GreenPages Blog

As an IT professional, you need to stay current on all things tech; with articles from industry experts and GreenPages' staff, you get the info you need to help your organization compete and succeed!

All Posts

Designing a Network to Support End-User Devices in the BYOD Era

From school campuses to doctors’ offices to board rooms, it is more than evident that the iPAD/smart-device revolution has changed the dynamic surrounding host device access.  The employees who bring in their own personal iPads to work have caused a lot of strife for IT administrators; how do we provide access for these devices—especially when corporate executives get their hands on them?   How do we provide access while at the same time protecting our assets?  How do we distinguish between guest devices, employees who bring their own devices to work (BYOD), and corporate-owned assets?

In addition to struggling with non-standard device access, administrators also have to contend with the additional capacity requirements associated with the proliferation of so many new, smart-devices seeking wireless access.  If that isn’t enough, these same devices are demanding more and more bandwidth and the applications are becoming more and more time-sensitive—requiring quality of service (QoS) capabilities within the environment.

{ Register for our upcoming Networking Webinar on Datacenter Network Optimization & Best Practices on 9/19 }

It is important for IT administration to embrace the inevitable push by customers, employees and executives to allow access for these devices – but it doesn’t have to be all at once.  A thorough examination of the specific device types and their specific uses (and nuances) is required, and then administration must come up with a plan of attack.  Most companies are starting with Apple iOS devices first, due to the higher demand and for some of the business-enabling applications the devices support.

The initial hurdle that needs to be addressed is for IT to be able to differentiate between corporate-issued devices vs. the devices that employees bring in themselves.  The type of wireless LAN (WLAN) infrastructure that is in in place, along with the back-end authentication equipment, will greatly affect an organizations strategy.

One of the newer techniques involves DHCP inspection and fingerprinting to determine the device type/operating system.  Once this is established, those devices can be put into a default role with access to certain resources as dictated by a well-defined security policy—ha.  We’ll save that for another discussion.

What can you do with a device once it is identified? The most common action is simply to provide unique firewall rules that control what those devices are able to do. Additional granularity can be achieved through a PKI device certificate installed on the employee’s personal devices, which could work with a BYOD policy.  Guest access may not be as good of a use-case for certificates.

Guest access should have, at a minimum, several basic capabilities:

  • Ability to create duration times for network access
  • Start/End times per day, week.
  • Bulk provisioning

Provisioning Methods

  • Self-sign in Kiosk
  • Lobby gatekeeper
  • IT staff

As these smart-devices are almost exclusively wireless, a critical component in preparing for these devices is a wireless site survey.  Often neglected, a critical aspect of a WLAN site survey is the interview process with the customer--analyzing or estimating network users’ behavior to determine AP densities/placements.  Designers gather as much information as possible about the facility, the customers, their business needs and behaviors.

While floor plans/building schematics are a good starting point, a site survey (with a spectrum analyzer) is still the best means of determining a proper design.

Do not forget Power over Ethernet (PoE).

A sound QoS strategy is also something to consider.  These time-sensitive applications such as facetime, VoIP and some eLearning applications all require a robust, well designed QoS-enabled environment across both the WLAN and the LAN.  An overall QoS strategy needs to be determined based on business needs.  Once these are determined a QoS solution can be implemented based on the manufacturer chosen.  What applications are mission critical to your business?  Of those, what are time-sensitive vs. those that could fall under best-effort?

Related Posts

What Is Zero Trust Security?

By Jay Martin, GreenPages Security Practice Lead Security is top of mind for strategic thinkers in the C-suite and IT department. But what is a "zero trust" security framework and how does it benefit your organization?

The Pros and Cons of Cloud-Only or Cloud-Native SaaS

By Josh Morganthall, GreenPages' Senior Solutions Architect, Microsoft Cloud Over the past few years, companies have embraced the cloud-only workplace model: swapping out their on-premise software and servers for cloud-only “software as a service” (SaaS) solutions. Read about the pros and cons of going SaaS and how companies weigh all the options before deciding.

Tech News Recap for the Week of 10/03/22

If you had a busy week and need to catch up, here’s our recap of tech stories you may have missed the week of 10/03/22!