SlideShare une entreprise Scribd logo

Byod and guest access workshop enabling byod carlos gomez gallego_network services team

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

This document provides an overview and agenda for an Aruba Networks workshop on enabling bring your own device (BYOD) programs using ClearPass Onboard for policy-based device onboarding and provisioning. The agenda covers planning a BYOD policy, configuring ClearPass Onboard settings like the certificate authority and network settings, the user experience of the onboarding lifecycle, and troubleshooting. It also discusses topics like detecting BYOD devices, building a BYOD policy, the onboarding workflow and architecture, integrating with mobile device management (MDM) systems, and deploying onboarding in different network configurations.

TechnologieVoyages
1  sur  43
Télécharger pour lire hors ligne
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf Enabling BYOD Workshop Aruba Network Services Team March 2013
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf Deploying ClearPass Onboard BYOD Policy Technology Overview Profiling BYO Devices Integrating ClearPass with MDM Onboard Provisioning Troubleshooting Q&A Agenda
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 Onboarding with ClearPass
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf •  Planning –  BYOD Policy •  Configuring –  CA settings –  Network Settings –  Provisioning Settings –  Advanced Settings •  Lifecycle Management –  User experience –  Lost, expired, revoked devices –  Troubleshooting Deploying ClearPass Onboard
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf#airheadsconf5 BYOD Policy
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf •  Device diversity •  Policy enforcement •  Security and compliance •  Containerization •  Inventory management •  Software distribution •  Administration and reporting •  IT service management •  Network service management Building a BYOD Policy (Gartner)
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf#airheadsconf7 Technology Overview
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf •  Detecting new BYO Devices –  Lack of Provisioned Credential –  Device Profiling –  MDM Integration •  User Managed Provisioning Workflow –  Setup PKI for device credentials –  Provisioning Settings –  Network Settings –  Advanced Settings –  Troubleshooting Technology Overview
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf BYOD Workflow •  Supplicant Config •  Push Trusted Cert •  Enable Posture •  Set Auth type •  Enrolment workflow •  Authorize User to provision device •  Device credential push •  Link User to Device •  Complete view device & network •  Command & Control •  Inventory •  Diagnostics •  Revoke Device Access •  Device Profiling •  Role Derivation •  Corp vs Employee Liable Device Access Controls Join BYOD Domain Visibility & Reporting Onboard Device
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf Deployment Architecture Devices authenticate with Unique Device Credentials iOS Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Authentication Server Users enroll with Onboard Workflow Onboard Workflow Manage Devices Policy Definition Administer Secure BYOD Network Access 1 2 3 4
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf Detailed Architecture Aruba Controller Over-the-Air Provisioning QuickConnect™ Provisioning AP EAP-TLS (Device Certificate) Web Login Page Onboard GUI Certificates Users Endpoints Users Onboard Workflow iOS and OSX 10.6+ Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Server EAP-TLS (Device Certificate)
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Onboard Workflow – iOS & OS X iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Download and install root certificate from portal Login with provisioning user’s credentials Authenticate with Active Directory Apple Over-the-Air Provisioning Switch to EAP-TLS EAP-TLS Auth RADIUS Auth (EAP-TLS) Access-Accept Client certificate verified AuthenticatedEAP-Success Server certificate verified Device authenticated Provisioning complete Captive portal Pre-provisioning Provisioning Onboard Complete
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf iOS “Over-the-Air Provisioning” iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Start device enrollment (signed profile payload) Request for enrollment SCEP enrollment profile Request device certificate using SCEP User authenticated for device enrollment Issue SCEP certificate for device Request device configuration profile (signed) Install device identity certificate Device configuration profile (signed + encrypted) Generate TLS certificate and payload with Onboard settings User accepts enrollment profile Install profile and return to Safari Refresh enrollment progress page Switch to EAP-TLS Apple Over-the-Air Provisioning Provisioning Complete
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Onboard Workflow – other OS’s Android Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Return provisioning portal page Download Onboard configuration QuickConnect Provisioning Switch to PEAP PEAP-MSCHAPv2 Auth RADIUS Auth (PEAP-MSCHAPv2) Access-Accept Verify unique device credentials AuthenticatedEAP-Success Server certificate verified Device authenticated Onboard Complete Detect device type Launch app Provisioning complete Device enrollment Push unique device credentials
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning SSID Provisioned SSID BYOD Employee-Secure •  Different SSID for Provisioning & Provisioned –  Standalone SSID –  Linked from Guest Access Portal
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning & Provisioned SSID Employee-Secure •  Same SSID for Provisioning & Provisioned –  Device Profiling –  Lack of provisioning credential –  MDM integration
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf Onboarding Workflow 1. Device type automatically detected & redirected to portal 2. Settings & credentials are auto-configured after user enters domain credentials 3. User automatically placed on proper SSID & network segment
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf#airheadsconf18 Detecting BYO Devices
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf •  No longer a binary decision •  Leverage context sources to determine enforcement –  Active Directory Group Membership –  Machine authentication for domain joined devices –  Device Type / Posture of the device –  Managed by MDM / context from MDM –  Lack of provisioned credential •  Differentiate Corporate Managed / Provisioned devices –  Enforce Machine Authentication differently –  Enforce MDM managed differently –  Enforce Onboard provisioning differently –  Redirect unmanaged / un-provisioned device to provisioning workflow (for example – only using PEAP AD credentials) Power of context aware policies
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf •  Native –  MAC OUI –  HTTP User Agent (Captive Portal Services) –  Onboard (explicit knowledge from client OS interactions) –  OnGuard (explicit knowledge from client OS interactions) •  Network Sourced –  DHCP Option fingerprinting (DHCP relay) –  Subnet scan with SNMP profiling (CDP, LLDP, sysDescr) –  AOS Controller 6.3 export (DHCP, HTTP, mDNS) •  Agent / Server Integration –  MS Exchange (Active-Sync device type) –  MDM Deployments •  Fingerprints updated automatically over the net Sources of Profile Data
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf Sample Profile Dashboard
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf Example Enforcement Policy
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf Service Definition workflow Incoming Request Service Rule: Define unique attributes contained in the Radius Request that can be used to match this Service. Consider ordering the rules to assist with the matching. This is also a place to enable different functions of CPPM that you would like to use in the policy including Authorization, Profiler, Posture, Audit. Authentication: Define authentication methods client will use as well as authentication sources to determine a user/devices access rights. This can contain multiple sources based on the use case. Authorization: Define sources that detailed information about the user or device can be pulled from. All sources added as part of Authentication will already be defined as Authorization sources. This information will be used in Role mapping and Enforcement profiles. Roles: Pull together attributes of the user/device/connection to define Roles that can be used to define Enforcement actions. Try to keep these simple so future modification is simple. Tip: Use Evaluate all (apply all) roles to match multiple roles to a single connection to keep the role definitions simple. Next Slide
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf Service Definition workflow Enforcement: Based on the Roles, Posture, and other aspects of the user/devices connection, define actions that the NAS should take. This should be set as “first applicable”, so order is important. Posture: Define aspects of the host that should be checked during the authentication. Based on pass/fail of host check, set Posture token. It is common to bounce a session after a posture check so that Health information can be applied to a user/device connection. Previous Slide Profiler: The use of profiler in a role is to bounce a session after new information is learned about a device so that Role/Enforcement mapping can be reapplied to the user/device. Audit: Nessus/NMAP can be run against hosts, and Roles can be applied based on the results of the scan. Radius Respons e Radius CoA Radius CoA Radius CoA
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf#airheadsconf25 MDM Integration
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf MDM Firmware & patch management Remote wipe & control Device- level visibility Configure network settings Network Infrastructure Data in motion Device Management Data at rest Identify the user Protect the network Provision & revoke device credentials Push & provision apps Restrict usage & bandwidth NAC Managing Mobility
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf Integrating Leading MDM Vendors •  ClearPass uses public APIs for: •  Normalize MDM endpoint data across vendors
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf Mutually Leverage Context Device Policies •  Device restrictions •  Remote Lock & Wipe •  Install Application •  Black list Apps •  Firewall Policies •  Redirect to enroll •  Quarantine devices •  Bandwidth Prioritization Network Policies Exchange endpoint context & trigger policies
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf ClearPass MDM Integration Using MDM device information for Policy ClearPass Endpoint data replicated to ClearPass cluster CoA triggers network enforcement ClearPass Device type & posture polled for policy decisions & reporting MaaS360
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Use MDM Attributes for Network Policy MDM Attributes Posture Manufacturer: Apple Model: iPad2 OS Version: iOS 6.1 UDID 1730235f564094186 Serial Number 79049XXXA4S IMEI 012416009780168 Phone Number 408-534-2819 Carrier Verizon MDM Id 130d0f992t34 Owner jhoward Display Name John Howard Ownership Employee Liable MDM Enabled Yes Compromised Not Jailbroken Encryption Enabled Yes Blacklisted Apps No Required Apps Yes Last Check in 01/30/2012 9:03am Inventory
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf Setting Network Policy Policy Example Use context from ClearPass + MDM to set network policy • Application installed • blacklisted • Device Profile • OS version • Endpoint health • Jailbreak status • Pincode/encryption • Location • Trusted or untrusted network • Time/Date • eg. in semester • User/group membership
CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved32 Integrated User Onboarding Provisioning Workflow Detect un-enrolled device connected to the network Redirect to MDM self- service portal or Prompt user to download MDM agent Host MDM application, from network captive portal Install MDM agent on my device
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf#airheadsconf33 Onboard Setup
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf •  TLS client certificate provisioned per device •  Onboard using built in CA –  Act as standalone Root CA –  Integrate with existing PKI as Intermediate CA –  SCEP Proxy options coming soon •  Certificates replicated throughout cluster –  Onboard proxied to publisher node (http proxy) –  Proxy process transparent to client device –  Client certificates available on replicated to subscribers •  OSCP Responder available from subscribers –  Locally check for revocation of client certificates –  OSCP configured to override to localhost Certificate Authority Setup
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf Configuring Onboard - Walkthrough CPPM Demo Server
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf#airheadsconf36 Troubleshooting
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Managing client certificates •  Revoke/Delete client certificates •  Quick search to find specific users/devices
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Apple Captive Network Assistant Aruba Mobility Controller ClearPass Guest Open SSID for Guest Access WiFi Clients /Aruba_Login.php CP Guest Hosted Captive Portal Pages External Captive Portal Redirect /landing.php CP Guest CP Guest Apple Captive Network Assistant Request User Web Browser initial request aaa authentication captive-portal "guestnet” login-page http://10.169.130.50/landing.php/Aruba_Login.php 10.169.130.50
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf Invalid Profile when Onboarding •  iOS expects to trust the web server hosting the profiles being pushed •  Multiple options to resolve –  Use HTTP if using L2 WiFi encryption –  Install publically signed web server cert –  Sign web server cert from Onboard CA •  Its all about iOS server trust
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf Q&A
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf#airheadsconf The Airheads Challenge Use Unlock Code “ONBOARD” To get the quiz for this session Login to play at community.arubanetworks.com
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf#airheadsconf Thank You
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf#airheadsconf43

Recommandé

Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 

Recommandé

Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
ClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideClearPass Insight 6.3 User Guide
ClearPass Insight 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentAruba, a Hewlett Packard Enterprise company
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassPaulo Eduardo Sibalde
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba, a Hewlett Packard Enterprise company
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Aruba, a Hewlett Packard Enterprise company
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsAruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xAruba, a Hewlett Packard Enterprise company
 
Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Hasan Zuberi
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationAruba, a Hewlett Packard Enterprise company
 
ArubaOS DHCP Fingerprinting
ArubaOS DHCP FingerprintingArubaOS DHCP Fingerprinting
ArubaOS DHCP FingerprintingAruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 

Contenu connexe

Tendances

Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Aruba, a Hewlett Packard Enterprise company
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXssuser5824cf
 
Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Hasan Zuberi
 

Tendances (20)

Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear pass
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewall
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...Enhance network security with Multi-Factor Authentication for BYOD and guest ...
Enhance network security with Multi-Factor Authentication for BYOD and guest ...
 
Aruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPassAruba Networks - Overview ClearPass
Aruba Networks - Overview ClearPass
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6
 
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTXCustomer Presentation - Aruba Wi-Fi Overview (1).PPTX
Customer Presentation - Aruba Wi-Fi Overview (1).PPTX
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1Aruba presentation solutions overview - v1
Aruba presentation solutions overview - v1
 
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
ArubaOS DHCP Fingerprinting
ArubaOS DHCP FingerprintingArubaOS DHCP Fingerprinting
ArubaOS DHCP Fingerprinting
 

En vedette

Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 

En vedette (20)

Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Clear pass access management basics zach jennings
Clear pass access management basics zach jenningsClear pass access management basics zach jennings
Clear pass access management basics zach jennings
 
Outdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaverOutdoor network engineering jeffrey weaver
Outdoor network engineering jeffrey weaver
 
Mobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjaliMobility switch security architecture scott calzia madani adjali
Mobility switch security architecture scott calzia madani adjali
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 
Spectralink airheads 2013
Spectralink airheads 2013Spectralink airheads 2013
Spectralink airheads 2013
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 

Similaire à Byod and guest access workshop enabling byod carlos gomez gallego_network services team

Open hours greengrass_ep71
Open hours greengrass_ep71Open hours greengrass_ep71
Open hours greengrass_ep71Robert Wolff
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Cisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Canada
 

Similaire à Byod and guest access workshop enabling byod carlos gomez gallego_network services team (20)

BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 
Aruba ClearPass_Onboard
Aruba ClearPass_OnboardAruba ClearPass_Onboard
Aruba ClearPass_Onboard
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
2012 ah vegas deploying byod
2012 ah vegas deploying byod2012 ah vegas deploying byod
2012 ah vegas deploying byod
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
2012 ah emea deploying byod
2012 ah emea deploying byod2012 ah emea deploying byod
2012 ah emea deploying byod
 
Open hours greengrass_ep71
Open hours greengrass_ep71Open hours greengrass_ep71
Open hours greengrass_ep71
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture
 
Cisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private clouds
 
Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 

Plus de Aruba, a Hewlett Packard Enterprise company

Plus de Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) TroubleshootingEMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
EMEA Airheads - Aruba Remote Access Point (RAP) Troubleshooting
 
EMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgradeEMEA Airheads - Multi zone ap and centralized image upgrade
EMEA Airheads - Multi zone ap and centralized image upgrade
 

Dernier

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsJoaquim Jorge
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...Martijn de Jong
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?Igalia
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...DianaGray10
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024The Digital Insurer
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAndrey Devyatkin
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingEdi Saputra
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMESafe Software
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoffsammart93
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024SynarionITSolutions
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsRoshan Dwivedi
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodJuan lago vázquez
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024The Digital Insurer
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobeapidays
 

Dernier (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Artificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and MythsArtificial Intelligence: Facts and Myths
Artificial Intelligence: Facts and Myths
 
2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...2024: Domino Containers - The Next Step. News from the Domino Container commu...
2024: Domino Containers - The Next Step. News from the Domino Container commu...
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?A Year of the Servo Reboot: Where Are We Now?
A Year of the Servo Reboot: Where Are We Now?
 
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
Connector Corner: Accelerate revenue generation using UiPath API-centric busi...
 
Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024Partners Life - Insurer Innovation Award 2024
Partners Life - Insurer Innovation Award 2024
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
AWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of TerraformAWS Community Day CPH - Three problems of Terraform
AWS Community Day CPH - Three problems of Terraform
 
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost SavingRepurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
Repurposing LNG terminals for Hydrogen Ammonia: Feasibility and Cost Saving
 
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FMECloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
Cloud Frontiers: A Deep Dive into Serverless Spatial Data and FME
 
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot TakeoffStrategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
Strategize a Smooth Tenant-to-tenant Migration and Copilot Takeoff
 
Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024Top 10 Most Downloaded Games on Play Store in 2024
Top 10 Most Downloaded Games on Play Store in 2024
 
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live StreamsTop 5 Benefits OF Using Muvi Live Paywall For Live Streams
Top 5 Benefits OF Using Muvi Live Paywall For Live Streams
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin WoodPolkadot JAM Slides - Token2049 - By Dr. Gavin Wood
Polkadot JAM Slides - Token2049 - By Dr. Gavin Wood
 
Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024Tata AIG General Insurance Company - Insurer Innovation Award 2024
Tata AIG General Insurance Company - Insurer Innovation Award 2024
 
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, AdobeApidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
Apidays New York 2024 - Scaling API-first by Ian Reasor and Radu Cotescu, Adobe
 

Byod and guest access workshop enabling byod carlos gomez gallego_network services team

  • 1. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf Enabling BYOD Workshop Aruba Network Services Team March 2013
  • 2. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf Deploying ClearPass Onboard BYOD Policy Technology Overview Profiling BYO Devices Integrating ClearPass with MDM Onboard Provisioning Troubleshooting Q&A Agenda
  • 3. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 Onboarding with ClearPass
  • 4. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf •  Planning –  BYOD Policy •  Configuring –  CA settings –  Network Settings –  Provisioning Settings –  Advanced Settings •  Lifecycle Management –  User experience –  Lost, expired, revoked devices –  Troubleshooting Deploying ClearPass Onboard
  • 5. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf#airheadsconf5 BYOD Policy
  • 6. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf •  Device diversity •  Policy enforcement •  Security and compliance •  Containerization •  Inventory management •  Software distribution •  Administration and reporting •  IT service management •  Network service management Building a BYOD Policy (Gartner)
  • 7. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf#airheadsconf7 Technology Overview
  • 8. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf •  Detecting new BYO Devices –  Lack of Provisioned Credential –  Device Profiling –  MDM Integration •  User Managed Provisioning Workflow –  Setup PKI for device credentials –  Provisioning Settings –  Network Settings –  Advanced Settings –  Troubleshooting Technology Overview
  • 9. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf BYOD Workflow •  Supplicant Config •  Push Trusted Cert •  Enable Posture •  Set Auth type •  Enrolment workflow •  Authorize User to provision device •  Device credential push •  Link User to Device •  Complete view device & network •  Command & Control •  Inventory •  Diagnostics •  Revoke Device Access •  Device Profiling •  Role Derivation •  Corp vs Employee Liable Device Access Controls Join BYOD Domain Visibility & Reporting Onboard Device
  • 10. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf Deployment Architecture Devices authenticate with Unique Device Credentials iOS Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Authentication Server Users enroll with Onboard Workflow Onboard Workflow Manage Devices Policy Definition Administer Secure BYOD Network Access 1 2 3 4
  • 11. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf Detailed Architecture Aruba Controller Over-the-Air Provisioning QuickConnect™ Provisioning AP EAP-TLS (Device Certificate) Web Login Page Onboard GUI Certificates Users Endpoints Users Onboard Workflow iOS and OSX 10.6+ Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Server EAP-TLS (Device Certificate)
  • 12. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Onboard Workflow – iOS & OS X iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Download and install root certificate from portal Login with provisioning user’s credentials Authenticate with Active Directory Apple Over-the-Air Provisioning Switch to EAP-TLS EAP-TLS Auth RADIUS Auth (EAP-TLS) Access-Accept Client certificate verified AuthenticatedEAP-Success Server certificate verified Device authenticated Provisioning complete Captive portal Pre-provisioning Provisioning Onboard Complete
  • 13. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf iOS “Over-the-Air Provisioning” iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Start device enrollment (signed profile payload) Request for enrollment SCEP enrollment profile Request device certificate using SCEP User authenticated for device enrollment Issue SCEP certificate for device Request device configuration profile (signed) Install device identity certificate Device configuration profile (signed + encrypted) Generate TLS certificate and payload with Onboard settings User accepts enrollment profile Install profile and return to Safari Refresh enrollment progress page Switch to EAP-TLS Apple Over-the-Air Provisioning Provisioning Complete
  • 14. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Onboard Workflow – other OS’s Android Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Return provisioning portal page Download Onboard configuration QuickConnect Provisioning Switch to PEAP PEAP-MSCHAPv2 Auth RADIUS Auth (PEAP-MSCHAPv2) Access-Accept Verify unique device credentials AuthenticatedEAP-Success Server certificate verified Device authenticated Onboard Complete Detect device type Launch app Provisioning complete Device enrollment Push unique device credentials
  • 15. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning SSID Provisioned SSID BYOD Employee-Secure •  Different SSID for Provisioning & Provisioned –  Standalone SSID –  Linked from Guest Access Portal
  • 16. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning & Provisioned SSID Employee-Secure •  Same SSID for Provisioning & Provisioned –  Device Profiling –  Lack of provisioning credential –  MDM integration
  • 17. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf Onboarding Workflow 1. Device type automatically detected & redirected to portal 2. Settings & credentials are auto-configured after user enters domain credentials 3. User automatically placed on proper SSID & network segment
  • 18. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf#airheadsconf18 Detecting BYO Devices
  • 19. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf •  No longer a binary decision •  Leverage context sources to determine enforcement –  Active Directory Group Membership –  Machine authentication for domain joined devices –  Device Type / Posture of the device –  Managed by MDM / context from MDM –  Lack of provisioned credential •  Differentiate Corporate Managed / Provisioned devices –  Enforce Machine Authentication differently –  Enforce MDM managed differently –  Enforce Onboard provisioning differently –  Redirect unmanaged / un-provisioned device to provisioning workflow (for example – only using PEAP AD credentials) Power of context aware policies
  • 20. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf •  Native –  MAC OUI –  HTTP User Agent (Captive Portal Services) –  Onboard (explicit knowledge from client OS interactions) –  OnGuard (explicit knowledge from client OS interactions) •  Network Sourced –  DHCP Option fingerprinting (DHCP relay) –  Subnet scan with SNMP profiling (CDP, LLDP, sysDescr) –  AOS Controller 6.3 export (DHCP, HTTP, mDNS) •  Agent / Server Integration –  MS Exchange (Active-Sync device type) –  MDM Deployments •  Fingerprints updated automatically over the net Sources of Profile Data
  • 21. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf Sample Profile Dashboard
  • 22. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf Example Enforcement Policy
  • 23. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf Service Definition workflow Incoming Request Service Rule: Define unique attributes contained in the Radius Request that can be used to match this Service. Consider ordering the rules to assist with the matching. This is also a place to enable different functions of CPPM that you would like to use in the policy including Authorization, Profiler, Posture, Audit. Authentication: Define authentication methods client will use as well as authentication sources to determine a user/devices access rights. This can contain multiple sources based on the use case. Authorization: Define sources that detailed information about the user or device can be pulled from. All sources added as part of Authentication will already be defined as Authorization sources. This information will be used in Role mapping and Enforcement profiles. Roles: Pull together attributes of the user/device/connection to define Roles that can be used to define Enforcement actions. Try to keep these simple so future modification is simple. Tip: Use Evaluate all (apply all) roles to match multiple roles to a single connection to keep the role definitions simple. Next Slide
  • 24. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf Service Definition workflow Enforcement: Based on the Roles, Posture, and other aspects of the user/devices connection, define actions that the NAS should take. This should be set as “first applicable”, so order is important. Posture: Define aspects of the host that should be checked during the authentication. Based on pass/fail of host check, set Posture token. It is common to bounce a session after a posture check so that Health information can be applied to a user/device connection. Previous Slide Profiler: The use of profiler in a role is to bounce a session after new information is learned about a device so that Role/Enforcement mapping can be reapplied to the user/device. Audit: Nessus/NMAP can be run against hosts, and Roles can be applied based on the results of the scan. Radius Respons e Radius CoA Radius CoA Radius CoA
  • 25. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf#airheadsconf25 MDM Integration
  • 26. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf MDM Firmware & patch management Remote wipe & control Device- level visibility Configure network settings Network Infrastructure Data in motion Device Management Data at rest Identify the user Protect the network Provision & revoke device credentials Push & provision apps Restrict usage & bandwidth NAC Managing Mobility
  • 27. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf Integrating Leading MDM Vendors •  ClearPass uses public APIs for: •  Normalize MDM endpoint data across vendors
  • 28. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf Mutually Leverage Context Device Policies •  Device restrictions •  Remote Lock & Wipe •  Install Application •  Black list Apps •  Firewall Policies •  Redirect to enroll •  Quarantine devices •  Bandwidth Prioritization Network Policies Exchange endpoint context & trigger policies
  • 29. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf ClearPass MDM Integration Using MDM device information for Policy ClearPass Endpoint data replicated to ClearPass cluster CoA triggers network enforcement ClearPass Device type & posture polled for policy decisions & reporting MaaS360
  • 30. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Use MDM Attributes for Network Policy MDM Attributes Posture Manufacturer: Apple Model: iPad2 OS Version: iOS 6.1 UDID 1730235f564094186 Serial Number 79049XXXA4S IMEI 012416009780168 Phone Number 408-534-2819 Carrier Verizon MDM Id 130d0f992t34 Owner jhoward Display Name John Howard Ownership Employee Liable MDM Enabled Yes Compromised Not Jailbroken Encryption Enabled Yes Blacklisted Apps No Required Apps Yes Last Check in 01/30/2012 9:03am Inventory
  • 31. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf Setting Network Policy Policy Example Use context from ClearPass + MDM to set network policy • Application installed • blacklisted • Device Profile • OS version • Endpoint health • Jailbreak status • Pincode/encryption • Location • Trusted or untrusted network • Time/Date • eg. in semester • User/group membership
  • 32. CONFIDENTIAL © Copyright 2011. Aruba Networks, Inc. All rights reserved32 Integrated User Onboarding Provisioning Workflow Detect un-enrolled device connected to the network Redirect to MDM self- service portal or Prompt user to download MDM agent Host MDM application, from network captive portal Install MDM agent on my device
  • 33. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf#airheadsconf33 Onboard Setup
  • 34. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf •  TLS client certificate provisioned per device •  Onboard using built in CA –  Act as standalone Root CA –  Integrate with existing PKI as Intermediate CA –  SCEP Proxy options coming soon •  Certificates replicated throughout cluster –  Onboard proxied to publisher node (http proxy) –  Proxy process transparent to client device –  Client certificates available on replicated to subscribers •  OSCP Responder available from subscribers –  Locally check for revocation of client certificates –  OSCP configured to override to localhost Certificate Authority Setup
  • 35. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf Configuring Onboard - Walkthrough CPPM Demo Server
  • 36. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf#airheadsconf36 Troubleshooting
  • 37. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Managing client certificates •  Revoke/Delete client certificates •  Quick search to find specific users/devices
  • 38. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Apple Captive Network Assistant Aruba Mobility Controller ClearPass Guest Open SSID for Guest Access WiFi Clients /Aruba_Login.php CP Guest Hosted Captive Portal Pages External Captive Portal Redirect /landing.php CP Guest CP Guest Apple Captive Network Assistant Request User Web Browser initial request aaa authentication captive-portal "guestnet” login-page http://10.169.130.50/landing.php/Aruba_Login.php 10.169.130.50
  • 39. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf Invalid Profile when Onboarding •  iOS expects to trust the web server hosting the profiles being pushed •  Multiple options to resolve –  Use HTTP if using L2 WiFi encryption –  Install publically signed web server cert –  Sign web server cert from Onboard CA •  Its all about iOS server trust
  • 40. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf Q&A
  • 41. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf#airheadsconf The Airheads Challenge Use Unlock Code “ONBOARD” To get the quiz for this session Login to play at community.arubanetworks.com
  • 42. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf#airheadsconf Thank You
  • 43. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf#airheadsconf43