Aerohive's Blog

Search Now

BYOD: Policy Enforcement and User Centric Networks

Friday, September 14, 2012 by Stephen Philip

Given the bring your own device (BYOD) trend under way, today's users want to be able to work anywhere on any device, whether on a corporate device at HQ, on a company-issued iPad or their own iPads or iPhones; in headquarters, a regional branch, a micro-branch or home office. The fact is that today, work is a thing you do, not a place that you go.

The IT's department's challenge is to enable these BYOD users. Many IT departments are reluctant to do this, because of the operational challenges associated with the task, but ultimately business is going to demand that this productivity be given to users.

From an IT perspective, this means enabling the users without drowning in complexity or compromising on security. This cannot be achieved with a traditional network centric approach to policy enforcement, based on the switch port you were plugged into or the VLAN, subnet or SSID you were on. Today, policy needs to be applied based on the user identity, the device type, the location, the time of day, the service being used, and more, which is commonly known as user “context”. All of this information must be taken into account to harness the power of this new trend.

Coming to market later than the majority of our competitors, the Aerohive approach was designed with the eventuality of this BYOD requirement in mind and our solution has extensive policy enforcement capabilities.

These capabilities include the ability to assign VLANs/Networks, customized firewall policies, QoS settings, schedules, and tunnel permissions based on this notion of context. These settings are then statefully propagated and enforced across all Aerohive devices within the same “hive”, without the need for a separate controller or identity services server.

This information can even be passed between Aerohive access points and routers. Allowing the use case in the figure below where a firewall in an Aerohive router can have a policy rule for the role of “Teacher” but an access point across the hive is actually the device that is authenticating the user to that role, as they access the network. This greatly simplifies the rules that need to be written in the firewall while at same increasing the flexibility and sophistication of policy enforcement that the IT department is able to implement.

This is a perfect illustration of how Aerohive is allowing IT to enable user productivity and BYOD without drowning in complexity or compromising on security. It is also why we say we Simpli-fi Complex Enterprise Networking!

 



Comments for BYOD: Policy Enforcement and User Centric Networks

blog comments powered by Disqus

Find The HiveMind on Facebook! Follow The HiveMind on Twitter! Connect with The HiveMind on Linkedin Connect with The HiveMind on YouTube

Stephen Philip

Stephen Philip is the VP of Marketing at Aerohive Networks where he leads all of Aerohive's outbound marketing efforts, including Product Marketing, Marketing Programs, PR and Social Media.