Bring Your Own Design: Implementing BYOD Without Going

Broke or Crazy

Jeanette Lee

Sr. Technical Marketing Engineer Ruckus Wireless

Taking the Scary

out of BYOD

3

What Enterprises REALLY Want

Simple onboarding

Automated enforcement of user/device policies

Visibility of who and what is on the WLAN

Extension of wired security to WLAN

More capacity to deal with flood of devices

Leverage existing infrastructure

1

2

3

4

5

6

4

What’s Driving Wireless?

▪ Cell phone use (18 – 34 year olds):

▪ 91% take photos vs. 76% all adults

▪ 61% play music vs. 33% all adults

▪ 57% record a video vs. 34% all adults

--- Pew Internet and American Life Project, “Generations and their Gadgets”, February 3, 2011.

▪ 92% of undergrads use Wi-Fi vs. 57% of all adults

▪ 59% of undergrads own a desktop PC

▪ 88% of undergrads own a laptop

▪ 93% of graduate students own a laptop

--- Pew Internet and American Life Project, “College Students and technology”, July 19, 2011.

#1 Student’s Daily Lives are Media Rich

5

What’s Driving Wireless?

▪ Friends on Facebook

▪ Follow us on Twitter

▪ Watch our YouTube video

▪ Blog about college life

▪ Digital media libraries

▪ Video chat

#2 Collaboration and Social Media

Network Use is Massively Increasing via Wi-Fi

6

What’s Driving Wireless?

▪ Accommodates learning styles

▪ Reinforces classroom work

▪ Meets students’ demand

▪ Wish instructor used more often:

▪ Web-based videos 19%

▪ Video sharing sites 18%

▪ Podcasts and webcasts 17%

▪ Simulations or educational games 15%

--- Grajek, S. “The Current State of College Students and Technology”, EDUCAUSE, 2011.

#3 Instructional Enhancement

7

Interference

What’s Smart Wi-Fi?

▪ Patented technology that combines

▪ Smart antenna arrays

▪ Best path selection algorithms

▪ Advanced quality of service engine

▪ Smart mesh RF routing

▪ Centralized Wi-Fi management

▪ Adapts to real-time changes in environmental conditions

▪ Extends signal range (Wi-Fi coverage) 2 to 4 times with fewer APs

▪ Delivers predictable performance

▪ Radically simplifies deployment and administration

8

What’s makes the difference?

THEM US

Fixed 1:1 relationship

between Wi-Fi radios

and antennas

Dynamic 1:many

relationship

between Wi-Fi

radios and antennas

9

Adaptive Antenna

▪ Completely automatic

▪ Continually picks best signal path to clients

▪ Mitigates interference

▪ Up to 10dB Signal gain

▪ Dual polarized

10

Dealing With Density

Dual-band 802.11n

• Steers clients to 5GHz by

withholding probe and auth

responses on 2.4GHz

• Doesn’t steer clients below RSSI

threshold set per WLAN

• Client table in each AP tracks • Client probe requests per band

• Avg. RSSI per band over last minute

• Dual band support

• Table checked before responding

to client

After Band Steering

5GHz – 14 (82%)

2.4GHz – 3 (18%)

Band Steering for High Capacity Environments

Before Band Steering

5GHz – 3 (18%)

2.4GHz – 14 (82%)

2.4 Ghz

5.0 Ghz

11

Reliable Performance

AP models: Ruckus 7363, Cisco 3500, Aruba 125,

HP 460, Meraki 24, Apple Extreme.

Ruckus

Meraki

HP

Cisco

Aruba

Apple

Downlink Mbps

0 20 40 60 80

1 client, 100’

2.4 GHz

No interference

Non Line of Sight Beating Interference

Ruckus

Meraki

HP

Cisco

Aruba

Apple

Uplink Mbps

0 20 40 60 80

1 client, 70’

5 GHz

Line of sight

Ruckus

HP

Aruba

Cisco

Meraki

Apple

Aggregate Bi-Directional Mbps

0

60 Clients, Bi-Directional

20 40 60 80 100

Failed to Finish

Failed to Finish

5 GHz

75% downlink

25% uplink

Ruckus

HP

Aruba

Cisco

Meraki

Apple

Aggregate Uplink Mbps

0

60 Clients, Uplink

20 40 60 80 100

5 GHz

Now what?

SIMPLIFYING BYOD WITH RUCKUS

13

Don’t Reinvent the Wheel

FIREWALLS CONTENT

FILTERS

AAA/AD/LDAP

SERVERS

ACLs / VLANS

14

Defining the SSID Structure

▪ DOMAIN SSID ▪ School owned / managed devices with access to all resources:

printers, applications, files shares

▪ Guest Visitor SSID

▪ Users who are not in the OUI with access only to the internet

▪ Staff and Student BYOD SSID

▪ Non-school owned / managed devices needing Internet access and specified school resources, VLAN and content filtering applied

▪ Provisioning SSID

▪ Hotspot with a walled garden attribute, redirecting all users to an activation page

15

Staff automatically placed on VLAN X, rate limited at 5 Mbps

User does NOT have account and is denied

DOMAIN

Automating Role-Based Access

STAFF

STUDENT

STRANGER

Student automatically placed on VLAN Y, rate limited at 1 Mbps

Administrator automatically placed on VLAN W, no rate limits

Allowed on via a Guest Pass, accepting terms and conditions

automatically placed on VLAN Z, rate limited at 1 Mbps GUEST

16

What it Looks Like WHAT HAPPENS WHEN?

Internet

Guest

New BYOD Devices Provisioned BYOD Guest

User

Database

Student

Resources

Staff

Resources

Guest

Resources

Student SSID

Student

Staff SSID Guest SSID

(hotspot) Onboarding

SSID

1. Users connect to a

provisioning SSID and are

re-directed to an

onboarding portal.

2. Users enter domain

credentials which are

verified against a user

database.

3. The user’s role assignment

and permissions are

automatically determined

based on authentcaion.

4. Using Zero-IT, the device is

auto-provisioned with a

dynamic pre-shared key

and dynamically assigned

to the requisite WLAN.

5. Devices re-connect on a

secure WLAN, receiving

network permissions

according to their role. Staff

Key Technologies

SIMPLIFYING BYOD WITH RUCKUS

18

Zero IT Automates Onboarding

▪ Requirement: automatic, secure

authentication and

roaming

▪ Enabled by SSID and

authorization protocol

configuration

▪ Easy-to-use Ruckus

approach to push

configuration

▪ Uses mobile OS auto-

detect and -authenticate

features, not a separate

connection manager app

Invitation Branded

Landing

Page

‘One-Click’ Configuration

Automatic

Authentication Enabled

19

WLAN profile configured

device, and on the WLAN

based on allowed by role.

D-PSK Automates Security/Config

LDAP sends

user security

group information

to ZD

ZD applies role,

generates D-PSK

pushes dissolvable

PROV file to device

20

▪ Visibility “Who’s device is this?”

▪ Self-registration ▪ Automatically registers and maintains

client info on WLAN and Wired interfaces ▪ Operating System ▪ Operating System Hostname

▪ Control by device type ▪ Permit/allow

▪ Assign to VLAN

▪ Rate limit (Down/Up)

▪ Management ▪ WLAN controller or standalone

▪ WLAN dashboard ▪ Client monitor ▪ Client details

Client Fingerprinting Hostname: GT’s iPhone

MAC: 50:ea:d6:7c:30:e4

21

Device Specific Policy Enforcement

▪ Segregates trusted and untrusted devices on single SSID

▪ Simplified access rules per device

Windows Windows Mobile

Mac OS iOS

Linux Android

VoIP Gaming

Printers

▪ Control network access per device

▪ Permit/Deny

▪ Assign to VLAN

▪ Rate Limit (Down/Up)

Device Type Access VLAN Rate Limit

DL|UL

Gaming Deny - -

Windows, Mac OS, Linux Permit 20 -

iOS, Windows Mobile, Android Permit 10 4 Mb | 1 Mb

✖

VLAN 20 VLAN 10

Device Policy Access Control

22

BYOD How-To Guide & Videos

http://www.theruckusroom.net/

Step by Step guide to

configuring Ruckus BYOD

Questions.

info@ruckuswireless.com