Subject: The need for XpressConnect? From: Todd Thomas How many of you with wireless networks purchased XpressConnect by Cloudpath Networks (http://www.cloudpath.net/xpressconnect.php)? Back in the Windows XP days I could see this truly being useful, but it seems as though enterprise wireless setup has been simplified with Windows 7. We'll be pushing users toward 802.1x with WPA2 if possible, but I know that won't always be feasible. I've also heard the cost for an enterprise license is very high. What are your thoughts/experiences? http://www.resnet.uni.edu ---------------------------------------------------- Subject: Re: The need for XpressConnect? From: Dale Klimmek Date: Mon, 22 Nov 2010 10:38:24 -0500 We are using it, it is expensive but works well We are using 802.1x ----------------------------------------------------- Subject: Re: The need for XpressConnect? From: Randall C Grimshaw Date: Mon, 22 Nov 2010 10:41:10 -0500 text/plain (40 lines) Highly recommended. XpressConnect is a very good product and support has been fabulous. As for the price, you need to ask. Do not base your decision on hearsay. Randy ----------------------------------------------------- Subject: Re: The need for XpressConnect? From: Charles Benjamin Date: Mon, 22 Nov 2010 10:58:52 -0500 We have used XpressConnect on both wired (Ethernet) and wireless for almost three years now. 1. Good support, frequent updates to improve product and to work with new Operating Systems 2. Wouldn't enable 802.1x without it 3. Also looks for active P2P software 4. Works with SafeConnect NAC to install policy key 5. Easy to use interface Charles Benjamin Senior Network and Systems Administrator CCSI 21905 ------------------------------------------------------ Subject: Re: The need for XpressConnect? From: Todd Gould Date: Mon, 22 Nov 2010 11:08:53 -0500 I really want to second what Randy just said. I highly recommend it. 802.1x has become a bit more simplified in Vista & Win7. The product has client support for WinXP, Vista, Win7, Leopard, Snow Leopard, iPhone, Ubuntu, Android, Etc. There are far too many features to discuss here in this forum. Please feel free to hit me up offline if you would like to know more of them. Todd Todd Gould Networks & Systems Admin Williams College ------------------------------------------------------ Subject: Re: The need for XpressConnect? From: Alex Sharaz Date: Mon, 22 Nov 2010 15:59:23 +0000 We use XpressConnect here at Hull University and I can't recommend it enough. I use it for all our wired and wireless dot1x setups. Rgds Alex ------------------------------------------------------ Subject: Re: The need for XpressConnect? From: "Johnson, Neil M" Date: Mon, 22 Nov 2010 10:29:20 -0600 Highly recommended. Yes, it can be pricey, but the labor it saves our help desk configuring clients is well worth it. There are still a lot of windows XP machines in use on our campus, so it is still applicable to us. In addition we are looking at having to reconfigure all our clients to use the new 2048 bit root CA's. Thanks to Cloudpath support we will be able to leverage XpressConnect to simplify client re-configuration. -Neil ------------------------------------------------------- Subject: Re: The need for XpressConnect? From: Denise Moser Date: Mon, 22 Nov 2010 12:29:44 -0500 For Back To School 2009 complications connecting to our 802.1x wifi were among the top 3 problems the Help Desk was contacted about. Over the summer 2010 we deployed Xpressconnect and encouraged students to configure wifi before they even arrived to campus. Our wifi related calls were reduced by 73% during the same 2 week BTS period as the previous year. Definitely recommend it. Denise Moser Manager, OIT Help Desk UNIVERSITY OF NOTRE DAME ------------------------------------------------------- Subject: Re: The need for XpressConnect? From: Andy Voelker Date: Mon, 22 Nov 2010 12:40:18 -0500 In my opinion this depends on your setup. At WCU, Students bring whatever computer they want whether it is something from Best Buy, home-built, through our Dell purchasing agreement, or something they've had laying around for several years. With that being the case, Cloudpath has been absolutely INDESPENSIBE! The variety of client configurations present is just mind-boggling. Even with Cloudpath, we still have many problems getting certain computers to accept 802.1x, WPA2-Enterprise, MSCHAPv2, etc. The variety of problems we have seen is anything from driver errors, to windows updates, to antivirus vendors that unregister authentication DLLs for their own. Cloudpath has worked well with us, taking in 300 meg registry dumps and crawling through them looking for ways to improve their tool. We have enough problems out of 1x with the tool, I can't imagine it without. We just got asked the question of whether we needed to continue our contract with them for support or just keep using the existing tool without updates. The result was a resounding YES from everyone that works on the client front. Andy Voelker Student Computing Coordinator of Western Carolina University Check out the TechTips Podcast at http://itunes.wcu.edu or http://www.youtube.com/WesternCarolinaU! ------------------------------------------------------- Subject: Re: The need for XpressConnect? From: "Marion, David" Date: Tue, 23 Nov 2010 08:18:42 -0500 Like a lot of others on the list, I'm using XpressConnect here, and it's been worthwhile. Windows 7 has made .1x quite a bit easier, but we still have a lot of XP machines. Dave Marion Bridgewater State University -------------------------------------------------------- Subject: Re: The need for XpressConnect? From: Todd Thomas Reply-To: Resnet Forum Date: Tue, 23 Nov 2010 08:49:02 -0600 Thank you to everyone for the quick responses! It sounds like XpressConnect has been very useful indeed. If you have any website documentation regarding using XpressConnect, feel free to send it my way. Has anyone implemented 802.1x wireless with WPA-Enterprise without the XpressConnect client? If so, what has your experience been? -------------------------------------------------------- Subject: Re: The need for XpressConnect? From: "Bailey, John" Date: Tue, 23 Nov 2010 09:06:07 -0600 Here at WUSTL, we have our production wireless network setup to use 802.1X authentication with WPA2-Enterprise security, PEAP authentication, and AES encryption. We do not use XpressConnect. Setting up our network to use PEAP authentication with a tie-in back to our campus-wide Active Directly system was the key component. Once we moved to PEAP, most devices could auto-detect the network settings and connect in 3 to 4 simple steps (select network, enter username/password, accept security certificate, done.) The only OS that is still somewhat complicated to setup is Windows XP since it is too dumb to detect the proper settings automatically. To get an idea how connecting to our network works, you can check out our connection instructions here: http://sts.wustl.edu/sts/index.php?option=com_content&view=article&id=48&It emid=56 Cheers, - John John Bailey - Manager of Technical Services and Support Washington University in Saint Louis - Information Services and Technology - Student Technology Services ---------------------------------------------------------- Subject: Re: The need for XpressConnect? From: Cal Frye Date: Tue, 23 Nov 2010 10:18:53 -0500 On 11/23/10 10:06 AM, Bailey, John wrote: > To get an idea how connecting to our network works, you can check out our > connection instructions here: > http://sts.wustl.edu/sts/index.php?option=com_content&view=article&id=48&Itemid=56 Catch-22: "Make sure your have installed all Apple system updates prior to attempting to connect." ;-) -- Best regards -- Cal Frye, Network Administrator, Oberlin College Mudd Library, x.56930 -- CIT will NEVER ask you for your password! ------------------------------------------------------------ Subject: Re: The need for XpressConnect? From: "Rizzo, Jim" Date: Tue, 23 Nov 2010 10:46:35 -0500 How does it handle password changes? I know Win7 in the config screens has the option to not save the credentials, but since you're not going to the config, the default is to save them. That's our biggest headache, especially when it comes to MacOS, which is the biggest pain in the you-know-what when it comes to password issues. Jim -- Jim Rizzo Helpdesk Manager Providence College Information Technology ------------------------------------------------------------ Subject: Re: The need for XpressConnect? From: "Bailey, John" Date: Tue, 23 Nov 2010 10:00:59 -0600 Indeed, password changes are somewhat of a pain. Student's "WUSTL-key" passwords have to be reset every 180 days or so, and when they are reset, the students have to enter the new password for their wireless config. In Windows 7, it will usually just re-prompt and they can enter the new one and there are go to go. For Mac OS, we often wind up helping them because Mac OS is so bad about holding onto old bogus wireless config info. We have found that right after a password change, if you manually open the 802.1X config dialogs in Mac OS and change the saved password, your existing config will generally continue to work. This is what we instruct our students to do. If that doesn't work, we have them completely remove the wireless config and start over. We keep hoping that a Mac OS update will fix the 802.1X silliness, but we keep being disappointed. - John John Bailey - Manager of Technical Services and Support Washington University in Saint Louis - Information Services and Technology - Student Technology Services 6515 Wydown Blvd. - Campus Box 1245 - St. Louis, MO 63105 - (314) 935-4570 - jwbailey@wustl.edu ------------------------------------------------------------ Subject: Re: The need for XpressConnect? From: Timothy Wells Date: Tue, 23 Nov 2010 16:58:09 -0500 We just did a WebEx today and I think we will be moving in that direction Timothy Wells Director of Telecommunications and Network Technology Brown University / CIS 401 863 7166 ------------------------------------------------------------- Subject: Re: The need for XpressConnect? From: Robert Wilson Date: Mon, 29 Nov 2010 13:37:56 -0500 We've used 802.1x for several years for school owned laptops and personal wireless devices. The wireless settings for the school owned settings are set via Group Policy. We provide instructions for Microsoft Windows devices and Apple i* devices. Macs generally work OK. When they don't, they bring them in and the fix usually requires resetting the network settings. This process isn't as good as I'd like, but generally works. One thing that would improve the process is to have a real certificate in our AD server. This would eliminate one step in the setup process. We have a little 400 wireless devices. We recommend connecting wired first and getting all the updates and what not installed before connecting wireless. If we had more systems, I could see where automating this process would be nicer. Robert ----------------------------------------------- Date: Fri, 3 Dec 2010 10:53:16 -0500 From: Caroline Couture Subject: XpressConnect and touching student computers? Hi Folks! I read the thread on XpressConnect with great interest. We are starting to implement this after winter break. We did have one question\concern and wondered how you dealt with it. Having to manually configure student computers also meant that we had a chance to touch them and check to make sure that they had anti-virus, firewall and system updates turned on. With XpressConnect students can now do the configuration and setup themselves with little or no touching by our staff. Have you seen a rise in infections and compromises after implementing XpressConnect? I know that you can tack stuff on to the XpressConnect install, to check firewall or av settings, but we are worried that might make the process too long or create complications when that part of the set up goes poorly. Any thoughts\experiences\comments? Thanks! Caroline -------------------------------------- Date: Fri, 3 Dec 2010 14:42:15 -0500 From: Randall C Grimshaw Subject: Re: XpressConnect and touching student computers? Caroline: We turn on the firewall and auto updates with XPressConnect because it is convenient and would not delay a student getting on-line. The anti-virus compliance checking is performed by our NAC software, Impulse SafeConnect. We allow students a couple of days to meet that requirement. This is possible because the system uses an agent and performs continuous assessment. The threat landscape currently justifies this approach. Many of the remaining issues are detected by IDS which triggers a quarantine procedure. Regarding a statistical change in compromises since implementing XPressConnect - I cannot say. Our driving requirement was 802.1x configuration - we already had NAC implemented at the time. Previously, we had a 'home-grown' system that was tasked with also managing AV in a one touch fashion... and between only having the one chance to touch each machine, and difficulties with the then "officially supported" AV product... It was not as pleasant an experience. Randall Grimshaw rgrimsha@syr.edu