1. In the past, we had a homegrown system for creation of guest passes based
around a web app that tweaked iptables rules. These days we use
Juniper/Trapeze SmartPass, which gives us flexible delegation rights to non-IT
staff to create guest access, and integrates nicely with our wireless controllers.
Long term, though, since Juniper appears to be in the early stages of phasing
out SmartPass, we're investigating replacing it with CloudPath, which we
already have deployed for user on-boarding.
2. We are completely sponsor based, no pure self provisioning. Our concerns
are:
- At least a minimal degree of accountability (we can always track down the
staff member who made the account, while the same can't be said for anonymous
guests drifting through campus).
- Ensuring that guest wifi isn't used as a means of bypassing other
policies, such as AUP suspensions of systems or HR policies. (We've actually
had some staff come to us and ask for 3 month long access for pseudo-employees
getting paid through means other than payroll. We said no, and referred them
to the appropriate departments.)
- Keeping guest users sandboxed somewhere that we can apply controls above
and beyond those on our normal user population.
To also echo what Lee said, we're staying away from the whole social media,
which for our use case smells like a solution in search of a problem. Given
the ease with which anyone can create an identity, it's effectively equivalent
to anonymous access, but with more work for us to maintain.
3. Depends on how you want to slice it. There are four of us in networking,
but we have about 30 non-IT staff across campus who can also manage guest wifi
access, plus that number is planned to roughly double in the next few months.
As for users, we have about 6000 students. And for guest users - well, if
we had a good way to count them then they'd be staff and wouldn't count as
guests anymore ;-)
Frank Sweetser fs at wpi.edu | For every problem, there is a solution that
Manager of Network Operations | is simple, elegant, and wrong.
Worcester Polytechnic Institute | - HL Mencken
On 03/03/2014 12:30 PM, Eric Wohlford wrote:
Hello All,
First let me apologize if similar postings have been made I could not find any
with these questions in the archives.
We have been asked to look into Self-Provisioning of Guest Accounts, and we
are not all that sure where to start. Most of the solutions I have seen are
tied to the Wireless Vendors.
Currently we are using Ruckus Wireless and it’s built in Guest Access for this
which is a sponsor based system. It’s actually a very simple system.
Our Questions:
1.If you use a self-provision system whom is your vendor, or is it homegrown?
2.What are your Security Concerns, and are you a Sponsor Based system or a
Self-Provisioning system?
3.What is your staff to user ratio?
Thank you,
My Pleasure to Serve,
Eric R. Wohlford, MBA
MCDST, MCP, A+, Network+
_______________________________
Manager of Network Services
*Bluefield College***
3000 College Drive
Bluefield, VA
*Office –*276.326.4278
*Fax – *276.326.4288
www.bluefield.edu
Description: Description: bluefield_rgb_horizontal_small
********** Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
