Guest Access – Optimal Communication for Meetings
Welcome your guests – and their special needs.
No commercial user installs a Wi-Fi system simply for the access of its guests. It’s always a by-product. And yet, this partial solution is seen as a key technology. But why? Allow us to briefly explain.
Despite the great number of Wi-Fi installations currently available, there is still a desire to be able to have the best communication technology for meetings of multiple parties, such as discussions, seminars, training sessions, and the like. Being able to integrate projectors and flip charts, for example, is assumed to be part of any package. And what about preparations for participants? Will they be able to access their normal communication and information media?
As a participant, nothing is more uncomfortable than waiting endlessly because a needed statistic is not available, the copy of the project plan for the discussion has been damaged, or another important document is not where it should be. In such cases, it doesn’t matter whether the fault lies with the host, an employee, or the system. The lost time is always annoying.
One should attempt to make all sources of data available, as long as the effort required is reasonable.
How much effort is required in terms of access to normal internal networks, the Internet, and the potential resources of guests for employees and guests alike?
If a wired infrastructure is used, can LAN and Internet access be achieved without a hitch? Install one more outlet in the conference room and the problem is solved? No way. How many participants are expected? Does an additional Ethernet switch need to be installed? Should we have patch cables available for everyone as a precaution? Are all internal VLANs there also available? Because security is implemented on the port level, do we need to adjust any settings? And the list goes on.
Once all these questions have been answered thanks to careful preparation and the efforts of the IT department, the question arises about network access for company employees at other locations. These people are generally trustworthy. After all, they are co-workers. But are identical settings in other locations really common? How do these employees get secure access over the Internet? Do new rules need to be defined for the firewall? Does the VPN gateway need to be reconfigured? Are the application filters properly configured in multiple languages?
Should ‘outsiders’ be able to participate in meetings? At this point at the latest, any security officer will justifiably put his foot down here. Even if the person can be greatly trusted, this doesn’t automatically mean his device can because the potential dangers are complex. For example, the guest could have picked up a trojan while surfing on a hotel hotspot the night before and then it gets released during the meeting. If a meeting is called at the last minute, would your IT staff be able to execute all security checks so your customer can have unlimited access to your calculations during the meeting? Trust is good, but control is better.
After the meeting has successfully concluded, IT staff dismantle the entire setup, readjust the settings, and hope that the next meeting will be much later or somewhere else. Is this a solution? Not really.
Our solution is much more simple: We install a Wi-Fi access point. We plan various access options for internal and external staff and for guests for this access point and use various networks (SSIDs) to make it happen. Access to these SSIDs is controlled by group-dependent role authentication. Still, each user receives his own account. Guests are given one-time accounts that can only be used for a limited time.
All groups are securely isolated from each other by the SSIDs so that access is possible only to specific services and files. This protects not only internal data, but guest access can also be tunneled.
Depending on the applications, an access point can typically be used simultaneously by up to ten participants, so that larger groups are also possible. If capacity is reached, an additional access point is added.
Because participants are usually using different end devices, we recommend employing access points supporting all common standards, meaning 802.11 a/b/g/h/n, for this solution. This guarantees maximum flexibility.
For participants who do not have a Wi-Fi-supported device, a wired port that has been subject to the same rules and connection limits as the Wi-Fi, including role-dependent authentication, is made available.
To keep administrative work for guest accounts to a minimum, a partial system is implemented in which every authorized employee can create predefined accounts with just a few clicks. This measure can protect against access by uninvited guests.
A comment by one of our customers sums it up: “My expectations for the system were more than fulfilled. As a user I don’t have to think about it, I just use it. When we leave the building, we just take it along with us. On one hand, our IT department has nothing more to do with the process and on the other security still meets internal requirements. What more could you want?” He also conceded that: “I spend more money having the customer parking lot cleaned.”
Why is this now seen as a key technology? When your employees and your IT have had a chance to enjoy this new level of freedom of communication, they’ll start coming up with more wishes. Why shouldn’t you be able to use the solution for other communally accessed areas? Why not at the next trade show or the next event? Why couldn’t we get such an effective solution throughout the entire company?
Our answer is, “Just do it.” Our solutions are being successfully used in large companies and international corporations. Planning for guest access should not exclude the possibility of a complete solution later on, because this is very likely to be developed.