What do you use to manage BYOD at your company?

W

wixter

Weaksauce
Joined
Mar 8, 2012
Messages
88
This is becoming more of a hot issue at my place lately and I'm looking at both Airwatch and MobileIron. I'm forecasting that if we enabled this feature tomorrow we'd have at least 500 user utilize the service immediately and a couple thousand in the months following. Does anyone use either of these products? If so, how do you like them and more specifically what don't you like about them? Or if you don't use those products what do you use and how well does it work for you?

The main issue I'm trying to tackle is how to manage security to allow employees who bring their own devices in, yet be able to distinguish that from some random moron strolling by the building to happens to pick up a signal.
 
We have a public guest network that is in its own VLAN and firewall'd and routed to access the internet only. We do not have the password written anywhere but we verbally offer it to anyone that asks.

The APs are aruba units with fair query weighting enabled and set for 54Mbps as their max data rate. We have 10 APs. Setting the wireless to 54Mbps keeps the avg traffic below 20Mbps and is a disincentive to heavy use. If an employee wants a mobile device on the corp network we provide them a phone. If they want to use a personal Laptop on the corp network they can install VPN software and tunnel in that way, but the firewall will examine their system for approved and updated AV before allowing them to connect.

The rules are fairly loose, but if someone tries to connect and hasn't updated their AV definitions in 90 days it'll deny them access.
 
we use GOOD where I work, simple to use for both our department and the end users
 
Mack if you have Aruba why not throttle based on role and let the aps have max speed?
 
We are in-process of implementing BYOD too. Similar to what Mack is doing with VPN.

Aruba for wireless. ClearPass Controller assigns roles based on login with bandwidth allocation. It also profiles their machine so I know who's on the network with what kind of equipment.

Then we use Juniper Secure Access for equipment to tunnel into our network with a web
browser. Secure Access will check the security posture of the equipment trying to tunnel in (firewall + antivirus).

For Print Access, we use PaperCut with a WebPrint portal. We are also going to offer Citrix desktops through Secure Access.

This should cover all my bases while trying to flexible enough.
 
wixter said:
The main issue I'm trying to tackle is how to manage security to allow employees who bring their own devices in, yet be able to distinguish that from some random moron strolling by the building to happens to pick up a signal.
Click to expand...

ClearPass.
 
Activesync! Free! I bet most people didn't know it could manage mobile devices.
 
All of these responses are good, still not quite what I'm after though. We already use ActiveSync and VPN stuff. The primary reason we're looking into something more than that is we want to see if we can automatically issue certificates for an employee's own device so that they can gain access to our network, without using VPN or ActiveSync. Ideally it would work something like...employee has a tablet, they go to some intranet web page that allows them to generate a cert, cert gets issued and employee installs on tablet, then connects onto our corp wireless and gains access to normal resources they use as if at their workstation.

IMO, I don't think this exact type of solution will work. Management wants it to work this way, but I disagree because they're effectively wanting to override a security precaution of allowing any device to connect to our network. We have to have some kind of authentication built-in somewhere, whether it be with the user's logon ID or they submit the MAC address of the device they want to use so we have it on file...something. I've not had an opportunity to test Airwatch for example so I was curious if anyone else had done something like this.
 
Tee said:
Activesync! Free! I bet most people didn't know it could manage mobile devices.
Click to expand...

It can only do 1/8th of what most MDM/EMM does.

radgoos said:
we use GOOD where I work, simple to use for both our department and the end users
Click to expand...

The downside to Good at least on iOS devices is it does not run in the background. You have to load it to get your email.
 
shade91 said:
It can only do 1/8th of what most MDM/EMM does.



The downside to Good at least on iOS devices is it does not run in the background. You have to load it to get your email.
Click to expand...

I can still set a policy and remotely erase a phone.

If the phone wants to take the boat to China, I am cool with that. Otherwise I cannot do location tracking on all devices, some work, and I cannot remote in to a device but the only devices I know that you can remote in to and actually control are Samsung devices.

:eek:
 
wixter said:
All of these responses are good, still not quite what I'm after though. We already use ActiveSync and VPN stuff. The primary reason we're looking into something more than that is we want to see if we can automatically issue certificates for an employee's own device so that they can gain access to our network, without using VPN or ActiveSync. Ideally it would work something like...employee has a tablet, they go to some intranet web page that allows them to generate a cert, cert gets issued and employee installs on tablet, then connects onto our corp wireless and gains access to normal resources they use as if at their workstation.
Click to expand...

Let me say this again: ClearPass ;)
 
You must log in or register to reply here.
Back
Top