Do iPads necessitate opening up your wireless network?
Facing a scenario where ipads and other tablet devices are being considered and trying to deal with the ramifications on security and network planning.
Our current infrastructure is fairly strict - but works in terms of very little if any security / virus issues etc.
Our 6th for student wireless network (unmanaged BYOD) runs off aruba - and using their firewall polcies we are able to have it so that there are 3 fundamental rules in place.
1. No device on the wireless can talk point to point to another wireless device (stop propogation of viruses and also internal LAN gamining etc)
2. Only HTTP (80) and HTTPS (443) traffic is allowed through the aruba firewall and only then out via inline proxy.
3. Broadcast traffic is turned off (just trying to minimise traffic and preserve bandwidth)
So - having the above in place means the following won't work - and I know it won't work.
Apple TV's We are not able to get Apple TV to work with Ipad mirroring as it requires Broadcast Traffic to be turned on to be discovered (from what I have read). We know it does work as when we turn on broadcasts and ANY ANY on the Aruba Firewall - no issues - Airplay works a treat.
Certain ipad apps (in fact more and more) such as CloudOn - ISwifter - Rover -require non standard ports and often a huge range of ports to be open on the firewall. They do not work over standard 80/443 - nor do they work on only 1 or 2 ports. Again - remove the rule on the Firewall and all works.
Ipad Apps and the Teacher PC.
Currently looking at a few different Apps, particulalry Promethean AtiveEngage for the ipad which works by talking to the Promethean software on the teachers PC. Of course the Teacher PC is on the wired LAN and the student Ipad is on the Wireless LAN and never the twain shall meet (in an unmanaged wireless BYOD network).
So - yes I can throw security and IMO good network practice out the window and everything will work. BUT DO I NEED TO??
Is anyone doing anything like this and are there any ways around it?
I have thought about a different SSID VLAN just for ipads (secured via certificates / ipad profile) that has open ports and can talk to the internal network - but...
This works on the assumption that ipads are safe and are not / nor ever will be a malicious device.
Also - to get Apple TV to work - I need to enable broadcast traffic and this is not something anyone recommends (do they?? Anyone doing it and see any negative impact?)
We are not talking a small network here - we are talking potentially 600-800 ipads!
So - would be glad of any advice,