Close this Advertisement
Close this Advertisement

Networking & Wireless | News

Aruba Networks Intros Device Management Appliance for BYOD

  • By Dian Schaffhauser
  • 02/22/12

Aruba Networks has entered the rapidly expanding mobile device network access control market with its own set of products, catering especially to environments such as campuses, where bring-your-own-device (BYOD) is common. This week, the company announced Aruba ClearPass, which includes an access management appliance and software modules for automating the secure provisioning of mobile devices on an enterprise network as well as more traditional computing systems. That network can be running Aruba network gear or infrastructure from other vendors.

The company also announced a new certification program to train IT people on wireless networking where BYOD predominates.

David Morton, director of mobile communication strategies at the University of Washington in Seattle, and blogger at "Freshly Mobile," is probably much more accustomed than the typical business IT manager to the dramatic rise in BYOD. In a Webcast announcing ClearPass, Morton said U Washington--like most other campuses--has been doing BYOD for a long time. "At education institutions everybody brings their own device. We have a relatively small number of devices that we supply to faculty and staff. But in reality most of those faculty and staff are also bringing their own devices. On the academic campus itself, we are very open. You can think of us as a service provider. We need to support just about everybody. And we give access to just about everything that they need to access."

The challenge U Washington faces, Morton noted, is that it also runs three major hospitals. In that environment, he said, "Things need to be tightened down. We're just now rolling out new policies in those areas to allow guests on a segregated guest network, as well as clinical applications and devices inside the firewall in the hospital. You don't want to have Aunt Betsy being cared for in the hospital and having that compete with somebody watching Netflix out in the waiting room."

The university IT organization is seeing more devices now on its wireless network than on its wired network, he said. "The biggest area that's growing are the handheld devices. We have about 45,000 students; and we're seeing 140,000 unique devices on our network in a given month." About 60,000 of those, he added, are handheld devices. A third are running iOS, Apple's mobile device operating system. Windows comes in at 30 percent, Mac at 21 percent, and Android with 10 percent. "It's continuing to grow really rapidly."

ClearPass is intended to help administrators manage explosive growth in network access by devices by providing self-service provisioning and automated security mechanisms, among other functions. At the heart of the product suite is ClearPass Policy Manager. This product, sold as either a physical or virtual appliance, provides device registration, device profiling, endpoint health assessments, and reporting for enforcing user and endpoint access policies as devices try to get onto the network.

Four ClearPass software modules extend the functionality of Policy Manager. Those include:

  • Onboard, for automating the on-boarding process for Windows, Mac OSX, iOS, and Android devices;
  • Profile, which provides endpoint device information, such as operating system and version, manufacturer, and device category, enabling for the differentiation of devices issued by the organization and those that are personally owned;
  • Guest, a guest management system that allows non-IT users to create temporary WiFi accounts for visitors; and
  • OnGuard, agents that deliver device posture assessments and health checks of security compliance and network protection before devices gain network access.

These components can be purchased as a system or individually, said Robert Fenstermacher, Aruba's director of product marketing. "For instance, someone who just wants guest access shouldn't have to purchase all of the functionality. Or someone just looking for advanced [authentication, authorization, and accounting, as provided by Policy Manager] shouldn't have to buy any of the software modules."

Aruba has also released ClearPass QuickConnect, a cloud-hosted provisioning utility to grant self-service for users in configuring 802.1x authentication on their devices to gain network access. QuickConnect is sold by subscription.

The price of the ClearPass system for 5,000 devices is $14,995, Fenstermacher said. However, there are many variables that affect pricing. For example, ClearPass Policy Manager comes in three models, each supporting a different number of devices (500, 5,000, or 25,000). "These appliances can be clustered to support up to 750,000 devices per cluster," he explained. Policy Manager is also sold as a virtual appliance that supports 10,000 devices.

The software modules are licensed based on the number of devices relevant to that license. "For instance, if you buy ClearPass Policy Manager for 5,000 users, you can purchase a much smaller Guest license, to support up to 500 concurrent guests," Fenstermacher noted.

The ClearPass QuickConnect cloud yearly subscription fee is based on the total number of users in the organization.

The company also announced a new program of training and certification designed specifically to address the networking requirements that have emerged as a result of the BYOD phenomenon. The Aruba Certified Solutions Professional (ACSP) program trains network people in radio frequency fundamentals, WiFi design for high density environments, secure authentication and encryption, and mobile device provisioning. The curriculum uses remote labs and delivers training online.

"The course takes a holistic approach to managing wireless networks, and the marriage of WiFi fundamentals with vendor-specific materials is certain to enhance engineering confidence for those that participate," said Ryan Holland, associate director of network operations for Fisher College of Business at Ohio State University. Holland is an Aruba-certified mobility and design expert.

The regular price for the course is $1,500. Those who complete the course by July 31 will pay $750. Delivery of instruction will begin in April.

"BYOD can be a double-edged sword for enterprise IT departments today," said Zeus Kerravala, principal of ZK Research. "On one hand, there are great productivity gains to be had by enabling workers to use their own devices on the business network. On the other, provisioning, securing, and managing those devices is a nightmare for IT. Solutions such as Aruba's ClearPass portfolio offload the work from IT, while the business gets to reap the benefits of BYOD."

Comments

Wed, Mar 21, 2012 tyesmith

This was a really good article, and I thought the rundown on Aruba ClearPass access management system was very helpful. We are dealing with the bring your own device ( byod ) from an HIPAA stand point, and how it applied to hospitals who are dealing with doctors and nurses who are texting patient information and files. While the large enterprise solutions like Aruba ClearPass have a deeply integrates system where the IT department takes control of devices, in a hospital setting I think the doctors will have a large issue with this. We solved the HIPAA issues related with BYOD texting by using Tigertext ( www.tigertext.com ), which while not as integrated as the large enterprise solutions, offers some interesting benefits of a closed network, low cost ($10 per user), HIPAA compliance for text messaging and it works on most smartphones. Anyways, I think that this is going to be a major security issue of the next few years, and IT managers are going to have to look at all the alternatives. Some other resources: http://byod.us/ http://www.hhs.gov/ocr/privacy/hipaa/administrative/securityrule/index.html

Wed, Feb 29, 2012 Adam

To facilitate BYOD organizations must give users easy but secure access to the organization's applications from various devices (including iPads, iPhones, Android devices and Chromebooks), while minimizing the intervention required by IT staff. An ideal solution for such a scenario is Ericom AccessNow, a pure HTML5 RDP client that enables remote users to connect to any RDP host, including Terminal Server (RDS Session Host), physical desktops or VDI virtual desktops – and run their applications and desktops in a browser. AccessNow works natively with Chrome, Safari, Internet Explorer (with Chrome Frame plug-in), Firefox and any other browser with HTML5 and WebSockets support. AccessNow also provides an optional Secure Gateway component enabling external users to securely connect to internal resources using AccessNow, without requiring a VPN. For more info, and to download a demo, visit: http://www.ericom.com/html5_rdp_client.asp?URL_ID=708 Note: I work for Ericom

Add your Comment

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Related Articles

Latest Webinars

More FREE Webinars