SlideShare une entreprise Scribd logo

Access Management with Aruba ClearPass #AirheadsConf Italy

Télécharger en tant que PPTX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Access Management with Aruba ClearPass #AirheadsConf Italy

TechnologieBusiness
1  sur  57
Access Management with Aruba ClearPass June 2014
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf • Introductions & Expectations • What is ClearPass • ClearPass – Policy Model • Authorization – What and Why • Profile – How does it work • Clustering & Deployment • Q & A Agenda
3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Overview
4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Evolving IT Landscape USER CENTRIC, SELF SERVICEIT CENTRIC Windows Fixed Environment Wired Network IT Managed Slow Refresh Multiple Platforms Work from anywhere Wired, Wi-Fi, Cellular Selection of devices & apps User Timeframes
5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf The ClearPass Solution Comprehensive Solutions Architecture WORKFLOW POLICYVISIBILITY Role-based Enforcement Health/Posture Checks Device and App Device Profiling Troubleshooting Per Session Tracking Onboarding, Registration Guest Management MDM Integration
6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf The ClearPass Access Security Platform CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 @arubanetworks Policy Services Identity Stores 3rd Party MDM App Servers DIFFERENTIATED ACCESS UNIFIED POLICIES DEVICE VISIBILITY GUEST EMPLOYEE POLICY SERVICES ENTERPRISE-CLASS AAA RADIUS, TACACS+ VPN OnGuard Posture & Health Checks Onboard Device Provisioning Guest Visitor Management Multivendor Networks ClearPass Policy Manager AAA Services ONE IDPolicy Engine
7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context-Based Access Control • Differentiated Access – Role, device type, access method • Policy-based AAA Services – Support for 802.1X, MAC, Web (HTTPS) authentication – Communicate to network devices via RADIUS, RADIUS CoA, TACACS+, SNMP – Ability to read from multiple identity stores (AD, LDAP, SQL, Kerberos, Token Server, Etc.) – Enforcement Options – Allow/Deny, VLAN, ACL, dACL, url redirects, SNMP • Contextual Policy Elements – Time, location, group, OS version, project VPN *
8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Platform Features – Out of the box Multivendor DNA Wired, WLAN, VPN Core Authentication AAA, LDAP, AD, Kerberos, Token, SQL, MAC, 802.1x, TACACS+, HTTPS, SSO (SAML, Okta) Integrated Profiling Device profiling across wired & wireless Use directly in authorization policy
9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Core Services MDM Integration Leverage information gained from MDM vendors for profile & to influence policy TACACS+ Server Replace legacy ACS solutions Context Aware Authorization Device type, User, Time, Location, Posture Layer multiple conditions for policy derivation
10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Platform Features – Out of the box Scale with Clustering Supports 1 million endpoints per cluster Centralized or distributed architecture Flexible Licensing • Perpetual licenses • Subscription licenses • 25 free endpoint Enterprise license included Physical or Virtual Appliances Sized for variety of customer needs Virtual Appliance relies upon VMWare
11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What’s in ClearPass 6.3 INTEGRATIONINTEROPERABILITY
12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf INTEGRATIONINTEROPERABILITY What’s in ClearPass 6.3
13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Auto Sign-On Only Aruba lets you sign-in once & you’re good to go • One login for all web/mobile apps – Uses valid network login • NO App logins • IBM, Okta, Ping • ClearPass as Provider (IdP) – Uses SAML, not RADIUS
14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Exchange Two-way Third-Party Integration Syslog Messages / RESTful APIs Jail-broken device detected Helpdesk ticket auto generated Message to device auto generated 1. 2.3. ClearPass denies access to device
15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model
16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model • What constitutes the policy model? • How does it work? • What are the interactions between various components? • How does the policy model affect configuration & deployment?
17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model Policy Identity Health Device Conditions • Role • Department • Group • AV, AS, FW • Registry Keys • Services… • Device type, status, health • Address, O/S • Corp. Owned • Time • Location • Day of Week
18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What’s the flow? Authenticate • Valid Authentication Authorize • Find Out What’s Allowed Associate Context • Device, Time, Location, Posture Enforce on NAS • Roles, ACLs, VLANs
19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What Are The Interactions? RADIUS Server – Authenticate Policy Server – Authorize Policy Server – Associate Context Policy Server – Decision Tree RADIUS Server – Enforce
20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Enforcement ClearPass Use external context to define granular policies • User / role • Device fingerprint • OS version • Health checks • Jailbreak status • Location • Trusted or untrusted network • Time • Date • Wired, Wi-Fi, VPN enforcement
21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Service Flow – 802.1X Layer 2 RADIUS Request Layer 2 Authentication Layer 2 Authorization Layer 2 Role Derivation Layer 2 RADIUS Enforcement Layer 3 Profile Layer 2 NAP Layer 3 OnGuard
22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Service Flow – Implications • Layer 2 Authentications are completed first – Full Authorization – Role Derivation – NAP (if enabled) – Layer 2 Enforcement • Layer 3 : Profile next – DHCP Request, DHCP Offer – RFC 3576 – Change of Authorization • Another Layer 2 authentication! – No RFC 3576 message if “fingerprint” does not change • Layer 3 : Collect Posture last (OnGuard) – Posture over HTTPS – RFC 3576 based on policy • Another Layer 2 authentication!
23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – What and Why
24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – What and Why? • Authentication vs. Authorization • Authorization & ClearPass • Use Cases
25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization & ClearPass “Authorization” Sources in ClearPass – Where do I find them? – How do I use them? – How often does ClearPass talk to an authorization source? – What happens in case something goes wrong?
26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – Where? An “Authentication Source” is an “Authorization Source” – RADIUS Server vs. Policy Server
27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – How? Authentication Sources are automatic Authorization Sources Additional Authorization Sources enabled per Service No Authorization unless used in Roles!
28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – How? Authorize with Active Directory Authorize with Profile Data Rule Algorithm : Evaluate All
29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – How? Ok, great. But will ClearPass flood my AD with authorization requests? – Authorization data is cached per user – New request made to fetch data once the cache expires – Cache timers can be tuned Cache Timeout Default: 10 hours
30 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – How? Got it But I just made a bunch of changes on my AD. Should I need to wait 10 hours? – Tune the cache timers – “Clear Cache” button on the Authentication Source • Wipes out cache for all users – “Save” button on the Authentication Source • Wipes out cache for all users – Restart Policy Server • BAD IDEA!!!
31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – Uh-Oh! If an Authentication/Authorization Source is not reachable – Configure Backup Servers – Configure Fail-Over Timeout Fail-Over Timeout Backup Servers
32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Mergers & Acquisitions Active Directory Domain – avendasys.com Active Directory Domain – arubanetworks.com
33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authentication & Authorization Sources for TLS Certificate Details used for Authorization Enable Authorization – Source specified in the Service Compare Certificate – Source specified in the Service Use Cases – Certificates & TLS
34 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Asset Databases LDAP/SQL Interface to Asset Databases – Key : MAC Address – Authorization Attributes • Ownership – Corporate vs. Personal • Compliance Status – In/Out of compliance – Identify corporate-owned non-Windows devices
35 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile – How Does It Work?
36 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile – How does it work? • Profile & Network Data • Automatic Profile “upgrades” • Using Profile data in policy • Configuring Profile – DHCP? HTTP? SNMP? • Use Cases
37 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile & Network Data What does ClearPass use to profile? – MAC OUIs – DHCP Request, DHCP Offer – HTTP User-Agent – MDM Fingerprints – Device Interrogation – SNMP/CDP/LLDP Data
38 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Fingerprint Updates • Subscribe to Fingerprint Updates – Automatic reclassification – Updated frequently • Tell Aruba! – Create policy exceptions – Grab fingerprints from UI – Send fingerprints to Aruba – Crowd-sourced, community oriented
39 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Using Profile data in policy • Automatic 3-level categorization – Device Category, OS Family, Device Name • Using raw profile data – DHCP Data, HTTP User-Agent, SNMP Data • Role Mapping – What should I use? • Enforcement – How do I enforce? – What are the benefits?
40 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Configuring Profile – Network Considerations • DHCP Relay – Where should I setup DHCP relays? • Captive Portal Configuration – Is there a knob for this? • Reading SNMP Data – CDP – LLDP – HR MIB – SysDescr MIB
41 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases • Policy – CEOs & iPads • Policy – “Headless” Devices • Visibility – Demystifying BYODs
42 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – CEOs & iPads Assign Roles Enforce Access
43 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Headless Devices Identify & Assign Roles To Headless Devices
44 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Visibility
45 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering & Deployment
46 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering & Deployment • Clustering Technology – What’s replicated? What’s not? • Deploying ClearPass Clusters – Considerations • Operations & Maintenance – What happens when a ClearPass node is down? – Events & Alerts – Rescue & Recovery
47 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering Technology • What’s replicated? – All policy configuration elements – All Audit data – All identity store data • Guest Accounts, Endpoints, Profile data – Runtime Information • Authorization status, Posture status, Roles • Connectivity Information, NAS Details – Database replication on port# 5432 over SSL – Runtime replication on port# 443 over SSL
48 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering Technology • What’s not replicated? – Log files – Authentication Records – Accounting Records – System Events – System Monitor Data
49 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations • How do they connect? – Requires IP connectivity (bi-directional) • Port # 5432 (Database over SSL) • Port# 80 (HTTP) • Port #443 (HTTPS) • Port #123 (NTP) • How much data should we expect to see crossing the wire? – Only elements in the configuration database – First sync is a full database copy – Subsequent sync – Delta changes propagated
50 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations Hub & Spoke PUBLISHER SUBSCRIBER 1 SUBSCRIBER 2 SUBSCRIBER 3 SUBSCRIBER 4 SUBSCRIBER 5 SUBSCRIBER 6
51 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations Central / Distributed Admin Domains Redundancy/Load Balancing Cluster wide licensesCPPM – Publisher DNS DHCP Identity Stores Main Data Center Mid-size Branch Regional Office DMZ CPPM Subscriber VM CP Guest CP Onboard CPPM Subscriber CPPM Subscriber
52 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operations & Maintenance • What happens when a node goes down? – Operations • If Deployed Right – Nothing • RADIUS Backup settings on the NAS – If the Publisher goes down • No Database Writes Allowed!! • Promote a Subscriber to a Publisher • Resume configuration updates
53 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Events & Alerts • How long before ClearPass figures out something’s wrong? – 24 hours before it automatically “drops” a node from the cluster – Cluster Synchronization Warnings • 1 event every hour x 24 hours = 24 events – CPU/Memory Usage Warnings  Every 2 Minutes – Server Certificate Warnings  Every 24 Hours – Service Alerts  Immediate • Email/SMS Alerts using Insight, Syslog & SNMP
54 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operations & Maintenance • Rescue & Recovery – Establish cluster connectivity • Database sync will ensue. Watch for “Last Sync Time” – Restore certificates • Server Certificates are not installed as a part of the sync – Restore log entries (If necessary) • Caveat : High disk activity for an extended period of time – Verify fail-back on the NAS • NAS fail-back timers should kick in
55 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf
56 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Q & A
57 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Thank You #AirheadsConf

Recommandé

Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Enabling the Virtual Enterprise
Enabling the Virtual EnterpriseEnabling the Virtual Enterprise
Enabling the Virtual EnterpriseAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentalsAruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANsAruba, a Hewlett Packard Enterprise company
 

Recommandé

Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
Enabling the Virtual Enterprise
Enabling the Virtual EnterpriseEnabling the Virtual Enterprise
Enabling the Virtual EnterpriseAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentalsAruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANsAruba, a Hewlett Packard Enterprise company
 
Clear passbasics derinmellor
Clear passbasics derinmellorClear passbasics derinmellor
Clear passbasics derinmellorAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteAruba, a Hewlett Packard Enterprise company
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPassAruba, a Hewlett Packard Enterprise company
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaAruba, a Hewlett Packard Enterprise company
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Aruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Aruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAruba, a Hewlett Packard Enterprise company
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliAruba, a Hewlett Packard Enterprise company
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentalsAruba, a Hewlett Packard Enterprise company
 
Wlan designfor highdensityenvironments_chuck lukaszewski
Wlan designfor highdensityenvironments_chuck lukaszewskiWlan designfor highdensityenvironments_chuck lukaszewski
Wlan designfor highdensityenvironments_chuck lukaszewskiAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentalsAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopShanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopAruba, a Hewlett Packard Enterprise company
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanAruba, a Hewlett Packard Enterprise company
 
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2Marcello Marchesini
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 

Contenu connexe

Tendances

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 

Tendances (20)

Clear passbasics derinmellor
Clear passbasics derinmellorClear passbasics derinmellor
Clear passbasics derinmellor
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubia
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Top 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison leeTop 10 tips_aruba_tac_madison lee
Top 10 tips_aruba_tac_madison lee
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 
2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals2012 ah apj wlan security fundamentals
2012 ah apj wlan security fundamentals
 
Wlan designfor highdensityenvironments_chuck lukaszewski
Wlan designfor highdensityenvironments_chuck lukaszewskiWlan designfor highdensityenvironments_chuck lukaszewski
Wlan designfor highdensityenvironments_chuck lukaszewski
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals
 
Shanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopShanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave Workshop
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 

En vedette

ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2Marcello Marchesini
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...Aruba, a Hewlett Packard Enterprise company
 
ARUBA community - WLAN design and troubleshooting
ARUBA community - WLAN design and troubleshootingARUBA community - WLAN design and troubleshooting
ARUBA community - WLAN design and troubleshootingMarcello Marchesini
 
Akamai State of Internet - Q1 2014 - Infographic
Akamai State of Internet - Q1 2014 - InfographicAkamai State of Internet - Q1 2014 - Infographic
Akamai State of Internet - Q1 2014 - InfographicMarcello Marchesini
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportCisco Mobility
 

En vedette (20)

ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
ARUBA 2014 : 802.11ac Wi-Fi fundamentals v2
 
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
The Aruba Tech Support Top 10: WLAN design, configuration and troubleshooting...
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplace
 
Aruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentalsAruba WLANs 101 and design fundamentals
Aruba WLANs 101 and design fundamentals
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
 
Packets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 framesPackets never lie: An in-depth overview of 802.11 frames
Packets never lie: An in-depth overview of 802.11 frames
 
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig PortsOverview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
Overview of Major Aruba Switching Features incl. Smart Rate for Multi-Gig Ports
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
Getting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement FirewallGetting the most out of the Aruba Policy Enforcement Firewall
Getting the most out of the Aruba Policy Enforcement Firewall
 
Wi-Fi Security Fundamentals
Wi-Fi Security FundamentalsWi-Fi Security Fundamentals
Wi-Fi Security Fundamentals
 
ARUBA community - WLAN design and troubleshooting
ARUBA community - WLAN design and troubleshootingARUBA community - WLAN design and troubleshooting
ARUBA community - WLAN design and troubleshooting
 
Akamai State of Internet - Q1 2014 - Infographic
Akamai State of Internet - Q1 2014 - InfographicAkamai State of Internet - Q1 2014 - Infographic
Akamai State of Internet - Q1 2014 - Infographic
 
Voice over IP (VoIP) Deployment with Aruba Mobility Access Switch
Voice over IP (VoIP) Deployment with Aruba Mobility Access SwitchVoice over IP (VoIP) Deployment with Aruba Mobility Access Switch
Voice over IP (VoIP) Deployment with Aruba Mobility Access Switch
 
2012 ah apj top 10 tips from aruba tac
2012 ah apj top 10 tips from aruba tac2012 ah apj top 10 tips from aruba tac
2012 ah apj top 10 tips from aruba tac
 
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom ReportWireless Controller Comparative Performance Cisco vs Aruba Miercom Report
Wireless Controller Comparative Performance Cisco vs Aruba Miercom Report
 
Campus Redundancy Models
Campus Redundancy ModelsCampus Redundancy Models
Campus Redundancy Models
 
Outdoor Point-to-Point Deployments
Outdoor Point-to-Point DeploymentsOutdoor Point-to-Point Deployments
Outdoor Point-to-Point Deployments
 
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
Breakout - Airheads Macau 2013 - Top 10 Tips from Aruba TAC
 
Shanghai Breakout: Aruba Mobility Access Switch Workshop
Shanghai Breakout: Aruba Mobility Access Switch Workshop Shanghai Breakout: Aruba Mobility Access Switch Workshop
Shanghai Breakout: Aruba Mobility Access Switch Workshop
 

Similaire à Access Management with Aruba ClearPass #AirheadsConf Italy

ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014Marcello Marchesini
 
Aos & cppm integration configuration & testing document for eap tls & eap ...
Aos & cppm integration configuration & testing document for eap tls & eap ...Aos & cppm integration configuration & testing document for eap tls & eap ...
Aos & cppm integration configuration & testing document for eap tls & eap ...Abilash Soundararajan
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapJulia Ostrowski
 
ClearPass_Design Info.pptx
ClearPass_Design Info.pptxClearPass_Design Info.pptx
ClearPass_Design Info.pptxssuser63c018
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes Mitchell Pronschinske
 
How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN Shashi Kiran
 
API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014Joelith
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...CA Technologies
 

Similaire à Access Management with Aruba ClearPass #AirheadsConf Italy (20)

Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
Remote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyRemote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf Italy
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf Italy
 
ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014
 
Aos & cppm integration configuration & testing document for eap tls & eap ...
Aos & cppm integration configuration & testing document for eap tls & eap ...Aos & cppm integration configuration & testing document for eap tls & eap ...
Aos & cppm integration configuration & testing document for eap tls & eap ...
 
Enabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your NetworkEnabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your Network
 
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
 
Unified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live DemoUnified access with Aruba Mobility Access Switches – Live Demo
Unified access with Aruba Mobility Access Switches – Live Demo
 
Network Management with Aruba AirWave
Network Management with Aruba AirWaveNetwork Management with Aruba AirWave
Network Management with Aruba AirWave
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Aos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peapAos & cppm integration & testing document for eap tls & eap peap
Aos & cppm integration & testing document for eap tls & eap peap
 
ClearPass_Design Info.pptx
ClearPass_Design Info.pptxClearPass_Design Info.pptx
ClearPass_Design Info.pptx
 
Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 
Smart networking with service meshes
Smart networking with service meshes Smart networking with service meshes
Smart networking with service meshes
 
Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals Shanghai Breakout: Wireless LAN Security Fundamentals
Shanghai Breakout: Wireless LAN Security Fundamentals
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy1 voice and video over wi fi-balajee krishnamurthy
1 voice and video over wi fi-balajee krishnamurthy
 
How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN How Enterprises will Benefit from SDN
How Enterprises will Benefit from SDN
 
API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014API Gateway - OFM Canberra October 2014
API Gateway - OFM Canberra October 2014
 
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
Leveraging New Features in CA Single-Sign on to Enable Web Services, Social S...
 

Plus de Aruba, a Hewlett Packard Enterprise company

Plus de Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 

Dernier

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenHervé Boutemy
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteDianaGray10
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebUiPathCommunity
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024Lonnie McRorey
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .Alan Dix
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionDilum Bandara
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr BaganFwdays
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxLoriGlavin3
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfPrecisely
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxLoriGlavin3
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024Lorenzo Miniero
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsPixlogix Infotech
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Dernier (20)

DevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache MavenDevoxxFR 2024 Reproducible Builds with Apache Maven
DevoxxFR 2024 Reproducible Builds with Apache Maven
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
Take control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test SuiteTake control of your SAP testing with UiPath Test Suite
Take control of your SAP testing with UiPath Test Suite
 
Dev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio WebDev Dives: Streamline document processing with UiPath Studio Web
Dev Dives: Streamline document processing with UiPath Studio Web
 
TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024TeamStation AI System Report LATAM IT Salaries 2024
TeamStation AI System Report LATAM IT Salaries 2024
 
From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .From Family Reminiscence to Scholarly Archive .
From Family Reminiscence to Scholarly Archive .
 
Advanced Computer Architecture – An Introduction
Advanced Computer Architecture – An IntroductionAdvanced Computer Architecture – An Introduction
Advanced Computer Architecture – An Introduction
 
"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan"ML in Production",Oleksandr Bagan
"ML in Production",Oleksandr Bagan
 
The State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptxThe State of Passkeys with FIDO Alliance.pptx
The State of Passkeys with FIDO Alliance.pptx
 
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdfHyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
Hyperautomation and AI/ML: A Strategy for Digital Transformation Success.pdf
 
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
Transcript: New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptxThe Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
The Fit for Passkeys for Employee and Consumer Sign-ins: FIDO Paris Seminar.pptx
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024SIP trunking in Janus @ Kamailio World 2024
SIP trunking in Janus @ Kamailio World 2024
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
The Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and ConsThe Ultimate Guide to Choosing WordPress Pros and Cons
The Ultimate Guide to Choosing WordPress Pros and Cons
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

Access Management with Aruba ClearPass #AirheadsConf Italy

  • 1. Access Management with Aruba ClearPass June 2014
  • 2. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf • Introductions & Expectations • What is ClearPass • ClearPass – Policy Model • Authorization – What and Why • Profile – How does it work • Clustering & Deployment • Q & A Agenda
  • 3. 3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Overview
  • 4. 4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Evolving IT Landscape USER CENTRIC, SELF SERVICEIT CENTRIC Windows Fixed Environment Wired Network IT Managed Slow Refresh Multiple Platforms Work from anywhere Wired, Wi-Fi, Cellular Selection of devices & apps User Timeframes
  • 5. 5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf The ClearPass Solution Comprehensive Solutions Architecture WORKFLOW POLICYVISIBILITY Role-based Enforcement Health/Posture Checks Device and App Device Profiling Troubleshooting Per Session Tracking Onboarding, Registration Guest Management MDM Integration
  • 6. 6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf The ClearPass Access Security Platform CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 @arubanetworks Policy Services Identity Stores 3rd Party MDM App Servers DIFFERENTIATED ACCESS UNIFIED POLICIES DEVICE VISIBILITY GUEST EMPLOYEE POLICY SERVICES ENTERPRISE-CLASS AAA RADIUS, TACACS+ VPN OnGuard Posture & Health Checks Onboard Device Provisioning Guest Visitor Management Multivendor Networks ClearPass Policy Manager AAA Services ONE IDPolicy Engine
  • 7. 7 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context-Based Access Control • Differentiated Access – Role, device type, access method • Policy-based AAA Services – Support for 802.1X, MAC, Web (HTTPS) authentication – Communicate to network devices via RADIUS, RADIUS CoA, TACACS+, SNMP – Ability to read from multiple identity stores (AD, LDAP, SQL, Kerberos, Token Server, Etc.) – Enforcement Options – Allow/Deny, VLAN, ACL, dACL, url redirects, SNMP • Contextual Policy Elements – Time, location, group, OS version, project VPN *
  • 8. 8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Platform Features – Out of the box Multivendor DNA Wired, WLAN, VPN Core Authentication AAA, LDAP, AD, Kerberos, Token, SQL, MAC, 802.1x, TACACS+, HTTPS, SSO (SAML, Okta) Integrated Profiling Device profiling across wired & wireless Use directly in authorization policy
  • 9. 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Core Services MDM Integration Leverage information gained from MDM vendors for profile & to influence policy TACACS+ Server Replace legacy ACS solutions Context Aware Authorization Device type, User, Time, Location, Posture Layer multiple conditions for policy derivation
  • 10. 10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Platform Features – Out of the box Scale with Clustering Supports 1 million endpoints per cluster Centralized or distributed architecture Flexible Licensing • Perpetual licenses • Subscription licenses • 25 free endpoint Enterprise license included Physical or Virtual Appliances Sized for variety of customer needs Virtual Appliance relies upon VMWare
  • 11. 11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What’s in ClearPass 6.3 INTEGRATIONINTEROPERABILITY
  • 12. 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf INTEGRATIONINTEROPERABILITY What’s in ClearPass 6.3
  • 13. 13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Auto Sign-On Only Aruba lets you sign-in once & you’re good to go • One login for all web/mobile apps – Uses valid network login • NO App logins • IBM, Okta, Ping • ClearPass as Provider (IdP) – Uses SAML, not RADIUS
  • 14. 14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Exchange Two-way Third-Party Integration Syslog Messages / RESTful APIs Jail-broken device detected Helpdesk ticket auto generated Message to device auto generated 1. 2.3. ClearPass denies access to device
  • 15. 15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model
  • 16. 16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model • What constitutes the policy model? • How does it work? • What are the interactions between various components? • How does the policy model affect configuration & deployment?
  • 17. 17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model Policy Identity Health Device Conditions • Role • Department • Group • AV, AS, FW • Registry Keys • Services… • Device type, status, health • Address, O/S • Corp. Owned • Time • Location • Day of Week
  • 18. 18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What’s the flow? Authenticate • Valid Authentication Authorize • Find Out What’s Allowed Associate Context • Device, Time, Location, Posture Enforce on NAS • Roles, ACLs, VLANs
  • 19. 19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf What Are The Interactions? RADIUS Server – Authenticate Policy Server – Authorize Policy Server – Associate Context Policy Server – Decision Tree RADIUS Server – Enforce
  • 20. 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Enforcement ClearPass Use external context to define granular policies • User / role • Device fingerprint • OS version • Health checks • Jailbreak status • Location • Trusted or untrusted network • Time • Date • Wired, Wi-Fi, VPN enforcement
  • 21. 21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Service Flow – 802.1X Layer 2 RADIUS Request Layer 2 Authentication Layer 2 Authorization Layer 2 Role Derivation Layer 2 RADIUS Enforcement Layer 3 Profile Layer 2 NAP Layer 3 OnGuard
  • 22. 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Service Flow – Implications • Layer 2 Authentications are completed first – Full Authorization – Role Derivation – NAP (if enabled) – Layer 2 Enforcement • Layer 3 : Profile next – DHCP Request, DHCP Offer – RFC 3576 – Change of Authorization • Another Layer 2 authentication! – No RFC 3576 message if “fingerprint” does not change • Layer 3 : Collect Posture last (OnGuard) – Posture over HTTPS – RFC 3576 based on policy • Another Layer 2 authentication!
  • 23. 23 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – What and Why
  • 24. 24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – What and Why? • Authentication vs. Authorization • Authorization & ClearPass • Use Cases
  • 25. 25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization & ClearPass “Authorization” Sources in ClearPass – Where do I find them? – How do I use them? – How often does ClearPass talk to an authorization source? – What happens in case something goes wrong?
  • 26. 26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – Where? An “Authentication Source” is an “Authorization Source” – RADIUS Server vs. Policy Server
  • 27. 27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – How? Authentication Sources are automatic Authorization Sources Additional Authorization Sources enabled per Service No Authorization unless used in Roles!
  • 28. 28 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization Sources – How? Authorize with Active Directory Authorize with Profile Data Rule Algorithm : Evaluate All
  • 29. 29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – How? Ok, great. But will ClearPass flood my AD with authorization requests? – Authorization data is cached per user – New request made to fetch data once the cache expires – Cache timers can be tuned Cache Timeout Default: 10 hours
  • 30. 30 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – How? Got it But I just made a bunch of changes on my AD. Should I need to wait 10 hours? – Tune the cache timers – “Clear Cache” button on the Authentication Source • Wipes out cache for all users – “Save” button on the Authentication Source • Wipes out cache for all users – Restart Policy Server • BAD IDEA!!!
  • 31. 31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authorization – Uh-Oh! If an Authentication/Authorization Source is not reachable – Configure Backup Servers – Configure Fail-Over Timeout Fail-Over Timeout Backup Servers
  • 32. 32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Mergers & Acquisitions Active Directory Domain – avendasys.com Active Directory Domain – arubanetworks.com
  • 33. 33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Authentication & Authorization Sources for TLS Certificate Details used for Authorization Enable Authorization – Source specified in the Service Compare Certificate – Source specified in the Service Use Cases – Certificates & TLS
  • 34. 34 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Asset Databases LDAP/SQL Interface to Asset Databases – Key : MAC Address – Authorization Attributes • Ownership – Corporate vs. Personal • Compliance Status – In/Out of compliance – Identify corporate-owned non-Windows devices
  • 35. 35 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile – How Does It Work?
  • 36. 36 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile – How does it work? • Profile & Network Data • Automatic Profile “upgrades” • Using Profile data in policy • Configuring Profile – DHCP? HTTP? SNMP? • Use Cases
  • 37. 37 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Profile & Network Data What does ClearPass use to profile? – MAC OUIs – DHCP Request, DHCP Offer – HTTP User-Agent – MDM Fingerprints – Device Interrogation – SNMP/CDP/LLDP Data
  • 38. 38 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Fingerprint Updates • Subscribe to Fingerprint Updates – Automatic reclassification – Updated frequently • Tell Aruba! – Create policy exceptions – Grab fingerprints from UI – Send fingerprints to Aruba – Crowd-sourced, community oriented
  • 39. 39 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Using Profile data in policy • Automatic 3-level categorization – Device Category, OS Family, Device Name • Using raw profile data – DHCP Data, HTTP User-Agent, SNMP Data • Role Mapping – What should I use? • Enforcement – How do I enforce? – What are the benefits?
  • 40. 40 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Configuring Profile – Network Considerations • DHCP Relay – Where should I setup DHCP relays? • Captive Portal Configuration – Is there a knob for this? • Reading SNMP Data – CDP – LLDP – HR MIB – SysDescr MIB
  • 41. 41 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases • Policy – CEOs & iPads • Policy – “Headless” Devices • Visibility – Demystifying BYODs
  • 42. 42 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – CEOs & iPads Assign Roles Enforce Access
  • 43. 43 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Headless Devices Identify & Assign Roles To Headless Devices
  • 44. 44 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Use Cases – Visibility
  • 45. 45 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering & Deployment
  • 46. 46 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering & Deployment • Clustering Technology – What’s replicated? What’s not? • Deploying ClearPass Clusters – Considerations • Operations & Maintenance – What happens when a ClearPass node is down? – Events & Alerts – Rescue & Recovery
  • 47. 47 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering Technology • What’s replicated? – All policy configuration elements – All Audit data – All identity store data • Guest Accounts, Endpoints, Profile data – Runtime Information • Authorization status, Posture status, Roles • Connectivity Information, NAS Details – Database replication on port# 5432 over SSL – Runtime replication on port# 443 over SSL
  • 48. 48 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering Technology • What’s not replicated? – Log files – Authentication Records – Accounting Records – System Events – System Monitor Data
  • 49. 49 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations • How do they connect? – Requires IP connectivity (bi-directional) • Port # 5432 (Database over SSL) • Port# 80 (HTTP) • Port #443 (HTTPS) • Port #123 (NTP) • How much data should we expect to see crossing the wire? – Only elements in the configuration database – First sync is a full database copy – Subsequent sync – Delta changes propagated
  • 50. 50 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations Hub & Spoke PUBLISHER SUBSCRIBER 1 SUBSCRIBER 2 SUBSCRIBER 3 SUBSCRIBER 4 SUBSCRIBER 5 SUBSCRIBER 6
  • 51. 51 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Clustering – Considerations Central / Distributed Admin Domains Redundancy/Load Balancing Cluster wide licensesCPPM – Publisher DNS DHCP Identity Stores Main Data Center Mid-size Branch Regional Office DMZ CPPM Subscriber VM CP Guest CP Onboard CPPM Subscriber CPPM Subscriber
  • 52. 52 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operations & Maintenance • What happens when a node goes down? – Operations • If Deployed Right – Nothing • RADIUS Backup settings on the NAS – If the Publisher goes down • No Database Writes Allowed!! • Promote a Subscriber to a Publisher • Resume configuration updates
  • 53. 53 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Events & Alerts • How long before ClearPass figures out something’s wrong? – 24 hours before it automatically “drops” a node from the cluster – Cluster Synchronization Warnings • 1 event every hour x 24 hours = 24 events – CPU/Memory Usage Warnings  Every 2 Minutes – Server Certificate Warnings  Every 24 Hours – Service Alerts  Immediate • Email/SMS Alerts using Insight, Syslog & SNMP
  • 54. 54 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operations & Maintenance • Rescue & Recovery – Establish cluster connectivity • Database sync will ensue. Watch for “Last Sync Time” – Restore certificates • Server Certificates are not installed as a part of the sync – Restore log entries (If necessary) • Caveat : High disk activity for an extended period of time – Verify fail-back on the NAS • NAS fail-back timers should kick in
  • 55. 55 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf
  • 56. 56 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Q & A
  • 57. 57 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Thank You #AirheadsConf

Notes de l'éditeur

  1. The introduction of Wi-Fi enabled smart phones and tablets has changed the dynamics for rolling out new user devices and services. IT no longer has the ability to qualify which device a user receives, pre-configure them with work and security apps, and monitor their use. Personal devices are the new norm and successful deployments of new services like BYOD are gauged by days, not months. Other factors include the number of helpdesk calls and how happy the users are. With the speed in which devices are introduced, refreshed and replaced, lets look at some new IT issues that is faced with.
  2. To eliminate silos Aruba ClearPass is designed to deliver user and device visibility, automated workflow services and policy management enforcement all from a single platform. Built-in device profiling provides a comprehensive picture of what’s connecting to the network which makes it simple to differentiate access for BYOD and IT managed devices. Real-time troubleshooting tools help IT create policies that work and also solve connectivity issues. For example, an access dashboard and per session logs allow IT to easily see why a user had a problem without having to peruse lengthy log databases. To help off-load IT, ClearPass includes automated features that allow users to self-provision personal devices and register media sharing devices like an Apple TV or just a printer. ClearPass Guest lets visitors self-register or sponsors can create credentials that automatically expire. Device management services extend MDM capabilities with network control and enforcement. A built-in CA can be used to distribute and manage device specific certificates. User can even re-install or revoke certificates for lost or stolen devices. The policy component brings it all together by allowing organizations to create granular policies for Aruba and multivendor Wi-Fi, wired and VPN networks. A role-based model allows you to assign and differentiate access by user, device and other contextual attributes like location, job function and device ownership. All this from a single pane of glass.
  3. All of the features just described are delivered as hardware or virtual appliances that can authenticate up to 500, 5000 and 25000 unique devices per week. ClearPass is also unique in that the base appliance includes our entire feature set – RADIUS and TACACS services, policy engine, identity broker features, as well as each of the add-on modules in the form of a starter bundle for Guest, Onboard, OnGuard and WorkSpace. The add-on modules are expandable per use case which means that customers with 100 guests per week only need to license for that amount. The same goes for onboarding personal or BYO devices. They’re not required to purchase advanced licenses or features they won’t use. Other customer benefits include the ability to create policies that query multiple identity stores, connect multiple active directory domains, leverage external MDM solutions and work in Wi-Fi, wired and VPN environments. Again without purchasing special licensing.
  4. User authentication attempt with jail broken device ClearPass quarantines device via RADIUS Using RESTful API, ClearPass automatically creates trouble ticket in ServiceNow including: User ID MAC address Device type Location Email sent to helpdesk staff
  5. ClearPass provides added value as a combination of contextual attributes can be used to create very granular policies in networks where multivendor and Aruba Mobility Controllers are deployed. While permit/deny and VLAN enforcement is supported for non-Aruba equipment, ClearPass lets organizations create enforcement rules that take advantage of Aruba’s role-based enforcement features. Policies can be written that take advantage of per user firewalls and optimization for voice and video applications. Context can be used to differentiate employee access by device type and OS if needed. For example, Guest policies can be written that limit access to week days and not weekends. Or executives can be given full access for smart phones, while employees can be restricted to the Internet when using mobile devices.
  6. 30:24 – 32:44
  7. 30:24 – 32:44
  8. 46:01