Ruckus announced in October that they had acquired Cloudpath Networks. This is big news in the wireless industry due to Cloudpath Networks reputation as one of the world’s leading Wi-Fi onboarding software.
Cloudpath pioneered secure Wi-Fi onboarding in 2006 and has since become a leader in certificate-based Wi-Fi security with its automated, self service.
So what does this actually all mean and why has Cloudpath Network software become so popular since their beginnings in 2006.
We now live in a society where each person will have at least 1-3 devices that can connect to your wireless network. Schools and enterprises want to introduce BYOD and 1:1 solutions. So with more and more devices connecting over the wireless. Security and ease of use has to be a big factor when considering supplying users with wireless access.
Users expect to be able to connect to the wireless securely, with the least amount of work as possible. As an IT Department we want to introduce a system that removes as many calls too the helpdesk as possible.
So what is onboarding? Onboarding is a secure way for IT administrators to give access to the wireless network be it for guest or corporate access. We create an open SSID which places people on a captive portal. The user then enters a password or a username and password. This is verified and when verified we either give them guest access or corporate access, we do this by provisioning a profile/certificate onto the device. So in the future it connects to the wireless automatically and we can control each device on a individual basis and implement various policies if we wanted to e.g (Bandwith,VLAN,Proxy setting etc). It sounds pretty easy but it can be a real nightmare to manage and cause a number of issues for the helpdesk if not implemented properly.
So we have the onboarding portal setup and we are allowing users to verify themselves on the portal by either using a captive portal or using 802.1xPEAP-MSCHAP-V2. Which was fine but most engineers are now aware that when using PEAP-MSCHAPV2 authentication, there is an opening for a security threat. In today’s world end user devices are mostly set not to verify the server certificates. This can be a problem due to the device not verifying the severs certificate there is an opportunity for a man in the middle attack.
Cloudpath resolves this issue by implementing EAP-TLS based connections.
So what is the issue with the way we currently secure the wireless network, what’s wrong with just using standard passwords or username and passwords via a radius server. Well there are a number of issues:
Cloudpath bridges the gap between enterprise-grade security and personal devices to create a Set-It-And-Forget-It™ Wi-Fi experience that allows BYOD and IT-owned devices to be on-boarded in a scalable, secure, and user-friendly manner. Cloudpath invented the automated, self-service Wi-Fi onboarding paradigm in 2006 and on-boards millions of personal devices each year.
Based on the belief that personal devices can utilize encrypted connectivity just as easily as unencrypted, Cloudpath utilizes standards-based security, such as WPA2-Enterprise, 802.1X, and X.509, to work with your existing infrastructure and provide full functionality with any Wi-Fi solution.
Certificate based authentication benefits your network in many ways from making it more secure, manageable, unique and consistent,
Problems facing IT departments when trying to create an automated onboarding system for wireless devices is that they really do not have the skills or infrastructure in place to support the process. Creating automated systems can be difficult and time consuming. We have to ensure we have a Radius server in place, Public Key Infrastructure, Device Provisioning system, user database integration (LDAP,AD), Captive Portal, MDM and the list goes on…
It is not easy to set up a fully automated system that works with multiple devices. The biggest problem all wireless vendors have faced in the past is device provisioning. Which means how we actually get the device to connect automatically to an SSID once they have landed on an open SSID and verified who they say they are via a captive portal/onboarding portal.
Time and time again we have seen newer operating systems not be able to be provisioned onto the wireless due to that OS not being supported. Cloudpath Network software supports all client OS types.
So rather than having to hire an expert to configure all the services you need to be able to run a secure automated certificate based onboarding wireless process. Let Cloudpath Network software do it for your all from one application, with all the services you need in one easy to use system.
Cloudpath Networks give you one simple user interface to create workflows where you can create any type of workflow you can think of so you can manage guest device, corporate device etc. It enables you to run a simple and secure wireless solution. We are able to have a device be provisioned onsite via an open SSID or offsite. Offsite configuration is where users can be emailed a url. When clicked on the the URL link allows the device to download a profile onto the users device. The device is then able to connect automatically when arriving at your site.
Having used Cloudpath Network software for a number of wireless projects I can only say how impressed I am with the whole offering. If you are currently running a wireless network and you are wanting to introduce better security and ease of use for BYOD, secure controlled guest access. Then Cloudpath Xpress Connect Enrollment System is a software to be trialled.
If you would like to learn more then please contact your account manager at Computerworld and we can show you how Cloudpath works and answer any questions.
The onboarding Journey:
Leave a Reply