© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 1 of 4

Customer Case Study

EXECUTIVE SUMMARY

Customer Name: Trinity University Industry: Education Location: San Antonio, Texas No. of Employees: 2600 students; 750 faculty and staff

BUSINESS CHALLENGE ● Provide secure network access to thousands

of students, faculty, staff, and guests ● Reduce time and labor of manual onboarding

processes ● Gain visibility and control of network

connected devices

SECURITY SOLUTION ● Cisco Identity Services Engine

BUSINESS RESULTS ● Easy, automated network access for all users

and devices ● Elimination of manual administrative and help

desk processes ● Protection against malware, viruses, and

illegally downloaded content

Secure, Automated Network Access for Any Device on Campus

Trinity University relies on Cisco ISE to enable students, faculty, and guests easy network onboarding.

Business Challenge Trinity University is one of the top private liberal arts institutions in the United States. Founded in 1869, Trinity University is located on a 117-acre campus in San Antonio, Texas. It is consistently ranked as an academic leader by publications such as Princeton Review and U.S. News and World Report. More than 2600 undergraduate and graduate students attend Trinity University, along with a faculty and staff of approximately 750. The university offers a wide-ranging curriculum that covers nearly 40 majors.

As with any large computing environment, protecting users and the Trinity University network from viruses, malware, and illegal content is a constant challenge. Every year, students arrive with at least two or three personal devices they will use to connect to the Trinity network. For Trinity, a bring-your-own-device (BYOD) policy has been  a  cornerstone  of  the  university’s  network  access  security  policy  for years.

In the summer, the challenge is even greater as Trinity hosts a number of conferences that bring thousands of participants and their

devices to the campus. Another issue involves faculty and staff using their personal and school-owned computing devices to conduct transactions across the Trinity network.

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 2 of 4

From smartphones, tablets, game consoles, TVs, eBook readers, and Blu-ray players, to laptops and desktop computers, Trinity University must cope with an ever-expanding variety of personal devices. One Trinity student with a diabetic condition required a network connection for a monitoring device that would send status updates as he slept.

All of these devices must be registered, granted appropriate access, and made to comply with security policies to protect  the  integrity  of  Trinity’s  network.  For  Trinity’s  IT  administrators  and  help  desk  professionals,  these  obligations created a substantial workload requiring many hours of labor and the use of resources that could be better spent on other priorities.

Trinity needed a security solution that could save time by efficiently onboarding multiple device types to its network, while helping ensure high levels of protection and granular policy control to accommodate different levels of access for different types of users.

Solution Trinity University decided to implement the Cisco® Identity Services Engine (ISE) to enable comprehensive and consistent security for the many different types of devices attached to its network.

Cisco ISE provides all-in-one policy control, maintains high levels of security compliance for all types of personal devices, while keeping users productive with reliable access to network data and applications. It employs rigorous identity and policy enforcement across all connections, and it automates device onboarding to lower IT costs and increase efficiency.

“Trinity  University  was  already  a  longtime,  end-to-end Cisco environment. We rely on Cisco security solutions to protect  our  wired,  wireless,  and  VPN  infrastructure,  so  the  decision  to  go  with  Cisco  ISE  was  a  natural  choice,”  says Fred Zapata, director and chief information technology officer, Trinity University.

The Cisco ISE is integrated on the Trinity campus with the Cisco ASA Next-Generation Firewall. Students living in the dorms are required to log in through wired access with 802.1X authentication, set with the Monitoring Mode feature of ISE providing added network protection. Cisco Wireless is used through the campus.

In  particular,  Cisco  ISE  offered  significant  benefits  for  Trinity’s  rapidly  growing  wireless  network.  About  65  percent  of  Trinity’s  traffic  is  on  its  wireless  network,  which  has  been  expanded  several  times  in recent years due to growing demand. At peak periods, more than 1800 wireless devices may be connected to the network. Cisco ISE helps ensure that as the wireless network continues to grow, it can easily handle the influx of new device types and meet the needs of mobile users who require different levels of network access.

“Our  new  facilities  are  integrated  with  the  latest  technologies for HVAC systems, fire alarms, and door access systems that include connectivity to  the  Trinity  network  using  Cisco  ISE,”  says  Fred  Zapata,  director  and  chief  information  technology  officer.  “Maintaining  the  stability  of  these  systems  is  critical.” — Fred Zapata, Director and Chief Information Technology Officer, Trinity University

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 3 of 4

Results With its automated device profiling and self-registration capabilities, Cisco ISE immediately provided significant time-saving  benefits  for  Trinity’s  IT  professionals.  Hours  of  manual processes for bringing new users and devices onto the network each week were eliminated. And during the busy summer months when the school hosts thousands of visiting conference attendees, the help desk workload was reduced by up to 25 percent.

“We  no longer have to manually create guest accounts, maintain a series of generic accounts, or generate passwords every day that we then hand off to our conference services people. With Cisco ISE, we can just send new users to the self-service portal, and they are immediately granted secure network access following the designated  protocol.  It’s  much  easier  for  us  and  a  better  experience  for  the  users,”  says  Douglas  Cooper,  systems  administrator, Trinity University.

Cisco  ISE  also  protects  Trinity’s  network  against threats such as viruses, malware, and spyware by creating a contextual identity for each device and applying policy controls. The policy enforcement capabilities also help Trinity prevent the illegal downloading and sharing of copyrighted content.

“In the past, we have received copyright infringement notices from organizations such as the RIAA, MPAA, HBO, and other media organizations. In one case, a student had to pay a large settlement. With Cisco ISE, we can prevent users from illegally accessing copyrighted  music  or  movies  before  it  gets  to  that  point,”  says  Cooper.

The  network  security  that  Cisco  ISE  provides  also  extends  to  the  newer  “smart”  buildings  on  Trinity’s  campus.  A  key  initiative  is  upgrading  the  university’s  science  facilities,  which  have been gutted and renovated, or torn down and rebuilt for a state-of-the art learning environment.

“Our  new  facilities  are  integrated  with  the  latest  technologies  for  HVAC  (heating  ventilating  and  air  conditioning)  systems, fire alarms, and door access systems  that  include  connectivity  to  the  Trinity  network  using  Cisco  ISE,”  says  Zapata.  “Maintaining  the  stability  of  these  systems  is  critical.”

For students, faculty, and university guests, the biggest benefit of Cisco ISE is a highly efficient user experience. Students and faculty can quickly gain trusted access to the network regardless of the type of device they are using. And guests can easily log onto the network with their own devices with automated identity enforcement. Trinity does not dictate what type of devices users bring with them to campus. As new devices and their educational uses evolve,  Trinity’s  network  has  the  capacity  to  quickly  and  safely  bring  them  onboard.

“Already  we  are  seeing  faculty  using  their  iPads  to  mirror  their  content  to  projector screens, and introducing new instruments  and  scientific  devices  with  network  connectivity  to  the  classroom,”  says  Cooper.  “With  Cisco  ISE,  our  users  have  the  flexibility  and  freedom  to  bring  these  new  devices  onto  our  network  safely  and  easily.”

© 2013 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. Page 4 of 4

PRODUCT LIST

Security and Connectivity ● Cisco Identity Services Engine (ISE) ● Cisco ASA Next-Generation Firewall ● Cisco Web Security Appliance (WSA) ● Cisco Wireless Access Points ● Cisco Wireless Services Module 2 (WiSM2)

Routing and Switching ● Cisco 7206 Routers ● Cisco Catalyst® 6500 Series Switches

Data Center ● Cisco Unified Computing System™ (UCS®)

Cisco Voice and Unified Communications ● Cisco Unified Communications ● Cisco Emergency Responder ● Cisco Contact Center

For More Information To find out more about the Cisco Identity Services Engine (ISE) and the security solutions featured in this case study, go to: http://www.cisco.com/go/ise http://www.cisco.com/go/asa http://www.cisco.com/go/websecurity.

Printed in USA C36-729890-00 11/13