For customers wishing to distribute Remote Access Points (RAP) to their employees there are concerns of overhead and security.
They are looking for a zero-touch method where the remote access points will get their configuration automatically and at the same time the distribution, authentication and connectivity is done securely. For instance how to deal with the case, when a RAP is sent via post to an employee at home and this RAP is lost or gets in unauthorized hands?
Aruba provides a secure provisioning solution for it Remote Access Points. This is described in the figure below:
As seen in the figure, the key element here is that the RAP allows no wired or wireless connectivity until the user connects his laptop to a wired port on the RAP and authenticates on the captive portal using his Active Directory or Windows username and password. The user does it once; after that the RAP is whitelisted and will allow the configured settings like WiFi and Wired connectivity. This step prevents the RAP from coming under unauthorized hands before it reaches its destination.
The provisioning of the RAP is simple, zero-touch and secure. This scenario was implemented by large German customer in the transportation business as well as many other security-aware customers.
Also worth to mention is that the IPSec VPN is established through a certificate built into a TPM (Trusted Platform Module) chipset that exist on the RAP. This certificate cannot be tampered with. This ensures confidentiality of data transmitted over the internet.
This kind of secure provisioning is unique to Aruba.
At Aruba we advance how people live and work