Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Save this PDF as:
 WORD  PNG  TXT  JPG

Size: px
Start display at page:

Download "Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security"

Transcription

1 Secure WiFi Access in Schools and Educational Institutions WPA2 / 802.1X and Captive Portal based Access Security Cloudessa, Inc. Palo Alto, CA July 2013

2 Overview The accelerated use of technology in the educational system has driven a widespread deployment of WiFi networks. The increased availability of network access in schools poses a unique set of access security challenges. WiFi networks must: Secure institutionally owned tablets and devices Host and secure student, faculty and guest bring your own device (BYOD) notebooks and phones Limit access to authorized users Protect user credentials Control access to network resources Manage bandwidth A comprehensive WiFi access infrastructure is an essential requirement for every school system and college campus network deployment. The infrastructure must ensure that only authorized users gain access to network resources, while maintaining a record of network activity to ensure accountability. Credentials must be validated for each user or device that attempts to connect to the network, and the appropriate level of authorization must be allocated for each user. Students, faculty, staff and visitors or guests each have different requirements and limitations, and each group should be prioritized based on the needs of the institution. Faculty and staff need immediate access to institutional records, exams and grades. Resources such as printers and external internet access should be readily available. Students require access to internal network resources, but unrestricted external internet access could impact productivity and affect network performance. Guests and visitors should have managed access, with uses and privileges defined. When architecting WiFi deployments, many school systems choose to set up different networks with different Service Set Identifiers (SSIDs) within the network. This allows network segments to be isolated: a highly secure network for faculty and staff; a restricted network for students; and an internet portal for guests and visitors. 2/9

3 Practical Considerations WPA2/802.1X (strong security) and Captive Portal (browser-based security) can provide secure and flexible access control for a diverse user base. Many institutions have an existing store of user names, passwords and other information to secure network access for faculty, staff and students. To simplify WiFi user authentication, an existing Active Directory, LDAP or SQL user database can be leveraged for authentication. A Google Apps user store can also now be used to establish user validation. Within a complex educational network environment, it is important to not only provide authentication services to limit who can access the network, but also to control what users access once they have been authenticated. For example, you can assign different users to specific VLANs. Strong port-based security ensures that individuals cannot access sensitive materials without a need for the information. The prioritization and delivery of data across the WiFi network is another important consideration when designing a network infrastructure. Within a large college or university, it may be necessary to allocate network bandwidth based on the institution s operational needs. Several complications exist within the current educational network framework: Different departments or schools within a large district may use different user stores or credentials, or need to enforce different access rights and security requirements. Many networks are built over time, and a variety of access gateways and WiFi access points (APs) from different vendors deployed in the network. Enforcing a consistent set of access control policies across different gateways from different vendors can be challenging. Educational network administrators must also be aware of institutional accountability for network access. It is imperative that educational institutions have records detailing who is accessing their network and be able to identify the responsible parties is there were ever to be a question of copyright or intellectual property infringement or other questionable activity emanating from their network. RADIUS accounting logs provide appropriate network access details to enable institutions to meet accountability requirements. The Role of RADIUS and AAA Network Management Authenticating users to a network through WPA2, 802.1X or Captive Portal requires the use of a RADIUS server. The RADIUS server provides the means to centrally manage authentication, authorization and accounting (AAA). This combination of services is the key component to manage and secure WiFi deployments in educational institutions. A centralized RADIUS server accepts authentication requests from WiFi access points. User authentication is processed throughalocaluserstore,orthroughan external database. Authentication is accepted or rejected based on the validity of the provided credentials. Authorization to network resources is based on attributes returned by the RADIUS server for each user session. Access logs are generated and stored to detail who (or what device) has accessed the network. 3/9

4 Multi-School WiFi Deployment with Cloudessa Hosted RADIUS Service The following diagram illustrates a RADIUS-based architecture for a multi-building school district or campus. Cloud / Internet Cloud User Store Cloudessa RADIUS Service Google Apps Native DB School District Data Center Active Directory LDAP SQL Teachers / Staff Visitors Students and Guests SCHOOL #1 Teachers / Staff Visitors Students and Guests Teachers / Staff SCHOOL #2 Visitors Students and Guests SCHOOL #3 Cloudessa RADIUS is deployed for security at all access gateways. Multiple SSID Educational WiFi Deployment with WPA2, 802.1X and Captive Portal Browser-based Login Security Cloudessa RADIUS is used to enforce access restrictions based on the SSID that the user or device associates with, and the user identity. Each access point is configured with multiple SSIDs, and each SSID has a unique set of authorized users and devices and a mandated level of access security. This allows educational institutions to segregate students, faculty and other users. 4/9

5 Cloudessa RADIUS Service Cloudessa Captive Portal Cloud Service Cloud / Internet Wi-Fi Network Controller (optional) Private / Public Cloud Students Active Directory LDAP Wi-Fi AP Cloud User Store Security Protocol Multiple SSID s Google Apps Teachers / Operations / Visitors / Guests Staff SQL Custom Data Store School Data Center This diagram illustrates a security architecture within a WiFi network configured with multiple SSIDs for different users. Access authentication is provided through either WPA2 / 802.1X or Captive Portal. Teachers and staff connect with the strong security of 802.1X. The access point sends authentication requests to the RADIUS server, and the RADIUS server responds with access accept or reject and the appropriate information for the user session based on the user profile. Students connect through 802.1X, or through a browser-based captive portal. Network privileges are dynamically configured based on the user s profile. Guests, visitors or operations connect through the Captive Portal, with limited network access. Each user is assigned to an appropriate user group. Network access privileges for each user group are defined in the RADIUS server. When a user successfully authenticates, the RADIUS accept message and the appropriate authorization attributes are sent to the access gateway. Those attributes are used to allocate the level of access for that session. 5/9

6 Cloudessa RADIUS Cloudessa RADIUS is a low-cost, scalable cloud-based RADIUS solution, ideal for school districts and universities with varied existing infrastructures. Cloudessa RADIUS is a subscription-based service that eliminates the cost and complexity of deploying a local RADIUS server. Cloudessa enables IT administrators to secure the WiFi network without capital expense: reducing cost, effort and time. School IT administrators can choose to manage the Cloudessa RADIUS service themselves, or to further simplify and expedite deployment, Cloudessa Managed Service Provider (MSP) partners are available to assist IT organizations with the technical expertise to design, deploy and manage the RADIUS infrastructure. Cloudessa is simple to configure and administer. The interface is accessible and intuitive. There is no hardware or software cost, and no installation requirements. A simple interface, configuration wizards, complete documentation and expert support enable you to implement access security with a minimal investment of time and resources. Cloudessa can leverage your existing authentication infrastructure. For example, if you have existing user data in Active Directory, LDAP, SQL, or Google Apps, you can re-use these resources for network access security without duplicating user information. Sensitive user information remains under IT control. 6/9

7 Cloudessa supports both industry standard WPA X based security, as well as Captive Portal browser-based authentication. Cloudessa is built on the FreeRADIUS code base. FreeRADIUS provides a proven market solution that is deployed in thousands of educational networks, including some of the largest Universities in the world. Cloudessa RADIUS is not just for WiFi. It can also authenticate users accessing the network from VPNs, firewalls and other access gateways in addition to WiFi APs. The RADIUS server can return user specific and session specific authorization attributes, including VLAN assignment and bandwidth allocation. For example, network traffic for faculty and staff can be prioritized over student activity to Facebook or Twitter. Virtual RADIUS Servers With Cloudessa RADIUS, administrators can create multiple virtual RADIUS servers with a single Cloudessa subscription. Each virtual RADIUS server can be configured to meet the needs of a specific functional or organizational unit. Different security and access levels can be established for each virtual RADIUS server. Virtual RADIUS functionality is powerful within a school district or large educational institution to enable a single centralized access security platform, accommodating the needs of each school or department. Enabling centralized management of resources simplifies administration across physical boundaries. Google Support Cloudessa RADIUS simplifies administration by allowing users to authenticate with Google Apps. If individuals have an existing user name and password to access Google Apps, the user can authenticate using the same credentials. Simply configure the Cloudessa RADIUS server for Google Apps authentication, and each time a user attempts to access the network, the RADIUS server validates the credential against Google Apps. The Google Chromebook can be used to securely access the network. Google Chrome OS includes an 802.1X client that simplifies the process of securely passing user credentials to the RADIUS server for authentication. Chromebook also supports Captive Portal browser based login. 7/9

8 Eduroam - Secure Roaming Internet Access for Educational Institutions According to the eduroam Policy Service Definition for SA3, Task 2: "eduroam" (EDUcation ROAMing) allows users from participating academic institutions secure Internet access at any eduroam-enabled institution. The architecture that enables this is based on a number of technologies and agreements, which together provide the eduroam user experience: open your laptop and be online. The basic principle underpinning the security of eduroam is that the authentication of a user is carried out at his/her home institution using the institution s specific authentication method. The authorization required to allow access to local network resources is carried out by the visited network. The European eduroam service provides this facility as a confederated service, built hierarchically. At the top level sits the confederation level service, which primarily provides the confederation infrastructure required to grant network access to all participating members of the eduroam service at any time. This confederation service is built upon the national roaming services, operated by the national roaming operators (NROs) (in most cases, NRENs). National roaming services make use of other entities, for example, campuses and regional facilities. A hierarchical system of Remote Authentication Dial-In User Service (RADIUS) servers is used to transport the authentication request of a user from the visited institution to his/her home institution, as well as the authentication response. Typically, every institution deploys a RADIUS server, which, in turn, is connected to a local user database. This RADIUS server is connected to a central, national RADIUS server, which, in turn, is connected to a regional or global RADIUS server. 1 Cloudessa RADIUS is fully compatible with the eduroam service, and can be deployed by institutions participating in the eduroam network as the "home" or "edge" RADIUS server, authenticating users against a local user database. Cloudessa RADIUS as-a-service enables institutions to quickly and easily participate in the eduroam network, without the hassle, capital cost, and on-going maintenance expense of deploying an onpremises RADIUS infrastructure. 1 eduroam Policy Service Definition for SA3, Task 2. M. Milinovi ć, Srce / CARNet, Stefan Winter, RESTENA and members of the SA3 T2 group; Date of Issue: 26/07/12 Document Code: GN /9

9 Strong WiFi Security on a School Department Budget with RADIUS-as-a-Service Cloudessa RADIUS offers the following advantages: Flexible consumptive licensing cuts costs vs. legacy RADIUS server cost. Capital expenditures and IT workload are reduced. RADIUS-as-a-service eliminates the burden of purchasing and maintaining hardware and software. IT operational expenses are reduced, with increased value for existing clients. IT can focus on high value activities instead of maintenance of infrastructure. Cloudessa Managed Service Partners are available to provide expert deployment assistance and can be engaged to fully manage, on an on-going basis, the Cloudessa RADIUS based access security infrastructure. Summary Educational institutions require a comprehensive security platform to enforce security across networks in an environment of increasing risk and liability. Network access must also be transparent and available to all users. Cloudessa managed RADIUS service enables educational institutions to quickly and easily deploy costeffective WiFi access security. As a subscription service, there are no hardware or software costs involved with deploying Cloudessa RADIUS. Your IT department can deploy and manage the service, or you can work with a WiFi reseller or Cloudessa MSP to have the service deployed and managed for you. Cloudessa offers a flexible and supportable solution. Cloudessa RADIUS supports virtually any WiFi AP or access gateway, and any backend user store. The solution is instantly scalable to handle any number of users in a centralized security environment, or in a geographically distributed organization. For additional details regarding securing WiFi deployments with Cloudessa RADIUS' or to learn more about our Educational Discount Program, please contact us at To try Cloudessa RADIUS, please visit - your first 10 users are free. Cloudessa, Inc East Bayshore Road, Suite 200 Palo Alto, CA, Call Us: P Us: 9/9

Cloudessa AAA and Captive Portal Cloud Service

Cloudessa AAA and Captive Portal Cloud Service Cloudessa AAA and Captive Portal Cloud Service Key Advantages Cloudessa AAA and Captive Portal Cloud Service makes it easy for any merchant, venue, institution, or organization to provide on-site WiFi

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation NXC5500/2500 Version 4.20 Edition 2, 02/2015 Application Note Captive Portal with QR Code Copyright 2015 ZyXEL Communications Corporation Captive Portal with QR Code What is Captive Portal with QR code?

More information

BYOD: BRING YOUR OWN DEVICE.

BYOD: BRING YOUR OWN DEVICE. white paper BYOD: BRING YOUR OWN DEVICE. On-boarding and Securing Devices in Your Corporate Network Preparing Your Network to Meet Device Demand The proliferation of smartphones and tablets brings increased

More information

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

ARCHITECT S GUIDE: Mobile Security Using TNC Technology ARCHITECT S GUIDE: Mobile Security Using TNC Technology December 0 Trusted Computing Group 855 SW 5rd Drive Beaverton, OR 97006 Tel (50) 69-056 Fax (50) 644-6708 admin@trustedcomputinggroup.org www.trustedcomputinggroup.org

More information

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

WiNG5 CAPTIVE PORTAL DESIGN GUIDE WiNG5 DESIGN GUIDE By Sriram Venkiteswaran WiNG5 CAPTIVE PORTAL DESIGN GUIDE June, 2011 TABLE OF CONTENTS HEADING STYLE Introduction To Captive Portal... 1 Overview... 1 Common Applications... 1 Authenticated

More information

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management Several trends have recently emerged to ignite the requirement for enterprise guest management. One is

More information

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER

What is Driving BYOD Adoption? SOLUTION CARD WHITE PAPER WHITE PAPER Enabling BYOD in K-12 with Seamless Mobile Device Accountability and Control How to ideally support mobile devices and maintain Web security and policy compliance in your schools About This

More information

Evolving Network Security with the Alcatel-Lucent Access Guardian

Evolving Network Security with the Alcatel-Lucent Access Guardian T E C H N O L O G Y W H I T E P A P E R Evolving Network Security with the Alcatel-Lucent Access Guardian Enterprise network customers encounter a wide variety of difficulties and complexities when designing

More information

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents

TECHNICAL WHITEPAPER. Author: Tom Kistner, Chief Software Architect. Table of Contents TECHNICAL WHITEPAPER Author: Tom Kistner, Chief Software Architect Last update: 18. Dez 2014 Table of Contents Introduction... 2 Terminology... 2 Basic Concepts... 2 Appliances... 3 Hardware...3 Software...3

More information

Frequently Asked Questions Aerohive ID Manager

Frequently Asked Questions Aerohive ID Manager Frequently Asked Questions Aerohive ID Manager About the Product... 1 Ordering FAQs... 4 Product Strategy... 6 About the Product 1. What is ID Manager? ID Manager is Aerohive s new cloud-based guest management

More information

Mobile Device Management Version 8. Last updated: 17-10-14

Mobile Device Management Version 8. Last updated: 17-10-14 Mobile Device Management Version 8 Last updated: 17-10-14 Copyright 2013, 2X Ltd. http://www.2x.com E mail: info@2x.com Information in this document is subject to change without notice. Companies names

More information

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS WHITEPAPER SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS EXECUTIVE OVERVIEW 2-Factor as a Service (2FaaS) is a 100% cloud-hosted authentication solution that offers flexible security without compromising user

More information

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com

Wireless Services. The Top Questions to Help You Choose the Right Wireless Solution for Your Business. www.megapath.com Wireless Services The Top Questions to Help You Choose the Right Wireless Solution for Your Business Get Started Now: 877.611.6342 to learn more. www.megapath.com Why Go Wireless? Today, it seems that

More information

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com

Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Manual Copyright 2013, 3CX Ltd. http://www.3cx.com E-mail: info@3cx.com Information in this document is subject to change without notice. Companies names and data used in examples herein are fictitious

More information

VLANs. Application Note

VLANs. Application Note VLANs Application Note Table of Contents Background... 3 Benefits... 3 Theory of Operation... 4 IEEE 802.1Q Packet... 4 Frame Size... 5 Supported VLAN Modes... 5 Bridged Mode... 5 Static SSID to Static

More information

Palo Alto Networks User-ID Services. Unified Visitor Management

Palo Alto Networks User-ID Services. Unified Visitor Management Palo Alto Networks User-ID Services Unified Visitor Management Copyright 2011 Aruba Networks, Inc. Aruba Networks trademarks include Airwave, Aruba Networks, Aruba Wireless Networks, the registered Aruba

More information

Design and Implementation Guide. Apple iphone Compatibility

Design and Implementation Guide. Apple iphone Compatibility Design and Implementation Guide Apple iphone Compatibility Introduction Security in wireless LANs has long been a concern for network administrators. While securing laptop devices is well understood, new

More information

Whitepaper. Tangible Benefits of Cloud Networking versus the alternative. www.cranberrynetworks.com

Whitepaper. Tangible Benefits of Cloud Networking versus the alternative. www.cranberrynetworks.com Whitepaper Tangible Benefits of Cloud Networking versus the alternative www.cranberrynetworks.com Maximizing the Cloud for Wireless Access Points and Hot Spot Management Companies, both for profit and

More information

data sheet Ruckus Smart Access Management Service moving smart wi-fi into the cloud

data sheet Ruckus Smart Access Management Service moving smart wi-fi into the cloud data sheet FEATURES AND BENEFITS Carrier-grade cloud Wi-Fi with a payas-you-grow service model Cost affective solution for small deployments to large deployments supporting thousands of clients devices

More information

An Overview of Samsung KNOX Active Directory and Group Policy Features

An Overview of Samsung KNOX Active Directory and Group Policy Features C E N T R I F Y W H I T E P A P E R. N O V E M B E R 2013 An Overview of Samsung KNOX Active Directory and Group Policy Features Abstract Samsung KNOX is a set of business-focused enhancements to the Android

More information

SOLUTION CARD WHITE PAPER. What is Fueling BYOD Adoption? Mobile Device Accountability and Control

SOLUTION CARD WHITE PAPER. What is Fueling BYOD Adoption? Mobile Device Accountability and Control WHITE PAPER Enabling Enterprise BYOD with Seamless Mobile Device Accountability & Control How to provide mobility and Web security in your organization s wireless network About This White Paper This white

More information

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. www.megapath.com. Get Started Now: 877.611.6342 to learn more.

Managed WiFi. Choosing the Right Managed WiFi Solution for your Organization. www.megapath.com. Get Started Now: 877.611.6342 to learn more. Managed WiFi Choosing the Right Managed WiFi Solution for your Organization Get Started Now: 877.611.6342 to learn more. www.megapath.com Everyone is going Wireless Today, it seems that everywhere you

More information

ADDING STRONGER AUTHENTICATION for VPN Access Control

ADDING STRONGER AUTHENTICATION for VPN Access Control ADDING STRONGER AUTHENTICATION for VPN Access Control Adding Stronger Authentication for VPN Access Control 1 ADDING STRONGER AUTHENTICATION for VPN Access Control A VIRTUAL PRIVATE NETWORK (VPN) allows

More information

IdentiFi and Eduroam Roaming Wireless Service Integration CONFIGURATION GUIDE

IdentiFi and Eduroam Roaming Wireless Service Integration CONFIGURATION GUIDE IdentiFi and Eduroam Roaming Wireless Service Integration CONFIGURATION GUIDE TABLE OF CONTENTS Introduction... 3 Prerequisites... 3 Design and Deployment Overview... 4 Configuring the wireless SSID and

More information

data sheet Ruckus Smart Access Management Service MOVING SMART WI-FI INTO THE CLOUD FEATURES AND BENEFITS

data sheet Ruckus Smart Access Management Service MOVING SMART WI-FI INTO THE CLOUD FEATURES AND BENEFITS data sheet FEATURES AND BENEFITS Carrier-grade cloud Wi-Fi with a payas-you-grow service model Cost effective solution for small deployments to large deployments supporting thousands of clients devices

More information

SA Series SSL VPN Virtual Appliances

SA Series SSL VPN Virtual Appliances SA Series SSL VPN Virtual Appliances Data Sheet Published Date July 2015 Product Overview The world s mobile worker population passed the 1 billion mark in 2010 and will grow to more than 1.3 billion by

More information

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access

Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access Cisco Outdoor Wireless Mesh Enables Alternative Broadband Access Cisco ServiceMesh defines a network design for service providers delivering valueadded municipal wireless services over a mesh network.

More information

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724

Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Appendix C Pricing Index DIR Contract Number DIR-TSO-2724 Infrastructure as a Service (IaaS) and Platform as a Service (PaaS) Amazon Web Services (AWS) is a comprehensive cloud services platform that offers

More information

HP Identity Driven Manager Software Series Overview

HP Identity Driven Manager Software Series Overview Overview HP Identity Driven Manager (IDM), a plug-in to HP PCM+, dynamically provisions network security and performance settings based on user, device, location, time, and endpoint posture. Identity Driven

More information

SSL VPN Technical Primer

SSL VPN Technical Primer 4500 Great America Parkway Santa Clara, CA 95054 USA 1-888-NETGEAR (638-4327) E-mail: info@netgear.com www.netgear.com SSL VPN Technical Primer Q U I C K G U I D E Today, small- and mid-sized businesses

More information

3Si Managed Authentication Services Service Description

3Si Managed Authentication Services Service Description 3Si Managed Authentication Services Service Description [Pick the date] 3Si Managed Authentication Services Service Description [Type the document subtitle] JT www.3sicloud.com www.3sicloud.com enquiry@3sicloud.com

More information

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key Wi-Fi Security More Control, Less Complexity Private Pre-Shared Key Mobility Meets Security Are the consumer devices in your environment exploding? Are your employees bringing their own devices? And has

More information

CTERA Cloud Storage Platform Architecture

CTERA Cloud Storage Platform Architecture CTERA Cloud Storage Platform Architecture Whitepaper by CTERA Networks Highlights How unstructured data growth drives cloud storage adoption The killer apps of cloud storage reviewed Putting cloud storage

More information

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been difficult and time-consuming. This paper describes the security

More information

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players

Where are Organizations Today? The Cloud. The Current and Future State of IT When, Where, and How To Leverage the Cloud. The Cloud and the Players The Current and Future State of IT When, Where, and How To Leverage the The and the Players Software as a Service Citrix VMWare Google SalesForce.com Created and Presented by: Rand Morimoto, Ph.D., MCITP,

More information

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0 White Paper Enterprise File Serving 2.0 Anywhere, Any Device File Access with IT in Control Like it or not, cloud- based file sharing services have opened up a new world of mobile file access and collaborative

More information

AAA & Captive Portal Cloud Service TM and Virtual Appliance

AAA & Captive Portal Cloud Service TM and Virtual Appliance AAA & Captive Portal Cloud Service TM and Virtual Appliance Administrator Manual Revision 28 August, 2013 Copyright, Cloudessa, Inc. All rights reserved To receive technical assistance with your Cloudessa

More information

An Enterprise Approach to Mobile File Access and Sharing

An Enterprise Approach to Mobile File Access and Sharing White Paper File and Networking Services An Enterprise Approach to Mobile File Access and Sharing Table of Contents page Anywhere, Any Device File Access with IT in Control...2 Novell Filr Competitive

More information

Penn State Wireless 2.0 and Related Services for Network Administrators

Penn State Wireless 2.0 and Related Services for Network Administrators The following document provides details about the operation and configuration parameters for Penn State Wireless 2.0 and Visitor Wireless. It is intended for Penn State network administrators who are considering

More information

Filtering and Identifying Web Activity by User Name

Filtering and Identifying Web Activity by User Name WavecrestTechBrief Filtering and Identifying Web Activity by User Name www.wavecrest.net When a company implements Web filtering and monitoring software, it typically wants to filter and monitor the Web

More information

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot

CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot CTERA Enterprise File Services Platform Architecture for HP Helion Content Depot Whitepaper by CTERA Networks Highlights How unstructured data growth drives cloud storage adoption Putting cloud storage

More information

Relay2 Enterprise Cloud Controller Datasheet

Relay2 Enterprise Cloud Controller Datasheet Relay2 Enterprise Cloud WLAN Network Controller Provides the power of enterprise network services without the complexities and cost of traditional hardware- based Wi- Fi controllers The Relay2 Enterprise

More information

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client

LANDesk White Paper. LANDesk Management Suite for Lenovo Secure Managed Client LANDesk White Paper LANDesk Management Suite for Lenovo Secure Managed Client Introduction The Lenovo Secure Managed Client (SMC) leverages the speed of modern networks and the reliability of RAID-enabled

More information

Mobile Printing for Business Made Easy

Mobile Printing for Business Made Easy Mobile Printing for Business Made Easy If users know how to send an email or go to a Web address, they can print with EveryonePrint EveryonePrint is the perfect fit for any business of any size, where

More information

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE

Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Mobile Secure Desktop Maximum Scalability, Security and Availability for View with F5 Networks HOW-TO GUIDE Solution Overview The VMware View Mobile Secure Desktop solution is a powerful architecture intended

More information

MS Series: Ethernet Power Study

MS Series: Ethernet Power Study Solution Guide MS Series: Ethernet Power Study JULY 2013 This document explores the power saving benefits that Cisco Meraki switches can bring to your Ethernet fabric by adding intelligence and reducing

More information

HP ProCurve Identity Driven Manager 3.0

HP ProCurve Identity Driven Manager 3.0 Product overview HP ProCurve Identity Driven Manager (IDM), a plug-in to HP ProCurve Manager Plus, dynamically provisions network security and performance settings based on user, device, location, time,

More information

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks.

Deploying secure wireless network services The Avaya Identity Engines portfolio offers flexible, auditable management for secure wireless networks. Table of Contents Section 1: Executive summary...1 Section 2: The challenge...2 Section 3: WLAN security...3 and the 802.1X standard Section 4: The solution...4 Section 5: Security...4 Section 6: Encrypted

More information

Symantec Mobile Management Suite

Symantec Mobile Management Suite Symantec Mobile Management Suite One Solution For All Enterprise Mobility Needs Data Sheet: Mobile Security and Management Introduction Most enterprises have multiple mobile initiatives spread across the

More information

Network Virtualization Network Admission Control Deployment Guide

Network Virtualization Network Admission Control Deployment Guide Network Virtualization Network Admission Control Deployment Guide This document provides guidance for enterprises that want to deploy the Cisco Network Admission Control (NAC) Appliance for their campus

More information

Aerohive Private PSK. solution brief

Aerohive Private PSK. solution brief Aerohive Private PSK solution brief Table of Contents Introduction... 3 Overview of Common Methods for Wi-Fi Access... 4 Wi-Fi Access using Aerohive Private PSK... 6 Private PSK Deployments Using HiveManager...

More information

Why a Server Infrastructure Refresh Now and Why Dell?

Why a Server Infrastructure Refresh Now and Why Dell? Why a Server Infrastructure Refresh Now and Why Dell? In This Paper Outdated server infrastructure contributes to operating inefficiencies, lost productivity, and vulnerabilities Worse, existing infrastructure

More information

Avaya Identity Engines Portfolio

Avaya Identity Engines Portfolio Key benefits Improved security and granular control: More secured wireless and guest access, role-based access control and compartmentalization of the network to segment and protect data Reduced costs:

More information

next generation privilege identity management

next generation privilege identity management next generation privilege identity management Nowadays enterprise IT teams are focused on adopting and supporting newer devices, applications and platforms to address business needs and keep up pace with

More information

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks

Tech Brief. Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Tech Brief Enterprise Secure and Scalable Enforcement of Microsoft s Network Access Protection in Mobile Networks Introduction In today s era of increasing mobile computing, one of the greatest challenges

More information

owncloud Architecture Overview

owncloud Architecture Overview owncloud Architecture Overview owncloud, Inc. 57 Bedford Street, Suite 102 Lexington, MA 02420 United States phone: +1 (877) 394-2030 www.owncloud.com/contact owncloud GmbH Schloßäckerstraße 26a 90443

More information

Server Software Installation Guide

Server Software Installation Guide Server Software Installation Guide This guide provides information on...... The architecture model for GO!Enterprise MDM system setup... Hardware and supporting software requirements for GO!Enterprise

More information

WHITE PAPER SOLUTION CARD. What is Fueling BYOD Adoption? Mobile Device Accountability and Control

WHITE PAPER SOLUTION CARD. What is Fueling BYOD Adoption? Mobile Device Accountability and Control WHITE PAPER Enabling BYOD in Government Agencies with Seamless Mobile Device Accountability & Control How to provide mobility and Web security in your agency s wireless network About This White Paper This

More information

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

White Paper. What is an Identity Provider, and Why Should My Organization Become One? White Paper What is an Identity Provider, and Why Should My Organization Become One? May 2015 Executive Overview Tame Access Control Security Risks: Become an Identity Provider (IdP) Organizations today

More information

The Technical Differential: Why Service Providers Choose VMware for Cloud-Hosted Desktops as a Service

The Technical Differential: Why Service Providers Choose VMware for Cloud-Hosted Desktops as a Service The Technical Differential: Technical WHITE PAPER Table of Contents Executive Summary...3 Partnering With VMware Makes Business Sense...3 The VMware DaaS Blueprint...3 The VMware Technology Advantage...4

More information

Virtuelle WLAN Controller Alcatel Lucent Wireless LAN Instant AP

Virtuelle WLAN Controller Alcatel Lucent Wireless LAN Instant AP Virtuelle WLAN Alcatel Lucent Wireless LAN Instant AP S. 1 Alcatel Lucent Instant Technology Over-the-air provisioning: Industry only wireless over the air WLAN setup Wizard driven setup: 5 minute WLAN

More information

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107

Okta Identity Management for Portals Built on Salesforce.com. An Architecture Review. Okta Inc. 301 Brannan Street San Francisco, CA 94107 Okta Identity Management for Portals Built on Salesforce.com An Architecture Review Okta Inc. 301 Brannan Street San Francisco, CA 94107 info@okta.com 1-888-722-7871 Contents 1 Okta: A Platform for Cloud

More information

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers

Increase Simplicity and Improve Reliability with VPLS on the MX Series Routers SOLUTION BRIEF Enterprise Data Center Interconnectivity Increase Simplicity and Improve Reliability with VPLS on the Routers Challenge As enterprises improve business continuity by enabling resource allocation

More information

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN

Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Deploying the ShoreTel IP Telephony Solution with a Meru Networks Wireless LAN Copyright 2005, Meru Networks, Inc. This document is an unpublished work protected by the United States copyright laws and

More information

Meru MobileFLEX Architecture

Meru MobileFLEX Architecture Meru MobileFLEX Architecture Bringing new levels of choice and control to enterprise wireless LANs Today, network management is a tug-of-war between user demands and IT requirements. Users are pulling

More information

owncloud Architecture Overview

owncloud Architecture Overview owncloud Architecture Overview Time to get control back Employees are using cloud-based services to share sensitive company data with vendors, customers, partners and each other. They are syncing data

More information

GlobalProtect Overview

GlobalProtect Overview GlobalProtect Overview Whether checking email from home or updating corporate documents from the airport, the majority of today's employees work outside the physical corporate boundaries. This increased

More information

Virtualized Architecture Enables Choice, Efficiency, and Agility for Enterprise Mobility

Virtualized Architecture Enables Choice, Efficiency, and Agility for Enterprise Mobility White Paper Virtualized Architecture Enables Choice, Efficiency, and Agility for Enterprise Mobility March 12, 2012 @ Copyright 2012 Meru. All rights reserved. Table of Contents Introduction 3 Virtualization

More information

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION

APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION APPENDIX B1 - FUNCTIONALITY AND INTEGRATION REQUIREMENTS RESPONSE FORM FOR A COUNTY HOSTED SOLUTION Response Code: Offeror should place the appropriate letter designation in the Availability column according

More information

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES

WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES WHITEPAPER SECUREAUTH AND CAC HSPD-12 AUTHENTICATION TO WEB, NETWORK, AND CLOUD RESOURCES Executive Overview U.S. Federal mandates dictates that personal with defense related initiatives must prove access

More information

Data Security and Healthcare

Data Security and Healthcare Data Security and Healthcare Complex data flows Millions of electronic medical records across many systems New and emerging business relationships Changing and maturing compliance frameworks Diverse population

More information

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services

White Paper: Cloud Identity is Different. World Leading Directory Technology. Three approaches to identity management for cloud services World Leading Directory Technology White Paper: Cloud Identity is Different Three approaches to identity management for cloud services Published: March 2015 ViewDS Identity Solutions A Changing Landscape

More information

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding

SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding SOLUTION BRIEF Citrix Cloud Solutions Citrix Cloud Solution for On-boarding www.citrix.com Contents Introduction... 3 The On- boarding Problem Defined... 3 Considerations for Application On- boarding...

More information

Palo Alto Networks AAC Lab Creation Guidelines v1.0

Palo Alto Networks AAC Lab Creation Guidelines v1.0 Palo Alto Networks AAC Lab Creation Guidelines v1.0 Contact Information Corporate Headquarters: Palo Alto Networks 3300 Olcott Street Santa Clara, CA 95054 http://www.paloaltonetworks.com/ About this Guide

More information

Vyatta Network OS for Network Virtualization

Vyatta Network OS for Network Virtualization Complete Security and Compliance for Virtual Environments Vyatta takes the concept of virtualization beyond just applications and operating systems and allows enterprise IT to also virtualize network components

More information

MERAKI WHITE PAPER Cloud + Wireless LAN = Easier + Affordable

MERAKI WHITE PAPER Cloud + Wireless LAN = Easier + Affordable MERAKI WHITE PAPER Cloud + Wireless LAN = Easier + Affordable Version 1.0, August 2009 This white paper discusses how a cloud-based architecture makes wireless LAN easier and more affordable for organizations

More information

Service Virtualization

Service Virtualization Service Virtualization A faster, more efficient and less costly way to develop and test enterprise-class applications As cloud and mobile computing gain rapid acceptance, IT departments are expected to

More information

Open Directory. Apple s standards-based directory and network authentication services architecture. Features

Open Directory. Apple s standards-based directory and network authentication services architecture. Features Open Directory Apple s standards-based directory and network authentication services architecture. Features Scalable LDAP directory server OpenLDAP for providing standards-based access to centralized data

More information

NETGEAR /ValuePoint Networks Interoperability Report

NETGEAR /ValuePoint Networks Interoperability Report NETGEAR /ValuePoint Networks Interoperability Report Delivering a Personalized Wireless Experience to Hotel Guests application notes Table of Contents Introduction... 3 HOW TO DEPLOY THE JOINT SOLUTION...

More information

What s New in VMware vsphere 5.1 VMware vcenter Server

What s New in VMware vsphere 5.1 VMware vcenter Server What s New in VMware vsphere 5.1 VMware vsphere 5.1 TECHNICAL MARKETING DOCUMENTATION V 1.0/UPDATED JULY 2012 Table of Contents Introduction... 3 Key Components... 3 vcenter Single Sign-On Server.... 3

More information

The Dangers of Consumer Grade File Sharing in a Compliance Driven World

The Dangers of Consumer Grade File Sharing in a Compliance Driven World The Dangers of Consumer Grade File Sharing in a Compliance Driven World Enterprise data access is spiraling out of control owncloud, Inc. 57 Bedford Street Suite 102 Lexington, MA 02420 United States www.owncloud.com/contact

More information

Monitoring & Measuring: Wi-Fi as a Service

Monitoring & Measuring: Wi-Fi as a Service Monitoring & Measuring: Wi-Fi as a Service Parker Smith, Director of Business Development, ProCloud Services, ADTRAN IT Professional Wi-Fi Trek 2015 Agenda Wireless Trends and Impacts How Cloud Wireless

More information

WiFiLAN Cloud. Wifi soft Solutions

WiFiLAN Cloud. Wifi soft Solutions WiFiLAN Cloud Wifi soft Solutions Company Snapshot 2 Our Lines of Business Hotspot Solutions Enterprise Solutions Home Solutions Social Media & Analytics Portal Page Legal Compliance User Tracking Hotspot

More information

Exploiting the business potential of BYOD (bring your own device)

Exploiting the business potential of BYOD (bring your own device) WHITE PAPER: EXPLOITING THE BUSINESS POTENTIAL OF BYOD........................................ Exploiting the business potential of BYOD (bring your own device) Who should read this paper This paper addresses

More information

Securing Wireless LANs with LDAP

Securing Wireless LANs with LDAP A P P L I C A T I O N N O T E Securing Wireless LANs with LDAP Many organizations have standardized on LDAP (Lightweight Directory Access Protocol) servers as a repository for their users and related security

More information

XPress Cloud Connecting People, Cloud, and Things

XPress Cloud Connecting People, Cloud, and Things XPress Cloud Connecting People, Cloud, and Things Roger Austin Director of Cloud Channels April 2015 Compute Evolution Drives Network Change The Cloud Is Driving New Network Requirements (USD millions)

More information

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks

Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Cisco IT Article December 2013 End-to-End Security Policy Control Cisco IT Validates Rigorous Identity and Policy Enforcement in Its Own Wired and Wireless Networks Identity Services Engine is an integral

More information

White Paper: Managing Security on Mobile Phones

White Paper: Managing Security on Mobile Phones White Paper: Managing Security on Mobile Phones April 2006 Managing Security on Mobile Phones April 2006 Table of Contents Abstract...2 Executive Summary...2 The Importance Of Managing Security On Mobile

More information

Cloud Computing in a Restaurant Environment

Cloud Computing in a Restaurant Environment WHITE PAPER Cloud Computing in a Restaurant Environment Cloud Computing in a Restaurant Environment How Restaurants Leverage New Cloud Computing Technologies to Achieve PCI Compliance By Bradley K. Cyprus

More information

Meru MobileFLEX Architecture

Meru MobileFLEX Architecture Meru MobileFLEX Architecture Bringing new levels of choice and control to enterprise wireless LANs Mobility has transformed work from a location to an activity. Smartphones, tablets, and laptops enable

More information

Cisco Virtual Office Express

Cisco Virtual Office Express . Q&A Cisco Virtual Office Express Overview Q. What is Cisco Virtual Office Express? A. Cisco Virtual Office Express is a solution that provides secure, rich network services to workers at locations outside

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Equitrac Office 5. The intelligent enterprise print management system. 2002-2013 Nuance Communications, Inc. All rights reserved.

Equitrac Office 5. The intelligent enterprise print management system. 2002-2013 Nuance Communications, Inc. All rights reserved. Equitrac Office 5 The intelligent enterprise print management system 2002-2013 Nuance Communications, Inc. All rights reserved. Page 1 Equitrac Office 5 a unique blend of innovation and field proven performance

More information

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2

Deployment Guide Sept-2014 rev. a. Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2 Deployment Guide Sept-2014 rev. a Array Networks Deployment Guide: AG Series and DesktopDirect with VMware Horizon View 5.2 Table of Contents 1 Introduction... 2 1.1 Array Networks AG Series Secure Access

More information

APPENDIX 3 LOT 3: WIRELESS NETWORK

APPENDIX 3 LOT 3: WIRELESS NETWORK APPENDIX 3 LOT 3: WIRELESS NETWORK A. TECHNICAL SPECIFICATIONS MAIN PURPOSE The Wi-Fi system should be capable of providing Internet access directly to a user using a smart phone, tablet PC, ipad or Laptop

More information

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network...

1 Purpose... 2. 2 Scope... 2. 3 Roles and Responsibilities... 2. 4 Physical & Environmental Security... 3. 5 Access Control to the Network... Contents 1 Purpose... 2 2 Scope... 2 3 Roles and Responsibilities... 2 4 Physical & Environmental Security... 3 5 Access Control to the Network... 3 6 Firewall Standards... 4 7 Wired network... 5 8 Wireless

More information

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition

The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition The PortalGuard All-In-One Authentication Solution-set: A Comparison Guide of Two-Factor Capabilities vs. the Competition Find out what organizations need to know to compare two-factor vendors and check

More information

Propalms TSE Deployment Guide

Propalms TSE Deployment Guide Propalms TSE Deployment Guide Version 7.0 Propalms Ltd. Published October 2013 Overview This guide provides instructions for deploying Propalms TSE in a production environment running Windows Server 2003,

More information

VMware vcloud Service Definition for a Public Cloud. Version 1.6

VMware vcloud Service Definition for a Public Cloud. Version 1.6 Service Definition for a Public Cloud Version 1.6 Technical WHITE PAPER 2011 VMware, Inc. All rights reserved. This product is protected by U.S. and international copyright and intellectual property laws.

More information