Implementing Eduroam at the College of William and MaryCase Study
Everyone’s got to reconfigure their devices to get on eduroam… we knew that the configuration process for Android devices would be troublesome for our users.
- Support a Wi-Fi security environment that combines both device and user authentication
- Now students and staff can easily self-configure their devices for secure eduroam network access.
- Implemented AD Domain and SCEP Certificate Distribution Gateways for managed device security.
- Students no longer experience disconnects, or need to reconfigure their devices, due to password change policies.
Once we all started talking to you, it became apparent you had a pretty good solution for EAP-TLS.
W&M also discovered that in order to use eduroam, all the end-users would have to reconfigure their devices. This was because eduroam required all the usernames to be configured for network access in email format (firstname.lastname@example.org). Their existing configuration was not in this format, meaning each device would need to be manually reconfigured for network access. This was a concern for William & Mary because they weren’t using any onboarding software, so every end user would need to re-configure all their devices (the average college student has 7 internet connected devices).
As far as setting up the infrastructure, it was Plug-and-Play.
W&M used SecureW2’s PKI and found the process to be surprisingly simple. “As far as setting up the infrastructure, it was Plug-and-Play,” Norman said. “The fact that you all run the CA is fantastic. We don’t have to stand up something on campus to do, that is great.”
W&M also used SecureW2’s Managed Device Gateways to automatically enroll their AD-Domain and Jamf managed devices for certificates. Previously, they had issues in which postal workers would experience network disconnects due to password-change policies and the use of managed devices, causing interruptions to the mail service. Certificate-based authentication fixed W&M’s password-related disconnects while also improving network security.
Your support folks are amazing.
W&M wanted to keep their PEAP network running for returning students, but every freshman and new user would be onboarded using EAP-TLS. Because deploying with SecureW2 was so easy, the most involved process for W&M was the customizing the page design where users downloaded SecureW2’s onboarding client. “We stumbled through a lot of EAP-TLS questions and your support guys were fantastic,” Norman said.
William & Mary had two problems: configuring Android devices for WPA2-Enterprise access and the transition to eduroam. They solved both issues by using SecureW2’s #1 rated device onboarding solution to configure their devices for secure network access. They improved their network security and user experience by implementing certificate-based authentication, eliminating the risk of over-the-air credential theft and password-related disconnects.