Solving User Authentication with an Improved Employee Hotspot

Part of the consumerization puzzle at Intel was how to give employees access to the network with their own devices. We had a system of WiFi hotspots with web authentication for guests, so when we developed the hotspot program for our employees, we built it using the same process. Not surprisingly, the employees didn’t like it.

And they’re not alone: many users tend to find web authentication annoying. We’ve all been there: You’re in an airport or coffee shop with your laptop or tablet, and to get wireless access you have to open a browser and hope that the log-in window comes up. When it doesn’t, you’re stuck without wireless and no workaround. Ah, the joys of web authentication.

One reason so many places continue to use web authentication despite its annoyance is that it provides a captive portal: the log-in page is a great place to put messaging. But another reason is that many companies don’t realize just how annoying it is!

In earlier days, hotspots just had to accommodate users with laptops with standard web browsers. While many modern mobile devices know to connect to an authentication window when entering a hotspot, not all of them do. Another problem is with dual cell/WiFi devices, where the user might not think to log in using WiFi, not realizing that he’s chipping away at his cell bandwidth allowance.

Better user authentication

What’s the alternative? We developed a system for users to do a one-time registration for their device on an internal website where they accept a terms and privacy agreement and create an account. This system uses 802.1x EAP, which uses a centrally managed radius server for authentication. Each user has a unique password that, once saved in the device settings, will enable automatic log-in. And even better: the same SSID and password work at all Intel campuses worldwide.

We also developed a system that uses virtual routing and forwarding (VRF) technology to overlay the hotspot network on the corporate LAN and WAN networks. With this, we were able to make the hotspot available at all Intel campuses without having to add any dedicated routers or switches.

Getting ahead of device proliferation

We’ve had no issues with the system, and it’s helping us prepare for device proliferation. The system initially needed to allow for laptops, then smartphones, and next came tablets. What’s next? Now many employees have multiple devices, and with the Internet of Things, the number of devices per user will continue to grow. At last count we had 70,000 registered devices on the system, and that’s likely to be closer to 100,000 next year. This is why whatever solution is put in place must be scalable.

You can read the details about our employee hotspot system in a white paper we put out earlier this year called Evolving the Mobile Employee Hotspot for IT Consumerization.