Array Networks will announce at Interop Las Vegas next week that it has expanded its SSL protection from remote-access users to include those coming in over Wi-Fi connections, and basing authentication in users' identities.

WiFiProtect runs on Array's SPX Universal Access Controller hardware and incorporates three new technologies uniquely supporting Wi-Fi, the vendor says. (Compare SSL VPN products.)

First, the software directs machines coming onto the network via wireless access points to a portal where they have to present credentials. This authentication can be based on user ID, machine ID or network ID, and differentiates guest users from employees.

Guest users then are diverted to a virtual LAN (VLAN) that grants them limited access, such as a connection to the Internet. Guest access also uses the second new technology, which is authorized, unencrypted traffic flow, says Sunil Cherian, Array's vice president of product marketing.

The Wi-Fi access protection also introduces "guest sponsorship," in which an authorized employee can vouch for guests and issue credentials for them to gain guest access. Employees are linked to each guest they authorize, making it possible to hold them accountable if guests seem to be at the root of security incidents, Cherian says. Previously receptionists would issue identification for guests to use, but such staff would not necessarily have as close a tie to guests as the employees the guests are visiting. The new method strengthens accountability for guests, he says.

Employees using managed machines are diverted to a separate portal that authenticates them and directs them to a VLAN that supports corporate resources. Network administrators can assign groups of employees to VLANs based on existing RADIUS, Lightweight Directory Access Protocol and Active Directory groups.

WiFiProtect gear is placed upstream from wireless access points and controllers, so users can connect to the wireless network, but not without being challenged by the Array box. The gear is compatible with any vendor's access points and controllers, Array says.

Customers can buy WiFiProtect as a stand-alone product or combined with the SPX Universal Access Controller. So, a customer could start out with WiFiProtect and upgrade it to include all SPX features, or start with SPX features and add WiFiProtect as needed. Cherian says.