SlideShare a Scribd company logo

Shanghai Breakout: Access Management with Aruba ClearPass

Download as PPTX, PDF
Aruba, a Hewlett Packard Enterprise company
Aruba, a Hewlett Packard Enterprise company

Breakout

Technology
1 of 34
Access Management with Aruba ClearPass Austin Hawthorne December 12th, 2014
CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Agenda Defining Adaptive Policies Context Collection Leveraging Context in NAC Policies Enhancing User Experience, Operations, and Security with Context
3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Why Adaptive Policies? THEN Predictable Desk Access NOW Access from Anywhere
4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Deciphering Context for Policy Decisions Jailbroken phone? BYOD? Guest? Office? Device type? Firewall enabled? Employee? Skim milk? Policies must adapt to conditions
5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Common Security Questions • Is this a corporate device or a personal device connecting to my wireless network with my employee’s account information? • Is this a Printer or Computer connecting to my wired network without 802.1x? • How do I keep corporate devices off the Guest SSID? • I trust my corporate assets, but I need to be able to check the compliance of Contractor computers when they connect, and restrict them from using mobile devices, how?
6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Adaptive Trust: Context Collection
7 Device & type CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Access type App traffic & behavior #AirheadsConf The Heart of an Adaptive Trust Decision User & role Ownership - IT or BYOD Usable Context Device assessment Location - Secure or open access Auth type - credentials or certificate Session rules Time-of-day / Day-of-Week
8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sources of Usable Context Device Profiling • Samsung SM-G900 • Android • “Jons-Galaxy” EMM/MDM • Personal owned • Registered • OS up-to-date • Hansen, Jon [Sales] • MDM enabled = true • In-compliance = true Identity Stores Enforcement Points • Hansen, Jon [Sales] • Title – COO • Dept – Executive office • City – London • Location – Bldg 10 • Floor – 3 • Bandwidth – 10Mbps
Adaptive Trust 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sources of Usable Context Device Profiling • Samsung SM-G900 • Android • “Jons-Galaxy” EMM/MDM • Personal owned • Registered • OS up-to-date • Hansen, Jon [Sales] • MDM enabled = true • In-compliance = true Identity Stores Enforcement Points • Hansen, Jon [Sales] • Title – COO • Dept – Executive office • City – London • Location – Bldg 10 • Floor – 3 • Bandwidth – 10Mbps Identity • Hansen, Jon [Sales] • COO, Executive Office • London • Personal Owned • Samsung SM-G900 • Android 4.4, Knox • MDM enabled = true • In-compliance = true • At Bldg 10, floor 3 • 21:22GMT, 21/12/14
10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context Sources • External: • Network Devices • Radius/TACACS • AD/LDAP • SAML/OAUTH2/Okta • Radius • Kerberos • Token Servers • SQL Databases • MDM Systems • Aruba Activate • HTTP • Internal: • Endpoint DB • Profiling information from: • DHCP • HTTP • SNMP • IOS Device Sensor • ActiveSync • OnGuard • Onboard • Insight DB • Session/State Information • Guest User/Device DB • Date/Time • LocalUser DB
11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context Examples
Adaptive Trust: Leverage Context in Policy 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Decisions
13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Adaptive Policy Driven by Context Corporate Tablet BYOD Tablet Authentication EAP-TLS SSID CORP-SECURE Authentication EAP-TLS SSID CORP-SECURE Internet Only Internet and Corporate Apps
14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model – AuthN vs AuthZ ClearPass Policy Manager AD/LDAP Guest Insight Endpoint Onboard Service Matching SQL MDM HTTP Authentication Authorization Role Mapping Enforcement Username = Bob Mac Address = XYZ SSID = Secure Location = Building 1 Request = Radius Response = Radius - Accept - Reject - Attributes Added Context: MDM Enrolled = True Device Type = iPad Owner = Bob Required Apps = True Active Sessions = 2 AD Group = Exec Corp Asset = True
15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Role-Mapping • Role-Mapping used to filter collected contextual data into “tags” (roles) that can be used for enforcement conditions. • “Select All” vs “Select First” condition matching • Careful of the “AND” “OR” conditons • Available Options: • Radius/TACACS Attributes • Authentication Attributes • Authorization Attributes (from any source) • Certificate Attributes • Endpoint Attributes • Date/Time Attributes
16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sample Role Mapping Device Context Auth Context User Context Cert Context Onboard Context MDM Context
17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Policies • Condition based rules to determine which enforcement profile(s) to use. • Can signal multiple actions, more on that later. • Leverages “Roles” assigned during Role- Mapping. • Leverages “Posture” token assigned during posture check. • Typically a top down, “First Match” rule matching algorithm.
18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sample Enforcement Policy Using Roles for User and Device Using Roles and Posture Enforcement Policy
19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Profiles • Profiles are essentially the enforcement “actions” you want to signal based on the set conditions. • Multiple Types of Enforcement Profiles: • Radius • Radius CoA • SNMP • CLI • HTTP • Entity Update • OnGuard Agent • TACACS
Adaptive Trust: Security, Operational, and User 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Experience Advantages
21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Security Disconnect Who: Bob Group: Faculty Device: Personal iPad Location: Room 104 Time: 9am, Monday Compliance: Healthy VPN AAA/NAC DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW ? ? ? ? ?
• User can’t connect to the 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf User and Operational Disconnect VPN AAA/NAC DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW X X network • User application access is slow or disconnects • Where does the problem exist? • When do you know about the problem? • Where do you start? ? ? ? ? ? ? ? ? ? ? ?
Time for a New Perimeter Defense Model 23 Firewalls CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved EMM/MDM #AirheadsConf Perimeter Defense IDS/IPS Mobility Defense Firewalls Access Policy Management IDS/IPS/AV Enforcement Points Physical A/V Web gateways Policy needed for central point of control
24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Security and Usability Coordination VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW Who: Bob Group: Faculty Device: Personal iPad Location: Room 104 Time: 9am, Monday Compliance: Healthy Mac Address: X IP Address: Y Airgroup Permissions What if when the user connects: - Update the FW - Update the IPAM - Update the Proxy - Logon the application - Update the WLAN
25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf User Self Service VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW Self Service: - BYOD Portal - Device/Guest Registration - Device Access Management - Auto-Remediation - Notification Pages
26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operational Integration VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW - Auto Open Help Desk Ticket - Notify User - Integration into Network Management
27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Integration Options • “Built In” Integration • MDM Actions • Palo Alto HIP Updates • Syslog • Splunk App • CEF/LEEF Support (Future) • Radius Proxy (future) • Inbound API • Web Pages: • OnGuard DA, OnBoard, Device/User Registration, Notification/Warning • “Build your own” Integration • ClearPass Exchange • REST/XML Based API
Mitigating Risks using 3rd Party Integration 28 Syslog Messages CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved ClearPass denies access to device #AirheadsConf ClearPass Exchange Jail-broken device detected Helpdesk ticket auto generated Message to device auto generated 1. 3. 2. RESTful APIs Adaptive Trust Identity Jailbreak example
29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Example Radius Action to force notification page Send user SMS notification Update Palo Alto Firewall Open Help Desk Ticket Sound the alarm! Send Email to security team
30 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Dynamic Content based on Context • Device, User, and Posture context can be pulled into actions and web pages. • Leverages “NameSpace” variables in enforcement actions and web login pages.
31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NameSpaces in ClearPass • Almost all of the “context” that is collected by ClearPass can be called up and used via dynamic “namespace” variables. • For example: • %{Endpoint:Model} • %{Radius:Aruba:Aruba-Location-Id} • %{Authentication:Full-Username} • These can be used in role mapping, enforcement profiles and policies, auth source filters/queries, etc in place of static variables. • When used, the value is replaced with information pertaining to that device or user dynamically
32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Conclusion
33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NameSpaces in ClearPass • Context is the foundation of ClearPass • More contextual sources than any other vendor! • Ability to share context with more vendors than our competitors! • Context provides for greater security, visibility, and flexibility to support ever-changing #GenMobile environment. • Please check out the “Secure Air” booth during your break for a demonstration of these principles in action!
Thank You 34 #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Recommended

Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopShanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopAruba, a Hewlett Packard Enterprise company
 

Recommended

Advanced ClearPass Workshop
Advanced ClearPass WorkshopAdvanced ClearPass Workshop
Advanced ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAdvanced Aruba ClearPass Workshop
Advanced Aruba ClearPass WorkshopAruba, a Hewlett Packard Enterprise company
 
Advanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAdvanced Access Management with Aruba ClearPass #AirheadsConf Italy
Advanced Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAccess Management with Aruba ClearPass #AirheadsConf Italy
Access Management with Aruba ClearPass #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPassAruba, a Hewlett Packard Enterprise company
 
Defining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksDefining Advanced AAA Policies for Access Networks
Defining Advanced AAA Policies for Access NetworksAruba, a Hewlett Packard Enterprise company
 
ClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsClearPass design scenarios that solve the toughest security policy requirements
ClearPass design scenarios that solve the toughest security policy requirementsAruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopShanghai Breakout: Advanced Airwave Workshop
Shanghai Breakout: Advanced Airwave WorkshopAruba, a Hewlett Packard Enterprise company
 
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba, a Hewlett Packard Enterprise company
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesAruba, a Hewlett Packard Enterprise company
 
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudEMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudAruba, a Hewlett Packard Enterprise company
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise MobilityAruba, a Hewlett Packard Enterprise company
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Aruba, a Hewlett Packard Enterprise company
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentalsAruba, a Hewlett Packard Enterprise company
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview Aruba, a Hewlett Packard Enterprise company
 
Shanghai Breakout: Location Analytics – Key Considerations and Use Cases
Shanghai Breakout: Location Analytics – Key Considerations and Use CasesShanghai Breakout: Location Analytics – Key Considerations and Use Cases
Shanghai Breakout: Location Analytics – Key Considerations and Use CasesAruba, a Hewlett Packard Enterprise company
 
ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014Marcello Marchesini
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Aruba, a Hewlett Packard Enterprise company
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaAruba, a Hewlett Packard Enterprise company
 
Advanced Aruba Airwave Workshop #AirheadsConf Italy
Advanced Aruba Airwave Workshop #AirheadsConf ItalyAdvanced Aruba Airwave Workshop #AirheadsConf Italy
Advanced Aruba Airwave Workshop #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyAruba, a Hewlett Packard Enterprise company
 
Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf ItalySelf-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon greenAruba, a Hewlett Packard Enterprise company
 
Mobile Devices and Wi-Fi
Mobile Devices and Wi-FiMobile Devices and Wi-Fi
Mobile Devices and Wi-FiAruba, a Hewlett Packard Enterprise company
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentalsAruba, a Hewlett Packard Enterprise company
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceAruba, a Hewlett Packard Enterprise company
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 
Aruba Networks at WFD6
Aruba Networks at WFD6 Aruba Networks at WFD6
Aruba Networks at WFD6 Aruba, a Hewlett Packard Enterprise company
 
Remote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyRemote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyAruba, a Hewlett Packard Enterprise company
 

More Related Content

What's hot

ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014Marcello Marchesini
 

What's hot (20)

Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote KeynoteAruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
Aruba Atmosphere / Airheads 2014 Keerti Melkote Keynote
 
Real-world 802.1X Deployment Challenges
Real-world 802.1X Deployment ChallengesReal-world 802.1X Deployment Challenges
Real-world 802.1X Deployment Challenges
 
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the CloudEMEA Airheads - Aruba Central- Managing Networks from the Cloud
EMEA Airheads - Aruba Central- Managing Networks from the Cloud
 
Secure Enterprise Mobility
Secure Enterprise MobilitySecure Enterprise Mobility
Secure Enterprise Mobility
 
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
Breakout - Airheads Macau 2013 - ClearPass Access Management Basics
 
2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals2012 ah vegas guest access fundamentals
2012 ah vegas guest access fundamentals
 
Wireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf ItalyWireless LAN Security Fundamentals #AirheadsConf Italy
Wireless LAN Security Fundamentals #AirheadsConf Italy
 
ClearPass Guest Overview
ClearPass Guest Overview ClearPass Guest Overview
ClearPass Guest Overview
 
Shanghai Breakout: Location Analytics – Key Considerations and Use Cases
Shanghai Breakout: Location Analytics – Key Considerations and Use CasesShanghai Breakout: Location Analytics – Key Considerations and Use Cases
Shanghai Breakout: Location Analytics – Key Considerations and Use Cases
 
ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014ARUBA - Remote Branch-networking-fundamentals-2014
ARUBA - Remote Branch-networking-fundamentals-2014
 
Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2Cisco switch setup with cppm v1.2
Cisco switch setup with cppm v1.2
 
Building an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubiaBuilding an aruba proof of concept lab javier urtubia
Building an aruba proof of concept lab javier urtubia
 
Advanced Aruba Airwave Workshop #AirheadsConf Italy
Advanced Aruba Airwave Workshop #AirheadsConf ItalyAdvanced Aruba Airwave Workshop #AirheadsConf Italy
Advanced Aruba Airwave Workshop #AirheadsConf Italy
 
Clear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthyClear pass policy manager advanced_ashwath murthy
Clear pass policy manager advanced_ashwath murthy
 
Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf ItalySelf-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
Self-Registration, Policy & Branding for Guest Access #AirheadsConf Italy
 
Security advanced rich langston_jon green
Security advanced rich langston_jon greenSecurity advanced rich langston_jon green
Security advanced rich langston_jon green
 
Mobile Devices and Wi-Fi
Mobile Devices and Wi-FiMobile Devices and Wi-Fi
Mobile Devices and Wi-Fi
 
2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals2012 ah vegas wlan design fundamentals
2012 ah vegas wlan design fundamentals
 
A-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplaceA-to-Z design guide for the all-wireless workplace
A-to-Z design guide for the all-wireless workplace
 
Network Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf ItalyNetwork Management with Aruba Airwave #AirheadsConf Italy
Network Management with Aruba Airwave #AirheadsConf Italy
 

Viewers also liked

Viewers also liked (20)

Aruba Networks at WFD6
Aruba Networks at WFD6 Aruba Networks at WFD6
Aruba Networks at WFD6
 
Remote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf ItalyRemote & Branch Networking Fundamentals #AirheadsConf Italy
Remote & Branch Networking Fundamentals #AirheadsConf Italy
 
IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15IDC Aruba Webinar - 3 Feb 15
IDC Aruba Webinar - 3 Feb 15
 
Customer Keynote - Microsoft Lync
Customer Keynote - Microsoft LyncCustomer Keynote - Microsoft Lync
Customer Keynote - Microsoft Lync
 
Aruba Technical Webinar: Unplugging the Last Cord
Aruba Technical Webinar: Unplugging the Last CordAruba Technical Webinar: Unplugging the Last Cord
Aruba Technical Webinar: Unplugging the Last Cord
 
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Make Your Own Meridian Mobile App Workshop #AirheadsConf ItalyMake Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
 
WLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & VideoWLAN Design for Location, Voice & Video
WLAN Design for Location, Voice & Video
 
Shanghai Breakout: 802.11ac Wi-Fi Fundamentals
Shanghai Breakout: 802.11ac Wi-Fi FundamentalsShanghai Breakout: 802.11ac Wi-Fi Fundamentals
Shanghai Breakout: 802.11ac Wi-Fi Fundamentals
 
Aruba Instant Workshop #AirheadsConf Italy
Aruba Instant Workshop #AirheadsConf ItalyAruba Instant Workshop #AirheadsConf Italy
Aruba Instant Workshop #AirheadsConf Italy
 
Adaptive Trust Security
Adaptive Trust SecurityAdaptive Trust Security
Adaptive Trust Security
 
Breakout - Airheads Macau 2013 - Cloud WiFi
Breakout - Airheads Macau 2013 - Cloud WiFiBreakout - Airheads Macau 2013 - Cloud WiFi
Breakout - Airheads Macau 2013 - Cloud WiFi
 
Advanced Aruba Mobility Access Switch Workshop #AirheadsConf Italy
Advanced Aruba Mobility Access Switch Workshop #AirheadsConf ItalyAdvanced Aruba Mobility Access Switch Workshop #AirheadsConf Italy
Advanced Aruba Mobility Access Switch Workshop #AirheadsConf Italy
 
Deploying Microsoft Lync over Wi-Fi #AirheadsConf Italy
Deploying Microsoft Lync over Wi-Fi #AirheadsConf ItalyDeploying Microsoft Lync over Wi-Fi #AirheadsConf Italy
Deploying Microsoft Lync over Wi-Fi #AirheadsConf Italy
 
E Rate Modernization Overview
E Rate Modernization Overview E Rate Modernization Overview
E Rate Modernization Overview
 
Meridian APPs and ALE at WFD6
Meridian APPs and ALE at WFD6Meridian APPs and ALE at WFD6
Meridian APPs and ALE at WFD6
 
Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave
Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWaveBreakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave
Breakout - Airheads Macau 2013 - WLAN Management & Troubleshooting with AirWave
 
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Make Your Own Meridian Mobile App Workshop #AirheadsConf ItalyMake Your Own Meridian Mobile App Workshop #AirheadsConf Italy
Make Your Own Meridian Mobile App Workshop #AirheadsConf Italy
 
Enabling the Virtual Enterprise
Enabling the Virtual EnterpriseEnabling the Virtual Enterprise
Enabling the Virtual Enterprise
 
Shanghai Breakout: Mobile Devices and Wi-Fi
Shanghai Breakout: Mobile Devices and Wi-FiShanghai Breakout: Mobile Devices and Wi-Fi
Shanghai Breakout: Mobile Devices and Wi-Fi
 
E-Rate 2.0 Overview
E-Rate 2.0 Overview E-Rate 2.0 Overview
E-Rate 2.0 Overview
 

Similar to Shanghai Breakout: Access Management with Aruba ClearPass

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Aruba, a Hewlett Packard Enterprise company
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01Sergiy Pitel
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksNTS UK - Part of Capita
 
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...AirTight Networks
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingJoshuaCiccone2
 
Choosing the right mobile architecture
Choosing the right mobile architectureChoosing the right mobile architecture
Choosing the right mobile architectureLonneke Dikmans
 
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Shravan (Sean) Pabba
 
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceCipherCloud
 

Similar to Shanghai Breakout: Access Management with Aruba ClearPass (20)

Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
Byod and guest access workshop enabling byod carlos gomez gallego_network ser...
 
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
Breakout - Airheads Macau 2013 - BYOD, MDM, and MAM
 
BYOD with ClearPass
BYOD with ClearPassBYOD with ClearPass
BYOD with ClearPass
 
Access Management with Aruba ClearPass
Access Management with Aruba ClearPassAccess Management with Aruba ClearPass
Access Management with Aruba ClearPass
 
2012 ah emea advanced mobility design
2012 ah emea advanced mobility design2012 ah emea advanced mobility design
2012 ah emea advanced mobility design
 
Remote Wireless LANs
Remote Wireless LANsRemote Wireless LANs
Remote Wireless LANs
 
Adaptive Trust for Strong Network Security
Adaptive Trust for Strong Network SecurityAdaptive Trust for Strong Network Security
Adaptive Trust for Strong Network Security
 
Clear passbasics derinmellor
Clear passbasics derinmellorClear passbasics derinmellor
Clear passbasics derinmellor
 
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
cisco-20meraki-20overview-20-285-29-140501114803-phpapp01
 
Cisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager NetworksCisco Meraki Overview | Voyager Networks
Cisco Meraki Overview | Voyager Networks
 
2012 ah emea deploying byod
2012 ah emea deploying byod2012 ah emea deploying byod
2012 ah emea deploying byod
 
Enabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your NetworkEnabling AirPrint & AirPlay on Your Network
Enabling AirPrint & AirPlay on Your Network
 
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
The New Economics of Wi-Fi _ Disruptive Forces Driving Innovation for Carrier...
 
Identiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffingIdentiverse 2018 nathanael coffing
Identiverse 2018 nathanael coffing
 
Choosing the right mobile architecture
Choosing the right mobile architectureChoosing the right mobile architecture
Choosing the right mobile architecture
 
3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu3 air wave practical workshop_mike bruno_matt sidhu
3 air wave practical workshop_mike bruno_matt sidhu
 
Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015Hadoop security @ Philly Hadoop Meetup May 2015
Hadoop security @ Philly Hadoop Meetup May 2015
 
Next generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalanNext generation remote networks aruba instant gokul rajagopalan
Next generation remote networks aruba instant gokul rajagopalan
 
Instant overview gokul_rajagopalan
Instant overview gokul_rajagopalanInstant overview gokul_rajagopalan
Instant overview gokul_rajagopalan
 
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and ComplianceWebinar: Enable ServiceNow with Data Security, Visibility, and Compliance
Webinar: Enable ServiceNow with Data Security, Visibility, and Compliance
 

More from Aruba, a Hewlett Packard Enterprise company

More from Aruba, a Hewlett Packard Enterprise company (20)

Airheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba CentralAirheads Tech Talks: Cloud Guest SSID on Aruba Central
Airheads Tech Talks: Cloud Guest SSID on Aruba Central
 
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard AgentsAirheads Tech Talks: Understanding ClearPass OnGuard Agents
Airheads Tech Talks: Understanding ClearPass OnGuard Agents
 
Airheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.xAirheads Tech Talks: Advanced Clustering in AOS 8.x
Airheads Tech Talks: Advanced Clustering in AOS 8.x
 
EMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba CentralEMEA Airheads_ Advance Aruba Central
EMEA Airheads_ Advance Aruba Central
 
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.xEMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
EMEA Airheads_ Aruba AppRF – AOS 6.x & 8.x
 
EMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS SwitchEMEA Airheads- Switch stacking_ ArubaOS Switch
EMEA Airheads- Switch stacking_ ArubaOS Switch
 
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS SwitchEMEA Airheads- LACP and distributed LACP – ArubaOS Switch
EMEA Airheads- LACP and distributed LACP – ArubaOS Switch
 
Introduction to AirWave 10
Introduction to AirWave 10Introduction to AirWave 10
Introduction to AirWave 10
 
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS SwitchEMEA Airheads- Virtual Switching Framework- Aruba OS Switch
EMEA Airheads- Virtual Switching Framework- Aruba OS Switch
 
EMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant APEMEA Airheads- Aruba Central with Instant AP
EMEA Airheads- Aruba Central with Instant AP
 
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.xEMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
EMEA Airheads- AirGroup profiling changes across 8.1 & 8.2 – ArubaOS 8.x
 
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPMEMEA Airheads- Getting Started with the ClearPass REST API – CPPM
EMEA Airheads- Getting Started with the ClearPass REST API – CPPM
 
EMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP DeploymentEMEA Airheads - AP Discovery Logic and AP Deployment
EMEA Airheads - AP Discovery Logic and AP Deployment
 
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.xEMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
EMEA Airheads- Layer-3 Redundancy for Mobility Master - ArubaOS 8.x
 
EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)EMEA Airheads- Manage Devices at Branch Office (BOC)
EMEA Airheads- Manage Devices at Branch Office (BOC)
 
EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2 EMEA Airheads - What does AirMatch do differently?v2
EMEA Airheads - What does AirMatch do differently?v2
 
Airheads Meetups: 8400 Presentation
Airheads Meetups: 8400 PresentationAirheads Meetups: 8400 Presentation
Airheads Meetups: 8400 Presentation
 
Airheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau PresentationAirheads Meetups: Ekahau Presentation
Airheads Meetups: Ekahau Presentation
 
Airheads Meetups- High density WLAN
Airheads Meetups- High density WLANAirheads Meetups- High density WLAN
Airheads Meetups- High density WLAN
 
Airheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes ArubaAirheads Meetups- Avans Hogeschool goes Aruba
Airheads Meetups- Avans Hogeschool goes Aruba
 

Recently uploaded

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersThousandEyes
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsMemoori
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Paola De la Torre
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationRidwan Fadjar
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 

Recently uploaded (20)

IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for PartnersEnhancing Worker Digital Experience: A Hands-on Workshop for Partners
Enhancing Worker Digital Experience: A Hands-on Workshop for Partners
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
AI as an Interface for Commercial Buildings
AI as an Interface for Commercial BuildingsAI as an Interface for Commercial Buildings
AI as an Interface for Commercial Buildings
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101Salesforce Community Group Quito, Salesforce 101
Salesforce Community Group Quito, Salesforce 101
 
My Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 PresentationMy Hashitalk Indonesia April 2024 Presentation
My Hashitalk Indonesia April 2024 Presentation
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 

Shanghai Breakout: Access Management with Aruba ClearPass

  • 1. Access Management with Aruba ClearPass Austin Hawthorne December 12th, 2014
  • 2. CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved 2 #AirheadsConf Agenda Defining Adaptive Policies Context Collection Leveraging Context in NAC Policies Enhancing User Experience, Operations, and Security with Context
  • 3. 3 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Why Adaptive Policies? THEN Predictable Desk Access NOW Access from Anywhere
  • 4. 4 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Deciphering Context for Policy Decisions Jailbroken phone? BYOD? Guest? Office? Device type? Firewall enabled? Employee? Skim milk? Policies must adapt to conditions
  • 5. 5 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Common Security Questions • Is this a corporate device or a personal device connecting to my wireless network with my employee’s account information? • Is this a Printer or Computer connecting to my wired network without 802.1x? • How do I keep corporate devices off the Guest SSID? • I trust my corporate assets, but I need to be able to check the compliance of Contractor computers when they connect, and restrict them from using mobile devices, how?
  • 6. 6 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Adaptive Trust: Context Collection
  • 7. 7 Device & type CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved Access type App traffic & behavior #AirheadsConf The Heart of an Adaptive Trust Decision User & role Ownership - IT or BYOD Usable Context Device assessment Location - Secure or open access Auth type - credentials or certificate Session rules Time-of-day / Day-of-Week
  • 8. 8 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sources of Usable Context Device Profiling • Samsung SM-G900 • Android • “Jons-Galaxy” EMM/MDM • Personal owned • Registered • OS up-to-date • Hansen, Jon [Sales] • MDM enabled = true • In-compliance = true Identity Stores Enforcement Points • Hansen, Jon [Sales] • Title – COO • Dept – Executive office • City – London • Location – Bldg 10 • Floor – 3 • Bandwidth – 10Mbps
  • 9. Adaptive Trust 9 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sources of Usable Context Device Profiling • Samsung SM-G900 • Android • “Jons-Galaxy” EMM/MDM • Personal owned • Registered • OS up-to-date • Hansen, Jon [Sales] • MDM enabled = true • In-compliance = true Identity Stores Enforcement Points • Hansen, Jon [Sales] • Title – COO • Dept – Executive office • City – London • Location – Bldg 10 • Floor – 3 • Bandwidth – 10Mbps Identity • Hansen, Jon [Sales] • COO, Executive Office • London • Personal Owned • Samsung SM-G900 • Android 4.4, Knox • MDM enabled = true • In-compliance = true • At Bldg 10, floor 3 • 21:22GMT, 21/12/14
  • 10. 10 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context Sources • External: • Network Devices • Radius/TACACS • AD/LDAP • SAML/OAUTH2/Okta • Radius • Kerberos • Token Servers • SQL Databases • MDM Systems • Aruba Activate • HTTP • Internal: • Endpoint DB • Profiling information from: • DHCP • HTTP • SNMP • IOS Device Sensor • ActiveSync • OnGuard • Onboard • Insight DB • Session/State Information • Guest User/Device DB • Date/Time • LocalUser DB
  • 11. 11 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Context Examples
  • 12. Adaptive Trust: Leverage Context in Policy 12 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Decisions
  • 13. 13 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Adaptive Policy Driven by Context Corporate Tablet BYOD Tablet Authentication EAP-TLS SSID CORP-SECURE Authentication EAP-TLS SSID CORP-SECURE Internet Only Internet and Corporate Apps
  • 14. 14 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf ClearPass Policy Model – AuthN vs AuthZ ClearPass Policy Manager AD/LDAP Guest Insight Endpoint Onboard Service Matching SQL MDM HTTP Authentication Authorization Role Mapping Enforcement Username = Bob Mac Address = XYZ SSID = Secure Location = Building 1 Request = Radius Response = Radius - Accept - Reject - Attributes Added Context: MDM Enrolled = True Device Type = iPad Owner = Bob Required Apps = True Active Sessions = 2 AD Group = Exec Corp Asset = True
  • 15. 15 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Role-Mapping • Role-Mapping used to filter collected contextual data into “tags” (roles) that can be used for enforcement conditions. • “Select All” vs “Select First” condition matching • Careful of the “AND” “OR” conditons • Available Options: • Radius/TACACS Attributes • Authentication Attributes • Authorization Attributes (from any source) • Certificate Attributes • Endpoint Attributes • Date/Time Attributes
  • 16. 16 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sample Role Mapping Device Context Auth Context User Context Cert Context Onboard Context MDM Context
  • 17. 17 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Policies • Condition based rules to determine which enforcement profile(s) to use. • Can signal multiple actions, more on that later. • Leverages “Roles” assigned during Role- Mapping. • Leverages “Posture” token assigned during posture check. • Typically a top down, “First Match” rule matching algorithm.
  • 18. 18 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Sample Enforcement Policy Using Roles for User and Device Using Roles and Posture Enforcement Policy
  • 19. 19 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Profiles • Profiles are essentially the enforcement “actions” you want to signal based on the set conditions. • Multiple Types of Enforcement Profiles: • Radius • Radius CoA • SNMP • CLI • HTTP • Entity Update • OnGuard Agent • TACACS
  • 20. Adaptive Trust: Security, Operational, and User 20 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Experience Advantages
  • 21. 21 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Security Disconnect Who: Bob Group: Faculty Device: Personal iPad Location: Room 104 Time: 9am, Monday Compliance: Healthy VPN AAA/NAC DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW ? ? ? ? ?
  • 22. • User can’t connect to the 22 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf User and Operational Disconnect VPN AAA/NAC DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW X X network • User application access is slow or disconnects • Where does the problem exist? • When do you know about the problem? • Where do you start? ? ? ? ? ? ? ? ? ? ? ?
  • 23. Time for a New Perimeter Defense Model 23 Firewalls CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved EMM/MDM #AirheadsConf Perimeter Defense IDS/IPS Mobility Defense Firewalls Access Policy Management IDS/IPS/AV Enforcement Points Physical A/V Web gateways Policy needed for central point of control
  • 24. 24 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Security and Usability Coordination VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW Who: Bob Group: Faculty Device: Personal iPad Location: Room 104 Time: 9am, Monday Compliance: Healthy Mac Address: X IP Address: Y Airgroup Permissions What if when the user connects: - Update the FW - Update the IPAM - Update the Proxy - Logon the application - Update the WLAN
  • 25. 25 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf User Self Service VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW Self Service: - BYOD Portal - Device/Guest Registration - Device Access Management - Auto-Remediation - Notification Pages
  • 26. 26 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Operational Integration VPN ClearPass DHCP/DNS AD/LDAP Network Applications Ticketing System Proxy/Filter Network Mgmt FW - Auto Open Help Desk Ticket - Notify User - Integration into Network Management
  • 27. 27 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Integration Options • “Built In” Integration • MDM Actions • Palo Alto HIP Updates • Syslog • Splunk App • CEF/LEEF Support (Future) • Radius Proxy (future) • Inbound API • Web Pages: • OnGuard DA, OnBoard, Device/User Registration, Notification/Warning • “Build your own” Integration • ClearPass Exchange • REST/XML Based API
  • 28. Mitigating Risks using 3rd Party Integration 28 Syslog Messages CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved ClearPass denies access to device #AirheadsConf ClearPass Exchange Jail-broken device detected Helpdesk ticket auto generated Message to device auto generated 1. 3. 2. RESTful APIs Adaptive Trust Identity Jailbreak example
  • 29. 29 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Enforcement Example Radius Action to force notification page Send user SMS notification Update Palo Alto Firewall Open Help Desk Ticket Sound the alarm! Send Email to security team
  • 30. 30 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Dynamic Content based on Context • Device, User, and Posture context can be pulled into actions and web pages. • Leverages “NameSpace” variables in enforcement actions and web login pages.
  • 31. 31 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NameSpaces in ClearPass • Almost all of the “context” that is collected by ClearPass can be called up and used via dynamic “namespace” variables. • For example: • %{Endpoint:Model} • %{Radius:Aruba:Aruba-Location-Id} • %{Authentication:Full-Username} • These can be used in role mapping, enforcement profiles and policies, auth source filters/queries, etc in place of static variables. • When used, the value is replaced with information pertaining to that device or user dynamically
  • 32. 32 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf Conclusion
  • 33. 33 CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved #AirheadsConf NameSpaces in ClearPass • Context is the foundation of ClearPass • More contextual sources than any other vendor! • Ability to share context with more vendors than our competitors! • Context provides for greater security, visibility, and flexibility to support ever-changing #GenMobile environment. • Please check out the “Secure Air” booth during your break for a demonstration of these principles in action!
  • 34. Thank You 34 #AirheadsConf CONFIDENTIAL © Copyright 2014. Aruba Networks, Inc. All rights reserved

Editor's Notes

  1. When endpoints were static, corporate controlled and well-known, we could live with static rules. Today’s mobile technology and the velocity of endpoint change makes this old-style of access enforcement ineffective. What’s needed is a policy solution as your foundation that includes RADIUS and TACACS, is built to handle a variety of operating systems, device types, identity stores, and provides the flexibility for how users work today – from anywhere, at any time. The same solution should also support guest access, profiling, and device configuration from a single pane of glass. IT can create, manage and monitor policies from a central entity with less complexity. The ability to leverage context and data from multiple identity stores, or auth methods is important as well. This lets IT treat IT-managed and personal devices differently and use more granular enforcement. Something that legacy AAA solutions do not support.
  2. While IT has busily deployed a number of physical and legacy software security mechanisms like Palo Alto , Juniper and others for protecting the perimeter, #GenMobile has completely diluted the notion of a fixed perimeter – it doesn’t exist in a mobile world where users connect and work from anywhere. To head off any risks, many enterprise IT organizations are resorting to extreme measures by adopting a zero-trust approach to security. Unfortunately, zero-trust treats everyone like potential adversaries. What’s needed is a policy solution that leverages user and device data to make smarter decisions based on each user’s mobility needs.
  3. As the centralized gatekeeper and contextual store for all user authentication and device profiling data, ClearPass constructs a composite identity for the user and device. This information is used for ClearPass’ own access decision making and is also shared with other network security systems in the enterprise. All network security components use consistent, authoritative data which makes your access story stronger.
  4. PAN COVERS THIS SLIDE New user habits, threats, and end-points require you to rethink how you protect your access layer. Best-of-breed but siloed security solutions like Palo Alto , MobileIron, and others for protecting the perimeter no longer cut it. #GenMobile has completely diluted the notion of a fixed perimeter – it doesn’t exist in a mobile world where users connect and work from anywhere. Your infrastructure needs to aware of the changes in the environment and adapt! To head off any risks, many enterprise IT organizations are resorting to extreme measures by adopting a zero-trust approach to security. Unfortunately, zero-trust treats everyone like potential adversaries. What’s needed is a policy solution that leverages user and device data to make smarter decisions based on each user’s mobility needs.
  5. ClearPass Exchange is the glue that makes everything work seamlessly and lets you customize new workflows. Using common-language representational state transfer (REST) APIs and data feeds like syslog, Context like user ID, device, location, and authentication state can be shared with 3rd party systems. No more complex scripting languages and tedious manual configurations. Let’s look at an example: User authentication attempt with jail broken device ClearPass quarantines device via RADIUS Using RESTful API, ClearPass automatically creates trouble ticket in ServiceNow including: User ID MAC address Device type Location Email sent to helpdesk staff