Product: XpressConnect from Cloudpath Networks
Pros: smart wizard, great customization, great documentation
Cons: lacks support for EAP-TLS (client-side certificates)
The enterprise mode of WPA/WPA2 encryption, along with 802.1X authentication, can protect your wireless network with multiple usernames and passwords instead of a single insecure PSK or passphrase.
This mode, however, requires more configuration on part of the end-users. Client devices must be configured with the proper server and login details in order to connect to the network. As you may already know too well, this can be a huge headache for both end users and administrators.
Figure 3
Once the XpressConnect wizard gets them connected, it can open their Web browser to a URL you choose. You can also have a revert shortcut placed on their desktop in case they want to undo the changes the wizard has made.
We went through and created a test network here in the office. We found the settings to be well documented. Each option can be expanded to see more information about it. The settings and options themselves show just how sophisticated XpressConnect is.
Using the XpressConnect wizard to configure clients
Next, we tested the wizard to see check out the end-user experience. First, we downloaded the standalone package, unzipped it, and put the files onto a CD. Then we went to a Windows 7 and Windows XP machine.
Once you pop in the CD, the XpressConnect wizard automatically comes up. See Figure 4. We entered a username and password for our 802.1X test network and hit Continue. It did the magic and told us we were successfully connected. It even let us view exactly what changes were made to the computer and gave us an option to create a revert shortcut on the desktop. It took us less than a minute to get connected.
Figure 4
We also tested the Web server deployment method. We downloaded the HTML package, unzipped it, and simply uploaded the files to a web host. When you visit the URL, it downloads a Java Applet or ActiveX program, which resembles the same XpressConnect wizard as the standalone method. We had no problems, worked just like the standalone method.
Our final thoughts
We found XpressConnect to be a solid product. Cloudpath Networks did indeed deliver on its promises. Its smart wizard can help reduce the employee hours and costs associated with supporting an 802.1X network. Plus it makes it much more user-friendly for end users. Additionally, we found XpressConnect to be very customizable, with great documentation.
The only gripe we have is that it doesn’t support EAP-TLS, where there are client certificates in addition to server verification. XpressConnect only works with the PEAP and TTLS settings, in regard to the 802.1X authentication. However, these are the most popular implementations today.