All posts tagged wifi

BYOD – The Transparent Proxy Headache Solved

Comments Off on BYOD – The Transparent Proxy Headache Solved

Lots of people keep asking me what the transparent proxy forwarder in onBoarder is and how does it work. I thought I would write a post to try to explain what it is and how it can benefit a school or business with an upstream proxy.

Having been involved in deploying BYOD systems for some time now, the biggest frustration for us has been upstream proxy. The main problems we have encountered have been managing user device configuration and faults in guest and BYOD web redirection portals. There is a huge problem integrating a BYOD solution with an upstream proxy which leads the question of all “how do we transparent HTTPS traffic?”

There are four options to resolve the upstream proxy issue.

Option 1 – offering the users the upstream proxy details and asking them to configure their own devices.
Most of the schools have been unwilling and rightly so to hand out proxy details to students or guests. This compromises the network to some extent and allows users to manually change the proxy filter ports to less restricted ports.
Guests coming into school want to hop on and surf and proxy configuration can be complex on some devices and not supported on others.

Option 2 – System based configuration
Now here is a can of worms. Do I have a WPAD using DNS or DHCP or both and which devices work with WPAD and which dont. a WPAD solution can be flakey and only works for some devices although I believe it now works for IOS 7. A WPAD either need to reside on a different network or all devices on the wires and wireless will pick up the WPAD settings.
This solution can be then combined with either IOS profiles or manual WPAD entry on Ipads and iPhones.
But where does that leave our best network friend the android well back at manual proxy device configuration again.
Some wireless vendors offer an onboarding process which will help configure the settings on some devices. This includes an onboarding portal residing on an open network where the user registers and downloads a profile. This works for both Android and iPhone but windows users still need the good old WPAD file.

Option 3 – New Broadband
This is probably the best solution when it comes to BYOD. New broadband with either inhouse filtering with something like Lightspeed or with external filtering managed by the broadband provider.
This solution can be expensive and take a large chunk of the years budget, which when combined with the cost of delivering BYOD can cause the project to become to expensive especially if it involves a new managed wireless system, switching and cabling.
Some schools do not want to have the responsibility of owning the filtering and can be resistive towards changing their broadband provider which we have seen at quite a few sites.

Option 4 – onBoarder

Our quest for transparent proxy and a lot of late nights led us to implement a new module on our onBoarder system, the transparent proxy forwarder called such as we are techies and have no personality to name it. The transparent proxy forwarder (TP) is just that, it takes all packets destined for the internet and sends them to the upstream proxy on the required port. The user or device has no knowledge of an upstream proxy and no configuration on the device is required, no WPAD, no profile, no web redirect portals, no over complex solution with profile for this and WPAD for that and lets not forget android has to drink four cups of coffee then install three apps, with onBoarder just connect and surf.

The Guest TP solution

OnBoarder GTP100 has one dedicated network for the Guest devices. Users connect to the sites Guest wireless which is configured on a dedicated VLAN. The device receives DHCP and DNS settings from onBoarder with a gateway of onBoarder’s LAN gateway port. All traffic is sent to the upstream proxy via the WAN port on onBoarder.

onBoarder can be supplied with a Guest login portal if the existing wireless does not have Guest facilities or stand alone access points will be used.

The BYOD solution

onBoarder NSTP1000 has two networks for the BYOD/Guest devices, one for student forwarding and one for Guest/staff forwarding. when connecting to BYOD a single SSID can be used with dynamic VLAN’s. onBoarder’s radius server authenticates the user with username and password against the sites Active Directory and then applies the relevant VLAN to the authenticated user. The device receives DHCP and DNS settings from onBoarder with a gateway of onBoarder’s LAN gateway port. All traffic is sent to the staff or student upstream proxy port via the WAN port on the onBoarder.

onBoarder can be supplied with a Guest login portal if the existing wireless does not have Guest facilities or stand alone access points will be used.
onBoarder NSTP1000 dashboard can provide information on internet bandwidth, access point utilisation user logon details including IP address.

Both system can be configured to work with an in house filtering system and has been extensively tested with the Lightspeed filtering solution.

I hope this may be of use to anyone wanting to deploy a BYOD solution, and whether you have upstream proxy or would like a BYOD in a box solution our team have the experience to help deliver a working platform.
For more information about onBoarder and how it can help with the integration of your BYOD solution call 08453879384 and talk to one of our team.

Why all primary schools should have a wireless network.

Comments Off on Why all primary schools should have a wireless network.
“Wireless networking works well in all schools and can help deliver major educational benefits.” Now that may be a sweeping statement but i believe it is a powerful truth.
A carefully planned wireless network will allow more children to benefit from ICT learning. It also gives teachers the freedom to incorporate ICT into more subjects and the flexibility to use more areas of the school for a wider range of purposes. Which is no bad thing considering the pressure many primary schools are under as they are squeezed for space with another baby boom generation filtering into the education system.
With classroom space in short supply and pupil numbers increasing it is now being recognized that reliable wireless solutions are giving schools the power to start utilising those nooks, crannies and corridors which were previously dead space. Dedicated ICT suites filled with bulky PC’s and monitors are being converted back into classrooms. Schools now have the opportunity to replace outdated equipment with tablets and laptops which can be strategically deployed on trolleys where they are needed most, creating one to one learning opportunities that traditional methods of placing hardwired computers throughout a school do not provide.
kids using ipads ict suite
As a flexible resource mobile devices give better value for money than desktop computers. Schools using wireless networks report that when combined with their mobile devices which allow easy access to classes across the school, both the amount and the quality of ICT use surge ahead dramatically. These shared resources are giving more children better access to school networks and the internet on a daily basis.
Wireless networks are also making it possible for teachers to blend other technology within the classroom seamlessly into lessons too. For instance your interactive white board & projector, large format touch screen and audio equipment can often be connected to your favorite mobile devices and to the schools network wirelessly. And let’s not forget your mobile devices can also connect to each other as well.
This of course leaves the door wide open for you to explore new ways to engage with students and colleagues across multiple devices and platforms.
Current wireless technology coupled with up to date mobile devices in schools are giving 21st Century teachers and students a fantastic chance to explore new ways to present, share and collaborate with each other.

Why not give us a call if you would like to know more about the benefits of a managed wireless solution on  01787 221166 or contact us through facebook or Twitter.


Thank you! Your subscription has been confirmed. You'll hear from us soon.
While You're Here
Get our technology newsletter straight to your inbox, just fill in your details below