Community Matters Blog

How Tomorrow Moves Community Contest

Community Administrator
Community Administrator

htm-community-tile_300x225.jpgThere’s been lots of buzz about the tsunamis of change hitting IT. Talk of pivoting to the cloud, the growing mobile workforce, BYOD, and the Internet of Things (IoT) light up tech conferences and generate big headaches for IT. 

 

So what are these tsunamis of change? The biggest one is being driven by #GenMobile – mobile-savvy users who rely on cloud-based business apps for every aspect of their work and personal lives.  These mobile workers demand anytime, anywhere access to the network and as they bring more devices to work, they keep adding volume to your network.

 

Embracing this new normal means rethinking your enterprise network. The mobile workforce will require that you move towards a mobile-first network strategy while meeting some NAC challenges head on. This means defining “who” your network is since you no longer know “where” your network is.

 

So that leads to the big question. Do you have the right technology in place to meet today’s network challenges? We want to hear how you have embraced these challenges. Do you have a secret ClearPass recipe that you use to handle threats? Have you gone the route of the all-wireless workplace?

 

How to Enter

We want to hear how you have prepared your network to meet the challenges of today and tomorrow. Reply to this blog in 300 to 500 words and tell us how you have adapted to the current generation of mobile workers and what solutions you’ve used. We will review each of the replies with certain criteria and reward the most brilliant and transparent solution.

 

Contest Prizes

The top 3 winners will receive one 7010 licensed controller, one IAP-205h, and one IAP-325.

 

--If you are unable to receive the gift due to company restrictions you could always give it to someone else.

 

Contest Rules

HTM Community Contest starts at 5am PST on November 9th, and ends at 9pm PST on November 30th. Selection of winners will be a two-step process: a combination of the Kudos on the Airheads Community and thorough final selection by the judging panel who will look at the accuracy, creativity, and quality of the article. We kindly ask that you do not give kudos to a single entry under the guise of multiple accounts. Any abuse will result in immediate disqualification.

 

The amount of kudos counted will be the amount of kudos given. If the submission has 40 kudos... then the post will receive 40 kudos towards the contest. If you impress someone with a kudo weight of 3... you receive 3 kudos.

 

We do ask that your solution be an actual implementation that you have been a part of. We are interested in all implementation scenarios that are not classified.

Comments
New Member

Our Network

We are currently in the process of migrating to an Aruba wireless system to help with our wireless growth. We have gone with a multi controller architecture to allow redundancy across two major sites. Given the increase in mobile and portable devices and increasing demand for bandwidth, we've opted for an all Wireless-AC solution (primarily AP-225s initially, but future deployments will include AP-325s). We typically support between 1000-2000 users.

 

Encouraging BYOD

Our unique adaptation is that we strongly encourage BYOD and we consider wireless a first class method of access, contrasting to many deployments where it’s simply best effort only. While this means there are significant challenges such as QoS, this mindset means we aim the solve or eliminate them as best as is possible using the tools and network management.

 

Our BYOD solution incorporates a model which is less common – we allow our users full control of their devices, and do not mandate the install of any software on them. This means all devices are simply considered untrusted, and access to internal resources is through primarily web based technologies, including a foray into HTML5 applications. This means the security/access model is similar to a ‘work from home’ scenario.

 

Assisted Purchasing

If a staff member wishes to purchase a new BYOD device, we have a scheme which allows for a subsidy to assist with the purchase. The staff member maintains ownership of the device, and after a time period may keep the device if they move on from the organization. This scheme is being widened to allow for the purchase of tablets, which are being used more often in the workplace. Furthermore, technical support is still provided to staff who move to such a device for their work.

 

Guests

We deploy a site wide captive-portal based hotspot which allows guest access, with open registration by mobile phone. This allows for unrestricted high speed internet access for those visiting the site. We are currently exploring a solution which allows guests to connect to a secure network, as well as improving the ease of access by allowing guests to save credentials when they return to the site, enabling automatic login.

 

Going with the flow

In moving away from what is a typically very restrictive and user unfriendly environment, we’ve found that it allows us to work with our users rather than working against them, and the tide that is BYOD and universal access.

Community Administrator

 @StephenQ I really like the road map you are putting in place for the guest solution. It sounds like you guys have a great structure in place.

MVP
We're a retail-grocery chain, with traditional warehousing and a few corporate/regional offices. Our wireless adoption is at 2003 levels which makes us pretty cutting-edge in retail. That said, we can see that BYOD will eventually come, and guest networks will probably be needed in the retail environment, so we've put Aruba controllers, iAP swarms, Airwave and ClearPass in place to best support the legacy systems in use today while preparing to support the future. The adoption rate is slow, but when the future gets here, we'll have to jump as fast as possible - we've got 802.11AC available for when devices are ready, and today guests can easily get on the office wireless, so we'll be ready to extend that to the stores when the business requests it of us.
Frequent Contributor II

Over the past 4 years I have grown our wireless environment exponentially. From thirty one old AP61’s in a campus hot spot deployment to where we are now with almost complete campus coverage (two main campuses and two smaller satellite centers) with a mix of AP93’s, AP105’s, AP205’s and AP225’s. Currently I am working to upgrade the remaining AP93’s to AP205’s. Our wireless user base has grown with the expansions and exceeded the expectations of everyone save myself as I was seeing my vision for Cape Fear Community College beginning to come to fruition.

 

ADU 11 - 15.PNG

Once the main infrastructure was put into place, a dedicated master with four locals, I was able to get both ClearPass and AirWave into the environment. Since then I have migrated Staff, Faculty and Students over to a fully secure dot1x environment. Thanks to ClearPass I am now able to allow wireless access into our production environment safely for CFCC owned Laptops/Notebooks & MacBook’s.

 

Role based access has been an amazing breakthrough for our campus and many others are now starting to fully understand where mobility can take us. Our new Surf City satellite center is a prime example. Through the use of ClearPass and Aruba mobility controllers it is a completely wireless environment for students. There are no formal computer labs at this site. There are laptop carts in which the laptops have been provisioned and joined to our AD environment and are using machine authentication. When a student powers up these devices they act like any other desktop on a hard lined Ethernet network, waiting for students or faculty to log into them. This saved CFCC a considerable amount of money in both structured cabling and power costs.

 

Another example is our Humanities & Fine Arts Center (or HFAC) which was just completed. It has one three story wing of classrooms, studios and faculty offices dedicated for education and the other wing houses the new Broadway caliber theater with a sixteen hundred person seating capacity. Again, this building is an 80% wireless environment with very few traditional hard lined desktops and no formal computer labs. Thanks again to ClearPass and role based access I was easily able to integrate the ticket scanning wireless devices for the box office, lighting & sound control wireless devices for the theater and secure wireless access for the snack and drink vendor registers.

 

The next items in line on my project list:

 

I am converting an older 3200XM controller into a stand-alone VPN concentrator for Staff and Faculty. ClearPass is allowing me to use role based access to match a user’s VPN experience with their wireless experience, meaning they would have the exact same access to the network that with the VPN that they would have with wireless.

 

Once the VPN is complete then it will be on to initializing OnGuard for employee’s personal laptops/notebooks and more of a full BYOD integration. But before I can do this, obviously the rest of my mobility vision must be in place.

 

Cape Fear Community College – We are GenMobile

New Member

We are a private tertiary education provider based in New Zealand with 3 large branches and 5 small branches nationwide. Over my 10 years that I have been with the company we have evolved from basic layer 2 switching to Cisco Layer 3 Switching with VLAN segmentation and WAN connectivity and from a single access point located in our CEOs office to 15 controller based Cisco Access Points nationwide.

Our I.T. Team of two is located in our head office and look after 250 Employees and 1000 Students Nationwide.

Due to our diverse student population and range of devices and operating systems we constantly battle issues with connectivity due to many factors including devices trusting our certificate.

We are about to take our next step towards embracing BYOD Users and #GenMobile over the Christmas Break by:

  • Replacing our Core/Distribution Switches with HPE Aruba 5400 zl2 switches in our two largest campuses to replace our legacy Cisco 4506 Supervisor-V Switches.
  • Installing 30 new Aruba Instant 802.11AC access points in the same two campuses to replace the unreliable Cisco units.
  • Implementing Aruba Clearpass to replace our legacy Microsoft NPS radius server.
    We will be implementing 802.1x for our company owned assets and an Active directory authenticated web portal for our student and staff BYOD devices.
  • Implementing Aruba Airwave to enable better management and visibility of our wireless network.

One of our large campuses being upgraded as mentioned above is moving to a new site and we are taking a wireless first approach including installing wireless network adapters in desktop pcs and only cabling where absolutely necessary.

We have been testing for this deployment for the last month using a IAP215 and Clearpass and have found the platform to be extremely stable and have not needed to restart either the AP or the VM compared to many reboots for the Cisco APs

New Member

We're a large retailer in Australia and New Zealand, with 450+ stores, 5 warehouses and a number of offices (including 5 in Asia, for our product sourcing).

 

In 2010 we needed to cut signficant run costs from our IT budget, which saw us replace our traditional teal-coloured vendor with three new vendors, for switching/routing; wireless (Aruba); and voice.

 

Hot on the heels of that decision came our first foray into BYOD and guest wireless networking. With Aruba's help, we bought and implemented Amigopod (later became ClearPass) for our head office building (appx 800-1000 staff and hundreds of visitors monthly).  The effect was both immediate and positive - adoption rates quickly climbed, to the point where we are currently supporting nearly 900 BYOD devices in the building, and around 100 new guest accounts every month (on just 42 APs!).

 

With all that guest and BYOD goodness came the first world problem of dealing with wireless capacity so, to that end, we just this week started the replacement of all our AP-105s with new AP-225s, and the feedback from the areas that have received them is already positive.  At the time of writing, we're seeing more than 500 devices connected wirelessly in Airwave on our corporate SSID (as well whatever guest/BYOD devices are connected via the same infrastructure).

 

In our stores, we recently completed the lifecycle of our wireless network to IAP-115s, and rolled out a second ClearPass instance for BYOD for our store team members.  Since we went live last week to all our stores, over 700 team members have already registered for access, with the number climbing daily.

 

The next step (which we're now looking at experimenting with) is integration between our ClearPass appliances and Palo Alto firewalls, so we can start to look at the benefits of contextual security at the access layer. This will not only include roles-based access (something we've been very keen to start using), but also access based on the security posture of the device they're on, and the relative risk of the access network they're coming from (corporate vs stores vs home office via VPN).

Community Administrator

Thanks you all for your submissions for the How Tomorrow Moves community contest.

 

We had 5 entries for the month. 

 

 

Our winner is:

@americanmcneil - 18 kudos

 

We happened to have a 3 way tie for second, so we have decided to award all 3 with the prize.

The 3 second place finishers are:

@psteelnz@msabin, and @StephenQ - 7 kudos

 

Again thank you all for sharing your deployment with us and keep up the great work.

 

*Winners please DM me with your contact info.

New Member

Thanks Aruba for the awesome prize!

Looks like I will have the best home wifi in our town!

 

Phil

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements
Read all about it! If it’s happening now, it’s in the community.

Check out the latest blogs from your community team, the community experts and other industry sources.