Andrew vonNagy and Marcus Burton |
Devin Akin, Carlos Gomez, Paul Congdon |
Carlos Gomez, Paul Gongdon, GT Hill |
Carlos Gomez
Product Manager for Network Services
Aruba networks
To recap the presentation by Carlos Gomez, in his opinion the education vertical has been doing BYOD for years. They have always had lots of devices to manage, diverse device set. Think college students and the types of wireless devices they bring to a campus scenario. End users demand simplicity and don't care how the connection is secured. Using a security method that involves certificates becomes problematic when you're revoking certificates on a per device basis. You can have issues because the certificate is often tied to a single user account. Device authentication/association can be done via an over the air profile delivery, based on the Apple style of device/user authentication without a client/agent on the device. (unique, per device credential, one for each type of device - can generate a unique per-device configuration file).
The challenges with Mobile Device Management (MDM) is that there are multiple devices, multiple operating systems, new/old software versions and remote wipe enforcement is difficult to carry out as a result. There are multiple points where the connectivity policy can be enforced, indoor, outdoor etc.
Implementing BYOD is not just putting different users in different vlans, doing packet inspection and firewalling at the edge. BYOD is an evolution of Guest Access & the wireless vendors have led the push for security & role based access to WLANs. (802.1x example)
The BYOD portion of WLAN should still be seperate from the controller for a security perspective. The thought behind keeping them physically separate is for security reasons, but it does add another level of complexity to the association/authentication process.
-------------------------------------------
Paul Congdon
Fellow
HP Research Labs
HP describes the holy grail of wireless connectivity as a single computing device always connected... They see cloud services as what supports all the diverse mobility devices.
The problem is with how to identify the traffic coming from the device towards work or personal, and direct the traffic to the correct network destination. Using Wi-Fi from cell operators is easier via HotSpot 2.0 and it may be possible to bring hotspot 2.0 into the enterprise, and outsource the enterprise WLAN to the cell providers.
High speed wireless moving us closer to an all wireless edge where we can achieve a mobile personal grid in lieu of the holy grail. The idea is to create a digital avatar to know about your mobile devices and connect them to one another in order to create sharing among your mobile devices without the need for you to configure the interconnectivity. The idea is that a persistent digital presence that preserves your privacy, but you need basic network connectivity to create useful and effortless connectivity.
-----------------------------------------
GT Hill
Technical Marketing Director
Ruckus
In the BYOD scenario, the problem is the device. Can you support 2-3 devices per person per room? Readying the physical RF layer to support BYOD is the first step in the process. Per GT, offloading cellular data to wifi networks is the answer. Predicts 80% of the population will use wifi as the first access, not cellular. There's not enough spectrum to serve everyone.
-----------------------------------------
Devin Akin
Chief Wi-Fi Architect
AeroHive
Aerohive has moved routers into the access point at the remote edge. They use one OS on the ap and the router, and the same OS is running in the cloud at VPN gateway. AeroHive uses standard protocols, and per Devin, "Protocols are what's going to take over." His take is that the future of wifi lives in protocols & the architecture must become internet-like.
The biggest thing of today's BYOD discussion that struck me was the concept of a Personal Connectivity Assistant (PCA), and creating a persistent digital presence to preserve your privacy. I'm not comfortable with the idea of letting someone or something in the "cloud" have access to all my digital information, location data, email, internet history, phone call history and that this PCA could have read/write access to all the devices I've allowed the PCA to manage. I selectively allow location data to applications on the iPhone that require location data to be enabled in order for the application to function. I deny all other apps to this data of mine. I would be more likely to accept a PCA that allowed me to manage and host this virtual assistant on a computer system that I managed and controlled. I can only hope that the PCA scenario is a blue sky "what if" system and that it will be a long time before this idea becomes a reality.