The IT staff set the certificates to five years, a limit that would accommodate the complete lifecycle of most devices. “We are operating under the assumption that the device would be replaced by then, so you don’t have to worry about expiration,” Frovarp notes. He explains that having tight requirements for regularly changing passwords would be a challenge, because then every password would expire over summer when a large percentage of the student body and faculty are gone, creating a “very large support hit when school came back.” The certificate does not rely on usernames and passwords, so when a student or staff member does change a password, that certificate does not need to be reissued.
The idea behind XpressConnect is to offer more flexibility for settings like higher education where a plethora of users with multiple devices might need different privileges. Traditionally devices are either untrusted or completely trusted. XpressConnect allows companies to create those midpoints in between when determining privileges for different devices.
Frovarp says that IT did run into some challenges when deploying XpressConnect. When NDSU initially rolled out the system, users who were attempting to log on to the network were directed to the captive portal page. The portal wasn’t allowing them to authenticate because XpressConnect was checking for a root certificate that many of the devices hadn’t seen before. “We learned [that] on the first day when all the students showed up, and we were able to work with network engineering to correct that,” he says.
XpressConnect has provided other benefits for the university students who operate beyond the campus boundaries. NDSU is a member of the eduroam network, a program that allows students to connect seamlessly to networks at other participating higher education institutions. With XpressConnect, IT has set up the enrollment process to automatically sign devices up on the eduroam network as well.
Steve Sobiech, acting executive director of enterprise computing and infrastructure and IT help desk manager at NDSU, says that the queue of issues to troubleshoot for students and staff has been greatly reduced since NDSU rolled out XpressConnect. He notes that every device is unique, depending on what applications are installed and specific settings the user might have configured on it, but most people find that registering the certificate is easier and takes fewer steps.
Marc Wallman, interim vice president for information technology, notes that before implementing CloudPath’s product, NDSU’s IT staff could hardly keep up with all the devices that started showing up on the network. “We just couldn’t do it. Before we did this we had lines like crazy at the start of the semester when all the students were coming back, bringing all their own devices,” he says. “That was really the main initiator for us—that this offered a way to be able to onboard these devices without us having to go through and know the nuisance of every single product.”