Self-Registration, Policy & Branding for Guest Access Carlos Gomez Gallego
Jul 30, 2015
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
2 #AirheadsConf
Agenda
Enabling Guest Access in the EnterpriseDefining your PolicyCommon WorkflowsLive Demo
Enabling Guest Access for PFE deploymentsCaptive Portal OptionsSocial Login Support Advertising options, driving Mobile Apps
3CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Guest Access in the Enterprise
4CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Guest Access in 2014
• Where is Guest Access Today?– Still seen as cumbersome by users
– Overlapping with BYOD and IOT
– Still some paranoia to providing simple guest access
– Technology is there, just not being widely used
• What are the common problems?– Poor products from the network manufacturers
– Poor branding, design and guest user experience
– Provisioning process gatekeepers (human or machine)
– Employees bypassing corporate networks
– Apathy, mindset and ‘too hard’ mentality
6CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Planning Guest Access Requirements
• Who needs access?– Casual Guests, visitors, partners
– UC/AV/IOT devices, VIP partners, employee BYOD
• How often do they need it?– On demand for a fixed period of time
– Permanently (or at least long term)
• What’s the security consideration? – Internet access, AirGroup, appropriate bandwidth, URL filtering
– Internet access, restricted LAN, restricted applications
– Digital certificates, password complexity, sponsor approval
– Open versus encrypted SSID/Access
7CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Balancing Security and UX
• Some security realities– Not everyone is out to get you
– Good security does not need to be intrusive
– Enabling controlled network access can deter ‘creative users’
– Users and devices need connectivity, that’s not changing
• The user experience– Please let us help you with skin/cp design!
– Mobile matters, the growth is in mobiles and tablet devices
– Frequent users/devices should not need to manually re authenticate
– Enable your workforce to deliver on demand guest services
8CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
How to offer Secure Guest Access
• Provisioning– Turnkey process for on demand provisioning or self registration
– Request details once, and use more intelligently, why ask again?
– Offer credentials that can be used on secure networks
– Simple time, bandwidth and device number policy controls
• Frequent Visitors, IOT devices– Offer a WPA2 SSID as complement to open SSID, same credentials
– Delete/Disable visitors not seen in months/years, not days/hours
– Good logging and reporting can alert you to suspicious behavior
– Enable your workforce to deliver on demand guest services
– Extend to SSO applications
9CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Guest Self Registration
Benefits
One time registration
No IT involvement
Full audit trail
Full firewall policy control
Drawbacks
?
10CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
On Demand Guest Access
Benefits
Employee driven
No IT involvement
Full audit trail
Full firewall policy control
Drawbacks
?
11CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Demo of CP Guest
Self Registration
Workflow
Actions
Authz Policy
Logging/Reporting
On Demand
Workflow
Authz Policy
Operator Profiles
12CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Guest Access in PFE
13CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf13
Which Poster Gets the most Attention?
14CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Planning Guest Access in PFE
• Who needs access?– Fans in the stadium, shoppers in retail stores
– Conference delegates, Press, Digital Agency
• How often do they need it?– On demand for a fixed period of time
– Permanently (or at least long term)
• What’s the marketing/business objective? – Simple, one click access to basic internet
– Capture some basic information eg. email, mobile, interests
– Drive mobile application download, loyalty subscription
– Provide access to secure content, special offers, coupons
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved
@arubanetworks15
Building Out the Captive Portal Experience
16CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Apple Passbook support
• Use Apple Passbook as a digital receipt • Compatible with some Android applications (such as
PassWallet).
17CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Add Passbook as Receipt Option
• Built in Templates in ClearPass– Enable Pass download and select
Pass Template
18CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Drive Social and Application Awareness
19CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Social Network Login
• Targeting a new network of users– Users that live through their social identity
– Users loyal to exclusive offers and community/fan groups
• Things to consider– Some people do not ‘love/like/tweet/follow’ social networks
– Consider providing simple alternative registration process
– Can takes over branding and user experience
• What’s the marketing/business objective? – Simplified access to basic internet, tick the social media check box
– Integrated social media initiatives driven by marketing professionals
20CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf
Advertising Services
• Rich Content – Create dynamic
campaigns based on device/user/venue context
– Supports images, interstitial video, text, HTML5, SMS, email..
• Campaigns– Leverage visitor context
– Rotating or weighted
– Integrate with 3rd party Advertising services
– Automate application configuration
21CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf21
Overlay Advertising on the browser
22CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved
#AirheadsConf22
Key Use Cases
• Guest Access– Customers, suppliers, partners
– Promote mobile applications
– Advertising, location services
• WiFi enabled demo equipment– Laptops, tablets, televisions, cameras,
games consoles
– Digital catalogue and concierge
• Enterprise and BYOD Devices– POS, surveillance cameras, scanners,
VoIP Telephones, printers
– Corporate issued smart devices