Differences

This shows you the differences between two versions of the page.

--- technical:ppsk-overview [2022/10/20 20:21]
admin [Large deployments]
+++ technical:ppsk-overview [2022/10/21 13:37] (current)
admin
@@ Line 11: / Line 11: @@
         * The option for each device to be assigned to a predefined VLAN after authentication.
-===== Usage =====
+===== Advantages  =====
 Your next question might be //"OK, so why would I want to use this feature?"// or even //"Where do you use this feature?"//
+  * The Private PSK allows you to use secure, device-bound credentials.
+  * This allows clients to securely authenticate and join the network using a **specific device and PSK combination**.
+  * This enhances security and deployment flexibility for headless IoT devices.
+  * Optional dynamic VLAN assignment further enhances the security and manageability.
+  * RADIUSdesk is used to centrally manage device and PSK matching.
+  * A PSK on the device owner's profile is the most generic solution.
+  * A more granular option will be a PSK on the device owner.
+  * Finally there is an option for a PSK on the device itself.
+  * Other features included with RADIUSdesk are available also to use:
+        * Future date activation.
+        * Expiry date.
+        * Time slots when the network can be used by the device.
+  * One SSID can support all these features.
+  * Using one SSID improves bandwidth utilization and provides a simplified user experience.
+  * The easy to use on-boarding Captive Portal minimize support calls.
+===== Implementation =====
   * We will split this into two categories. One for small deployments and another for large deployments.
 ==== Small deployments ====
+{{:technical:psk:privatepsk.png?nolink|}}
   * In a small deployment you need a minimum of one Access Point.
+  * Private PSK is also supported in the mesh networks managed by MESHdesk.
   * You don't need any VLAN aware equipment, the VLAN assignment will be internal.
   * You will typically have:
@@ Line 24: / Line 46: @@
         * Zero or more NAT+DHCP networks
         * Zero or more OpenVPN bridges.
+  * Includes small offices or home deployments
-==== Large deployments ====
+==== Large deployments  (MDU - Multi-dwelling building, Apartments, Hotels. etc) ====
-  * With large deployments you can potentially have hundreds of Access Points all centrally managed using MESHdesk and APdesk.
+{{:technical:psk:privatepsk_large.png?nolink|}}
+  * With large deployments you can potentially have thousands of Access Points all centrally managed using MESHdesk and APdesk.
   * These deployments will include working together with other components to provide an integrated solution.
   * You will typically have
@@ Line 33: / Line 57: @@
         * Multiple VLAN enabled switches.
         * A firewall that hosts multiple networks, each of which is linked to a different VLAN.
+  * Includes Multiple Dwelling Units (MDU), Schools, hotels and conference facilities and WiFi networks with IOT devices.
+<WRAP center round info 100%>
+  * You might have noticed that the Access Points in the picture are the Aruba AP105.
+  * RADIUSdesk provides a solution for networking and does not sell hardware.
+  * The Aruba AP105 along with many other older and current hardware are supported by OpenWrt and can thus be used in your deployment.
+  * No vendor lock-in :-)
+</WRAP>
+===== Why not 802.1x? =====
+  * WPA2 Enterprise are definitely more secure but there are two issues which usually turn people off from implementing it.
+  * Certificate management. The Certificate Authority (CA)'s certificate needs to be installed on the client connecting.
+  * Not all WiFi devices support it.
+        * Many IOT devices do not support WPA2-Enterprise
+        * Many printers and WiFi cameras do not support WPA2-Enterprise.
+  * RADIUSdesk along with MESHdesk and APdesk however also offer WPA2 Enterprise support should you wish to rather implement it instead of Private PSK.

RADIUSdesk

Page Tools

Site Tools

User Tools

Differences