Motorola Solutions has unveiled a pair of quasi-cloud services that make it simpler for IT groups to set up secure connections for guest Wi-Fi users, including those with personally-owned devices, on corporate or retail wireless LANs.
Under the company's WiNG 5 Secure Access program, the two services automate registering devices and granting them digital certificates. Both can use social networking accounts, such as those on Facebook, Google and LinkedIn, as the basis for issuing visitors digital certificates for 802.1X authentication.
The services provide a way for visitors or employees with personal devices to access wireless LANs encrypted via Wi-Fi Protected Access (WPA) 2 Enterprise. Enterprise IT staff use a cloud-based console, and a secure account, to set up both services, and define configuration rules and policies.
Secure Access Wizard is configured by the network administrator and then deployed to a web server. Users can connect to an open Wi-Fi SSID with their personally-owned smartphone or tablet and open their browser to access the Wizard, which automatically sets up the device, and shifts the user to a secure Wi-Fi connection encrypted by WPA2-Enterprise. Users can set up the initial authentication through one of their social networking accounts.
Secure Access Wizard is intended to let end users quickly set up a secure connection to a guest access network that might be in a retail store, thus protecting their retail account information or transactions.
Secure Access Enrollment Server, delivered as a virtual machine for a VMware virtual server, is more complex: it has a built-in Web server and an integrated certificate authority. But once configured via the cloud account, it, too, offers an automated process that lets authorized employees access a WPA2-Enterprise corporate WLAN. Enrollment Server can use Microsoft Active Directory for authentication.
Once authorized, devices can be granted access for a set period of time or indefinitely. A range of additional policies can be applied including dynamic VLAN assignments, access control lists, and bandwidth assignments. It supports the following client operating systems: Windows XP SP2 and greater, Mac OS X 10.5 and greater, Ubuntu 9.04 and greater, Android 2.1 and greater, and iOS 2.0 and greater.
Both offerings are available now. For the Wizard, pricing starts at $10,00 for up to 250 devices. For Enrollment Server, pricing starts at about $15,000. To link with the external certificate authorities, an additional "integration module" is required, priced at $20,000.
John Cox covers wireless networking and mobile computing for Network World.