Hi Philippe,
Good question. We wouldn't have sought out Cloudpath if we weren't
struggling with TTLS and SecureW2 but now that we have it I wouldn't
want to give it up.
We had what we thought was good documentation for configuring 802.1x and
installing SecureW2 but that meant there was "too much stuff to read" so
folks just keep logging into the captive portal.
XpressConnect gives you a one-button launch for virtually all our
supported OS variants (it doesn't do WinCE/WinMobile). It also creates a
good demarc for the Help Desk to troubleshoot: "Have client click button
to configure 802.1x. If that fails open a trouble ticket". Easy.
It's very consistent. It's harder to mess things up with aggressive
button pushing during a manual configuration (we configured the SecureW2
installation to be in stealth mode. Amazing!). For trouble calls,
depending on who answers the phone at the Help Desk you'll get a
different set of configuration instructions. And NO ONE wants to clean
out our public SSID or move their new 1x profile to the top of their
list. Not doing these two little things can obviate configuration
attempts as the client would simply rediscover our public SSID and
associate on reboot.
As far as Apple MacOSX is concerned XpressConnect makes life much
easier. As you know MacOSX "smartly" tries to build an 802.1x profile
for you. The exact parameters are often the ones you would have selected
had you created it manually (too many things are "checked"). And people
don't remember whether THEY created that profile or if APPLE did it. "It
just worked..until it didn't".
Using XC means not having to maintain separate instructions for Windows
(w/ SecureW2), MacOSX Tiger, MacOSX Leopard, iPhone, etc. We also
maintained a separate downloadable iPhone profile that we can now
deprecate and use XpressConnect instead.
To answer your question I personally think it's well worth the money. It
speeds up 1x adoption and removes the variables involved with manual
user configuration and Help Desk advice.
Mike
********************************************************
Michael Dickson 413.545.9639
Network Analyst Univ. of Massachusetts Amherst
********************************************************
On 4/22/2010 12:42 PM, Philippe Hanset wrote:
Mike,
Would you use XpressConnect if your campus were EAP-PEAP compliant,
or would you publish instructions and skip the cost of XpressConnect?
In other words, is it so good and makes the life so easy (help desk
calls) that even with a EAP-PEAP
system you would spend the money
Philippe
Univ. of TN
On Apr 22, 2010, at 11:49 AM, Michael Dickson wrote:
We use Cloudpath for our EAP-TTLS 802.1x wireless network. We're very
pleased with how smoothly it works with virtually all Win and Mac OS
variants. It even works with iPhone/iPad and Ubuntu linux.
To handle TTLS in Windows we purchased a licensed copy SecureW2 and
pre-configured the parameters within Cloudpath. When you're ready to
deploy XpressConnect (Cloudpath's product name) you download a web-ready
tarball to upload to your server. There's even a standalone CD/USB
executable. If you're using SecureW2 (or any other third party helper
app such as XSupplicant) you separately upload that binary in the
/install directory.
XpressConnect auto-detects the OS. If it's a Windows variant it looks
for an existing installation of SecureW2. If it's there it'll create a
new profile based on your specs. If it's not there XC will install
SecureW2 and configure it appropriately.
In our configuration XpressConnect ignores third party supplicants even
if they are TTLS capable (e.g. Intel Pro Wireless). We configured XC to
permanently enable WZC in Windows so that Windows now manages the
wireless card, sort of leaving the third part supplicant and all its
profiles in the lurch. This is of course the only way SecureW2 will
work. I think XC can actually detect and remove third party supplicants
but we thought that seemed a little mean in an academic environment.
We configured XC to remove our public SSID after a successful migration
to our 802.1x network. It even pushes the new profile to t he top of the
list.
As for users who have active profiles on their third party supp we
suggest that they migrate these manually over to Windows. Otherwise
they'll be switching wireless managers back and forth when they leave
the campus. Not the most elegant solution but this is the price paid for
requiring TTLS on Windows.
Hope this helps.
Mike
********************************************************
Michael Dickson 413.545.9639
Network Analyst Univ. of Massachusetts Amherst
********************************************************
On 4/22/2010 11:13 AM, Reynolds, Walter wrote:
So for those using this how many need to use the TTLS supplicant
setup? For those that do how do you handle if a user is using a
built in supplicant that has profiles for other locations?
-- Walter Reynolds University of Michigan
On Apr 22, 2010, at 6:07 AM, "Gogan, James P"<go...@email.unc.edu>
wrote:
Like others, I'll throw in my $.02 here and indicate that not just
"something similar" but, in fact, XpressConnect from CloudPath has
INDEED been very beneficial here on our campus. With the
diversity of desktop configurations and systems that we have, the
seamless configuration of Windows PCs, Macs, Ubuntu systems,
iPhones/iPod Touches/iPads with a single common-interface tool
(and great support, by the way) for consistent deployment of
802.1X/WPA2-Enterprise cannot be beat.
Great product - classic example of "you get what you pay for".
-- Jim Gogan Univ of North Carolina at Chapel Hill
-----Original Message----- From: The EDUCAUSE Wireless Issues
Constituent Group Listserv
[mailto:wireless-...@listserv.educause.edu] On Behalf Of Jethro R
Binks Sent: Thursday, April 22, 2010 5:57 AM To:
WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU Subject: Re: [WIRELESS-LAN]
Alternatives to XpressConnect
On Fri, 16 Apr 2010, Kevin Ehlers wrote:
We're looking at deploying WPA/WPA2 and we think that something
similar to XpressConnect from CloudPath would be very
beneficial. However, in searching I have been unable to determine
if there are any vendors offering a similar service. Does anyone
know of a competitor to CloudPath in this area?
Our current options are 1) writing our own application + all of
the benefits and drawbacks that go with a homegrown solution,
and 2) a vendor supported tool to configure client's machines.
Any suggestions or alternatives are welcome.
To: The EDUCAUSE Wireless Issues Constituent Group Listserv
<WIRELESS-LAN@LISTSERV.EDUCAUSE.EDU> Date: Thu, 11 Mar 2010
08:49:58 +0000 (GMT) Subject: Re: [WIRELESS-LAN] Automating WPA
Setup
On Tue, 9 Mar 2010, Julian Y. Koh wrote:
At 10:38 AM -0600 3/9/10, Williams, Mr. Michael wrote:
We have tutorials available for our users, but our helpdesk
folks still have to spend a lot of time manually configuring
the wireless supplicant for some of our less tech savvy users.
Does anyone have a solution to this problem?
Here at NU, our Technology Support Services coded up a Windows
utility that we use for this purpose.
<http://www.it.northwestern.edu/oncampus/wireless/wireless-connections/>
Here's another tool that might be of interest:
http://sourceforge.net/projects/su1x/
Jethro.
. . . . . . . . . . . . . . . . . . . . . . .
. . Jethro R Binks Computing Officer, IT Services, University Of
Strathclyde, Glasgow, UK
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
********** Participation and subscription information for this
EDUCAUSE Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE
Constituent Group discussion list can be found at
http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent
Group discussion list can be found at http://www.educause.edu/groups/.
**********
Participation and subscription information for this EDUCAUSE Constituent Group
discussion list can be found at http://www.educause.edu/groups/.
