With all that has recently been written about BYOD, it’s clear that enterprise IT managers need to consider performance requirements on the wireless access point. With more clients accessing the network, the performance demands in terms of coverage and client density will increase. Furthermore, consumer devices such as smartphones and tablets may have difficulty connecting to an AP compared to a laptop. This could be attributed to the fact that most of these devices either do not support 802.11n or they support legacy 802.11g/a. If the devices support 802.11n is sometimes limited to 1x1 MIMO. An access point that has superior performance will be needed to address the growing needs of these new clients.
As anyone who attended Cisco’s recent “BYOD without Compromise” Webinar noticed, the BYOD phenomenon is changing company priorities, and is bringing up a lot of questions about the solutions available to scale, secure and operate a successful network. Replay the Webinar
Join us for our upcoming #ciscowifi TweetChat during which you’ll be able to engage in a real time BYOD discussion on Twitter with Cisco Technical Experts. What is a TweetChat?
April 17, 10-11am PST: TweetChat Topic: BYOD and Cisco ISE – use #ciscowifi.
First, I’ve put together just a few details based on the most popular questions posed during the recent webinar about Cisco’s approach to BYOD. And at the end of this post, I’ve also listed upcoming events for even more in depth technical discussions on a variety of BYOD topics.
Enhanced Identity Services Engine (ISE):
Cisco ISE is a context-aware, identity-based platform that gathers real-time information from the network, users, and devices. This enables IT to offer mobile business freedom with policy for when, where and how users may access the network..
ISE integrates with Prime Network Control System and supports BYOD with any 11n Wireless Access Point (even if you’re running your network in FlexConnect -- aka HREAP- mode)
In addition to managing on-boarding, Cisco ISE has full guest lifecycle management. It also allows IT to deny access to devices for a variety of reasons; such as who you are, what device it is, if you are running the latest OS or anti-malware or how you are accessing the network..
Posture -- Posture is the component of ISE platform responsible for enforcement of corporate security policies governing access to its enterprise network. For example, for non-corp owned devices, you can decide what is the minimal requirements based on the device type/OS etc. Setting this up ahead of time will avoid security issues with non-supported devices
ISE also provides real-time endpoint scans based on policy to gain more relevant insight. These automated features result in a better user experience and more secure devices. Cisco ISE uniquely leverages the network. It is essentially the brains for secure access and provides the policy to the network infrastructure (it is woven into the switches, routers, etc.)
New Prime Infrastructure:
Prime is a single package that provides complete infrastructure – wired and wireless, and mobility lifecycle management– configuration, monitoring, troubleshooting, remediation, and reporting. This solution includes: Prime Network Control System (NCS) for converged wired/wireless monitoring and troubleshooting, plus wireless lifecycle management, with new branch network management functionality; and Prime LAN Management Solution, for wired lifecycle management and Borderless Network services management.
Mobile Device Management (MDM):
To protect data on mobile devices and ensure compliance, Cisco is integrating with multiple Mobile Device Management vendors. This gives IT greater visibility into the endpoint as well control over endpoint access based on the compliance of these devices to company policy (such as requiring pin lock or disallowing jailbroken devices), and the ability to do remote data wipes on lost or stolen mobile devices. If you don’t have a supported vendor, we will not be able to get as rich detail about the status of that device, however, you still get the full wired/wireless policy.
Current MDM third party vendors: Zenprise, Good, Airwatch, MobileIron
Device Operating Systems:
Wondering about which OS is preferred on your mobile device?
Cisco offers broad mobile device OS support in Cisco AnyConnect VPN software, including IOS, Android, and Windows Mobile.
When it comes to virtualization, Cisco has created the Cisco Virtualization Experience Infrastructure (VXI), an end-to-end systems approach that delivers the next generation virtual workspace by unifying virtual desktops, voice, and video. Check out the link for more information on VXI, VXI with Citrix, VXI with VMware, Virtualization Services and validated Design Guides http://www.cisco.com/web/solutions/trends/virtualization/index.html
This is just a drop in the bucket. To get even more information on taking your organization beyond BYOD, don’t miss our upcoming technical deep dive webinars and in person events that speak directly to managing your growing network while you’re doing your best with limited resources. You can also check out Cisco’s BYOD solution, Prime and ISE:
- BYOD: www.cisco.com/go/byod.
- Cisco ISE: www.cisco.com/go/ise
- Cisco Prime: www.cisco.com/go/prime
- FAQ: BYOD Security: Secure BYOD QA
- Cisco BYOD Solution Days:
- April 12, Mobility Tech Deep Dive: Enhancing your network with Cisco Mobility Innovations
- April 25, Addressing BYOD Management Challenges with Cisco Prime.
- April 26, Prepare for High Density (as BYOD begins to crowd your network)
- May 17, Understand IPv6 for Mobility (Can your network support IPv6 for the deluge of new devices?)
Come watch a special edition TechWiseTV, featuring Ike, to learn how Cisco takes you Beyond BYOD. Take the BYOD challenge for a chance to win a trip to the London Olympics or other fun mobility gadgets.
Today’s enterprise mobility requirements go beyond simply connecting mobile devices. It’s about securing any access, simply managing the complexities while scaling efficiently, and ensuring an optimal user experience while easing the IT burden. Gallant Ike does all of this and more with Cisco Enterprise Mobility Solutions.
To participate, here is what you do:
- Visit http://www.cisco.com/go/challenge
- Watch the 20-minute video featuring TechWise’s Jimmy Ray Purser and Robb Boyd with IKE
- Take the Challenge! Test your knowledge and answer 10 questions. You just may win!
Tags: byod, BYOD challenge, cisc wlan, cisco challenge, enterprise mobility, enterprise networks, Ike, mobility, networking, Networks, TechWiseTV, wi-fi, wifi, wireless lan controllers, wireless lans, wlan, WLC
With more than seven billion souls set to tote 10 billion mobile-connected devices by 2016, mobility has not just arrived, it’s taken over our schools, businesses and personal lives.
Just ask Mitch Davis, the CIO of Bowdoin College, a private liberal arts college in Maine. Before BYOD ever became a global IT trend, according to Mitch, the vast majority of college students were already bringing their personal devices into the campus environment.
These co-eds expected Bowdoin to fully embrace personal mobility, and, upon graduation, these same post-grads expect that their employers will do the same (this year’s Connected World Technology Report findings back this up, with more than 40 percent of recent college graduates/Gen Y employees choosing BYOD flexibility over higher pay).
Bottom line, the rules of the game are changing, and companies must move beyond basic BYOD connectivity to meet employee demands today and tomorrow. To help companies meet these demands, we’ve introduced a comprehensive approach that unifies policy, supports a better user experience and simplifies management to deliver an uncompromised user experience in any workspace. After all, Cisco wants to empower IT managers to allow employees to have their devices and use them too. That means delivering:
- A unified security policy across the whole organization – wired, wireless, VPN and now MDM – helping companies set and enforce policies;
- An uncompromised user experience over the entire wired/wireless network, across any type of device; and,
- Simplified operations and network management to understand application performance from a user’s perspective, accelerating troubleshooting and lowering operating costs.
Like Ray-Ban aviators, BYOD is here to stay. And done the right way, BYOD demands a comprehensive approach to allow current and future employees to work how they want, when and where they want, and on the devices they want – while still allowing IT the control and visibility to sleep at night.
Learn more about our announcement and new technologies here.
Tags: access point, beyond byod, bring your own device, Bring your Own Device (BYOD), byod, CIO, enterprise mobility, MDM, Mobile Device Management, mobile devices, network management, vpn, wi-fi, wifi, wireless access points, wireless LAN, wlan
Not too long ago I was assigned to a troubleshooting and remediation project for a hospital here in the SF bay area. The problem, after much troubleshooting and lab recreations, was determined to be due to an unique issue with client roaming and authentication. During the course of troubleshooting my coworker and myself often found ourselves explaining 802.1X and 802.11i to others working on the troubleshooting effort, or requesting technical updates. So based on that experience, I started thinking this might a be a good topic to cover here.
Let’s review the some of typical components of the enterprise wireless security model.
What is 802.1X?
802.1X is not a protocol, but rather a framework for a “port-based” access control method. 802.1X was initially created for use in switches, hence the port-based terminology, which really doesn’t fit too well in wireless since users don’t connect to a port. In the end it’s meant to be a logical concept in the 802.11 world. 802.1X was adopted for wireless networks with the creation of 802.11i to provide authenticated access to wireless networks. At a high level. the framework allows for a client that has connected to the WLAN to remain in a blocked port status until it has been authenticated by a AAA server. Essentially the only traffic allow through this virtual blocked port is EAP traffic, things like HTTP would be dropped.
What is EAP?
EAP (Extensible Authentication Protocol) is the authentication method used by 802.1X. It can take on various forms, such as PEAP, EAP-TLS, EAP-FAST, to name a few. There is one thing to remember when determining what EAP type to use in your network, is that it is dependent upon what your client and AAA server supports. This is it, your AP or AP/Controller hardware or code version will play no part in version is supported. Unless your AP/controller is acting as the AAA server, but I’ll stay away from that in this post. I think this can be a point of confusion for people who haven’t read much or anything about EAP methods. So, if some one asks what version of EAP the AP will support, all you need to do is ask them, what does their Client and AAA server support.
What is 802.11i?
Simply put, 802.11i is an amendment to the original 802.11 standard to address the well documented security short comings of WEP. It incorporates WPA as a part of the 802.11i amendment and adds the fully approved WPA2 with AES encryption method. 802.11i introduces the concept of a Robust Security Network (RSN) with the Four-way handshake and the Group key Handshake.