the burdens of man- the rest of the network. ual device configuration and the security drawbacks of • PSKs prevent one valid user from decrypting D shared PSKs. traffic of other valid users.
  • 2. How to BYOD with Ruckus Wireless Application Note • Provides per-user credentials and policies How does Zero IT Activation work? • Avoids common 802.1X hurdles: Zero-IT activation automates the DPSK generation and client device configuration steps. When a user con- — No dependency on RADIUS or backend user nects for the first time, the user enters his/her user- databases name/password and downloads a configuration file for — No certificates their machine. The user runs the configuration file and — o complex configuration N Zero-IT configures the client machine with a WLAN pro- file, including a unique How does Dynamic PSK work? PSK. Zero-IT prepares Dynamic PSK creates a unique 62-byte preshared key the machine to re-con- for each device. The PSK is used for network access as nected to the correct well as to create encryption keys, which are unique for network. each user. DPSKs can be created in bulk and manually distributed to users and devices, or the ZoneDirector What are the benefits? can auto-configure devices with a DPSK when they Zero-IT offers all of the connect to the network for the first time. security benefits of DPSK along with intuitive and flexible onboarding: • ero touch wireless configuration of laptops and smart Z mobile devices • upport for iPad/iPhone, Android, Mac OS X, S Windows XP, Vista, and 7, and Mobile/CE • One-time device configuration • Easy for IT staff to setup and maintain • nique 62-byte preshared keys generated and auto- U matically installed per device By offering different ways to implement the feature, • Easily deactivated by IT staff if user is no longer valid Ruckus provides the flexibility to bring DPSKs to net- • New keys can be generated on-demand works in a way that is secure, intuitive, and IT friendly. • Can integrate with existing user directories Since we’re focused on solving BYOD trouble spots, let’s look at using DPSK with a unique Ruckus feature called Zero-IT Activation. Configuring and Using Zero-IT Activation Configuring and using Zero-IT Activation is simple. Note: The batch DPSK tool is a manual way to create and manage DPSK credentials and users; if that adds 1. tart by creating a new WLAN for secure connectiv- S value for your unique BYOD situation, see Appendix ity. Navigate to the Configure tab in the ZoneDirector A for step-by-step instructions. UI and then select WLANs in the left pane. When the WLANs page is open, select Create New to make a Flexible Onboarding with Zero-IT Activation new WLAN. What is Zero-IT Activation? 2. Configure the WLAN as follows: Zero-IT Activation is a unique wireless onboarding Name/ESSID = DPSK-ZERO-IT feature that enables wireless users to securely access Description = Enter a useful description or leave blank the network without IT staff intervention. Zero-IT works Authentication Method = Open in concert with the DPSK solution, automatically creat- Encryption Method = WPA2 ing and deploying DPSKs to valid users when they con- Algorithm = AES nect for the first time. Password = nter a long, complex passphrase E (this will not be given to users) Zero-IT Activation = Enabled How to BYOD with Ruckus Wireless Page 2
  • 3. How to BYOD with Ruckus Wireless Application Note Dynamic PSK = Enabled 1 2 In the Advanced Options, we can also specify VLAN settings for this WLAN. If we want to match this WLAN 5 6 to a specific VLAN, we can do so. Or, we can assign different users to different VLANs. This is useful if we have VLAN policies on the wired network and we want 9 10 to extend those policies to our wireless users. ACCESS VLAN = Enter VLAN ID (default = 1) Enable Dynamic VLAN = Enabled (check in box) 3. nly valid users can receive a DPSK with Zero-IT O Activation. To determine which users are valid, we need to decide what user database we’ll use for Zero-IT authentication. Scroll near the bottom of the WLANs page where you’ll find the Zero-IT authentication server settings and the Zero-IT URL (make a note of the URL). Select Local Database. (If integrating with an exist- 1 2 3 ing user database, this is where we would select our AD or LDAP database) 5 6 7 Click Apply (far right corner, not shown). Below the Zero-IT authentication server settings 9 10 is a configuration section for DPSK expiration. If desired, set a PSK lifetime after which the DPSK will expire. 4. ow create a user group that is permitted to access N this WLAN. Select Roles from the left-hand side. Create a new role. Name = ZERO-IT-role Description = nter a useful description or leave E blank Specify WLAN access = nable the DPSK- E ZERO-IT WLAN Click OK. 5. se the ZoneDirector’s local database and create U a new user for this role. Select Users from the left- hand side. Create a new user. Name = ZeroIT Full Name = First Last Password = password 1 2 3 4 Confirm Password = password 5 6 7 8 9 10 How to BYOD with Ruckus Wireless Page 3
  • 4. How to BYOD with Ruckus Wireless Application Note Role = ZERO-IT-role 1 2 3 4 Click OK. So a role has now been created that maps to the 5 6 7 8 DPSK-ZERO-IT WLAN and then we’ve created a user that belongs to this role. When this user enters his/ her username/password, the ZoneDirector will assign 9 10 a unique DPSK with permission to access the DPSK- ZERO-IT network. 6. o connect a client device, plug in to an Ethernet T port with access to the ZoneDirector’s sub- net/VLAN and use a Web browser to open the “activate” URL. The URL will always be the ZoneDirector IP address followed by /activate (e.g. https://192.168.2.34/activate). Note that the URL is 1 2 TLS encrypted. 7. his Web page serves as the DPSK authentica- T 5 6 tion portal to ensure you are a valid user. When the username/password (ZeroIT / password) created in step 5 is entered, the ZoneDirector will determine 9 10 the proper role and provision the client accordingly. 8. uccessful authentication will launch a file down- S load called “prov.exe,” “prov.apk,” or “prov.mobile- config,” depending on the OS type. 11 22 33 44 55 66 77 88 9 9 10 10 9. pen the file and Zero-IT will auto-configure the O WLAN profile (may require administrator privileges). 1 2 3 4 5 6 7 8 9 10 10. The configuration script will also automatically connect the client to the network. Zero-IT simplifies network setup for new users, as you can see. Configuring ZoneDirector is straightforward for IT staff and the client experience is intuitive. BYOD-Provisioning Now it’s important to look at device onboarding How to BYOD with Ruckus Wireless Page 4
  • 5. How to BYOD with Ruckus Wireless Application Note without Ethernet. Mobile phones and tablets are the 1 2 primary devices driving the BYOD trend, but they lack wired interfaces. So there needs to be a way to securely provision them with a clean, intuitive workflow. 5 6 How does BYOD Provisioning work? 9 10 By relying on the Zero-IT Activation feature, a “provi- sioning” network can be easily created to automati- cally redirect users to the Zone Director’s activate login 6b 6d screen. The open network is used only for device pro- visioning; after the ZoneDirector validates user creden- tials, mobile devices receive a configuration file that auto-configures the WLAN connection manager and re-connects them on the proper WLAN. Configuring and Using Zero-IT Activation for BYOD The BYOD setup for this is quite similar to the previ- ous wired Zero-IT setup. In fact, it relies on the DPSK- 1 2 3 ZERO-IT SSID already created for device connectiv- ity. Think of that WLAN as the corporate network. Now simply create a second WLAN that will serve as our 5 6 7 provisioning network. 9 10 6c To start, within the ZoneFlex system, define a new Hotspot Service to use for wireless provisioning. Hotspot Services are a way to control network access 1 2 6b 3 6d 4 6e on open networks. This helps ensure that the provision- ing network is used only for provisioning. 5 6 7 8 1. ind the Hotspot Services section on the left-hand F side and select it. In the main screen, create a new 9 10 6c Hotspot Service Name = BYOD-PROVISIONING 6b 6d 6e Login Page = ttps://xx.xx.xx.xx/activate, h where xx.xx.xx.xx is the IP address of the Zone Director (e.g. https://192.168.2.34/activate). This is the page to which ZoneDirector will redirect users for authentication. Create a New rule. Authentication Server = Local Database Enter the “activate” URL (https://192.168.2.34/acti- Wireless Client Isolation =Full vate) address here and click save. 2. t’s also important to configure a “walled garden,” I Click OK to save this Hotspot Service. which is a way to limit the network access on the 3. ow create a new WLAN to offer these Hotspot N Open network so it can only be used for provision- Services. Navigate back to the WLANs page and ing. To do so, expand the walled garden configura- create a new WLAN. tion section in our BYOD-PROVISIONING Hotspot Services profile. Name/ESSID = BYOD-PROVISIONING Description = Enter a useful description or leave blank Type = Hotspot Service (WISPr) How to BYOD with Ruckus Wireless Page 5
  • 6. How to BYOD with Ruckus Wireless Application Note 1 2 Authentication Method = Open 1 2 3 4 5 6 Encryption Method = None Hotspot Services = elect BYOD-PROVISIONING S 5 6 7 18 2 9 3 10 from the list. 4. n the wired DPSK with Zero-IT demo, a Role titled I 9 10 1 6c 25 36 46d 6b 7 ZERO-IT-role was already created. This role has per- mission to access the DPSK-ZERO-IT SSID. Confirm that this role is still present. 1 26b 3 6d 5 6e 69 4 7 86c 10 5. Now create a new mobile user in the local database that will be a member of the Zero-IT role. 5 6 7 9 8 6b 6c 10 6d 6e User Name = Mob.User Full Name = Mobile User 9 10 6c 6b 6d 6e Password = password Confirm Password = password 1 6b 2 6d 3 1 6e 4 2 3 4 Role = ZERO-IT-role 5 6 7 5 8 6 7 8 6. ow everything is ready to onboard this user and N his/her devices. a. With a mobile device (iphone shown here), con- 9 10 6c 9 10 6c nect to the BYOD-PROVISIONING SSID. b. aunch the browser and the URL redirect will L 6b 6d 6e 6b 6d 6e occur, taking you to the connection activation page. c. ogin with the Mob.User user credentials created L in step 5. d. uccessful login will launch the auto-configuration S profile. Install the profile. e. Now connect to the corporate WLAN (i.e. DPSK-ZERO-IT) 7. sing the ZoneDirector’s Monitor tab, currently U active clients can be easily viewed to check on users. Here, the connected iPhone, the MAC address bind- wireless networks and get users connected. Now we’ll examine how to use Zero-IT with role-based access to grant network privileges and keep the network prop- erly segmented. ing, the user name of the connected user, and some device specific information are all visible. Even with Role-Based Access a long list of users, it is easy to find specific clients using the search field. In conjunction with Zero-IT Activation and DPSK, Ruckus provides a straightforward way to apply roles The Zero-IT tool creates a quick and easy way to deploy How to BYOD with Ruckus Wireless Page 6
  • 7. How to BYOD with Ruckus Wireless Application Note to each user, granting access to WLAN policies and Now configure it in the ZoneDirector. VLANs according to the user type. By granting access based on user roles, IT staff can extend specific per- Implementing Role-Based Access missions to users based on wired network design and Start by creating the requisite WLANs. policy. 1. Navigate to the WLANs menu in the left pane and So far, we’ve focused on the internal database of the then create a new WLAN: ZoneDirector to create users, but in live networks, the ZoneDirector seamlessly integrates with an exist- Name/ESSID = Administration ing user database, such as Active Directory, Open Description = nter a useful description or leave E Directory, OpenLDAP, or eDirectory to determine a blank user’s role assignment. Authentication Method = Open The internal database of the ZoneDirector can be used Encryption Method = WPA2 for this feature which is shown in this demo. We’ll also Algorithm = AES discuss how you can use this feature with an external Password = nter a long, complex passphrase E database. (this will not be given to users) Zero-IT Activation = Enabled Planning Role-Based Access Dynamic PSK = Enabled By relying on the Zero-IT Activation feature, the “pro- In Advanced Options, visioning” network automatically redirects users to the Zone Director’s activate login screen. ACCESS VLAN = 0 1 Click OK. The first planning step to take is to decide what types of users will use the network, what roles to create for Now configure administrative users and roles so they those users, and what permissions should be assigned are mapped to this WLAN, receiving administrator priv- to these roles. ileges and policies. In this demo, we’ll create a mock education scenario Note: If we’re supporting multiple VLANs on each AP, using the following roles: we need to make sure our switch ports are configured to support those VLANs. • Administration • Staff 11 22 33 • Student We’ll create corresponding WLANs and then map the 55 66 77 users/roles to their proper WLAN. The last step is to evaluate the current wired network as 99 10 10 a baseline to decide to what VLAN user groups should be assigned. If an external user database that has VLAN attributes is being used, this process can be completely automated by enabling the Dynamic VLAN assignment feature. This adds additional flexibility, allowing the use of a sin- gle WLAN for different user types. As an example: • Administration – VLAN 10 • Staff – VLAN 50 • Student – VLAN 80 How to BYOD with Ruckus Wireless Page 7
  • 8. How to BYOD with Ruckus Wireless Application Note 2. reate the Staff and Student WLANs with the C 1 2 3 4 same parameters, changing the VLAN ID accord- ingly (we’ll skip the details here). For the student WLAN (or others, such as guests), you may wish to 5 6 7 8 configure other advanced features: • lient Isolation (prevents valid users from commu- C 9 10 nicating directly with one another through the AP) — this is recommended for guest and some stu- dent networks • Rate limiting policies • MAC or IP ACLs to limit network destinations 3. Now let’s navigate to the Roles page and create our respective roles. Create New. Name = Administrators Description = Enter a useful description or leave blank WLAN Policies = Enable Administration WLAN As shown, this user authenticated successfully and was assigned to the Administrators role. Zero-IT would then Click OK. 1 2 3 4 The Group Attributes value for this role (shown above) can be set if integrating with an existing user database (e.g. AD, LDAP, etc.). When the ZoneDirector queries 5 6 7 8 the database for authentication, the user’s group attri- bute automatically maps the user to a ZoneDirector 9 10 provision this user’s DPSK for the proper WLAN and VLAN. 1 2 5 6 role. To test this feature, use the Test Authentication 9 10 Settings feature built into ZoneDirector (navigate to the AAA Servers menu). To show how it works in a live environment, we’ve setup an OpenLDAP user database with an administrative user. In the LDAP database, this user is mapped to an administrator group. In ZoneDirector, pick the data- base and enter the credentials. This will test that the database is properly configured and that the user is assigned to the correct role. How to BYOD with Ruckus Wireless Page 8
  • 9. How to BYOD with Ruckus Wireless Application Note 4. Next, create the remaining roles. The role setup should be similar to previous setups. 5. the local database, we need to create our users In next. Enter the name, password, and then select the correct role. user can be added for each of the roles (admin, A 1 2 3 4 5 6 7 8 9 10 staff, student). The final user list will look similar to this. 6. Now its important to test the authentication set- tings for each user to ensure that users will be placed in the proper role and WLAN during authentication. That’s it —role-based access control with Zero-IT acti- vation. It’s easy for IT staff, easy for users, and provides flexibility with user policies and segmentation. Note: To explore this lab in greater detail, use a man- aged switch and a DHCP server. Create the VLANs on the switch and the DHCP scopes on the DHCP server for each VLAN. Connect a device to each WLAN (admin, staff, student) in turn. Observe the IP settings and VLAN access granted to each user type. Summary For organizations trying to solve BYOD challenges, it doesn’t have to be complex and cumbersome. With easy to implement features like Zero-IT configura- tion, Dynamic PSK, and simplified role-based access How to BYOD with Ruckus Wireless Page 9
  • 10. How to BYOD with Ruckus Wireless Application Note control, enterprises can leverage their existing net- 1 2 work resources to extend policies to their wireless users. Ruckus makes it painless to get users connected and provisioned with the correct network permissions. 5 6 After that, we keep them happily connected with reli- able RF performance. 9 10 Appendix A Configuring and Using DPSK Batch Generation The DPSK batch generation tool is a way to manually control per-user PSKs. This method of implementing DPSKs creates a DPSK file with multiple PSKs that can be offered to users or pre-configured on their devices. The onboarding process is similar to traditional WPA2- Personal networks, but it provides the added flexibility and security of DPSK. 1. Start by creating a new DPSK WLAN. Navigate to the Configure tab in the ZoneDirector UI and then select WLANs in the left pane. When the WLANs page is open, select Create New to make a new 1 2 3 WLAN. 2. Configure the WLAN as follows: 5 6 7 Name/ESSID = DPSK-batch Description = nter a useful description or leave E 9 10 blank Authentication Method = Open Encryption Method = WPA2 Algorithm = AES Password = nter a long, complex passphrase E (this will not be given to users) Zero-IT Activation = Enabled Dynamic PSK = Enabled Click OK. I n the advanced options, VLAN settings for this WLAN can also be specified. To match this WLAN to a spe- cific VLAN or assign different users to different VLANs is simple. This is useful if we have authorization policies on the wired network and want to extend those poli- cies to wireless users. How to BYOD with Ruckus Wireless Page 10
  • 11. How to BYOD with Ruckus Wireless Application Note ACCESS VLAN = Enter VLAN ID (default = 1) The default DPSK file has stock user names and empty Enable Dynamic VLAN = Enabled (check in box) MAC address bindings (we can customize these set- tings if we use the DPSK import tool). When a DPSK is used to connect to the network for the first time, the 3. While on the WLANs page, scroll to the Dynamic ZoneDirector will bind the device’s MAC address to the PSK Batch Generation section at the bottom. The DPSK batch tool is essentially an interface for cre- ating DPSKs. If we have a list of users (and their MAC address and assigned VLANs), we can import a comma separated value (.csv) file here. Otherwise, we can let the ZoneDirector create a file for us with default user- names and the default VLAN. This tool has flexible DPSK. 8. Test it and connect a client. Launch your wireless connection utility, scan for the DPSK-batch SSID and, using the first passphrase in the .csv file, con- nect to the WLAN as you would to a traditional PSK options, but let’s focus on a simple implementation for network. now. 9. Success! 4. Select the DPSK-batch WLAN from the drop-down list. This determines the SSID with which the gener- ated DPSKs will work. 5. Enter the number of unique DPSK users to create (e.g. 50) and a VLAN ID if you want this set of users to be auto-assigned to a specific VLAN when they connect. 6. lick Generate in the bottom right corner (not C shown in image above). You should see a message indicating success. 7. lick the link to download the generated DPSK C record, which will launch the .csv file download. Open the file. 10. n the ZoneDirector GUI (Monitor Currently I Active Clients), we will now see that BatchDPSK_ User_1 is an active client. And, we’ll see (Monitor Generated PSK/Certs) that the user’s DPSK has been mapped to the device’s MAC address. Ruckus Wireless, Inc. 880 West Maude Avenue, Suite 101, Sunnyvale, CA 94085 USA (650) 265-4200 Ph (408) 738-2065 Fx Copyright © 2012, Ruckus Wireless, Inc. All rights reserved. Ruckus Wireless and Ruckus Wireless design are registered in the U.S. Patent and Trademark Office. Ruckus Wireless, the Ruckus Wireless logo, BeamFlex, ZoneFlex, MediaFlex, FlexMaster, ZoneDirector, SpeedFlex, SmartCast, and Dynamic PSK are trademarks of Ruckus Wireless, Inc. in the United States and other countries. All other trademarks mentioned in this document or website are the w w w.r u c k u s w i re le s s .co m property of their respective owners. 805-71768-001 rev 01