It’s All About “Anytime-Anywhere” Learning!
There’s no denying it – BYOD is here to stay! This trend leverages personally-owned mobile devices such as laptops, iPads, tablets, and smartphones to enhance student learning and meet one-to-one computing mandates within tightened budgets.
Today’s learning environment is well-connected and has high availability and on-demand needs. Web access is pervasive – anywhere there is a signal, students can be found accessing data from their phones and tablets. These mobile devices embody the blending of technologies (applications, tools, readers, etc.) that very easily lend themselves to education and enhanced learning.
The more information students can access, the more they can learn. Students are increasingly more “self-directed” and collaborative through their secure use of educational tools and digital content. Critical thinking and problem solving, creativity and innovation, communication and collaboration – all are skills required for students to be competitive, and all are skills enhanced by “Anytime, Anywhere” learning.
THE Journal Whitepaper
Implementing BYOD with a Managed Service
Many K-12 school districts are recognizing that implementing a BYOD policy is an effective approach to providing their students and faculty with the opportunity to enhance the education process by leveraging 21st century technology. However, it can represent a big cultural change for the learning environment as well as a challenge to IT professionals. Download this whitepaper to learn how Impulse Point’s Safe•Connect mobile device management solution enabled BYOD initiatives, real-time reporting and an enhanced end user experience for both faculty and staff at three K-12 school districts.
SafeConnect and Device Registration
Successfully identifying device types, identifying the user, and maintaining a positive user experience while roaming is a formidable challenge. Districts also are challenged with the task of correlating device and user identity over time across their networks for identity-based web content access and bandwidth management policies.
SafeConnect™ recognizes when unknown devices attempt to access your wired, wireless, or VPN networks and provides the following essential features and benefits:
- Agentless Device and Role Profiling provides visibility into user identities and device types, whether they are a managed (district-owned) or personally-owned (i.e., BYOD, guest), and when a device is connected to the network. Identifies PC, MAC, iOS, Android, Windows RT, RIM, Gaming, Media, AppleTV, etc. device types.
- End User Authentication prevents unauthorized users from accessing network resources and participates in 802.1X/RADIUS and AD Domain Single Sign-On (SSO)
- Self-Provisioning Guest User Self-Enrollment automates the process of providing Internet-only network access for a specific period of time
- Device Enrollment allows end users to self-enroll non-browser devices such as printers, e-readers, or gaming systems by identity
- Contextual Intelligence Publishing provides real-time identity-to-device association and standards-based integration with third-party policy management systems
- Commercially available replacement for “home-grown” network registration systems includes hardware/software maintenance
- Real-time Reporting Dashboard for data archiving and historical reporting
- Managed Support Services Delivers updates for device type fingerprinting within 48 hours of their official release date
To learn more about how Impulse Point can help you implement a BYOD program, please click here.
Smartphones, iPads, and tablets – the mobile devices being used by students today function wirelessly. Hard-wired connections are great for library and lab environments, but as more students bring their mobile devices onto campus the need for wireless access will continue to increase.
Visibility and Assessment
With all these mobile devices connecting at different schools and administrative locations, your District will need to know exactly who is on the network and what kind of device they are using. Are the people accessing the network authorized to do so? Are they accessing only areas of the network that you want them to? What kind of programs are they running? Do they have current virus and spyware protection? Is there something on the mobile device that could take down your network?
Managing from a central location is the best use of manpower and consistent control of access to applications and student and administrative portals. Managing and controlling access to your district network is the most important aspect of implementing a policy on personally-owned devices and protecting students while enhancing their learning capabilities at the same time. All this access presents the hazard of introducing malware to the network or contact with unwanted visitors.
SafeConnect helps ensure that only authorized guests can access your network. The solution also automates the District’s endpoint security compliance policies by continuously identifying, assessing, enforcing, and remediating computing devices before and after they gain access to the network.
The solution provides the District much needed visibility into user identities and device types, whether they are managed or unmanaged (i.e., personally-owned).
Students, faculty and guests are self-guided through enrollment, and if necessary, remediation instructions to conform to district security policies. They receive individualized notifications regarding the necessity for compliance (e.g. out of date AV protection) and are guided through the process with instructions on how the appropriate software or up-do-date virus definition can be downloaded.
Selecting a BYOD Solution – What Should You Expect?
We know education; SafeConnect was originally designed for use on college campuses – and since the beginning, the product has been upgraded and enhanced with direct feedback from its users. District networks resemble those of higher education more every day. We can help you provide the balance of access and security that’s right for you.
Real Time Solution
SafeConnect checks a user’s system prior to granting network access as well as on a continuous basis in real time. This provides two significant benefits; users who become non-compliant are isolated immediately. This is inherently more secure because users are not allowed to remain on the network for extended periods. In addition, the user experience is superior because only those users out-of-compliance with security policies are impacted.
Network Access for All
SafeConnect was designed to enable safe network access to authorized users regardless of the connection. It is common for users to introduce small multi-port hubs on the network as a way to increase connections. These hubs provide convenience but at the same time allow malicious users to operate undetected. SafeConnect solves the potential security issue associated with hubs while maintaining the benefit of increased access by detecting the presence of a Network Access Translation (NAT) device and requiring it to be placed in bridge mode. This allows the system to identify, authenticate and assess the security of the devices connected to a hub.
No Changes to LAN/WAN Required
SafeConnect is network switch hardware and software vendor independent and integrates into the existing network architecture. No switch manipulation. No rip-and-replace. No changes or continuous manipulation of Layer2 network switch devices, wireless access points, or VPN concentrators are required.
Directory Services Integration
SafeConnect utilizes directory services infrastructure (i.e. LDAP, MS Active Directory, RADIUS) to authenticate end user devices. The system can also apply identity- or role-based policies and enforcement rules based on how a user is defined within the directory system (student, employee, guest, vendor, etc.) Users who cannot be authenticated can be quarantined or blocked from accessing the network. SafeConnect also features a Single Sign-On (SSO) authentication capability that could allow existing AD managed users to maintain their existing login process user experience.
Centrally Managed Solution
SafeConnect’s Enterprise Policy Manager offers a centralized policy management interface that will enable an authorized policy administrator the ability to build and edit policies that can be deployed immediately. SafeConnect is designed to be intuitive and easy to use and the Policy Manager can be accessed from multiple locations. It also allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel.
Ease of Implementation
SafeConnect is designed for remote customer setup and implementation. By leveraging our managed services capability, we can routinely install a system in less than an hour. The solution can be deployed in a phased-in approach (by IP address/range, subnet, VLAN) across wired, wireless, and VPN infrastructures as required for a non-disruptive transition.
24/7 Proactive Maintenance and Support Services
The SafeConnect system is supported by the industry’s most comprehensive implementation and support services agreement. Impulse provides continuous (24/7) proactive monitoring and support that includes hardware and software problem determination and resolution support, as well as upgrade protection to future software functional releases. Daily policy configuration remote backups are included which enables us to restore and deliver a replacement system within 24 hours.
Ease of Management
SafeConnect offers a real-time Web-based dashboard interface that will enable an authorized policy administrator or help desk personnel the ability to view quarantine devices for the entire enterprise or by user group. Your policy administrator (or help desk personnel) can also locate a quarantined device based on IP address, MAC address, or user name. The Policy Manager can be accessed from multiple locations and allows you to assign application and read/write level administrative privileges to policy administrators and help desk personnel based on their authentication credentials.