Tuesday, August 27, 2013

Getting On Board with On-boarding products

The concept of wireless client on-boarding was a hot topic at Wireless Field Day 5.  We had 3 AP vendors showing off their variations of how to bring clients onto the network securely: Aerohive, Motorola and Meru.

Just as these 3 vendors differ in how they approach the concept of wireless, their approach to client on-boarding varied quite a bit.  Let's briefly go through their solutions and talk about the highlights.


Aerohive: Client Management

This is a Beta product coming out of Aerohive.  The premise is a simple secure on-boarding solution that doesn't require separate PKI infrastructure.  With literally a couple of clicks you can deploy Client Manager to an SSID and start on-boarding clients.  Now they showed how easy it is to setup, which is great in certain deployments.  What they didn't show was any kind of nerd knobs to customize the deployment.  So I'll be interested to see how this progresses as it gets closer to deployment.  It was also the only solution to choose a color.

Pros: Ease of Implementation, No PKI Needed, Tight Integration with ID Manager and Hive Manager
Client Support (Beta): iOS and OS X



Motorola Solutions: Secure Access

While not a unique solution, it appears that Motorola has OEM'd on-boarding leader Cloudpath for the on-boarding solution.  At first I was a bit turned off to hear that they weren't developing their own product.  But earlier in their presentation, they talk about the technology partner ecosystem and integrating with Forescout, Cisco ISE and other solutions.  Bringing Cloudpath into their product line really makes sense as Cloudpath is one of the major players in the this space.  I'm not fully up to speed with the entire CloudPath offering, but from Motorola's demonstration, there are lot of nerd-nobs to tweak regarding issuing certificates.  This is not something that's exceptionally easy in most products.  This is something that I intend to play with in the future.

Pros: No PKI Needed, Integrates with Existing PKI, Advanced profiling with and without Radius
Client Support: Windows, Ubuntu, OS X, iOS, Android



Meru Networks: Identify Manager

Of all the on-boarding solutions at WFD5, Meru Networks was the only company to say that their solution supports both wired and wireless (although they didn't go into details on how it achieves this with wired).  They show that they can support payment portals, self-service, and even some property management solutions.

Probably one of the more interesting facets of the Meru Identity Manager was their Smart Connect application on windows.  While the features here vary by platform, it was nice to see an application that didn't need Admin rights to configure an SSID.  While the demo didn't feature Smart Connect, it was interesting to see how they dealt with complex configurations on windows platforms.  While they admit the method varies by platform, having a provisioning application is an interesting choice for provisioning.

Pros: Wired + Wireless support, PMS integration,
Client Support: Windows, OS X, Android, iOS




Final thoughts:

Of all the solutions, I would want to see more of the Meru solution for a couple of reasons.  First, it supports both wired and wireless.  It can integrate into 3rd party solutions and there may be some special sauce for some of the platforms that looks intriguing.  From a technical perspective, the Cloudpath solution baked into the Motorola looks pretty awesome from fully featured point of view.  The biggest limitation with Aerohive's solution is that it only works with Aerohive.  That's not a bad thing, but unless you are an Aerohive shop, it's probably not something you would be interested in.  For those who do run Aerohive, this may be the Bees Knees so to speak.

Full Disclosure:  I attended all of these presentation as a delegate to Wireless Field Day 5.  Aerohive has previously provided me gear to evaluate and Motorola was nice enough to provide me with an AP during this event.  While I have received APs, shirts and other swag from these vendors as part of the Wireless Field Day event, there is no obligation from me to provide feedback on their products or positive reviews of their products.  I do at my will, and write my honest thoughts and feelings.

Update: It was brought to my attention that Motorola's Secure Access solution supports Wired clients as well.  Although I didn't remember that being brought up during WFD5.  Special thanks to Colin Lowenberg @colo for bringing this to my attention.