Solution Brief. ID Manager. Simplified BYOD Management to Help Reduce IT Workload

Similar documents
solution brief ID Manager Leverage the Cloud to Simplify and Automate Enterprise Guest Management

Frequently Asked Questions Aerohive ID Manager

Aerohive Private PSK. solution brief

Wi-Fi Security. More Control, Less Complexity. Private Pre-Shared Key

Aerohive Client Management

Solution Brief. Aerohive and OpenDNS. Advanced Network Security for Retail Stores

BYOD: BRING YOUR OWN DEVICE.

HiveManager Client Management

WiNG5 CAPTIVE PORTAL DESIGN GUIDE

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Solution Brief. Branch on Demand. Extending and Securing Access Across the Organization

Secure WiFi Access in Schools and Educational Institutions. WPA2 / 802.1X and Captive Portal based Access Security

Ubiquitous Wireless Network for Law Firms and Legal Offices

Securing Wireless LANs with LDAP

White Paper. Retail Made Personal. Make the shopping experience personal, relevant, and profitable

Xirrus EasyPass Access Services

Addressing BYOD Challenges with ForeScout and Motorola Solutions

The Benefits of Cloud Networking Enable cloud networking to lower IT costs & boost IT productivity

The Benefits of Cloud Networking

Cortado Corporate Server

NXC5500/2500. Application Note. Captive Portal with QR Code. Version 4.20 Edition 2, 02/2015. Copyright 2015 ZyXEL Communications Corporation

White Paper. Anywhere, Any Device File Access with IT in Control. Enterprise File Serving 2.0

Secure network guest access with the Avaya Identity Engines portfolio

ForeScout MDM Enterprise

The ForeScout Difference

Cisco Mobile Collaboration Management Service

Smart Mobility Platform for Retailers

Stefan Dürnberger. Consulting Systems Engineer Cisco Deutschland. sduernbe@cisco.com. Co-Author Bitkom Leitfaden BYOD

SOLUTION BRIEF Enterprise Mobility Management. Critical Elements of an Enterprise Mobility Management Suite

Cloud Services Platform. Security and Availability Controls Overview

Executive Summary P 1. ActivIdentity

Robust security is a requirement for many companies deploying a wireless network. However, creating a secure wireless network has often been

Symantec App Center. Mobile Application Management and Protection. Data Sheet: Mobile Security and Management

Bring Your Own Device. Putting Context into Wireless Security. Glen Stacey Networking Systems Engineer

Avaya Identity Engines Portfolio

Two-Factor Authentication

WHITEPAPER. SECUREAUTH 2-FACTOR AS A SERVICE 2FaaS

Security Services. Benefits. The CA Advantage. Overview

An Overview of Samsung KNOX Active Directory and Group Policy Features

Workplace-as-a-Service BYOD Management

BRING YOUR OWN DEVICE (BYOD) AND MOBILE DEVICE MANAGEMENT

SOLUTION BROCHURE. Lifecycle Wireless Infrastructure, Security and Services Management

Vodafone Global Enterprise Deploy the Apple iphone across your Enterprise with confidence

API-Security Gateway Dirk Krafzig

RSA Authentication Manager 8.1 Help Desk Administrator s Guide

Aerohive and JAMF Software

Cloud Services MDM. ios User Guide

Secure File Sync & Share with Acronis Access Advanced Date: July 2015 Author: Kerry Dolan, Lab Analyst

Kaseya IT Automation Framework

Simplify SSL Certificate Management Across the Enterprise

White Paper. What is an Identity Provider, and Why Should My Organization Become One?

Wireless LAN Best Practices for Compliant Care

How to Configure Guest Management on the DWC-1000

Microsoft Enterprise Mobility Suite

ARCHITECT S GUIDE: Mobile Security Using TNC Technology

The Myths & Truths of Enterprise Mobile Printing: 9 ways PrintMe Mobile sets the truth and your IT department free.

Enrollment System GETTING TO THE BOTTOM OF BYOD... AND COMING OUT ON TOP

Athena Mobile Device Management from Symantec

Business Case for Voltage Secur Mobile Edition

Addressing the SANS Top 20 Critical Security Controls for Effective Cyber Defense

Systems Manager Cloud Based Mobile Device Management

Addressing the BYOD Challenge with Okta Mobility Management. Okta Inc. 301 Brannan Street San Francisco, CA

bbc Overview Adobe Flash Media Rights Management Server September 2008 Version 1.5

Workday Mobile Security FAQ

Securing Enterprise Mobility for Greater Competitive Advantage

WHITE PAPER. Deploying Mobile Unified Communications for Avaya

Enterprise Mobility Management Migration Migrating from Legacy EMM to an epo Managed EMM Environment. Paul Luetje Enterprise Solutions Architect

Onegini Token server / Web API Platform

SECUREAUTH IDP AND OFFICE 365

"Secure insight, anytime, anywhere."

Consumerization. Managing the BYOD trend successfully. Harish Krishnan, General Manager, Wipro Mobility Solutions

THE SECURITY OF HOSTED EXCHANGE FOR SMBs

Meru Education-grade Solutions for Uninterrupted Learning SOLUTION BRIEF HIGHER EDUCATION

WHITE PAPER. Addressing the Five Requirements of BYOD for Mobile Unified Communications

DirX Identity V8.4. Secure and flexible Password Management. Technical Data Sheet

WatchGuard SSL 2.0 New Features

OWA vs. MDM. Once important area to consider is the impact on security and compliance policies by users bringing their own devices (BYOD) to work.

ADDING STRONGER AUTHENTICATION for VPN Access Control

Now Leverage Big Data for Successful Customer Engagements

Strong Authentication: Enabling Efficiency and Maximizing Security in Your Microsoft Environment

Windows Phone 8.1 in the Enterprise

A Brief Insight on IOS deployment in Education System- need for 3 rd Platform implementation in Schools

Bring Your Own Device (BYOD) and Mobile Device Management.

Bring Your Own Device (BYOD) and Mobile Device Management

Bring Your Own Device (BYOD) and Mobile Device Management. tekniqueit.com

Enterprise Content Sharing: A Data Security Checklist. Whitepaper Enterprise Content Sharing: A Data Security Checklist

WHITEPAPER. BYOD Best Practices. Requirements and Challenges. Copyright 2013 Meru Networks, Inc. All rights reserved.

Bring Your Own Device Mobile Security

Managing Personal Devices in the Enterprise

Integration of Visitor Management with Access Control Systems

Security Guide. BlackBerry Enterprise Service 12. for ios, Android, and Windows Phone. Version 12.0

Healthcare Solution Brief. Simpli-fi Point of Care Solution Improving patient care with a simple, cost-effective and resilient wireless network

MDM Integration with Cisco Identity Service Engine. Secure Access How -To Guides Series

The Network and The Cloud: Addressing Security And Performance. How Your Enterprise is Impacted Today and Tomorrow

Connected Store & Restaurant in a Box

One platform for all your print, scan and device management

What s New in Centrify Privilege Service Centrify Identity Platform 15.4

Mobile Device Management

Symantec Mobile Management 7.2

data sheet Ruckus Smart Access Management Service MOVING SMART WI-FI INTO THE CLOUD FEATURES AND BENEFITS

Transcription:

Solution Brief ID Manager Simplified BYOD Management to Help Reduce IT Workload

2 ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD Table of Contents Introduction 3 How it Works 3 Authentication 3 ID Manager APIs 5 Supported Use Case 6 Scalability and Ease of Maintenance Through the Cloud 7 Reporting 8 Summary 8 About Aerohive 8

ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD 3 Introduction In today s highly connected organizations, end users expect to have Wi-Fi access across the campus and from any of their devices. While this requirement is essential for today s corporate and education environments, it also opens up a secure network to a multitude of potential issues with Bring-Your-Own- Devices (BYOD). Over the last years, Mobility has drastically reshaped the connotation and central use case for BYOD. BYOD started out as a means to support user devices primarily for work purposes. As a result, MDM was applied to secure the devices, and personal use was disallowed or strongly discouraged. Today, employees mobile devices like smartphones and tablets are invading the workplace. Users are unlikely to accept MDM on them - it is viewed as spyware and they demand to be able to use their devices for both private and work purposes. As a result, personal BYOD is today s primary use case. It also presents a set of unique challenges that cannot be addressed by MDM-supported BYOD implementation. Challenges include the need to support a wide variety of devices and OS, while at the same time satisfying the security team s demands for managed network access. An already overloaded IT department is then left to manage these devices to ensure that all BYOD have the appropriate level of network access and field the associated help-desk calls. How it Works One of the most difficult concepts in provisioning a fully functional BYOD management system is that the requirement for network access can vary widely. Some visitors only need Internet access, while employees and long-term contractors need extensive access to corporate applications and resources. A simple one size fits all BYOD network does not provide the granularity that is needed to deliver this differentiated access. Authentication The missing element is authentication integration, which is usually a costly and complex procedure requiring significant expertise in working with AAA infrastructure and often leads to additional hardware, software, and licensing expenses beyond the existing network infrastructure. All Aerohive access points, routers and switches are managed by HiveManager and already provide authentication services and integration with existing directory services. ID Manager leverages this capability and creates an authentication-specific private connection between the Aerohive devices and the Aerohive Cloud Services Platform. This allows the configuration of multiple BYOD profiles - from casual guests to fully secure employees that govern where, when and for how long devices can access the network and what type of content is available to them. ID Manager provides a strong feature set that enables organizations to pick the options that work best for them and that can integrate with existing authentication infrastructure. For example: For authentication protocols, ID Manager supports both RADSEC and SAML, with Active Directory Federation Services (ADFS). The latter are preferred methods for BYOD management in enterprises and higher-education organizations. Using AD Group Membership information to define which guest types are made available to employees vs. front desk personal. You can also use AD Member of data to define the number of credentials, either per user, or per company site, to manage license utilization across the company.

4 ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD To enable the diverse requirement of large organizations, ID Manager supports three types of authentication credentials: Private Pre-Shared Keys (PPSK). PPSK are an innovation from Aerohive and help bridge the gap between PSK and 802.1X certificates. Essentially, PPSK are strong, unique keys created for every device. They allow users to be individually identified, authenticated and assigned to a BYOD user profile. This is similar to the experience with 802.1X authentication, but without the associated overhead and deployment complexity. At the same time, PPSK are still based on PSK. As such, they are broadly supported by consumer devices and simplify the authentication process for the user compared to 802.1X certificates. This in turn helps reduce help desk calls. Traditional 802.1X certificates (WPA2-Enterprise) with Active Directory integration. While this is arguably the most secure authentication method, it also comes with high deployment complexity and added cost. BYOD management can require accommodating thousands of BYOD users, many with 3-5 devices. For such device volumes, 802.1X certificates are often not considered practical. In addition, many consumer devices do not support 802.1X certificates. Traditional Pre-Shared Keys (PSK), where all users have the same network password. PSKs are easy to administer, but simply not secure enough for continuous corporate use. And while they seem user-friendly at first, consider that if one device gets lost or stolen, all other devices on the network need to update their password. Since this is unlikely to go smoothly, the need for a global password update will increase the number of helpdesk calls and disrupt the end user experience. The diagrams above outline the usage scenarios with PSK in more detail. SSIDs with pre-shared keys have several advantages. They are easy to set up, are widely supported by client devices, and do not require authentication servers, certificates, or extra configurations on the clients. Despite these benefits, the fact that all users on the same SSID must use the same key creates issues: If one user leaves or loses the wireless client, the preshared keys on the access points and all clients must be changed to protect the wireless LAN from unauthorized access. All users on the SSID must belong to the same user profile and network policy, including the same QoS rate control and queuing policy, VLAN, tunnel policy, firewall policies, and schedules.

ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD 5 The diagrams above outline the usage scenarios with PPSK in more detail. With PPSK, it is possible to create network policies for individual users or groups of users including different VLANs, firewall policies, tunnels, and schedules. PPSK users and/or user groups can be defined in a spreadsheet program like Microsoft Excel, saved in a file formatted for CSV (comma separated values), and imported into HiveManager. ID Manager APIs Aerohive also offers ID Manager APIs that let customers and partners create unique, tuned BYOD management workflows for their environments. The APIs serve two major purposes: Allow customers to integrate ID Manager into their business systems. Let partners integrate ID Manager functionality with their own solutions. For example, a provider of visitor management systems can use the ID Manager APIs to integrate the guest credentials into the badge and/or print the credentials on the badge. To that end, the ID Manager REST APIs provide several basic functions: Authentication of the employee via Active Directory Query for available Guest Types Create and delete credentials Name and rename credentials Deliver credentials

6 ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD API Integration is simply enabled, via the Configuration Menu/ID Manager Settings in the web-based ID Manager interface. Aerohive has also implemented the ID Manager APIs in the ID Manager applications for ios and HTML5, to demonstrate our vision for ID Manager. The HTML5 application can be used for a broad range of devices and OS, or it can be hosted on a web server. The applications are available to customers as is, or as reference applications for customization. Supported Use Cases A key requirement for successful, scalable BYOD systems is to help reduce IT workload. ID Manager achieves this with its simplified and automated workflows that reduce help-deck calls, and allow off-loading of BYOD key generation and basic management to employees. Easy distribution of the BYOD keys is equally important. With ID Manager, keys can be emailed, sent via SMS, printed out, or even tweeted. Two important design considerations for ID Manager were to simplify the BYOD on-boarding process so that employees can accomplish it, and to provide flexibility for organizations around its implementation. As a result, ID Manager supports a variety of use cases for device registration: An employee registers their personal device for use on the company network. They can use either the web-based interface of ID Manager, or the new ID Manager applications for ios and HTML5. Both the web-based interface and the applications have a simple, intuitive UI that allow entering of user and device information, and automatic generation of device keys in only a few steps. This use case is becoming the pre-dominant requirement for BYOD. Employees expect to be able to access the company network on their personal devices, and use them for both work-related and casual tasks during the workday. Providing an easy, convenient method of onboarding their own devices will reduce the IT workload considerably. ID Manager IOS app, Personal Key Generation.

ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD 7 A guest uses a self-service kiosk in the lobby to register a guest profile. Self-service kiosks are a convenient way for guests to register themselves, and may be a requirement if the lobby is not staffed, or not staffed continuously. ID Manager allows for a self-service portal to be created and served via a web Browser in a kiosk, with two options to do so: o IT can provision web-enabled computers or tablets in the lobby and set the guest policy through their HiveManager interface. o The IT administrators can also enable guests to self-register through a Captive Web Portal on guests own mobile devices. With either option, IT can specify encryption, time until expiration, and device profiles for registrations. The Aerohive Cloud Services Platform even includes automatic localization into different languages. Captive Web Portal A lobby host accesses the web-based ID Manager to generate a guest profile. The receptionist uses their computer or a tablet to access the web-based interface of ID Manager. A variety of guest profiles can be configured by IT, and will then be presented to the receptionist so they can choose the appropriate guest profile, e.g. a temporary visitor, a summer intern or a long-term contractor, all with appropriate access rights. I ID Manager Web Interface Guest Types Employee Sponsorship: An employee registers a guest, or group of guests. This can also be done in advance of the actual visit so that the network key(s) will be ready upon guests arrival. The employee can do so by using: o o The web-based interface of ID Manager or The new ios ID Manager application on their mobile device. Scalability and Ease of Maintenance through the Cloud ID Manager utilizes the Aerohive Cloud Services Platform to eliminate the need for any additional hardware or software. As a result, it scales seamlessly, and can manage secure, profile-based access for thousands of users anywhere in the world. Scalability is becoming a key requirement for BYOD systems in enterprises or higher education organizations (e.g. colleges). Consider an organization with 10,000 and more employees or students. A user population this size translates quickly into a need for more than 50,000 keys, plus keys for guests. ID Manager handles these and larger volumes of credentials. Another advantage of the cloud services platform is that the latest features and security enhancements are applied automatically, and across the entire user base - whether it s in one location or distributed

8 ID MANAGER: SIMPLIFIED BYOD MANAGEMENT TO HELP REDUCE IT WORKLOAD internationally. These are very tangible benefits that help further reduce the IT workload associated with BYOD management. Reporting ID Manager includes comprehensive reporting features for tracking and analysis of device usage, including: Number of authentication requests, accepted and rejected Accounting log to track user data transfer Session time tracking Audit log for monitoring administrative and operator usage of the system With this information, IT administrators are well equipped to monitor ongoing usage and determine whether any adjustments are needed to ensure the desired level and manner of system usage. Summary In the past, provisioning secure, identity-based BYOD management has required the attention of an already overstretched IT staff and front desk personnel to administer credentials. Today s enterprises need a solution that is simple to deploy and administer, and helps reduce the IT workload resulting from BYOD initiatives. ID Manager can effectively address these requirements: with it s automated, simplified workflows it enables IT to offload key generation and basic management to employees. It enables secure, profile-based administration of credentials that provides well-defined access rights to employees and different types of guests, depending on their needs. With it s comprehensive set of functionality; IT will be able to effectively manage the deployment of current and future BYOD initiatives. About Aerohive Aerohive (NYSE: HIVE) enables our customers to simply and confidently connect to the information, applications, and insights they need to thrive. Our simple, scalable, and secure platform delivers mobility without limitations. For our tens of thousands of customers worldwide, every access point is a starting point. Aerohive was founded in 2006 and is headquartered in Sunnyvale, CA. Aerohive is a registered trademark of Aerohive Networks, Inc. All product and company names used herein are trademarks or registered trademarks of their respective owners. All rights reserved. Aerohive Networks, Inc. 330 Gibraltar Drive Sunnyvale, California 94089 USA phone: 408.510.6100 toll-free: 866.918.9918 fax: 408.510.6199 www.aerohive.com info@aerohive.com

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information