SECURITY

DISASTER RECOVERY/COMPLIANCE

BI/APPLICATIONS

DATA CENTER MANAGEMENT

STORAGE ARCHITECTURE

NETWORKING

HEALTH IT

APPLICATION DEVELOPMENT

CLOUD

VIRTUALIZATION

TechGuide

1
2

EDITORS NOTE

How to Handle Mobile Devices

Impact on the Network
Mobile devices will gobble up WLAN bandwidth. Heres how to prep your network.

MOBILES IMPACT:
SUDDEN AND DEEP

BYOD IN YOUR WIRELESS LAN?

YOU NEED INTEGRATED TOOLS

BEFORE YOU BUY: HOW TO

EVALUATE WIRELESS LAN
REQUIREMENTS

EDITORS NOTE

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

Next-Generation BYOD
Its been 10 years since I got my first cell
phone, a one-lung little gadget that allowed me
to make phone calls, send a text message here
and there and, well, not much else. Admittedly,
I was behind the technology curve; cell phones
were quickly becoming the norm well before
I finally pushed my first send button. That
said, I certainly had written about mobility, beginning with a story I wrote in 1987 for a nowdefunct cellular trade publication that detailed
how the Denver Broncos decided to invest
thousands of dollars for three mobile phones
they would use as an experiment to handle onfield communications. They mustve worked;
the team won the AFC championship that year.
Today, almost 30 years later, everything has
changed. Cell phones are now smartphones,
equipped with enough processing power and
technology to do everything from monitoring
your heartbeat to watching a movie (and maybe
even making a phone call now and then).

2 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

The Broncos, like every other NFL team,

doesnt just use smartphones; the team also
uses iPads and other mobile devices to store
playbooks and other team materials, taking
mobile communications to a level that didnt
exist even five years ago.
Ubiquitous mobility brings with it opportunity and challengeschallenges that IT managers must face every day as they work to corral
the growing impact mobility has on todays enterprise networks.
This TechGuide walks you through some of
the steps you will need to prep your network
for next-stage BYOD.
We hope you will benefit from the advice our
experts have to share about this critical technology. n
Chuck Moozakis
SearchNetworking
TechTarget

SUDDEN IMPACT

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

Mobiles Impact: Sudden and Deep

The rise of enterprise mobility is undeniable and shows no sign of slowing. According to Nemertes Research, 65% of companies
reported growth in mobile device populations
in 2013. On average, device counts rose by
nearly 33%. Further, 76% of companies expect increasing smartphone and tablet device
counts in 2014. As app-driven, Wi-Fi-enabled
devices multiply, the need to support more
mobile endpoints quickly creates challenges
for company networks. To properly support
the tidal wave of wireless devices, companies
need a modern network infrastructure that has
responsive connectivity with appropriate security measures.
Smartphones and tablets affect the network
in several ways. First, they drive companies to

shift more rapidly to a WLAN-oriented infrastructure, one that employs Quality of Service
(QoS) in place of wired LAN connectivity. Second, these devices are straining WLAN capacity. Third, they require governance, which
means IT departments must consider both mobile device management (MDM) and a hybrid
network MDM.

APPS ARE BANDWIDTH HOGS

Behind all the mobility buzz are the apps. From

email clients to video streaming to Angry Birds
(launched only on lunch breaks, of course),
apps gobble up a significant slice of bandwidth.
Email applications wont heavily burden networks, but video streaming apps are bandwidth

From email clients to video streaming to Angry Birds (launched only on

lunch breaks, of course), apps gobble up a significant slice of bandwidth.
3 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

SUDDEN IMPACT

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

hogs, and virtual desktop apps require strong,

consistent connectivity. When devices overtax
an access point (AP), latency rises. When latency rises, help desk tickets soon follow.
QoS queuing technologies from Aruba
Networks, Cisco Systems, Juniper Networks
and others give the right of way to missioncritical apps. But in most cases, QoS cant
singlehandedly solve all bandwidth problems;
companies cant continue to simply squeeze
more devices onto the network without also
increasing the number of APs and the amount
of bandwidth.
To handle the increased number of mobile
devices, companies are adding bandwidth to
their WLAN. On average, companies nearly
doubled WLAN bandwidth by adding 90%
capacity in 2013. Although this indicates
WLAN bandwidth is trending upwards, companies show a fairly significant disparity in
capacity investments, which is likely driven
by company size and differences among their

respective wireless roadmaps. Of this 90% increase, 71% of capacity demand came from mobile devices. Consumer and productivity apps
account for half of mobile-driven bandwidth
increases.

NETWORK-BASED SECURITY

While end users have all the fun with their

smartphones and tablets, administrators
must face the security threats these mobile
devices bring. Rogue APs and unenrolled
devices are two concerns. Fortunately, network-based security addresses these issues
and even makes ITs day-to-day operations
easier. In fact, 41% of companies already use
some form of network-based security for
mobile devices.
All major mobility management vendors offer safeguards against rogue APs in addition
to supporting device health checks and device
fingerprinting when users request access to the

Companies cant continue to squeeze more devices onto the network

without also increasing the number of APs and the amount of bandwidth.
4 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

SUDDEN IMPACT

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

network. These stopgaps monitor enrollment

status, ensure that antivirus protection and applications are current, and determine whether
an MDM client is installed. The systems then
funnel users to profile-based repositories
such as a secure, limited guest account with
network accessor to a more robust network
segment with broader access to applications
and data.
All this is done automatically without IT
touching the device. For all the things MDM
does well, on-device MDM clients are still
required to perform desirable functions like
remote wipe and remote lock. This leaves network-based security capabilities as more of a
supplemental technology, but still they are an
important level of protection, especially for a

5 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

company with a lot of unrecognized devices on

its network.

MOBILITY CHANGES THE GAME

Enterprise mobility changed everything, from

the way lines of business do their jobs to infrastructure requirements and IT governance.
Without a strong network with both the bandwidth and security toolset to properly monitor
mobile endpoints, IT administrators face an uphill battle. Mobility management requires bold
steps. Forward-looking companies allow end
users to fully exploit their smartphones and
tablets. Companies that delay in investing in
their networks will fall behind their peers and
put company assets at risk. John Arkontaky

INTEGRATED
TOOLS

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

BYOD in Your Wireless LAN? You Need Integrated Tools

IT network teams face a dilemma when it
comes to BYOD and wireless LAN access. They
dont have the resources to manually configure
hundreds of personal devices, yet asking users
to configure their own clients invites errors and
security issues. Fortunately, there are now tools
that automate personal device configuration
and even enforce varying levels of access policy.
The trick for network teams will be in integrating these tools to obtain the necessary level of
access control.
Until recently, IT departments were able to
use desktop management systems and Active
Directory Group Policy Objects (AD GPOs) to
auto-configure enterprise WLAN credentials
and settings on company-issued laptops. Unfortunately, those tools generally cant be applied to smartphones or tablets.
With newer automated WLAN onboarding
tools, users can choose a designated SSID and
be led to a captive portal splash page to log in

6 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

and accept terms of service. This can immediately route users onto a somewhat limited
guest network, but this is only a first step.
Generally, enterprises need tools that can go
deeper and assign access based upon policy.
Thats where configuration tools come into
play.

SELF-CONFIGURATION TOOLS

The goal of automated WLAN onboarding

tools is to allow users to configure connections
without requiring IT assistance. Many Wi-Fi
smartphones and tablets permit users to configure network connection settings, including
WPA2-Enterprise EAP parameters and server/
user certificates. For example, once users are
allowed access to an open enterprise guest
WLAN, they can access a URL to download a
configuration profile. That can get complicated,
so some organizations now use platforms such

INTEGRATED
TOOLS

Home
Editors Note
Sudden
Impact
Integrated
Tools

as Cloudpath Networks Xpress Connect, which

automates portal-based WLAN connections
for Windows, Mac OS X, Ubuntu, Android and
iOS usersincluding ActiveX for unmanaged
Windows BYODs.
This approach automates and simplifies
WLAN onboarding by minimizing dependencies to accommodate diverse devices and
ownership. It can even be integrated with enterprise directories and certificate authorities
to install different WLAN credentials for each
authenticated user/device. However, this approach doesnt enable configuration updates or
ongoing enforcement, nor can it be extended to
meet other BYOD needs.

Evaluating
Requirements

PROVISIONING PLATFORMS THAT GO DEEPER

Automated WLAN onboarding can get more

specific on access policy when integrated
with traffic inspection functions that are
built into the network. In this scenario, a vanilla captive portal can offer every user the
same self-install links and opportunities for
guest networking, but then WLAN access
points (APs) can be configured with client

7 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

classification policies that offer a more finetuned network access.

Aerohive Networks HiveAPs, for example,
can be configured with client classification
policies that automatically redirect personal
devices based on Wi-Fi MAC address prefix,
fingerprinted operating system and device domain. These classifications could be used to
apply different firewall rules to, say, unknown
Android tablets as opposed to recognized iPads.
Through this method, recognized iPads might
be redirected to a platform that installs an iOS
configuration profile based on an observed
username, while unrecognized devices could be
redirected to a portal where users can receive
individual PSKs and thus join a WPA2-Personal
secured WLAN.
This approach focuses on using the network
itself as well as its traffic content to automate
WLAN onboarding. Combining WLAN traffic
inspection and firewall capabilities with device
and OS fingerprinting streamlines the steps
users may have to take in order to connect their
devices to the network. Broader BYOD management may, however, require additional steps or
IT resources.

INTEGRATED
TOOLS

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

MOBILE DEVICE MANAGERS

FOR AUTO-ENROLLMENT

Mobile device managers (MDMs) can help IT

shops implement more complex policy that
allows access by user, or group, device ownership, make and model, OS level, configuration
and integrity. They can also update settings to
reflect ongoing changes in WLAN design and
enforce real-time policies that address BYOD
misuse or compromise.
Using this approach, users that connect to an
open enterprise guest WLAN are redirected to
an MDM enrollment page. (Alternatively, users
could be sent email or SMS notifications containing personalized enrollment URLs.) Upon
visiting the enrollment page, users are required
to log in or supply an activation code, at which
point the MDM can compare user or group,
ownership and device details to policies that
determine provisioning. If a personal device is
accepted, the system issues a device certificate
and configures the device with many settings
and applications, including enterprise WLAN
credentials and connections, enterprise VPN

8 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

tunnels and enterprise mail settings.

Dozens of MDM products support full device enrollment and can be used to automate
WLAN onboarding. Some have been specifically integrated with WLAN infrastructure. For
example, Meraki offers a free basic MDM to its
Enterprise Cloud Controller customers. Aerohive collaborates with JAMF Software LLC to
provide automated MDM enrollment of Apple
devices. Aruba Networks Inc. offers a ClearPass
Access Management System appliance that integrates with third-party MDMs through published APIs.
These are just a few examples of ways to
integrate WLAN infrastructure with MDMs
and other tools for automated BYOD access
provisioning. There are a host of other strategies, and even more will emerge. If youre shopping for a way to manage BYOD and WLAN
access, start by asking both WLAN and MDM
vendors about their approach to WLAN onboarding and be sure they take automation,
flexibility and device diversity into account.
Lisa Phifer

REQUIREMENT
EVALUATION

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

Before You Buy: How to Evaluate

Wireless LAN Requirements
There may be a WLAN solution out there
that supports all of your enterprises primary
access needs, but before choosing that solution, youll have to evaluate your organizations
wireless LAN requirements. Doing the up-front
research and identifying your wireless LAN requirements will reduce mid- and post-project
slowdowns or regrets.
The key decision criteria reach beyond
WLAN features and include delivery models
and support optionsand these will differ
depending on your organizations needs. This
five-step process can expedite the evaluation of
your needs:
Evaluate where you are today. What systems are in place? Where is your equipment in
terms of depreciation? What is most in need
of replacement in the short term? How much
could you keep of what you already have within
the framework of your requirements, and how
n

9 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

much would have to go? Is an Opex-based

model preferred to a Capex model in your enterprise? Over what timeframe would you have
to show a return on investment or lowered total
cost of ownership for the WLANthree, five
or 10 years?
Develop short- and long-term requirements.
What are users asking for that you arent providing? How are work locations changing?
More and smaller branches? Fewer and larger?
Is telecommuting increasing? How mobile is
your workforce? How much do they use WLAN
vs. LAN now? How much of this is due to availability, and how much is preference? What is
the impact of wireless and mobility on your
network? How much bring your own device
and guest access do you need to support? What
types of devices does your enterprise support
and in what ratios? What type of apps are you
running, developing and planning for? What
n

REQUIREMENT
EVALUATION

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

combination of native, remotely accessed and

HTML5 apps are you aiming for? What compliance and security requirements affect your
technology decision making? What LAN and
WAN technology is in place? To what extent
does this WLAN approach have to integrate
with management and security?
Analyze the gaps. Can you support shortand long-term requirements? If not, in what
areas do you need to invest?
n

Evaluate vendor roadmaps. What are vendors delivering that you havent addressed
internally? Which vendors go-to-market and
overall strategies most closely align with your
requirements? Which vendors get it with
respect to your requirements? How are your
current vendors adapting to trends? Which of
these or other vendors have a sustainable strategy (pricing or otherwise)?
n

Develop the roadmap. A roadmap is not a

project plan but a high-level list of milestones
that you need to reach in order to transform
your collaboration environment.
n

1 0 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

A CLOSER LOOK AT PROCURING YOUR WLAN

Evaluating wireless LAN requirements and

where you are today is largely a process of determining and accounting for current WLAN
assets and interviewing senior management to
see where they are in terms of preference for
different pricing models (Opex vs. Capex). You
may find that management is more than happy
to turn capital expenditures that end up being scrapped or resold at a significant loss into
steady, predictable operational expenses. Or
you may find them committed to a previous
purchase and to fully leveraging the sunk costs
and depreciated assets.
Developing your short- and long-term
requirements lets you determine the type of
approach that best fits your needs by making
you carefully articulate those needs. This is
complex, made more so by mobility and apps.
These are the primary features driving WLAN
growth. Determining how these features affect
your WLAN is fundamental to any plan,
especially if your end goal is a WLAN first
project.
Luckily, simplification is inherent in the
way WLAN vendors design and sell their

REQUIREMENT
EVALUATION

Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

products, which is to say, they are designed

to integrate well with non-WLAN equipment.
This means that they can be dropped in as

Todays wireless LANs are

exceptionally modular, particularly those that are based on
fat access point technology.
a solution no matter what infrastructure is
already present. Yet, getting different semiproprietary and proprietary protocols and features
to work together within a WLAN can be challenging, if not impossible, so a single-vendor
WLAN approach is encouraged.

1 1 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K

Beyond the functions that still require expensive and single-purpose appliances (deep
packet inspection, some VPN concentrators,
enhanced IPS/IDS), todays WLANs are exceptionally modular, particularly those based on
fat access point (AP) technology. If you pilot a
fat AP to see how it interacts with your existing infrastructure, you can do so for an estimated $5,000 a year, which includes a single
AP, management tools and support. Consequently, piloting and trying multiple solutions
simultaneously does not have to be a capitalintensive exercise, and given the importance
of supporting your workforce with excellent
WLAN infrastructure, its a veritable bargain.
Philip Clarke

ABOUT
THE
AUTHORS

JOHN ARKONTAKY is a research analyst with Nemertes

Research, where he researches wireless and mobile

devices, services, applications and management
strategies. He holds a bachelors in journalism and
English from SUNY.
Home
Editors Note
Sudden
Impact
Integrated
Tools
Evaluating
Requirements

is president of Core Competence Inc.

She has been involved in the design, implementation
and evaluation of data communications, internetworking, security and network management products for
more than 20 years and has advised companies large
and small regarding security needs, product assessment
and the use of emerging technologies and best practices.
LISA A. PHIFER

PHILIP CLARKE is

an expert on several IT topics, including mobile device, and has held analyst positions at
Nemertes Research and elsewhere.

How to Handle Mobile Devices Impact on the Network

is a SearchNetworking.com e-publication.
Kate Gerwig | Editorial Director
Kara Gattine | Senior Managing Editor
Chuck Moozakis | Site Editor
Jessica Scarpati | Features and E-zine Editor
Brenda L. Horrigan | Associate Managing Editor
Linda Koury | Director of Online Design
Neva Maniscalco | Graphic Designer
Doug Olender | Vice President/Group Publisher
dolender@techtarget.com
TechTarget
275 Grove Street, Newton, MA 02466
www.techtarget.com
2014 TechTarget Inc. No part of this publication may be transmitted or reproduced in any form or by any means without written permission from the
publisher. TechTarget reprints are available through The YGS Group.
About TechTarget: TechTarget publishes media for information technology
professionals. More than 100 focused websites enable quick access to a deep
store of news, advice and analysis about the technologies, products and processes crucial to your job. Our live and virtual events give you direct access to
independent expert commentary and advice. At IT Knowledge Exchange, our
social community, you can get advice and share solutions with peers and experts.

1 2 H O W T O H A N D L E M O B I L E D E V I C E S I M PAC T O N T H E N E T W O R K