RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL

Bring Your Own DesignSIMPLIFYING BYOD WITH RUCKUS

2 | Meeting Name

The Realities of BYOD

3 | Meeting Name

What Enterprises REALLY Want

Simple onboarding

Automated enforcement of user policies

Visibility of who and what is on the WLAN

Extension of wired security to WLAN

More capacity to deal with flood of devices

Leverage existing infrastructure

123456

4 | Meeting Name

Don’t Reinvent the Wheel

FIREWALLS CONTENT FILTERS

AAA SERVERS

ACLs / VLANS

USE WHAT YOU HAVE

RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL

Now What?SIMPLIFYING BYOD WITH RUCKUS

6 | Meeting Name

Defining the SSID Structure

▪DOMAIN SSID▪ School owned / managed devices with access to all resources:

printers, applications, files shares

▪Guest Visitor SSID▪ Users who are not in the OUI with access only to the internet

▪Staff and Student BYOD SSID▪ Non-school owned / managed devices needing Internet access

and specified school resources, VLAN and content filtering applied

▪Provisioning SSID▪ Hotspot with a walled garden attribute, redirecting all users to

an activation page

7 | Meeting Name

Staff automatically placed on VLAN X, rate limited at 5 Mbps

User does NOT have account and is denied

DOMAIN

Automating Role-Based Access

STAFF

STUDENT

STRANGER

Student automatically placed on VLAN Y, rate limited at 1 Mbps

Administrator automatically placed on VLAN W, no rate limits

Allowed on via a Guest Pass, accepting terms and conditions automatically placed on VLAN Z, rate limited at 1 Mbps

GUEST

8 | Meeting Name

How to BYOD with Ruckus

Unknown device associates with provisioning SSID

User challenged to authenticate

ZD queries LDAP (AAA domain)

User placed into requisite role based on security group membership, VLAN dynamically assigned

Unique dynamic PSK automatically generated, bound with device and pushed to client

Policies applied per role and VLAN membership

123456

9 | Meeting Name

What it Looks LikeWHAT HAPPENS WHEN?

Internet

Guest

New BYOD Devices Provisioned BYOD Guest

UserDatabase

StudentResources

StaffResources

GuestResources

Student SSID

Student

Staff SSIDGuest SSID

(hotspot)Onboarding SSID

1. Users connect to a provisioning SSID and are re-directed to an onboarding portal.

2. Users enter domain credentials which are verified against a user database.

3. The user’s role assignment and permissions are automatically determined based on authentcaion.

4. Using Zero-IT, the device is auto-provisioned with a dynamic pre-shared key and dynamically assigned to the requisite WLAN.

5. Devices re-connect on a secure WLAN, receiving network permissions according to their role. Staff

RUCKUS WIRELESS PROPRIETARY AND CONFIDENTIAL

Key TechnologiesSIMPLIFYING BYOD WITH RUCKUS

11 | Meeting Name

Zero IT Automates Onboarding

▪Requirement: automatic, secure authentication androaming

▪ Enabled by SSID and authorization protocol configuration

▪ Easy-to-use Ruckus approach to push configuration

▪ Uses mobile OS auto-detect and -authenticate features, not a separate connection manager app

Invitation BrandedLanding

Page

‘One-Click’Configuration

AutomaticAuthentication Enabled

12 | Meeting Name

WLAN profile configureddevice, and on the WLAN based on allowed by role.

D-PSK Automates Security/Config

LDAP sends user security

group information to ZD

ZD applies role, generates D-PSK

pushes dissolvable PROV file to device

13 | Meeting Name

▪Visibility “Who’s device is this?”

▪Self-registration▪ Automatically registers and maintains

client info on WLAN and Wired interfaces▪ Operating System▪ Operating System Hostname

▪Control by device type▪ Permit/allow ▪ Assign to VLAN▪ Rate limit (Down/Up)

▪Management▪ WLAN controller or standalone

▪ WLAN dashboard▪ Client monitor▪ Client details

Client FingerprintingDevice-Specific Policy Enforcement

Hostname: dstiff’s iPhone MAC: 50:ea:d6:7c:30:e4