Secure Onboarding

Make Wireless Onboarding Simple and Secure for BYOD and Guest Users

End users bring all sorts of Wi-Fi enabled devices to your environment, and they expect easy and quick network connectivity.

Onboarding is the process by which a new device gains access to the wired or wireless network for the first time. IT teams traditionally experience a heavy workload from getting all of those devices on the network. And if you don’t do it securely, you can place users, devices, data and the network at risk. How do you securely and efficiently connect thousands of user-owned devices? How about the coming deluge of IoT devices?

Ruckus dramatically reduces the helpdesk burden related to network access and gives you the power to deliver a great end-user onboarding experience. Users get online quickly and securely—with only the appropriate level of access to network resources.

Hassle-Free Wired and Wireless Network Access

Ruckus’ Cloudpath Enrollment System simplifies BYOD and guest access with easy, secure self-service network onboarding. Employees, students, partners and guests onboard their devices once and then automatically re-authenticate in the future—in a process that is entirely transparent. They no longer have to repeatedly re-enter credentials on subsequent network connections. You can also easily onboard headless devices like gaming consoles, printers, and IoT devices.

Powerful Wireless Security and Policy for Users and Devices

WPA2-Enterprise ensures secure connectivity, with powerful encryption for data in transit over the air. An up-front posture check with remediation ensures that every device employs baseline security measures before it connects. Authentication based upon digital certificates increases network and data security. You can define and manage granular policies to govern the level of access, plus you gain visibility and control over devices on the network—with the ability to revoke access at any time.

Automated Device Onboarding and Network Authentication

Do you need to support rapidly proliferating device types and platforms? No problem. Ruckus lets you automate secure network onboarding and authentication so that the IT helpdesk doesn’t need to intervene. Easily create customized workflows to support any user. You’ll no longer see a mountain of trouble tickets for every new device type, and you gain the freedom to focus on higher-value activities.

Forest Hills Public School District

Michigan. 10,000 students. 1:1 Chromebooks needed more than 30 devices per AP.

Neumann University

Ruckus Provides Champion-Caliber Wired and Wireless Network

Sunway University

Sunway is a university located in Malaysia that serves 18,000 students and 1,500 staff members

Case Study

Blackpool and The Fylde College

Cloudpath Enrollment System Supports Digital Campus

Case Study

Fairfax County Public Schools

Embracing Bring-Your-Own-Device via Cloudpath Enrollment System

Case Study

Summit Public Schools

Cloudpath Enabling Reliable, Secure Authentication Across Campus

Secure Guest Access

Wired and Wireless Network Security

What it means:

Visitors to any environment—schools, colleges, government agencies, retail, hospitality, offices or practically anywhere—arrive expecting easy and secure connectivity for their devices. Secure guest access means allowing visitors (vendors, partners, consultants—visitors of any kind) a way to securely access the internet and/or local network resources services over the wireless or wired network.

Why you should care:

When done right, guest access is a win for both the end-user and the organization providing it. Guest users are more productive when they can get online quickly and easily. Internet connectivity helps the visitor conduct whatever business or activity brings them to your environment, which also benefits the organization. Modern guest access systems let visitors securely self-provision their devices for internet access without IT involvement, avoiding costly and labor-intensive help desk tickets. These systems let IT teams customize network onboarding workflows, which may be sponsor-initiated, sponsor-approved, or entirely self-service. Guests receive their individual login credentials via SMS, email or printed vouchers.

IT teams can customize the onboarding portal so that the look and feel supports the organization’s brand. They can grant access for a specified period depending upon how long the user will remain on site. Guest users typically get internet access only—they don’t see internal network resources. IT gains visibility and control over devices on the network, with the ability to revoke access at any time. An up-front security posture check with remediation further enhances security. 

Related Products and Solutions

Secure Network Onboarding

Wired and Wireless Network Security

What it means:

Network onboarding is the process by which a BYOD, guest or IT-owned device gains access to the network for the first time. Secure network onboarding means doing this in a way that enhances security for users, devices, data, and the network.

Why you should care:

BYOD and guest users often incur frustration with default methods for network onboarding. Default methods such as MAC authentications and conventional PSKs are not intuitive for users, leading to numerous help desk tickets. Default methods of onboarding and authentication are also not secure. An effective system for secure network onboarding improves end-user experience for BYOD users and guests. It relieves IT of the burden of excessive help desk tickets related to network access, and improves IT security as part of a layered protection strategy. Ruckus offers Cloudpath Enrollment System software/SaaS for this purpose.

Related Products and Solutions

Certificate Management

Wired and Wireless Network Security

What it means:

In computer networking, a digital certificate is a document installed on a device that provides the basis for authenticating the device onto the network. Certificate management is the process of managing these digital certificates. This includes processes such as creation, storage, distribution, suspension and revocation. Certificate authorities (CA) are responsible for certificate management and serve as a registration authority for subscriber certificates.

Why you should care:

Digital certificates installed on the device as part of an automated network onboarding process streamline network authentication and make sure that every connection is secure. Users who have installed a certificate on their device during initial onboarding no longer have to take any action to re-authenticate on future connection attempts—the device connects automatically in a process that is transparent to the user. The certificate persists on the device until revoked by IT administrators. Default methods of network onboarding and authentication, such as conventional pre-shared keys and MAC authentication, do not provide the security or user experience benefits of digital certificates distributed via a secure onboarding platform.

Related Products and Solutions

Dynamic Pre-shared Key (DPSK)

Wired and Wireless Network Security

What it means:

Dynamic Pre-Shared Key (DPSK) is a Ruckus-patented technology that delivers secure network access by providing each device and user with a unique login credential. Users access the wired/wireless network using their own personal key, which is provided as part of the network onboarding process. In contrast, with conventional pre-shared keys (PSKs), multiple, or even all, users share the same key.

Why you should care:

Traditional pre-shared keys create a security hole in network defenses because multiple users access the network with the same key. Conventional PSKs do not give IT teams visibility and control over devices on the network or the ability to map access policies to specific users and devices. Users readily share conventional PSKs with others, and IT cannot revoke them for one user without revoking access for all. DPSKs address the security flaws of conventional PSKs to make users, devices, data and the network more secure.

DPSKs are an alternative to digital certificates that provide similar security benefits. They are appropriate in cases where user experience considerations make it impractical to install a digital certificate on the device. This applies in cases where the user will only need network access for a limited time—for example, in the case of guest users.