Deployment Timeline
This client, a large private school in Australia, was eager to transition to a certificate-backed network, due to constantly being bogged down by password resets. They reached out to SecureW2 in September 2021 and were fully deployed in just three weeks’ time.
Challenges
K-12 and other educational institutions have a unique problem when it comes to network security. Our client is no different – they have access to tons of confidential information regarding both their students and their faculty.
Mitchell and his team knew they wanted to switch to a certificate-backed network, but most importantly, they wanted a cloud solution that integrated with their existing Azure and Intune environment and requires little to no action from their end-users.
The school would also like to be able to offer guests, such as parents of students, the ability to securely access their network without any potential for data leaks. Your run-of-the-mill WPA2-PSK network, which requires everyone to enter the same credentials for access, just wouldn’t cut it.
Solution
The school was utilizing Intune as their MDM, which is perfect for certificate deployment when used alongside SecureW2. SecureW2 can easily support Intune with all APs and RADIUS servers.
We utilize SCEP (Simple Certificate Enrollment Protocol) to simplify the enrollment process so IT administrators like Mitchell can automatically enroll any managed device in Intune for a certificate without any end-user actions necessary.
Because all 1500 devices are managed and the client isn’t doing BYOD, this is an ideal solution as the IT team doesn’t have to go to each device individually and enroll for a certificate . All the devices are automatically enrolled and configured themselves.
When a user’s certificate is authenticated via 802.1X, their attributes are analyzed by our Cloud RADIUS server. This ensures they are a valid organization member, as well as checks their group membership permissions for role-based access control.
This step is usually expensive due to traditional costs of maintenance and upkeep with on-premise servers, but because Cloud RADIUS isn’t tethered to the physical site, it’s cheaper and more efficient. The client was able to utilize Cloud RADIUS to send the user to Dynamic VLAN to be transferred to a port that will grant access to the resources available to a member of that user group. As a result, students aren’t able to access the same things as faculty members and are segmented into appropriate groups to ensure a more secure network. The client also utilized JoinNow NetAuth so that guests can access a wireless network by simply following a few prompts on their device. Trusted network users can also add their own sponsored guests to streamline the process.
Evaluating Success
The client has been enjoying the security and ease that comes with an 802.1X network and has cut the number of support tickets they receive by 60%.
Mitchell and his team now have more time to focus on more pressing matters, other than password resets.