Managing Student Devices on the School Wireless Network

1

BYOD – Bring Your Own DeviceHow a Campus Nightmare Is Averted

Presented by: Michael McNameeNCAIS Innovate 2011

2

Evolution of the Access Device

Ethernet

No need for QoS

One per user

IT sanctioned

Security per port

Ethernet and Wi-Fi

Data QoS

One per user

IT sanctioned

Security per user

Wi-Fi only

Multimedia QoS

Many per user

Staff & Student owned

Security per context

3

Creates a New Network Imperative

FixedNetworkInvestment

MobilityNetworkInvestment

2000 2005 2010

0 mobile device,

4 ports / user

1 mobile device,

2 ports / user

2-3 mobile devices,

1 port / user

4

Evolution of the Access Policies

ROLEBased Access

CONTEXTBased Access

? SecureX in 2012 ?

Device ID

VLANBased Access

The Competition

5

Enterprise Mobility: A Perfect Storm

Virtual DesktopsVirtual Desktops•Virtual Desktops:45M installations by 2013

•Citrix XenDesktop, VMware View

CollaborationCollaboration•Social Business: Jive, Chatter, Yammer

•Connections: Lync, Telepresence, Facetime

•Custom educational multimedia apps

•> 50% of staff adopting video

MultimediaMultimedia

(*) Source: Gartner

10x growth by 2013!

Mobile DevicesMobile Devices

Fortune 100 >80% deploying iPad & iPhoneSmartphones 289M in 2010 1B in 2013*Tablets 54.8M in 2011 300M in 2013*

6

Can I work from home?

No!

Exponential Pressure on IT Departments

Can I use my iPad?

No!

EndUsers

IT Managers

Can I video conference?

No!

Can I connect outdoors?

No!

7

Trapped Budgets in Existing NetworksNot Suited For Mobility

“Failure to put a comprehensive mobility strategy in place typically leads to higher cost, lower security, silo-ed solutions, and unnecessary duplication of services.” — Gartner, July 2010

• Disparate networks

• Siloed services

• Built for client-server

• No single view of users or devices

• No context awareness

Manager

1Manager

2Manager

3Manager

4Manager

5

VLAN

100VLAN

200VLAN

300VLAN

400VLAN

500

WIRELESS WIRED VPNREMOTEOFFICE OUTDOOR

8

Introducing Aruba MOVE™: Access Network Architecture for Mobility

Thin Access On-Ramps

IntegratedMobility Services

DATACENTER

WIRELESS WIRED VPNREMOTEOFFICE OUTDOOR

Centralized ControlThin Access

Rapid Service Delivery

Zero touch deployments for BYOD, Voice, Video

Context-based Policies

User, Device, Location and Application Aware

9

New Mobility Services

AuthorizationAuthorization SecuritySecurity

RFRFManagementManagement

Highest SecurityDevice fingerprinting

IPv6 certified firewall

Suite B encryption

RF OptimizationsApple Facetime QoS

Spectrum Enhancements

Multicast Enhancements

Network

ManagementWireless & Wired

Device Visibility

Context Aware

Access ManagementIndustry’s only self-

registration portal for

smartphones and tablets

10

New Access On-Ramps

Aruba S3500 SeriesIndustry’s only mobility access switch, truly unifying wireless and wired

Aruba AP-134/135Industry’s only Gigabit AP with firewall and spectrum analysis

Aruba InstantIndustry’s first enterprise-grade Wi-Fi that can be setup in under 3 minutes

Aruba AP-175 SeriesAruba’s industry-leading 802.11n technology – now available outdoors

Aruba VIA on Mobility ControllersNow available for MAC OS X

11

Bring Your Device to Campuswith SecurEdge Mobile Device Access Control Solution

End UserRequirements

IT Requirements

Easy to ConnectDevice Self Registration

High PerformanceQoS for each app

Quick to TroubleshootMonitor and locate each device

Zero TouchAuto install Certificate

Ready for High DensityFair bandwidth to all devices

Always SecureProtect each device user

12

Bring Your Device to Campus

802.11n AP Mobility Controller

Registration Server

Zero IT touch,context aware access

LAN & WLAN Management

Auto-identification of user, device, application

Monitoring, reporting per user and per device

Device Self Registration

Device Visibility

Device Fingerprinting

13

The SecurEdge Campus

Only Context Aware Access NetworkOnly Context Aware Access Network

Indoor and Outdoor APs

Mobility Access Switches

Mobility Services in Enterprise Cloud

1. Integrated Network Services

2. Highest Density Wireless LANs

• Unified Wireless, Wired Access

14

Mobility Enables Network Rightsizing

Thin On-Ramps

Common Policy

Single Interface

~70% Reduction in Access Network TCO~70% Reduction in Access Network TCO

VPNVPN

15

Rightsizing Example:2000 Employee Organization

$950

$1,211 $209

$491

Capex Opex

Other Solutions SecurEdgeSolution

70% Lower

3-Year Access Network TCO Per User 2,000 Students

300 Staff

75% use laptops

25% use desktops

80% use smartphones

30% use tablets

100% need VPN

30% have off campus needs

Guest Access

Phase out desk phones

16

Mobility Services

AuthorizationAuthorization SecuritySecurity

RFRFManagementManagement

• Device & User Authorization

• RF Visibility & Management

• Network Operations

• Network, User & Data Security Policies

17

Mobility Services

Only Unified Mobility Services in Enterprise CloudOnly Unified Mobility Services in Enterprise Cloud

1. Device & User Authorization

2. RF Visibility & Management

• Network, User, Data Security

• Network Operations

Management Device & Guest Registration

MobilityController

18

Support for Mobile Devices• Device Fingerprinting• Stateful QoS for Apple Facetime• IPv6 interfaces and routing

Industry’s Best Security• Suite B encryption for Wi-Fi and VPN• USGv6, ICSA IPv6 certified firewall

19

Network(s) Management

Device Visibility• Search, monitor, report, troubleshoot

based on device type

Context Aware• User, device, location, time visibility

across the entire access network

20

Network Access Management

Self Registration• Guest account delivery with SMS• Certificate installation on Apple iPads,

iPhones, and iPod Touches

Easily Customize Branding• Optimized view for mobile devices• Multimedia and ad content

Vendor, Technology Agnostic• Supports all major vendors• Wireless/Wired; Indoor/Outdoor• Installation Options

‒ virtual appliance‒ hardware appliance • 10K concurrent user sessions

21

Thin Access On-Ramps

Performance

Sca

le

AP-92/93

AP-105

AP-120 Series

AP-68

CAMPUS

SMALL OFFICE

HOME OFFICE & ROAD

SMALL OFFICE

CAMPUS

S3500

S3500ArubaStack

600

AP-130 SeriesOUTDOOR

Wi-Fi

Wired

AP-175

RAP

NEW!

NEW!NEW!

NEW!

22

Network Edge Solutions

LAN Core

Tunnel from wireless AP

Tunnel from wired port

* Roadmap

Wired Access Point

• Tunnel traffic to controller

• Policy enforcement at controller

Integrated Controller*

• Wired AP for 8 APs• Terminate tunnels

from Wireless APs

Ethernet Switch• Layer 2 forwarding• Rule-based policy

enforcement

Policy Enforcement

Policy Enforcement

S3500MobilityController

AirWave

23

VPN for Mac OS X

Zero Touch• Downloaded and installed by the user• Automatic connections when remote

Seamless Mobility• Firewall policies tied to user role• Same policy as in campus, branch

Best in Class Security• Suite B encryption for 802.11i, VPN• IPSec VPN with SSL fallback• Integrates with Aruba Content Security

Service

VIA is also available for Win7 32- & 64-bit

24

Mobility Controllers

620

650/651

3000 Series

6000 Series

CAMPUS

SMALL OFFICE

BRANCHOFFICE

S3500

Instant

NEW!

NEW!

Performance

Sca

le

25

Instant™ Access Points

Virtual Controller Technology• Adaptive Radio Management • Stateful firewall & rogue AP protection• Stateful QoS for voice & video

Instant WLAN Install• Over the air provisioning• Single screen user interface

Cloud-based Management• Network operations by AirWave

Software Upgradable to Join Controller-based WLAN

• IAP-105: Dual radio, integrated antennas

• IAP-92/93: Single radio external/integrated antennas

• 16 IAPs per group

CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved

SecurEdge Customers

27

ATB Financial

Insert Logo

Insert Pic

Unified Access Network

• >50% reduction in switch acquisition, deployment and cabling costs

• Unified security policies for staff, contractor and guest access

• Integrate wireless and wired network access management and increase mobility for users

• WLAN at 50 branches, S3500 in evaluation• Aruba AirWave for centralized management

Challenge

Result

Solution

28

Boston Medical Center

Insert Logo

Insert Pic


• Critical EMR, CPOE, ED and OR application delivery over Wi-Fi

• Single policy infrastructure for wireless and wired guest access, regulatory compliance

• Increase visibility, control and performance for the, primarily wireless, access network

• 600+ Aruba 802.11n APs for high performance WLAN for mobile device

• Aruba S3500 in evaluation

Challenge

Result

Solution

29

University of Tennessee

Insert Logo

Insert Pic


• Reduced costs for deployment and maintenance of the access network

• Easy of troubleshooting and planning with integrated management

• Wireless only access at residence halls, with application performance similar to wired

• 2000+ 802.11n AP Aruba WLAN with Aruba S3500 in evaluation

• Aruba AirWave for integrated management

Challenge

Result

Solution

30

University of California, Santa Barbara

• Integrated security policies across wireless and wired access

• Eliminate wired port VLAN requests

• A single policy and point of management for wired and wireless networks

• Aruba 802.11n APs and S3500s• Aruba AirWave for integrated management

Challenge

Result

Solution


31

SAP

• Large scale test environment for SAP iOS app for SAP customers

• Easy roll-out of new services and custom applications within SAP

• Access to business apps, documentation and customer information on the go

• Aruba global wireless LAN solution being designed to support more than 15,000 iPads

Challenge

Result

Solution

PaperlessOffice

Insert Pic

32

Ottawa Hospital

• Application quality assurance for custom Ottawa hospital iOS apps

• Cost savings in patient care with paperless service model

• Instant delivery of life and mission critical applications to staff, nurses and doctors

• Aruba application aware network ensuring QoS for >10,000 iPad, iPod Touch and iPhone devices by 2013

Challenge

Result

Solution

Mission Critical Mobile Apps

Insert Pic

33

Australian Open

• High performance indoor and outdoor Wi-Fi access for staff, audience, press

• 1.6 million impressions, 4,624 users registered, 31,595 sessions

• Extend WLAN coverage to support mobile devices used by the audience

• Aruba Amigopod enabling secure guest access authentication with intelligent ad content during authentication

Challenge

Result

Solution

Insert Logo

Insert Pic

High Density Guest Access

34

Liberty University

• Multimedia-Grade Wi-Fi: Optimized multicast, application aware QoS and RF management

• Video Case Study: http://bit.ly/dHof8p

• Reduce the cost of delivering TV service to the dorms with IPTV over Wi-Fi

• Broadcast television available over 802.11n. Available across the entire 5,000 acre, 123 building Liberty campus

• Common wireless network for data, broadcast video and voice.

• Saved over $1M by using Wi-Fi for IPTV

ChallengeChallenge

Why SecurEdgeWhy SecurEdge

SolutionSolution

We run 16 channels of standard and high definition IP Television across the entire Liberty University campus over Wi-Fi”

- Jimmy GrahamLiberty University

Video over 802.11n Wi-Fi

http://bit.ly/dHof8p

35

University of San Diego

• Seamless integration with campus Wi-Fi

• Scalable for large outdoor deployment

• Application optimization to support a mix of apps

• Connect iPads, smartphones outdoors• Efficient landscape irrigation • Public safety incident reports• Parking citations• Event ticketing and concessions

• ~75 Outdoor APs (mix of 80, 85 & 175)• Wi-Fi integration with Rainbird irrigation system

ChallengeChallenge

SolutionSolution

Why SecurEdgeWhy SecurEdge

Pervasive Outdoor Wi-Fi

36

Follow us! @SecurEdgeNet

For more updates on wireless design, deployment and security, follow us on twitter or read our blog at www.securedgenetworks.com