While a lot of providers had an Active Directory Integration, and some had Jamf, SecureW2 was the only one that integrated with both, and integrated with my G-Suite
The configuration and authentication of managed devices was a continual pain point for Network Administrators at Simply Business. Their diverse MDM environment didn’t allow for an efficient solution for configuration. It’s no simple task to integrate different OS and managed devices into a single network environment.
Simply Business relied upon Meraki Access Points (APs) and authenticated through a JumpCloud RADIUS. Their credential-based authentication method allows them to connect to a WPA2-Enterprise network, but the process is far from efficient. The complex device environment left Simply Business without an effective method of authenticating and tracking network devices. So they began to search for a solution.
An Issue in Authentication
The primary issue for Simply Business that incited their search was the issues they experienced with their Meraki authentication process. During authentication, they would have to use a device agent to check in and confirm whether a connecting device was one of theirs and was allowed network access.
The process was inefficient and influenced a switch to Mist Systems, but this still was not a sufficient solution. Mist provided a more reliable method of determining who is connected to the secure network with little effort from IT, and a more organized place to read network data.
But the authentication method lacked the security Simply Business required. Once a device connected to the network after entering a valid set of credentials, they could check for the Meraki agent and confirm that it is an approved network device. Regardless of whether the user had a valid credential set, Simply Business wanted to confirm the device identity before they connected to the network.
Investigating a Stronger Solution
When searching for a new authentication solution, a network partner of Simply Business recommended they research certificate-based authentication. They quickly concluded that certificates could be the exact authentication solution they sought.
Certificates would allow each device to be easily identifiable because certificates are tied to the identity of the device and cannot be removed unless by the network admin. Managed devices equipped with certificates could be identified as approved devices before being granted secure access. They began searching for a PKI and RADIUS solution.
In their investigation, certain criteria emerged that must be fulfilled to meet Simply Business’ requirements. The certificate solution had to support their diverse array of managed devices. Their device environment was split between approximately 400 MacBook’s, 150 Windows laptops, and 200 Chromebooks. They had two separate device management consoles and wanted a solution that could combine them.
Additionally, a cloud-based solution would be ideal for the future growth of Simply Business. The advantages of a cloud network infrastructure have influenced countless organizations to make the switch, and among them is Simply Business. Their ideal network environment would be entirely cloud-based, but this is currently not possible. The Active Directory GPO setup is not cloud supported and has prevented them from moving entirely to the cloud.
Once we moved to certificates, we really didn’t have any issues. Implementation of SecureW2 was a thorough process, but we got to the point where if a machine was built it’d have a certificate, or the management tools will take care of it.
A Certificate-Based Decision
Simply Business evaluated a number of different options to implement a certificate solution. To start, they considered propping up their own PKI to have full control over the certificate solution. But further research deterred them as their complex device environment would make the process exceedingly difficult to set up and manage over time.
They contemplated setting up Windows NPS and a CA supported through Active Directory, but the diversity of their managed devices continued to be a hurdle. This setup would require a ton of additional resources and effort to integrate with Jamf and Chromebooks, so the suggestion was promptly set aside.
Our support guys don’t have to look at SecureW2 at all. It just works!
Lastly, they evaluated open source certificate options that they could customize to meet their network requirements. But this would require Simply Business to write their own extensions to accommodate their needs. The amount of manual work and maintenance over time discouraged this choice. So what solution did they land on?
While many of the options they evaluated boasted a Jamf or AD tailored solution, none but SecureW2 was able to offer a solution for all that included their Chromebooks. The top criteria was a vendor-neutral solution that could support their diverse managed devices, and SecureW2’s certificate solution is designed to integrate with any network environment.
SecureW2 met Simply Business’ other criteria beyond a solution for every device type. Their Cloud-based PKI and RADIUS server can be easily integrated and configured to deliver certificates within hours. Using SCEP and WSTEP API Gateways, they could deliver certificates to managed devices with no interaction from the end user. And those certificates are securely authenticated using EAP-TLS, the strongest authentication method available.
But the solution went beyond what Simply Business’ requirements and set them up for future growth opportunities. In particular, the prospect of a future Intune integration and SecureW2’s ability to seamlessly integrate that expansion was key. From Senior Infrastructure Engineer Kassim Benhaddad, “Knowing that integration would be there if/when we make that move, it was a good factor.”
Effective Implementation with SecureW2
SecureW2’s certificate solution was quickly implemented. Once the details of the setup were complete, Simply Business began transferring all users away from the old SSID and to the new network. A specific benefit they experienced immediately was the significant reduction in IT support ticket requests. When authenticating with credentials, it’s necessary to implement a password reset policy to help counteract some of the glaring weaknesses of passwords.
Unfortunately, when every user has to reset every network device, there are bound to be a number of connection errors. Simply Business experienced this regularly, and many of their support tickets were password-reset related. By replacing passwords with certificates, Simply Business has experienced a marked decrease in support ticket requests. While it’s been a bonus for users to not replace passwords or enter them to be authenticated, the largest benefit has been the time saved for IT.
As a technical- minded engineer, it was great to see that the documentation was there for me to set up everything by myself. Any hiccups from basic all the way to head scratchers I was able to get a quick and pleasant and quick response from Support
Evaluating Certificate Success
Overall, the deployment of certificates for managed device authentication has been a success for Simply Business. They have equipped every managed device on their network with a certificate. The process was executed smoothly, especially since no end user interaction was required to complete it.
Additionally, communications with SecureW2’s Support team during the setup process simplified everything. They were able to follow thorough documentation from Support, and any issue they encountered was addressed by the same support person each time.
As Simply Business continues to grow and move forward, they have begun evaluating other potential uses for certificates. With the increase in employees working from home, VPN authentication using certificates has become an attractive future project. A road they may consider taking would allow users to authenticate to VPN always in a large SSO-type solution.
As Simply Business continues to evolve and improve their network environment, SecureW2 will be there to support and provide dynamic certificate solutions for any future projects.