Access Manager

Network Services > Access Manager

Solving the guest access, device onboarding, and security challenges of BYOD


The Xirrus Access Manager (XAM) controls network access for BYOD users and devices. Centrally managed, with customizable Captive Portal capabilities, the XAM solution offers secure and easy guest registration services and onboarding of mobile devices, whether personal or IT-issued. Different guest registration options are supported, such as hosted, self, or sponsored. Temporary accounts can be created based on length of allowed access. Devices owned by credentialed users can be easily onboarded with 802.1x auto client configuration and dissolvable agents.


Captive Portal - Allow known users and guests to be presented with a web browser welcome screen before gaining access to the wireless network. Prompt for a username/password tied to an authentication scheme. Additional features include:

  • Web page intercept with splash page
  • Configurable graphics, text, layout
  • Customization per SSID, per Array, per group of Arrays
  • Mobile browser aware captive portal pages

 

Onboarding – features the ability to safely bring devices onto the network for authorized users with full security. Security protocols supported include: WPA2 + PSK, WPA2 + 802.1x (PEAP, TTLS, TLS)


Configuration and Policy Management - XAM supports many features related to providing guests and existing users with access to network resources.

  • Simple setup wizard used for configuring guest, and onboarding policies for users
  • Centralized guest account management and captive portal management
  • Self-registration with login credentials sent via email or SMS
  • Easy-to-use faculty/sponsor/receptionist interface to create user accounts
  • Time and day access control
  • Guest sessions controllable by bandwidth (Mbps/sec)
  • User credentials submitted to RADIUS for authentication
  • Auto-migration from open SSID to secure SSID for authenticated users
  • User authentication failure results in quarantined user
  • Account revocation

 

Headless Devices – XAM also supports the ability to connect e-readers, game consoles, and other "headless" devices that do not support the ability to use a captive web portal for logon access. Gaming and entertainment devices connect to an open SSID, while separately the user accesses a registration portal and is asked for their credentials and information about the device. The device is classified and registered in the system and is granted access privileges.

Tunneling Services – Provide secure aggregation of guest traffic that can be separated from regular corporate traffic.

Directory Integration - Integrate with the same systems used for the wired network via Active Directory and LDAP services to simplify and lower equipment and support costs.


Key Benefits:
  • Reduced IT Capital Expenditure - Automate the process of bringing devices online without administrative intervention.
  • Increase user productivity - Enable business-critical applications delivered over the wireless network to meeting rooms, auditoriums, and convention floors.
  • Flexible Policy Enforcement - Allow user, role, device, and time-based policies and enforcement.
  • Better Resource Allocation - Restrict bandwidth for guest users to time of day, day of week, and more.
  • Simplified Network Integration - Integrate with existing network infrastructure such as RADIUS and Network Access Control systems used for both wired and wireless networks.
  • Highly Scalable BYOD - A multi-radio, distributed architecture ensures the ability to handle large numbers of users.