This blog was originally posted here: https://www.engeniustech.com/mypsk-a-network-access-solution-for-universities-multi-tenant-dwellings-and-large-corporations/
Let’s start with the basics.
When you sign up for internet service with an internet service provider (ISP), you are given a router, a default network name, and a default password. You can then personalize your home network’s name to something like “SmithFamilyWiFi” and set a strong password.
Then, all anyone needs is the password to connect to your home network—done deal. Ideally, you’ll share the password only with family and close friends who visit from time to time.
The same thing is true for small and mid-size companies. While you might set up separate staff and guest networks, you’ll generally use a universal password for each network. You can change the password whenever you need to, but it will still be the same password for users on either network.
What is the problem?
Things get much more complicated when you want to set up Wi-Fi for a large university campus, multi-tenant apartment complex, or large corporation. In these cases, you could have hundreds even thousands of users who will frequently come and go. Students leave for the summer or graduate, tenants move out, other tenants move in, employees quit, and new workers are hired.
To have ONE password for everyone is risky. Students, tenants, and employees can potentially share that password with unauthorized users. Then you run the risk of a network meltdown. You also make your network far less secure.
You could establish unique passwords for each user, but the task is too labor-intensive to be practical. Besides, no company wants their IT staff bogged down doing something manually that can easily be handled automatically.
Additionally, some managers might attempt to set up multiple networks (SSIDs) to allocate resources and make user groups more manageable. The problem is that once users wander outside the range of their SSID, they can lose connection with resources like printers or lose connection with the network altogether. Ideally, you want your users to be able to access the network no matter where they are on the property.
What is the solution?
EnGenius Technologies provides a service called MyPSK, which automatically assigns a personalized password to each client on a network. Everyone gets a unique password for their own personal use. With MyPSK, you can create up to 500 unique passwords for each network (SSID). If you have more than 500 users, you can create another SSID to handle the next set of users up to 1,000, and so on.
MyPSK allows you to create up to 500 pre-shared keys (PSKs) for groups of users who you can then assign to any one of several VLANs (virtual networks), which will further allow them access to a specific set of resources like printers, databases, and collaboration groups.
There are three critical benefits to having a personalized password or PSK (pre-shared key):
First, you will enjoy significantly reduced IT administration costs. MyPSK can assign passwords automatically, configuring and autogenerating up to 50 PSKs at a time up to 500 per network SSID.
Second, you can establish a start date and expiration date for the PSKs.
For example, you can allow students to access the campus network a week before classes start until a week after the semester ends. You can allow tenants to access the apartment complex network when they move in until their lease expires. For employees, you can set a start date but no expiration date.
It’s up to you.
Third, you can subdivide your network into smaller virtual networks (VLANs) and allocate bandwidth and resources to each of these smaller networks as you wish.
For example, a university campus has several groups of users: students, faculty, staff, and so on. Each group can be given access to the amount of bandwidth and the number of resources it needs.
Services often include internet access, email, cloud services (Google docs, MS Office 365), streaming services, video conferencing, library materials, databases, security cameras, etc. Setting up separate virtual networks allows you to provide precisely the resources each group needs while keeping each group locked out of the other networks, thus increasing security.
In multi-tenant environments, you can create virtual networks according to building number, user group (staff, tenant, guest), or location (lobby, tennis courts, swimming pool). You can then allocate bandwidth according to what each group needs. Again, creating separate networks keeps each group’s information separate and secure.
In office environments, you can create virtual networks according to department: accounting, tech support, sales, shipping, customer service, security, guests, and so on. Also, MyPSK can be used to provide group resources, such as printers and databases, allowing access to users of that group alone. An added benefit of MyPSK is less congestion as broadcast traffic is also limited to each group.
How Secure Is It?
In addition to ease of use, MyPSK is substantially more secure and provides greater encryption than universal passwords for networks with hundreds, even thousands, of users.
Based on what’s called a “passphrase” and the network name (SSID), MyPSK generates a string of 64 hexadecimal digits—a super long mix of letters and numbers—to form a unique encryption key for each user on the wireless network. The extra layer of protection and uniqueness of the key enhance the overall security of your network.
What Are You Waiting For?
MyPSK saves time and money in setting up passwords for users on massive networks, increases security by establishing a unique password for each user, and increases efficiency by allocating bandwidth and resources at just the right level for each user.