Optimizing Wireless Functionality and Security
Challenges
Vandis was originally engaged by this school to perform a health check on an installation of Aruba ClearPass that had been implemented by a separate third party integrator. After completing both an Aruba controller and ClearPass implementation audit, it came to light that the school was utilizing only a small portion of their purchased solutions’ capabilities.
When Vandis was called upon to re-install the ClearPass technology, the school had already invested heavily in the previous integration, and was looking to fix the solution without going over budget. Due to these factors, it was crucial to the organization that they hire a company that was able to come in, assess the situation, and find the best way to get the technology working as soon as possible.
In addition to having Aruba ClearPass up and running, the school wanted to thoroughly use the technology to its fullest ability as they had intended upon purchase. The school was looking to better integrate mobile devices into their network by leveraging an integration between MobieIron VSP and Aruba ClearPass. Production wireless access would only be given to devices enrolled and protected by MobieIron to ensure the “Intellectual Property” owned by the school remained safe. The school had previously used Aruba’s Clearpass Guest product (formerly Amigopod), to allow student access into a “Walled Garden” portion of their network. With the integration of Clearpass guest into ClearPass policy manager, the school was excited to lower their server footprint by migrating the configuration into a single appliance.
Selection Criteria
The driving factor for this solution was to enable the school to provide a better user experience for their students, while also having the reassurance that their production network would be secure. The school was moving more towards online resources and teaching methods and, in order to achieve this, they wanted to distribute course material faster while making it simple for the students to gain access. By making their classes more interactive they found the need to streamline and increase functionality of their network. Integrating mobile devices was a main concern of the school considering they were actively pushing more course material out to the students and to an increasing number of devices (laptops, smartphones and tablets) that each student owned. Another main focus was to allow the school to have greater insight and vision into their wireless network.
Solution
When Vandis first assessed this school’s current ClearPass deployment, we quickly realized that it was only handling mobile devices and contained 5 SSIDs, one for each hardware use case in their environment. Instead of reconfiguring their entire network, Vandis decided it was better to start from scratch and proposed a new solution that was built from the ground up. The new solution contained 2 SSID’s which gave the school a unified role-based access solution that was able to differentiate between mobile devices and school authorized laptops. This solution also prevented employees from accessing the network with their own personal devices. In order for the school to achieve redundancy, they purchased one physical appliance and two virtual appliances. They also converted their Amigopod licenses into two additional ClearPass Virtual Appliances, allowing them to leverage their existing technology and convert out of date virtual appliances. Vandis took a phased approach in implementing the new solution. This was done to not interrupt their production environment which consisted of 5 Aruba ClearPass servers distributed across their nationwide data centers and 39 worldwide controllers. Vandis helped implement the new solution over the course of five months and helped perform overnight cutovers on seven different occasions. With the implementation complete, Vandis then performed 8 hours of onsite training to their senior network support engineers.
With Aruba ClearPass fully operational, the customer soon realized the technology was capable of handling Juniper SSLVPN authentication while also replacing their Cisco ACS TACACS server. This enabled the school to shut down their Windows authentication servers due to the advanced feature sets and policy decisions that could be performed by ClearPass.
Results
The school is now able to provide a better mobile experience for the users on their network. Having additional authorization insight into their network allowed them to more accurately see how resources were being utilized and to better prioritize action items. With a training session being performed at each location, the employees gained a better understanding of the technology and how to properly apply it to their specific needs.