Network administrators who run guest Wi-Fi networks often compromise ease of use for security, frustrating users with an awkward login process. Who hasn't felt like they were asking for the nuclear launch codes when the hotel clerk or café barista surreptitiously pushes a folded slip of paper with the Wi-Fi password across the counter?
In office buildings where guest Wi-Fi is infrequently used and ancillary to the corporate wireless LAN, the cost of streamlining the guest authentication process may outweigh the benefits. But in locations with customer-facing operations -- retail, food service, healthcare, hospitality and even education -- simplifying guest Wi-Fi authentication not only makes life easier for networking pros, but it can also be part of a larger strategic move that scores points with the C-suite.
Here's one alternative: Authenticate guests via their Facebook accounts. The social networking giant launched such a program last year, dubbed Facebook Wi-Fi, and Cisco recently announced a partnership that would bring Facebook into its developer ecosystem for Cisco's Mobility Services Engine (MSE) appliance and offer more capabilities that combine the two services. The new joint offering -- Cisco Connected Mobile Experiences (CMX) for Facebook Wi-Fi -- will allow wireless LAN operators to push custom offers based on a user's Facebook identity, interests and exact indoor location -- the latter of which is pinpointed via the WLAN.
Joe Rogers, associate director of network engineering at the University of South Florida, who manages a large guest Wi-Fi network, is testing the MSE and integrated Facebook authentication service in a limited pilot on a temporary service set identifier. The university currently requires guests to authenticate using a password sent via text message to their cell phones -- a policy that hasn't been particularly popular with international guests who aren't eager to rack up roaming charges.
"I think the Facebook integration is easier … but we have to have some kind of audit trail, so it's up to [our legal department] to decide if it's appropriate," Rogers said. "We haven't committed to it … but it's an interesting opportunity."
The analytics and push-advertising capabilities will initially appeal mostly to IT organizations in retail, hospitality, public services and large events venues, said Rohit Mehra, vice president of network infrastructure research at IDC. But eventually, Facebook authentication could be of interest to any network administrator who wants to move away from anonymous access to guest Wi-Fi networks, he added.
"You're making it easy to onboard the user and the user has some credentials to go in with, so you still maintain control over the identity of the person," Mehra said. "If every user on your wireless network were anonymous, that would hard if later on some [malicious] event happened … and you needed to track down the user [involved]. Hence the value of trying to capture the identity of that person [via Facebook]."
Where Cisco MSE and Facebook authentication intersect
Facebook Wi-Fi enables a business to offer free wireless to customers that "check in" to those businesses via Facebook. The service combines Facebook's software with access points the social networking company sells via an OEM agreement with Cisco-owned Meraki. A six-month pilot in the San Francisco Bay Area that started with 25 merchants has grown to 1,000-plus businesses across 50 countries, said Erick Tseng, product manager for Facebook Wi-Fi. The service integrates with another Facebook product, Insights, which offers aggregated analytics data about participating customers.
Cisco has identified Facebook as one of many new ecosystem partners that are tapping into an expansion of the application programming interface (API) offered on the MSE, a network services platform that's part of Cisco's Connected Mobile Experiences portfolio. The MSE's Mobility Services API now supports REST-, RESTful- and SOAP-based development -- enabling developers such as Facebook to write applications that take advantage of the appliance's existing ability to determine a device's location in an indoor environment based on its proximity to wireless access points (APs). Cisco is also developing a software-development toolkit to make it easier for developers to build more mobile applications, said Prashanth Shenoy, director of mobility and Unified Access marketing at Cisco.
More on implementing and securing guest Wi-Fi
Get expert advice on securing wireless guest networks
Read one blogger's take on why guest Wi-Fi is critical for many enterprises
Wireless LAN authorization: A complete guide
Cisco CMX for Facebook Wi-Fi will also be a foundation on which to build other customized and location-based services that are not possible with conventional GPS and network-based identifiers. MGM Resorts in Las Vegas is already using the technology to offer an indoor mapping service that enables guests to use their mobile devices to pinpoint their location in a hotel and outline the path to a particular casino or restaurant within the resorts, according to Cisco.
As part of the launch, Cisco is also releasing a software update for the MSE that includes an advanced analytics platform and a marketing tool targeted at non-IT users, courtesy of its ThinkSmart Technologies acquisition last year. Enterprises will be able to use the WLAN to push custom banner offers -- based on their identity, activity, specific location and known interests -- if they choose to authenticate via Facebook.
"When the user wants to get on the free guest Wi-Fi, the Cisco infrastructure redirects that user to log in via Facebook. And once the user has logged in via Facebook and checked in, we will now redirect the user to a Facebook splash page built by the enterprise," Shenoy said.
"You can see how powerful the information becomes because if you realize that the customer came to Best Buy and is going onto Amazon.com [via the guest Wi-Fi] to do a price check, you can immediately send an offer saying, 'If you take this to a sales guy on your mobile device, we will do a price match on what Amazon is offering for the HDTV you were looking at for the last 15 minutes,'" Shenoy added.
Unsurprisingly, CMX for Facebook Wi-Fi requires an all-Cisco network infrastructure environment. It runs on a software connector on Cisco's ISR G2 or ASR 1000 routers with UCS E-Series blades. Other necessary infrastructure includes Cisco's second-generation APs (Aironet 1600, 2600, 3600 or the recently announced 3700 series) and WLAN controllers (5508s or 5760s), in addition to the MSE with its version-7.6 software release, according to Shenoy.