Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy

Self-Registration, Policy & Branding for Guest Access

Carlos Gomez Gallego

CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

2 #AirheadsConf

Agenda

Enabling Guest Access in the EnterpriseDefining your PolicyCommon WorkflowsLive Demo

Enabling Guest Access for PFE deploymentsCaptive Portal OptionsSocial Login Support Advertising options, driving Mobile Apps

3CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

#AirheadsConf

Guest Access in the Enterprise


#AirheadsConf

Guest Access in 2014

• Where is Guest Access Today?– Still seen as cumbersome by users

– Overlapping with BYOD and IOT

– Still some paranoia to providing simple guest access

– Technology is there, just not being widely used

• What are the common problems?– Poor products from the network manufacturers

– Poor branding, design and guest user experience

– Provisioning process gatekeepers (human or machine)

– Employees bypassing corporate networks

– Apathy, mindset and ‘too hard’ mentality


#AirheadsConf

Sample Skins


#AirheadsConf

Planning Guest Access Requirements

• Who needs access?– Casual Guests, visitors, partners

– UC/AV/IOT devices, VIP partners, employee BYOD

• How often do they need it?– On demand for a fixed period of time

– Permanently (or at least long term)

• What’s the security consideration? – Internet access, AirGroup, appropriate bandwidth, URL filtering

– Internet access, restricted LAN, restricted applications

– Digital certificates, password complexity, sponsor approval

– Open versus encrypted SSID/Access


#AirheadsConf

Balancing Security and UX

• Some security realities– Not everyone is out to get you

– Good security does not need to be intrusive

– Enabling controlled network access can deter ‘creative users’

– Users and devices need connectivity, that’s not changing

• The user experience– Please let us help you with skin/cp design!

– Mobile matters, the growth is in mobiles and tablet devices

– Frequent users/devices should not need to manually re authenticate

– Enable your workforce to deliver on demand guest services


#AirheadsConf

How to offer Secure Guest Access

• Provisioning– Turnkey process for on demand provisioning or self registration

– Request details once, and use more intelligently, why ask again?

– Offer credentials that can be used on secure networks

– Simple time, bandwidth and device number policy controls

• Frequent Visitors, IOT devices– Offer a WPA2 SSID as complement to open SSID, same credentials

– Delete/Disable visitors not seen in months/years, not days/hours

– Good logging and reporting can alert you to suspicious behavior

– Enable your workforce to deliver on demand guest services

– Extend to SSO applications


#AirheadsConf

Guest Self Registration

Benefits

One time registration

No IT involvement

Full audit trail

Full firewall policy control

Drawbacks

?


#AirheadsConf

On Demand Guest Access

Benefits

Employee driven

No IT involvement

Full audit trail

Full firewall policy control

Drawbacks

?


#AirheadsConf

Demo of CP Guest

Self Registration

Workflow

Actions

Authz Policy

Logging/Reporting

On Demand

Workflow

Authz Policy

Operator Profiles


#AirheadsConf

Guest Access in PFE


#AirheadsConf13

Which Poster Gets the most Attention?


#AirheadsConf

Planning Guest Access in PFE

• Who needs access?– Fans in the stadium, shoppers in retail stores

– Conference delegates, Press, Digital Agency

• How often do they need it?– On demand for a fixed period of time

– Permanently (or at least long term)

• What’s the marketing/business objective? – Simple, one click access to basic internet

– Capture some basic information eg. email, mobile, interests

– Drive mobile application download, loyalty subscription

– Provide access to secure content, special offers, coupons

CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved

@arubanetworks15

Building Out the Captive Portal Experience


#AirheadsConf

Apple Passbook support

• Use Apple Passbook as a digital receipt • Compatible with some Android applications (such as

PassWallet).


#AirheadsConf

Add Passbook as Receipt Option

• Built in Templates in ClearPass– Enable Pass download and select

Pass Template


#AirheadsConf

Drive Social and Application Awareness


#AirheadsConf

Social Network Login

• Targeting a new network of users– Users that live through their social identity

– Users loyal to exclusive offers and community/fan groups

• Things to consider– Some people do not ‘love/like/tweet/follow’ social networks

– Consider providing simple alternative registration process

– Can takes over branding and user experience

• What’s the marketing/business objective? – Simplified access to basic internet, tick the social media check box

– Integrated social media initiatives driven by marketing professionals


#AirheadsConf

Advertising Services

• Rich Content – Create dynamic

campaigns based on device/user/venue context

– Supports images, interstitial video, text, HTML5, SMS, email..

• Campaigns– Leverage visitor context

– Rotating or weighted

– Integrate with 3rd party Advertising services

– Automate application configuration


#AirheadsConf21

Overlay Advertising on the browser


#AirheadsConf22

Key Use Cases

• Guest Access– Customers, suppliers, partners

– Promote mobile applications

– Advertising, location services

• WiFi enabled demo equipment– Laptops, tablets, televisions, cameras,

games consoles

– Digital catalogue and concierge

• Enterprise and BYOD Devices– POS, surveillance cameras, scanners,

VoIP Telephones, printers

– Corporate issued smart devices

23


#AirheadsConf

25

Thank You

#AirheadsConfCONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved