Cloudpath Enrollment System is a cloud service (also available as on-premises software) that delivers secure network access for BYOD, guest users and IT-owned devices. The engineering team for this product is constantly working to incorporate new functionality that will increase the value it provides for customers.
The latest release, version 5.8, became available in late February—so now’s a great time to highlight some of the new developments. Some of these new features will have a special interest for customers in specific industries, and some will have more general appeal. This blog entry examines the highest-impact new features included in the latest release.
Tenant portal for multi-dwelling units (MDUs) simplifies Wi-Fi access
Cloudpath® now features an end-user portal for residents in multi-dwelling unit (MDU) environments. Residences are seeing a wider variety and number of devices than ever before, especially since the advent of IoT. The new portal lets residents self-serve to get their devices securely connected to the MDU network. Users can access the network using a dynamic pre-shared key that is common across their devices—but unique to each resident. This RUCKUS®-patented technology provides significant benefits in terms of user experience and security relative to conventional pre-shared keys, in which all users share a common key. The portal lets residents see and manage connectivity for all their devices. It gives them total control over which devices gain access.
Secure guest access and private VLANs
The fact that one set of credentials per unit can be used for all their devices makes like simpler for residents. They can also use the portal to provide secure guest access for visitors to the home network, who would get their own separate set of credentials. Cloudpath also lets administrators set up the MDU network so each resident gets their own private VLAN—just as if they had their own personal network (private VLANs are not a new feature in Cloudpath, but they bear mention in the context of MDUs). Residents can also roam seamlessly around the entire MDU environment without losing connectivity.
Chromebook automatic certificate enrollment—get lots of Chromebooks connected fast
Cloudpath has incorporated important enhancements that make it easier than ever before to onboard Chromebooks—secure onboarding being the mechanism by which a device gains access to the network for the first time. This will be of special interest to customers in primary education, where Chromebooks are especially popular. Chromebook auto certificate enrollment lets administrators onboard large numbers of Chromebooks with a single click from the Google management console. The system automatically installs a certificate on each device to serve as the basis for network authentication, which ensures that every connection is secure. Admins don’t have to manually install the certificate on each device, so this will yield significant time savings, and users (such as students in a primary education setting) no longer need to go through an onboarding workflow. IT becomes much more efficient because they can onboard numerous Chromebooks at once without having to touch every device individually.
Support for the TACACS+ protocol for authentication, authorization and accounting
TACACS+ is one of those technologies that illustrates why humans invented acronyms, because it stands for “Terminal Access Controller Access-Control System Plus.” It’s a protocol for authentication, authorization and accounting that is supported on both the RUCKUS SmartZone control and management architecture and ICX® switches. It is a powerful management tool that makes life easier for IT administrators. Cloudpath now also supports this protocol, meaning administrators can use it to grant privileges for other admins to manage these devices. The network admin can designate other admins to make changes in the configuration setting of these network devices.
Enhanced policy capabilities for secure network access give IT more granular control
The Cloudpath RADIUS policy engine now provides for dynamic authorization. This allows network access policy controls that are more granular, in response to changing conditions after a user has connected. After a user has onboarded using a workflow, the system enables the network to enforce policies on conditions such as time of day and location. One use case for this might be permitting students in primary education access to streaming video sites only at certain times of the day, or in a certain area of campus. This capability extends to devices authenticated by EAP-TLS, PEAP and RUCKUS-patented dynamic pre-shared keys (DPSKs).
Cloudpath 5.8 summary
As it does with other cloud services, CommScope continues to build on an already very strong feature set in Cloudpath Enrollment System. This blog has covered the highest-impact enhancements in Cloudpath 5.8. Check the release notes for a more in-depth description of what’s included in this release. Stay tuned for more exciting developments on this product later in 2021.