Ruckus Wireless, Inc. has unveiled a new framework for device agnostic networking (DAN) that helps organizations reduce the burden on IT staff and related costs associated with managing the explosion in mobile device usage.
The Ruckus DAN framework is a new approach to the industry’s growing bring-your-own-device (BYOD) phenomenon that combines access management capabilities with the wireless LAN (WLAN) system, Ruckus ZoneFlex. This combination is designed to help IT organizations drive down mobility service management costs while rapidly scaling their Ruckus Smart Wi-Fi infrastructures to meet the influx of new Wi-Fi devices flooding their networks.
“The first order problem companies face with BYOD is simply dealing with the extraordinary increase in client capacities,” said Rob Mustarde, VP of Marketing for Ruckus Wireless. “Before worrying about BYOD, organizations must be able to reliably connect three times the number of concurrent devices that users now have in their pockets. You simply can’t manage what you can’t get on the network.”
DAN introduces a number of software enhancements to the Ruckus ZoneFlex system that simplify and automate these major BYOD tasks:
provisioning users and devices on the network (onboarding),
applying policies based on device type,
filtering select application traffic, and
managing and controlling IT authorized and non-authorized user devices.
To automate secure network access for sanctioned and unsanctioned devices, DAN introduces a consolidated BYOD portal for guest access and device registration using a single WLAN. This speeds onboarding and eliminates the need for an external captive portal Web server.
The DAN portal is a mobile friendly landing page provided by the Ruckus ZoneFlex operating system that gives mobile users easy and intuitive instructions to securely access the Wi-Fi network without manually configuring their wireless devices. Additionally, the BYOD onboarding portal provides a one-click operation to Ruckus Zero-IT registration.
Zero-IT is an onboarding technology that lets users self-provision devices without IT intervention. Users connect to a provisioning network, login with their domain credentials, and Zero-IT auto-configures their device with the right network profile and associated privileges.
When the device reconnects to the proper network, advanced security is enforced with standard 802.1x or with Ruckus patented Dynamic Pre-Shared Key technology and the user receives access, based on the role- or device-based policies in place. IT stays out of the onboarding loop while retaining full control over the user/device access. Additionally, IT staff can identify which logon credentials were used to register a device, the type of device registered, and granular network use.
Automating Device and Application Policies
Once users and devices are provisioned, DAN allows automatic enforcement of pre-defined device and application rules, eliminating burdensome policy management.
Within the DAN framework, administrators can automatically apply policies to allow, deny, rate limit, or assign devices to separate virtual LANs (VLANs) based on the operating system or device type. This permits flexible access rules to be automatically enforced based on the device type without the need to maintain user roles or attributes within an authentication system.
In the future, administrators could use this same automatic policy enforcement function to allow, deny or change the priority of specific application traffic such as social media, gaming, and video streaming. This reduces unwanted traffic and congestion on Wi-Fi networks to improve performance.
Robust Mobile Device Management
With users and their devices now connected and provisioned to the network, DAN can deliver robust mobile device management (MDM) capabilities through partnerships with MDM vendors such as FileWave. DAN MDM capabilities make it easy for administrators to manage mobile devices and applications, push device profiles, and better control and troubleshoot user devices. For example, administrators can remotely manage passwords and encryption, delete data or wipe devices, inject network settings and configure remote and email access policies.
DAN MDM can also provide additional functionality such as an end-user kiosk application, a portal residing on the end-user device that houses business applications that an organization wants to share with users from a central location.
The solution provides access to device information such as installed applications, application deployment status, available device capacity, IP address, UDID, serial number, OS version, device name, and MAC address. With cloud-hosted or on premises options, DAN mobile device management supports a variety of operating systems including Windows, MAC OS X, Linux, and iOS.
User self-service capabilities, role-based access, and application control allow IT staff to set up policies one time, eliminating the need to respond to myriad support requests. Automated application updates also reduce IT end user support workload.