The evolved wireless LAN has become convoluted with new users, devices and applications -- all demanding network...
That's one reason why network administrators are turning to network access control (NAC) and mobile device and application management tools as they struggle to keep up with new user onboarding, as well as applications and devices. With so many moving parts to bring-your-own-device (BYOD) management, IT needs a more integrated approach.
To that end, Aruba Networks introduced Aruba Workspace -- a component of its ClearPass Access Management System portfolio -- that rolls NAC, mobile device management (MDM) and mobile application management (MAM) systems into one wireless network management offering for the enterprise.
BYOD management: Integrating NAC, MDM and MAM
Users want to use their own devices and applications, but integrating disparate BYOD management tools has been a burden for IT.
Aruba's Workspace will help network administrators pull together NAC, MDM and MAM into one platform for BYOD management, said Robert Fenstermacher, Aruba's director of product and solutions marketing.
Workspace, which will be commercially available this summer, builds on ClearPass -- the vendor's original NAC offering. "We started to add some device control and onboarding, and now we are extending ClearPass to include MDM and MAM to really extend policies to control application and device usage," Fenstermacher said.
"Combining these three functions in one system buys [IT] more than just single pain of glass management," he said. "[Workspace] enables IT to write policies across those functions."
An integrated network policy and BYOD management tool will not only grant IT deeper control of the wireless LAN, but will arm administrators with capabilities they haven't had before -- like assigning higher network priority to work applications and locking sensitive applications if the device moves out of a specified location.
The Workspace announcement includes an upgraded ClearPass Policy Manager 6.2 release, offering a deeper integration of application, device and network policies for IT, as well as an Aruba Workspace mobile app for users. "The companion mobile app sits on the employee's device and provides a self-service portal for device and application visibility and control into their own BYOD experience, Fenstermacher said.
Workspace's application control is also engineered to allow IT to differentiate between corporate and personal user data and applications on a device, permitting full control and encryption over corporate information while protecting employee privacy, Fenstermacher said.
Aruba ClearPass customer and Workspace beta tester, the Regional Medical Center (MED) in Memphis, Tenn., used the platform to get capabilities that extended past restricting access and remote device wiping, said Cameron Parker, The MED's manager of technical services.
Parker's department supports an organization of between 2,500 and 3,000 users, including physicians, nurses and administrators. "Every day, users are coming in with a new device that they want to connect to our wireless to access applications, and we wanted to deliver those capabilities in a much more effective way," he said.
More on BYOD management
BYOD management: Using a device catalog to control users
VDI: A solution for secure BYOD?
BYOD security, management at Penn Medicine
Workspace, Parker said, gives MED much greater flexibility in how it manages mobile devices, including the ability to wipe users' devices of corporate information without touching personal data and restricting applications based on time or location.
"If an employee is slated to work from 8 AM to 5 PM, we can allocate application allowance to only when they are supposed to be at work," Parker said.
The ability to extend flexible device and application management policies across user devices is especially helpful in meeting t Health Insurance Portability and Accountably Act compliance regulations, he said. "If a device leaves our organization or is stolen, that can be a huge violation. We have the ability to only delete patient or sensitive information, so if the device is recovered, the user hasn't lost all of their data."
Wireless network management: Enterprises want a complete toolset
While there are many vendors that offer MDM and MAM, they can't directly control the wireless infrastructure. Aruba may be the only vendor currently incorporating NAC, MDM and MAM into one wireless network management offering, said Paul DeBeasi, research vice president for Stamford, Conn.-based Gartner Inc.
"These functions used to be completely separate vendors who didn't control the hardware," DeBeasi said. "Aruba's management application can not only talk to the Aruba software on a [device] to control the application and device, but because [Aruba] is a wireless vendor, they can control the network, too."
Enterprises are asking for simplified BYOD management, he said. Up until now, there has not been one product that offers a complete, integrated solution.
"IT administrators have had to act like integrators -- buying mobile management tools, managing network access and synchronizing services," DeBeasi said. "Vendors are trying to simplify the process of managing BYOD through integration."
The broader trend toward more tightly integrated BYOD management offerings will continue to grow as vendors look to acquire and consolidate wireless network management for the enterprise, DeBeasi said.
"I think more of these mobile, application and wireless infrastructure management tools -- all of the various pieces that IT needs -- will be consolidated over the next two to three years," he said.