Configuring Network Profiles
From a network profile you can, configure WLAN IP settings, WLAN security settings, and WWAN settings for devices on your network.
When you configure WLAN IP, WLAN, and WWAN settings, you can either make the changes take effect immediately or select the start time for those settings to take effect. Once the settings take effect, if there is more than one network profile enabled and applied at a folder, the network profile with the highest priority will be the profile that is applied on your devices.
Old Enablers don't store scheduled settings. They will receive the new network settings the first time they connect to the server after the scheduled start time.
Configuring WLAN IP Settings
With a network profile, you can configure WLAN IP settings for your devices and schedule when those settings will be applied. The options include:
Override manual settings on mobile device |
Overrides IP settings that have been set on the device. |
Server Address |
Provides mobile devices with the server address. You can provide the address or DNS name. If you use the Use server address option, the mobile device uses the address of the server to which the device connects. If using a DNS name, click Resolve to ensure the address can be resolved. If the mobile device profile has provided a server address, that address will override whatever is provided by the network profile. |
Gateway |
Provides mobile devices with the address for the node that handles traffic with devices outside the subnet. You can provide the address or DNS name. If you use the Use server address option, the mobile device uses the gateway of the server to which the device connects. |
Subnet Mask |
Provides mobile devices with the subnet mask. You can provide the address or DNS name. If you choose to use the Use server address option, the mobile device uses the mask of the server to which the device connects. |
Manage DNS |
Allows the profile to manage DNS options for the devices. |
Domain Name |
Provides the domain name to the devices. |
Primary |
Provides mobile devices with the IP address for a primary DNS. |
Secondary |
Provides mobile devices with the IP address for a secondary DNS (used if the primary DNS is unavailable). |
Tertiary |
Provides mobile devices with the IP address for a tertiary DNS (used if the primary and secondary DNS are unavailable). |
Manage IP Assignment |
Allows you to manage the IP addresses assigned to your mobile devices. You can choose to use either a DHCP server or IP pool assignment. |
To configure current WLAN IP settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.Click Edit.
The Edit Network Profile page appears.
3.Enable the Manage WLAN IP check box.
The WLAN IP Settings panel appears.
4.Configure the WLAN IP settings as desired.
5.Click Save to save your changes.
To configure scheduled changes for WLAN IP settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.In the Scheduled Profile Changes panel, click New.
3.Select the Start Date and Time that you want the settings to take effect and configure the scheduled settings as desired.
4.Click Save.
The changes are applied at the scheduled time.
Configuring WLAN Settings
From a network profile, you can configure WLAN settings for your devices. These settings will be deployed with the profile and applied on the device. The options include:
SSID |
This option provides wireless devices with the SSID. The SSID is a service set identifier that only allows communication between devices sharing the same SSID. |
Encryption |
This option allows you to enable encryption between your devices and the server. You have the following options for encryption: |
|
None. Devices do not encrypt information. |
|
WEP. Wired Equivalent Privacy is an encryption protocol using either a 40- or 128-bit key which is distributed to your devices. When WEP is enabled, a device can only communicate with other devices that share the same WEP key. Avalanche only tracks the WEP keys that were assigned to devices through the Avalanche Console. Consequently, WEP keys displayed in the Console might not match the keys for a wireless device if you modified them from outside of Avalanche. |
|
WEP Key Rotation. WEP key rotation employs four keys which are automatically rotated at specified intervals. Each time the keys are rotated, one key is replaced by a new, randomly generated key. WEP key rotation settings are not recoverable. If the system hosting the server becomes unavailable (for example, due to a hardware crash), you must re-connect serially to each mobile device to ensure that WEP key settings are correctly synchronized. |
|
WPA (TKIP). WPA, or Wi-Fi Protected Access, uses Temporal Key Integrity Protocol (TKIP) to encrypt information and change the encryption keys as the system is used. WPA uses a larger key and a message integrity check to make the encryption more secure than WEP. In addition, WPA is designed to shut down the network for 60 seconds when an attempt to break the encryption is detected. WPA availability is dependent on some hardware types. |
|
WPA2 (AES). WPA2 is similar to WPA but meets even higher standards for encryption security. In WPA2, encryption, key management, and message integrity are handled by CCMP (Counter Mode with Cipher Block Chaining Message Authentication Code Protocol) instead of TKIP. WPA2 availability is dependent on some hardware types. |
|
WPA(TKIP) + WPA2(AES). WPA Mixed Mode allows you to use either AES or TKIP encryption, depending on what the device supports. |
Key |
The pre-shared key if you are using PSK with WPA or WPA2. |
Broadcast Key Rotation Interval |
How frequently the access points' broadcast key is changed. |
Custom Properties |
This option allows you to add custom properties to the devices that receive this network profile. By clicking __ defined, you can add, edit, and delete properties and their values. Custom properties are defined with key-value pairs. |
Authentication Settings |
The authentication types available depend on the encryption you select and what is supported by your Enabler and hardware. You must select the encryption type and then click Use authentication before the authentication options are available. Authentication options include: |
|
EAP. Extensible Authentication Protocol. Avalanche supports multiple EAP methods as described below. |
|
PEAP/MS-CHAPv2. (Protected Extensible Authentication Protocol combined with Microsoft Challenge Handshake Authentication Protocol) PEAP/MS‑CHAPv2 is available when you are using encryption. It uses a public key certificate to establish a Transport Layer Security tunnel between the client and the authentication server. |
|
PEAP/GTC. (Protected Extensible Authentication Protocol with Generic Token Card) PEAP/GTC is available when you are using encryption. It is similar to PEAP/MS‑CHAPv2, but uses an inner authentication protocol instead of MS-CHAP. |
|
EAP_FAST/MS-CHAPv2. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling combined with MS‑CHAPv2) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
EAP_FAST/GTC. (Extensible Authentication Protocol - Flexible Authentication via Secure Tunneling with Generic Token Card) EAP‑FAST uses protected access credentials and optional certificates to establish a Transport Layer Security tunnel. |
|
TTLS/MS‑CHAPv2. (Tunneled Transport Layer Security with MS‑CHAPv2) TTLS uses public key infrastructure certificates (only on the server) to establish a Transport Layer Security tunnel. |
|
LEAP. (Lightweight Extensible Authentication Protocol) LEAP requires both client and server to authenticate and then creates a dynamic WEP key. |
EAP-TLS. (Extensible Authentication Protocol - Transport Layer Security) EAP-TLS is one of the most secure EAP standards available for wireless LAN authentication, utilizing certificates on both the device and server to establish a secure connection. When this authentication setting is selected, you can provide an Active Directory Username and corporate Domain to apply to all authentication requests. This option is only available for WPA (TKIP) and WPA 2 (AES) encryption methods. If you are using the Certificate Management Server, you must use EAP-TLS. For more information on certificate management, see Using the Certificate Management Server. |
|
Validate Server Certificate |
Uploads a master certificate to compare between the Certificate Management Server and Enabler during authentication. If the certificates don't match, the device is prevented from accessing the network. This option is best if you use a single certificate across multiple devices. This certificate is not automatically renewed through your SCEP server and must manually be uploaded each renewal period. |
Deploy Client Certificate |
This option allows you to distribute SSL certificates directly to devices using this network profile. As part of the certificate management setup process, enabling this setting is required to deploy certificates to AIDC devices. For more information, see Using the Certificate Management Server. |
Client Certificate Source |
Certificate Authority. Distributes individual certificates to devices using a Certificate Authority. This method is best when you want to distribute a unique certificate to each device. For more information, see Configuring General System Settings. When you select this option, the following fields appear: •Certificate Authority. Displays all available Certificate Authorities for managing individual device certificates. To use this option, you must have at least one Microsoft Certificate Authority (SCEP) added on the System Settings screen. You can only select one Certificate Authority per network profile. •Validity. Attaches an expiration to certificates. The Days until expiration field allows you to set when to check for the certificate expiration. The Renew certificate automatically check box is dependent on the expiration and determines whether Avalanche will automatically renew the certificate or let it expire. Upload to Avalanche. Uploads a single certificate to Avalanche and distributes it to all devices associated with the profile. When uploading a certificate, you must also provide the certificate's password. This method is best when you want to distribute a single certificate between multiple devices. |
Credentials |
This option allows you to determine whether users are prompted for login credentials or use fixed credentials when accessing the network. |
Prompt |
Prompts users to enter credentials when a device connects to this network. This option is best for organizations that regularly update network credentials for security purposes. |
Fixed |
Automatically enters the provided username, password, and domain when connecting to the network for hands-free Wi-Fi connections. |
To configure current WLAN settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.Click Edit.
The Edit Network Profile page appears.
3.Enable the Manage WLAN check box.
The WLAN Settings panel appears.
4.Configure the WLAN settings as desired. If you select 128-bit WEP, WPA, or WPA2 encryption, you can enable the Use authentication check box to select the type of authentication to use.
•If you select WEP keys, select either 40-bit or 128-bit key size. If you are using 128-bit WEP with encryption, the keys will be automatically generated. Otherwise, you must provide the keys in hex format. A 40-bit key should have 10 characters and a 128-bit key should have 26 characters. To change the value for one of the keys, type a new value (using 0-9 and A-F) in the appropriate text box. An example of a 40-bit key would be: 5D43AB290F. Then select the key that the device will transmit from the Transmit key drop-down menu.
•If you select WEP key rotation, choose the 40- or 128-bit key size, the starting date and time, rotation interval, and a passcode.
•If you are using a pre-shared key with WPA or WPA2, type the passphrase or hex key in the Key text box. Use the Broadcast key rotation interval option to set how often the key is rotated.
•If you select PEAP or TTLS authentication, enable the Validate Server Certificate check box to provide a path to the certificate.
•If you select EAP_FAST, provide a path and password to a PAC (Protected Access Credential) file. This will provision devices with the PAC file.
•If you are any of these authentication methods, configure whether the User Credentials are Prompt (user is prompted when credentials are required) or Fixed (credentials are automatically sent when required).
5.Click Save to save your changes.
To configure scheduled changes for WLAN settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.In the Scheduled Profile Changes panel, click New.
3.Select the Start Date and Time that you want the settings to take effect and configure the scheduled settings as desired.
4.Click Save.
The changes are applied at the scheduled time.
Configuring WWAN Settings
From a network profile, you can configure WWAN settings for your devices with WWAN capabilities. These settings will be deployed with the profile and applied on the device. The options include:
Connection Name |
A name for the connection. |
Connection Type |
There are two connection types available for your WWAN-enabled devices: APN (GPRS / EDGE / 3G). Provide a domain (Access Point Name) if you are using this type of connection. An example of an APN would be: wap.cingular Dial-Up. Type the number to be dialed by the modem. This does not correspond to the number of the device. |
Credentials |
Sets the Username, Password, and Domain credentials for the connection when they are necessary. |
Custom Properties |
This option allows you to add custom properties to the devices that receive this network profile. By clicking _defined, you can add, edit, and delete properties and their values. Custom properties are defined with key-value pairs. |
Enable TCP/IP header compression |
Improves the performance of low-speed connections. |
Enable software compression |
Improves the performance of low-speed connections. |
Activate phone as needed |
Allows the Enabler to activate the device’s phone if a WWAN connection is necessary. |
Dial broadband connection as needed |
Allows the Enabler to attempt a WWAN connection if a LAN connection cannot be established. |
Public IP address for Avalanche Server |
Provides the IP address of the enterprise server that is accessible from a WWAN. This is necessary if the device tries to contact the server when connecting from outside of the server’s local network. |
To configure current WWAN settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.Click Edit.
The Edit Network Profile page appears.
3.Enable the Manage WWAN check box.
The WWAN Settings panel appears.
4.Configure the WWAN settings as desired.
5.Click Save to save your changes.
To configure scheduled changes for WWAN settings
1.From the Available Profiles panel on the Profiles tab, click on the network profile you want to edit.
The Network Profile Details page appears.
2.In the Scheduled Profile Changes panel, click New.
3.Select the Start Date and Time that you want the settings to take effect and configure the scheduled settings as desired.
4.Click Save.
The changes are applied at the scheduled time.