Ryan, I'd be interested in getting a copy of your powerpoint as well, if that is OK.
Thanks! Jess Walczak Senior Network Analyst Information Technology Services jwwalc...@stthomas.edu University of St. Thomas | stthomas.edu On Fri, Sep 23, 2016 at 12:48 PM, Turner, Ryan H <rhtur...@email.unc.edu> wrote: > Ying, > > My contact information is below. I have a powerpoint from a presentation > I made over our experiences. It isn't something I am going to publish to > the list, but I will send it to people that email me directly. Happy to > help you on this journey. There are a lot of pitfalls. > > > Ryan Turner > Manager of Network Operations > ITS Communication Technologies > The University of North Carolina at Chapel Hill > > r...@unc.edu > +1 919 445 0113 Office > +1 919 274 7926 Mobile > > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Ying Zhang > Sent: Friday, September 23, 2016 1:09 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > This is very good information. We are currently in the process of RFP for > a NAC solution. Anything we should watch out for with regards to the > onboarding platform? Any information you could share would be very much > appreciated. > > Thanks. > > Ying > Enterprise Network Architect > Information Technology Services > University of New Brunswick > Fredericton, NB, E3B 5A3 > Phone: (506) 447-3014 > Cell: (506) 449-0661 > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Turner, Ryan H > Sent: Friday, September 23, 2016 1:22 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > There is more to it than just the onboarding platform. Regardless of what > onboarding platform you use, the actual onboarding SSID and associated > captive portal is extremely important at reducing helpdesk calls. We've > gone through several iterations over a few years and think we finally got > it right. > > Ryan > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. > Sent: Thursday, September 22, 2016 12:49 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > This is great information, I have been worried that this will create a ton > of support calls. The key seems to make sure the onboarding system is a > good one, we are also a cloudpath shop, but are hoping to get to clearpass. > > -Pino > > Peppino Muraca > Sr. Network Administrator > Stonehill College > 508-565-1193 > pmur...@stonehill.edu > (OO=[][]=OO) > > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen > Sent: Wednesday, September 21, 2016 1:13 PM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > The Android experience is still good in my opinion, just weaker than iOS > when you incorporate the Play Store. (I think ISE links to the Play Store > too). Luckily, Cloudpath has the option of directly downloading the certs > instead of requiring the app from the Play Store. Of course, a profile > based option (What Google does with ChromeOS) negates the need for any link > to the Play Store. > > -Curtis > > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Turner, Ryan H < > rhtur...@email.unc.edu> > Sent: Wednesday, September 21, 2016 10:03 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > Android is definitely 'the' problem. In our stats, you can see that they > are only 10% of the clients we onboard, but are closer to 90% of the > trouble tickets. We were a Cloudpath customer and made the switch to > SecureW2 (the android experience was a big reason). > > Ryan > > -----Original Message----- > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Curtis K. Larsen > Sent: Wednesday, September 21, 2016 11:55 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > We've been offering EAP-TLS for about 2 years. It's been the only > supported option for BYOD for just over a year. Personally, I think the > user experience is pretty good across all devices (Android is weaker but > still not bad). I've heard rumblings that Android might be changing to a > profile method more similar to ChromeOS ...so that would probably improve > things. Our stats are eerily similar to Ryan's but we use the Cloudpath > Enrollment System, and we have not disabled PEAP yet. > > Thanks, > > -- > Curtis K. Larsen > Senior Network Engineer > University of Utah IT/CIS > > > ________________________________________ > From: The EDUCAUSE Wireless Issues Constituent Group Listserv < > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> on behalf of Turner, Ryan H < > rhtur...@email.unc.edu> > Sent: Wednesday, September 21, 2016 7:53 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: Re: [WIRELESS-LAN] 802.1x certificate authentication > > We are a very experienced shop with TLS. We've been using certificates > for 4 years. We now use the SecureW2 onboarding platform to perform the > operation, and we have been VERY happy with the results. Attached below is > our statistics for onboarding from the Fall of 2015 to today. I would be > happy to help you out. My contact information is below. In short, we've > onboarded over 160,000 devices in the last two years (over 300k in 4). > > [cid:image001.jpg@01D213EE.09553910] > > > Ryan Turner > Manager of Network Operations > ITS Communication Technologies > The University of North Carolina at Chapel Hill > > r...@unc.edu<mailto:r...@unc.edu> > +1 919 445 0113 Office > +1 919 274 7926 Mobile > > > > From: The EDUCAUSE Wireless Issues Constituent Group Listserv [mailto: > WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU] On Behalf Of Muraca, Peppino P. > Sent: Wednesday, September 21, 2016 8:39 AM > To: WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU > Subject: [WIRELESS-LAN] 802.1x certificate authentication > > Hello all, I was wondering who or if anyone is using 802.1x cert auth for > all wireless devices, and if you are, what is the experience with student > devices ? > > We are currently 802.1x username password , and have been thinking about > the going the cer route. I feel the cert auth is still a painful experience > for DYOD devices. > > Thank you > Pino > > Peppino Muraca > Sr. Network Administrator > Stonehill College > 508-565-1193 > pmur...@stonehill.edu<mailto:pmur...@stonehill.edu> > (OO=[][]=OO) > > > > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu% > 2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu% > 7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd09 > 5666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4% > 3D&reserved=0<https://na01.safelinks.protection.outlook. > com/?url=http%3A%2F%2Fwww.educause.edu%2Fgroups%2F&data= > 01%7C01%7Crhturner%40email.unc.edu%7Cab5faee7f3934ca14b2d08d3e21c6186% > 7C58b3d54f16c942d3af081fcabd095666%7C1&sdata=5%2B61MsU% > 2BNA0aTmcOTTqOmxfw9AJPKl51ZAuLVNkcLA8%3D&reserved=0>. > ********** Participation and subscription information for this EDUCAUSE > Constituent Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu% > 2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu% > 7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd09 > 5666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4% > 3D&reserved=0. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu% > 2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu% > 7C0342ed2d3b6649f18ec208d3e237d0b2%7C58b3d54f16c942d3af081fcabd09 > 5666%7C1&sdata=ysMJchqMYCtLKm9TdNY%2BN6OVzQL6kOBQXDBCdUMYW%2B4% > 3D&reserved=0. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu% > 2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu% > 7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd09 > 5666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu% > 2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu% > 7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd09 > 5666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3a%2f%2fwww.educause.edu% > 2fgroups%2f&data=01%7c01%7crhturner%40email.unc.edu% > 7c9cc01b5d110b431639e808d3e3086e09%7c58b3d54f16c942d3af081fcabd09 > 5666%7c1&sdata=D%2bVGJVDtokgC5szbPxHGidkRg%2bhcbFQaKIa8QP9Lb%2fw%3d. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu% > 2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu% > 7Cecba98d0c71645d3e63408d3e3d6329c%7C58b3d54f16c942d3af081fcabd09 > 5666%7C1&sdata=CaPJ5olEwTgBuAuun%2BMq2IOnLsx9f8mLbpA%2BRf1qZvo% > 3D&reserved=0. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at https://na01.safelinks. > protection.outlook.com/?url=http%3A%2F%2Fwww.educause.edu% > 2Fgroups%2F&data=01%7C01%7Crhturner%40email.unc.edu% > 7Cecba98d0c71645d3e63408d3e3d6329c%7C58b3d54f16c942d3af081fcabd09 > 5666%7C1&sdata=CaPJ5olEwTgBuAuun%2BMq2IOnLsx9f8mLbpA%2BRf1qZvo% > 3D&reserved=0. > > ********** > Participation and subscription information for this EDUCAUSE Constituent > Group discussion list can be found at http://www.educause.edu/groups/. > ********** Participation and subscription information for this EDUCAUSE Constituent Group discussion list can be found at http://www.educause.edu/groups/.