Ruckus ZeroIT To Cloudpath ES Migration Guide For SmartZone 3.4 Smart Zone (GA) Zero IT Vsz34Zero ITto ESMigration Guide20160719
SmartZone 3.4 (GA) ZeroIT to Cloudpath ES Migration Guide vsz34ZeroITtoCloudpathESMigrationGuide20160719_
2016-07-20
User Manual: Ruckus SmartZone 3.4 (GA) ZeroIT to Cloudpath ES Migration Guide
Open the PDF directly: View PDF
Page Count: 63
- ZeroIT to Cloudpath ES Migration Guide for SmartZone 3.4
- Overview
- Cloudpath ES Specifications
- TABLE 1. Cloudpath ES System Specifications
- Cloudpath ES Highlights
- Why You Need the Cloudpath ES
- Additional features Cloudpath provides (as opposed to ZeroIT)
- Pre-Deployment Checklist
- Information Required From Customer
- Information the Customer Should Consider
- Initial Setup Call
- Who Should Be Involved in the Initial Setup Call
- Deployment Testing
- Deploying the ES Virtual Appliance to a VMware Server
- Note >>
- Specifications for On-Premise Deployed VMware Servers
- Retrieve OVA File
- Deploy Virtual Appliance to a VMware Server
- Set Up Virtual Appliance
- 1. Open the VMware client.
- 2. Select File > Deploy OVF Template.
- 3. Enter the file path or URL where the OVA file resides.
- 4. Enter a unique name for the virtual appliance. The default is Cloudpath Enrollment System.
- 5. If you are using VMware vCenter™ Server to manage your virtual environment, select the appropriate data center, cluster, host, and destination storage, as needed.
- 6. Select a disk format.
- Note >>
- Application Properties
- Networking Properties
- Confirm Deployment Settings
- Console
- 1. At the login prompt, enter cpn_service and then the service user password. You receive the CLI prompt (#) with a successful login.
- 2. Enter ? to display the list of available commands on the console.
- 3. Enter the show config command to verify your configuration. You may be prompted to re-enter the password.
- Set Up Virtual Appliance
- Test Network Connectivity
- Activate Account or Log In
- Initial System Setup
- Enrollment Workflow
- Creating a Workflow From a Blank Slate
- 1. Go to Configuration > Workflow.
- 2. From the Workflow drop-down menu, select Add New Workflow.
- 3. On the Create Workflow page, enter a Name and Description. Leave Include Demo Data unchecked, and Save.
- 4. On the blank workflow page, click Get Started to add your first workflow step.
- FIGURE 23. Enrollment Plug-in Selections
- Acceptable Use Policy
- 1. Select the button for Display an Acceptable Use Policy (AUP).
- 2. Select A new AUP created from a standard template.
- 3. On the Add Acceptable Use Policy page, enter the Reference Information and Webpage Display Information. The Webpage Display Information is the what the user sees during the enrollment process.
- FIGURE 24. Add Acceptable Use Policy
- User Type Split
- 1. Insert a step above the Result: step in the enrollment workflow.
- 2. Select Split users into different processes.
- 3. Select Use an existing split and choose User Type (a pre-existing split). The User Type split creates a prompt to select either the Employee User Type or the Visitor User Type. These labels can be modified.
- FIGURE 25. Workflow with User Type Split
- Authentication to a Local Server
- 1. Select the Employee tab in Step 2 of the example enrollment workflow.
- 2. Insert a step above the Result: step in the enrollment workflow.
- 3. Select Authenticate to a local server.
- 4. Select Define a new authentication server. The Add Authentication Server page opens.
- FIGURE 26. Add Authentication Server
- Device Type Split
- 1. Insert a step above the Result: step in the enrollment workflow.
- 2. Select Split users into different processes.
- 3. Select Use an existing split and choose Device Ownership. The Device Ownership option prompts the user to select either Your Device or Company Device. These labels can be modified.
- Tip >>
- Create a Filter in the Device Type Split
- 1. On the Enrollment Workflow page, locate the step with the Device Type prompt. In this example, it is Step 4.
- 2. On the right side of the step, click the Edit List icon to open the Modify Options page and configure the Your Device split. From this page, you can also set up filters for this split in the workflow.
- FIGURE 28. Modify Selection Option
- Note >>
- Prompt for Voucher
- Device Configuration and Client Certificate
- Device Configuration
- 1. On the right side of the Result step, click the edit icon. Alternately, click the Assign link in the last step of the workflow.
- 2. Select A new device configuration.
- 3. On the Add Device Configuration page, provide a name for the device configuration. This is the name a user sees in the device WiFi networks list.
- 4. Select Wireless Connections (the default) and enter the SSID of the secure wireless network.
- FIGURE 30. Configure SSID
- 5. Set the Authentication Style:
- 6. Leave the default Broadcast setting and click Next.
- 7. Specify Conflicting SSIDs. This setting prevents the device from roaming away from the secure SSID to any open SSID in the area.
- 8. Select the operating system families and versions that to support within this device configuration. You can restrict a particular version or service pack level after the device configuration is created.
- FIGURE 31. Select OS Versions
- Note >>
- Client Certificates
- 1. Select A new certificate template.
- 2. Select Use an onboard certificate authority. Select the CA to sign the client certificates.
- Note >>
- Tip >>
- 7. Select any email notifications to be sent to the user related to the life-cycle of the certificate. Additional certificate notifications can be configured after the template is created.
- 8. Optional. Enter RADIUS Options to assign a VLAN ID or Filter ID to certificates that use this template. These settings only applies if you are using the ES onboard RADIUS server.
- 9. Click Next.
- FIGURE 33. Completed Workflow
- Device Configuration
- Deploying the Enrollment Workflow
- FIGURE 34. Deployment Locations
- Deployment Locations
- Configuration Snapshots
- How to Deploy a Snapshot of the Workflow Configuration
- How to Test a Configuration Snapshot
- 1. On the left menu, select Configuration > Deploy.
- 2. On the Deployment Locations page, in the Snapshot section, select the configuration you want to test.
- 3. Be sure that the snapshot you want to test is the active snapshot (green icon).
- 4. Click the Go to: User Experience button to bring up the XpressConnect Wizard and test the enrollment process for the active configuration snapshot.
- QR Code
- Explain Chrome Setup
- System Administration
- Ruckus Controller Integration for Cloudpath
- Set up the Cloudpath ES as an AAA Authentication Server
- Create AAA Accounting Server (Optional)
- Create Hotspot Services
- 1. Navigate to Hotspot WISPr on SmartZone.
- 2. Name the Hotspot Service.
- FIGURE 39. Create Hotspot WISPr on SmartZone
- 3. Point the unauthenticated user to the Cloudpath redirect URL. Enter the WLAN Redirect URL, which can be found on the Cloudpath Admin UI Configure > Deploy page.
- 4. Check Redirect to the URL that the user intends to visit. For more information on setting this URL see, Deploying the Enrollment Workflow.
- 5. Select Use device MAC address as authentication password.
- 6. Leave the defaults for the remaining settings. Click OK.
- Set Up the Walled Garden
- Create the Onboarding SSID
- Create the Secure SSID
- 1. Name the SSID.
- 2. Type=Standard Usage.
- 3. Authentication Option Method=802.1x EAP.
- 4. Encryption Option Method=WPA2
- 5. Encryption Option Algorithm=AES
- 6. Select the Cloudpath RADIUS Authentication Server.
- 7. Select the Cloudpath RADIUS Accounting Server
- FIGURE 42. Configure Secure SSID on the SmartZone controller.
- Troubleshooting Your Deployment
- Test Deployment locally
- Note >>
- Monitor the Client on SmartZone