Aerohive adds completely automated provisioning and management for connected clients

At Aerohive, we've long said that one of the major challenges facing customers isn't just about the capital expense of purchasing a WLAN solution, but about what to do when users have three or four (or sometimes more!) clients that they're trying to connect to the Wi-Fi network. Operational expenses for managing the explosion of clients, installation and management of access points, switches, and network infrastructure, and troubleshooting from a remote location are the real heart of the challenge in implementing a successful Wi-Fi solution.

Once again, Aerohive is very pleased to announce another huge step in our mission to Simpli-Fi enterprise networking: the addition of client management to our HiveManager cloud-enabled management solution. Just like you saw with our access points,












then routers,











and recently switches,











Aerohive has added completely automated provisioning and management for your connected clients











As we all know, getting clients onto a secure wireless network can be a challenge. Security, privacy, and compliance concerns mean ensuring secure access for authorized clients is absolutely necessary, but ease-of-use, manageability, and time-to-access often lead administrators to try out less-secure solutions in order to enable access — or worst case, prevent any clients not explicitly provisioned by the IT team from connecting to the Wi-Fi.

Either case becomes an operational nightmare in this age of mobility. Most administrators realize that with the introduction of BYOD and Consumerization of IT into the network, differentiating between the iPad a user brought in from home and the one that was issued for a specific business purpose needs some major IT intervention — a burden most aren't prepared to undertake. 

Using certificates to access the network (specifically EAP-TLS) has long been a solution for differentiating between clients that otherwise have similar context (same user, same device type, same network, same time of day access). Traditionally, using EAP-TLS requires an IT administrator to provision a certificate to a user, get that certificate installed on the device, and configure a supplicant to use that certificate to connect to the network. Just getting the PKI infrastructure in place to issue the certificates can be a daunting challenge for most IT administrators, but often IT runs into a chicken-and-egg problem: They can't get the users onto the network without the certificate, but the user can't get the certificate on their device until they have network access.

This almost always means IT sets up at least 2 SSIDs  one for enrollment and another for secure network access, and often means IT is stuck manually provisioning each and every client accessing the network. This is darn near impossible in this age mobility and BYOD. Imagine getting 1000 iPads in house for electronic textbooks or taking orders at your retail store and having to configure every single one manually with a certificate! It would take a full time employee dedicated to just onboarding devices, not to mention managing them once they're on the network.

Aerohive has found a way to solve this problem of differentiating like clients by allowing administrators to use the cloud-enabled Hivemanager to configure auto-provisioning for clients in much the same manner we already support configuring Aerohive access points, routers, and switches. The administrator can create policies that get pushed to HiveOS devices that apply network permissions to the clients based on the identity of the user, device type, ownership of the device (BYOD or Issued), location, and time of day. The Aerohive Cloud Services Platform will issue a certificate to connecting users in real-time based on all available context, and then apply policies dynamically based on that information.

If that wasn't enough, HiveManager now also has the ability to apply device-specific configuration settings to the connected clients, such as passcode restrictions, email and VPN configuration parameters, and even some basic application access restrictions, such as disabling camera or cloud-file-sharing access. The best part about this is that it is all integrated into HiveManager within a single workflow — and more importantly — that the user only has to connect to a single SSID and this happens automatically — or more accurately — they get auto-provisioned :-).














Real-time device information, context-based visibility and management, and easy troubleshooting are table stakes when preparing your network for a mobile-first workforce. Once again, you can look to Aerohive to help make a complex problem simple by using a combination of distributed intelligence, cloud-enabled management, and a little bit of BEE-power. Hive On! 

Leave a Reply