Bradford Networks
 
 
Erate
 
Contact Us

FAQ

Q1: What is Campus Manager?

Campus Manager is a user-focused, network-based NAC solution that automates identity management, endpoint compliance, and usage policy enforcement for educational environments.

 

Q2: Where does this “fit” into my network?

Anywhere Campus Manager can “see” and communicate with all of the switches.

 

Q3: How is Campus Manager different from other NAC products on the market today?

Campus Manager delivers all three components of network access control – identity management, endpoint compliance, and usage policy enforcement – regardless of the kind of network connection (wired, wireless, or VPN). In addition, the solution works in multi-vendor and multi-platform environments, allowing organizations to leverage all past and current infrastructure investments.

Unlike Campus Manager and its comprehensive feature set, many of the NAC offerings on the market today are point solutions that deliver one or two components of network access control.

 

Q4: How does Campus Manager recognize and manage specific users and devices?

A: Campus Manager requires all users to register prior to allowing them access to the network, providing an invaluable tool for network administration staff. Among other things, the registration process helps to:

  • Control network access for wired, VPN and wireless users
  • Assist in tracking all users by location, name or address (MAC or IP)
  • Provide role-based access and levels of service via dynamic VLAN assignment

Implementing a user registration and authentication policy across the network ensures each device has appropriate ownership assigned. Each user is required to register their hardware before gaining access to the network, which provides an added level of security and control.

Users are prompted for user identification credentials via a friendly web browser interface. The user is typically presented with several screens, which they quickly scroll through. In addition to being prompted for credentials, many administrators post acceptable use policy information for the user to review and accept before completing the registration process.

Q5: How do I know who is online if students don’t have their own computers, if they are all school-owned?

A: If your system has an LDAP accessible authentication system in place which requires everyone to log on to a computer before they begin using it then Campus Manager can receive traps from that system and use it to track who is on the network.

 

Q6: What type of information does Campus Manager collect about users and devices?

A: The system gathers comprehensive data on the machine, MAC and IP addresses, time-of-day, user identity and location to make intelligent decisions. By effectively associating the device with the specific user and location, Campus Manager makes intelligent decisions to guard the network. Is the user recognized? What level of access are they allowed? Are they authorized to access specific services from their location?

 

Q7: How can I force students to register their computers?

There are two ways. Campus Manager identifies a rogue client as any MAC address on the system that is not registered to a name. You can disable all rogue clients, thereby forcing students to register or never use the network. Secondly, in a VLAN environment and with our Dynamic VLAN switching tool, Campus Manager can be configured to switch all unregistered MAC addresses to a dead end VLAN which the IT director can set up. Schools using this solution now send rogues to a VLAN that allows them to only the registration page where they can register with the system or get off the network. 

 

Q8: How does Campus Manager handle different types of users?

Campus Manager uses both persistent and dissolvable agents during the registration process and to assess endpoint compliance. Students, staff and professors, for example, will be required, as part of compliance, to install the persistent agent on their devices. Campus visitors would be identified by the system as “unrecognized users” and will have a dissolvable agent pushed to their device to establish identity and compliance. 

Q9: What type of data does Campus Manager check for endpoint compliance?

Campus Manager gathers data on anti-virus and anti-spyware software and versions, operating systems, required applications (such as firewalls, etc.), and prohibited applications .

 

Q10 : What methods are used to isolate non-compliant machines?

Campus Manager can take a number of different isolation actions, including:

  • VLAN-based isolation provides true network isolation for different ports on the same switch. Campus Manager can assign one VLAN to machines that have not yet been authenticated, another to devices known to be compromised, and another to machines that are approved for access.
  • IP-based isolation is similar, but assigns devices to different logical networks. DHCP servers can be used to assign machines into the different pre-registration, remediation, or public networks.
  • Role-based isolation makes access decisions based upon identity and specific roles

A captive portal makes decisions about where to send specific users and/or devices, determining to which internal or external networks the host can connect. As the system makes decisions about where to send specific users and/or devices, no matter which internal or external network the machine can access, all users see the same, consistent captive gateway, regardless of access process.

 

Q11: Does Campus Manager offer self-remediation for non-compliant machines?

Yes. If a user’s device is found to be running an older version of the required anti-virus, for example, they will be taken to a screen where they are informed of the problem and prompted to download the latest version. Once that is done, the system again checks for compliance, and once it returns a “Success” message, the user is allowed access to the network.

 

Q12: Our students move between wired and wireless connections constantly. Does this mean that they will need to go through a lengthy authentication process each time they switch?

Campus Manager is connection-independent and ensures a consistent user experience across connection types (wired to wireless, for example). A device validated by Campus Manager for wired access does not have to be re-validated if the interface it’s connecting through differs from the way it connected in when it first accessed the network. Campus Manager is intelligent enough to differentiate between a device and a MAC address and to correlate device information, when necessary, to prevent duplicate testing. This process minimizes network authentication while eliminating the unnecessary step of asking users to be validated again if they switch their connection interface from wired to wireless.

 
home | about us | products | solutions | news & events | partners | support | contact us
© 1999-2009 Bradford Networks. All rights reserved.        Privacy Statement