- Full integration of the MobileIron platform and Aruba ClearPass into the existing Cisco infrastructure, AD and Root CA
- Certificate-based authentication of WLAN requests, including checking them against AD
- Comprehensive management of smart devices including life inventory
- Sponsor approval and complete traceability of the guest WLAN
- Fully automatic roll-out of smart phones, including security guidelines, certificates, apps, etc.
The high level of security with minimal effort for IT and users is what won me over. It's now fun to work mobile.Thomas Wenk, Lead IT Manager Canton of Basel-Landschaft
The canton of Basel-Landschaft wants to create one of the most attractive environments in Switzerland for business, education and living. Efficient administration is necessary to meet such an ambitious goal. The roughly 4,700 employees in 5 directorates of the cantonal authorities and courts require modern, high-performance IT infrastructure. This infrastructure is maintained and extended by the Central Offices for IT Services.
The Central Offices were confronted with complex problems related to mobile work. That's why they turned to go4mobile, the Swiss technology leader in mobile ICT.
The trigger for this mobile IT update was the fact that the Cisco Access Control Server (ACS) had reached the end of its useful life and needed to be replaced. But Cisco components such as the ASA firewall and WLAN controller (WLC) needed to remain in place. This also applied to the Vasco hardware tokens used for two-factor authentication.
The key problem areas of the previous mobile architecture were WLAN access for employees and guests and the use of mobile devices by employees. The devices were only minimally secured. In-house apps needed to be rolled out manually, and Mailsync and WLAN profiles needed to be entered in manually. With 1,000 mobile devices in use, a solution was desperately needed to automate the roll-out of device distribution and apps and to administrate them securely.
WLAN authentication for employees was also a manual process. The MAC address had to be entered in manually, but with the looming possibility that the available address space might run out.
Self-service via the MobileIron platform
Against this backdrop, go4mobile received the mandate to implement the MobileIron security platform. At the same time, the Cisco ACS was replaced with the ClearPass AAA/NAC platform made by Aruba Networks, a wireless specialist now a part of HP. Since the MobileIron platform has a special ClearPass interface, the platforms go well together to form the core of the ultramodern, all-wireless workplace.
ClearPass and MobileIron are both completely integrated into the Active Directory, Radius and Token servers and certificate infrastructure (CA Root). This makes highly automated processes and certificate-based authentication possible.
Existing Cisco components can continue to be used and prior investments are protected because of how flexible ClearPass and MobileIron are.
With minimal effort, employees can register via the MobileIron platform in the self-service shop and have security settings, apps, a WLAN profile and certificates loaded onto their device with no IT interaction. But only if they have the proper authorization, of course.
Automatic WLAN management for employees and guests
The WLAN guest portal is a component of ClearPass and is designed to reflect the client's corporate identity or design. Guests register on the portal themselves and can have their sponsor approve them directly.
Employees gain secure access to the resources made available to them automatically via WLAN. The IT department and reception desk are now completely relieved of this duty. The number of users that can be on the WLAN has no upper limit.
Guests are welcomed on the Basel-Landschaft WLAN portal. Approval is granted with no IT interaction. All activities are securely logged.
The administration retains full control of smartphones and tablets so that security is guaranteed at all times. Effort for IT and users, both during roll out and when in operation, is practically non-existent.
The Central Offices for IT Services of the canton of Basel-Landschaft is setting a new information security and efficiency standard with this highly-integrated mobile ICT system and is giving the administration a more professional appearance.
Administration employees can work mobile on campus and on the go at any time. This will help them immensely in turning the canton of Basel-Landschaft into one of the most attractive places to work, go to school and live in all of Switzerland.