SlideShare a Scribd company logo

BYOD with ClearPass

Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

ClearPass is a solution for managing Bring Your Own Device (BYOD) networks. It combines network access control, mobile device management, and mobile application management into a single system. This allows organizations to onboard personal devices, detect and profile devices on the network, set policies based on device attributes from MDM integrations, and control access to applications. The presentation discusses how ClearPass streamlines BYOD deployment by automating device provisioning and policy enforcement across networks, devices, and apps.

TechnologyTravel
1 of 46
Download to read offline
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf Extending BYOD with ClearPass Aruba Network Services Team June2013
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf The Big Picture Onboarding with ClearPass Technology Deployment Detecting BYOD Devices Device Management with ClearPass MDM Partners Native ClearPass App Management with ClearPass Q&A Agenda
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 The Big Picture
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf BYOD Creating a New Set of Challenges How do I get personal devices provisioned? NAC? MDM? MAM? How do I keep corporate data safe? How do I protect my network? What if a mobile device is lost? How do I maintain user privacy?
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf Policy Enforcement Options for BYOD NAC / AAA MDM MAM •  VLAN •  ACLs •  QoS •  Authentication •  Device Provisioning & Onboarding •  Device Policy •  Device Level Encryption •  Passcode •  Full Wipe •  App blacklist / whitelist •  Authentication •  App Passcode •  App Wipe •  App Policies •  App SSO •  App VPN
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf First System to Combine All BYOD Tools ClearPass with Aruba WorkSpace When What Who Where How Network Control Device Control Application Control Unified  access   management   1   Built-­‐in  Onboarding   &  MDM   2   Complete  BYOD   visibility  and  control   4   Built-­‐in  mobile   app  management   3  
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf#airheadsconf7 Onboarding with ClearPass
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf#airheadsconf8 Technology Overview
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf BYOD Workflow •  Supplicant Config •  Push Trusted Cert •  Enable Posture •  Set Auth type •  Enrollment workflow •  Authorize User to provision device •  Device credential push •  Link User to Device •  Complete view device & network •  Command & Control •  Inventory •  Diagnostics •  Revoke Device Access •  Device Profiling •  Role Derivation •  Corp vs Employee Liable Device Access Controls Join BYOD Domain Visibility & Reporting Onboard Device 1 2 3 4
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf Deployment Architecture Devices authenticate with Unique Device Credentials iOS Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Authentication Server Users enroll with Onboard Workflow Onboard Workflow Manage Devices Policy Definition Administer Secure BYOD Network Access 1 2 3 4
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf Detailed Architecture Aruba Controller Over-the-Air Provisioning QuickConnect™ Provisioning AP EAP-TLS (Device Certificate) Web Login Page Onboard GUI Certificates Users Endpoints Users Onboard Workflow iOS and OSX 10.6+ Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Server EAP-TLS (Device Certificate) Server VLAN Untrusted / DMZ Active Directory
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Onboard Workflow – iOS & OS X iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Download and install root certificate from portal Login with provisioning user’s credentials Authenticate with Active Directory Apple Over-the-Air Provisioning Switch to EAP-TLS EAP-TLS Auth RADIUS Auth (EAP-TLS) Access-Accept Client certificate verified AuthenticatedEAP-Success Server certificate verified Device authenticated Provisioning complete Captive portal Pre-provisioning Provisioning Onboard Complete
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf iOS “Over-the-Air Provisioning” iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Start device enrollment (signed profile payload) Request for enrollment SCEP enrollment profile Request device certificate using SCEP User authenticated for device enrollment Issue SCEP certificate for device Request device configuration profile (signed) Install device identity certificate Device configuration profile (signed + encrypted) Generate TLS certificate and payload with Onboard settings User accepts enrollment profile Install profile and return to Safari Refresh enrollment progress page Switch to EAP-TLS Apple Over-the-Air Provisioning Provisioning Complete
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Onboard Workflow – other OS’s Android Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Return provisioning portal page Download Onboard configuration QuickConnect Provisioning Switch to PEAP PEAP-MSCHAPv2 Auth RADIUS Auth (PEAP-MSCHAPv2) Access-Accept Verify unique device credentials AuthenticatedEAP-Success Server certificate verified Device authenticated Onboard Complete Detect device type Launch app Provisioning complete Device enrollment Push unique device credentials
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning SSID Provisioned SSID BYOD Employee-Secure •  Different SSID for Provisioning & Provisioned –  Standalone SSID –  Linked from Guest Access Portal
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning & Provisioned SSID Employee-Secure •  Same SSID for Provisioning & Provisioned –  Device Profiling –  Lack of provisioning credential –  MDM integration
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf Onboarding Workflow 1. Device type automatically detected & redirected to portal 2. Settings & credentials are auto-configured after user enters domain credentials 3. User automatically placed on proper SSID & network segment
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf#airheadsconf18 Detecting BYO Devices
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf •  No longer a binary decision •  Leverage context sources to determine enforcement –  Active Directory Group Membership –  Machine authentication for domain joined devices –  Device Type / Posture of the device –  Managed by MDM / context from MDM –  Lack of provisioned credential •  Differentiate Corporate Managed / Provisioned devices –  Enforce Machine Authentication differently –  Enforce MDM managed differently –  Enforce Onboard provisioning differently –  Redirect unmanaged / un-provisioned device to provisioning workflow (for example – only using PEAP AD credentials) Power of context aware policies
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf •  Native –  MAC OUI –  HTTP User Agent (Captive Portal Services) –  Onboard (explicit knowledge from client OS interactions) –  OnGuard (explicit knowledge from client OS interactions) •  Network Sourced –  DHCP Option fingerprinting (DHCP relay) –  Subnet scan with SNMP profiling (CDP, LLDP, sysDescr) –  AOS Controller 6.3 export (DHCP, HTTP, mDNS) •  Agent / Server Integration –  MS Exchange (Active-Sync device type) –  MDM Deployments •  Fingerprints updated automatically over the net Sources of Profile Data
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf Sample Profile Dashboard
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf Example Enforcement Policy
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf#airheadsconf23 Device Management with ClearPass
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf MDM Partners or Native ClearPass MDM Partners Multi-Platform Support iOS Only Support for Corporate Issued Devices ClearPass with WorkSpace Coming in CPPM 6.2
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf#airheadsconf25 MDM Partners
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf Integrating Leading MDM Vendors •  ClearPass uses public APIs for: •  Normalize MDM endpoint data across vendors
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf ClearPass MDM Integration Using MDM device information for Policy ClearPass Endpoint data replicated to ClearPass cluster CoA triggers network enforcement ClearPass Device type & posture polled for policy decisions & reporting MDM Server
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf Use MDM Attributes for Network Policy MDM Attributes Posture Manufacturer: Apple Model: iPad2 OS Version: iOS 6.1 UDID 1730235f564094186 Serial Number 79049XXXA4S IMEI 012416009780168 Phone Number 408-534-2819 Carrier Verizon MDM Id 130d0f992t34 Owner jhoward Display Name John Howard Ownership Employee Liable MDM Enabled Yes Compromised Not Jailbroken Encryption Enabled Yes Blacklisted Apps No Required Apps Yes Last Check in 01/30/2012 9:03am Inventory
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf Setting Network Policy Policy Example Use context from ClearPass + MDM to set network policy • Application installed • blacklisted • Device Profile • OS version • Endpoint health • Jailbreak status • Pincode/encryption • Location • Trusted or untrusted network • Time/Date • eg. in semester • User/group membership
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Sample network policies based on MDM !! •  Jailbreak •  Blacklisted App •  Corporate Issued vs Employee Owned •  MDM Enabled •  iPad vs iPhone ! ! !
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf#airheadsconf31 Native ClearPass iOS MDM
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 32 #airheadsconf Enforce iOS Device Policy with MDM Aruba WorkSpace helps organizations reduce the cost and risk of managing corporate-issued mobile devices Monitor device inventory Audit devices to ensure compliance Configure security settings Over the air remote provisioning Lock and wipe devices Passcode enforcement
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf Enabling ClearPass for MDM Active Directory CPPM (Publisher) WorkSpace (Subscriber) DMZ LDAPInternet Internal Firewall Ports (DMZ-Internal) Inbound Outbound HTTPS (TCP 443) HTTPS (TCP 443) SQL (TCP 5432) SQL (TCP 5432) NTP (UDP 123) NTP (UDP 123) Apple Push Notification Servers APNS Push Certificate
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf Managing iOS devices over the air ClearPass with WorkSpace Apple Push Notification Servers MDM Enrollment MDM Management OTA Enrollment Generate MDM Profile Install MDM Profile Bind to WorkSpace Server Device connects to WorkSpace Send Push Notification Policy Change on WorkSpace Execute Command / Queries
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf Example Configuration for MDM
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf#airheadsconf36 App Management with ClearPass
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Separating Corporate and Personal Data
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Create App Policy based on context Mobile Context Must be used during store hours Must be used at hospital or member facilities Can not be used while driving/ moving Cut & paste restrictions, Jailbreak / Root detection, Cloud backup Can not access torrent sites
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf One App for Employee Self-Service •  Employee self-service mobility •  Personalized portal with Single Sign-On •  WorkSpace App provisioned to device @mycompany   My AccessMy DevicesMy Apps
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf ClearPass with Aruba WorkSpace First Integrated BYOD System Most Comprehensive Self-Service Portal •  Simplify BYOD Rollout: No need to onboard multiple vendors and integrate multiple systems •  Faster Service Delivery: automate BYOD provisioning across network, device and app •  Stronger Security: More options to control BYOD use •  Personalized BYOD: Employees get visibility and are empowered to customize their BYOD experience Extensive Partner Ecosystem •  More than 40 3rd-Party ISV Apps: Extensive list of productivity and collaboration tools
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf Enabling ClearPass for WorkSpace Active Directory CPPM (Publisher) WorkSpace (Subscriber) DMZ LDAPInternet Internal Firewall Ports (DMZ-Internal) Inbound Outbound HTTPS (TCP 443) HTTPS (TCP 443) SQL (TCP 5432) SQL (TCP 5432) NTP (UDP 123) NTP (UDP 123) Enterprise Developer Certificate Apple AppStore WorkSpace ‘For Aruba Apps’ Enterprise AppStore
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf Managing App Policy over the air ClearPass with WorkSpace WorkSpace Enrollment App Policy Management Trigger WorkSpace App Install OTA Enrollment Authenticate User & Provision App Install Policy Managed Apps Device connects to WorkSpace WorkSpace or App Launch Policy Change on WorkSpace Execute Policy / Update App Apple AppStore WorkSpace ‘For Aruba Apps’ Enterprise AppStore
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf Example configuration for WorkSpace
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 44 #airheadsconf Q&A
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 45 #airheadsconf#airheadsconf45
CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 46 #airheadsconf#airheadsconf Thank You

Recommended

Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 

Recommended

Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Onboard Deployment Guide 3.9.6
Onboard Deployment Guide 3.9.6Aruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Guest Access with ArubaOS
Guest Access with ArubaOSGuest Access with ArubaOS
Guest Access with ArubaOSAruba, a Hewlett Packard Enterprise company
 
Campus Network Design version 8
Campus Network Design version 8Campus Network Design version 8
Campus Network Design version 8Aruba, a Hewlett Packard Enterprise company
 
Getting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallGetting the most out of the aruba policy enforcement firewall
Getting the most out of the aruba policy enforcement firewallAruba, a Hewlett Packard Enterprise company
 
Large scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passLarge scale, distributed access management deployment with aruba clear pass
Large scale, distributed access management deployment with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsAruba, a Hewlett Packard Enterprise company
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba, a Hewlett Packard Enterprise company
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1Aruba, a Hewlett Packard Enterprise company
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility ControllersAruba, a Hewlett Packard Enterprise company
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass OverviewJoAnna Cheshire
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesAruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationAruba, a Hewlett Packard Enterprise company
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingAruba, a Hewlett Packard Enterprise company
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAruba, a Hewlett Packard Enterprise company
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAruba, a Hewlett Packard Enterprise company
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba, a Hewlett Packard Enterprise company
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba, a Hewlett Packard Enterprise company
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestAruba, a Hewlett Packard Enterprise company
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba, a Hewlett Packard Enterprise company
 
2012 ah apj deploying byod
2012 ah apj deploying byod2012 ah apj deploying byod
2012 ah apj deploying byodAruba, a Hewlett Packard Enterprise company
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility designAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

What's hot (20)

Managing and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANsManaging and Optimizing RF Spectrum for Aruba WLANs
Managing and Optimizing RF Spectrum for Aruba WLANs
 
Aruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_finalAruba clearpass ebook_chpt1_final
Aruba clearpass ebook_chpt1_final
 
Useful cli commands v1
Useful cli commands v1Useful cli commands v1
Useful cli commands v1
 
Aruba Mobility Controllers
Aruba Mobility ControllersAruba Mobility Controllers
Aruba Mobility Controllers
 
Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass Workshop
 
ClearPass Overview
ClearPass OverviewClearPass Overview
ClearPass Overview
 
Aruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User GuideAruba ClearPass Guest 6.3 User Guide
Aruba ClearPass Guest 6.3 User Guide
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass Workshop
 
Base Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference DesignBase Designs Lab Setup for Validated Reference Design
Base Designs Lab Setup for Validated Reference Design
 
Optimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming DevicesOptimizing Aruba WLANs for Roaming Devices
Optimizing Aruba WLANs for Roaming Devices
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
 
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice ConfigurationEMEA Airheads- Instant AP- Instant AP Best Practice Configuration
EMEA Airheads- Instant AP- Instant AP Best Practice Configuration
 
Roaming behavior and Client Troubleshooting
Roaming behavior and Client TroubleshootingRoaming behavior and Client Troubleshooting
Roaming behavior and Client Troubleshooting
 
Adapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear passAdapting to evolving user, security, and business needs with aruba clear pass
Adapting to evolving user, security, and business needs with aruba clear pass
 
Advanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter laneAdvanced rf troubleshooting_peter lane
Advanced rf troubleshooting_peter lane
 
Aruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference DesignAruba Remote Access Point (RAP) Networks Validated Reference Design
Aruba Remote Access Point (RAP) Networks Validated Reference Design
 
Aruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep DiveAruba ClearPass Exchange Deep Dive
Aruba ClearPass Exchange Deep Dive
 
Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2Aruba mobility access switch useful commands v2
Aruba mobility access switch useful commands v2
 
Apple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass GuestApple Captive Network Assistant Bypass with ClearPass Guest
Apple Captive Network Assistant Bypass with ClearPass Guest
 
Aruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference DesignAruba 802.11n Networks Validated Reference Design
Aruba 802.11n Networks Validated Reference Design
 

Viewers also liked

8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...Aruba, a Hewlett Packard Enterprise company
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Aruba, a Hewlett Packard Enterprise company
 

Viewers also liked (20)

2012 ah apj deploying byod
2012 ah apj deploying byod2012 ah apj deploying byod
2012 ah apj deploying byod
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...8 software defined networking and traffic engineering partha narasimhan_ash c...
8 software defined networking and traffic engineering partha narasimhan_ash c...
 
2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals2012 ah vegas unified access fundamentals
2012 ah vegas unified access fundamentals
 
Mac authentication amigopod radius
Mac authentication amigopod radiusMac authentication amigopod radius
Mac authentication amigopod radius
 
Airheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 complianceAirheads vail 2011 pci 2.0 compliance
Airheads vail 2011 pci 2.0 compliance
 
Hello instant 0612_1a
Hello instant 0612_1aHello instant 0612_1a
Hello instant 0612_1a
 
Aruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalanAruba instant the easy button for wireless gokul rajagopalan
Aruba instant the easy button for wireless gokul rajagopalan
 
Guest wlan via gu iv3
Guest wlan via gu iv3Guest wlan via gu iv3
Guest wlan via gu iv3
 
Do d directives regarding wireless lan
Do d directives regarding wireless lanDo d directives regarding wireless lan
Do d directives regarding wireless lan
 
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4Aruba webinar dorm wi fi design v4
Aruba webinar dorm wi fi design v4
 
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
Case study migrating 1800 a ps to 7240 mobility controllers_douglas burke_ste...
 
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012Aruba networks webinar_wi-fi_without_interruption_sep20_2012
Aruba networks webinar_wi-fi_without_interruption_sep20_2012
 
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
Security intermediate practical cryptography_certs_and 802.1_x_rich langston...
 
Gigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroftGigabit wifi 802.11 ac in depth_peter thornycroft
Gigabit wifi 802.11 ac in depth_peter thornycroft
 
2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac2012 ah vegas top10 tips from aruba tac
2012 ah vegas top10 tips from aruba tac
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals2012 ah vegas remote networking fundamentals
2012 ah vegas remote networking fundamentals
 
Creating an 802 1 xv3
Creating an 802 1 xv3Creating an 802 1 xv3
Creating an 802 1 xv3
 

Similar to BYOD with ClearPass

1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architectureCloud Genius
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityDigicomp Academy AG
 
Leveraging the Cloud for Continuous Delivery while Protecting your IP
Leveraging the Cloud for Continuous Delivery while Protecting your IPLeveraging the Cloud for Continuous Delivery while Protecting your IP
Leveraging the Cloud for Continuous Delivery while Protecting your IPPerforce
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera Technologies
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoCristian Garcia G.
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld
 
aruba network
aruba networkaruba network
aruba networkLeo Thiha
 
Cisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Canada
 

Similar to BYOD with ClearPass (20)

Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
Shanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPassShanghai Breakout: Access Management with Aruba ClearPass
Shanghai Breakout: Access Management with Aruba ClearPass
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access Networks
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf Italy
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Aruba ClearPass_Onboard
Aruba ClearPass_OnboardAruba ClearPass_Onboard
Aruba ClearPass_Onboard
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture1. introduction to_cloud_services_architecture
1. introduction to_cloud_services_architecture
 
Citirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise MobilityCitirx Day 2013: Citrix Enterprise Mobility
Citirx Day 2013: Citrix Enterprise Mobility
 
Industry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulteIndustry breakout government military forum_jon green_stuart schulte
Industry breakout government military forum_jon green_stuart schulte
 
Leveraging the Cloud for Continuous Delivery while Protecting your IP
Leveraging the Cloud for Continuous Delivery while Protecting your IPLeveraging the Cloud for Continuous Delivery while Protecting your IP
Leveraging the Cloud for Continuous Delivery while Protecting your IP
 
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
Cyxtera - Operational Complexity: The Biggest Security Threat to Your AWS Env...
 
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformadoDesafíos de la Ciberseguridad en un ecosistema digitalmente transformado
Desafíos de la Ciberseguridad en un ecosistema digitalmente transformado
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
VMworld 2013: Enhancing Workplace Mobility and BYOD with the VMware Mobile Se...
 
aruba network
aruba networkaruba network
aruba network
 
Cisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private cloudsCisco Connect Ottawa 2018 consuming public and private clouds
Cisco Connect Ottawa 2018 consuming public and private clouds
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 
EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x EMEA Airheads - Configuring different APIs in Aruba 8.x
EMEA Airheads - Configuring different APIs in Aruba 8.x
 

Recently uploaded

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLScyllaDB
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsMiki Katsuragi
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Mark Simos
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyAlfredo García Lavilla
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupFlorian Wilhelm
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxNavinnSomaal
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfAlex Barbosa Coqueiro
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii SoldatenkoFwdays
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024BookNet Canada
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brandgvaughan
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticscarlostorres15106
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Mattias Andersson
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Commit University
 

Recently uploaded (20)

Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Developer Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQLDeveloper Data Modeling Mistakes: From Postgres to NoSQL
Developer Data Modeling Mistakes: From Postgres to NoSQL
 
Vertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering TipsVertex AI Gemini Prompt Engineering Tips
Vertex AI Gemini Prompt Engineering Tips
 
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
Tampa BSides - Chef's Tour of Microsoft Security Adoption Framework (SAF)
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptxE-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
E-Vehicle_Hacking_by_Parul Sharma_null_owasp.pptx
 
Commit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easyCommit 2024 - Secret Management made easy
Commit 2024 - Secret Management made easy
 
Streamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project SetupStreamlining Python Development: A Guide to a Modern Project Setup
Streamlining Python Development: A Guide to a Modern Project Setup
 
SAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptxSAP Build Work Zone - Overview L2-L3.pptx
SAP Build Work Zone - Overview L2-L3.pptx
 
Unraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdfUnraveling Multimodality with Large Language Models.pdf
Unraveling Multimodality with Large Language Models.pdf
 
"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko"Debugging python applications inside k8s environment", Andrii Soldatenko
"Debugging python applications inside k8s environment", Andrii Soldatenko
 
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
New from BookNet Canada for 2024: BNC CataList - Tech Forum 2024
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
WordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your BrandWordPress Websites for Engineers: Elevate Your Brand
WordPress Websites for Engineers: Elevate Your Brand
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?Are Multi-Cloud and Serverless Good or Bad?
Are Multi-Cloud and Serverless Good or Bad?
 
Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!Nell’iperspazio con Rocket: il Framework Web di Rust!
Nell’iperspazio con Rocket: il Framework Web di Rust!
 

BYOD with ClearPass

  • 1. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 1 #airheadsconf#airheadsconf Extending BYOD with ClearPass Aruba Network Services Team June2013
  • 2. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 2 #airheadsconf The Big Picture Onboarding with ClearPass Technology Deployment Detecting BYOD Devices Device Management with ClearPass MDM Partners Native ClearPass App Management with ClearPass Q&A Agenda
  • 3. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 3 #airheadsconf#airheadsconf3 The Big Picture
  • 4. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 4 #airheadsconf BYOD Creating a New Set of Challenges How do I get personal devices provisioned? NAC? MDM? MAM? How do I keep corporate data safe? How do I protect my network? What if a mobile device is lost? How do I maintain user privacy?
  • 5. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 5 #airheadsconf Policy Enforcement Options for BYOD NAC / AAA MDM MAM •  VLAN •  ACLs •  QoS •  Authentication •  Device Provisioning & Onboarding •  Device Policy •  Device Level Encryption •  Passcode •  Full Wipe •  App blacklist / whitelist •  Authentication •  App Passcode •  App Wipe •  App Policies •  App SSO •  App VPN
  • 6. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 6 #airheadsconf First System to Combine All BYOD Tools ClearPass with Aruba WorkSpace When What Who Where How Network Control Device Control Application Control Unified  access   management   1   Built-­‐in  Onboarding   &  MDM   2   Complete  BYOD   visibility  and  control   4   Built-­‐in  mobile   app  management   3  
  • 7. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 7 #airheadsconf#airheadsconf7 Onboarding with ClearPass
  • 8. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 8 #airheadsconf#airheadsconf8 Technology Overview
  • 9. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 9 #airheadsconf BYOD Workflow •  Supplicant Config •  Push Trusted Cert •  Enable Posture •  Set Auth type •  Enrollment workflow •  Authorize User to provision device •  Device credential push •  Link User to Device •  Complete view device & network •  Command & Control •  Inventory •  Diagnostics •  Revoke Device Access •  Device Profiling •  Role Derivation •  Corp vs Employee Liable Device Access Controls Join BYOD Domain Visibility & Reporting Onboard Device 1 2 3 4
  • 10. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 10 #airheadsconf Deployment Architecture Devices authenticate with Unique Device Credentials iOS Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Authentication Server Users enroll with Onboard Workflow Onboard Workflow Manage Devices Policy Definition Administer Secure BYOD Network Access 1 2 3 4
  • 11. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 11 #airheadsconf Detailed Architecture Aruba Controller Over-the-Air Provisioning QuickConnect™ Provisioning AP EAP-TLS (Device Certificate) Web Login Page Onboard GUI Certificates Users Endpoints Users Onboard Workflow iOS and OSX 10.6+ Windows Mac OS X Android ClearPass Onboard ClearPass Policy Manager “Bring Your Own” Client Devices Network Server EAP-TLS (Device Certificate) Server VLAN Untrusted / DMZ Active Directory
  • 12. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 12 #airheadsconf Onboard Workflow – iOS & OS X iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Download and install root certificate from portal Login with provisioning user’s credentials Authenticate with Active Directory Apple Over-the-Air Provisioning Switch to EAP-TLS EAP-TLS Auth RADIUS Auth (EAP-TLS) Access-Accept Client certificate verified AuthenticatedEAP-Success Server certificate verified Device authenticated Provisioning complete Captive portal Pre-provisioning Provisioning Onboard Complete
  • 13. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 13 #airheadsconf iOS “Over-the-Air Provisioning” iOS Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Start device enrollment (signed profile payload) Request for enrollment SCEP enrollment profile Request device certificate using SCEP User authenticated for device enrollment Issue SCEP certificate for device Request device configuration profile (signed) Install device identity certificate Device configuration profile (signed + encrypted) Generate TLS certificate and payload with Onboard settings User accepts enrollment profile Install profile and return to Safari Refresh enrollment progress page Switch to EAP-TLS Apple Over-the-Air Provisioning Provisioning Complete
  • 14. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 14 #airheadsconf Onboard Workflow – other OS’s Android Device Network Infrastructure ClearPass Onboard ClearPass Policy Manager Associate, HTTP GET Redirect Provisioning role Request mobile device provisioning page Return provisioning portal page Download Onboard configuration QuickConnect Provisioning Switch to PEAP PEAP-MSCHAPv2 Auth RADIUS Auth (PEAP-MSCHAPv2) Access-Accept Verify unique device credentials AuthenticatedEAP-Success Server certificate verified Device authenticated Onboard Complete Detect device type Launch app Provisioning complete Device enrollment Push unique device credentials
  • 15. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 15 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning SSID Provisioned SSID BYOD Employee-Secure •  Different SSID for Provisioning & Provisioned –  Standalone SSID –  Linked from Guest Access Portal
  • 16. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 16 #airheadsconf Onboarding Deployment Options Aruba Controller AP 802.1x Authenticator 802.1x Authentication Server Endpoints Users iPad Android ClearPass Policy Manager Client Devices Network Server Active Directory 802.1x Supplicants Provisioning & Provisioned SSID Employee-Secure •  Same SSID for Provisioning & Provisioned –  Device Profiling –  Lack of provisioning credential –  MDM integration
  • 17. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 17 #airheadsconf Onboarding Workflow 1. Device type automatically detected & redirected to portal 2. Settings & credentials are auto-configured after user enters domain credentials 3. User automatically placed on proper SSID & network segment
  • 18. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 18 #airheadsconf#airheadsconf18 Detecting BYO Devices
  • 19. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 19 #airheadsconf •  No longer a binary decision •  Leverage context sources to determine enforcement –  Active Directory Group Membership –  Machine authentication for domain joined devices –  Device Type / Posture of the device –  Managed by MDM / context from MDM –  Lack of provisioned credential •  Differentiate Corporate Managed / Provisioned devices –  Enforce Machine Authentication differently –  Enforce MDM managed differently –  Enforce Onboard provisioning differently –  Redirect unmanaged / un-provisioned device to provisioning workflow (for example – only using PEAP AD credentials) Power of context aware policies
  • 20. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 20 #airheadsconf •  Native –  MAC OUI –  HTTP User Agent (Captive Portal Services) –  Onboard (explicit knowledge from client OS interactions) –  OnGuard (explicit knowledge from client OS interactions) •  Network Sourced –  DHCP Option fingerprinting (DHCP relay) –  Subnet scan with SNMP profiling (CDP, LLDP, sysDescr) –  AOS Controller 6.3 export (DHCP, HTTP, mDNS) •  Agent / Server Integration –  MS Exchange (Active-Sync device type) –  MDM Deployments •  Fingerprints updated automatically over the net Sources of Profile Data
  • 21. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 21 #airheadsconf Sample Profile Dashboard
  • 22. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 22 #airheadsconf Example Enforcement Policy
  • 23. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 23 #airheadsconf#airheadsconf23 Device Management with ClearPass
  • 24. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 24 #airheadsconf MDM Partners or Native ClearPass MDM Partners Multi-Platform Support iOS Only Support for Corporate Issued Devices ClearPass with WorkSpace Coming in CPPM 6.2
  • 25. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 25 #airheadsconf#airheadsconf25 MDM Partners
  • 26. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 26 #airheadsconf Integrating Leading MDM Vendors •  ClearPass uses public APIs for: •  Normalize MDM endpoint data across vendors
  • 27. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 27 #airheadsconf ClearPass MDM Integration Using MDM device information for Policy ClearPass Endpoint data replicated to ClearPass cluster CoA triggers network enforcement ClearPass Device type & posture polled for policy decisions & reporting MDM Server
  • 28. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 28 #airheadsconf Use MDM Attributes for Network Policy MDM Attributes Posture Manufacturer: Apple Model: iPad2 OS Version: iOS 6.1 UDID 1730235f564094186 Serial Number 79049XXXA4S IMEI 012416009780168 Phone Number 408-534-2819 Carrier Verizon MDM Id 130d0f992t34 Owner jhoward Display Name John Howard Ownership Employee Liable MDM Enabled Yes Compromised Not Jailbroken Encryption Enabled Yes Blacklisted Apps No Required Apps Yes Last Check in 01/30/2012 9:03am Inventory
  • 29. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 29 #airheadsconf Setting Network Policy Policy Example Use context from ClearPass + MDM to set network policy • Application installed • blacklisted • Device Profile • OS version • Endpoint health • Jailbreak status • Pincode/encryption • Location • Trusted or untrusted network • Time/Date • eg. in semester • User/group membership
  • 30. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 30 #airheadsconf Sample network policies based on MDM !! •  Jailbreak •  Blacklisted App •  Corporate Issued vs Employee Owned •  MDM Enabled •  iPad vs iPhone ! ! !
  • 31. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 31 #airheadsconf#airheadsconf31 Native ClearPass iOS MDM
  • 32. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 32 #airheadsconf Enforce iOS Device Policy with MDM Aruba WorkSpace helps organizations reduce the cost and risk of managing corporate-issued mobile devices Monitor device inventory Audit devices to ensure compliance Configure security settings Over the air remote provisioning Lock and wipe devices Passcode enforcement
  • 33. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 33 #airheadsconf Enabling ClearPass for MDM Active Directory CPPM (Publisher) WorkSpace (Subscriber) DMZ LDAPInternet Internal Firewall Ports (DMZ-Internal) Inbound Outbound HTTPS (TCP 443) HTTPS (TCP 443) SQL (TCP 5432) SQL (TCP 5432) NTP (UDP 123) NTP (UDP 123) Apple Push Notification Servers APNS Push Certificate
  • 34. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 34 #airheadsconf Managing iOS devices over the air ClearPass with WorkSpace Apple Push Notification Servers MDM Enrollment MDM Management OTA Enrollment Generate MDM Profile Install MDM Profile Bind to WorkSpace Server Device connects to WorkSpace Send Push Notification Policy Change on WorkSpace Execute Command / Queries
  • 35. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 35 #airheadsconf Example Configuration for MDM
  • 36. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 36 #airheadsconf#airheadsconf36 App Management with ClearPass
  • 37. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 37 #airheadsconf Separating Corporate and Personal Data
  • 38. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 38 #airheadsconf Create App Policy based on context Mobile Context Must be used during store hours Must be used at hospital or member facilities Can not be used while driving/ moving Cut & paste restrictions, Jailbreak / Root detection, Cloud backup Can not access torrent sites
  • 39. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 39 #airheadsconf One App for Employee Self-Service •  Employee self-service mobility •  Personalized portal with Single Sign-On •  WorkSpace App provisioned to device @mycompany   My AccessMy DevicesMy Apps
  • 40. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 40 #airheadsconf ClearPass with Aruba WorkSpace First Integrated BYOD System Most Comprehensive Self-Service Portal •  Simplify BYOD Rollout: No need to onboard multiple vendors and integrate multiple systems •  Faster Service Delivery: automate BYOD provisioning across network, device and app •  Stronger Security: More options to control BYOD use •  Personalized BYOD: Employees get visibility and are empowered to customize their BYOD experience Extensive Partner Ecosystem •  More than 40 3rd-Party ISV Apps: Extensive list of productivity and collaboration tools
  • 41. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 41 #airheadsconf Enabling ClearPass for WorkSpace Active Directory CPPM (Publisher) WorkSpace (Subscriber) DMZ LDAPInternet Internal Firewall Ports (DMZ-Internal) Inbound Outbound HTTPS (TCP 443) HTTPS (TCP 443) SQL (TCP 5432) SQL (TCP 5432) NTP (UDP 123) NTP (UDP 123) Enterprise Developer Certificate Apple AppStore WorkSpace ‘For Aruba Apps’ Enterprise AppStore
  • 42. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 42 #airheadsconf Managing App Policy over the air ClearPass with WorkSpace WorkSpace Enrollment App Policy Management Trigger WorkSpace App Install OTA Enrollment Authenticate User & Provision App Install Policy Managed Apps Device connects to WorkSpace WorkSpace or App Launch Policy Change on WorkSpace Execute Policy / Update App Apple AppStore WorkSpace ‘For Aruba Apps’ Enterprise AppStore
  • 43. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 43 #airheadsconf Example configuration for WorkSpace
  • 44. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 44 #airheadsconf Q&A
  • 45. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 45 #airheadsconf#airheadsconf45
  • 46. CONFIDENTIAL © Copyright 2013. Aruba Networks, Inc. All rights reserved 46 #airheadsconf#airheadsconf Thank You