I'm setting up a new Smartzone 144 cluster and am trying to figure out how to duplicate the Zero-IT device registration that allows our users to sign in to the portal on the controller and pass Active Directory credentials in order to get a DPSK for our BYOD network. This has been working great on our ZoneDirectors, but I've seen suggestions that this functionality has been deprecated. Really that's what I want to figure out - is this still possible on the new controllers.
Zero-IT functionality has never existed in any version of SZ code. DPSK is there, but no Zero-IT. I know that many have submitted feature requests to add it, but I am not sure of the status. Since your users have AD accounts, that means you also have NPS and certificate services. Setting up RADIUS could be a good alternative.
Cloudpath would be the best solution to add here to give you a ZeroIT experience and more.
Cloudpath offers external DPSK so that DPSK is offloaded from SZ and lives on Cloudpath. This also means it is unbound which does not require you to know the mac address of the device prior to assigning a DPSK key.
If you want to know more details, reach out to your local account team.
Cloudpath is a good product but I don't agree that it is the best solution in this case. We've implemented Cloudpath dozens of times, and in certain cases it can be a better solution (onboarding headless devices to use mac auth, users don't have AD accounts, ...). In Tim's case, Zero-IT was a good solution, plus his users have AD accounts. My assumption from that is that he does not need elaborate workflows that Cloudpath could provide, and the only advantage to using Cloudpath would be onboarding headless/iot devices. Other than that, the services available in Windows Server can, in Tim's case, do everything Cloudplath can do. In addition to that, RADIUS is free and Cloudpath costs $14-16 for each user every year (volume discounts available if > 1,000 users). As for which is closest to a Zero-IT experience, I believe RADIUS wins there too.
Zero-IT: connect to the provisioning network, enter AD credentials, download/execute a script or exe depending on the device OS, thereafter connections are automatic.
RADIUS: connect to the production WLAN, first time user must enter AD credentials, thereafter connections are automatic.
Cloudpath: similar to RADIUS but usually has more steps depending on how the workflow is designed.