A trend that has significantly changed the wireless network LANscape is the consumer adoption of smartphones and tablets (iPads, iPhones, and Android devices). As a result, we're now a “move-and-do” culture in which people expect to have connectivity wherever they go. In order to stay connected, individuals bring personal wireless devices into their work environments. The next logical request is: “Can I use my personal device on the corporate network for work purposes?” Employees don't want to carry both a corporate and a personal wireless device.
Support for Bring Your Own Device (BYOD) is not straightforward and requires planning and understanding of the different access scenarios. Since Wi-Fi can be viewed as a network gateway for these personal devices, the 802.11 infrastructure and its features are the basic building blocks for implementing a robust BYOD solution. Certainly, there is a need to provide guests with a wireless service to the Internet, which is easily achieved through a captive portal. However, beyond providing wireless service, there are a number of challenges that need to be addressed. Most IT managers acknowledge that there is a real need to support BYOD, but many have little understanding of possible BYOD solutions. The sections below contain a brief analysis of the benefits, challenges and requirements of BYOD.
Although implementing BYOD policies requires additional effort on the part of IT, there are a number of business benefits to be derived:
1. Improved employee satisfaction – Wi-Fi–enabled devices of all kinds are being brought in greater numbers to the work place by employees, to campus by students, to hospitals by physicians, to hotels by guests, and to stores by shoppers. It is practically impossible to impose mass restrictions without escalating the frustration of users. For many, support of BYOD is a matter of customer satisfaction or employee morale, and has the added benefit of reducing the propensity of users to deploy rogue access points or Wi-Fi hotspots through their mobile phones or laptops.
2. Lower communication costs – BYOD, leveraging Wi-Fi, has a direct impact on a business' monthly cellular communication costs and the costs of purchasing or upgrading mobile devices. BYOD means that IT (or the company) is no longer forced to purchase a cell phone or tablet for the user.
3. Lower support costs – A BYOD solution that supports self-provisioning will drastically lower the number of IT support tickets generated. Additionally, smart troubleshooting tools will facilitate fast resolution to network problems. Some studies are beginning to show that users who bring their own devices to work tend to troubleshoot them first before calling for help; ownership and familiarity may engender a greater sense of personal responsibility.
4. Increased productivity – Users are already familiar with their smartphone or tablet, and BYOD has been shown to be more productive in mobile environments. This can also virtually eliminate device training by IT.
5. Increased WLAN security control – A BYOD solution allows subscribers easy access to a secure network that has monitoring capabilities to alert the IT department of problems such as congestion or device failures.
Allowing virtually any Wi-Fi–compliant device on your network can be a daunting challenge, and you will need to clearly address the following questions:
1. How to provision user-owned wireless devices without jeopardizing the security of the network?
Manually configuring each device's Wi-Fi profile by the IT team is not scalable. Manual configuration by the end user is exponentially more risky because of the complex nature of the operation. This is not a one-time event; there is enough device and user “churn” year over year to overwork any IT team. The optimal solution would be a self-provisioning application requiring little or no intervention from IT support. To ensure network security, any person attempting to access the network must be identified and authenticated against a trusted network source (e.g., Active Directory) using the settings defined by an IT policy created to handle the complexities of diverse user types and mobile OS products.
2. How to limit access to network resources based on the class of user/device pair?
To properly manage network resources, there must be a mechanism by which a user is granted access to a defined set of network resources and services. Each user (company or consumer) may have unique access service and resource rights on the same network. This can be based either on a user “class” or on individual permissions and device class, but it is necessary to ensure that network resources are secure and accessed only by those permitted to do so from authorized devices.
3. How to manage corporate-owned devices and user-owned devices?
The basic requirement here is the ability to identify the device of the authenticated user. This is necessary because a user may have two or more Wi-Fi devices connected to the network. Identifying what is corporate owned and what is user owned may dictate the network services available to that user/device pair.
4. How to scale without compromising the network bandwidth?
Logically, there is a limit to the number of devices and classes of applications that the network can simultaneously support. With BYOD, where there may be a higher device-to-user ratio, it is critical to estimate user traffic loading and to have the ability to analyze bandwidth problems when they occur. A sophisticated BYOD solution will also provide methods for traffic load partitioning in order to maximize resources with minimal impact on the user community.
5. How to keep track of devices and how they are being used?
To properly manage a dynamic BYOD environment, it will be important to be able to produce network-level transaction and client state reports for troubleshooting. This requires that the infrastructure itself support the capability for real-time and after-the-fact reporting and troubleshooting. This information is vital for the review of bandwidth demands that is necessary for network planning.
6. How to manage a single user with multiple wireless devices (e.g., tablet + smartphone)?
Some industry analysts have described the network user of the near future as having two or more devices: a laptop, smartphone, and/or a wireless tablet. With wireless devices, mobile workers can perform their duties as long as they have a Wi-Fi connection. As a result, it will be important to support a single user who is logged into the network from two devices concurrently. Full logging and tracking of these devices must be provided, along with the ability to generate summary reports by user.
7. How to manage a consistent set of applications across a varying set of mobile devices?
In order to manage assets or applications like managing network resources, a BYOD solution must be able to associate a user/device pair to a specific “class” of applications and restrict access to other resources. Just as Meru's Wi-Fi solution asserts control over access to network services, the BYOD solution must do the same at the application level.
8. How to manage corporate data written to a mobile device?
In an ideal deployment, a BYOD solution does not permit corporate data to be written to mobile device storage. To achieve this level of control, a true Virtual Desktop Infrastructure (VDI) should be implemented and should complement any BYOD-imposed security controls. Without a VDI, mobile device control would be under the domain of a Mobile Device Management (MDM) solution (application specific or device level) and might allow deletion of specific data objects or force a “wipe” (deletion of all data) of the device itself.
9. Can I assign specific bandwidth allocations to specific users or devices?
BYOD environments need to support multiple applications that vary in bandwidth demand. Standard Web applications place little demand on bandwidth, but voice and video applications can place high demands. The ability to manage bandwidth by user/device pair is important to ensure network reliability. Load-balancing and applying “fairness” rules to application-specific traffic is important to ensure the best experience for all network users.
1. Planning for Implementing a BYOD Solution
For support of BYOD policies, proper planning is important. An understanding of the current Wi-Fi capacity and coverage is a major component of this planning. A BYOD solution may require adding additional APs for increased bandwidth and coverage. Identifying the limitations of the Wi-Fi network and taking corrective actions ahead of operational deployment is critical to the success of the BYOD implementation. Another important part of the planning exercise is to assume an increase in the number of mobile devices per user (e.g., tablet and smartphone). In addition, planning for different “classes” of business users, for controlled access to proprietary or confidential company-managed data and resources is essential.
2. Provisioning Infrastructure and Devices
Once the planning is complete, provisioning and configuration of the wireless (and possibly the wired) network must be done. Existing network routers, switches, session border controllers, firewalls, and wireless network elements may need to be reconfigured to fully support the desired mobile feature set. Following this, management software must be completed and test plans executed to verify that the configuration results in the expected behaviors for the different possible user and device combinations.
3. Proactive Management and Troubleshooting
The mobile community needs to be trained and brought online. If the BYOD infrastructure is set up correctly, individuals may enter and exit the network via self-provisioning services with few or no service orders generated for IT support. When problems do occur, the IT team will employ tools that identify the problem area within the network and analyze the transaction history in order to solve the problems.
Bring Your Own Device is a phenomenon in growing demand in the industry; enterprises large and small, schools, retail businesses, and healthcare providers are all at various stages of adoption. They face the common challenges of provisioning mobile devices for secure access to the network and scaling their wireless network solution to meet the onslaught of devices without creating an overwhelming burden on IT.
If you are considering supporting employees's personal devices in your organization, Advanced Network Systems can help you identify the specific requirements and challenges you need to address within your network as well as help you plan and implement the right technology solution. Contact us for more information about a BYOD assessment, and start bringing iPhones, iPads, Androids, and other smartphones and tablets to your workspace.
Case Study: Wireless LAN
Case Study: High-Speed Wireless WAN
Bring Your Own Device (BYOD) Security Survey
K-12: The One-to-One Initiative & the BYOD Revolution
Overcome the Hurdles of Bring Your Own Device (BYOD)
Security Policy Template: Handheld Devices in Corporate Environments (BYOD)