MSD of Wayne Township

Case Study

Statistics

16,000+ Students and staff
20 schools, from pre-k to high schools
20,000 unique devices in wireless network
Indianapolis, Indiana Located in

A Lesson for Students through BYOD

Today, District IT teams often have concerns about supporting a BYOD policy. How am I going to enforce my content filters? How do I know who’s misusing the network? How do I give staff a different level of access than my students? For the Metropolitan School District (MSD) of Wayne Township, a BYOD initiative was a growth opportunity too valuable to be deterred by limitations that have historically restricted wider access. They viewed a BYOD policy as a chance to teach students how to responsibly use the network.

Pete Just, CTO of MSD Wayne, shares the belief that schools should be providing a “sandbox” type of environment with room for students to make mistakes and subsequently learn from them. Pete wanted to make sure he had all the right tools to implement the necessary security and visibility requirements. The goal was to have a trust but verify approach and use the opportunity to teach a lesson in network use. The MSD Wayne philosophy includes preparing students to become positive contributors to society while learning to behave appropriately and be held accountable for their online actions.

Cloud has been a very positive thing. It was clear it wasn’t going to take hours or days to setup. And of course, that just doesn’t happen unless it’s cloud!

Pete Just

Chief Technology Officer

Enforcing SSL Content Filtering While Improving Wireless Security

MSD Wayne has been a Lightspeed Systems content inspection customer for more than 11 years. They understand that more than 60% of overall traffic and over 80% of malware traffic is SSL encrypted, and with so much encrypted traffic flowing across their networks, content visibility was proving to be a challenge to the security policy. To address the problem, Pete and his team knew that the best solution was to implement Lightspeed SSL decryption certificates on every device. This led him to also seek a way to remedy his content visibility issue when devices entered their wireless network.

Because the BYOD web authentication Wi-Fi network needed to be revamped to address new challenges, Pete and his team looked to leveraging certificate driven WPA2-Enterprise Wi-Fi security. His research for vendor options needed to take into account that the device configuration process must be a simple self-service process to highlight independence, which is an educational pillar of MSD Wayne. Additionally, the plan for managed Chromebooks was to move them from pre-shared key settings to unique certificates, just as they had done with BYOD devices. They understood that certificates offered better visibility and user tracking on the network.

Challenges

  • Support a Wi-Fi security environment that combines both device and user authentication
  • Cost-effective from a budget and IT resources and management standpoint
  • Support a diverse device ecosystem of BYOD and managed endpoints
  • Enforcing the installation of SSL content certificate for inspectio

Results

  • Knowledge of which device is connecting to the network and which user is associated with a given device
  • Cloud Wi-Fi enrolment and authentication using WPA2- Enterprise security K-12
  • Fast and easy, turn-key integration with the existing infrastructure
  • Increased security for faculty, staff, students, and guests while maintaining CIPA compliance
  • Easy and painless installation process for end-users

The Path to a “Perfect Match”

Pete and his team have always been comfortable with adopting new and innovative technology for their classrooms. Their goal when searching for a new network authentication and security solution was to find a vendor that met their key technical requirements, while not being excessively complex from an implementation and management prospective. Pete commented, “We found that many options, even the vendor solutions that matched our environment, were just simply overkill for our team.”

We can put a name to a device and see who everybody is. That gets to the dashboard…it’s very useful

Linda Carter

Network Engineer

Network Engineer Linda Carter led the integration of JoinNow’s cloud-based solution with their existing infrastructure. The choice to use certificates for Wi-Fi security meant RADIUS server technology and a CA (Certificate Authority) would be needed to issue certificates after validating users against their Rapid Identity SAML identity provider. Linda was originally skeptical about completing the network integration using a cloud network. She was surprised that with SecureW2’s deployment assistance, she was able to complete a network integration that would support more than 20 campuses in a matter of hours. When asked about her overall experience with the team, she commented, “Support has been very good. They’re quick to answer my questions, and they work hard at trying to get what I’m doing.” Linda also commented that the support she received was not simply instructional but had an educational focus so she could resolve any future complications independently.

Products

SecureW2 JoinNow Education

  • MultiOS provisioning clients for BYOD
  • SCEP gateway for managed Windows, Mac and Chrome
  • AAA/RADIUS server
  • CA and certificate mgmt.

Cisco Switches and Wireless

Lightspeed Systems

MSD Network Goals Successfully Implemented

For Pete, SecureW2 was able to meet all the guidelines he set forth for MSD Wayne’s wireless security. A BYOD solution for students and staff needed to work on all major operating systems. SecureW2’s lightweight, dissolvable client technology allowed his users to go through a one-time setup and configuration process to install the Lightspeed content filter and SecureW2 Wi-Fi certificates. This meant a fast and painless setup, reducing the need for help desk or IT staff intervention. SecureW2 also allowed him to control access by setting expiration dates on his certificates, limit the number of certificates, and revoke a certificate at any time.

As Linda and her team began running the system, she quickly noticed some key benefits. User tracking was always a challenge in the past and required looking up information in multiple systems, including DHCP, to decipher users and their devices. Certificate-based wireless network authentication, or EAP-TLS, gave Linda confidence that she could track every user’s connection and pinpoint every device. It also provided the user some unique solutions that credential based network connections face, including eliminating disconnects due to password changes and improving Wi-Fi performance as devices connect and roam. Ultimately, “we can put a name to every device” stated Linda, “it’s very useful.” With the help of SecureW2, MSD of Wayne Township is now able to give students the independence to make smart online decisions and learn the lessons that will dictate appropriate device usage in the professional world.