Published on March 10, 2014
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 4 Customer Case Study EXECUTIVE SUMMARY Customer Name: Trinity University Industry: Education Location: San Antonio, Texas No. of Employees: 2600 students; 750 faculty and staff BUSINESS CHALLENGE ● Provide secure network access to thousands of students, faculty, staff, and guests ● Reduce time and labor of manual onboarding processes ● Gain visibility and control of network connected devices SECURITY SOLUTION ● Cisco Identity Services Engine BUSINESS RESULTS ● Easy, automated network access for all users and devices ● Elimination of manual administrative and help desk processes ● Protection against malware, viruses, and illegally downloaded content Secure, Automated Network Access for Any Device on Campus Trinity University relies on Cisco ISE to enable students, faculty, and guests easy network onboarding. Business Challenge Trinity University is one of the top private liberal arts institutions in the United States. Founded in 1869, Trinity University is located on a 117-acre campus in San Antonio, Texas. It is consistently ranked as an academic leader by publications such as Princeton Review and U.S. News and World Report. More than 2600 undergraduate and graduate students attend Trinity University, along with a faculty and staff of approximately 750. The university offers a wide-ranging curriculum that covers nearly 40 majors. As with any large computing environment, protecting users and the Trinity University network from viruses, malware, and illegal content is a constant challenge. Every year, students arrive with at least two or three personal devices they will use to connect to the Trinity network. For Trinity, a bring-your-own-device (BYOD) policy has been a cornerstone of the university’s network access security policy for years. In the summer, the challenge is even greater as Trinity hosts a number of conferences that bring thousands of participants and their devices to the campus. Another issue involves faculty and staff using their personal and school-owned computing devices to conduct transactions across the Trinity network.
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 4 From smartphones, tablets, game consoles, TVs, eBook readers, and Blu-ray players, to laptops and desktop computers, Trinity University must cope with an ever-expanding variety of personal devices. One Trinity student with a diabetic condition required a network connection for a monitoring device that would send status updates as he slept. All of these devices must be registered, granted appropriate access, and made to comply with security policies to protect the integrity of Trinity’s network. For Trinity’s IT administrators and help desk professionals, these obligations created a substantial workload requiring many hours of labor and the use of resources that could be better spent on other priorities. Trinity needed a security solution that could save time by efficiently onboarding multiple device types to its network, while helping ensure high levels of protection and granular policy control to accommodate different levels of access for different types of users. Solution Trinity University decided to implement the Cisco ® Identity Services Engine (ISE) to enable comprehensive and consistent security for the many different types of devices attached to its network. Cisco ISE provides all-in-one policy control, maintains high levels of security compliance for all types of personal devices, while keeping users productive with reliable access to network data and applications. It employs rigorous identity and policy enforcement across all connections, and it automates device onboarding to lower IT costs and increase efficiency. “Trinity University was already a longtime, end-to-end Cisco environment. We rely on Cisco security solutions to protect our wired, wireless, and VPN infrastructure, so the decision to go with Cisco ISE was a natural choice,” says Fred Zapata, director and chief information technology officer, Trinity University. The Cisco ISE is integrated on the Trinity campus with the Cisco ASA Next-Generation Firewall. Students living in the dorms are required to log in through wired access with 802.1X authentication, set with the Monitoring Mode feature of ISE providing added network protection. Cisco Wireless is used through the campus. In particular, Cisco ISE offered significant benefits for Trinity’s rapidly growing wireless network. About 65 percent of Trinity’s traffic is on its wireless network, which has been expanded several times in recent years due to growing demand. At peak periods, more than 1800 wireless devices may be connected to the network. Cisco ISE helps ensure that as the wireless network continues to grow, it can easily handle the influx of new device types and meet the needs of mobile users who require different levels of network access. “Our new facilities are integrated with the latest technologies for HVAC systems, fire alarms, and door access systems that include connectivity to the Trinity network using Cisco ISE,” says Fred Zapata, director and chief information technology officer. “Maintaining the stability of these systems is critical.” — Fred Zapata, Director and Chief Information Technology Officer, Trinity University
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 4 Results With its automated device profiling and self-registration capabilities, Cisco ISE immediately provided significant time-saving benefits for Trinity’s IT professionals. Hours of manual processes for bringing new users and devices onto the network each week were eliminated. And during the busy summer months when the school hosts thousands of visiting conference attendees, the help desk workload was reduced by up to 25 percent. “We no longer have to manually create guest accounts, maintain a series of generic accounts, or generate passwords every day that we then hand off to our conference services people. With Cisco ISE, we can just send new users to the self-service portal, and they are immediately granted secure network access following the designated protocol. It’s much easier for us and a better experience for the users,” says Douglas Cooper, systems administrator, Trinity University. Cisco ISE also protects Trinity’s network against threats such as viruses, malware, and spyware by creating a contextual identity for each device and applying policy controls. The policy enforcement capabilities also help Trinity prevent the illegal downloading and sharing of copyrighted content. “In the past, we have received copyright infringement notices from organizations such as the RIAA, MPAA, HBO, and other media organizations. In one case, a student had to pay a large settlement. With Cisco ISE, we can prevent users from illegally accessing copyrighted music or movies before it gets to that point,” says Cooper. The network security that Cisco ISE provides also extends to the newer “smart” buildings on Trinity’s campus. A key initiative is upgrading the university’s science facilities, which have been gutted and renovated, or torn down and rebuilt for a state-of-the art learning environment. “Our new facilities are integrated with the latest technologies for HVAC (heating ventilating and air conditioning) systems, fire alarms, and door access systems that include connectivity to the Trinity network using Cisco ISE,” says Zapata. “Maintaining the stability of these systems is critical.” For students, faculty, and university guests, the biggest benefit of Cisco ISE is a highly efficient user experience. Students and faculty can quickly gain trusted access to the network regardless of the type of device they are using. And guests can easily log onto the network with their own devices with automated identity enforcement. Trinity does not dictate what type of devices users bring with them to campus. As new devices and their educational uses evolve, Trinity’s network has the capacity to quickly and safely bring them onboard. “Already we are seeing faculty using their iPads to mirror their content to projector screens, and introducing new instruments and scientific devices with network connectivity to the classroom,” says Cooper. “With Cisco ISE, our users have the flexibility and freedom to bring these new devices onto our network safely and easily.”
© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 4 PRODUCT LIST Security and Connectivity ● Cisco Identity Services Engine (ISE) ● Cisco ASA Next-Generation Firewall ● Cisco Web Security Appliance (WSA) ● Cisco Wireless Access Points ● Cisco Wireless Services Module 2 (WiSM2) Routing and Switching ● Cisco 7206 Routers ● Cisco Catalyst ® 6500 Series Switches Data Center ● Cisco Unified Computing System ™ (UCS ® ) Cisco Voice and Unified Communications ● Cisco Unified Communications ● Cisco Emergency Responder ● Cisco Contact Center For More Information To find out more about the Cisco Identity Services Engine (ISE) and the security solutions featured in this case study, go to: http://www.cisco.com/go/ise http://www.cisco.com/go/asa http://www.cisco.com/go/websecurity. Printed in USA C36-729890-00 11/13
Secure, Automated Network Access for Any Device on Campus Trinity University relies on Cisco ISE to enable students, faculty, and guests easy